Content for TS 31.102 Word version: 18.5.0
0…
3…
4…
4.2.9…
4.2.17…
4.2.26…
4.2.34…
4.2.44…
4.2.52…
4.2.60…
4.2.68…
4.2.76…
4.2.85…
4.2.93…
4.2.101…
4.2.107…
4.3…
4.4.2…
4.4.2.4…
4.4.3…
4.4.4…
4.4.5…
4.4.6…
4.4.8…
4.4.8.7…
4.4.9…
4.4.11…
4.4.11.7…
4.4.11.17…
4.4.12…
4.5…
4.6…
4.6.5…
4.6.6…
4.7
5…
5.2…
5.3…
5.4…
5.9…
6…
7…
7.1.2…
7.3…
A
B…
D
E…
G
H…
I…
L…
M…
4.4.4 Contents of files at the MExE level
4.4.4.1 EFMExE-ST (MExE Service table)
4.4.4.2 EFORPK (Operator Root Public Key)
4.4.4.3 EFARPK (Administrator Root Public Key)
4.4.4.4 EFTPRPK (Third Party Root Public Key)
4.4.4.5 EFTKCDF (Trusted Key/Certificates Data Files)
...
...
4.4.4 Contents of files at the MExE level p. 158
This clause specifies the EFs in the dedicated file DFMExE. It only applies if the USIM supports MExE (see TS 23.057).
The presence of this DF is indicated in the 'USIM Service Table' as service No. 41 being available.
The EFs in the Dedicated File DFMExE contain execution environment related information.
4.4.4.1 EFMExE-ST (MExE Service table) p. 159
If service No. 41 is "available", this file shall be present.
This EF indicates which MExE services are available. If a service is not indicated as available in the USIM, the ME shall not select this service.
| Identifier: '4F40' | Structure: transparent | Optional |
| File size: X bytes, X ≥ 1 | Update activity: low | ||||||||
Access Conditions:
| |||||||||
| Bytes | Description | M/O | Length |
|---|---|---|---|
| 1 | Services No. 1 to No. 8 | M | 1 byte |
| 2 | Services No. 9 to No. 16 | O | 1 byte |
| etc. | |||
| X | Services (8X-7) to (8X) | O | 1 byte |
Services
Contents:
Coding:
Service No. 1
Operator Root Public Key
Service No. 2
Administrator Root Public Key
Service No. 3
Third Party Root Public Key
Service No. 4
RFU
the coding rules of the USIM Service Table apply to this table.
4.4.4.2 EFORPK (Operator Root Public Key) p. 159
If service No. 41 is "available", this file shall be present.
This EF contains the descriptor(s) of certificates containing the Operator Root Public Key. This EF shall only be allocated if the operator wishes to verify applications and certificates in the MExE operator domain using a root public key held in the USIM. Each record of this EF contains one certificate descriptor.
For example, an operator may provide a second key for recover disaster procedure in order to limit OTA data to load.
| Identifier: '4F41' | Structure: linear fixed | Optional |
| Record length: X + 10 bytes | Update activity: low | ||||||||
Access Conditions:
| |||||||||
| Bytes | Description | M/O | Length |
|---|---|---|---|
| 1 | Parameters indicator | M | 1 byte |
| 2 | Flags | M | 1 byte |
| 3 | Type of certificate | M | 1 byte |
| 4 to 5 | Key/certificate file identifier | M | 2 bytes |
| 6 to 7 | Offset into key/certificate file | M | 2 bytes |
| 8 to 9 | Length of key/certificate data | M | 2 bytes |
| 10 | Key identifier length (X) | M | 1 byte |
| 11 to 10+X | Key identifier | M | X bytes |
Parameter indicator
Contents:
The parameter indicator indicates if record is full and which optional parameters are present
Coding: bit string
| b8 | b7 | b6 | b5 | b4 | b3 | b2 | b1 |
|---|---|---|---|---|---|---|---|
| Reserved bit set to 1 (bitx=0 optional parameter present) | Certificate descriptor is valid (bit1=0 key descriptor is valid) | ||||||
Flags
Contents:
The authority flag indicates whether the certificate identify an authority (i.e. CA or AA) or not.
Coding:
bit string
| b8 | b7 | b6 | b5 | b4 | b3 | b2 | b1 |
|---|---|---|---|---|---|---|---|
| RFU | RFU | Authority certificate (bit=1 certificate of an authority) | |||||
Type of certificate
Contents:
This field indicates the type of certificate containing the key.
Coding:
binary:
0 : WTLS
1 : X509
2 : X9.68
Other values are reserved for further use
Key/certificate File Identifier
Contents:
these bytes identify an EF which is the key/certificate data file (see clause 4.4.4.5), holding the actual key/certificate data for this record.
