1、- EUROPEAN 1 ELECOMMUNICATION STANDARD ETS 300 922 April 1999 Second Edition Source: SMG Reference: RE/SMG-O90217QRI ICs: 33.020 Key words: Digital cellular telecommunications system, Global System for Mobile communications (GSM) GLOBAL SYSTEM FOR MOBILE CO1LIMUNICATlOXS Digital cellular telecommuni
2、cations system (Phase 2+); Subscriber Identity Modules (SIM); Functional character ist ics (GSM 02.17 version 5.1 .I Release 1996) ETSI European Telecommunications Standards Institute ETSI Secretariat Postal address: F-O6921 Sophia Antipolis CEDEX - FRANCE Office address: 650 Route des Lucioles - So
3、phia Antipolis - Valbonne - FRANCE Internet: secretariat Qetsi.fr - htp:/www.etsi.org Tel.: +33 4 92 94 42 O0 - Fax: +33 4 93 65 47 16 Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in a
4、ll media. O European Telecommunications Standards Institute 1999. All rights reserved. STD.ETSI ETS 300 922-ENGL 1999 3400855 0387448 793 Page 2 ETS 300 922 (GSM 02.17 version 5.1.1): April 1999 Whilst every care has been taken in the preparation and publication of this document, errors in content,
5、typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to “ETSI Standards Making Support Dept.“ at the address shown on the title page. STD.ETSI ETS 300 922-ENGL 1999 I 3400855 0387449 b2T Page 3 ETS 300 922 (GSM 02.17 version 5.1 . 1). April 1999 Contents
6、Intellectual Property Rights 5 Foreword . 5 Scope 7 Normative references 7 Definitions and abbreviations 8 3.1 Definitions 8 3.2 Abbreviations . 8 General 9 4.1.2 Plug-in SIM 10 Phases of operation . 10 Administrative management phase . 10 GSM network operation phase 10 Security features . 10 5.1 SI
7、M interface 10 5.2 SIM data . 11 5.3 Algorithms and subscriber authentication key . 11 5.4 Administrative management phase . 11 5.5 Subscriber data stored in ME . 11 5.6 CHV management . 11 5.7 SIM removal . 12 4.1 Characteristics . 9 4.1.1 ID-1 SIM 9 4.2 4.2.1 4.2.2 SIM information storage requirem
8、ents 12 6.1 Mandatory storage . 12 6.2 Optional storage . 13 Mobile Equipment accepting both ID-1 and Plug-in SIMS . 13 Annex A (informative): Change history . 14 History 15 STDmETSI ETS 300 722-ENGL L777 3400855 0387450 341 - Page 5 ETS 300 922 (GSM 02.17 version 5.1 .l): April 1999 intellectual Pr
9、operty Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non- members, and can be found in SR O00 314: “inteilectual Propem Rights (IPRs); Essen
10、tial, orpotential General description of a GSM Public Land Mobile Network (PLMN)“. GSM 01.04: “Digital cellular telecommunications system (Phase 2+); Abbreviations and acronyms“. GSM 02.03: “Digital cellular telecommunications system (Phase 2+); Teleservices supported by a GSM Public Land Mobile Net
11、work (PLMN)“. GSM 02.07: “Digital cellular telecommunications system (Phase 2+); Mobile Station (MS) features“. GSM 02.09: “Digital cellular telecommunications system (Phase 2+); Security aspects“. GSM 02.1 1 : “Digital cellular telecommunications system (Phase 2+); Service accessibility“. not used.
