Content for ETSI TS 102 221 PDF version: 18.2.0

0… 4… 5… 6… 7… 7.2.3… 7.3… 7.3.2… 7.4… 8… 9… 10… 10.2… 11… 11.1.2… 11.1.9… 11.1.14… 11.1.19… 11.1.20… 11.1.21… 11.2… 11.3… 12… 13… 14… 15 A B C… D E… F… G… H… I J… K… L… M… N… O…

11.1.20 MANAGE SECURE CHANNEL 11.1.20.1 General functional description 11.1.20.2 Retrieve UICC Endpoints 11.1.20.3 Establish SA - Master SA 11.1.20.4 Establish SA - Connection SA 11.1.20.5 Establish SA - Start Secure Channel 11.1.20.6 Terminate Secure Channel SA
...

11.1.20 MANAGE SECURE CHANNEL p. 120

11.1.20.1 General functional description p. 120

This command performs the functionality specified by ETSI TS 102 484 [20] to manage APDU based secure channels.

P1 determines which sub procedure is required, the P2 parameter value meaning is specific to each P1 value. The command and response data are encapsulated in BER-TLV objects structured as defined in clause 11.3 using tag '73' for BER-TLV structured data and tag '53' otherwise.

This command can chain successive blocks of command data, if present, with a maximum size of 255 bytes each, required for one operation using P2 to indicate the first/next block. The terminal performs the segmentation of the data, and the UICC the concatenation of the data. The first MANAGE SECURE CHANNEL APDU is sent with P2 indicating "First block of command data". Following MANAGE SECURE CHANNEL APDUs are sent with P2 indicating "Next block of command data". As long as the UICC has not received all segments of the command data it shall answer with SW1 SW2 '63 F1'. When all segments of the command data are received and if the command produces a response, the UICC shall answer with SW1 SW2 '62 F3'.

The command response data is retrieved from the UICC using one or more separate MANAGE SECURE CHANNEL APDUs with the same chaining mechanism as for the command data. The UICC performs the segmentation of the data, and the terminal the concatenation of the response data. The first MANAGE SECURE CHANNEL APDU is sent with P2 indicating "First block of response data". Following MANAGE SECURE CHANNEL APDUs are sent with P2 indicating "Next block of response data". As long as the UICC has not sent all segments of the response data it shall answer with SW1 SW2 '62 F1'. When all segments of the response data are sent, the UICC shall answer with SW1 SW2 '90 00'.

The following P1 values are defined:

Table 11.21a: Coding of P1

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	0	0	0	Retrieve UICC Endpoints
-	-	-	-	0	0	0	1	Establish SA - Master SA
-	-	-	-	0	0	1	0	Establish SA - Connection SA
-	-	-	-	0	0	1	1	Start Secure Channel
-	-	-	-	0	1	0	0	Terminate secure channel SA
-	-	-	-	All other values				RFU
X	X	X	X	-	-	-	-	RFU (shall be set to 0)

Each sub procedure indicated by P1 is defined below.

The following P2 values are defined:

Table 11.21b: Coding of P2

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
1	0	0	-	-	-	-	-	First block of command data
0	0	0	-	-	-	-	-	Next block of command data
0	1	0	-	-	-	-	-	Retransmit previous block of command data
1	0	1	-	-	-	-	-	First block of response data
0	0	1	-	-	-	-	-	Next block of response data
0	1	1	-	-	-	-	-	Retransmit previous block of response data
All other values			-	-	-	-	-	RFU
-	-	-	X	X	X	X	X	RFU (shall be set to 0)

RFU bits in P1 and P2 shall be ignored by the UICC.

11.1.20.2 Retrieve UICC Endpoints p. 121

11.1.20.2.0 Introduction p. 121

Clause 11.1.20.2 defines the MANAGE SECURE CHANNEL function and coding when P1 = 'Retrieve UICC Endpoints'.

