ETSI TS 103 383-2018 Smart Cards Embedded UICC Requirements Specification (V14 0 0 Release 14).pdf

1、 ETSI TS 103 383 V14.0.0 (2018-07) Smart Cards; Embedded UICC; Requirements Specification (Release 14) TECHNICAL SPECIFICATION ETSI ETSI TS 103 383 V14.0.0 (2018-07)2Release 14Reference RTS/SCP-ReUICCvd30 Keywords embedded, smart card ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRAN

2、CE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be mad

3、e available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, th

4、e only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this an

5、d other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced

6、or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction exte

7、nd to reproduction in all media. ETSI 2018. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are trademarks of ETSI registered for the benefit of its Members. 3GPPTM and LTETMare trademarks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. on

8、eM2M logo is protected for the benefit of its Members. GSMand the GSM logo are trademarks registered and owned by the GSM Association. ETSI ETSI TS 103 383 V14.0.0 (2018-07)3Release 14Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g3Introduction 6g31 Scope 7g32 Refer

9、ences 7g32.1 Normative references . 7g32.2 Informative references 7g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.1a Void 9g33.2 Abbreviations . 9g34 Abstract (informative) 10g35 Background (informative) 11g35.1 Overview of the use cases 11g35.2 Use Case 1 - Provisioning of multiple eUI

10、CCs for M2M 11g35.2.1 Overview 11g35.2.2 Use case 1 - example a) - Utility Meters . 11g35.2.3 Use case 1 - example b) - Security Camera 11g35.2.4 Use case 1 - example c) - Telematics 12g35.3 Use case 2 - Provisioning of an eUICC for a first subscription with a new connected device . 12g35.3.1 Overvi

11、ew 12g35.3.2 Use case 2 - example a) - Provisioning of a new device . 12g35.3.3 Use case 2 - example b) - Provisioning of multiple new devices for an enterprise. 12g35.4 Use case 3 - Change of subscription for a device . 13g35.4.1 Overview 13g35.4.2 Use case 3 - example a) - Change of subscription b

12、y consumer . 13g35.4.3 Use case 3 - example b) - Change of subscriptions for devices for enterprise workforce 13g35.5 Use Case 4 - Change of SM-SR . 13g35.6 Use Case 5 - Terminal state and capabilities reporting 13g35.7 Use Case 6 - Profile Update . 14g35.8 Use Case 7 - Provisioning of devices with

13、only IP connectivity 14g35.9 Use Case 8 - Provisioning a device in markets with multiple roots of trust (CAs) 14g36 Requirements 14g36.1 General . 14g36.2 Profile, Application and File Structure . 15g36.3 Procedural. 15g36.4 Security 17g36.5 Profile Interoperability and Interactions . 19g36.6 Void 1

14、9g36.7 Void 19g36.8 Void 19g3Annex A (informative): Void . 20g3Annex B (informative): States (see also annex D) 21g3B.0 Foreword 21g3B.1 States of eUICC 21g3B.2 States of Profiles . 21g3B.3 States of Applications in Profiles . 21g3ETSI ETSI TS 103 383 V14.0.0 (2018-07)4Release 14Annex C (informative

15、): Logical aspects of eUICC Architecture and associated Security Credentials 22g3Annex D (informative): Profiles and NAA (Network Access Application) States 23g3Annex E (informative): Profile Aspects 24g3E.0 Foreword 24g3E.1 Profile Content . 24g3E.2 Profile Related Principles . 24g3Annex F (informa

16、tive): Bibliography . 26g3Annex G (informative): Change history . 27g3History 29g3ETSI ETSI TS 103 383 V14.0.0 (2018-07)5Release 14Intellectual Property Rights Essential patents IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information pertaini

17、ng to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretaria

18、t. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the

19、 ETSI Web server) which are, or may be, or may become, essential to the present document. Trademarks The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners. ETSI claims no ownership of these except for any which are indicated as being the p

20、roperty of ETSI, and conveys no right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks. Foreword This Technical Specification (TS)

21、 has been produced by ETSI Technical Committee Smart Card Platform (SCP). The contents of the present document are subject to continuing work within TC SCP and may change following formal TC SCP approval. If TC SCP modifies the contents of the present document, it will then be republished by ETSI wi

22、th an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 0 early working draft; 1 presented to TC SCP for information; 2 presented to TC SCP for approval; 3 or greater indicates TC SCP approved document under change control. y the

23、 second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “sho

24、uld not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. ETSI ETSI T

25、S 103 383 V14.0.0 (2018-07)6Release 14Introduction Work on Machine-to-Machine (M2M) applications has given rise to the possibility of having a UICC that is embedded in a communication device in such a way that the UICC is not easily accessible or replaceable. The ability to change network subscripti

26、ons on such devices becomes problematic, thus necessitating new methods for securely and remotely provisioning access credentials on these embedded UICCs (eUICC) and managing subscription changes from one MNO to another. ETSI ETSI TS 103 383 V14.0.0 (2018-07)7Release 141 Scope The present document d

