SIST ETS 300 823 E1:2003
(Main)Universal Personal Telecommunication (UPT); UPT phase 2; Functional specification of the interface of a UPT Integrated Circuit Card (ICC) and Public Switched Telephone Network (PSTN), Integrated Services Digital Network (ISDN) and Global System for Mobile communications (GSM) terminals (one pass and multiple pass authentication)
Universal Personal Telecommunication (UPT); UPT phase 2; Functional specification of the interface of a UPT Integrated Circuit Card (ICC) and Public Switched Telephone Network (PSTN), Integrated Services Digital Network (ISDN) and Global System for Mobile communications (GSM) terminals (one pass and multiple pass authentication)
This ETS describes the mechanical, electrical and logical interface between card and the mentioned terminals. This includes the specification of card data and operations as well as of the necessary terminal functions for the communication between card and terminals.
Svetovne osebne telekomunikacije (UPT) – UPT, faza 2 – Funkcijska specifikacija vmesnika čipne kartice (ICC) sistema UPT in javnega komutiranega telefonskega omrežja (PSTN), digitalnega omrežja z integriranimi storitvami (ISDN) in globalnega sistema mobilnih komunikacij (GSM) (enkratna in večkratna avtentikacija)
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
SIST ETS 300 823 E1:2003
01-december-2003
6YHWRYQHRVHEQHWHOHNRPXQLNDFLMH837±837ID]D±)XQNFLMVNDVSHFLILNDFLMD
YPHVQLNDþLSQHNDUWLFH,&&VLVWHPD837LQMDYQHJDNRPXWLUDQHJDWHOHIRQVNHJD
RPUHåMD3671GLJLWDOQHJDRPUHåMD]LQWHJULUDQLPLVWRULWYDPL,6'1LQ
JOREDOQHJDVLVWHPDPRELOQLKNRPXQLNDFLM*60HQNUDWQDLQYHþNUDWQD
DYWHQWLNDFLMD
Universal Personal Telecommunication (UPT); UPT phase 2; Functional specification of
the interface of a UPT Integrated Circuit Card (ICC) and Public Switched Telephone
Network (PSTN), Integrated Services Digital Network (ISDN) and Global System for
Mobile communications (GSM) terminals (one pass and multiple pass authentication)
Ta slovenski standard je istoveten z: ETS 300 823 Edition 1
ICS:
33.040.35 Telefonska omrežja Telephone networks
33.070.50 Globalni sistem za mobilno Global System for Mobile
telekomunikacijo (GSM) Communication (GSM)
33.080 Digitalno omrežje z Integrated Services Digital
integriranimi storitvami Network (ISDN)
(ISDN)
SIST ETS 300 823 E1:2003 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST ETS 300 823 E1:2003
---------------------- Page: 2 ----------------------
SIST ETS 300 823 E1:2003
EUROPEAN ETS 300 823
TELECOMMUNICATION December 1997
STANDARD
Source: NA Reference: DE/NA-064010
ICS: 33.020
Key words: UPT, CARD, PSTN, GSM, ISDN
Universal Personal Telecommunication (UPT);
UPT phase 2;
Functional specification of the interface of a UPT
Integrated Circuit Card (ICC) and
Public Switched Telephone Network (PSTN),
Integrated Services Digital Network (ISDN) and
Global System for Mobile communications (GSM) terminals
(one pass and multiple pass authentication)
ETSI
European Telecommunications Standards Institute
ETSI Secretariat
Postal address: F-06921 Sophia Antipolis CEDEX - FRANCE
Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE
X.400: c=fr, a=atlas, p=etsi, s=secretariat - Internet: secretariat@etsi.fr
Tel.: +33 4 92 94 42 00 - Fax: +33 4 93 65 47 16
Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the
foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 1997. All rights reserved.
---------------------- Page: 3 ----------------------
SIST ETS 300 823 E1:2003
Page 2
ETS 300 823: December 1997
Whilst every care has been taken in the preparation and publication of this document, errors in content,
typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to
"ETSI Editing and Committee Support Dept." at the address shown on the title page.
