ETSI EN 301 002-1 V1.2.4 (1998-10)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Integrated Services Digital Network (ISDN); Security tools (SET) procedures; Digital Subscriber Signalling System No. one (DSS1) protocol; Part 1: Protocol specification33.080Digitalno omrežje z integriranimi storitvami (ISDN)Integrated Services Digital Network (ISDN)ICS:Ta slovenski standard je istoveten z:EN 301 002-1 Version 1.2.4SIST EN 301 002-1:2000en01-december-2000SIST EN 301 002-1:2000SLOVENSKI
STANDARD



SIST EN 301 002-1:2000



EN 301 002-1 V1.2.4 (1998-10)European Standard (Telecommunications series)Integrated Services Digital Network (ISDN);Security tools (SET) procedures;Digital Subscriber Signalling System No. one (DSS1) protocol;Part 1: Protocol specificationSIST EN 301 002-1:2000



ETSIEN 301 002-1 V1.2.4 (1998-10)2ReferenceDEN/SPS-05123-1 (9a090iqo.PDF)KeywordsISDN, DSS1, security, protocolETSIPostal addressF-06921 Sophia Antipolis Cedex - FRANCEOffice address650 Route des Lucioles - Sophia AntipolisValbonne - FRANCETel.: +33 4 92 94 42 00
Fax: +33 4 93 65 47 16Siret N° 348 623 562 00017 - NAF 742 CAssociation à but non lucratif enregistrée à laSous-Préfecture de Grasse (06) N° 7803/88Internetsecretariat@etsi.frhttp://www.etsi.orgCopyright NotificationNo part may be reproduced except as authorized by written permission.The copyright and the foregoing restriction extend to reproduction in all media.© European Telecommunications Standards Institute 1998.All rights reserved.SIST EN 301 002-1:2000



ETSIEN 301 002-1 V1.2.4 (1998-10)3ContentsIntellectual Property Rights.4Foreword.41Scope.62References.62.1Normative references.62.2Informative references.73Definitions.74Abbreviations.75Description.86Operational requirements.86.1Provision and withdrawal.86.2Requirements on the originating network side.86.3Requirements on the destination network side.87Coding requirements.97.1Coding of the Facility information element components.97.2Coding of the information elements.108State definitions.109Signalling procedures at the coincident S and T reference point.109.1Activation.109.2Deactivation.119.3Registration.119.3.1Normal operation.119.3.2Exceptional procedures.129.4Erasure.129.5Interrogation.129.6Invocation and operation.139.6.1Normal operation.139.6.2Exceptional procedures.139.7Notification of possible fraudulent use.1310Procedures for interworking with private ISDNs.1311Interaction with other networks.1412Interaction with other supplementary services.1413Parameter values (timers).1414Dynamic description (SDL diagrams).14Annex A (informative):Signalling flows.19Annex B (informative):Assignment of object identifier values.20History.21SIST EN 301 002-1:2000



