For the purposes of this 3GPP TS the following definitions apply: applet: application: content: MExE Classmark: MExE server: MExE service: MExE service environment: MExE service provider: MExE subscriber: subscriber: user:

For the purposes of this 3GPP TS the following abbreviations apply: API CS FFS IN ME MExE MMI UENO PLMN SIM UE USIM SP Further related abbreviations are given in TR 21.905.

Given the wide ranging hardware capabilities of MExE UE's, together with the development of MExE executables, a MExE classification shall be supported to determine their respective capability and compatibility. The MExE classification shall apply both to UE's, and MExE executables. The objective is to:

• classify the capabilities of a MExE UE to support MExE executables; and
• identify the class of MExE UE on which a MExE executable may be supported.

The concept of a MExE Classmark is introduced to manage the MExE UE and MExE executable classification and compatibility. The MExE Classmark is distinct and unrelated to the existing UE Classmark. The use of MExE Classmarks shall be supported during the capability negotiation between the MExE service provider and the MExE UE.

A given MExE Classmark shall identify a category of MExE UE supporting MExE functionality with a minimum level of processing, memory, display and interactive capabilities. Specification of different MExE Classmarks enables use of a variety of technologies to support MExE functionality. A given MExE Classmark identifies support by a MExE UE for a defined level of MExE functionality. This does not necessarily imply support of other MExE Classmarks. A MExE UE may support multiple MExE Classmarks. The minimum level of capabilities for each MExE Classmark is beyond the scope of this Stage 1 service description. As UE development evolves and more sophisticated devices (or indeed simpler devices) become available, further UE MExE Classmarks shall be definable to identify UE's capable of supporting improved (or additional) MExE functionality. A given MExE UE Classmark identifies support by a MExE UE for a defined level of MExE functionality, but does not necessarily imply support of other levels of MExE Classmark. A MExE UE may also support multiple MExE Classmarks.

MExE executables will be developed to execute in one or more classes of MExE UE's. In order for MExE executables to be properly supported by a MExE UE, the MExE executable shall identify the minimum functional capabilities required of a MExE UE, as defined by the UE's MExE Classmark. MExE executables shall be designated by the same classes of MExE UE's on which they may be executed. Examples of the classification of MExE executables are as follows:-

• a MExE executable can be defined as a MExE Classmark 1 application;
  the application is identified as suitable for execution on MExE Classmark 1 UE's only.
• a MExE executable can be defined as a MExE Classmark 2 application;
  the application is identified as suitable for execution on MExE Classmark 2 MS's only.
• a MExE executable can be defined as a MExE Classmark 1 and Classmark 2 application;
  the application is identified as suitable for execution on MExE Classmark 1 and Classmark 2 UE's only.

The above example list is neither complete nor exhaustive. If a MExE executable is capable of being supported by other classes of MExE UE's (with reduced or enhanced capabilities), it is the responsibility of the MExE service provider to re-classify the MExE executable accordingly. MExE executables defined by a MExE service provider to a given class of MExE UE, shall be supportable by all MExE UE's of that class regardless of MExE UE manufacturer. MExE executables shall operate on differing MExE UE of the same MExE UE class without modification. It shall be possible for MExE service providers to make the same MExE executables available in the network for different classes of MExE UE. It is desirable that MexE executables are backward compatible within a given technology and for a given UE Classmark; however such backward compatibility is out of scope of this specification.

The high level requirements of MExE are as follows:

• the means for MExE service provider specific services to be supported by all UE's of a particular class (i.e. the need for a common set of APIs and development tools), and accessible across a range of networks;
• provide the user with a more sophisticated user interfaces (e.g. browser-like) with a rich variety of MMI concepts to control and invoke services (i.e. softkeys, icons, voice recognition etc.);
• the user's and MExE service providers capability to control the "look and feel" of applications and applets;
• the ability of the user to personalise the user interface;
• the ability of the user to personalise services and individual media components of a multimedia service;
• provide support of a wide variety of applications and applets;
• provide the means for MExE service providers to authenticate MExE subscribers;
• provide the user access to Internet and Intranet based applications and applets (via both standard Internet and Wireless optimised protocols);
• the means to transfer applications, applets and content automatically or on demand to a MExE UE from a MExE service provider, and upgrade existing applications across the network;
• the means to support direct MExE UE to MExE UE interaction of MExE services;
• the need for an inherent security architecture such that both the MExE UE and MExE server sides of a connection are authenticated (possibly by a brokerage server), and have access to a range of encryption and security functions in order to maintain the security and integrity of the network. The MExE service provider shall maintain security of subscribers personal data and network data, with all aspects relating to network security being centred on the SIM/USIM;
• the ability for the MExE service provider to charge subscribers for MExE service provider provided MExE services, at connect time, when downloading, or on usage;
• the means for MExE service provider specific applications and applets on the MExE UE to communicate with applications in the MExE service environment using industry standard protocols (e.g. a MExE server etc);
• the ability to provide information to MExE service providers (e.g. location information of UE for use with location dependent services);
• the means for MExE service providers and their applications and applets to determine MExE UE capabilities (i.e. MExE Classmark, technology, supported bearers according to network capabilities and network subscription etc.). (This shall be used by MExE servers to adapt application and applet transfer to MExE UE capabilities, and shall be used by applications and applets whilst running to adapt their behaviour to the UE's capabilities.);
• the opportunity for MExE service providers to apply expertise and software developed for other platforms;
• provision of APIs and tools to develop MExE services which are applicable for MExE UE;
• the means for the user to manage (i.e. identify version, delete, modify, save etc.) the applications, applets and content on the MExE UE;
• the means for the user to control acceptance (i.e. by Security Level, level of trust etc.) of applications, applets and content transferred to the MExE UE. (It shall be possible for the user to finely control a trusted application or applet's access rights on the MExE UE, such as reading/writing/deletion of files stored on the MExE UE);
• the means for MExE executables to perform some AT command functionality without compromise to security of MExE as defined in clause 8;
• the means for authentication certificates associated with applications to be managed and stored in the SIM/USIM;
• the ability for a MExE executable to negotiate the QoS, and the ability to indicate to a MExE executable changes in the QoS;
• the ability of MExE executables to be notified that handover is about to occur, is occurring or has occurred;
• the means for MExE UE manufacturers to download and upgrade their existing codec in a MExE UE. A generic mechanism to download other proprietary software into the execution environment of the UE shall be available to the manufacturer. The downloading of platform independent MExE executables, such as streaming audio, that support multimedia capabilities shall also be possible;
• the means for data to be synchronised between the MExE UE and the MExE service environment;
• the ability to support IP multimedia services;
• the ability to discover services offered by the Home Environment, valued added service providers with associated with the Home Environment, and third parties.

Some of the above requirements are subsequently elaborated.

MExE provides an improvement in the capabilities of a UE, as well as an extended range of services available to the user from, or via, the network. The user shall have

• user interface configuration management; and
• service management;

of the services offered to him by MExE.

A primary goal of MExE is to provide access to Internet and Intranet services, the standard Internet applications, security and transport protocols shall be one possible set of MExE protocols which is supported. It is noted that these protocols may not cover all the requirements identified in this specification for all classes of ME's. A set of application, security and transport protocols optimised for wireless access, and compliant to MExE requirements, shall be specified and form part of the MExE standards. MExE UE's shall be able to support either or both of these sets of protocols.

The upper layers of the MExE protocols shall be independent of the type of underlying wireless network so that applications and applets do not need to take into account the specific nature of networks. In particular, lower layers shall provide a generic access API to network bearers so that application and applet developers do not have to cater for the supported underlying bearers. It shall be possible for applications and applets to request specific bearer services and be notified accordingly if they are not available. The transport layer of the MExE protocols may however be adapted to support the specific features of the underlying bearers. The MExE protocols shall have the ability to use all the underlying bearer services which the MExE UE is capable of supporting.

The MExE protocols shall support a scaleable and extendible environment for application and applet development in mobile communication devices. It shall provide a set of generic, non-UE or service-dependent, features. Saleability of the MExE protocols applies to both the MExE UE (e.g. where simple devices do not require the extensive protocols support possibly required by more sophisticated devices) and the network. The MExE protocols shall support both low bandwidth bearers (e.g. SUE, USSD etc.) as well as medium bandwidth bearers (e.g. anything up to 64kb/s). The introduction of new bearers shall be supported, allowing applications and applets to automatically benefit from their capabilities. The MExE protocols shall support existing servers and applications and applets, and provide a stable platform for future application development.

