Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 31.102  Word version:  17.1.0

Top   Top   Up   Prev   Next
0…   3…   4…   4.2.9…   4.2.17…   4.2.26…   4.2.34…   4.2.44…   4.2.52…   4.2.60…   4.2.68…   4.2.76…   4.2.85…   4.2.93…   4.2.101…   4.2.107…   4.3…   4.4.2…   4.4.2.4…   4.4.3…   4.4.4…   4.4.5…   4.4.6…   4.4.8…   4.4.8.7…   4.4.9…   4.4.11…   4.4.11.7…   4.5…   4.6…   4.7   5…   5.2   5.3   5.4…   5.9…   6…   7…   7.1.2…   7.3…   A   B…   D   E…   G   H…   I…   L…   M…

 

7.1.2  Command parameters and dataWord‑p. 272
This command can be used with an EVEN or an ODD instruction (INS) code. The EVEN instruction code can be used when the challenge data provided by the terminal is not TLV encapsulated data and the length of the challenge data provided by the terminal is less than 256 bytes.
The ODD instruction code shall be used with the security context specified in Table 2, when challenge and response data is TLV encapsulated regardless of their length. Terminals and UICCs that do not support security context requiring TLV format (e.g. MBMS), do not have to support AUTHENTICATE command with ODD instruction code.
EVEN INS code
Code Value
CLAAs specified in TS 31.101
INS'88'
P1'00'
P2See Table 1 below
LcSee below
DataSee below
Le'00', or maximum length of data expected in response
Parameter P2 specifies the authentication context as follows:
Coding b8-b1 Meaning
'1-------'Specific reference data (e.g. DF specific/application dependant key)
'----- XXX' Authentication context:
000GSM context
0013G context
010VGCS/VBS context
100GBA context
All other codings are RFU.
 
ODD INS code
The authentication data and the authentication response data are encapsulated in BER-TLV objects structured using tag '73' for BER-TLV structured data and tag '53' otherwise.
How this command can chain successive blocks of authentication data, or authentication response data is described in TS 31.101.
If P1 indicates "First block of authentication data" or "Next block of authentication data":
Input:
  • Authentication data encapsulated in a BER-TLV data object.
Output:
  • None.
Code Value
CLAAs specified in TS 31.101
INS'89'
P1As specified in TS 31.101
P2See Table 2 below
LcLength of the subsequent data field
DataAuthentication related data
LeNot present
 
If P1 indicates "First block of authentication response data" or "Next block of authentication response data":
Input:
  • None.
Output:
  • Authentication response data encapsulated in a BER-TLV data object.
Code Value
CLAAs specified in TS 31.101
INS'89'
P1As specified in TS 31.101
P2See Table 2 below
LcNot present
DataNot present
LeLength of the response data
 
Parameter P1 is used to control the data exchange between the terminal and the UICC as defined in TS 31.101.
Parameter P2 specifies the authentication context as follows:
Coding b8-b1 Meaning
'1-------'Specific reference data (e.g. DF specific/application dependant key)
'----- XXX' Authentication context:
101MBMS context
110Local Key Establishment mode
All other codings are RFU.
 
Command parameters/data:
Up

7.1.2.1  GSM/3G security context |R6|Word‑p. 273
Byte(s) Description Length
1Length of RAND (L1)1
2 to (L1+1)RANDL1
(L1+2)Length of AUTN (L2) (see note)1
(L1+3) to (L1+L2+2)AUTN (see note)L2
NOTE:
Parameter present if and only if in 3G security context.
 
The coding of AUTN is described in TS 33.102. The most significant bit of RAND is coded on bit 8 of byte 2. The most significant bit of AUTN is coded on bit 8 of byte (L1+3).
Response parameters/data, case 1, 3G security context, command successful:
Byte(s) Description Length
1"Successful 3G authentication" tag = 'DB'1
2Length of RES (L3)1
3 to (L3+2)RESL3
(L3+3)Length of CK (L4)1
(L3+4) to (L3+L4+3)CKL4
(L3+L4+4)Length of IK (L5)1
(L3+L4+5) to (L3+L4+L5+4)IKL5
(L3+L4+L5+5)Length of KC (= 8) (see note)1
(L3+L4+L5+6) to (L3+L4+L5+13)KC (see note)8
NOTE:
Parameter present if and only if Service No. 27 is "available".
 
