ETSI EN 300 823 V1.2.2 (1999-04)
Universal Personal Telecommunication (UPT); UPT phase 2; Functional specification of the interface of a UPT Integrated Circuit Card (ICC) and Public Switched Telephone Network (PSTN), Integrated Services Digital Network (ISDN) and Global System for Mobile communications (GSM) terminals (one pass and multiple pass authentication)
Universal Personal Telecommunication (UPT); UPT phase 2; Functional specification of the interface of a UPT Integrated Circuit Card (ICC) and Public Switched Telephone Network (PSTN), Integrated Services Digital Network (ISDN) and Global System for Mobile communications (GSM) terminals (one pass and multiple pass authentication)
REN/NA-064013
Svetovne osebne telekomunikacije (UPT) – UPT, faza 2 – Funkcijska specifikacija vmesnika čipovne kartice (ICC) sistema UPT ter terminalov javnega komutiranega telefonskega omrežja (PSTN), digitalnega omrežja z integriranimi storitvami (ISDN) in globalnega sistema mobilnih komunikacij (GSM) (enkratna in večkratna avtentikacija)
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN 300 823 V1.2.2:2003
01-december-2003
6YHWRYQHRVHEQHWHOHNRPXQLNDFLMH837±837ID]D±)XQNFLMVNDVSHFLILNDFLMD
YPHVQLNDþLSRYQHNDUWLFH,&&VLVWHPD837WHUWHUPLQDORYMDYQHJDNRPXWLUDQHJD
WHOHIRQVNHJDRPUHåMD3671GLJLWDOQHJDRPUHåMD]LQWHJULUDQLPLVWRULWYDPL,6'1
LQJOREDOQHJDVLVWHPDPRELOQLKNRPXQLNDFLM*60HQNUDWQDLQYHþNUDWQD
DYWHQWLNDFLMD
Universal Personal Telecommunication (UPT); UPT phase 2; Functional specification of
the interface of a UPT Integrated Circuit Card (ICC) and Public Switched Telephone
Network (PSTN), Integrated Services Digital Network (ISDN) and Global System for
Mobile communications (GSM) terminals (one pass and multiple pass authentication)
Ta slovenski standard je istoveten z: EN 300 823 Version 1.2.2
ICS:
33.040.35 Telefonska omrežja Telephone networks
33.070.50 Globalni sistem za mobilno Global System for Mobile
telekomunikacijo (GSM) Communication (GSM)
33.080 Digitalno omrežje z Integrated Services Digital
integriranimi storitvami Network (ISDN)
(ISDN)
SIST EN 300 823 V1.2.2:2003 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN 300 823 V1.2.2:2003
---------------------- Page: 2 ----------------------
SIST EN 300 823 V1.2.2:2003
EN 300 823 V1.2.2 (1999-04)
European Standard (Telecommunications series)
Universal Personal Telecommunication (UPT);
UPT phase 2;
Functional specification of the interface of a UPT
Integrated Circuit Card (ICC) and
Public Switched Telephone Network (PSTN),
Integrated Services Digital Network (ISDN) and
Global System for Mobile communications (GSM) terminals
(one pass and multiple pass authentication)
---------------------- Page: 3 ----------------------
SIST EN 300 823 V1.2.2:2003
2 EN 300 823 V1.2.2 (1999-04)
Reference
REN/NA-064013 (7mc00ipc.PDF)
Keywords
UPT, card, PSTN, GSM, ISDN
ETSI
Postal address
F-06921 Sophia Antipolis Cedex - FRANCE
Office address
650 Route des Lucioles - Sophia Antipolis
Valbonne - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Internet
secretariat@etsi.fr
Individual copies of this ETSI deliverable
can be downloaded from
http://www.etsi.org
If you find errors in the present document, send your
comment to: editor@etsi.fr
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 1999.
All rights reserved.
