ETSI ETS 300 791 ed.1 (1997-10)

SLOVENSKI STANDARD
SIST ETS 300 791 E1:2003
01-december-2003
Omrežni vidiki (NA ) – Svetovne osebne telekomunikacije (UPT) – Varnostna
arhitektura za UPT – Faza 2: Specifikacija za preskušanje skladnosti (CTS)
Universal Personal Telecommunication (UPT); Security architecture for UPT phase 2;
Conformance Test Specification (CTS)
Ta slovenski standard je istoveten z: ETS 300 791 Edition 1
ICS:
33.040.35 Telefonska omrežja Telephone networks
SIST ETS 300 791 E1:2003 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST ETS 300 791 E1:2003

---------------------- Page: 2 ----------------------

SIST ETS 300 791 E1:2003
EUROPEAN ETS 300 791
TELECOMMUNICATION October 1997
STANDARD
Source: NA Reference: DE/NA-064007
ICS: 33.020
Key words: UPT, security, card, CTS
Network Aspects (NA);
Universal Personal Telecommunication (UPT);
Security architecture for UPT Phase 2;
Conformance Test Specification (CTS)
ETSI
European Telecommunications Standards Institute
ETSI Secretariat
Postal address: F-06921 Sophia Antipolis CEDEX - FRANCE
Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE
X.400: c=fr, a=atlas, p=etsi, s=secretariat - Internet: secretariat@etsi.fr
Tel.: +33 4 92 94 42 00 - Fax: +33 4 93 65 47 16
Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the
foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 1997. All rights reserved.

---------------------- Page: 3 ----------------------

SIST ETS 300 791 E1:2003
Page 2
ETS 300 791: October 1997
Whilst every care has been taken in the preparation and publication of this document, errors in content,
typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to
"ETSI Editing and Committee Support Dept." at the address shown on the title page.

---------------------- Page: 4 ----------------------

SIST ETS 300 791 E1:2003
Page 3
ETS 300 791: October 1997
Contents
Foreword .5
Introduction.5
1 Scope .7
2 Normative references.7
3 Abbreviations.8
4 Test Suite Structure (TSS) .8
5 Test purposes .9
5.1 Terminal test group.9
5.1.1 CHV test purposes .9
5.1.2 Two-pass strong authentication test purposes.10
5.1.3 Timer test purposes .10
5.2 UPT card test group.10
5.2.1 CHV test purposes .11
5.2.2 Two-pass strong authentication test purposes.11
5.2.3 Timer test purposes .12
5.3 Authentication Entity (AE) test group .12
5.3.1 PUI check test purposes .13
5.3.2 Two-pass strong authentication test purposes.13
5.3.3 SAPIN verification test purposes.14
5.3.4 OCPIN verification test purposes .14
5.3.5 PIN change test purpose.15
6 Test methods and configurations.15
6.1 Card reading terminal .15
6.2 UPT card.16
6.3 AE .16
7 Test cases.17
7.1 UPT card reading terminal.18
7.1.1 CHV.18
7.1.2 Two-pass strong authentication .19
7.1.3 Timer .20
7.2 UPT card.21
7.2.1 CHV.21
7.2.2 Two-pass strong authentication .23
7.2.3 Timer .23
7.3 AE .24
7.3.1 PUI check.24
7.3.2 Two-pass strong authentication .24
7.3.3 SAPIN check .25
7.3.4 OCPIN check.25
7.3.5 Change PIN check .26
History.27

---------------------- Page: 5 ----------------------

SIST ETS 300 791 E1:2003
Page 4
ETS 300 791: October 1997
Blank page

---------------------- Page: 6 ----------------------

SIST ETS 300 791 E1:2003
Page 5
ETS 300 791: October 1997
Foreword
This European Telecommunication Standard (ETS) has been produced by the Network Aspects (NA)
Technical Committee of the European Telecommunications Standards Institute (ETSI).
This ETS, in association with ETS 300 790 [1], forms the specification of the security architecture for UPT
Phase 2.
Transposition dates
Date of adoption: 3 October 1997
Date of latest announcement of this ETS (doa): 31 January 1998
Date of latest publication of new National Standard
or endorsement of this ETS (dop/e): 31 July 1998
Date of withdrawal of any conflicting National Standard (dow): 31 July 1998
Introduction
Universal Personal Telecommunication (UPT) is a service that enables improved access to
telecommunication service by allowing personal mobility. It enables each UPT user to participate in a user
defined set of subscribed services, and to initiate and receive calls on the basis of a unique, personal,
network independent UPT number across multiple networks at any terminal, fixed, movable or mobile.
ETS 300 790 [1] specifies the additions of UPT Phase 2, compared to UPT Phase 1, as specified in
ETS 300 391-1 [3]. The Conformance Test Specification (CTS) for ETS 300 391-1 [3] is specified in
ETS 300 391-3 [4].
This ETS specifies the conformance tests for ETS 300 790 [1] only.
In ETS 300 790 [1] a card, two-pass strong authentication, a mechanism for extra authentication for
outgoing calls, authentication for secure answer and storage of a timer value in the card have been
introduced. The conformance tests for these new features are all specified in this ETS.