---------------------- Page: 4 ----------------------
SIST ETS 300 823 E1:2003
Page 3
ETS 300 823: December 1997
Contents
Foreword .5
1 Scope .7
2 Normative references.8
3 Definitions, symbols and abbreviations.8
3.1 Definitions .8
3.2 Symbols .8
3.3 Abbreviations .8
4 Physical characteristics.8
5 Electronic signals and transmission protocols .8
6 Logical model .9
7 Security services and facilities .9
7.1 Authentication key.9
7.2 Algorithms and processes .9
7.2.1 Card Holder Verification (CHV) .9
7.2.2 Strong authentication .9
7.3 File access conditions.9
7.4 Function access condition .10
7.5 Identification, keying and algorithm information.10
8 Description of the functions.10
9 Description of the commands.10
10 Contents of the EFs.10
11 Application protocol .11
11.1 General procedures .11
11.2 PIM management procedures .11
11.3 CHV related procedures .11
11.4 UPT security related procedures .11
11.4.1 Two-pass strong authentication (M).11
11.5 Telecommunication procedures .12
11.6 General information procedures .12
Annex A (normative): Plug-in UPT card .13
Annex B (normative): Implementation Conformance Statement (ICS) for the PIM2.14
B.1 ICS proforma for the PIM2 .14
B.2 Identification of the implementation, product supplier and test laboratory client.14
B.3 Identification of the standard .14
B.4 Global statement of conformance .15
B.5 Interpretation of the tables.15
B.6 Physical characteristics.15
---------------------- Page: 5 ----------------------
SIST ETS 300 823 E1:2003
Page 4
ETS 300 823: December 1997
B.6.1 ID-1 size . 16
B.6.2 Plug-in size. 16
B.6.3 Contacts . 16
B.7 Electronic signals and transmission protocols. 17
B.7.1 Supply voltage VCC (contact C1). 17
B.7.2 Reset RST (contact C2). 17
B.7.3 Clock CLK (contact C3).17
B.7.4 I/O (contact C7). 18
B.7.5 States . 18
B.7.6 Answer To Reset (ATR). 19
B.8 Logical model. 20
B.9 Security features and facilities. 20
B.10 Description of functions . 21
B.11 Contents of the EFs. 21
Annex C (normative): Implementation Conformance Statement (ICS) for the CAD . 22
UPT
C.1 ICS proforma for the CAD . 22
UPT
C.2 Identification of the implementation, product supplier and test laboratory client . 22
C.3 Identification of the standard. 22
C.4 Global statement of conformance . 23
C.5 Interpretation of the tables. 23
C.6 Physical characteristics . 24
C.7 Electronic signals and transmission protocols. 24
C.7.1 Supply voltage VCC (contact C1). 25
C.7.2 Reset RST (contact C2). 25
C.7.3 Clock CLK (contact C3).25
C.7.4 I/O (contact C7). 25
C.7.5 States . 26
C.7.6 Answer To Reset (ATR). 26
C.8 Security features and facilities. 26
C.9 Coding of the commands. 27
C.10 Application protocol . 27
History. 28
---------------------- Page: 6 ----------------------
SIST ETS 300 823 E1:2003
Page 5
ETS 300 823: December 1997
Foreword
This European Telecommunication Standard (ETS) has been produced by the Network Aspects (NA)
Technical Committee of the European Telecommunications Standards Institute (ETSI).
Transposition dates
Date of adoption: 21 November 1997
Date of latest announcement of this ETS (doa): 31 March 1998
Date of latest publication of new National Standard
or endorsement of this ETS (dop/e): 30 September 1998
Date of withdrawal of any conflicting National Standard (dow): 30 September 1998
---------------------- Page: 7 ----------------------
SIST ETS 300 823 E1:2003
Page 6
ETS 300 823: December 1997
Blank page
---------------------- Page: 8 ----------------------
SIST ETS 300 823 E1:2003
Page 7
ETS 300 823: December 1997
1 Scope
This European Telecommunication Standard (ETS) in combination with ETS 300 477 [1] defines the
interface between the Universal Personal Telecommunication (UPT) card and the Card Accepting Device
(CAD) for the operational phase. It also defines those aspects of the internal organization of the UPT card
which are related to the operational phase.