12、 GSM 02.30: “Digital cellular telecommunications system (Phase 2+); Man- Machine Interface (MMI) of the Mobile Station (MS)“. GSM 03.20: “Digital cellular telecommunications system (Phase 2+); Security related network functions“. not used. not used. Previous page is blank STD-ETSI ETS 300 922-ENGL 1
13、999 3400855 0387452 LL4 m Page 8 ETS 300 922 (GSM 02.17 version 5.1.1): April 1999 I 31 I 51 i 71 GSM 11 .I 1 : “Digital cellular telecommunications system (Phase 2+); Specification of the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface“. ISO/IEC 781 6-1, 1987: “Identification car
14、ds - Integrated circuit(s) cards with contacts, Part 1 : Physical characteristics“. ISO/IEC 781 6-2, 1988: “Identification cards - Integrated circuit(s) cards with contacts, Part 2: Dimensions and locations of the contacts“. CCITT Recommendation E. 1 18, (1 988): “Automated international telephone c
15、redit card system“. GSM 11 .I2 (ETC 600 641): “Digital cellular telecommunication system (Phase 2); Specification of the 3 Volt Subscriber Identity Module - Mobile Equipment (SIM - ME) interface“. GSM 11.14: “Digital cellular telecommunication system (Phase 2+); Specification of the SIM Application
16、Toolkit for the Subscriber Identity Module - Mobile Equipment (SIM - ME) interface“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following definitions apply. For further information and abbreviations refer to GSM O1 .O2 I and GSM O1 .O4 2. cipher Key
17、: A key used in conjunction with an algorithm (A5) to cipher user and signalling data (see GSM 03.20 9). GSM application: A set of security mechanisms, files, data and protocols required by GSM. IC card SIM: Obsolete term for ID-1 SIM. ID-1 SIM: The SIM having the format of an ID-1 card (see ISO/IEC
18、 7816-1 13). plug-in SIM: A second format of SIM (specified in clause 4). 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: A3 A5 A8 ADN BCCH CCITT CHV FDN HPLMN IC IEC IMSI Kc Ki Algorithm 3, authentication algorithm; used for authenticating the subscrib
19、er Algorithm 5, cipher; used for enciphering/deciphering data Algorithm 8, cipher key generator; used to generate Kc Abbreviated Dialling Number Broadcast Control CHannel The International Telegraph and Telephone Consultative Committee (now also known as ITU Telecommunications Standardization sector
20、) Card Holder Verification information; access condition used by the SIM for the verification of the identity of the user. The GSM SIM contains two CHVs: CHV1 is the primary access control mechanism, and CHV2 allowing a different level of access. Fixed Dialling Number Home PLMN Integrated Circuit In
21、ternational Electrotechnical Commission International Mobile Subscriber Identity cryptographic key; used by the cipher, A5 subscriber authentication key; the cryptographic key used by the authentication algorithm, A3, and cipher key generator, A8 STD.ETS1 ETS 300 922-ENGL 1979 3400855 0387453 050 Pa
22、ge 9 ETS 300 922 (GSM 02.17 version 5.1.1): April 1999 LAI LN D ME MMI MS MSISDN PLMN SIM SMS ssc TMSI Unblock CHV1/2 Location Area Information; information indicating a cell or a set of cells Last Number Dialled Mobile Equipment Man Machine Interface Mobile Station Mobile Station international ISDN
23、 number Public Land Mobile Network Subscriber Identity Module Short Message Service Supplementary Service Control string Temporary Mobile Subscriber Identity value to unblock CHVI/CHV2 4 General A GSM MS comprises an ME and a SIM. The SIM is a removable module. The SIM contains the International Mob
24、ile Subscriber Identity (IMSI) which unambiguously identifies a subscriber. Without a valid IMSI, GSM service is not accessible (except emergency calls, as defined in GSM 02.03 3). The user interface (MMI) of the ME related to SIM operations is defined in GSM 02.30 8. GSM 02.09 5 specifies a securit
25、y function for authenticating the SIM. This function, which is mandatory for any MS, is based on a cryptographic algorithm, A3, and a secret subscriber authentication key, Ki, both of which are located in the SIM. The SIM provides storage of subscriber related information. This data is of three type
26、s: - - - The SIM contains Card Holder Verification information (CHVI - see clause 5) to provide protection against unauthorized use. For some optional features, the use of a second CHV (CHV2) is required. CHV(s) shall be stored and verified within the SIM. data fixed during administrative phase; e.g
27、. IMSI, subscriber authentication key, access control class: temporary network data; e.g. TMSI, LAI, Kc, Forbidden PLMNs; service related data; e.g. Language Preference, Advice of Charge. The SIM may also contain applications which use the features defined in the SIM Application Toolkit specificatio
28、n GSM 1 1 .I4 17 4.1 Characteristics Two physical types of SIM are specified. These are the “ID-1 SIM“ and the “Plug-in SIM“. The physical characteristics of both types of SIM are defined in GSM 11.1 1 12. The logical and electrical interface of the SIM is defined in GSM 11.11 I21 and GSM 11.12 1161
29、 and is identical for both types of SIM. The information on the exterior of either SIM should include at least the individual account identifier and the check digit of the IC Card Identification (see CCIlT Recommendation E.118 15). 4.1.1 ID-1 SIM Format and layout of the ID-1 SIM shall be in accorda
30、nce with IS0 7816-1,2 13, 141. The card shall have a polarization mark, as defined in GSM 02.07 4, which indicates how the user should insert the card into the ME. SIMS may be embossed (see GSM 11 .I 1 12). STD.ETSI ETS 300 722-ENGL 1qqq = 3400855 0387454 T97 = Page 1 O ETC 300 922 (GSM 02.17 versio
31、n 5.1 .l): April 1999 4.1.2 Plug-in SIM The Plug-in SIM is smaller than the ID-1 SIM and has dimensions as defined in GSM 11.11 12. It is intended to be semi-permanently installed in the ME. 4.2 Phases of operation 4.2.1 Administrative management phase GSM administrative management phase may be ente
