Content for TS 31.102 Word version: 18.5.0

0… 3… 4… 4.2.9… 4.2.17… 4.2.26… 4.2.34… 4.2.44… 4.2.52… 4.2.60… 4.2.68… 4.2.76… 4.2.85… 4.2.93… 4.2.101… 4.2.107… 4.3… 4.4.2… 4.4.2.4… 4.4.3… 4.4.4… 4.4.5… 4.4.6… 4.4.8… 4.4.8.7… 4.4.9… 4.4.11… 4.4.11.7… 4.4.11.17… 4.4.12… 4.5… 4.6… 4.6.5… 4.6.6… 4.7 5… 5.2… 5.3… 5.4… 5.9… 6… 7… 7.1.2… 7.3… A B… D E… G H… I… L… M…

7.1.2 Command parameters and data 7.1.2.1 GSM/3G/EPS/5G security context 7.1.2.2 VGCS/VBS security context 7.1.2.3 GBA security context (Bootstrapping Mode) 7.1.2.4 GBA security context (NAF Derivation Mode) 7.1.2.5 MBMS security context (All Modes) 7.1.2.6 Local Key Establishment security context (All Modes) 7.1.2.6.1 Local Key Establishment security context (Key Derivation mode) 7.1.2.6.2 Local Key Establishment security context (Key Availability Check mode)
...

7.1.2 Command parameters and data p. 328

This command can be used with an EVEN or an ODD instruction (INS) code. The EVEN instruction code can be used when the challenge data provided by the terminal is not TLV encapsulated data and the length of the challenge data provided by the terminal is less than 256 bytes.

The ODD instruction code shall be used with the security context specified in Table 2, when challenge and response data is TLV encapsulated regardless of their length. Terminals and UICCs that do not support security context requiring TLV format (e.g. MBMS), do not have to support AUTHENTICATE command with ODD instruction code.

EVEN INS code

Code	Value
CLA	As specified in TS 31.101
INS	'88'
P1	'00'
P2	See Table 1 below
Lc	See below
Data	See below
Le	'00', or maximum length of data expected in response

Parameter P2 specifies the authentication context as follows:

Table 7.1.2-1: Coding of the reference control P2

Coding b8-b1

Meaning

'1-------'

Specific reference data (e.g. DF specific/application dependant key)

'----- XXX'

Authentication context:

000	GSM context
001	3G/EPS/5G context
010	VGCS/VBS context
100	GBA context

All other codings are RFU.

ODD INS code

The authentication data and the authentication response data are encapsulated in BER-TLV objects structured using tag '73' for BER-TLV structured data and tag '53' otherwise.

How this command can chain successive blocks of authentication data, or authentication response data is described in TS 31.101.

If P1 indicates "First block of authentication data" or "Next block of authentication data":

Input:

Authentication data encapsulated in a BER-TLV data object.

Output:

None.

Code	Value
CLA	As specified in TS 31.101
INS	'89'
P1	As specified in TS 31.101
P2	See Table 2 below
Lc	Length of the subsequent data field
Data	Authentication related data
Le	Not present

If P1 indicates "First block of authentication response data" or "Next block of authentication response data":

Input:

None.

Output:

Authentication response data encapsulated in a BER-TLV data object.

Code	Value
CLA	As specified in TS 31.101
INS	'89'
P1	As specified in TS 31.101
P2	See Table 2 below
Lc	Not present
Data	Not present
Le	Length of the response data

Parameter P1 is used to control the data exchange between the terminal and the UICC as defined in TS 31.101.

Parameter P2 specifies the authentication context as follows:

Table 7.1.2-2: Coding of the reference control P2

Coding b8-b1

Meaning

'1-------'

Specific reference data (e.g. DF specific/application dependant key)

'----- XXX'

Authentication context:

101	MBMS context
110	Local Key Establishment mode

All other codings are RFU.

Command parameters/data:

7.1.2.1 GSM/3G/EPS/5G security context |R6| p. 330

Byte(s)	Description	Length
1	Length of RAND (L1)	1
2 to (L1+1)	RAND	L1
(L1+2)	Length of AUTN (L2) (see note)	1
(L1+3) to (L1+L2+2)	AUTN (see note)	L2
NOTE: Parameter present if and only if in 3G/EPS/5G security context.

The coding of AUTN is described in TS 33.102. The most significant bit of RAND is coded on bit 8 of byte 2. The most significant bit of AUTN is coded on bit 8 of byte (L1+3).