This ETS relates to the interface between a UPT card and Public Switched Telephone Network (PSTN),
Integrated Services Digital Network (ISDN) and Global System for Mobile (GSM) communications
terminals. These interfaces are completely described by ETS 300 477 [1] plus the additions and
modifications contained in this ETS; i.e. this ETS is a delta document.
The following clauses from ETS 300 477 [1] are amended or modified in this ETS:
- logical model (combined PIM1/PIM2);
- security (two pass strong authentication);
- functions (internal authentication);
- commands (internal authentication);
- Elementary Files (EF , EF );
SEQ DIR
- Application Protocol (AP) (two pass strong authentication);
- Implementation Conformance Statement (ICS) proformas.
The clause numbering of ETS 300 477 [1] is kept in order to ease comparisons. Unmodified clauses and
subclauses are marked appropriately.
This ETS together with ETS 300 477 [1] defines:
- the requirements for the physical characteristics of the UPT card, the electrical signals and the
transmission protocol;
- the model which shall be used as a basis for the design of the logical structure of the UPT card;
- the security features;
- the interface functions;
- the commands for operating the interface functions;
- the contents of the files required for the UPT application;
- the service set to be supported in the UPT card;
- the application protocol (security, services, etc.);
- the Implementation Conformance Statement (ICS) proformas.
This ETS does not specify any aspects related to the administrative management phase. Any internal
technical realization of either the UPT card or the CAD are only specified where these reflect over the
interface. This ETS does not specify any of the security algorithms which may be used.
The information flow between the CAD and the network is outside the scope of this ETS.
UPT
---------------------- Page: 9 ----------------------
SIST ETS 300 823 E1:2003
Page 8
ETS 300 823: December 1997
2 Normative references
This ETS incorporates by dated and undated reference, provisions from other publications. These
normative references are cited at the appropriate places in the text and the publications are listed
hereafter. For dated references, subsequent amendments to or revisions of any of these publications
apply to this ETS only when incorporated in it by amendment or revision. For undated references the latest
edition of the publication referred to applies.
[1] ETS 300 477: "Universal Personal Telecommunication (UPT); UPT Phase 2;
Functional specification of the interface of a UPT Integrated Circuit Card (ICC)
and Card Accepting Devices (CADs); UPT card accepting Dual Tone Multiple
Frequency (DTMF) device".
[2] ETS 300 790: "Universal Personal Telecommunication (UPT); Security
architecture for UPT phase 2; Specification".
[3] CCITT Recommendation E.164: "Numbering plan for the ISDN era".
3 Definitions, symbols and abbreviations
3.1 Definitions
For the purposes of this ETS, the following definitions apply, together with those contained in
ETS 300 477 [1]:
PIM1: Personal Identification Module according to ETS 300 477 [1].
PIM2: Personal Identification Module according to this ETS.
3.2 Symbols
For the purposes of this ETS, the symbols contained in ETS 300 477 [1] apply.
3.3 Abbreviations
For the purposes of this ETS, the following abbreviations apply, together with those of ETS 300 477 [1]:
AE Application Entity
AP Application Protocol
CT Cordless Telephone
ICS Implementation Conformance Statement
ISDN Integrated Services Digital Network
PSTN Public Switched Telephone Network
RAND Random challenge sent by the network to be used for authentication
4 Physical characteristics
The same text as in ETS 300 477 [1] is valid.
5 Electronic signals and transmission protocols
The same text as in ETS 300 477 [1] is valid.
---------------------- Page: 10 ----------------------
SIST ETS 300 823 E1:2003
Page 9
ETS 300 823: December 1997
6 Logical model
The same text as in ETS 300 477 [1] is valid with the following modifications:
In subclause 6.4, "DF " is replaced by "DF ", and the following note is added:
UPT UPT2
NOTE: Both PIM1 and PIM2 can be implemented in one card, each representing its own
application.
