Content for ETSI TS 102 221 PDF version: 18.2.0

0… 4… 5… 6… 7… 7.2.3… 7.3… 7.3.2… 7.4… 8… 9… 10… 10.2… 11… 11.1.2… 11.1.9… 11.1.14… 11.1.19… 11.1.20… 11.1.21… 11.2… 11.3… 12… 13… 14… 15 A B C… D E… F… G… H… I J… K… L… M… N… O…

2.1 Normative references 2.2 Informative references 3.1 Terms 3.2 Symbols 3.3 Abbreviations 3.4 Coding conventions
...

0 Introduction p. 13

The present document defines a generic Terminal/Integrated Circuit Card (ICC) interface.

The aim of the present document is to ensure interoperability between an ICC and a terminal independently of the respective manufacturer, card issuer or operator. The present document does not define any aspects related to the administrative management phase of the ICC. Any internal technical realization of either the ICC or the terminal is only specified where these are reflected over the interface.

Application specific details for applications residing on an ICC are specified in the respective application specific documents. The Universal Subscriber Identity Module (USIM)-application for 3G telecommunication networks is specified in TS 31.102.

1 Scope p. 14

The present document specifies the interface between the UICC and the terminal.

The present document specifies:

the requirements for the physical characteristics of the UICC;
the electrical interface for exchanging APDUs between the UICC and the terminal, based on ISO/IEC 7816-3 [11];
the initial communication establishment and the transport protocols for this interface;
a model which serves as a basis for the logical structure of the UICC APDU interface;
communication commands and procedures for the UICC APDU interface;
application independent files and protocols for the UICC APDU interface.

Starting from Release 17, the UICC may support Logical Secure Element interfaces, which allows it to host multiple logical secure elements. A special form of such a Logical Secure Element (LSE) is a logical UICC. Where required, the lower layers which represent the features common to all LSEs are denoted as LSE base. The applicability of the clauses in the present document to either the LSE base or to the logical UICC is given in the introduction of each affected clause.

The administrative procedures, initial card management and optional communication interfaces between the UICC and terminal are not within the scope of the present document.

2 References p. 14

2.1 Normative references p. 14

References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies.

In the case of a reference to a TC SET document, a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

Referenced documents which are not found to be publicly available in the expected location might be found at https://docbox.etsi.org/Reference.

The following referenced documents are necessary for the application of the present document.

[1]

TS 23.038: "Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Alphabets and language-specific information".

[2]

TS 31.102: "Universal Mobile Telecommunications System (UMTS); LTE; 5G; Characteristics of the Universal Subscriber Identity Module (USIM) application".

[3]

ETSI TS 101 220: "Smart Cards; ETSI numbering system for telecommunication application providers".

[4]

ETSI TS 102 223: "Smart Cards; Card Application Toolkit (CAT)".

[5]

Recommendation ITU-T E.118: "The international telecommunication charge card".

[6]

ISO 639: "Codes for the representation of names of languages".

[7]

ISO/IEC 7810: "Identification cards -- Physical characteristics".

[8]

ISO/IEC 7811-1: "Identification cards -- Recording technique -- Part 1: Embossing".

[9]

ISO/IEC 7816-1: "Identification cards -- Integrated circuit cards -- Part 1: Cards with contacts - Physical characteristics".

[10]

ISO/IEC 7816-2: "Identification cards -- Integrated circuit cards -- Part 2: Cards with contacts - Dimensions and location of the contacts".

[11]

ISO/IEC 7816-3: "Identification cards -- Integrated circuit cards -- Part 3: Cards with contacts - Electrical interface and transmission protocols".

[12]

ISO/IEC 7816-4: "Identification cards -- Integrated circuit cards -- Part 4: Organization, security and commands for interchange".

[13] Void.

[14] Void.

[15] Void.

[16] Void.

[17]

ISO/IEC 10646: "Information technology -- Universal Coded Character Set (UCS)".

[18]

ETSI TS 102 600: "Smart Cards; UICC-Terminal interface; Characteristics of the USB interface".

[19]

ETSI TS 102 613: "Smart Cards; UICC - Contactless Front-end (CLF) Interface; Physical and data link layer characteristics".

