1、 ETSI TS 102 569 V7.0.0 (2007-07)Technical Specification Smart Cards;UICC Security Service Module (USSM);Stage 2(Release 7)ETSI ETSI TS 102 569 V7.0.0 (2007-07) 2 Release 7 Reference DTS/SCP-T0371 Keywords smart card, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.:
2、 +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made av
3、ailable in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on
4、 a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find
5、 errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction
6、in all media. European Telecommunications Standards Institute 2007. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3G
7、PPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 102 569 V7.0.0 (2007-07) 3 Release 7 Contents Intellectual Property Rights5 Foreword.5 1 Scope 6 2 References 6 3 Definitions and abbreviations.7 3.1 Definitions7 3.2 Abbrevia
8、tions .7 4 Introduction 7 5 Architecture9 5.1 Requesting a USSM-service.9 5.2 Storing Sensitive Data 9 5.3 Access Control .9 5.4 Authorization10 5.4.1 Precomputed DAP 10 5.4.2 DAP as a response to a challenge .11 6 Using the USSM.11 6.1 Requesting a Services-Object from the USSM 11 6.2 Services prov
9、ided by the USSM.12 7 USSM-services.13 7.1 Generic USSM-services .13 7.1.1 Information Service 13 7.1.2 Get challenge for authorization.13 7.1.3 Authorize 13 7.1.4 Verify a PIN14 7.1.5 Generic Encryption Service with a symmetric key.14 7.1.6 Generic Decryption Service with a symmetric key.14 7.1.7 G
10、eneric Signature Service with a symmetric key .15 7.1.8 Generic Verify Service with a symmetric key 15 7.1.9 Generic RSA-Encryption Service .15 7.1.10 Generic RSA-Decryption Service.16 7.1.11 Generic RSA-Signature Service .16 7.1.12 Generic RSA-Verification Service .17 7.1.13 Service to read a publi
11、c asymmetric key 17 7.2 Specific USSM-services.18 7.2.1 MAC-Generation 18 7.2.2 MAC-Verification.18 7.2.3 Encryption in CBC mode with no padding.18 7.2.4 Decryption in CBC mode with no padding.19 7.2.5 Encryption in CBC mode with padding19 7.2.6 Decryption in CBC mode with padding19 7.2.7 Generation
12、 of RSA-Signature.20 7.2.8 Verification of RSA-Signature .20 7.2.9 RSA-Encryption .20 7.2.10 RSA-Decryption .20 7.2.11 Generation of a HMAC-SHA1 signature21 7.2.12 Verification of a HMAC-SHA1 signature 21 7.3 Results 21 8 Administration of the USSM by the USSM-owner22 8.1 Administration of Sensitive
13、 Objects.22 8.2 Attaching a local PIN object to a Sensitive Object.22 ETSI ETSI TS 102 569 V7.0.0 (2007-07) 4 Release 7 Annex A (normative): USSM API 24 Annex B (normative): Table of Tags25 Annex C (informative): Change history .26 History 27 ETSI ETSI TS 102 569 V7.0.0 (2007-07) 5 Release 7 Intelle
14、ctual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights
15、 (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR
16、searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been pr
17、oduced by ETSI Technical Committee Smart Card Platform (SCP). The present document defines the stage 2 description for the USSM. The contents of the present document are subject to continuing work within EP SCP and may change following formal EP SCP approval. If EP SCP modifies the contents of the p
18、resent document, it will then be republished by ETSI with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 0 early working draft; 1 presented to EP SCP for information; 2 presented to EP SCP for approval; 3 or greater indicat
19、es EP SCP approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in the document. ETSI ETSI TS 102 569 V7.0.0 (
20、2007-07) 6 Release 7 1 Scope The present document describes the stage two specification of the USSM. The USSM is a generic Security Service Module on a UICC, which can be used by applications on the UICC. This document defines the architectural framework for using the USSM, the functional services f
21、or applications and how to manage the USSM on an UICC. The architecture is based on the concepts of Global Platform Card Specification 1 and the requirements as defined in TS 102 226 13. The concept of the USSM is flexible enough to allow additional security objects and operations to be added easily
22、 in later versions of the USSM. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication and/or edition number or version number) or non-specific. Fo