ETSIEN 301 002-1 V1.2.4 (1998-10)4Intellectual Property RightsIPRs essential or potentially essential to the present document may have been declared to ETSI. The informationpertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be foundin SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respectof ETSI standards", which is available free of charge from the ETSI Secretariat. Latest updates are available on theETSI Web server (http://www.etsi.org/ipr).Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guaranteecan be given as to the existence of other IPRs not referenced in SR 000 314 (or the updates on the ETSI Web server)which are, or may be, or may become, essential to the present document.ForewordThis European Standard (Telecommunications series) has been produced by ETSI Technical Committee SignallingProtocols and Switching (SPS).The present document is part 1 of a multi-part standard covering the Digital Subscriber Signalling System No. one(DSS1) protocol specification for the Integrated Services Digital Network (ISDN) Security tools (SET) procedures, asdescribed below:Part 1:"Protocol specification";Part 2:"Protocol Implementation Conformance Statement (PICS) proforma specification";Part 3:"Test Suite Structure and Test Purposes (TSS&TP) specification for the user";Part 4:"Abstract Test Suite (ATS) and partial Protocol Implementation eXtra Information for Testing (PIXIT)proforma specification for the user";Part 5:"Test Suite Structure and Test Purposes (TSS&TP) specification for the network";Part 6:"Abstract Test Suite (ATS) and partial Protocol Implementation eXtra Information for Testing (PIXIT)proforma specification for the network".In accordance with CCITT Recommendation I.130, the following three level structure is used to describe thesupplementary telecommunication services as provided by European public telecommunications operators under thepan-European ISDN:-Stage 1: is an overall service description, from the user's standpoint;-Stage 2: identifies the functional capabilities and information flows needed to support the service described instage 1; and-Stage 3: defines the signalling system protocols and switching functions needed to implement the servicedescribed in stage 1.The present document details the stage 3 aspects (signalling system protocols and switching functions) needed tosupport the SET procedures. The stage 1 aspects are detailed in EN 301 132.NOTE:Currently no stage 2 document exists.SIST EN 301 002-1:2000



ETSIEN 301 002-1 V1.2.4 (1998-10)5National transposition datesDate of adoption of this EN: 30 October 1998Date of latest announcement of this EN (doa): 31 January 1999Date of latest publication of new National Standardor endorsement of this EN (dop/e): 31 July 1999Date of withdrawal of any conflicting National Standard (dow): 31 July 1999SIST EN 301 002-1:2000



ETSIEN 301 002-1 V1.2.4 (1998-10)61ScopeThis first part of EN 301 002 specifies the stage three of the Security tools (SET) procedures for the pan-EuropeanIntegrated Services Digital Network (ISDN) as provided by the European public telecommunications operators at theT reference point or coincident S and T reference point (as defined in ITU-T Recommendation I.411 [2]) by means ofthe Digital Subscriber Signalling System No. one (DSS1) protocol. Stage three identifies the protocol procedures andswitching functions needed to support a telecommunications service (see CCITT Recommendation I.130 [10]).In addition, the present document specifies the protocol requirements at the T reference point where the service isprovided to the user via an intermediate private ISDN.The present document does not specify the additional protocol requirements where the service is provided to the user viaa telecommunications network that is not an ISDN.The SET procedures are a means of providing an appropriate level of security and protection to the user of a giventelecommunication service.Further parts of the present document specify the method of testing required to identify conformance to the presentdocument.The present document is applicable to equipment supporting the SET procedures, to be attached at either side of aT reference point or coincident S and T reference point when used as an access to the public ISDN.2ReferencesReferences may be made to:a)specific versions of publications (identified by date of publication, edition number, version number, etc.), inwhich case, subsequent revisions to the referenced document do not apply; orb)all versions up to and including the identified version (identified by "up to and including" before the versionidentity); orc)all versions subsequent to and including the identified version (identified by "onwards" following the versionidentity); ord)publications without mention of a specific version, in which case the latest version applies.A non-specific reference to an ETS shall also be taken to refer to later versions published as an EN with the samenumber.2.1Normative references[1]EN 300 196-1: "Integrated Services Digital Network (ISDN); Generic functional protocol for thesupport of supplementary services; Digital Subscriber Signalling System No. one (DSS1) protocol;Part 1: Protocol specification".[2]ITU-T Recommendation I.411 (1993): "ISDN user-network interfaces; Reference configurations".[3]CCITT Recommendation X.208 (1988): "Specification of Abstract Syntax Notation One(ASN.1)".[4]CCITT Recommendation X.219 (1988): "Remote operations: Model, notation and servicedefinition".[5]ITU-T Recommendation Z.100 (1993): "Specification and Description Language (SDL)".SIST EN 301 002-1:2000