[20]

ETSI TS 102 484: "Smart Cards; Secure channel between a UICC and an end-point terminal".

[21]

ETSI TS 102 225: "Smart Cards; Secured packet structure for UICC based applications".

[22]

TS 24.008: "Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 5G; Mobile radio interface Layer 3 specification; Core network protocols; Stage 3".

[23]

JEDEC JESD22-A101D.01: "Steady-State Temperature-Humidity Bias Life Test".

[24]

OMA-ERELD- Smartcard-Web-Server-V1-1-20090512-A: "Enabler Release Definition for Smartcard-Web-Server". Approved Version 1.1 - 12 May 2009 (OMA).

[25]

ISO/IEC 15948:2004: "Information technology -- Computer graphics and image processing -- Portable Network Graphics (PNG): Functional specification".

[26]

RFC 2046: "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types".

[27]

ETSI TS 102 671: "Smart Cards; Machine to Machine UICC; Physical and logical characteristics".

[28] Void.

[29]

ETSI TS 102 226: "Smart Cards; Remote APDU structure for UICC based applications".

[30] Void.

[31]

ISO/IEC 9797-1:2011: "Information technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 1: Mechanisms using a block cipher".

[32]

ETSI TS 102 222: "Integrated Circuit Cards (ICC); Administrative commands for telecommunications applications".

[33]

GSMA SGP.22: "RSP Technical Specification".

[34]

ETSI TS 103 666-1: "Smart Secure Platform (SSP); Part 1: General characteristics".

[35]

GSMA SGP.32: "eSIM IoT Technical Specification".

2.2 Informative references p. 16

In the case of a reference to a TC SET document, a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area.

[i.1]

GlobalPlatform: "GlobalPlatform Card Specification Version 2.3.1".

[i.2]

GlobalPlatform: "Card Specification Version 2.3 - Amendment D: Secure Channel Protocol 03, Version 1.2".

3 Definition of terms, symbols, abbreviations and coding conventions p. 16

3.1 Terms p. 16

For the purposes of the present document, the following terms apply:

4FF:

fourth form factor (format) of UICC

access conditions:

set of security attributes associated with a file

ADM:

access condition to an EF which is under the control of the authority which creates this file

application:

set of security mechanisms, files, data and protocols (excluding transmission protocols)

application DF:

entry point to an application

application protocol:

set of procedures required by the application

bearer independent protocol:

mechanism by which the terminal provides the UICC with access to the data bearers supported by the terminal and the network

Card Application Toolkit (CAT):

As specified in ETSI TS 102 223 [4].

card session:

link between the card and the external world, using APDUs, starting with the ATR and ending with a subsequent reset or a deactivation of the card

channel session:

link between the card and the external world during a card session on a given logical channel, starting with the opening of the logical channel and ending with the closure of the logical channel or the termination of the card session

class A operating conditions:

terminal or a smart card operating at 5 V ± 10 %

class B operating conditions:

terminal or a smart card operating at 3 V ± 10 %

class C operating conditions:

terminal or a smart card operating at 1,8 V ± 10 %

class D operating conditions:

terminal or a smart card operating at 1,2 V ± 0,1 V

current directory:

latest MF, DF or ADF selected

current EF:

latest EF selected

current file:

current EF, if an EF is selected, else the current directory

Data Object (DO):

information coded as TLV object(s), i.e. consisting of a Tag, a Length and a Value part

Dedicated File (DF):

file containing access conditions and, optionally, Elementary Files (EFs) or other Dedicated Files (DFs)

directory:

general term for MF, DF and ADF

Elementary File (EF):

file containing access conditions and data and no other files

file:

directory or an organized set of bytes or records in the UICC

file identifier:

2 bytes which address a file in the UICC

first level application:

selectable application that is indicated in EFDIR under the MF

EXAMPLE:

A USIM application.

function:

contains a command and a response pair

GSM session:

part of the card session dedicated to the GSM operation

ID-1 UICC:

UICC having the format of an ID-1 card

Lc:

length of command data sent by the application layer in a case 3 or 4 Command

Le:

maximum length of data expected by the application layer in response to a case 2 or 4 Command

Logical Secure Element (LSE):

secure element functionalities, applications and files grouped together to act like a secure element (e.g. UICC) when multiple logical secure element interfaces are supported

