1、 TIA-4960 August 2012Remote Subscription Management System Requirements NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products,
2、 and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such St
3、andards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent p
4、olicy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. I
5、t is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Project No. TIA-PN-4960, formulated under the cognizance of the TIA TR-45 Mobile (b) there is no assurance that
6、 the Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual pr
7、operty rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereo
8、f is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left
9、 to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its conten
10、ts. If the Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference consi
11、sts of mandatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy of en
12、couragement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a claim of
13、Essential Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WA
14、RRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TI
15、A EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN T
16、HE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
17、(INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDA
18、MENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. 3GPP2 S.R0149-0 v1.0 REVISION HISTORY Revision Description of Changes Date V1.0 Initial publication August 9, 2012 3GPP2 S.R0149-0 v1.0 i Table of Contents 1 2 1 INTRODUCTION
19、AND SCOPE .1 3 2 INFORMATIVE REFERENCES 1 4 3 DEFINITIONS AND ABBREVIATIONS .2 5 3.1 Definitions 2 6 3.2 Abbreviations 4 7 4 GENERAL FEATURE DESCRIPTION .5 8 5 DETAILED REQUIREMENTS 5 9 5.1 General Requirements 5 10 5.2 Secure Environment Requirements .6 11 5.3 Device Requirements 6 12 5.4 Subscript
20、ion Manager Requirements.7 13 5.5 Network Requirements 7 14 5.6 Profile Requirements .7 15 5.7 Sytem Security Requirements .7 16 17 18 3GPP2 S.R0149-0 v1.0 ii 1 Foreword 2 3 This foreword is not part of this specification. 4 5 This document specifies the system requirements for Remote Subscription 6
21、 Management. 7 8 3GPP2 S.R0149-0 v1.0 1 Page 1 1 INTRODUCTION AND SCOPE 1 1.1 Scope 2 This document specifies the system requirements for Remote 3 Subscription Management. Such a system provides capability for a 4 service provider to remotely download and manage credentials and other 5 subscription
22、related data in cdma20001 devices. 6 1.2 Document Conventions 7 “Shall” and “shall not” identify requirements to be followed strictly to 8 conform to this document and from which no deviation is permitted. 9 “Should” and “should not” indicate that one of several possibilities is 10 recommended as pa
23、rticularly suitable, without mentioning or excluding 11 others, that a certain course of action is preferred but not necessarily 12 required, or that (in the negative form) a certain possibility or course of 13 action is discouraged but not prohibited. “May” and “need not” indicate a 14 course of ac
24、tion permissible within the limits of the document. “Can” and 15 “cannot” are used for statements of possibility and capability, whether 16 material, physical or causal. 17 18 2 INFORMATIVE REFERENCES 19 References are either specific (identified by date of publication, revision 20 identifier, and v
25、ersion number) or non-specific. For a specific reference, 21 subsequent revisions may not apply. For a non-specific reference, the 22 latest revision applies. 23 1 cdma2000 is the trademark for the technical nomenclature for certain specifications and standards of the Organizational Partners (OPs) o
26、f 3GPP2. Geographically (and as of the date of publication), cdma2000 is a registered trademark of the Telecommunications Industry Association (TIA-USA) in the United States. 3GPP2 S.R0149-0 v1.0 2 The document references which are applicable to this specification 1 include the following: 2 1 C.S001
27、6 “Over-the-Air Service Provisioning of Mobile Stations in 3 Spread Spectrum Systems” 4 2 C.S0040 “IP Based Over-the-Air Handset Configuration 5 Management (IOTA-HCM)” 6 3 C.S0078 “Secured Packet Structure for CDMA Card Application 7 Toolkit (CCAT) Applications” 8 4 C.S0079 “Remote APDU Structure fo
28、r CDMA Card Application 9 Toolkit (CCAT) Applications” 10 11 3 DEFINITIONS AND ABBREVIATIONS 12 The terms and abbreviations, which are used within this specification, 13 are defined as follows. 14 15 3.1 Definitions 16 Activate Profile: The process of selecting a Profile in a SecEnv for use by 17 th
29、e device. 18 Deactivate Profile: The process of de-selecting a Profile in a SecEnv 19 from use by the device. 20 Delete Profile: The process of purging a Profile from a SecEnv. 21 cdma2000 device: A cdma2000 end-point of a communication link that 22 requires connectivity from a mobile network. It co
30、ntains a Secure 23 Environment (SecEnv). In this document, the term device has the same 24 meaning as cdma2000 device. 25 Disable Profile: The process of marking a Profile in a SecEnv so that it is 26 not available to be activated. 27 Embedded UICC (eUICC): A UICC which hosts the NAAs and supports 2
31、8 remote management of the NAAs. Depending on the form factor, an 29 eUICC may not be easily accessible or replaceable from the device. 30 Enable Profile: The process of marking a Profile in a SecEnv so that it is 31 available to be activated. 32 3GPP2 S.R0149-0 v1.0 3 Page 3 Load Profile: The proce