ETSI
---------------------- Page: 4 ----------------------
SIST EN 300 823 V1.2.2:2003
3 EN 300 823 V1.2.2 (1999-04)
Contents
Intellectual Property Rights . 5
Foreword. 5
1 Scope. 6
2 References . 7
3 Definitions, symbols and abbreviations. 7
3.1 Definitions . 7
3.2 Symbols . 7
3.3 Abbreviations. 7
4 Physical characteristics. 8
5 Electronic signals and transmission protocols. 8
6 Logical model . 8
7 Security services and facilities . 8
7.1 Authentication key . 8
7.2 Algorithms and processes . 8
7.2.1 Card Holder Verification (CHV). 8
7.2.2 Strong authentication. 9
7.3 File access conditions . 9
7.4 Function access condition. 9
7.5 Identification, keying and algorithm information. 9
8 Description of the functions . 9
9 Description of the commands . 9
10 Contents of the EFs. 10
11 Application protocol. 10
11.1 General procedures . 10
11.2 PIM management procedures. 10
11.3 CHV related procedures . 10
11.4 UPT security related procedures. 11
11.4.1 Two-pass strong authentication (M). 11
11.5 Telecommunication procedures . 11
11.6 General information procedures. 11
Annex A (normative): Plug-in UPT card . 12
Annex B (normative): Implementation Conformance Statement (ICS) for the PIM2. 13
B.1 ICS proforma for the PIM2. 13
B.2 Identification of the implementation, product supplier and test laboratory client . 13
B.3 Identification of the standard. 13
B.4 Global statement of conformance. 14
B.5 Interpretation of the tables. 14
B.6 Physical characteristics. 14
B.6.1 ID-1 size . 15
B.6.2 Plug-in size . 15
B.6.3 Contacts . 15
ETSI
---------------------- Page: 5 ----------------------
SIST EN 300 823 V1.2.2:2003
4 EN 300 823 V1.2.2 (1999-04)
B.7 Electronic signals and transmission protocols. 16
B.7.1 Supply voltage VCC (contact C1) . 16
B.7.2 Reset RST (contact C2) . 16
B.7.3 Clock CLK (contact C3) . 16
B.7.4 I/O (contact C7) . 17
B.7.5 States. 17
B.7.6 Answer To Reset (ATR) . 18
B.8 Logical model . 19
B.9 Security features and facilities. 19
B.10 Description of functions . 20
B.11 Contents of the EFs. 20
Annex C (normative): Implementation Conformance Statement (ICS) for the CAD . 21
UPT
C.1 ICS proforma for the CAD . 21
UPT
C.2 Identification of the implementation, product supplier and test laboratory client . 21
C.3 Identification of the standard. 21
C.4 Global statement of conformance. 22
C.5 Interpretation of the tables. 22
C.6 Physical characteristics. 23
C.7 Electronic signals and transmission protocols. 23
C.7.1 Supply voltage VCC (contact C1) . 24
C.7.2 Reset RST (contact C2) . 24
C.7.3 Clock CLK (contact C3) . 24
C.7.4 I/O (contact C7) . 25
C.7.5 States. 25
C.7.6 Answer To Reset (ATR) . 25
C.8 Security features and facilities. 26
C.9 Coding of the commands . 26
C.10 Application protocol. 26
History. 27
ETSI
---------------------- Page: 6 ----------------------
SIST EN 300 823 V1.2.2:2003
5 EN 300 823 V1.2.2 (1999-04)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect
of ETSI standards", which is available free of charge from the ETSI Secretariat. Latest updates are available on the
ETSI Web server (http://www.etsi.org/ipr).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in SR 000 314 (or the updates on the ETSI Web server)
which are, or may be, or may become, essential to the present document.
Foreword
This European Standard (Telecommunications series) has been produced by ETSI Technical Committee Network
Aspects (NA).
National transposition dates
Date of adoption of this EN: 19 March 1999
Date of latest announcement of this EN (doa): 30 June 1999
Date of latest publication of new National Standard
or endorsement of this EN (dop/e): 31 December 1999
Date of withdrawal of any conflicting National Standard (dow): 31 December 1999
ETSI
---------------------- Page: 7 ----------------------
SIST EN 300 823 V1.2.2:2003
6 EN 300 823 V1.2.2 (1999-04)
1 Scope
The present document in combination with ETS 300 477 [1] defines the interface between the Universal Personal
Telecommunication (UPT) card and the Card Accepting Device (CAD) for the operational phase. It also defines those
aspects of the internal organization of the UPT card which are related to the operational phase.
