1、 ETSI TS 103 383 V13.2.0 (2016-05) Smart Cards; Embedded UICC; Requirements Specification (Release 13) TECHNICAL SPECIFICATION ETSI ETSI TS 103 383 V13.2.0 (2016-05)2Release 13Reference RTS/SCP-REUICCVD20 Keywords embedded, Smart Card ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRAN
2、CE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The present document may be mad
3、e available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, th
4、e only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this an
5、d other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced
6、or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction exte
7、nd to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members
8、 and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 103 383 V13.2.0 (2016-05)3Release 13Contents Intellectual Property Rights 5g3Foreword . 5g3Modal verbs terminology 5g3Introduction 5g31 Scope 6g32 References 6g32.
9、1 Normative references . 6g32.2 Informative references 6g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.1a Void 8g33.2 Abbreviations . 8g34 Abstract (informative) 9g35 Background (informative) 9g35.1 Overview of the use cases 9g35.2 Use Case 1 - Provisioning of multiple eUICCs for M2M 10
10、g35.2.1 Overview 10g35.2.2 Use case 1 - example a) - Utility Meters . 10g35.2.3 Use case 1 - example b) - Security Camera 10g35.2.4 Use case 1 - example c) - Telematics 10g35.3 Use case 2 - Provisioning of an eUICC for a first subscription with a new connected device . 11g35.3.1 Overview 11g35.3.2 U
11、se case 2 - example a) - Provisioning of a new device . 11g35.3.3 Use case 2 - example b) - Provisioning of multiple new devices for an enterprise. 11g35.4 Use case 3 - Change of subscription for a device . 11g35.4.1 Overview 11g35.4.2 Use case 3 - example a) - Change of subscription by consumer . 1
12、1g35.4.3 Use case 3 - example b) - Change of subscriptions for devices for enterprise workforce 12g35.5 Use Case 4 - Change of SM-SR . 12g35.6 Use Case 5 - Terminal state and capabilities reporting 12g35.7 Use Case 6 - Profile Update . 12g35.8 Use Case 7 - Provisioning of devices with only IP connec
13、tivity 12g35.9 Use Case 8 - Provisioning a device in markets with multiple roots of trust (CAs) 13g36 Requirements 13g36.1 General . 13g36.2 Profile, Application and File Structure . 13g36.3 Procedural. 14g36.4 Security 15g36.5 Profile Interoperability and Interactions . 17g36.6 Void 17g36.7 Void 17
14、g36.8 Void 17g3Annex A (informative): Void . 18g3Annex B (informative): States (see also annex D) 19g3B.0 Foreword 19g3B.1 States of eUICC 19g3B.2 States of Profiles . 19g3B.3 States of Applications in Profiles . 19g3ETSI ETSI TS 103 383 V13.2.0 (2016-05)4Release 13Annex C (informative): Logical asp
15、ects of eUICC Architecture and associated Security Credentials 20g3Annex D (informative): Profiles and NAA (Network Access Application) States 21g3Annex E (informative): Profile Aspects 22g3E.0 Foreword 22g3E.1 Profile Content . 22g3E.2 Profile Related Principles . 22g3Annex F (informative): Change
16、history . 24g3Annex G (informative): Bibliography . 26g3History 27g3ETSI ETSI TS 103 383 V13.2.0 (2016-05)5Release 13Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any
17、, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on
18、 the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or ma
19、y be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Smart Card Platform (SCP). The contents of the present document are subject to continuing work within TC SCP and may change following formal TC SCP approva
20、l. If TC SCP modifies the contents of the present document, it will then be republished by ETSI with an identifying change of release date and an increase in version number as follows: Version x.y.z where: x the first digit: 0 early working draft; 1 presented to TC SCP for information; 2 presented t
21、o TC SCP for approval; 3 or greater indicates TC SCP approved document under change control. y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections, updates, etc. z the third digit is incremented when editorial only changes have been incorporated in
22、the document. Modal verbs terminology In the present document “shall“, “shall not“, “should“, “should not“, “may“, “need not“, “will“, “will not“, “can“ and “cannot“ are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions). “must“ an
23、d “must not“ are NOT allowed in ETSI deliverables except when used in direct citation. Introduction Work on Machine-to-Machine (M2M) applications has given rise to the possibility of having a UICC that is embedded in a communication device in such a way that the UICC is not easily accessible or repl
24、aceable. The ability to change network subscriptions on such devices becomes problematic, thus necessitating new methods for securely and remotely provisioning access credentials on these Embedded UICCs (eUICC) and managing subscription changes from one MNO to another. ETSI ETSI TS 103 383 V13.2.0 (
25、2016-05)6Release 131 Scope The present document defines the use cases and requirements for an embedded UICC. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only
26、 the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. In the case of a reference to a TC SCP document, a non-specific reference implicitly refers to the latest version of that document in the same Release as the pre
27、sent document. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The f
28、ollowing referenced documents are necessary for the application of the present document. 1 ETSI TS 102 221: “Smart Cards; UICC-Terminal interface; Physical and logical characteristics“. 2 ETSI TS 102 671: “Smart Cards; Machine to Machine UICC; Physical and logical characteristics“. 3 Void. 4 ETSI TS
29、 102 241: “Smart Cards; UICC Application Programming Interface (UICC API) for Java Card (TM)“. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applie