Response parameters/data, case 1, 3G/EPS/5G security context, command successful:

Byte(s)	Description	Length
1	"Successful 3G authentication" tag = 'DB'	1
2	Length of RES (L3)	1
3 to (L3+2)	RES	L3
(L3+3)	Length of CK (L4)	1
(L3+4) to (L3+L4+3)	CK	L4
(L3+L4+4)	Length of IK (L5)	1
(L3+L4+5) to (L3+L4+L5+4)	IK	L5
(L3+L4+L5+5)	Length of KC (= 8) (see note)	1
(L3+L4+L5+6) to (L3+L4+L5+13)	KC (see note)	8
NOTE: Parameter present if and only if Service No. 27 is "available".

The most significant bit of RES is coded on bit 8 of byte 3. The most significant bit of CK is coded on bit 8 of byte (L3+4). The most significant bit of IK is coded on bit 8 of byte (L3+L4+5).

Response parameters/data, case 2, 3G/EPS/5G security context, synchronisation failure:

Byte(s)	Description	Length
1	"Synchronisation failure" tag = 'DC'	1
2	Length of AUTS (L1)	1
3 to (L1+2)	AUTS	L1

The coding of AUTS is described in TS 33.102. The most significant bit of AUTS is coded on bit 8 of byte 3.

Response parameters/data, case 3, GSM security context, command successful:

Byte(s)	Description	Length
1	Length of SRES (= 4)	1
2 to 5	SRES	4
6	Length of KC (= 8)	1
7 to 14	KC	8

The most significant bit of SRES is coded on bit 8 of byte 2. The most significant bit of Kc is coded on bit 8 of byte 7.

7.1.2.2 VGCS/VBS security context |R6| p. 331

Byte(s)	Description	Length
1	Length of Vservice_Id	1
2 to 5	Vservice_Id	4
6	Length of VK_Id	1
7	VK_Id	1
8	Length of VSTK_RAND (L1)	1
9 to L1+8	VSTK_RAND	L1

Vservice_Id is coded in the same way as the octets 2-5 in the Descriptive group or broadcast call reference information element as defined in TS 24.008.

An Example for the coding of Vservice_Id can be found in Annex K.

The coding of VK_Id is as follows:

Coding of VK_Id

Coding b8-b1	Meaning
'00000001'	Corresponds to the 1st group key
'00000010'	Corresponds to the 2nd group key

The coding of VSTK_RAND is described in TS 43.020. The VSTK_RAND shall be inserted left-aligned into the L1 bytes, with unused bits to the right set to zero.

Response parameters/data, VGCS/VBS security context, command successful:

Byte(s)	Description	Length
1	"Successful VGCS/VBS operation" tag = 'DB',	1
2	Length of VSTK (16)	1
3 to 18	VSTK	16

7.1.2.3 GBA security context (Bootstrapping Mode) |R6| p. 331

Byte(s)	Description	Length
1	"GBA Security Context Bootstrapping Mode" tag = 'DD'	1
2	Length of RAND (L1)	1
3 to (L1+2)	RAND	L1
(L1+3)	Length of AUTN (L2)	1
(L1+4) to (L1+L2+3)	AUTN	L2

Response parameters/data, GBA security context (Bootstrapping Mode), synchronisation failure:

Byte(s)	Description	Length
1	"Synchronisation failure" tag = 'DC'	1
2	Length of AUTS (L1)	1
3 to (L1+2)	AUTS	L1

AUTS coded as for UMTS Security context.

Response parameters/data, GBA security context (Bootstrapping Mode), command successful:

Byte(s)	Description	Length
1	"Successful GBA operation" tag = 'DB'	1
2	Length of RES (L)	1
3 to (L+2)	RES	L

RES coded as for UMTS Security context.

7.1.2.4 GBA security context (NAF Derivation Mode) |R6| p. 332

Byte(s)	Description	Length
1	"GBA Security Context NAF Derivation Mode" tag = 'DE'	1
2	Length of NAF_ID (L1)	1
3 to (L1+2)	NAF_ID	L1
(L1+3)	Length of IMPI (L2)	1
(L1+4) to (L1+L2+3)	IMPI	L2

Response parameters/data, GBA security context (NAF Derivation Mode), command successful:

Byte(s)	Description	Length
1	"Successful GBA operation" tag = 'DB'	1
2	Length of Ks_ext_NAF (L)	1
3 to (L+2)	Ks_ext_NAF	L

Coding of Ks_ext_NAF as described in TS 33.220.

7.1.2.5 MBMS security context (All Modes) |R6| p. 332

Byte(s)	Description	Coding	Length
1	MBMS Data Object tag ('53')	As defined in TS 31.101 for BER-TLV data object	1
2 to 1+A bytes (A ≤ 4)	MBMS Data Object length (L1)	As defined in TS 31.101 for BER-TLV data object	A
A+2	MBMS Security Context Mode	See below	1
A+3 to (A+L1+1)	MIKEY message or Key Domain ID \|\| MSK ID Key Group part or MUK ID TLV		L1-1

Only the MIKEY message shall be transmitted in the MBMS security context mode '01' or '02'.