The present document relates to the interface between a UPT card and Public Switched Telephone Network (PSTN),
Integrated Services Digital Network (ISDN) and Global System for Mobile (GSM) communications terminals. These
interfaces are completely described by ETS 300 477 [1] plus the additions and modifications contained in the present
document; i.e. the present document is a delta document.
The following clauses from ETS 300 477 [1] are amended or modified in the present document:
- logical model (combined PIM1/PIM2);
- security (two pass strong authentication);
- functions (internal authentication);
- commands (internal authentication);
- Elementary Files (EF , EF );
SEQ DIR
- Application Protocol (AP) (two pass strong authentication);
- Implementation Conformance Statement (ICS) proformas.
The clause numbering of ETS 300 477 [1] is kept in order to ease comparisons. Unmodified clauses and subclauses are
marked appropriately.
The present document together with ETS 300 477 [1] defines:
- the requirements for the physical characteristics of the UPT card, the electrical signals and the transmission
protocol;
- the model which shall be used as a basis for the design of the logical structure of the UPT card;
- the security features;
- the interface functions;
- the commands for operating the interface functions;
- the contents of the files required for the UPT application;
- the service set to be supported in the UPT card;
- the application protocol (security, services, etc.);
- the Implementation Conformance Statement (ICS) proformas.
The present document does not specify any aspects related to the administrative management phase. Any internal
technical realization of either the UPT card or the CAD are only specified where these reflect over the interface. The
present document does not specify any of the security algorithms which may be used.
The information flow between the CAD and the network is outside the scope of the present document.
UPT
ETSI
---------------------- Page: 8 ----------------------
SIST EN 300 823 V1.2.2:2003
7 EN 300 823 V1.2.2 (1999-04)
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
• References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies.
• A non-specific reference to an ETS shall also be taken to refer to later versions published as an EN with the same
number.
[1] ETS 300 477: "Universal Personal Telecommunication (UPT); UPT Phase 2; Functional
specification of the interface of a UPT Integrated Circuit Card (ICC) and Card Accepting Devices
(CADs); UPT card accepting Dual Tone Multiple Frequency (DTMF) device".
[2] ETS 300 790: "Universal Personal Telecommunication (UPT); Security architecture for UPT
phase 2; Specification".
[3] ITU-T Recommendation E.164: "The internatonal public telecommunication numbering plan".
3 Definitions, symbols and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply, together with those contained in
ETS 300 477 [1]:
PIM1: Personal Identification Module according to ETS 300 477 [1]
PIM2: Personal Identification Module according to the present document
3.2 Symbols
For the purposes of the present document, the symbols contained in ETS 300 477 [1] apply.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply, together with those of ETS 300 477 [1]:
AE Application Entity
AP Application Protocol
CT Cordless Telephone
ICS Implementation Conformance Statement
ISDN Integrated Services Digital Network
PSTN Public Switched Telephone Network
RAND Random challenge sent by the network to be used for authentication
ETSI
---------------------- Page: 9 ----------------------
SIST EN 300 823 V1.2.2:2003
8 EN 300 823 V1.2.2 (1999-04)
4 Physical characteristics
The same text as in ETS 300 477 [1], is valid.
5 Electronic signals and transmission protocols
The same text as in ETS 300 477 [1], is valid.
6 Logical model
The same text as in ETS 300 477 [1] is valid with the following modifications:
In subclause 6.4, "DF " is replaced by "DF ", and the following note is added:
UPT UPT2
NOTE: Both PIM1 and PIM2 can be implemented in one card, each representing its own application.
7 Security services and facilities
The same text as in ETS 300 477 [1], clause 7 is valid with the following modifications:
PIM is replaced by PIM2, and "ETS 300 391-1" is replaced by "ETS 300 790 [2]".
7.1 Authentication key
The same text as in ETS 300 477 [1] subclause 7.1 is valid with the following addition:
If both PIM1 and PIM2 are implemented in the same card, then they shall use a different authentication key.
7.2 Algorithms and processes
The same text is valid with reference "ETS 300 790 [2]" instead of "ETS 300 391-1".
7.2.1 Card Holder Verification (CHV)
The same text as in ETS 300 477 [1] subclause 7.2.1 is valid, with the addition of the following note:
NOTE: If both PIM1 and PIM2 are implemented in the same card, for security reasons, two different CHVs
should be used for PIM1 and PIM2.