---------------------- Page: 7 ----------------------

SIST ETS 300 791 E1:2003
Page 6
ETS 300 791: October 1997
Blank page

---------------------- Page: 8 ----------------------

SIST ETS 300 791 E1:2003
Page 7
ETS 300 791: October 1997
1 Scope
This European Telecommunication Standard (ETS) provides a Conformance Test Specification (CTS)
specifying the tests which are necessary to verify the conformance of UPT cards, UPT card reading
terminals and Authenticating Entities (AEs) with ETS 300 790 [1].
In particular, the following issues are considered:
- test suite and test purposes;
- test methods and configurations;
- test steps and test cases.
The Tree and Tabular Combined Notation (TTCN) description of test cases is outside the scope of this
ETS. However, the TTCN description may be part of the CTSs of the overall Universal Personal
Telecommunication (UPT) protocol specifications.
A partial Protocol Implementation eXtra Information for Testing (PIXIT) proforma is not identified as
applicable for this CTS.
The conformance testing methodology and framework used in this ETS is given in ISO/IEC 9646 Parts 1–
5 [2] and ETS 300 406 [5].
2 Normative references
This ETS incorporates by dated and undated reference, provisions from other publications. These
normative references are cited at the appropriate places in the text and the publications are listed
hereafter. For dated references, subsequent amendments to or revisions of any of these publications
apply to this ETS only when incorporated in it by amendment or revision. For undated references the latest
edition of the publication referred to applies.
[1] prETS 300 790: "Universal Personal Telecommunication (UPT); Security
architecture for UPT Phase 2; Specification".
[2] ISO/IEC 9646, Parts 1-5: "Conformance Testing Methodology and Framework".
[3] ETS 300 391-1: "Universal Personal Telecommunication (UPT); Specification of
the security architecture for UPT Phase 1; Part 1: Specification".
[4] ETS 300 391-3: "Universal Personal Telecommunication (UPT); Specification of
the security architecture for UPT Phase 1; Part 3: Conformance Test
Specification (CTS)".
[5] ETS 300 406: "Methods for Testing and Specification (MTS); Protocol and
profile conformance testing specifications; Standardization methodology".

---------------------- Page: 9 ----------------------

SIST ETS 300 791 E1:2003
Page 8
ETS 300 791: October 1997
3 Abbreviations
For the purposes of this ETS, the following abbreviations apply:
AC Authentication Code, calculated in the UPT card
AE Authenticating Entity
CHV Card Holder Verification
CT Command Type
IUT Implementation Under Test
K Key
OCPIN Outgoing Call PIN
PCO Point of Control and Observation
PIN Personal Identification Number
PIXIT Protocol Implementation eXtra Information for Testing
PUI Personal User Identity
SAPIN Secure Answer PIN
SDF Service Data Function
TSS Test Suite Structure
TTCN Tree and Tabular Combined Notation
UPT Universal Personal Telecommunication
4 Test Suite Structure (TSS)
A full conformance test of a UPT Phase 2 implementation shall be based on both ETS 300 391-3 [4] and
this ETS.
Figure 1 shows the Test Suite Structure (TSS).
Authentication
Security feature
Implementation
Terminal (T)
UPT Card (C)
Authenticating
under test
Entity (A)
Major
Card Timer Two pass Strong SAPIN OCPIN PIN Change
functions
Verification Check
(TI) Verification
Holder Authentication
(OV) (PC)
Verification (SA) (SV)
(HV)
Nature
Capability Invalid
Valid
Data
of test
Behaviour
tests (CA) Behaviour
Protection
tests (DP)
tests (BV) tests (BI)
Figure 1: The TSS
The characters within parenthesis in figure 1 are used in the mnemonics identifying each test purpose in
the following clauses. Every mnemonic consists of four fields:
a) (implementation under test);
b) (major function);
c) (nature of test);
d) (number within the test group).
EXAMPLE: Capability test number 1 of the two-pass strong authentication of the terminal is
coded TSACA1.