11.1.20.2.1 Functional description p. 121

This command allows the terminal to retrieve a list of secure channel endpoints from the UICC as defined in ETSI TS 102 484 [20] and the maximum data container size available for the TRANSACT DATA command. In order to retrieve the end point information P2 is set to "First block of response data" or in case of the response data longer than 255 bytes following blocks are retrieved be setting P2 to "Next block of response data".

If this command is sent via any existing secure channel, then the endpoints returned shall be the end points that are currently available at the UICC end of this secure channel.

If there are endpoints available on the UICC, then an "Endpoint information" TLV shall be present for each available

endpoint.

If the remaining Response is greater than 255 bytes then the next 255 bytes shall be returned and the SW1 SW2 shall be set to "More data available".

If the remaining Response is less than or equal to 255 bytes then all of the bytes shall be returned and SW1 SW2 shall be set to "normal ending of command".

11.1.20.2.2 Command parameters and data p. 122

Code	Value
CLA	As specified in clause 10.1.1
INS	As specified in clause 10.1.2
P1	'00'
P2	See Table 11.21b
Lc	Not Present
Data	Not Present
Le	Length of expected response data

Response data:

The UICC shall return the following data encapsulated in tag '73':

Table 11.22: Response Retrieve UICC endpoints

Description	Tag	Status
UICC_ID TLV	'81'	M
Endpoint information TLV	'82'	C
Endpoint information TLV	'82'	C
…	…	…
Endpoint information TLV	'82'	C

If no endpoints are available tag '82' is not returned. Multiple endpoints are indicated by multiple BER-TLV objects using tag '82'.

Coding of UICC_ID TLV:

Byte(s)	Description	Value	Length
1	Tag	'81'	1
2	Length	X	1
3 to 3+X	UICC_ID		X

Coding of UICC_ID:

This shall be a unique value that identifies that UICC. This shall be the ICCID as defined for EFICCID.

Endpoint information TLV:

This TLV contains the identity and type for an available endpoint.

Byte(s)	Description	Value	Length
1	Tag	'82'	1
2	Length	7+X	1
3	Endpoint type		1
4 to 7	Endpoint Secure channel capability		4
8 to 9	Endpoint Port number		2
10 to 10+X	Endpoint identifier		X

Coding of Endpoint type value:

'01' = "Platform level secure channel endpoint".
'02' = "Application level secure channel endpoint".

Coding of Endpoint Secure channel capability value:

Byte 1:

Transport support

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	Accessible via APDU interface
-	-	-	-	-	-	1	-	Accessible via USB IP interface
-	-	-	-	-	1	-	-	Accessible via BIP IP interface
X	X	X	X	X	-	-	-	RFU

Byte 2:

Supported secure channel types

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	TLS
-	-	-	-	-	-	1	-	Ipsec
-	-	-	-	-	1	-	-	APDU secure channel
-	-	-	-	1	-	-	-	Proprietary type known to both parties
-	-	0	0	-	-	-	-	No information given
-	-	0	1	-	-	-	-	Two connection Sas supported concurrently
-	-	1	0	-	-	-	-	Three connection Sas supported concurrently
-	-	1	1	-	-	-	-	Four connection Sas supported concurrently
1	-	-	-	-	-	-	-	Secure channel required for all communication to this endpoint
-	X	-	-	-	-	-	-	RFU

Byte 3:

Supported key agreement methods

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	Strong Preshared Keys - GBA
-	-	-	-	-	-	1	-	Strong Preshared Keys - Proprietary Pre agreed keys
-	-	-	-	-	1	-	-	Weak Preshared Keys - Proprietary Pre agreed keys
-	-	-	-	1	-	-	-	Certificate exchange
X	X	X	X	-	-	-	-	RFU

Byte 4:

indicates the maximum data container size - this is the maximum container size that can be indicated in the Endpoint data container size BER-TLV in the MANAGE SECURE CHANNEL - Start Secure Channel for this endpoint. The coding is hexadecimal.

Coding of the Endpoint Port Number:

If the Endpoint Secure channel capability indicates support of TLS then the endpoint port number shall be the hex coded value of the TCP port to be used else this shall be set to 'FFFF'.