23、r a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. In the case of a reference to a EP SCP document, a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. Referen
24、ced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. 1 Global Platform Card Specification, V.2.2. 2 NIST, FIPS PUB 197: “Advanced Encryption Standard“. 3 RFC 2104: “Keyed Hashing for Message Authentication“. 4 ISO/IEC
25、9797-1:1999(E): “Information technology - Security techniques - Message Authentication Codes (MACs)“. 5 “PKCS #1 v2.1: RSA Cryptography Standard“, RSA Laboratories. 6 Void. 7 FIPS PUB 46-3: Data Encryption Standard (DES). 8 Sun Microsystems Java Card Specification: “Java Card 2.2.2 Application Progr
26、amming Interface“. 9 Sun Microsystems Java Card Specification: “Java Card 2.2.2 Runtime Environment (JCRE) Specification“. 10 Sun Microsystems Java Card Specification: “Java Card 2.2.2 Virtual Machine Specification“. NOTE: SUN Java Card Specifications can be downloaded at http:/ 11 ETSI TS 101 220:
27、“Smart Cards; ETSI numbering system for telecommunication application providers“. 12 ETSI TS 102 225: “Smart Cards; Secured packet structure for UICC based applications“. 13 ETSI TS 102 226: “Smart Cards; Remote APDU structure for UICC based applications“. 14 ETSI TS 102 266: “Smart Cards; USSM: UIC
28、C Security Service Module; Stage 1“. ETSI ETSI TS 102 569 V7.0.0 (2007-07) 7 Release 7 15 IETF RFC 3174 (2001): “US Secure Hash Algorithm 1 (SHA1)“. 16 IETF RFC 2104 (1997): “HMAC: Keyed-Hashing for Message Authentication“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the pres
29、ent document, the following terms and definitions apply: AES: Advanced Encryption Standard, standard cryptographic algorithm 2 Card issuer: entity that owns the card DES: Data Encryption Standard, standard cryptographic algorithm 7 HMAC: Keyed-Hash Message Authentication Code HMAC-SHA1: Keyed-Hashin
30、g for Message Authentication using SHA-1 as Hash function 16 OPEN: The central on-card administrator that owns the GlobalPlatform Registry 1 RSA: Algorithm for public key encryption 5 Sensitive Object: data object containing sensitive and/or protected information like keys, pins or certificates. Mos
31、t objects on the USSM are sensitive and have to be protected against unauthorized access. The term might also include objects which are not sensitive (e.g. some user certificates might be not sensitive), but are handled by the USSM in the same manner. SHA-1: Secure Hash standard as defined in 15 Sig
32、nature: an encrypted message digest of a document (for encryption asymmetric or symmetric keys can be used) Triple-DES-Key: 16 Byte or 24 Byte long key (to be used with triple DES algorithm 7) USSM owner: entity that controls the USSM and has the right to administer its objects. It can be the card i
33、ssuer, but also an application provider 3.2 Abbreviations For the purpose of the present document, the following abbreviations apply: 3DES Triple DES algorithm with 16 or 24 Byte long key CBC Cipher Block Chaining DAP Data Authorisation Pattern ECB Electronic Code Book OPEN On-Card administrator tha
34、t own the registry on a Global Platform Card OTA Over the Air USSM UICC Security Service Module 4 Introduction The USSM is a general security module on the UICC, which offers security services to applications on the UICC through an API with standardized functions. The main features of an USSM are: s
35、torage of sensitive data (e.g. keys), which can be used for security operations. access to services that make use of the sensitive data access control per service and per group of sensitive data ETSI ETSI TS 102 569 V7.0.0 (2007-07) 8 Release 7 functions to manage the USSM. The concept allows that s
36、everal applications (provided that their access rights are sufficient) use the same sensitive data of the USSM, e.g. a key can be shared among several applications. The concept of the USSM allows easy addition of new services. The USSM stores sensitive data in keysets. The following figure shows an
37、example of a UICC with two USSMs and three applications, which use keys of keysets in the USSMs, e.g. to communicate with various servers. Figure 1: Example of a UICC with two USSMs and some sample Sensitive Objects The USSM is an application which offers services to other applications on the UICC.