The MExE protocols shall be independent of the services communicated over the protocols. The modification in the range of services, or addition of new services, offered over the network shall not be restricted by the MExE protocols.

The MExE protocols shall be independent of the network node type(s) being communicated with over the protocols. The MExE protocols shall support the evolution of network node types in a PLMN.

The MExE protocols shall support a generic technology-independent means for the notification by the MExE UE to a MExE server, or enquiry from the MExE server to the MExE UE, of the supported MExE capabilities consisting of:

• MExE Classmark (mandatory, MExE server to MExE UE);
  the supported class of MExE UE;
• MExE technology (mandatory, MExE server to MExE UE);
  the supported types of MExE UE technology to support MExE services;
• terminal characteristics (optional, MExE UE from MExE server, following MExE server enquiry);
  further details of the supportable characteristics (i.e. screen size, MMI capabilities, supportable bearer services, toolkits etc. as constrained by the network, terminal, subscription and user preferences).

In existing networks it may not be possible to determine the network capabilities (i.e. supported bearers) and subscription options of the subscriber. The above notification by the MExE UE or the MExE server are supported at service initiation, dynamically during the provision of such a service, and following a change in the quality of service (i.e. following a handover, change of network, degradation of service, change in quality of service). The notification mechanism shall flexibly support notification of the MExE UE, and be able to accommodate future evolution of MExE UE equipment.

The MExE protocols shall support a notification from the PLMN or a request from the MExE UE to the PLMN, for information on the (local) services which may be transferred from the PLMN. The information from the PLMN may take the form of listing the services, or references to a PLMN entity (either internal or external to the PLMN) where the available services may be determined.

The MExE protocols shall support the capability to transfer new applications and applets to the MExE UE as required. The protocols shall support both user initiated and MExE server initiated transfer of several types of data (content description pages, procedural logic, images, libraries etc.), and be able to indicate the type of data being transferred. Each specific MExE technology shall be support a standardised transfer mechanism for that MExE technology.

In order to support the objectives of MExE, the ME and SIM/USIM is required to have an architecture capable of supporting applications, applets and content in a standardised execution environment, independently of the MExE UE manufacturer. As this specification is not required to propose a specific technology, it identifies the common platform requirements from the service subscriber's and user's standpoint. The limitations of small devices may result in the provision of the full application execution environment only being available in sophisticated devices. The high level execution environment requirements are identified in the subsequent subclauses.

In order to cater for a wide variety of ME's with different display and input capabilities, support for both the standard Internet mark-up language and a content description language optimised for small display devices of low bandwidth bearers shall be defined with the MExE specifications. Both languages may be implemented on any MExE UE. Standardised ways of coding content (i.e. images, phonebook, calendar etc.) shall be defined, however the support of such standardised content coding is optional. In order to facilitate global use of MExE services, a standardised range of character sets for MExE services requires to be defined, and the capabilities of the user and applications to use them.

MExE APIs may be defined covering aspects (e.g. Network APIs, Non-network API's, Terminal APIs etc.) within a given MExE Classmark of MExE UE (ME an/or SIM/USIM), and the MExE UE shall support a core API to support the execution of MExE executables. The core API is a the minimal set of API that is present on all MExE UE's, providing the MExE execution environment in which applications and applets can execute, and is known as the Core MExE API. The Core MExE API consists of generic and 3GPP specific aspects. Applications and applets which have been designed to execute in this Core MExE API environment (and the optional MExE APIs subsequently identified), will provide additional functions to the MExE UE. In addition to the Core MExE API on an MExE UE, standardised MExE API extensions such as Network API (e.g. access to session control services, SUE etc.), Non-network 3GPP-defined services API (e.g. security aspects, SIM/USIM phonebook etc.), Terminal API (e.g. power management, access to alerting function, phonebook, MMI, smartcard access etc.),shall be subsequently defined and may be supported by the MExE UE in order to further exploit the system capabilities. The standardised MExE API extensions shall include access to mobility information.

