Table of Contents - ITU-T Y.4500.3 (01/2023) - oneM2M � Security solutions

�1�� Scope��
�2�� References
�3�� Definitions
�� 3.1�� Terms defined elsewhere��
�� 3.2�� Terms defined in this Recommendation��
�� 3.3�� Abbreviations and acronyms�
�� 3.4�� Symbols��
�4�� Conventions��
�5�� Security architecture��
�� 5.1�� Overview��
�� 5.2�� Security layers��
�� 5.3�� Integration within overall oneM2M architecture��
�6�� Security services and interactions��
�� 6.1�� Security integration in oneM2M flow of events��
�� 6.2�� Security functions layer��
�� 6.3�� Secure environment and secure environment abstraction��
�7�� Authorization��
�� 7.1�� Access control mechanism��
�� 7.2�� AE impersonation prevention
�� 7.3�� Dynamic authorization��
�� 7.4�� Role based access control��
�8�� Security frameworks��
�� 8.1�� General introductions to the security frameworks��
�� 8.2�� Security association establishment frameworks��
�� 8.3�� Remote security provisioning frameworks��
�� 8.4�� End-to-end security of primitives (ESPrim)��
�� 8.5�� End-to-end security of data (ESData)��
�� 8.6�� Remote security frameworks for end-to-end security�
�� 8.7�� End-to-end certificate-based key establishment (ESCertKE)��
�� 8.8�� MAF security framework details��
�9�� Security framework procedures and parameters��
�� 9.0�� Introduction�
�� 9.1�� Security association establishment framework procedures and parameters��
�� 9.2�� Remote security provisioning framework procedures and parameters
10�� Protocol and algorithm details��
�� 10.1�� Certificate-based security framework details
�� 10.2�� TLS and DTLS details
�� 10.3�� Key export and key derivation details
�� 10.4�� Credential-ID details
�� 10.5�� KpsaID��
�� 10.6�� KmID format
�� 10.7�� Enrolment expiry��
11�� Privacy protection architecture using privacy policy manager（PPM)��
�� 11.1�� Introduction
�� 11.2�� Relationship between components of PPM and oneM2M��
�� 11.3�� Privacy policy management in oneM2M architecture
�� 11.4�� Privacy policy manager implementation models��
12�� Security-specific oneM2M data type definitions��
�� 12.1�� Introduction
�� 12.2�� Simple security-specific oneM2M data types
�� 12.3�� Enumerated security-specific oneM2M data types��
�� 12.4�� Complex security-specific oneM2M data types��
Annex A � Blank annex��
Annex B � Blank annex��
Annex C � Security protocols associated to specific SE technologies��
�� C.0�� Introduction�
�� C.1�� UICC
�� C.2�� Other secure element and embedded secure element with ISO 7816 interface
�� C.3�� Trusted execution environment��
�� C.4�� SE to CSE binding��
Annex D � UICC security framework to support oneM2M services��
�� D.0�� Introduction
�� D.1�� Access network UICC-based oneM2M service framework��
�� D.2�� oneM2M service module application for symmetric credentials on UICC (1M2MSM)��
Annex E � Blank annex��
Annex F � Acquisition of location information for location based access control� ��
�� F.0�� Introduction�
�� F.1�� Description of region�
�� F.2�� Acquisition of location information��
Annex G � Blank annex��
Annex H � Blank annex��
Annex I � Blank annex��
Annex J � List of privacy attributes��
�� Page
Appendix I � Mapping of 3GPP GBA terminology��
Appendix II � General mutual authentication mechanism��
�� II.0�� Introduction��
�� II.1�� Group authentication
Appendix III � Blank appendix��
Appendix IV � Blank appendix��
Appendix V � Precisions for the UICC framework to support M2M services��
�� V.0�� Introduction�
�� V.1�� Suggested content of the EFs at pre-personalization��
�� V.2�� EF changes via data download or CAT applications��
�� V.3�� List of SFI values at the ADF_M2MSM or DF_M2M level��
�� V.4�� UICC related tags defined in annex J��
Appendix VI � Access control decision request��
Appendix VII � Implementation guidance and index of solutions��
Appendix VIII � Blank appendix��
Appendix IX � Blank appendix��
Appendix X � Terms and conditions markup language implementation rules��
Appendix XI � Example SCEP implementation��
�� XI.1�� Introduction�
�� XI.2�� Certificate provisioning procedures using SCEP��
Bibliography��