ETSI TS 123 057-2017 Digital cellular telecommunications system (Phase 2+) (GSM) Universal Mobile Telecommunications System (UMTS) Mobile Execution Environment (MExE) Functional de.pdf

1、 ETSI TS 123 057 V14.0.0 (2017-05) Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); Mobile Execution Environment (MExE); Functional description; Stage 2 (3GPP TS 23.057 version 14.0.0 Release 14) TECHNICAL SPECIFICATION GLOBAL SYSTEM FOR

2、 MOBILE COMMUNICATIONSRETSI ETSI TS 123 057 V14.0.0 (2017-05)13GPP TS 23.057 version 14.0.0 Release 14Reference RTS/TSGS-0223057ve00 Keywords GSM,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 74

3、2 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic an

4、d/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) versio

5、n kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStat

6、us.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photoco

7、pying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 201

8、7. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. oneM2M logo is protected for the benefit o

9、f its Members GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 123 057 V14.0.0 (2017-05)23GPP TS 23.057 version 14.0.0 Release 14Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI.

10、The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available

11、from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 31

12、4 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP). The present document may refer to technical specifications or reports usin

13、g their 3GPP identities, UMTS identities or GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables. The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under http:/webapp.etsi.org/key/queryform.asp. Modal verbs terminology In t

14、he present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI deliv

15、erables except when used in direct citation. ETSI ETSI TS 123 057 V14.0.0 (2017-05)33GPP TS 23.057 version 14.0.0 Release 14Contents Intellectual Property Rights 2g3Foreword . 2g3Modal verbs terminology 2g3Foreword . 7g31 Scope 8g32 References 8g33 Definitions and abbreviations . 10g33.1 Definitions

16、 10g33.2 Abbreviations . 12g34 MExE basic principles 14g34.1 Generic MExE aspects . 14g34.2 High level architecture . 14g34.3 Multiple classmark support 15g34.3.1 Classmark 1 service support in non-Classmark 1 MExE devices . 15g34.3.2 Classmark 2 service support in non-Classmark 2 MExE devices . 16g

17、34.3.3 Classmark 3 service support in non-Classmark 3 MExE devices . 16g34.3.4 Classmark 4 service support in non-Classmark 4 MExE devices . 16g35 Generic MExE functions (excluding security) . 16g35.1 User profile . 16g35.1.1 Location of, access to, and security of, the user profile 16g35.1.2 Suppor

18、t of the user profile 17g35.1.3 User interface personalisation . 18g35.1.3.1 MExE user interface personalisation . 18g35.1.3.2 Support of MExE user interface personalisation . 18g35.1.4 Virtual home environment 19g35.2 Capability and content negotiation . 19g35.2.1 User profile and capability negoti

19、ation relationship . 20g35.2.2 Capability negotiation characteristics . 20g35.2.3 Client content capability report . 22g35.2.4 Server role in capability negotiation . 22g35.2.5 Client-driven negotiation 22g35.3 Provisioning and management of services . 22g35.3.1 Service discovery 22g35.3.2 Service t

20、ransfer . 23g35.3.3 Service installation and configuration. 23g35.3.4 Service management . 23g35.3.5 Service termination . 23g35.3.6 Service deletion 23g35.4 User control of application connections . 24g35.4.1 Journaling of network events 24g35.4.2 User notification . 24g35.5 Quality of service . 24

21、g35.5.1 Introduction. 26g35.5.2 MExE QoS support . 26g35.5.3 MExE QoS manager . 27g35.5.4 Network control API . 27g35.5.5 MExE QoS API 27g35.5.6 Sources of bearer service parameters 28g35.5.7 QoS streams 28g35.5.8 QoS security 28g35.6 Charging . 28g35.6.1 Generic charging support 29g3ETSI ETSI TS 12

22、3 057 V14.0.0 (2017-05)43GPP TS 23.057 version 14.0.0 Release 146 Generic MExE Security 29g36.1 Introduction 29g36.2 MExE executable integrity . 29g36.2.1 Full signature verification . 30g36.2.2 Optimised pre-launch signature verification . 30g36.3 MExE executable permissions . 30g36.3.1 MExE execut