32、red at any time, to bring in or change data not accessible by the subscriber in GSM operational phase. Only by specific administrative authentication mechanisms and commands can the administrative phase be entered and administrative functions be performed. The specification of administrative operati
33、ons and the parties responsible for them are outside the scope of the present document. The different types of administrative phases which may occur during the lifetime of a SIM are: - production; - (pre)(re)personalization; - distribution. Following production a SIM contains at least the authentica
34、tion algorithm and the operating system necessary for (pre)personalization. Prepersonalization, personalization and repersonalization are processes during which subscription data, e.g. IMSI, and subscriber data are entered into or updated in the SIM. The split between these processes and adoption of
35、 appropriate security measures is dependent upon the chosen administrative management structure. For example, the following parties may have responsibilities during the administrative phase as follows: - SIM manufacturer: card production. - SIM issuer: SIM configuration. - - These parties may be sep
36、arate organizations or combined, and the activities merged; e.g. SIM issue, Service Activation and Delivery may all be the responsibility of a network operator. 4.2.2 GSM network operation phase Once a SIM has been personalized with all data required for GSM network operation, the GSM network operat
37、ion phase is entered. 5 Security features The security aspects of GSM are defined in GSM 02.09 5 and GSM 03.20 9. This clause defines the security attributes to be supported by the SIM which are: - authentication algorithm (A3); - subscriber authentication key (Ki); - - cipher key (Kc); - Service ac
38、tivator: activating the SIM on the GSM network. Delivery party: programming of subscriber data and distribution of card to subscriber. cipher key generation algorithm (A8); control of access to data stored, and functions performed, in the SIM An algorithm A38 may perform the combined functions of A3
39、 and A8. 5.1 SIM interface Other commands than those specified in GSM 11.11 12 and GSM 11.14 17 are only allowed to be executed if they do not interfere with the correct functioning of the GSM application. The execution of STD.ETS1 ETS 300 922-ENGL L999 m 3400855 0387455 923 Page 11 ETS 300 922 (GSM
40、 02.17 version 5.1.1): April 1999 GSM commands as specified in GSM 11.1 1 I21 shall always take precedence over any SIM Application Toolkit commands as specified in GSM 1 I .I4 1171. If the GSM application is one of several applications on a multi-application IC card, then the other applications sha
41、ll have no means of unauthorized access to the GSM application. 5.2 SIM data Actions, e.g. read, update, on SIM data shall be controlled by access conditions, which shall be satisfied before the action can be performed. The access conditions and the data to which they apply are defined in GSM 11.11
42、12. 5.3 All reasonable steps shall be taken to ensure that the algorithms (A3 and A8) and subscriber authentication key (Ki) cannot be read, altered, manipulated or bypassed in such a way as to reveal secret information. Algorithms and subscriber authentication key All MS processes which require the
43、 use of the subscriber authentication key shall be performed internally by the SIM. 5.4 Administrative management phase This TS does not define the security requirements of the administrative phase but precautions shall be taken to protect the integrity of subscriber related secret information. 5.5
44、Subscriber data stored in ME Subject to the exception below, all subscriber related information transferred into the ME during GSM network operations shall be deleted from the ME after removal of the SIM, deactivation of the MS, or following an electrical reset of the SIM. This includes any data tha
45、t was transferred to the ME by SIM Application Toolkit commands. Subscriber related security codes (e.9. CHV and Unblock CHV) may be kept in the ME during the execution of the appropriate SIMNE interface procedure (e.g. verifying or changing a CHV). They shall be deleted from the ME immediately afte
46、r completion of the procedure. Optionally, an ME may retain some less security critical data at SIM removal or MS switch-off. Such data are SMS, ADN/SSC, FDN/SSC, LND etc. These data, when stored in the ME, shall only be readable/retrievable if the same SIM is reactivated (as determined by the IMSI)
47、. If the IMSI is retained in the ME for this purpose it shall be stored securely and shall not be able to be read out. Storage for other data such as ADN/SSC, SMS etc., storage may also exist in the ME. These data stored in the ME, which have not been transferred from a SIM during a card session, ar
48、e not subject to the above security restriction. 5.6 CHV management The GSM SIM shall support the use of Card Holder Verifications (CHV) to authenticate the user to the card e.g. to provide protection against the use of stolen cards. For the SIM the CHV information takes the form of a numeric CHV of
49、 4 to 8 decimal digits. An initial CHV is loaded during the administrative management phase. A CHV disabling function may exist. This function may be inhibited at card issue. In this case the subscriber shall always use the CHV. Otherwise the subscriber may decide whether or not to make use of the CHV function. If disabled, the CHV remains disabled until the subscriber specifically re-enables CHV checking. Depending on the requirements of the SIM issuer, and subject to the features incorporated in the SIM, e.g. FDN, a second Subscriber CHV (CHV2) may