Only the Key Domain ID (coded on 3 bytes as described in TS 33.246) concatenated with the Key Group part of the MSK ID (coded on two bytes as described in TS 33.246 where the last transmitted byte represents the least significant byte of the Key Group part) shall be transmitted in the MBMS security context mode '03'.

Only the MUK ID TLV shall be transmitted in the MBMS security context mode '04'. The MUK ID TLV, containing the MUK Idr and MUK Idi only, shall be encoded as described in clause 4.2.81.

Parameter MBMS Security Context Mode specifies the MBMS mode in which MBMS security procedure is performed as follows:

Coding of MBMS Security Context Mode

Coding	Meaning
'01'	MSK Update Mode
'02'	MTK Generation Mode
'03'	MSK Deletion Mode
'04'	MUK Deletion Mode

Response parameters/data, MBMS security context (MSK Update Mode), command successful:

Byte(s)	Description	Coding	Length
1	MBMS operation response Data Object tag ('53')	As defined in TS 31.101 for BER-TLV data object	1
2 to 1+A bytes (A ≤ 4)	MBMS operation response Data Object length (L)	As defined in TS 31.101 for BER-TLV data object	A
A+2	"Successful MBMS operation" tag = 'DB' (see note 1)		1
A+3 to (A+L+1)	MIKEY message (see note 1)		L-1
NOTE: Parameter present if a MIKEY verification message is returned. Otherwise, the USIM returns "53 01 DB"

Response parameters/data, MBMS security context (MTK Generation Mode), command successful:

Byte(s)	Description	Coding	Length
1	MBMS operation response Data Object tag ('53')	As defined in TS 31.101 for BER-TLV data object	1
2 to 1+A bytes (A ≤ 4)	MBMS operation response Data Object length (L)	As defined in TS 31.101 for BER-TLV data object	A
A+2	"Successful MBMS operation" tag = 'DB'		1
A+3 to (A+L+1)	MTK \|\| Salt (if Salt key is available)		L-1

Response parameters/data, MBMS security context (MSK and MUK Deletion Mode), command successful:

Byte(s)	Description	Coding	Length
1	MBMS operation response Data Object tag ('53')	As defined in TS 31.101 for BER-TLV data object	1
2	MBMS operation response Data Object length	As defined in TS 31.101 for BER-TLV data object	1
3	"Successful MBMS operation" tag = 'DB'		1

The coding of parameters is described in TS 33.246.

7.1.2.6 Local Key Establishment security context (All Modes) |R7| p. 333

The Local Key Establishment Control TLV is included in the command data to indicate the security context mode. The Local Key Establishment Control TLV is also included in the response data to indicate the operation status.

Table 3: Coding of the Local Key Establishment Control TLV

Tag Value	Length	Value / Meaning
'80'	Coded according to ISO/IEC 8825-1 [35]	Local Key Establishment context: '01': Key Derivation mode '02': Key Availability Check mode Operation Status: 'DB': Successful Operation

7.1.2.6.1 Local Key Establishment security context (Key Derivation mode) p. 333

Command parameters/data:

Byte(s)	Description	Coding	Length
1	Key Derivation Data Object tag ('73')	As defined in TS 31.101 for BER-TLV data object	1
2 to A+1 bytes (A ≤ 4)	Key Derivation Data Object length (L)	As defined in TS 31.101 for BER-TLV data object	A
A+2 to (A+L+1)	Key Derivation Data Object		L

Key Derivation Data Object content:

The TLVs defined in table 4 are included in the Key Derivation Data Object.