23、able permissions for operator, manufacturer and third party security domains. 30g36.3.2 MExE executable permissions for untrusted MExE executables 34g36.4 Handling of MExE executables when their valid root public key is not available . 35g36.4.1 Launching of MExE executables when their valid RPK is

24、not available . 36g36.4.2 Currently executing secure MExE executables when their valid RPK is no longer available 36g36.5 User permission types 36g36.6 Root Public keys . 37g36.6.1 Operator root public key . 37g36.6.1.1 Caching of root public keys 38g36.6.1.2 MExE device actions on detection of vali

25、d (U)SIM application and/or power up 38g36.6.2 Manufacturer root public key 40g36.6.3 Third party root public key . 40g36.7 Certification and authorisation architecture 41g36.7.1 Certification requirements 41g36.7.1.1 MExE terminal requirements for certificate processing 41g36.7.2 Certification admi

26、nistration requirements 42g36.7.3 Example certification process . 42g36.7.4 Certificate Chain Verification . 43g36.8 Usage of Signed Content 45g36.8.1 Signed packages used for installation . 45g36.8.2 Installation of root certificates in a signed data package 46g36.8.3 Installation of other signed d

27、ata 46g36.9 Certificate Format. 47g36.9.1 Certificate extension for removal of network access 47g36.9.1.1 X.509 version 3 . 47g36.10 Certificate management 47g36.10.1 Certificate configuration message (CCM) 48g36.10.1.1 CCM numbering convention . 51g36.10.1.2 CCM order of transmission . 51g36.10.1.3

28、 CCM field mapping convention 51g36.10.1.4 Authorised CCM download mechanisms 51g36.11 Separation of I/O streams . 51g36.12 Core software download . 52g36.13 Administrator Concept . 52g36.13.1 Administrator root public key . 52g36.13.2 Provisioned mechanism for designating administrative responsibil

29、ities and adding third parties in a MExE device 53g36.13.3 MExE administrator determination mechanism 53g36.13.3.1 Determining the administrator of the MExE device 53g36.13.3.2 Determining the administrator of the MExE device, for MExE-(U)SIM supporting third party certificates . 54g36.13.3.2.1 Admi

30、nistrator of the MExE device is the user . 54g36.13.3.2.2 Administrator of the MExE device is not the user . 55g36.13.4 Administrator root certificate download mechanism 56g37 MExE Classmark 1 (WAP environment) . 57g37.1 Introduction 57g37.1.1 WAP MExE devices . 57g37.1.2 High level architecture 57g

31、37.2 Non Security . 57g37.2.1 WAP components . 57g37.2.2 Services. 58g37.2.2.1 User interface 58g37.2.2.2 Access points. 58g37.2.2.3 Transferring . 59g37.2.2.3.1 WSP and HTTP/1.1 Proxy Function . 59g3ETSI ETSI TS 123 057 V14.0.0 (2017-05)53GPP TS 23.057 version 14.0.0 Release 147.2.3 WAP charging su

32、pport 60g37.2.4 CC/PP over WSP (Classmark 1) . 60g37.3 Security 60g37.3.1 Call control . 60g37.3.2 Local phonebook 60g38 MExE Classmark 2 (PersonalJava environment) . 60g38.1 Introduction 60g38.1.1 Classmark 2 MExE devices 61g38.1.2 High level architecture 61g38.2 Non Security . 61g38.2.1 High level

33、 functions 61g38.2.1.1 Optional Java packages . 61g38.2.1.2 Required and optional PersonalJava APIs . 62g38.2.1.3 Required and optional JavaPhone APIs 62g38.2.1.3.1 Application installation . 63g38.2.1.3.2 Power . 63g38.2.1.3.3 Datagram recipient addressing 63g38.2.1.4 Required and optional MExE Per

34、sonalJava APIs 63g38.2.1.5 Mandated services and applications 64g38.2.1.5.1 Network protocol support 64g38.2.2 CC/PP over HTTP (Classmark 2) . 64g38.2.3 Java charging support . 64g38.3 Security 64g38.3.1 PersonalJava security 64g38.3.1.1 Java applet certification in PersonalJava . 64g38.3.1.2 Java a

35、pplication signature verification in PersonalJava 64g38.3.1.3 Java loading native libraries in PersonalJava 65g38.3.2 Installing MExE native libraries . 65g39 MExE Classmark 3 (J2ME CLDC environment) . 65g39.1 Introduction 65g39.1.1 Classmark 3 MExE devices 65g39.1.2 High level architecture 65g39.1.

