1、 ETSI TS 102 226 V13.0.0 (2016-05) Smart Cards; Remote APDU structure for UICC based applications (Release 13) TECHNICAL SPECIFICATION ETSI ETSI TS 102 226 V13.0.0 (2016-05)2Release 13Reference RTS/SCP-T02850vd00 Keywords protocol, smart card ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cede
2、x - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document ma
3、y be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in p
4、rint, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of
5、 this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be rep
6、roduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restrict
7、ion extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its
8、 Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 226 V13.0.0 (2016-05)3Release 13Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g31 Scope 6g32 References 6g32.1 Normat
9、ive references . 6g32.2 Informative references 8g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 8g34 Overview of remote management 9g35 Remote APDU format 10g35.1 Compact Remote Application data format . 10g35.1.1 Compact Remote command structure . 10g35.1.2 Compact Rem
10、ote response structure . 11g35.2 Expanded Remote Application data format 11g35.2.1 Expanded Remote command structure . 11g35.2.1.0 Structure overview 11g35.2.1.1 C-APDU TLV . 12g35.2.1.2 Immediate Action TLV . 12g35.2.1.3 Error Action TLV 13g35.2.1.4 Script Chaining TLV . 14g35.2.2 Expanded Remote r
11、esponse structure . 14g35.3 Automatic application data format detection 17g36 Security parameters assigned to applications . 18g36.1 Minimum Security Level (MSL) 18g36.2 Access domain 18g37 Remote File Management (RFM) 18g37.0 RFM basic principles 18g37.1 Commands 19g37.2 UICC Shared File System Rem
12、ote File Management 19g37.3 ADF Remote File Management 20g37.4 RFM implementation over HTTPS 20g38 Remote Application Management (RAM) . 20g38.0 RAM basic principles . 20g38.1 Remote application management application behaviour 21g38.2 Command coding and description 21g38.2.0 Basic rules . 21g38.2.1
13、 Commands 21g38.2.1.0 Application management commands overview. 21g38.2.1.1 DELETE . 22g38.2.1.2 SET STATUS . 22g38.2.1.3 INSTALL 22g38.2.1.3.0 Basic requirements for INSTALL command . 22g38.2.1.3.1 INSTALL for load 22g38.2.1.3.2 INSTALL for install . 22g38.2.1.4 LOAD . 30g38.2.1.5 PUT KEY 30g38.2.1
14、.5.0 Generic rules for PUT KEY command 30g38.2.1.5.1 PUT KEY for AES 31g38.2.1.5.2 PUT KEY for triple DES . 31g38.2.1.6 GET STATUS . 31g3ETSI ETSI TS 102 226 V13.0.0 (2016-05)4Release 138.2.1.6.0 Basic rules . 31g38.2.1.6.1 Menu parameters . 32g38.2.1.7 GET DATA. 32g38.2.1.7.0 Basic rules . 32g38.2.
15、1.7.1 Void . 33g38.2.1.7.2 Extended Card resources information . 33g38.2.1.8 STORE DATA 33g38.3 RAM implementation over HTTPS 34g39 Additional command for push 34g39.0 Introduction 34g39.1 Push command behaviour 34g39.1.1 Request for open channel 34g39.1.2 Request for CAT_TP link establishment 34g39
16、.1.3 Behaviour for responses 34g39.1.4 Request for TCP connection . 34g39.1.5 Request for Identification Packet 34g39.2 Commands coding 35g39.2.0 Coding 35g39.2.1 Data for BIP channel opening . 35g39.2.2 Data for CAT_TP link establishment 36g39.2.3 Data for TCP connection opening . 36g39.2.4 Data fo
17、r sending of Identification Packet . 37g39.3 Closing of the BIP channel . 37g310 Confidential application management 37g310.0 Overview and basic requirements. 37g310.1 Confidential loading . 38g310.2 Additional application provider security 38g310.3 Confidential setup of Security Domains . 39g310.4
18、Application personalisation in an APSD 39g3Annex A (normative): BER-TLV tags 40g3Annex B (informative): RFM over HTTP Communication Flow 41g3Annex C (informative): Bibliography . 43g3Annex D (informative): Change history . 44g3History 47g3ETSI ETSI TS 102 226 V13.0.0 (2016-05)5Release 13Intellectual
19、 Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPR
20、s); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been
21、carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Tech
22、nical Committee Smart Card Platform (SCP). It is based on work originally done in the 3GPP in TSG-terminals WG3 and ETSI SMG. The contents of the present document are subject to continuing work within TC SCP and may change following formal TC SCP approval. If TC SCP modifies the contents of the pres
23、ent document, it will then be republished by ETSI with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x: the first digit: 0 early working draft; 1 presented to TC SCP for information; 2 presented to TC SCP for approval; 3 or greater indicates
24、 TC SCP approved document under change control. y: the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z: the third digit is incremented when editorial only changes have been incorporated in the document. Modal verbs terminology In th
25、e present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ and “must not“ are NOT allowed in ETSI delive
26、rables except when used in direct citation. ETSI ETSI TS 102 226 V13.0.0 (2016-05)6Release 131 Scope The present document defines the remote management of the UICC based on any of the secured packet structures specified in ETSI TS 102 225 1. It specifies the APDU format for remote management. Furthe
27、rmore the present document specifies: a set of commands coded according to this APDU structure and used in the remote file management on the UICC. This is based on ETSI TS 102 221 2. A set of commands coded according to this APDU structure and used in the remote application management on the UICC. T
28、his is based on the GlobalPlatform Card Specifications. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific referenc