The most significant bit of RES is coded on bit 8 of byte 3. The most significant bit of CK is coded on bit 8 of byte (L3+4). The most significant bit of IK is coded on bit 8 of byte (L3+L4+5).
Response parameters/data, case 2, 3G security context, synchronisation failure:
Byte(s) Description Length
1"Synchronisation failure" tag = 'DC'1
2Length of AUTS (L1)1
3 to (L1+2)AUTSL1
 
The coding of AUTS is described in TS 33.102. The most significant bit of AUTS is coded on bit 8 of byte 3.
Response parameters/data, case 3, GSM security context, command successful:
Byte(s) Description Length
1Length of SRES (= 4)1
2 to 5SRES4
6Length of KC (= 8)1
7 to 14KC8
 
The most significant bit of SRES is coded on bit 8 of byte 2. The most significant bit of Kc is coded on bit 8 of byte 7.
Up

7.1.2.2  VGCS/VBS security context |R6|Word‑p. 274
Byte(s) Description Length
1Length of Vservice_Id1
2 to 5Vservice_Id4
6Length of VK_Id1
7VK_Id1
8Length of VSTK_RAND (L1)1
9 to L1+8VSTK_RANDL1
 
Vservice_Id is coded in the same way as the octets 2-5 in the Descriptive group or broadcast call reference information element as defined in TS 24.008.
An Example for the coding of Vservice_Id can be found in Annex K.
The coding of VK_Id is as follows:
Coding of VK_Id
Coding b8-b1 Meaning
'00000001'Corresponds to the 1st group key
'00000010'Corresponds to the 2nd group key
 
The coding of VSTK_RAND is described in TS 43.020. The VSTK_RAND shall be inserted left-aligned into the L1 bytes, with unused bits to the right set to zero.
Response parameters/data, VGCS/VBS security context, command successful:
Byte(s) Description Length
1"Successful VGCS/VBS operation" tag = 'DB'1
2Length of VSTK (16)1
3 to 18VSTK16
Up

7.1.2.3  GBA security context (Bootstrapping Mode) |R6|Word‑p. 275
Byte(s) Description Length
1"GBA Security Context Bootstrapping Mode" tag = 'DD'1
2Length of RAND (L1)1
3 to (L1+2)RANDL1
(L1+3)Length of AUTN (L2)1
(L1+4) to (L1+L2+3)AUTNL2
 
Response parameters/data, GBA security context (Bootstrapping Mode), synchronisation failure:
Byte(s) Description Length
1"Synchronisation failure" tag = 'DC'1
2Length of AUTS (L1)1
3 to (L1+2)AUTSL1
 
AUTS coded as for UMTS Security context.
Response parameters/data, GBA security context (Bootstrapping Mode), command successful:
Byte(s) Description Length
1"Successful GBA operation" tag = 'DB'1
2Length of RES (L)1
3 to (L+2)RESL
 
RES coded as for UMTS Security context.
Up

7.1.2.4  GBA security context (NAF Derivation Mode) |R6|

Byte(s) Description Length
1"GBA Security Context NAF Derivation Mode" tag = 'DE'1
2Length of NAF_ID (L1)1
3 to (L1+2)NAF_IDL1
(L1+3)Length of IMPI (L2)1
(L1+4) to (L1+L2+3)IMPIL2
 
Response parameters/data, GBA security context (NAF Derivation Mode), command successful:
Byte(s) Description Length
1"Successful GBA operation" tag = 'DB'1
2Length of Ks_ext_NAF (L)1
3 to (L+2)Ks_ext_NAFL
 
Coding of Ks_ext_NAF as described in TS 33.220.
Up

7.1.2.5  MBMS security context (All Modes) |R6|Word‑p. 276
Byte(s) Description Coding Length
1MBMS Data Object tag ('53')As defined in TS 31.101 for BER-TLV data object1
2 to 1+A bytes (A ≤ 4)MBMS Data Object length (L1)As defined in TS 31.101 for BER-TLV data objectA
A+2MBMS Security Context ModeSee below1
A+3 to (A+L1+1)MIKEY message or Key Domain ID || MSK ID Key Group part or MUK ID TLVL1-1
 