Coding:
byte 4: high byte of Key/certificate File Identifier;
byte 5: low byte of Key/certificate File Identifier.
Offset into Key/certificate File
Contents:
these bytes specify an offset into the transparent key/certificate data File identified in bytes 4 and 5.
Coding:
byte 6: high byte of offset into Key/certificate Data File;
byte 7: low byte of offset into Key/certificate Data File
Length of Key/certificate Data
Contents:
these bytes yield the length of the key/certificate data, starting at the offset identified in "Offset into Key/certificate File" field.
Coding:
byte 8: high byte of Key/certificate Data length;
byte 9: low byte of Key/certificate Data length.
Key identifier length
Contents:
This field gives length of key identifier
Coding:
binary
Key identifier
Contents:
This field provides a means of identifying certificates that contain a particular public key (chain building) and linking the public key to its corresponding private key. For more information about value and using see TS 23.057.
Coding:
octet string
4.4.4.3 EFARPK (Administrator Root Public Key) p. 161
If service No. 41 is "available", this file shall be present.
This EF contains the descriptor(s) of certificates containing the Administrator Root Public Key. This EF shall only be allocated if the SIM issuer wishes to control the Third Party certificates on the terminal using an Administrator root public key held in the USIM. Each record of this EF contents one certificate descriptor.
This file shall contain only one record.
| Identifier: '4F42' | Structure: linear fixed | Optional |
| Record length: X + 10 bytes | Update activity: low | ||||||||
Access Conditions:
| |||||||||
| Bytes | Description | M/O | Length |
|---|---|---|---|
| 1 | Parameters indicator | M | 1 byte |
| 2 | Flags | M | 1 byte |
| 3 | Type of certificate | M | 1 byte |
| 4 to 5 | Key/certificate file identifier | M | 2 bytes |
| 6 to 7 | Offset into key/certificate file | M | 2 bytes |
| 8 to 9 | Length of key/certificate data | M | 2 bytes |
| 10 | Key identifier length (X) | M | 1 byte |
| 11 to 10+X | Key identifier | M | X bytes |
For contents and coding of all data items see the respective data items of the EFORPK (clause 4.4.4.2).
4.4.4.4 EFTPRPK (Third Party Root Public Key) p. 162
If service No. 41 is "available", this file shall be present.
This EF contains descriptor(s) of certificates containing the Third Party root public key (s). This EF shall only be allocated if the USIM issuer wishes to verify applications and certificates in the MExE Third Party domain using root public key(s) held in the USIM. This EF can contain one or more root public keys. Each record of this EF contains one certificate descriptor.
For example, an operator may provide several Third Party Root Public Keys.
| Identifier:'4F43' | Structure: linear fixed | Optional |
| Record length: X + Y + 11 bytes | Update activity: low | ||||||||
Access Conditions:
| |||||||||
| Bytes | Description | M/O | Length |
|---|---|---|---|
| 1 | Parameters indicator | M | 1 byte |
| 2 | Flags | M | 1 byte |
| 3 | Type of certificate | M | 1 byte |
| 4 to 5 | Key/certificate file identifier | M | 2 bytes |
| 6 to 7 | Offset into key/certificate file | M | 2 bytes |
| 8 to 9 | Length of key/certificate data | M | 2 bytes |
| 10 | Key identifier length (X) | M | 1 byte |
| 11 to 10+X | Key identifier | M | X bytes |
| 11+X | Certificate identifier length (Y) | M | 1 byte |
| 12+X to 11+X+Y | Certificate identifier | M | Y bytes |
Certificate identifier length
Contents:
This field gives the length of the certificate identifier
Coding:
binary
Certificate identifier
Contents:
For contents and coding of all other data items see the respective data items of the EFORPK (clause 4.4.4.2).
This field identifies the issuer and provides an easy way to find a certificate. For more information about the value and usage see TS 23.057.
Coding:
Octet string
4.4.4.5 EFTKCDF (Trusted Key/Certificates Data Files) p. 162
Residing under DFMExE, there may be several key/certificates data files. These EFs containing key/certificates data shall have the following attributes:
| Identifier: '4FXX' | Structure: transparent | Optional |
| File size: Y bytes | Update activity: low | ||||||||
Access Conditions:
| |||||||||
| Bytes | Description | M/O | Length |
|---|---|---|---|
| 1 to Y | Key/Certificate Data | M | Y bytes |
Contents and coding:
Key/certificate data are accessed using the key/certificates descriptors provided by EFTPRPK (see clause 4.4.4.4).
The identifier '4FXX' shall be different from one key/certificate data file to another. For the range of 'XX', see TS 31.101. The length Y may be different from one key/certificate data file to another.
