1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this Recommendation
3.3 Abbreviations and acronyms
3.4 Symbols
4 Conventions
5 Security architecture
5.1 Overview
5.2 Security layers
5.3 Integration within overall oneM2M architecture
6 Security services and interactions
6.1 Security integration in oneM2M flow of events
6.2 Security functions layer
6.3 Secure environment and secure environment abstraction
7 Authorization
7.1 Access control mechanism
7.2 AE impersonation prevention
7.3 Dynamic authorization
7.4 Role based access control
8 Security frameworks
8.1 General introductions to the security frameworks
8.2 Security association establishment frameworks
8.3 Remote security provisioning frameworks
8.4 End-to-end security of primitives (ESPrim)
8.5 End-to-end security of data (ESData)
8.6 Remote security frameworks for end-to-end security
8.7 End-to-end certificate-based key establishment (ESCertKE)
8.8 MAF security framework details
9 Security framework procedures and parameters
9.0 Introduction
9.1 Security association establishment framework procedures and
parameters
9.2 Remote security provisioning framework procedures and
parameters
10 Protocol and algorithm details
10.1 Certificate-based security framework details
10.2 TLS and DTLS details
10.3 Key export and key derivation details
10.4 Credential-ID details
10.5 KpsaID
10.6 KmID format
10.7 Enrolment expiry
11 Privacy protection architecture using privacy policy manager(PPM)
11.1 Introduction
11.2 Relationship between components of PPM and oneM2M
11.3 Privacy policy management in oneM2M architecture
11.4 Privacy policy manager implementation models
12 Security-specific oneM2M data type definitions
12.1 Introduction
12.2 Simple security-specific oneM2M data types
12.3 Enumerated security-specific oneM2M data types
12.4 Complex security-specific oneM2M data types
Annex A – Blank annex
Annex B – Blank annex
Annex C – Security protocols associated to specific SE technologies
C.0 Introduction
C.1 UICC
C.2 Other secure element and embedded secure element with ISO 7816
interface
C.3 Trusted execution environment
C.4 SE to CSE binding
Annex D – UICC security framework to support oneM2M services
D.0 Introduction
D.1 Access network UICC-based oneM2M service framework
D.2 oneM2M service module application for symmetric credentials on
UICC (1M2MSM)
Annex E – Blank annex
Annex F – Acquisition of location information for location based access
control
F.0 Introduction
F.1 Description of region
F.2 Acquisition of location information
Annex G – Blank annex
Annex H – Blank annex
Annex I – Blank annex
Annex J – List of privacy attributes
Page
Appendix I – Mapping of 3GPP GBA terminology
Appendix II – General mutual authentication mechanism
II.0 Introduction
II.1 Group authentication
Appendix III – Blank appendix
Appendix IV – Blank appendix
Appendix V – Precisions for the UICC framework to support M2M services
V.0 Introduction
V.1 Suggested content of the EFs at pre-personalization
V.2 EF changes via data download or CAT applications
V.3 List of SFI values at the ADFM2MSM or DFM2M
level
V.4 UICC related tags defined in annex J
Appendix VI – Access control decision request
Appendix VII – Implementation guidance and index of solutions
Appendix VIII – Blank appendix
Appendix IX – Blank appendix
Appendix X – Terms and conditions markup language implementation rules
Appendix XI – Example SCEP implementation
XI.1 Introduction
XI.2 Certificate provisioning procedures using SCEP
Bibliography