Coding of the Endpoint identifier value:

The endpoint identifier shall be the AID value of the application that hosts the endpoint. See ETSI TS 101 220 [3].

11.1.20.3 Establish SA - Master SA p. 123

11.1.20.3.0 Introduction p. 123

Clause 11.1.20.3 defines the MANAGE SECURE CHANNEL function and coding when P1 = 'Establish SA - Master SA'.

11.1.20.3.1 Functional description p. 123

This command allows the terminal to establish a Master SA with the UICC as defined in ETSI TS 102 484 [20].

11.1.20.3.2 Command parameters and data p. 124

The command data is sent to the UICC using P2='80' and the response data is retrieved using P2='A0'. The command and response data is encapsulated using tag '73'.

If P2 is set to " First block of command data" or " Next block of command data".

Code	Value
CLA	As specified in clause 10.1.1
INS	As specified in clause 10.1.2
P1	'01'
P2	See Table 11.21b
Lc	Length of subsequent data field
Data	As specified in Table 11.23
Le	Not Present

If P2 is set to " First block of response data" or "Next block of response data".

Code	Value
CLA	As specified in clause 10.1.1
INS	As specified in clause 10.1.2
P1	'01'
P2	See Table 11.21b
Lc	Not present
Data	Not present
Le	Length of the response data

Command data:

Table 11.23: Coding of Data

Description	Tag	Status
Key Agreement Mechanism tag	'87'	M
Term label - Terminal_ID tag	'83'	M
Term label - Terminal_appli_ID tag	'84'	M
Term label - UICC_Identifier tag	'85'	M
Term label - UICC_appli_ID	'86'	M

This BER-TLV data object contains the available Key Agreement Mechanisms. Coding of Key Agreement Mechanism BER-TLV tag '87'.

Byte(s)	Description	Value	Length
1	Tag	'87'	1
2	Length	X	1
3 to 3+X	Available Key Agreement Mechanism		X
NOTE: In the present document only the first byte is defined, see below.

Coding of Byte 1 - Supported key agreement methods:

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	Strong Preshared Keys - GBA
-	-	-	-	-	-	1	-	Strong Preshared Keys - Proprietary Pre agreed keys
-	-	-	-	-	1	-	-	Weak Preshared Keys - Proprietary Pre agreed keys
-	-	-	-	1	-	-	-	Certificate exchange
X	X	X	X	-	-	-	-	RFU

Coding of Term label - Terminal_ID BER-TLV, tag '83':

Byte(s)	Description	Value	Length
1	Tag	'83'	1
2	Length	X	1
3 to 3+X	Terminal_ID		X

Coding of Terminal_ID:
- This shall be a unique value that identifies that terminal. This may be the IMEI as defined in TS 24.008.

Coding of Term label - Terminal_appli_ID BER-TLV, tag '84':

Byte(s)	Description	Value	Length
1	Tag	'84'	1
2	Length	X	1
3 to 3+X	Terminal_appli_ID		X

Coding of Terminal_appli_ID:
- This shall be a value that identifies the application in that terminal that hosts the terminal endpoint. This value shall uniquely identify an application within the terminal.

Coding of Term label - UICC_Identifier BER-TLV, tag '85':

Byte(s)	Description	Value	Length
1	Tag	'85'	1
2	Length	X	1
3 to 3+X	UICC_Identifier		X

Coding of UICC_ID:
- This shall be a unique value that identifies that UICC. This shall be the ICCID as defined for EFICCID.

Coding of Term label - UICC_appli_ID BER-TLV, tag '86':

Byte(s)	Description	Value	Length
1	Tag	'86'	1
2	Length	X	1
3 to 3+X	UICC_appli_ID		X

Coding of UICC_appli_ID:
- This shall be the AID of the application in that UICC that hosts the UICC endpoint. See ETSI TS 101 220 [3].