ETSI
---------------------- Page: 10 ----------------------
SIST EN 300 823 V1.2.2:2003
9 EN 300 823 V1.2.2 (1999-04)
7.2.2 Strong authentication
The two pass strong authentication process works as follows:
1) a successful card holder verification is performed;
2) a timer is started in the CAD . If a time-out occurs the PIM shall be RESET by the CAD . No further
UPT UPT
authentication attempts can be made until a new card holder verification has been performed;
3) the authentication procedure is activated by the user (if the time-out has not been reached), whereby the
following steps take place;
4) the PUI and the CT are obtained from the PIM and are sent to the Authenticating Entity (AE) in an authentication
request;
5) the AE sends a random number RAND to the CAD in an authentication request;
UPT
6) the RAND is given to the PIM, which calculates an Authentication Code (AC) and returns it to the CAD ;
UPT
7) the CAD sends the PUI, CT and AC to the authenticating entity;
UPT
8) if the authentication fails, steps 3) to 7) can be repeated, as long as the time-out has not been reached.
7.3 File access conditions
The same text as in ETS 300 477 [1], subclause 7.3 is valid.
7.4 Function access condition
The same text as in ETS 300 477 [1], subclause 7.4 is valid.
7.5 Identification, keying and algorithm information
The following data used for identification and secret keys are stored in the PIM:
- PUI (for identification of a UPT subscriber);
- LPIN (for card holder verification);
- SLPIN (for unblocking of the relevant CHV1);
- K (secret key for the authentication algorithm).
8 Description of the functions
The same text as in ETS 300 477 [1] is valid with the following modifications:
- "DF " is replaced by "DF ".
UPT UPT2
In subclause 8.10, the input is "challenge (RAND)" instead of "challenge (n)".
9 Description of the commands
The same text as in ETS 300 477 [1] is valid with the following modification:
- In subclause 9.3.10, "challenge (sequence number)" is replaced by "challenge (RAND)".
ETSI
---------------------- Page: 11 ----------------------
SIST EN 300 823 V1.2.2:2003
10 EN 300 823 V1.2.2 (1999-04)
10 Contents of the EFs
The same text as in ETS 300 477 [1] is valid with the following modifications:
- "DF " is replaced by "DF ".
UPT UPT2
-EF is deleted from figure 9.
SEQ
In subclause 10.2.3, "UPT application" is replaced by "PIM2 application".
In subclause 10.2.3, the following note is added:
NOTE 1: The PIM2 application identifier is different from the UPT application identifier.
Subclause 10.3.3 is deleted.
In subclause 10.4, note 2 is replaced by the following text:
NOTE 2: The CAD should interpret the TON and NPI information.
UPT
As EF is part of the DF it may be used by UPT and also other applications in a
ADN TELECOM
multi-application card. If the other application does not recognize the use of TON and NPI, then the
information relating to the national dialling plan should be held within the data item dialling number and
the TON and NPI fields set to UNKNOWN. This format would be acceptable for UPT operation and also
for the other application where the TON and NPI fields should be ignored.
EXAMPLE: PIM storage of an International Number using ITU-T Recommendation E.164 [3] numbering plan.
TON NPI Digit field
UPT application 001 0001 abc.
Other application compatible with UPT 000 0000 xxx.abc.
where "abc." denotes the subscriber number digits (including its country code), and "xxx."
denotes escape digits or a national prefix replacing TON and NPI.
11 Application protocol
The same text as in ETS 300 477 [1], clause 11, is valid except that "one-pass strong authentication" is replaced by
"two-pass strong authentication".
11.1 General procedures
The same text as in ETS 300 477 [1], subclause 11.1, is valid.
11.2 PIM management procedures
The same text as in ETS 300 477 [1], subclause 11.2, is valid except that "one-pass strong authentication" is replaced by
"two-pass strong authentication", "UPT application selection" by "PIM2 application selection", "UPT session" by
"PIM2 session", and "DF " by "DF ".
UPT UPT2
11.3 CHV related procedures
The same text as in ETS 300 477 [1], clause 11, is valid except that "UPT application" is replaced by "PIM2
application".
ETSI
---------------------- Page: 12 ----------------------
SIST EN 300 823 V1.2.2:2003
11 EN 300 823 V1.2.2 (1999-04)
11.4 UPT security related procedures
The following UPT security related procedure is recognized for the PIM2:
- two-pass strong authentication.