7 Security services and facilities
The same text as in ETS 300 477 [1], clause 7 is valid with the following modifications:
PIM is replaced by PIM2, and "ETS 300 391-1" is replaced by "ETS 300 790 [2]".
7.1 Authentication key
The same text as in ETS 300 477 [1] subclause 7.1 is valid with the following addition:
If both PIM1 and PIM2 are implemented in the same card, then they shall use a different authentication
key.
7.2 Algorithms and processes
The same text is valid with reference "ETS 300 790 [2]" instead of "ETS 300 391-1".
7.2.1 Card Holder Verification (CHV)
The same text as in ETS 300 477 [1] subclause 7.2.1 is valid, with the addition of the following note:
NOTE: If both PIM1 and PIM2 are implemented in the same card, for security reasons, two
different CHVs should be used for PIM1 and PIM2.
7.2.2 Strong authentication
The two pass strong authentication process works as follows:
1) a successful card holder verification is performed;
2) a timer is started in the CAD . If a time-out occurs the PIM shall be RESET by the CAD . No
UPT UPT
further authentication attempts can be made until a new card holder verification has been
performed;
3) the authentication procedure is activated by the user (if the time-out has not been reached),
whereby the following steps take place;
4) the PUI and the CT are obtained from the PIM and are sent to the Authenticating Entity (AE) in an
authentication request;
5) the AE sends a random number RAND to the CAD in an authentication request;
UPT
6) the RAND is given to the PIM, which calculates an Authentication Code (AC) and returns it to the
CAD ;
UPT
7) the CAD sends the PUI, CT and AC to the authenticating entity;
UPT
8) if the authentication fails, steps 3) to 7) can be repeated, as long as the time-out has not been
reached.
7.3 File access conditions
The same text as in ETS 300 477 [1] subclause 7.3 is valid.
---------------------- Page: 11 ----------------------
SIST ETS 300 823 E1:2003
Page 10
ETS 300 823: December 1997
7.4 Function access condition
The same text as in ETS 300 477 [1] subclause 7.4 is valid.
7.5 Identification, keying and algorithm information
The following data used for identification and secret keys are stored in the PIM:
- PUI (for identification of a UPT subscriber);
- LPIN (for card holder verification);
- SLPIN (for unblocking of the relevant CHV1);
- K (secret key for the authentication algorithm).
8 Description of the functions
The same text as in ETS 300 477 [1] is valid with the following modifications:
- "DF " is replaced by "DF ".
UPT UPT2
In subclause 8.10, the input is "challenge (RAND)" instead of "challenge (n)".
9 Description of the commands
The same text as in ETS 300 477 [1] is valid with the following modification:
- In subclause 9.3.10, "challenge (sequence number)" is replaced by "challenge (RAND)".
10 Contents of the EFs
The same text as in ETS 300 477 [1] is valid with the following modifications:
- "DF " is replaced by "DF ".
UPT UPT2
-EF is deleted from figure 9.
SEQ
In subclause 10.2.3, "UPT application" is replaced by "PIM2 application".
In subclause 10.2.3, the following note is added:
NOTE 1: The PIM2 application identifier is different from the UPT application identifier.
Subclause 10.3.3 is deleted.
In subclause 10.4, note 2 is replaced by the following text:
NOTE 2: The CAD should interpret the TON and NPI information.
UPT
As EF is part of the DF it may be used by UPT and also other applications
ADN TELECOM
in a multi-application card. If the other application does not recognize the use of TON
and NPI, then the information relating to the national dialling plan should be held within
the data item dialling number and the TON and NPI fields set to UNKNOWN. This
format would be acceptable for UPT operation and also for the other application where
the TON and NPI fields should be ignored.
---------------------- Page: 12 ----------------------
SIST ETS 300 823 E1:2003
Page 11
ETS 300 823: December 1997
EXAMPLE: PIM storage of an International Number using CCITT
Recommendation E.164 [3] numbering plan.