ETSIEN 301 002-1 V1.2.4 (1998-10)72.2Informative references[6]EN 301 132: "Integrated Services Digital Network (ISDN); Security tools (SET) for use withintelecommunication services".[7]ETR 232 (1995): "Security Techniques Advisory Group (STAG); Glossary of securityterminology".[8]ITU-T Recommendation E.164 (1997): "The international public telecommunications numberingplan".[9]ITU-T Recommendation I.112 (1993): "Vocabulary of terms for ISDNs".[10]CCITT Recommendation I.130 (1988): "Method for the characterization of telecommunicationservices supported by an ISDN and network capabilities of an ISDN".[11]ITU-T Recommendation I.210 (1993): "Principles of telecommunication services supported by anISDN and the means used to describe them".3DefinitionsFor the purposes of the present document, the following definitions apply:Integrated Services Digital Network (ISDN): See ITU-T Recommendation I.112 [9], definition 308.ISDN number: A number conforming to the numbering plan and structure specified in ITU-T RecommendationE.164 [8].invoke component: See EN 300 196-1 [1], subclause 8.2.2.1. Where reference is made to a "xxxx" invoke component,an invoke component is meant with its operation value set to the value of the operation "xxxx".network: The DSS1 protocol entity at the network side of the user-network interface.Personal Identification Number (PIN): See ETR 232 [7].reject component: See EN 300 196-1 [1], subclause 8.2.2.4.return error component: See EN 300 196-1 [1], subclause 8.2.2.3. Where reference is made to a "xxxx" return errorcomponent, a return error component is meant which is related to a "xxxx" invoke component.return result component: See EN 300 196-1 [1], subclause 8.2.2.2. Where reference is made to a "xxxx" return resultcomponent, a return result component is meant which is related to a "xxxx" invoke component.security tool: See EN 301 132 [6], clause 3.served user: The user to whom the SET procedures are provided in combination with a telecommunication service.service; telecommunication service: See ITU-T Recommendation I.112 [9], definition 201.supplementary service: See ITU-T Recommendation I.210 [11], subclause 2.4.user: The DSS1 protocol entity at the user side of the user-network interface.4AbbreviationsFor the purposes of the present document, the following abbreviations apply:ASN.1Abstract Syntax Notation oneDSS1Digital Subscriber Signalling System No. oneISDNIntegrated Services Digital NetworkOAMOperation And MaintenanceSIST EN 301 002-1:2000



ETSIEN 301 002-1 V1.2.4 (1998-10)8PINPersonal Identification NumberSDLSpecification and Description LanguageSETSecurity Tools5DescriptionThe SET procedures allow a served user to be provided with a PIN. The PIN is used when accessing atelecommunication service to ensure that this service is used with an appropriate level of security. The served user canchange the PIN at any time after initial provision.6Operational requirements6.1Provision and withdrawalThe SET procedures shall be provided in connection with the provision of certain telecommunication services, and shallconsists of the initial registration of the PIN. This initial registration is performed by the network provider, afterselection of the PIN by the served user. The PIN shall either be related to an ISDN number, or to an access or set ofaccesses, depending on how the telecommunication service using the PIN, is provided. The PIN shall consist of aminimum of 4 alphanumeric characters. The maximum number of characters is a network option, but shall not exceed 12alphanumeric characters.Withdrawal of the SET procedures is outside the scope of the present document.The served user may, as a network option , be notified when one or more attempts (but less than the blocking limit Nwhereby all procedures using the PIN are blocked) have been made to use an invalid PIN, either during the operation ofa telecommunication service using the PIN, or during the PIN registration procedure. The blocking limit N whereby allprocedures using the PIN are blocked, is also a network option.The network options are summarized in table 1.Table 1: Network options for the SET proceduresNetwork optionValueNotification of possible fraudulent usenoyesMaximum number of PIN characters4 to 12Blocking limit N³ 36.2Requirements on the originating network sideNot applicable.6.3Requirements on the destination network sideNot applicable.SIST EN 301 002-1:2000



...