Logical Secure element Interface (LSI):

logical connection between an endpoint in the terminal and one logical secure element

logical UICC:

upper layers of the UICC which implement the logic for handling the commands, files and protocols

Lr:

length of data sent back to the terminal by the UICC in response to a case 2 or 4 Command

LSE base:

lower layers of the UICC which are common for all LSEs

Luicc:

exact length of data available in the UICC to be returned in response to the case 2 or 4 Command received by the UICC

Master File (MF):

unique mandatory file containing access conditions and optionally DFs and/or EFs

mini-UICC:

third form factor (format) of UICC

multi-application capable terminal:

terminal that can support more than one first level application with possibly separate user verification requirements for each application

multi-application card:

card that can have more than one selectable application

multi-session card:

card that supports more than one concurrent selectable application session during a card session

multi-verification capable UICC:

card that can have more than one first level application and may support separate user verification requirements for each application

normal USIM operation:

relating to general, PIN related, 3G and or GSM security and subscription related procedures

padding:

one or more bits appended to a message in order to cause the message to contain the required number of bits or bytes

plug-in UICC:

second form factor (format) of UICC

proactive UICC:

UICC which is capable of issuing commands to the terminal

proactive UICC session:

sequence of related CAT commands and responses which starts with the status response '91XX' (proactive command pending) and ends with a status response of '90 00' (normal ending of command) after Terminal Response

record:

string of bytes within an EF handled as a single entity

record number:

number which identifies a record within an EF

record pointer:

pointer which addresses one record in an EF

removable UICC:

UICC which is easily accessible or replaceable, is intended to be removed or replaced in the terminal

second level application:

application which can only be activated during the session of a first level application

selectable application:

application that is selectable by an AID according to the process described in ISO/IEC 7816-4 [12] over the terminal-UICC interface

selectable application session:

link between the application and the external world during a card session starting with the application selection and ending with de-selection or termination of the card session

single verification capable UICC:

card that only supports one user verification requirement for all first level applications

state H:

high state on the I/O line (Vcc)

state L:

low state on the I/O line (Gnd)

test capability:

capability of the UICC to support the test configuration state

test configuration:

UICC configuration fulfilling the test configuration criterion

test configuration criterion:

first level application (e.g. NAA) specific criterion defined in the first level application specific extension of the UICC platform, and includes one or more conditions necessary to activate a test configuration state

test configuration state:

state of test configuration on a UICC after evaluating the test configuration criterion (refer to Annex N)

test functionality:

capability of the UICC or the device to support a functionality (e.g. test toolkit events, device APDU monitoring, etc.) required for a test method

test toolkit events capability:

support of test capability and the test toolkit events within the UICC

transport layer:

layer responsible for transporting Secured Packets through the network

type 1 UICC:

UICC which always enters the negotiable mode after a warm reset

type 2 UICC:

UICC which always enters the specific mode after a warm reset

USIM session:

selectable application session for a USIM application

3.2 Symbols p. 19

For the purposes of the present document, the following symbols apply:

Baud rate adjustment integer

frequency

clock rate conversion factor

Gnd

Ground

t_F

Fall time

t_R

Rise time

Vcc

Supply Voltage

V_IH

Input Voltage (high)

V_IL

Input Voltage (low)

V_OH

Output Voltage (high)

V_OL

Output Voltage (low)

V_pp

Programming Voltage

3.3 Abbreviations p. 19

For the purposes of the present document, the following abbreviations apply:

Access Condition

ACK

ACKnowledgement

ADF

Application Dedicated File

AID

Application IDentifier

ALW

ALWays

Access Mode

AM_DO

Access Mode-Data Object

APDU

Application Protocol Data Unit

ARR

Access Rule Reference

Authentication Template

ATR

Answer To Reset

BCD

Binary Coded Decimal

BER

Basic Encoding Rules

BER-TLV

Tag, Length, Value (TLV) object formatted according to Basic Encoding Rules (BER)