Only the MIKEY message shall be transmitted in the MBMS security context mode '01' or '02'.
Only the Key Domain ID (coded on 3 bytes as described in TS 33.246) concatenated with the Key Group part of the MSK ID (coded on two bytes as described in TS 33.246 where the last transmitted byte represents the least significant byte of the Key Group part) shall be transmitted in the MBMS security context mode '03'.
Only the MUK ID TLV shall be transmitted in the MBMS security context mode '04'. The MUK ID TLV, containing the MUK Idr and MUK Idi only, shall be encoded as described in clause 4.2.81.
Parameter MBMS Security Context Mode specifies the MBMS mode in which MBMS security procedure is performed as follows:
Coding of MBMS Security Context Mode
Coding Meaning
'01' MSK Update Mode
'02' MTK Generation Mode
'03' MSK Deletion Mode
'04' MUK Deletion Mode
Response parameters/data, MBMS security context (MSK Update Mode), command successful:
Byte(s) Description Coding Length
1MBMS operation response Data Object tag ('53')As defined in TS 31.101 for BER-TLV data object1
2 to 1+A bytes (A ≤ 4)MBMS operation response Data Object length (L)As defined in TS 31.101 for BER-TLV data objectA
A+2"Successful MBMS operation" tag = 'DB' (see note 1)1
A+3 to (A+L+1)MIKEY message (see note 1)L-1
NOTE:
Parameter present if a MIKEY verification message is returned. Otherwise, the USIM returns "53 01 DB"
 
Response parameters/data, MBMS security context (MTK Generation Mode), command successful:
Byte(s) Description Coding Length
1MBMS operation response Data Object tag ('53')As defined in TS 31.101 for BER-TLV data object1
2 to 1+A bytes (A ≤ 4)MBMS operation response Data Object length (L)As defined in TS 31.101 for BER-TLV data objectA
A+2"Successful MBMS operation" tag = 'DB'1
A+3 to (A+L+1)MTK || Salt (if Salt key is available)L-1
 
Response parameters/data, MBMS security context (MSK and MUK Deletion Mode), command successful:
Byte(s) Description Coding Length
1MBMS operation response Data Object tag ('53')As defined in TS 31.101 for BER-TLV data object1
2MBMS operation response Data Object lengthAs defined in TS 31.101 for BER-TLV data object1
3"Successful MBMS operation" tag = 'DB'1
 
The coding of parameters is described in TS 33.246.
Up

7.1.2.6  Local Key Establishment security context (All Modes) |R7|Word‑p. 277
The Local Key Establishment Control TLV is included in the command data to indicate the security context mode. The Local Key Establishment Control TLV is also included in the response data to indicate the operation status.
Table 3: Coding of the Local Key Establishment Control TLV
Tag Value Length Value / Meaning
'80' Coded according to ISO/IEC 8825-1 [35] Local Key Establishment context:
'01': Key Derivation mode
'02': Key Availability Check mode
Operation Status:
'DB': Successful Operation
7.1.2.6.1  Local Key Establishment security context (Key Derivation mode)
Command parameters/data:
Byte(s) Description Coding Length
1Key Derivation Data Object tag ('73')As defined in TS 31.101 for BER-TLV data object1
2 to A+1 bytes (A ≤ 4)Key Derivation Data Object length (L)As defined in TS 31.101 for BER-TLV data objectA
A+2 to (A+L+1)Key Derivation Data ObjectL
 