The mechanism is specified in clause 7.
The specification of the data elements used in the authentication procedure and in the secure answer procedure can be
found in ETS 300 790 [2].
NOTE: It is possible to select EF and to read out the service provider's telephone number before running the
ADN
two-pass strong authentication procedure. This makes it possible to automatically dial the service provider
by use of the telecommunication features in the PIM.
11.4.1 Two-pass strong authentication (M)
This procedure is used by the PIM to authenticate itself to the network.
Before this procedure can be performed, a successful CHV1 procedure shall be completed:
1) the CAD selects and reads EF ;
CT
UPT
2) the CAD selects and reads EF ;
UPT PUI
3) the CAD gives an INTERNAL AUTHENTICATION command with the random number RAND received
UPT
from the AE as a challenge to the command. Then the PIM calculates an AC, which is returned in the response;
4) the CAD sends PUI, CT and AC to the network.
UPT
Step 4 is not part of the protocol between the CAD and the PIM, but is included for clarification.
UPT
CAD Card
UPT
select EF (M)
CT
status bytes (M)
read (M)
data+status bytes (M)
select EF (M)
PUI
status bytes (M)
read (M)
data+status bytes (M)
internal authentication (M)
status bytes (M)
get response (M)
data+status bytes (M)
NOTE: Regarding the interface between the PIM2 and the CAD , the procedure "secure answer", which may
UPT
be activated by the calling party or by the called party, is the same procedure as the two-pass strong
authentication.
Figure 1
11.5 Telecommunication procedures
The same text as in ETS 300 477 [1], subclause 11.5, is valid except that the half sentence "this is only possible with the
last numbers dialled by the DTMF device" is obsolete for the PIM2 since it is inserted directly into a card reading
terminal.
11.6 General information procedures
The same text as in ETS 300 477 [1], subclause 11.6, is valid.
ETSI
---------------------- Page: 13 ----------------------
SIST EN 300 823 V1.2.2:2003
12 EN 300 823 V1.2.2 (1999-04)
Annex A (normative):
Plug-in UPT card
The same text as in ETS 300 477 [1] is valid.
ETSI
---------------------- Page: 14 ----------------------
SIST EN 300 823 V1.2.2:2003
13 EN 300 823 V1.2.2 (1999-04)
Annex B (normative):
Implementation Conformance Statement (ICS) for the PIM2
Notwithstanding the provisions of the copyright clause related to the text of the present document, ETSI grants that users
of the present document may freely reproduce the ICS proforma in this annex so that it can be used for its intended
purposes and may further publish the completed ICS.
A supplier of implementations of PIMs that are claimed to conform to the present document is required to complete a
copy of the relevant ICS proforma provided in this annex and to provide the information necessary to identify both the
supplier and the implementation.
B.1 ICS proforma for the PIM2
The purpose of the ICS proforma is to submit suppliers and implementers with a questionnaire or checklist. This should
be completed in order to state conformance with the requirements of the present document.
B.2 Identification of the implementation, product supplier
and test laboratory client
To be filled in by the involved parties:
Date:
Implementation:
Application name: Personal Identification Module version 2 (PIM2) for UPT
Phase: UPT phase 2
Specification: EN 300 823 (V1.2)
Supplier: Test laboratory client:
Company: Company:
Address: Address:
Country: Country:
Contact person: Contact person:
Telephone: Telephone:
Facsimile: Facsimile:
B.3 Identification of the standard
This ICS proforma applies to the PIM requirements in the present document.
ETSI
---------------------- Page: 15 ----------------------
SIST EN 300 823 V1.2.2:2003
14 EN 300 823 V1.2.2 (1999-04)
B.4 Global statement of conformance
The implementation described in this ICS meets all the mandatory requirements of the present document.
( ) Yes
( ) No
NOTE: Answering "No" to this question indicates non-conformance to the PIM2 interface specification. Non-
supported mandatory capabilities are to be identified in the ICS, with an explanation of why the
implementation is non-conforming.
B.5 Interpretation of the tables
Each item in the following tables corresponds to a requirement specified in the standard. The columns of the tables have
the following meaning:
Item: Numbers the requirements within a table.
Feature: Short verbal description of a requirem
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.