ETSI TS 102 240 V8.0.0 (2008-10)

ETSI TS 102 240 V8.0.0 (2008-10)
Technical Specification


Smart Cards;
UICC Application Programming Interface
and Loader Requirements;
Service description
(Release 8)

---------------------- Page: 1 ----------------------
Release 8 2 ETSI TS 102 240 V8.0.0 (2008-10)



Reference
RTS/SCP-R0263v800
Keywords
API, smart card
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2008.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 2 ----------------------
Release 8 3 ETSI TS 102 240 V8.0.0 (2008-10)
Contents
Intellectual Property Rights . 5
Foreword . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 7
3 Definitions and abbreviations . 7
3.1 Definitions . 7
3.2 Abbreviations . 7
4 Description . . 8
4.1 Design of UICC based applications using the UICC API . 9
4.2 UICC API architecture . 10
4.3 UICC file data access . 11
4.4 UICC BER-TLV file access . 11
5 Card interoperability. 11
5.1 Loader requirements . 11
5.2 Application transport . 12
6 Applet activation . 12
6.1 Applet triggering . 12
6.2 Applet selection . 13
7 Applet life cycle management . 13
7.1 Applet preparation . 13
7.2 Loading . 14
7.2.1 Arbitration. 14
7.2.2 Transport . 14
7.2.3 Verification . 14
7.2.4 Linking . 14
7.3 Installation/registration/reactivation . 14
7.4 Configuration . 14
7.5 Execution . 15
7.6 Deactivation . 15
7.7 Removal . 15
8 Security management . 15
8.1 Management of applets . 15
8.2 Applet certification . 15
9 API compatibility . 15
9.1 Level of compatibility . 15
9.2 Compatibility at the interface . 15
9.3 Compatibility at the programming interface . 16
9.4 Accessibility of the programming interface . 16
10 API extensibility . . 16
10.1 Evolution of UICC/terminal interface (TS 102 221) . 16
10.2 Evolution of CAT application toolkit (TS 102 223) . 16
10.3 Interworking with other systems . 16
10.4 Evolution of UICC/terminal contactless interface (TS 102 622 and TS 102 613) . 16
11 Data and function sharing and access control . 17
11.1 Sharing resources between applets . 17
11.2 Access to data . 17
12 Technology considerations . 18
ETSI

---------------------- Page: 3 ----------------------
Release 8 4 ETSI TS 102 240 V8.0.0 (2008-10)
12.1 UICC hardware requirements . 18
12.2 Technology limitations . 18
12.2.1 Memory recovery . 18
12.3 Evolution . 18
12.3.1 Remote Procedure Call (RPC) . 18
Annex A (informative): Change history . 19
History . 20

ETSI

---------------------- Page: 4 ----------------------
Release 8 5 ETSI TS 102 240 V8.0.0 (2008-10)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Smart Card Platform (SCP).
It is based on work originally done by the 3GPP group in "TSG-Terminals WG3" and by "ETSI Special Mobile Group
(SMG)".
The present document details the stage 1 aspects (overall service description) for the support of a UICC Application
Programming Interface (API).
The contents of the present document are subject to continuing work within ETSI SCP and may change following
formal ETSI SCP approval. Should ETSI SCP modify the contents of the present document it will then be republished
by ETSI with an identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x the first digit:
0 early working draft;
1 presented to TC SCP for information;
2 presented to TC SCP for approval;
3 or greater indicates TC SCP approved document under change control.
y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections,
updates, etc.
z the third digit is incremented when editorial only changes have been incorporated in the document.
ETSI