30、s. For non-specific references, the latest version of the referenced document (including any amendments) applies. In the case of a reference to a TC SCP document, a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document. NOTE: Whil
31、e any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 Reco
32、mmendation ITU-T E.212: “The international identification plan for public networks and subscriptions“. i.2 ETSI TR 102 216: “Smart cards; Vocabulary for Smart Card Platform specifications“. i.3 ETSI TS 123 682: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunicatio
33、ns System (UMTS); LTE; Architecture enhancements to facilitate communications with packet data networks and applications (3GPP TS 23.682)“. ETSI ETSI TS 103 383 V13.2.0 (2016-05)7Release 133 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the terms and definit
34、ions given in ETSI TR 102 216 i.2 and the following apply: Attribute (of a Profile): indication that a Profile delivers some specific functions; the knowledge of attributes offered by Profiles could be used by any authorized entity accessing the eUICC (terminal, server, etc.) to determine a particul
35、ar behaviour Embedded UICC: UICC which is not easily accessible or replaceable, is not intended to be removed or replaced in the terminal, and enables the secure changing of subscriptions Enabled Profile: Profile, the files and/or applications (e.g. NAA) of which are selectable over the UICC-Termina
36、l interface eUICC Management Credentials: credentials used to verify the authorization for the establishment of Profile Management Credentials and Profile Provisioning Credentials eUICC Supplier: supplier of the eUICC modules and resident software (such as firmware and operating system) Local Profil
37、e Management Credentials: data required to exist within an eUICC so that a secured communication can be set up between a terminal and the eUICC in order for the user to perform Local Profile Management Operations on the Profiles on the eUICC Local Profile Management Operation: local Profile enabling
38、, local Profile disabling or local Profile deletion Mobile Network Operator: entity providing communication services to its customers through mobile networks Network Access Credentials: data required to authenticate to an Recommendation ITU E.212 i.1 Network NOTE: Network Access Credentials may incl
39、ude data such as Ki/K, and IMSI stored within a NAA. Operational Attribute: indication that a Profile, containing network access applications and associated network access credentials, is associated to an Operational Subscription Operational Subscription: subscription that enables a device to access
40、 an Recommendation ITU E.212 i.1 network for the purpose of accessing telecommunication and related services Profile: combination of a file structure, data and applications to be provisioned onto, or present on, an eUICC Profile Access Credentials: data required to exist within a Profile so that sec
41、ured communication can be set up between an external entity and the eUICC in order to manage that Profiles structure and its data (e.g. operator OTA keys) Profile Container: logical container for a Profile on an eUICC providing security services, enabling separation of Profiles and providing secure
42、communication Profile Container Initialization: process of preparing a Profile Container so that it is ready for Profile Loading and Installation Profile Loading: transfer of a Profile from a Profile Provisioning Credentials holder into the eUICC so that it is ready for installation Profile Transpor
43、t: transfer of a cryptographically protected Profile from a Profile Management Credential holder to the eUICC Profile Installation: process of allocating resources and registering parameters for a Profile to bring it to a state where it can be enabled Profile Provisioning Credentials: data required
44、to exist within an eUICC so that a Profile downloaded from an external entity can be decrypted and installed on the eUICC ETSI ETSI TS 103 383 V13.2.0 (2016-05)8Release 13Profile Management Credentials: data required to exist within an eUICC so that a secured communication can be set up between an e
45、xternal entity and the eUICC in order to manage the Profiles on the eUICC Profile Management Operations: consists of Profile Transport, Profile deletion, Profile enabling, and Profile disabling Provisioning: container creation and initialization, loading, and installation of a Profile into an eUICC
46、Provisioning Attribute: indication that a Profile, containing network access applications and associated network access credentials, is associated with the Provisioning Subscription Provisioning Subscription: subscription, with its associated Profile, that enables a device to access a mobile network
47、 for the purpose of management of operational Profiles on the eUICC Subscriber: entity that has a subscription with a telecommunications service provider Subscription: commercial relationship for the supply of services between the Subscriber and Telecommunications Service Provider Subscription Manag
48、er: combination of the functions of the SM-SR and the SM-DP Subscription Manager - Data Preparation: role that prepares Profiles to be securely provisioned on the eUICC e.g. encryption of Profile NOTE: Also known as Profile Provisioning Credentials holder. Subscription Manager - Secure Routing: role
49、 that securely performs functions which directly manage the Profiles on the eUICC Telecommunications Service Provider: MNO, or party trusted by the MNO acting on behalf of the MNO, which provides services to the subscriber 3.1a Void 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: ATR Answer To Reset CA Certificate AuthorityCAT Card Application Toolkit CS Circuit Switched CSIM CDMA Subscriber Identity Module EID eUICC Identifier eUICC embedded UICCFFS For Further Study IMS IP Multimedia Subsystem IMSI Inte