  • Key Derivation Data Object content: The TLVs defined in table 4 are included in the Key Derivation Data Object.
    Table 4: Coding of the Key Derivation Data Object
    Description Value M/O Length (bytes)
    Local Key Establishment Control TLVCoded as defined in clause 7.1.2.6. The value field shall be set to '01'MB
    Counter Limit tag'81'M1
    LengthCMNote 1
    Counter LimitCoded as defined in TS 33.110MC
    Request MAC tag'82'M1
    LengthDMNote 1
    Request MACCoded as defined in TS 33.110MD (see Note 3)
    Key Identifier tag'A0'M1
    LengthE (see Note 2)MNote 1
    NAF_ID tag'83'M1
    LengthFMNote 1
    NAF_IDCoded as defined in TS 33.220MF
    Terminal_ID tag'84'M1
    LengthGMNote 1
    Terminal_IDCoded as defined in TS 33.110MG
    Terminal_appli_ID tag'85'M1
    LengthHMNote 1
    Terminal_appli_IDCoded as defined in TS 33.110MH
    UICC_appli_ID tag'86'M1
    LengthIMNote 1
    UICC_appli_IDCoded as defined in TS 33.110MI
    RANDx tag'87'M1
    LengthJMNote 1
    RANDxCoded as defined in TS 33.110MJ (see Note 4)
    NOTE 1:
    The length is coded according to ISO/IEC 8825-1 [35].
    NOTE 2:
    The Key Identifier TLV is a constructed TLV containing the following primitive TLVs: NAF_ID, Terminal_ID, Terminal_appli_ID, UICC_appli_ID and RANDx. E is the length of the constructed Key Identifier value.
    NOTE 3:
    The most significant bit of the request MAC is coded on bit 8 of the first byte following the MAC Length.
    NOTE 4:
    The most significant bit of the RANDx is coded on bit 8 of the first byte following the RANDx Length.
    Response parameters/data, Local Key Establishment security context (Key Derivation mode), command successful:
    Byte(s) Description Coding Length
    1Key Derivation Operation Response Data Object tag ('73')As defined in TS 31.101 for BER-TLV data object1
    2 to A1+1 bytes (A1 ≤ 4)Key Derivation Operation Response Data Object length (L1)As defined in TS 31.101 for BER-TLV data objectA1
    A1+2 to (A1+L1+1)Key Derivation Operation Response Data ObjectL1
     
    Key Derivation Operation Response Data Object content: The TLVs defined in table 5 are included in the Key Derivation Operation Response Data Object.
    Description Value M/O Length (bytes)
    Local Key Establishment Control TLVCoded as defined in clause 7.1.2.6. The value field shall be set to 'DB'MB
    Response MAC tag'82'M1
    LengthCMNote 1
    Response MACCoded as defined in TS 33.110MC (see Note 2)
    NOTE 1:
    The length is coded according to ISO/IEC 8825-1 [35].
    NOTE 2:
    The most significant bit of the response MAC is coded on bit 8 of the first byte following the MAC length.
  • Up
    7.1.2.6.2  Local Key Establishment security context (Key Availability Check mode)Word‑p. 279
    Command parameters/data:
    Byte(s) Description Coding Length
    1Key Availability Check Data Object tag ('73')As defined in TS 31.101 for BER-TLV data object1
    2 to 1+A bytes (A ≤ 4)Key Availability Check Data Object length (L)As defined in TS 31.101 for BER-TLV data objectA
    A+2 to (A+L+1)Key Availability Check Data ObjectL
     
  • Key Availability Check Data Object content: The TLVs defined in Table 6 are included in the Key Availability Check Data Object.
    Description Value M/O Length (bytes)
    Local Key Establishment Control TLVCoded as defined in clause 7.1.2.6. The value field shall be set to '02'MB
    Key Identifier TLVCoded as defined in clause 7.1.2.6.1 MC
     
    Response parameters/data, Local Key Establishment security context (Key Availability Check mode), command successful:
    Byte(s) Description Coding Length
    1Key Availability Check Operation Response Data Object tag ('73')As defined in TS 31.101 for BER-TLV data object1
    2 to 1+A1 bytes (A1 ≤ 4)Key Availability Check Operation Response Data Object length (L1)As defined in TS 31.101 for BER-TLV data objectA1
    A1+2 to (A1+L1+1)Key Availability Check Operation Response Data ObjectL1
     
  • Key Availability Check Operation Response Data Object content: The TLV defined in table 7 is included in the Key Availability Check Operation Response Data Object.
    Description Value M/O Length (bytes)
    Local Key Establishment Control TLVCoded as defined in clause 7.1.2.6. The value field shall be set to 'DB'MB
  • Up

    7.2Void


    Up   Top   ToC