---------------------- Page: 10 ----------------------

SIST ETS 300 791 E1:2003
Page 9
ETS 300 791: October 1997
5 Test purposes
Three entities in the UPT security architecture have been identified to need testing:
- the terminal;
- the UPT card;
- and the AE.
There are two objectives to be met:
- to ensure that both entities have been implemented in accordance with the requirements stated in
ETS 300 790 [1];
- to achieve interoperability between products from different manufacturers.
The references made in this clause can be found in ETS 300 790 [1].
5.1 Terminal test group
The terminal is tested with respect to the following aspects:
- Card Holder Verification (CHV) is supported by the terminal;
- the data for strong authentication is correctly sent;
- the timer is correctly implemented.
5.1.1 CHV test purposes
THVCA1: Check that the terminal supports CHV.
Initial conditions: The card is not blocked.
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
Check that changing of the CHV is supported by the terminal.
THVBV1
Initial conditions: The card is not blocked. The card is reset.
Reference: Subclause 7.3 User interface.
THVBV2: Check that unblocking CHV is supported by the terminal.
The card is blocked.
Initial conditions:
Subclause 7.3 User interface.
Reference:

---------------------- Page: 11 ----------------------

SIST ETS 300 791 E1:2003
Page 10
ETS 300 791: October 1997
5.1.2 Two-pass strong authentication test purposes
TSACA1: Check that two-pass strong authentication is supported.
Initial conditions: -
Reference: Subclause 5.2.1 Weak authentication.
5.1.3 Timer test purposes
TTICA1: Check that the timer is implemented. Covered by TTIBV1, TTIBV2, TTIBV3
and TTIBI1.
The timer value T and T are known by the tester.
Initial conditions:
MAX
Subclause 5.2.2 Authentication of the user to the UPT card.
Reference:
TTIBV1: Check that the timer is initiated with the timer value T from the card.
Initial conditions: A successful CHV has been performed.
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
Check that the user’s access rights, granted by the CHV are lost when time-out
TTIBV2:
is reached.
Initial conditions: A successful CHV has been performed, and the timer has started.
Subclause 5.2.2 Authentication of the user to the UPT card.
Reference:
TTIBV3: Check that the user can change the time-out value, T.
Initial conditions: A successful CHV has been performed.
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
Check that T < T when it is changed.
TTIBI1:
MAX
Initial conditions: A successful CHV has been performed and T is
MAX
available in the card.
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
5.2 UPT card test group
The UPT card is tested with respect to the following aspects:
- CHV;
- two-pass strong authentication;
- storage of T and T in the card.
MAX

---------------------- Page: 12 ----------------------

SIST ETS 300 791 E1:2003
Page 11
ETS 300 791: October 1997
5.2.1 CHV test purposes
CHVCA1: Check that CHV has been implemented in the card.
Covered by CHVCA2 and CHVCA3.
The card is reset.
Initial conditions:
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
CHVCA2: Check that the authentication algorithm cannot be used without a previous
successful CHV. Covered by CHVBV1 and CHVBI1.
Initial conditions: The card is reset.
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
CHVCA3: Check that the authentication algorithm cannot be used after reset.
A successful CHV is performed, a two-pass strong authentication is performed
Initial conditions:
and then the card is reset.
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
Check that presenting the correct CHV enables the two-pass strong
CHVBV1:
authentication.
The card is reset.
Initial conditions:
Subclause 5.2.2 Authentication of the user to the UPT card.
Reference:
CHVBI1: Check that presenting wrong CHV disables the two-pass strong authentication.
Initial conditions: A successful CHV has been performed and the time-out has not been reached.
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
Check that 3 consecutive wrong CHV presentations blocks the card.
CHVBI2:
Initial conditions: A successful CHV has been performed.
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
5.2.2 Two-pass strong authentication test purposes
CSACA1: Check that two-pass strong authentication is supported by the card. Covered
by CSABV1 and CSABV2.
Initial conditions: A successful CHV has been performed and the time-out has not been reached.
Reference: Subclause 5.2.1 Weak authentication.

---------------------- Page: 13 ----------------------

SIST ETS 300 791 E1:2003
Page 12
ETS 300 791: October 1997
Check that the PUI and CT can be read out from the card.
CSABV1:
Initial conditions: A successful CHV has been performed.
Reference: Subclause 5.2.1 Weak authentication.
CSABV2: Check that the AC is correctly calculated by the card.
A successful CHV has been performed. The tester knows the expected result
Initial conditions:
for the RAND and authentication key used by the algorithm in the card.
Reference: Subclause 5.2.1 Weak authentication.
5.2.3 Timer test purposes
Check that the stated time-out value, T, is stored in the card.
CTICA1:
Initial conditions: The tester knows the value of T.
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
Check that the stated maximum time-out value, T , is stored in the card.
CTICA2:
MAX
Initial conditions: The tester knows the value of T .
MAX
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
CTIBI1: Check that T cannot be changed without a previous CHV.
The card is reset.
Initial conditions:
Subclause 5.2.2 Authentication of the user to the UPT card.
Reference:
CTIBI2: Check that the maximum time-out value, T , cannot be changed.
MAX
None.
Initial conditions:
Reference: Subclause 5.2.2 Authentication of the user to the UPT card.
5.3 Authentication Entity (AE) test group
The AE is tested with respect to the following aspects:
- the PUI is checked;
- two-pass strong authentication is correctly implemented;
- SAPIN verification is correctly
...