32、ss of adding a Profile into a SecEnv. 1 Mobile Network Operator (MNO): An entity that authorizes and provides 2 communication services through a device using a mobile network, such 3 as the cdma2000 network. 4 Network Access Application (NAA): An application, issued by an MNO, 5 that runs within a S
33、ecEnv on a device that enables access to services 6 offered by the network. Examples of NAA include USIM, CSIM or ISIM. 7 Network Access Credentials: Data required to exist within a Profile so 8 that a device can authenticate to a mobile network. 9 Operational Profile: A Profile associated with an O
34、perational 10 Subscription. 11 Operational Subscription: Subscription, with its associated Profile, that 12 enables a device to access a mobile network for the purpose of accessing 13 connectivity and other related services from an MNO and optionally for 14 the management of Profiles. 15 Profile: A
35、Profile is a set of data and applications, which is used by the 16 device to obtain network services. 17 Provisioning Profile: A Profile used to enable a device to access a 18 controlled access network for the purpose of managing other Profile(s). 19 Provisioning Subscription: Subscription, with its
36、 associated Profile, 20 that enables a device to access a controlled access network for the 21 purpose of management of Profiles in the SecEnv. 22 Profile Management: Operations performed on a Profile. 23 Policy Control Function (PCF): Set of rules, often defined by the MNO 24 that controls the mana
37、gement of the SecEnv and the Profiles. 25 NOTE: This term is different from PCF used in the context of PCRF. 26 Profile Access Credentials: Data required to exist within a Profile so 27 that secured communication can be set up between an external entity 28 and the SecEnv in order to manage that Prof
38、iles structure and its data. 29 Provisioning: The process of loading a Profile into a SecEnv. 30 Secure Environment (SecEnv): A logical entity within a Device that 31 provides secure storage, access and execution environment that is 32 trusted by the MNO to host the NAAs. SecEnv contains network 33
39、3GPP2 S.R0149-0 v1.0 4 identification, access credentials and other information required for 1 accessing services provided by the Mobile Network Operator (MNO). 2 SecEnv Access Credentials: Data required to exist within a SecEnv so 3 that a secured communication can be set up between an external ent
40、ity 4 and the SecEnv in order to manage the Profiles on the SecEnv. 5 Subscriber: An entity who has a subscription with a mobile access 6 service provider, such as the MNO. 7 Subscription Manager (SM): A functional entity in the network that 8 manages the Profiles in the SecEnv. 9 Subscription: A co
41、mmercial relationship for the supply of services 10 between the Subscriber and the Service Provider. 11 User: A user is any person who is authorized to initiate subscription 12 related management operations on the device (e.g., load or delete Profiles). 13 14 3.2 Abbreviations 15 16 Term Definition
42、3GPP2 Third Generation Partnership Project 2 CSIM cdma2000 Subscriber Identity Module eUICC Embedded UICC ISIM IMS Subscriber Identity Module M2M Machine-to-Machine MEID Mobile Equipment Identifier MNO Mobile Network Operator NAA Network Access Application RSM SecEnv Remote Subscription Management S
43、ecure Environment SM Subscription Manager 17 3GPP2 S.R0149-0 v1.0 5 Page 5 1 4 GENERAL FEATURE DESCRIPTION 2 Many current and emerging devices in the market today incorporate 3 cellular radio access technologies such as cdma2000 1x or HRPD to 4 provide connectivity services through cellular networks
44、. These devices 5 are not limited to traditional handsets but also include consumer 6 electronics devices such as tablets, smart phones, eReaders, netbooks, 7 laptops, and Machine-to-Machine (M2M) devices. 8 The ability to remotely manage the cellular subscription information on 9 these devices, sim
45、plifying the existing provisioning procedures, has been 10 identified as a key enabler. 11 It is assumed that there is only one Subscription Manager managing the 12 Profiles on a SecEnv at any given time. 13 14 5 DETAILED REQUIREMENTS 15 The requirements for Remote Subscription Management system are
46、 16 listed in the following sections. 17 5.1 General Requirements 18 GEN-01: The RSM system shall support an SM to perform Profile 19 Management of a SecEnv. 20 GEN-02: The RSM system shall support loading of one or more Profiles into 21 a SecEnv from one or more issuers. 22 GEN-03: The RSM system s
47、hall support performing Profile Management 23 operation in the SecEnv using the connection provided by the 24 active Profile. 25 GEN-04: The RSM system shall support enforcing the access rights for a 26 SecEnv. 27 GEN-05: The RSM system shall support enforceing access rights of the 28 Profile issuer
48、 for the management of the Profile contents. 29 GEN-06: The RSM system shall support managing an active Profile content 30 using existing mechanisms (e.g., C.S0016 1, C.S0040 2, 31 C.S0078 3 and C.S0079 4). 32 3GPP2 S.R0149-0 v1.0 6 GEN-07: The RSM system shall support restricting the use of a Profi
49、le to a 1 certain device. 2 GEN-08: The RSM system shall support Profile Management operations 3 independent of the access network. 4 GEN-09: The RSM system shall support a mechanism that allows the 5 SecEnv Access Credentials and SM identity to be changed. 6 7 5.2 Secure Environment Requirements 8 SECENV-01: The SecEnv shall be identifiable by a globally unique identifier 9 (SecEnv ID). 10 SECENV-02: The SecEnv ID shall be unchangeable once assigne