TON NPI Digit field
UPT application 001 0001 abc.
Other application compatible with UPT 000 0000 xxx.abc.
where "abc." denotes the subscriber number digits (including its country code), and
"xxx." denotes escape digits or a national prefix replacing TON and NPI.
11 Application protocol
The same text as in ETS 300 477 [1], clause 11, is valid except that "one-pass strong authentication" is
replaced by "two-pass strong authentication".
11.1 General procedures
The same text as in ETS 300 477 [1], subclause 11.1, is valid.
11.2 PIM management procedures
The same text as in ETS 300 477 [1], subclause 11.2, is valid except that "one-pass strong authentication"
is replaced by "two-pass strong authentication", "UPT application selection" by "PIM2 application
selection", "UPT session" by "PIM2 session", and "DF " by "DF ".
UPT UPT2
11.3 CHV related procedures
The same text as in ETS 300 477 [1], clause 11, is valid except that "UPT application" is replaced by
"PIM2 application".
11.4 UPT security related procedures
The following UPT security related procedure is recognized for the PIM2:
- two-pass strong authentication.
The mechanism is specified in clause 7.
The specification of the data elements used in the authentication procedure and in the secure answer
procedure can be found in ETS 300 790 [2].
NOTE: It is possible to select EF and to read out the service provider's telephone number
ADN
before running the two-pass strong authentication procedure. This makes it possible to
automatically dial the service provider by use of the telecommunication features in the
PIM.
11.4.1 Two-pass strong authentication (M)
This procedure is used by the PIM to authenticate itself to the network.
Before this procedure can be performed, a successful CHV1 procedure shall be completed:
1) the CAD selects and reads EF ;
CT
UPT
2) the CAD selects and reads EF ;
UPT PUI
3) the CAD gives an INTERNAL AUTHENTICATION command with the random number RAND
UPT
received from the AE as a challenge to the command. Then the PIM calculates an AC, which is
returned in the response;
---------------------- Page: 13 ----------------------
SIST ETS 300 823 E1:2003
Page 12
ETS 300 823: December 1997
4) the CAD sends PUI, CT and AC to the network.
UPT
Step 4 is not part of the protocol between the CAD and the PIM, but is included for clarification.
UPT
CAD Card
UPT
select EF (M)
CT
status bytes (M)
read (M)
data+status bytes (M)
select EF (M)
PUI
status bytes (M)
read (M)
data+status bytes (M)
internal authentication (M)
status bytes (M)
get response (M)
data+status bytes (M)
NOTE: Regarding the interface between the PIM2 and the CAD , the procedure "secure answer",
UPT
which may be activated by the calling party or by the called party, is the same procedure as the
two-pass strong authentication.
Figure 1
11.5 Telecommunication procedures
The same text as in ETS 300 477 [1], subclause 11.5, is valid except that the half sentence "this is only
possible with the last numbers dialled by the DTMF device" is obsolete for the PIM2 since it is inserted
directly into a card reading terminal.
11.6 General information procedures
The same text as in ETS 300 477 [1], subclause 11.6, is valid.
---------------------- Page: 14 ----------------------
SIST ETS 300 823 E1:2003
Page 13
ETS 300 823: December 1997
Annex A (normative): Plug-in UPT card
The same text as in ETS 300 477 [1] is valid.
---------------------- Page: 15 ----------------------
SIST ETS 300 823 E1:2003
Page 14
ETS 300 823: December 1997
Annex B (normative): Implementation Conformance Statement (ICS) for the
PIM2
Notwithstanding the provisions of the copyright clause related to the text of this ETS, ETSI grants that
users of this ETS may freely reproduce the ICS proforma in this annex so that it can be used for its
intended purposes and may further publish the completed ICS.
A supplier of implementations of PIMs that are claimed to conform to this ETS is required to complete a
copy of the relevant ICS proforma provided in this annex and to provide the information necessary to
identify both the supplier and the implementation.
