With the growing importance of mobile devices in everyday life also comes the necessity to use mobile devices for processes with high security demand. This includes user authentication for online services and the authorization of, e.g., financial transactions via mobile devices. Furthermore, the migration of, e.g., long-term tickets for public transportation or physical security tokens like car keys to mobile devices comes with an increased security demand.

Software solutions alone are often not enough to fulfill these demands. Instead, the use of hardware based security anchors, like Secure Elements or (embedded) Universal Integrated Circuit Cards (respectively eSIMs), is adequate. Modern mobile devices are regularly equipped with such security chips. However, the use of such hardware security anchors requires the cooperation of multiple partners. Such a cooperation can be termed Trusted Service Management System (TSMS). Ideally, it provides service providers of the public and private sector with a non-discriminatory access to the hardware security components on mobile devices.

The Technical Guideline BSI TR-03165 defines technical basics of such a TSMS. Furthermore, it defines core interfaces to foster a non-discriminatory access.
In addition to the TR, there is a GitHub Project TSMS which provides supplemental documentation for developers and machine-readable formats (JAVA, OpenAPI, YAML) of the interfaces defined in the TR.

Download

BSI Technical Guideline TR-03165 Trusted Service Management System, Version 1.1