---------------------- Page: 5 ----------------------
Release 8 6 ETSI TS 102 240 V8.0.0 (2008-10)
1 Scope
The present document defines the service description of the UICC Application Programming Interface (UICC API)
internal to the UICC. Stage one is an overall service description, and does not deal with the implementation details of
the API.
The present document includes information applicable to network operators, service providers and terminal, UICC,
Network Access Application (NAA) providers, switch and database manufacturers.
The present document contains the core requirements, which are sufficient to provide a complete service.
It is highly desirable however, that technical solutions for a UICC API should be sufficiently flexible to allow for
possible enhancements. Additional functionalities not documented in the present document may implement
requirements which are considered outside the scope of the present document. This additional functionality may be on a
network wide basis, nation-wide basis or particular to a group of users. Such additional functionality shall not
compromise conformance to the core requirements of the service.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• In the case of a reference to a TC SCP document, a non specific reference implicitly refers to the latest version
of that document in the same Release as the present document.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably,
the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the
reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the
method of access to the referenced document and the full network address, with the same punctuation and use of upper
case and lower case letters.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
[1] ETSI TS 102 221: "Smart cards; UICC-Terminal interface; Physical and logical characteristics
(Release 7)".
[2] ETSI TS 102 223: "Smart cards; Card Application Toolkit (CAT) (Release 7)".
[3] ISO/IEC 7816-4: " Identification cards - Integrated circuit cards Part 4: Organization, security and
commands for interchange".
ETSI

---------------------- Page: 6 ----------------------
Release 8 7 ETSI TS 102 240 V8.0.0 (2008-10)
[4] ETSI TS 102 622: "Smart Cards; UICC - Contactless Front-end (CLF) Interface; Host Controller
Interface (HCI)".
[5] ETSI TS 102 613: "Smart Cards; UICC - Contactless Front-end (CLF) Interface;
Part 1: Physical and data link layer characteristics".
2.2 Informative references
The following referenced documents are not essential to the use of the present document but they assist the user with
regard to a particular subject area. For non-specific references, the latest version of the referenced document (including
any amendments) applies.
Not applicable.
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
applet: application built up using a number of modules which will run under the control of a virtual machine
bytecode: machine independent code generated by a bytecode compiler and executed by a bytecode interpreter
data structure: collection of related data values such as the age, birth date and height of an individual
framework: defines a set of Application Programming Interface (API) functions and data structures for developing
applications and for providing system services to those applications
function: callable and executable body of computer instructions which perform a specific computation or data
processing task
module: collection of functions and data structures which implement an entire application or a particular application
feature or capability
UICC API framework: part of the UICC responsible for the handling of applications (including triggering and
loading)
NOTE: It also contains the library for the proactive API.
toolkit applet: applet loaded onto the UICC seen by the mobile as being part of the UICC toolkit application and
containing only the code necessary to run the application
NOTE: These applets might be downloaded over the radio interface.
trusted party: entity trusted by the card issuer with respect to security related services and activities
virtual machine: part of the run-time environment responsible for interpreting the bytecode
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AID Applet IDentifier
APDU Application Protocol Data Unit
API Application Programming Interface
AVN Applet Version Number
BER Bit Error Rate
CAD Card Acceptance Device
CAT Card Application Toolkit
ETSI

---------------------- Page: 7 ----------------------
Release 8 8 ETSI TS 102 240 V8.0.0 (2008-10)
CLF Contactless Front-end
EPOS Electronic Point Of Sale
IFD InterFace Device
MExE Mobile Execution Environment
NAA Network Access Application
RPC Remote Procedure Call
TLV Tag, Length, Value
UICC Universal Integrated Circuit Card
WAP Wireless Application Protocol
4 Description
The present document describes the high level requirements for an API for the UICC. This API shall allow application
programmers easy access to the functions and data described in TS 102 221 [1] and TS 102 223 [2], such that UICC
based services can be developed and loaded onto UICCs, quickly and, if necessary, remotely, after the UICC has been
issued.

Application
↔
AIDx. TARx
AID
Card
Application Card
Operator
AID1,TAR1
Applet1
TAR2
Applet2
…
…
Application Trusted
AID
Trusted
AIDn,TARn
Appletn
UICC
Communication
↔
Terminal
AIDx TARx
…
Management

Figure 1: Toolkit applet management and communication
ETSI

---------------------- Page: 8 ----------------------
Release 8 9 ETSI TS 102 240 V8.0.0 (2008-10)
...