BGT

Block Guard Time

BIP

Bearer Independent Protocol

BWT

Block Waiting Time

C-APDU

Command - Application Protocol Data Unit

CAT

Card Application Toolkit

CCT

Cryptographic Checksum Template

CLA

CLAss

CLF

ContactLess Front-end

CLK

CLocK

CRT

Control Reference Template

CSA

Connection Security Association

CSA_ID

Connection Security Association Identity

CSAMAC

Connection Security Association Message Authentication Code

Confidentiality Template

C-TPDU

Command - Transfer Protocol Data Unit

CWI

Character Waiting Integer

CWT

Character Waiting Time

DAD

Destination Address

DER

Distinguished Encoding Rule

Dedicated File

Data Object

DST

Digital Signature Template

EDC

Error Detection Code byte

Elementary File

EF_DIR

Elementary File DIRectory

etu

elementary time unit

eUICC

embedded UICC

FCP

File Control Parameters

FFS

For Further Study

FID

File IDentifier

GBA

Generic Bootstrapping Architecture

GSM

Global System for Mobile communications

I/O

Input/Output

IANA

Internet Assigned Numbers Authority

I-block

Information-block

ICC

Integrated Circuit Card

ICCID

Integrated Circuit Card Identification

IDentifier

IEC

International Electrotechnical Commission

IFS

Information Field Size

IFSC

Information Field Size for the UICC

IFSD

Information Field Size for the terminal

INF

INFormation field

INS

INStruction

Internet Protocol

ISO

International Organization for Standardization

LCSI

Life Cycle Status Information

LEN

LENgth

LRC

Longitudinal Redundancy Check

LSB

Least Significant Bit

LSE

Logical Secure Element

LSI

Logical Secure element Interface

MAC

Message Authentication Code

Mobile Equipment

Master File

MMI

Man-Machine Interface

MSA

Master SA

MSB

Most Significant Bit

NAA

Network Access Application

NAD

Node ADdress byte

NEV

NEVer

OSI

Open System Interconnection

Parameter 1

Parameter 2

Parameter 3

PCB

Protocol Control Byte

PDC

Personal Digital Cellular

Personal Identification Number

PNG

Portable Network Graphics

PPS

Protocol and Parameter Selection

PIN Status

PS_DO

PIN Status_Data Object

R-APDU

Response - Application Protocol Data Unit

R-block

Receive-ready block

RFU

Reserved for Future Use

RST

ReSeT

R-TPDU

Response-Transfer Protocol Data Unit

Security Association

SAD

Source Address

S-block

Supervisory-Block

Security Condition

SC_DO

Security Condition-Data Object

SCWS

Smart Card Web Server

Security Environment

SEID

Security Environment Identifier

SFI

Short (elementary) File Identifier

SIM

Subscriber Identity Module

Secure Messaging

SMS

Short Message Service

SWP

Single Wire Protocol

TCP

Transmission Control Protocol

TETRA

Terrestrial Trunked Radio

TLS

Transport Layer Security

TLV

Tag Length Value

TPDU

Transfer Protocol Data Unit

UCA

UICC Ciphering Algorithm

UCS2

Universal Character Set 2

User Equipment

UIM

UICC Integrity Mechanism

URI

Uniform Resource Identifier

URL

Uniform Resource Locator

USAT

Universal Subscriber Identity Module Application Toolkit

USIM

Universal Subscriber Identity Module

UTF

Universal Character Set Transformation Format

VPP

Programming power input, optional use by the card

Waiting time Integer

WML

Wireless Markup Language

WTX

Waiting Time eXtension

WWT

Work Waiting Time

3.4 Coding conventions p. 21

For the purposes of the present document, the following coding conventions apply:

All lengths are presented in bytes, unless otherwise stated. Each byte is represented by bits b8 to b1, where b8 is the Most Significant Bit (MSB) and b1 is the Least Significant Bit (LSB). In each representation, the leftmost bit is the MSB.

In the UICC, all bytes specified as RFU shall be set to '00' and all bits specified as RFU shall be set to 0. If the GSM and/or USIM application exists on a UICC or is built on a generic telecommunications card, then other values may apply for the non-GSM or non-USIM applications. The values will be defined in the appropriate specifications for such cards and applications. These bytes and bits shall not be interpreted by a terminal in a GSM or 3G session.

The coding of all data objects in the present document is according to ETSI TS 101 220 [3]. All data objects are BER-TLV except if otherwise defined.