The ME and the data therein are the property of the user. The user is also responsible for the payment of chargeable events involving her UE, and will be seen as the party responsible for any events (whether chargeable or not) involving her UE. Therefore the user shall have full control over all chargeable and non-chargeable events initiated by her UE ("event" includes responses made by the UE to external events, e.g. the acceptance by the UE of an incoming session). This control can be exercised either by the giving of explicit permission at the time of the event or by the giving of implicit permission to the events by the agreement to an event schedule listed clearly in a user profile. The user shall be able to request the logging of specific network events initiated by MExE UE applications/applets. The privacy of user data in the UE is of paramount importance. The SIM/USIM and operator controlled areas within the terminal are the property of the network operator. The network operator shall therefore have full control over access to the SIM/USIM and operator controlled area The operator shall also have full control over data, excluding personal user data, transmitted to or from the SIM/USIM and the operator controlled terminal area and all events initiated by the SIM/USIM or operator controlled area ("event" includes responses made to external events, e.g. the response to a command sent from the ME). As the user cannot know the capabilities of any MExE executables transferred from a MExE service environment before transfer, the UE MExE environment shall ensure that transferred MExE executables cannot compromise the above principles.

For MExE executables of security operator, manufacturer and user trusted domains , as defined in clause 11.3, it shall be possible to authenticate the identity of the body that authorised the application, applet or content. There shall be a secure, unforgable means for assigning the security domains defined in section 11.3 to the MExE executables transferable from the MExE service environment. The certification of authorisation associated with MExE executables transferable from the MExE service environment shall be transferred with the certified material. The MExE UE shall be able to verify the security domain, as defined in section 11.3, of MExE executables transferred from the MExE service environment. The verification process in the UE itself shall not compromise the security of the functionality and content in the UE Transferred material that fails verification shall not be installed and shall be deleted by the terminal as soon as possible. MExE executables that cannot be verified due to the absence of required verification information in the UE, shall be considered as untrusted material, as defined in section 11.3. The events that MExE executables are given permission by the user to initiate shall be securely recorded in the user profile. There shall be mechanisms within the MExE UE for ensuring that applications cannot have access to UE functionality and content beyond that allowed by their security domain, as defined in section 11.3. It shall be possible to for the user to downgrade MExE executables of operator, manufacturer or user trusted domain status to untrusted status, at installation or at any other time. The MExE UE shall be able to detect if MExE executables transferred from the MExE service environment have been modified since they were assigned a security level. MExE executables shall not be transferred to a MExE UE without the explicit permission of the UE user immediately prior to transfer or implicit permission via the user profile. Applications and applets transferred to a MExE UE shall not be able to initiate events without the explicit permission of the UE user immediately prior to event initiation or implicit permission via the user profile. The user profile data for transfer and event initiation cannot be changed without the explicit agreement of the user. The user shall be able to abort or suspend any on-going session that has been set up automatically by an application. The integrity of the SIM or USIM and other security mechanisms shall not be compromised by the introduction of MExE services. The user shall be able to request the logging of specific network events initiated by MExE UE applications/applets. MExE UE applications/applets shall not be able to send command RUN GSM ALGORITHM to the SIM.

The security domain of MExE executables shall be graded according to the measure of authorisation which they have been designated. The following 3 (the "sandbox" in which untrusted MExE executables runs is not considered to be a domain) domains shall be supported for MExE executables:

• MExE Security Operator Domain (used by the HPLMN operator);
  MExE executables designated at this security domain have been authorised by the network operator (i.e. HPLMN),
• MExE Security Manufacturer Domain (system MExE executables);
  MExE executables designated at this security domain have been authorised by the MExE UE manufacturer.
• MExE Security User Trusted Domain (trusted applications, applets and content);
  MExE executables MExE executables designated at this security domain have been written by user trusted software developers and verified as user trusted domain material (but not with regard to their content) via organisations such as certification authorities.
• MExE Security Untrusted (untrusted applications, applets and content);
  Untrusted MExE executables have not been supplied with an associated authorisation, or the authorisation cannot be verified due to the absence of required verification information in the MExE UE.