38、A requested service is usually a pair of an operation and a sensitive data object An example could be: “decrypt some data with a key“ Not all operations are allowed for a sensitive data object. Restricted access to services is realized by the use of authentication patterns, which are provided by app
39、lication which requests restricted services. Furthermore the use of a sensitive data object is limited by its KEY_USAGE attribute. Administration of the USSM is done by the external entities through APDU commands. The definition of the APDUs is out of scope of the present document. ETSI ETSI TS 102
40、569 V7.0.0 (2007-07) 9 Release 7 5 Architecture An UICC embedding a USSM shall support the Global Services Applications mechanism as defined in the Global Platform Card Specification 1. The USSM is a Service Application in the sense of Global Platform which offers services to other applications on t
41、he UICC. The USSM shall be registered to the OPEN during installation with the Global Platform Privilege: “Global Service“ and the service parameter A000. 5.1 Requesting a USSM-service Applications requesting a service of a USSM shall request this service through the OPEN. The OPEN will return a Glo
42、bal Platform Service Interface of the USSM. The requesting application can then invoke the Service Interface of the USSM and use it. The requesting application shall provide the following information before a service can be used: a USSM_Service_ID; a Keyset-ID; a DAP (if applicable). At least the US
43、SM_Service_ID and the Keyset_ID shall be provided when the Service Interface is requested, the authorization by the DAP may be performed later, before the Service Interface is used. 5.2 Storing Sensitive Data The USSM supports the following Sensitive Objects: DES-keys; Triple-DES-keys; AES-keys; RSA
44、-keys. Sensitive Objects of the USSM are stored in keysets in the sense of Global Platform Card Specification 1. A place to store a Sensitive Object is defined by a Keyset-ID and a Key-ID. Sensitive Objects are owned and managed by the USSM. The following ranges of Keyset-IDs are defined: Table 1: R
45、ange of Keyset-IDs Keyset-ID Range Purpose 01 1F USSM administration 20 5F Application usage 60 77 RFU 78 7F Proprietary usage Keys contained in a Keyset reserved for USSM administration cannot be requested for application usage and keys contained in a Keyset reserved for application usage can not b
46、e requested for USSM administration. 5.3 Access Control Access Control occurs at two places: Before accessing a Sensitive Object: If the requested service for the given Keyset needs authorization, the requesting application has to provide an ETSI ETSI TS 102 569 V7.0.0 (2007-07) 10Release 7 authenti
47、cation pattern (DAP), which is checked by the USSM. The DAP gives authorization for the triple (application, service, keyset). When accessing a Sensitive Object: When the requesting application invokes an operation of the Service interface, no further DAP is provided. All Sensitive Objects of the re
48、quested Keyset (except keys with Key-ID 01) can be accessed through the methods offered by the SIO. However if a sensitive object in the keyset has a KEY_USAGE and/or KEY_TYPE attribute attached, only operations limited by the KEY_USAGE and KEY_TYPE are possible. For example, a signing key can not b
49、e used for a general encryption. If KEY_USAGE or KEY_TYPE do not allow the operation, an exception shall be thrown. Furthermore, if a PIN-object is attached to the Sensitive Object, the USSM shall check that the PIN is verified by the requesting application. 5.4 Authorization Authorization for a service and a given Keyset is needed if a key with Key-ID 01 exists in the Keyset. If there is no key with Key-ID 01