29、es, the latest version of the reference document (including any amendments) applies. In the case of a reference to a TC SCP document, a non specific reference implicitly refers to the latest version of that document in the same Release as the present document. Referenced documents which are not foun
30、d to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the ap
31、plication of the present document. 1 ETSI TS 102 225: “Smart Cards; Secured packet structure for UICC based applications“. 2 ETSI TS 102 221: “Smart Cards; UICC-Terminal interface; Physical and logical characteristics“. 3 ETSI TS 102 223: “Smart Cards; Card Application Toolkit (CAT)“. 4 GlobalPlatfo
32、rm: “GlobalPlatform Card Specification Version 2.3“. NOTE: See http:/www.globalplatform.org/. 5 ETSI TS 101 220: “Smart Cards; ETSI numbering system for telecommunication application providers“. 6 ETSI TS 102 241: “Smart Cards; UICC Application Programming Interface (UICC API) for Java Card (TM)“. 7
33、 Void. 8 Void. 9 ETSI TS 102 222: “Integrated Circuit Cards (ICC); Administrative commands for telecommunications applications“. 10 ETSI TS 123 048: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Security mechanisms for the (U)SIM applicati
34、on toolkit; Stage 2 (3GPP TS 23.048 Release 5)“. 11 ETSI TS 102 127: “Smart Cards; Transport protocol for CAT applications; Stage 2“. ETSI ETSI TS 102 226 V13.0.0 (2016-05)7Release 1312 ETSI TS 143 019: “Digital cellular telecommunications system (Phase 2+); Subscriber Identity Module Application Pr
35、ogramming Interface (SIM API) for Java Card; Stage 2 (3GPP TS 43.019 Release 5)“. 13 FIPS-197 (2001): “Advanced Encryption Standard (AES)“. NOTE: See http:/csrc.nist.gov/publications/fips/index.html. 14 NIST Special Publication 800-38A (2001): “Recommendation for Block Cipher Modes of Operation - Me
36、thods and Techniques“. NOTE: See http:/csrc.nist.gov/publications/nistpubs/. 15 NIST Special Publication 800-38B (2001): “Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication“. NOTE: See http:/csrc.nist.gov/publications/nistpubs/. 16 GlobalPlatform: “Card UICC Configu
37、ration“, Version 1.0.1. NOTE: See http:/www.globalplatform.org/. 17 ETSI TS 102 588: “Smart Cards; Application invocation Application Programming Interface (API) by a UICC webserver for Java Card platform“. 18 GlobalPlatform: “ GlobalPlatform Card, Confidential Card Content Management Card Specifica
38、tion v2.3 - Amendment A“, Version 1.1. NOTE: See http:/www.globalplatform.org/. 19 GlobalPlatform: “GlobalPlatform Card, Remote Application Management over HTTP, Card Specification v2.2, Amendment B“ Version 1.1.3. NOTE: See http:/www.globalplatform.org/. 20 ETSI TS 102 483: “Smart cards; UICC-Termi
39、nal interface; Internet Protocol connectivity between UICC and terminal“. 21 ISO/IEC 8825-1: “Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)“. 22 GlobalPlatform: “Card Specification Ver
40、sion 2.2, Amendment C: Contactless Services“ Version 1.2. NOTE: See http:/www.globalplatform.org/. 23 ETSI TS 102 622: “Smart Card; UICC - Contactless Front-end (CLF) Interface; Host Controller Interface (HCI)“. 24 GlobalPlatform: “Security Upgrade for Card Content Management - GlobalPlatform Card S
41、pecification v2.2 - Amendment E“, Version 1.0.1. NOTE: See http:/www.globalplatform.org/. 25 GlobalPlatform: “Java Card API and Export File for Card Specification v2.2.1 (org.globalplatform) Version 1.6“. NOTE: See http:/www.globalplatform.org/. 26 GlobalPlatform: “Card Specification Version 2.2 - A
42、mendment D: Secure Channel Protocol 03“ Version 1.1.1. NOTE: See http:/www.globalplatform.org/. ETSI ETSI TS 102 226 V13.0.0 (2016-05)8Release 1327 GlobalPlatform: “GlobalPlatform Card, Common Implementation Configuration“, Version 2.0. NOTE: See http:/www.globalplatform.org/. 2.2 Informative refere
43、nces References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including any amendments) applies. In t
44、he case of a reference to a TC SCP document, a non specific reference implicitly refers to the latest version of that document in the same Release as the present document. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term
45、validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. Not applicable. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and defini
46、tions given in ETSI TS 102 225 1 and ETSI TS 101 220 5 and the following apply. Controlling Authority Security Domain (CASD): on-card controlling entity representing an off card trusted third party NOTE: It provides services to confidentially load or generate Secure Channel keys of the APSD. 3.2 Abb
47、reviations For the purposes of the present document, the abbreviations given in ETSI TS 102 225 1 and the following apply: ACK ACKnowledge ADD Access Domain Data ADF Application Data File ADP Access Domain Parameter AES Advanced Encryption Standard AID Application IDentifier AM Authorized Management
48、AP Application Provider APDU Application Protocol Data Unit API Application Programming Interface APSD Application Provider Security Domain BER-TLV Basic Encoding Rules - Tag, Length, Value BIP Bearer Independent Protocol C-APDU Command Application Protocol Data Unit CASD Controlling Authority Secur
49、ity Domain CBC Cell Broadcast Centre CL ContactLess CLA Class CMAC Cipher-based Message Authentication Code DAP Data Authentication Pattern DEK Data Encryption Key DES Data Encryption Standard DF Directory FileDM Delegated Management ECB Electronic Code Book ETSI ETSI TS 102 226 V13.0.0 (2016-05)9Release 13ECKA Elliptic Curve Key Agreement algorithm ECKA-EG ElGamal ECKA EF Elementary FileHTTP HyperText Transfer Protocol HTTPS HyperText Transfer Protocol Secure ICCID Integrated Circuit Car