27、efines the use cases and requirements for an embedded UICC. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific refe

28、rences, the latest version of the referenced document (including any amendments) applies. In the case of a reference to a TC SCP document, a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. Referenced documents which are not

29、 found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for t

30、he application of the present document. 1 ETSI TS 102 221: “Smart Cards; UICC-Terminal interface; Physical and logical characteristics“. 2 ETSI TS 102 671: “Smart Cards; Machine to Machine UICC; Physical and logical characteristics“. 3 Void. 4 ETSI TS 102 241: “Smart Cards; UICC Application Programm

31、ing Interface (UICC API) for Java Card (TM)“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest versio

32、n of the referenced document (including any amendments) applies. In the case of a reference to a TC SCP document, a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. NOTE: While any hyperlinks included in this clause were val

33、id at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 Recommendation ITU-T E.212: “The international identi

34、fication plan for public networks and subscriptions“. i.2 ETSI TR 102 216: “Smart cards; Vocabulary for Smart Card Platform specifications“. i.3 ETSI TS 123 682: “Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; Architecture enhance

35、ments to facilitate communications with packet data networks and applications (3GPP TS 23.682)“. ETSI ETSI TS 103 383 V14.0.0 (2018-07)8Release 143 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definitions given in ETSI TR 102 216 i.2 and the f

36、ollowing apply: attribute (of a Profile): indication that a Profile delivers some specific functions; the knowledge of attributes offered by Profiles could be used by any authorized entity accessing the eUICC (terminal, server, etc.) to determine a particular behaviour embedded UICC: UICC which is n

37、ot easily accessible or replaceable, is not intended to be removed or replaced in the terminal, and enables the secure changing of subscriptions enabled Profile: Profile, the files and/or applications (e.g. NAA) of which are selectable over the UICC-Terminal interface eUICC management credentials: c

38、redentials used to verify the authorization for the establishment of Profile Management Credentials and Profile Provisioning Credentials eUICC supplier: supplier of the eUICC modules and resident software (such as firmware and operating system) Local Profile Management Credentials (LPMC): data requi

39、red to exist within an eUICC so that a secured communication can be set up between a terminal and the eUICC in order for the user to perform Local Profile management operations on the Profiles on the eUICC local Profile management operation: local Profile enabling, local Profile disabling or local P

40、rofile deletion Mobile Network Operator (MNO): entity providing communication services to its customers through mobile networks Network Access Credentials (NAC): data required to authenticate to a Recommendation ITU E.212 i.1 Network NOTE: Network Access Credentials may include data such as Ki/K, an

41、d IMSI stored within a NAA. operational attribute: indication that a Profile, containing network access applications and associated network access credentials, is associated to an Operational Subscription operational subscription: subscription that enables a device to access a Recommendation ITU E.2

42、12 i.1 network for the purpose of accessing telecommunication and related services Profile: combination of a file structure, data and applications to be provisioned onto, or present on, an eUICC Profile access credentials: data required to exist within a Profile so that secured communication can be

43、set up between an external entity and the eUICC in order to manage that Profiles structure and its data (e.g. operator OTA keys) Profile container: logical container for a Profile on an eUICC providing security services, enabling separation of Profiles and providing secure communication Profile cont

44、ainer initialization: process of preparing a Profile Container so that it is ready for Profile Loading and Installation Profile loading: transfer of a Profile from a Profile Provisioning Credentials holder into the eUICC so that it is ready for installation Profile transport: transfer of a cryptogra

45、phically protected Profile from a Profile Management Credential holder to the eUICC Profile installation: process of allocating resources and registering parameters for a Profile to bring it to a state where it can be enabled Profile Provisioning Credentials (PPC): data required to exist within an e

46、UICC so that a Profile downloaded from an external entity can be decrypted and installed on the eUICC ETSI ETSI TS 103 383 V14.0.0 (2018-07)9Release 14Profile Management Credentials (PMC): data required to exist within an eUICC so that a secured communication can be set up between an external entity

47、 and the eUICC in order to manage the Profiles on the eUICC Profile management operations: Profile Transport, Profile deletion, Profile enabling, and Profile disabling provisioning: container creation and initialization, loading, and installation of a Profile into an eUICC provisioning attribute: in

48、dication that a Profile, containing network access applications and associated network access credentials, is associated with the Provisioning Subscription provisioning subscription: subscription, with its associated Profile, that enables a device to access a mobile network for the purpose of manage

49、ment of operational Profiles on the eUICC subscriber: entity that has a subscription with a telecommunications Service Provider subscription: commercial relationship for the supply of services between the Subscriber and Telecommunications Service Provider Subscription Manager (SM): combination of the functions of the SM-SR and the SM-DP Subscription Manager - Data Preparation (SM-DP): role that prepares Profiles to be securely provisioned on the eUICC e.g. encryption of Profile NOTE: Also known as Profile Provisioning Credentials holder. Subscription M