ETSI TS 102 226-2018 Smart Cards Remote APDU structure for UICC based applications (V13 1 0 Release 13).pdf

1、 ETSI TS 102 226 V13.1.0 (2018-07) Smart Cards; Remote APDU structure for UICC based applications (Release 13) TECHNICAL SPECIFICATION ETSI ETSI TS 102 226 V13.1.0 (2018-07)2Release 13Reference RTS/SCP-T02850vd10 Keywords protocol, smart card ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cede

2、x - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document ma

3、y be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in p

4、rint, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of

5、 this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be rep

6、roduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restrict

7、ion extend to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Part

8、ners. oneM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 102 226 V13.1.0 (2018-07)3Release 13Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g

9、32.1 Normative references . 6g32.2 Informative references 8g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 8g34 Overview of remote management 10g35 Remote APDU format 11g35.1 Compact Remote Application data format . 11g35.1.1 Compact Remote command structure . 11g35.1.2

10、 Compact Remote response structure . 11g35.2 Expanded Remote Application data format 11g35.2.1 Expanded Remote command structure . 11g35.2.1.0 Structure overview 11g35.2.1.1 C-APDU TLV . 12g35.2.1.2 Immediate Action TLV . 13g35.2.1.3 Error Action TLV 14g35.2.1.4 Script Chaining TLV . 14g35.2.2 Expan

11、ded Remote response structure . 15g35.3 Automatic application data format detection 18g36 Security parameters assigned to applications . 18g36.1 Minimum Security Level (MSL) 18g36.2 Access domain 19g37 Remote File Management (RFM) 19g37.0 RFM basic principles 19g37.1 Commands 20g37.2 UICC Shared Fil

12、e System Remote File Management 20g37.3 ADF Remote File Management 21g37.4 RFM implementation over HTTPS 21g38 Remote Application Management (RAM) . 21g38.0 RAM basic principles . 21g38.1 Remote application management application behaviour 22g38.2 Command coding and description 22g38.2.0 Basic rules

13、 . 22g38.2.1 Commands 22g38.2.1.0 Application management commands overview. 22g38.2.1.1 DELETE . 23g38.2.1.2 SET STATUS . 23g38.2.1.3 INSTALL 23g38.2.1.3.0 Basic requirements for INSTALL command . 23g38.2.1.3.1 INSTALL for load 23g38.2.1.3.2 INSTALL for install . 23g38.2.1.4 LOAD . 31g38.2.1.5 PUT K

14、EY 31g38.2.1.5.0 Generic rules for PUT KEY command 31g38.2.1.5.1 PUT KEY for AES 32g38.2.1.5.2 PUT KEY for triple DES . 32g38.2.1.6 GET STATUS . 33g3ETSI ETSI TS 102 226 V13.1.0 (2018-07)4Release 138.2.1.6.0 Basic rules . 33g38.2.1.6.1 Menu parameters . 33g38.2.1.7 GET DATA. 33g38.2.1.7.0 Basic rule

15、s . 33g38.2.1.7.1 Void . 34g38.2.1.7.2 Extended Card resources information . 34g38.2.1.8 STORE DATA 34g38.3 RAM implementation over HTTPS 35g39 Additional command for push 35g39.0 Introduction 35g39.1 Push command behaviour 35g39.1.1 Request for open channel 35g39.1.2 Request for CAT_TP link establi

16、shment 36g39.1.3 Behaviour for responses 36g39.1.4 Request for TCP connection . 36g39.1.5 Request for Identification Packet 36g39.2 Commands coding 36g39.2.0 Coding 36g39.2.1 Data for BIP channel opening . 37g39.2.2 Data for CAT_TP link establishment 37g39.2.3 Data for TCP connection opening . 38g39

17、.2.4 Data for sending of Identification Packet . 38g39.3 Closing of the BIP channel . 38g310 Confidential application management 39g310.0 Overview and basic requirements. 39g310.1 Confidential loading . 39g310.2 Additional application provider security 39g310.3 Confidential setup of Security Domains

18、 . 40g310.4 Application personalisation in an APSD 40g3Annex A (normative): BER-TLV tags 41g3Annex B (informative): RFM over HTTP Communication Flow 42g3Annex C (informative): Bibliography . 44g3Annex D (informative): Change history . 45g3History 48g3ETSI ETSI TS 102 226 V13.1.0 (2018-07)5Release 13

19、Intellectual Property Rights Essential patents IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “I

20、ntellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, i

21、ncluding IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may inclu

22、de trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the presen

23、t document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Smart Card Platform (SCP). It is based on work originally done in the 3GPP in TSG-te

24、rminals WG3 and ETSI SMG. The contents of the present document are subject to continuing work within TC SCP and may change following formal TC SCP approval. If TC SCP modifies the contents of the present document, it will then be republished by ETSI with an identifying change of release date and an

25、increase in version number as follows: Version x.y.z where: x: the first digit: 0 early working draft; 1 presented to TC SCP for information; 2 presented to TC SCP for approval; 3 or greater indicates TC SCP approved document under change control. y: the second digit is incremented for all changes o

26、f substance, i.e. technical enhancements, corrections, updates, etc. z: the third digit is incremented when editorial only changes have been incorporated in the document. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will no

27、t“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI TS 102 226 V13.1.0 (2018-07)6Release 131 Scope

28、 The present document defines the remote management of the UICC based on any of the secured packet structures specified in ETSI TS 102 225 1. It specifies the APDU format for remote management. Furthermore the present document specifies: A set of commands coded according to this APDU structure and u