Response data:

Table 11.24: Coding of Response Data

Description	Tag	Status
Key Agreement Mechanism tag	'87'	M
MSA_ID tag	'88'	M

Coding Key agreement mechanism to be used tag '87':

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	Strong Preshared Keys - GBA
-	-	-	-	-	-	1	-	Strong Preshared Keys - Proprietary Pre agreed keys
-	-	-	-	-	1	-	-	Weak Preshared Keys - Proprietary Pre agreed keys
0	-	-	-	1	-	-	-	Certificate exchange
1	-	-	-	-	-	-	-	Pre shared key exists
-	X	X	X	-	-	-	-	RFU

Coding of MSA_ID BER-TLV, tag '88':
- Unique 16 byte Hex number that identifies a specific Master_SA. See ETSI TS 102 484 [20].

11.1.20.4 Establish SA - Connection SA p. 126

11.1.20.4.0 Introduction p. 126

This clause defines the MANAGE SECURE CHANNEL function and coding when P1 = 'Establish SA - Connection_SA'.

11.1.20.4.1 Functional description p. 126

This command allows the terminal to establish a Connection SA with the UICC as defined in ETSI TS 102 484 [20].

11.1.20.4.2 Command parameters and data p. 126

The command data is sent to the UICC using P2='80' and the response data is retrieved using P2='A0'. The command and response data is encapsulated using tag '73'.

If P2 is set to "First block of command data" or "Next block of command data":

Code	Value
CLA	As specified in clause 10.1.1
INS	As specified in clause 10.1.2
P1	'02'
P2	See Table 11.21b
Lc	Length of subsequent data field
Data	As specified in Table 11.23
Le	Not present

If P2 is set to " First block of response data" or " Next block of response data":

Code	Value
CLA	As specified in clause 10.1.1
INS	As specified in clause 10.1.2
P1	'02'
P2	See Table 11.21b
Lc	Not present
Data	Not present
Le	Length of the response data

Command data:

Table 11.25: Coding of Data

Description	Tag	Status
Algorithm and integrity tag	'89'	M
MSA_ID tag	'88'	M
Tnonce tag	'8A'	M

Coding of Algorithm and Integrity BER-TLV, tag '89':

Coding of Byte 1 - Supported Ciphering Algorithms TSCA:

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	reserved (used for 3DES - outer CBC using 2 keys as defined inprevious releases)
-	-	-	-	-	-	1	-	3DES - outer CBC using 3 keys as defined in ETSI TS 102 225 [21] (see note)
-	-	-	-	-	1	-	-	128-bit AES in CBC mode as defined in ETSI TS 102 225 [21]
1	-	-	-	-	-	-	-	Proprietary algorithm (known to both parties)
-	X	X	X	X	-	-	-	RFU
NOTE: 3DES with 3 keys should be restricted to legacy scenarios.

Coding of Byte 2 - Supported Integrity mechanisms TSIM:

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	CRC32 as defined in ETSI TS 102 225 [21]
-	-	-	-	-	-	1	-	reserved (used for MAC algorithm 3 using block cipher DES and padding method 1 as defined in ISO/IEC 9797-1 [31] without MAC truncation, as defined in previous releases)
-	-	-	-	-	1	-	-	128-bit AES in CMAC mode as defined in ETSI TS 102 225 [21]
1	-	-	-	-	-	-	-	Proprietary mechanism (known to both parties)
-	X	X	X	X	-	-	-	RFU

Coding of MSA_ID BER TLV, tag '88':
- Unique 16 byte Hex number that identifies a specific Master_SA. See ETSI TS 102 484 [20].

Coding of Tnonce BER_TLV, tag '8A':
- Randomly generated 16 byte Tnonce in Hex. See ETSI TS 102 484 [20].

Response data:

Table 11.26: Coding of the response data

Description	Tag	Status
Algorithm and integrity BER-TLV	'89'	M
CSA_ID BER-TLV	'8B'	M
Unonce BER-TLV	'8C'	M
CSAMAC BER-TLV	'8F'	M

Coding of Algorithm and Integrity BER-TLV, tag '89':

Coding of Byte 1 - Ciphering Algorithm (UCA):

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	reserved (used for 3DES - outer CBC using 2 keys as defined in previous releases)
-	-	-	-	-	-	1	-	3DES - outer CBC using 3 keys as defined in ETSI TS 102 225 [21] (see note)
-	-	-	-	-	1	-	-	128-bit AES in CBC mode as defined in ETSI TS 102 225 [21] (see note)
1	-	-	-	-	-	-	-	Proprietary algorithm (known to both parties)
-	X	X	X	X	-	-	-	RFU
NOTE: 3DES with 3 keys should be restricted to legacy scenarios.