Table 4: Coding of the Key Derivation Data Object

Description	Value	M/O	Length (bytes)
Local Key Establishment Control TLV	Coded as defined in clause 7.1.2.6. The value field shall be set to '01'	M	B
Counter Limit tag	'81'	M	1
Length	C	M	Note 1
Counter Limit	Coded as defined in TS 33.110	M	C
Request MAC tag	'82'	M	1
Length	D	M	Note 1
Request MAC	Coded as defined in TS 33.110	M	D (see Note 3)
Key Identifier tag	'A0'	M	1
Length	E (see Note 2)	M	Note 1
NAF_ID tag	'83'	M	1
Length	F	M	Note 1
NAF_ID	Coded as defined in TS 33.220	M	F
Terminal_ID tag	'84'	M	1
Length	G	M	Note 1
Terminal_ID	Coded as defined in TS 33.110	M	G
Terminal_appli_ID tag	'85'	M	1
Length	H	M	Note 1
Terminal_appli_ID	Coded as defined in TS 33.110	M	H
UICC_appli_ID tag	'86'	M	1
Length	I	M	Note 1
UICC_appli_ID	Coded as defined in TS 33.110	M	I
RANDx tag	'87'	M	1
Length	J	M	Note 1
RANDx	Coded as defined in TS 33.110	M	J (see Note 4)
NOTE 1: The length is coded according to ISO/IEC 8825-1 [35]. NOTE 2: The Key Identifier TLV is a constructed TLV containing the following primitive TLVs: NAF_ID, Terminal_ID, Terminal_appli_ID, UICC_appli_ID and RANDx. E is the length of the constructed Key Identifier value. NOTE 3: The most significant bit of the request MAC is coded on bit 8 of the first byte following the MAC Length. NOTE 4: The most significant bit of the RANDx is coded on bit 8 of the first byte following the RANDx Length.

Response parameters/data, Local Key Establishment security context (Key Derivation mode), command successful:

Byte(s)	Description	Coding	Length
1	Key Derivation Operation Response Data Object tag ('73')	As defined in TS 31.101 for BER-TLV data object	1
2 to A1+1 bytes (A1 ≤ 4)	Key Derivation Operation Response Data Object length (L1)	As defined in TS 31.101 for BER-TLV data object	A1
A1+2 to (A1+L1+1)	Key Derivation Operation Response Data Object		L1

Key Derivation Operation Response Data Object content: The TLVs defined in table 5 are included in the Key Derivation Operation Response Data Object.

Table 5: Coding of the Key Derivation Operation Response Data Object

Description	Value	M/O	Length (bytes)
Local Key Establishment Control TLV	Coded as defined in clause 7.1.2.6. The value field shall be set to 'DB'	M	B
Response MAC tag	'82'	M	1
Length	C	M	Note 1
Response MAC	Coded as defined in TS 33.110	M	C (see Note 2)
NOTE 1: The length is coded according to ISO/IEC 8825-1 [35]. NOTE 2: The most significant bit of the response MAC is coded on bit 8 of the first byte following the MAC length.

7.1.2.6.2 Local Key Establishment security context (Key Availability Check mode) p. 335

Command parameters/data:

Byte(s)	Description	Coding	Length
1	Key Availability Check Data Object tag ('73')	As defined in TS 31.101 for BER-TLV data object	1
2 to 1+A bytes (A ≤ 4)	Key Availability Check Data Object length (L)	As defined in TS 31.101 for BER-TLV data object	A
A+2 to (A+L+1)	Key Availability Check Data Object		L

Key Availability Check Data Object content: The TLVs defined in Table 6 are included in the Key Availability Check Data Object.

Table 6: Coding of the Key Availability Check Data Object

Description	Value	M/O	Length (bytes)
Local Key Establishment Control TLV	Coded as defined in clause 7.1.2.6. The value field shall be set to '02'	M	B
Key Identifier TLV	Coded as defined in clause 7.1.2.6.1	M	C

Response parameters/data, Local Key Establishment security context (Key Availability Check mode), command successful:

Byte(s)	Description	Coding	Length
1	Key Availability Check Operation Response Data Object tag ('73')	As defined in TS 31.101 for BER-TLV data object	1
2 to 1+A1 bytes (A1 ≤ 4)	Key Availability Check Operation Response Data Object length (L1)	As defined in TS 31.101 for BER-TLV data object	A1
A1+2 to (A1+L1+1)	Key Availability Check Operation Response Data Object		L1

Key Availability Check Operation Response Data Object content: The TLV defined in Table 7 is included in the Key Availability Check Operation Response Data Object.

Table 7: Coding of the Key Availability Check Operation Response Data Object

Description	Value	M/O	Length (bytes)
Local Key Establishment Control TLV	Coded as defined in clause 7.1.2.6. The value field shall be set to 'DB'	M	B

Content for TS 31.102 Word version: 18.5.0

7.1.2 Command parameters and data p. 328

7.1.2.1 GSM/3G/EPS/5G security context |R6| p. 330

7.1.2.2 VGCS/VBS security context |R6| p. 331

7.1.2.3 GBA security context (Bootstrapping Mode) |R6| p. 331

7.1.2.4 GBA security context (NAF Derivation Mode) |R6| p. 332

7.1.2.5 MBMS security context (All Modes) |R6| p. 332

7.1.2.6 Local Key Establishment security context (All Modes) |R7| p. 333

7.1.2.6.1 Local Key Establishment security context (Key Derivation mode) p. 333

7.1.2.6.2 Local Key Establishment security context (Key Availability Check mode) p. 335

7.2 Void