B.1 ICS proforma for the PIM2
The purpose of the ICS proforma is to submit suppliers and implementers with a questionnaire or
checklist. This should be completed in order to state conformance with the requirements of this ETS.
B.2 Identification of the implementation, product supplier and test laboratory
client
To be filled in by the involved parties:
Date:
Implementation:
Application name: Personal Identification Module version 2 (PIM2) for UPT
Phase: UPT phase 2
Specification: ETS 300 823 Edition 1
Supplier: Test laboratory client:
Company: Company:
Address: Address:
Country: Country:
Contact person: Contact person:
Telephone: Telephone:
Facsimile: Facsimile:
B.3 Identification of the standard
This ICS proforma applies to the PIM requirements in this ETS.
---------------------- Page: 16 ----------------------
SIST ETS 300 823 E1:2003
Page 15
ETS 300 823: December 1997
B.4 Global statement of conformance
The implementation described in this ICS meets all the mandatory requirements of this ETS.
( ) Yes
( ) No
NOTE: Answering "No" to this question indicates non-conformance to the PIM2 interface
specification. Non-supported mandatory capabilities are to be identified in the ICS, with
an explanation of why the implementation is non-conforming.
B.5 Interpretation of the tables
Each item in the following tables corresponds to a requirement specified in the standard. The columns of
the tables have the following meaning:
Item: Numbers the requirements within a table.
Feature: Short verbal description of a requirement in the standard.
Reference: Reference to (sub)clause number, where the requirement can be found in the
standard.
Status: Indicates if the requirement is:
- mandatory (M);
- optional (O);
- prohibited (X); or
- conditional(Cn), description of condition "n" follows below the table.
Support: To be filled in by the implementer. If the item is supported this is indicated by "Yes", if
the item is not supported, this is indicated by "No". In some cases additional
information shall be given in this column.
B.6 Physical characteristics
Table B.1
Item Feature Reference Status Support
1 Physical characteristics in accordance with4M
ISO/IEC 7816-1 (reference [9] in
ETS 300 477 [1]) and
ISO/IEC 7816-2 (reference [10] in
ETS 300 477 [1]).
2 ID-1 size 4.1.1 C1
3 Plug-in size 4.1.2 C1
4 Temperature range -25°C to +70°C with 4.2 M
occasional peaks up to 85°C.
5 Contact pressure up to 0,5 N per contact. 4.3.3 M
C1 = It is mandatory to fulfil one of items 2 or 3.
---------------------- Page: 17 ----------------------
SIST ETS 300 823 E1:2003
Page 16
ETS 300 823: December 1997
B.6.1 ID-1 size
This table shall only be filled in if item 2 in table B.1 is fulfilled.
Table B.2
Item Feature Reference Status Support
1 Identification number on the card. 4.1 M
2 Format and layout in accordance with 4.1.1 M
ISO/IEC 7816-1 (reference [9] in
ETS 300 477 [1]) and
ISO/IEC 7816-2 (reference [10] in
ETS 300 477 [1]).
3 Polarization mark provided. 4.1.1 M
4 Embossing provided in accordance with 4.1.1 O
ISO 7811-1 (reference [7] in
ETS 300 477 [1]) and ISO 7811-3
(reference [8] in ETS 300 477 [1]).
5 Contacts and embossing located on the 4.1.1 C2
same side.
C2 = Mandatory if item 4 is fulfilled.
B.6.2 Plug-in size
This table shall only be filled in if item 3 in table B.1 is fulfilled.
Table B.3
Item Feature Reference Status Support
1 Individual account identifier and check digit 4.1 M
on the card.
2 Format and layout in accordance with 4.1.1 M
ENV 1375-1.
B.6.3 Contacts
Table B.4
Item Feature Reference Status Support
1 Contact C4 provided 4.3.1 O
2 Contact C6 not bonded 4.3.1 M
3 Contact C6 provided 4.3.1 O
---------------------- Page: 18 ----------------------
SIST ETS 300 823 E1:2003
Page 17
ETS 300 8
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.