36、3 High level functionality 66g39.2 Non Security . 66g39.2.1 Connected Limited Device Configuration (CLDC) 66g39.2.2 Mobile Information Device Profile (MIDP) . 66g39.2.2.1 Networking 67g39.2.2.2 MID Applications (MIDlet) 67g39.2.2.3 MIDlet Suites 67g39.2.2.4 Record Storage 67g39.2.3 Required and opti

37、onal MExE APIs . 67g39.2.4 Service discovery and management 67g39.2.5 Transfer of capability negotiation information in Classmark 3 68g39.3 Security 68g39.3.1 CLDC security 68g310 MExE classmark 4 (CLI Compact environment) . 68g310.1 Introduction 68g310.1.1 High level architecture 69g310.2 Non secur

38、ity . 69g310.2.1 High level functionality 69g310.2.2 Network protocol support . 70g310.2.3 Power Management 70g310.2.4 CLI charging support 70g310.2.5 CC/PP over HTTP or WSP (Classmark 4) 70g310.3 Security 71g310.3.1 CLI Security 71g3Annex A (normative): MExE profile of PKCS#15 72g3A.1 PKCS#15 certi

39、ficate object attributes presentation 72g3ETSI ETSI TS 123 057 V14.0.0 (2017-05)63GPP TS 23.057 version 14.0.0 Release 14A.1.1 Object common attributes 72g3A.1.2 Certificate common attributes 72g3A.1.3 Certificate attributes . 72g3A.1.4 Specific X.509 certificate attributes . 72g3A.2 MExE profile of

40、 PKCS#15. 72g3A.3 Coding and storage in MExE-(U)SIM . 73g3Annex B (informative): PKCS#15 certificate objects ASN1 expanded syntax extract 74g3Annex C (normative): Access restriction certificate extension 76g3Annex D (informative): MExE executable life cycle 77g3D.1 State of a MExE executable . 77g3D

41、.2 Released state . 79g3D.3 Uninstalled Execution state 80g3D.4 Verification . 81g3Annex E (informative): MExE conformance requirements . 82g3Annex F (informative): Change history . 86g3History 87g3ETSI ETSI TS 123 057 V14.0.0 (2017-05)73GPP TS 23.057 version 14.0.0 Release 14Foreword This Technical

42、 Specification (TS) has been produced by the 3rd Generation Partnership Project (3GPP). The contents of the present document are subject to continuing work within the TSG and may change following formal TSG approval. Should the TSG modify the contents of the present document, it will be re-released

43、by the TSG with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 1 presented to TSG for information; 2 presented to TSG for approval; 3 or greater indicates TSG approved document under change control. y the second digit is in

44、cremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. ETSI ETSI TS 123 057 V14.0.0 (2017-05)83GPP TS 23.057 version 14.0.0 Release 141 Scope The present docu

45、ment defines the stage 2 and stage 3 description of the Mobile Execution Environment (MExE). Stage 2 identifies the functional capabilities and information flows needed to support the service described in stage 1. The present document includes information applicable to network operators, service pro

46、viders and terminal, switch and database manufacturers. The present document contains the core functions for a Mobile Execution Environment (MExE) which are sufficient to provide a complete service. MExE uses a number of technologies to realise the requirements of the stage 1 description (3GPP TS 22

47、.057). The present document describes how the service requirements are realised with the selected technologies. The TS is devised into clauses each covering the aspects relating to particular MExE technologies, it is intended that this specification will evolve along with the MExE technologies. A ge

48、neric clause of the specification covers areas of MExE common to all technologies. Implementation of this specification outside the UE (User Equipment) is outside the scope of this specification. 2 References - References are either specific (identified by date of publication, edition number, versio

49、n number, etc.) or non-specific. - For a specific reference, subsequent revisions do not apply. - For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. 1 Void. 2 3GPP TS 22.057: “Mobile Execution Environment (MExE); Stage 1“. 3 Personal Java 1.1.1 or higher: Sun Microsystems http:/ 4 JavaPhone API version 1.0: http:/java.sun.