29、sed in the remote file management on the UICC. This is based on ETSI TS 102 221 2. A set of commands coded according to this APDU structure and used in the remote application management on the UICC. This is based on the GlobalPlatform Card Specifications. 2 References 2.1 Normative references Refere

30、nces are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. In the case of

31、 a reference to a TC SCP document, a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. Referenced documents which are not found to be publicly available in the expected location might be found at https:/docbox.etsi.org/Refere

32、nce. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. 1 ETSI TS 102 225: “Smart Cards; Secured packet structure for U

33、ICC based applications“. 2 ETSI TS 102 221: “Smart Cards; UICC-Terminal interface; Physical and logical characteristics“. 3 ETSI TS 102 223: “Smart Cards; Card Application Toolkit (CAT)“. 4 GlobalPlatform: “GlobalPlatform Card Specification Version 2.3“. NOTE: See http:/www.globalplatform.org/. 5 ET

34、SI TS 101 220: “Smart Cards; ETSI numbering system for telecommunication application providers“. 6 ETSI TS 102 241: “Smart Cards; UICC Application Programming Interface (UICC API) for Java Card (TM)“. 7 Void. 8 Void. 9 ETSI TS 102 222: “Integrated Circuit Cards (ICC); Administrative commands for tel

35、ecommunications applications“. 10 ETSI TS 123 048: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Security mechanisms for the (U)SIM application toolkit; Stage 2 (3GPP TS 23.048 Release 5)“. 11 ETSI TS 102 127: “Smart Cards; Transport proto

36、col for CAT applications; Stage 2“. ETSI ETSI TS 102 226 V13.1.0 (2018-07)7Release 1312 ETSI TS 143 019: “Digital cellular telecommunications system (Phase 2+); Subscriber Identity Module Application Programming Interface (SIM API) for Java Card; Stage 2 (3GPP TS 43.019 Release 5)“. 13 FIPS-197 (200

37、1): “Advanced Encryption Standard (AES)“. NOTE: Available at https:/nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf. 14 NIST Special Publication 800-38A (2001): “Recommendation for Block Cipher Modes of Operation - Methods and Techniques“. NOTE: Available at http:/csrc.nist.gov/publications/nistpub

38、s/. 15 NIST Special Publication 800-38B (2001): “Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication“. NOTE: Available at http:/csrc.nist.gov/publications/nistpubs/. 16 GlobalPlatform: “Card UICC Configuration“, Version 1.0.1. NOTE: Available at http:/www.globalplatf

39、orm.org/. 17 ETSI TS 102 588: “Smart Cards; Application invocation Application Programming Interface (API) by a UICC webserver for Java Card platform“. 18 GlobalPlatform: “GlobalPlatform Card, Confidential Card Content Management Card Specification v2.3 - Amendment A“, Version 1.1. NOTE: Available a

40、t http:/www.globalplatform.org/. 19 GlobalPlatform: “GlobalPlatform Card, Remote Application Management over HTTP, Card Specification v2.2, Amendment B“ Version 1.1.3. NOTE: Available at http:/www.globalplatform.org/. 20 ETSI TS 102 483: “Smart cards; UICC-Terminal interface; Internet Protocol conne

41、ctivity between UICC and terminal“. 21 ISO/IEC 8825-1: “Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)“. 22 GlobalPlatform: “Card Specification Version 2.3, Amendment C: Contactless Ser

42、vices“ Version 1.2. NOTE: Available at http:/www.globalplatform.org/. 23 ETSI TS 102 622: “Smart Card; UICC - Contactless Front-end (CLF) Interface; Host Controller Interface (HCI)“. 24 GlobalPlatform: “Security Upgrade for Card Content Management - GlobalPlatform Card Specification v2.2 - Amendment

43、 E“, Version 1.0.1. NOTE: Available at http:/www.globalplatform.org/. 25 GlobalPlatform: “Java Card API and Export File for Card Specification v2.2.1 (org.globalplatform) Version 1.6“. NOTE: Available at http:/www.globalplatform.org/. 26 GlobalPlatform: “Card Specification Version 2.2 - Amendment D:

44、 Secure Channel Protocol 03“ Version 1.1.1. NOTE: Available at http:/www.globalplatform.org/. ETSI ETSI TS 102 226 V13.1.0 (2018-07)8Release 1327 GlobalPlatform: “GlobalPlatform Card, Common Implementation Configuration“, Version 2.0. NOTE: Available at http:/www.globalplatform.org/. 2.2 Informative

45、 references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) appli

46、es. In the case of a reference to a TC SCP document, a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their lo

47、ng term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. Not applicable. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms an

48、d definitions given in ETSI TS 102 225 1, ETSI TS 101 220 5 and the following apply: Controlling Authority Security Domain (CASD): on-card controlling entity representing an off card trusted third party NOTE: It provides services to confidentially load or generate Secure Channel keys of the APSD. 3.

49、2 Abbreviations For the purposes of the present document, the abbreviations given in ETSI TS 102 225 1 and the following apply: ACK ACKnowledge ADD Access Domain Data ADF Application Data File ADP Access Domain Parameter AES Advanced Encryption Standard AFI Application Family Identifier AID Application IDentifierAM Authorized Management AP Application ProviderAPDU Application Protocol Data Unit API Application Programming Interface APSD Application Provider Security Domain BER-TLV Basic En