Arne Munch-Ellingsen, Anders Andersen, Sigmund Akselsen, Randi Karlsen, Customer managed security domain on mobile network operators’ SIM cards: Opportunities to enable new business models, Marktplätze im Umbruch: Digitale Strategien und das Zusammenwachsen von Shop, Online-Business sowie Services im Mobilen Internet, Springer, 2015, ISBN 978-3-662-43781-0.
Mobile Network Operators’ (MNOs) role as keystone players in the smartphone business ecosystem is challenged by other actors and technologies that could reduce the importance of the Universal Integrated Circuit Card (UICC, aka the SIM card). Modern UICC are Java Cards that include a Global Platform conformant Secure Element under the MNOs control. We argue that there is an opportunity in the smartphone business ecosystem to offer easy access for customers and service providers to the Secure Element on the UICC for storing data and for installing and executing applications with high demands for security. The MNOs could let the customers own and manage their private Global Platform specified Supplementary Security Domain on the Secure Element, thereby enabling new business models for services using this asset. We have designed and implemented SecurePlay, a client side, proxy based “lightweight” Trusted Service Manager prototype and have successfully used it to manage Secure Elements on UICC in the Telenor operated mobile phone network in Norway. SecurePlay is a novel technical approach to management of the Secure Element, which allows operators to cost efficiently enable end-user ownership and operation of their own private security. Implementation details of a proof-of-concept prototype are presented and business aspects are discussed.