Coding of Byte 2 - Integrity mechanism (UIM):

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	CRC32 as defined in ETSI TS 102 225 [21]
-	-	-	-	-	-	1	-	reserved (used for MAC algorithm 3 using block cipher DES and padding method 1 as defined in ISO/IEC 9797-1 [31] without MAC truncation, as defined in previous releases)
-	-	-	-	-	1	-	-	128-bit AES in CMAC mode as defined in ETSI TS 102 225 [21]
1	-	-	-	-	-	-	-	Proprietary mechanism (known to both parties)
-	X	X	X	X	-	-	-	RFU

Coding of CSA_ID BER-TLV, tag '8B':
- Unique 16 byte Hex number that identifies a specific Connection_SA. See ETSI TS 102 484 [20].

Coding of Unonce BER-TLV, tag '8C':
- Randomly generated 16 byte Unonce in Hex. See ETSI TS 102 484 [20].

Coding of CSAMAC BER-TLV, tag '8F':
- 16 byte hex value. See ETSI TS 102 484 [20].

11.1.20.5 Establish SA - Start Secure Channel p. 128

11.1.20.5.0 Introduction p. 128

This clause defines the MANAGE SECURE CHANNEL function and coding when P1 = 'Establish SA - Start Secure Channel'.

11.1.20.5.1 Functional description p. 128

This command allows the terminal to secure a logical channel with the UICC as defined in ETSI TS 102 484 [20]. For a platform to platform secure channel, this command shall only be used on logical channel 0. It contains the final part of the authenticated handshake for the MANAGE SECURE CHANNEL - 'Establish SA - Connection_SA' command.

11.1.20.5.2 Command parameters and data p. 128

The command data is sent to the UICC using P2='80' and the response data is retrieved using P2='A0'. The command data is encapsulated using tag '73' and the response data is encapsulated using tag '53'.

If P2 is set to "First block of command data" or "Next block of command data":

Code	Value
CLA	As specified in clause 10.1.1
INS	As specified in clause 10.1.2
P1	'03'
P2	See Table 11.21b
Lc	Length of subsequent data field
Data	As specified in Table 11.23
Le	Not present

If P2 is set to "First block of response data" or "Next block of response data":

Code	Value
CLA	As specified in clause 10.1.1
INS	As specified in clause 10.1.2
P1	'03'
P2	See Table 11.21b
Lc	Not present
Data	Not present
Le	Length of the response data

Command data:

Table 11.27: Coding of the data

Description	Tag	Status
Algorithm and integrity tag	'89'	M
CSA_ID tag	'8B'	M
SSCMAC tag	'8D'	M
Endpoint data container size tag	'8E'	M

Coding of Algorithm and Integrity BER-TLV, tag '89':

Coding of Byte 1 - Ciphering Algorithm (UCA):

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	reserved (used for 3DES - outer CBC using 2 keys as defined in previous releases)
-	-	-	-	-	-	1	-	3DES - outer CBC using 3 keys as defined in ETSI TS 102 225 [21]
-	-	-	-	-	1	-	-	128-bit AES in CBC mode as defined in ETSI TS 102 225 [21]
1	-	-	-	-	-	-	-	Proprietary algorithm (known to both parties)
-	X	X	X	X	-	-	-	RFU
NOTE: 3DES with 3 keys should be restricted to legacy scenarios.

Only one bit shall be indicated:

Coding of Byte 2 - Integrity mechanism (UIM):

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	-	-	-	-	-	-	1	CRC32 as defined in ETSI TS 102 225 [21]
-	-	-	-	-	-	1	-	reserved (used for MAC algorithm 3 using block cipher DES and padding method 1 as defined in ISO/IEC 9797-1 [31] without MAC truncation, as defined in previous releases)
-	-	-	-	-	1	-	-	128-bit AES in CMAC mode as defined in ETSI TS 102 225 [21]
1	-	-	-	-	-	-	-	Proprietary mechanism (known to both parties)
-	X	X	X	X	-	-	-	RFU
Only one bit shall be indicated.

Coding of CSA_ID BER-TLV, tag '8B':
- Unique 16 byte Hex number that identifies a specific Connection_SA. See ETSI TS 102 484 [20].

Coding of SSCMAC BER-TLV, tag '8D':
- 16 byte hex value. See ETSI TS 102 484 [20].

Coding of the Endpoint data container size BER-TLV, tag '8E':
- This is the length of the value part of the secure channel data TLV specified for the TRANSACT DATA command. The data container size set by the terminal shall be less or equal to the value indicated in the BER-TLV object returned with Tag '82' returned by the Retrieve UICC Endpoints command.

Response data:

The response data is encapsulated in BER-TLV using tag '53'.

Table 11.28: Coding of the response data

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
X	X	-	-	-	-	-	-	Session number
-	-	0	0	0	0	0	0	RFU

In the TRANSACT DATA command the session number shall be associated with the Endpoint data container size for the secure channel started with this command.

11.1.20.6 Terminate Secure Channel SA p. 130

11.1.20.6.0 Introduction p. 130

This clause defines the MANAGE SECURE CHANNEL function and coding when P1 = "Terminate secure channel SA".

11.1.20.6.1 Functional description p. 130

This command allows the terminal to terminate one or several secure channel Security Association(s) with the UICC as defined in ETSI TS 102 484 [20]. In case the MAC provided by the terminal is incorrect, the UICC shall indicate the error by returning SW1 SW2 '98 62'. Attempts to terminate a non-existing Security Association shall be indicated with a success status word. Failure to terminate one or more Security Association(s) shall be indicated with an error status word.

11.1.20.6.2 Command parameters and data p. 130

The command data is sent to the UICC using P2='80' and the response data is retrieved using P2='A0'. The command and response data are encapsulated using tag '73'.

If P2 is set to "First block of command data" or "Next block of command data":

Code	Value
CLA	As specified in clause 10.1.1
INS	As specified in clause 10.1.2
P1	'04'
P2	See Table 11.21b
Lc	Length of subsequent data field
Data	As specified in Table 11.23
Le	Not present

If P2 is set to "First block of response data" or "Next block of response data":

Code	Value
CLA	As specified in clause 10.1.1
INS	As specified in clause 10.1.2
P1	'04'
P2	See Table 11.21b
Lc	Not present
Data	Not present
Le	Length of the response data

Command data:

Table 11.29: Coding of the data

Description	Tag	Status
Master_SA (MSA)_ID tag	'88'	C
Connection_SA (CSA) ID tag	'8B'	C
…	…	…
Connection_SA (CSA) ID tag	'8B'	C

The command data shall contain either a Master_SA TLV only or a list of Connection_SA TLVs associated to the same MSA. The UICC may reject the command when issued with a list of unrelated CSAs.

Coding of Master_SA BER-TLV, tag '88':

Byte(s)	Description	Value	Length
1	Tag	'88'	1
2	Length	32	1
3	MSA_ID		16
19	MAC		16

Coding of MSA_ID:
- The Master Security Association Identity MSA_ID as defined in ETSI TS 102 484 [20].

Coding of MAC:
- The MAC as defined in ETSI TS 102 484 [20].
Coding of Connection_SA BER-TLV, tag '8B':

Byte(s)	Description	Value	Length
1	Tag	'8B'	1
2	Length	32	1
3	CSA_ID		16
19	MAC		16

Coding of CSA_ID:
- The Connection Security Association Identity CSA_ID as defined in ETSI TS 102 484 [20].

Coding of MAC:
- The MAC as defined in ETSI TS 102 484 [20].

Response data:

None.