Tech-invite3GPPspaceIETF RFCsSIP
Quick21222324252627282931323334353637384‑5x

Content for  TS 31.102  Word version:  17.8.0

Top   Top   Up   Prev   Next
0…   3…   4…   4.2.9…   4.2.17…   4.2.26…   4.2.34…   4.2.44…   4.2.52…   4.2.60…   4.2.68…   4.2.76…   4.2.85…   4.2.93…   4.2.101…   4.2.107…   4.3…   4.4.2…   4.4.2.4…   4.4.3…   4.4.4…   4.4.5…   4.4.6…   4.4.8…   4.4.8.7…   4.4.9…   4.4.11…   4.4.11.7…   4.4.11.17…   4.4.12…   4.5…   4.6…   4.7   5…   5.2…   5.3…   5.4…   5.9…   6…   7…   7.1.2…   7.3…   A   B…   D   E…   G   H…   I…   L…   M…

 

7.3  Status Conditions Returned by the USIMp. 307

Status of the card after processing of the command is coded in the status bytes SW1 and SW2. This clause specifies the coding of the status bytes in the following tables, in addition to the ones defined in TS 31.101.

7.3.1  Security managementp. 307

SW1 SW2 Error description
'98''62'Authentication error, incorrect MAC
'98''64'Authentication error, security context not supported
'98''65'Key freshness failure
'98''66'Authentication error, no memory space available
'98''67'Authentication error, no memory space available in EFMUK
Up

7.3.2  Status Words of the Commandsp. 308

The following table shows for each command the possible status conditions returned (marked by an asterisk *).
Commands and status words
Status Words AUTHENTICATE GET IDENTIYY
90 00**
91 XX**
93 00
98 50
98 62*
98 64*
98 65*
98 66*
98 67*
62 00**
62 81
62 82
62 83
62 F1*
62 F3*
63 CX
63 F1*
64 00**
65 00**
65 81**
67 00**
67 XX - (see note)**
68 00**
68 81**
68 82**
69 81
69 82**
69 83
69 84*
69 85**
69 86
6A 80
6A 81**
6A 82
6A 83
6A 86**
6A 87
6A 88**
6B 00**
6E 00**
6F 00**
6F XX - (see note)**
NOTE:
Except SW2 = '00'.
Up

7.4  Optional commands |R6|p. 309

The following command is optional for the USIM application:

7.5  GET IDENTITY |R15|p. 309

7.5.1  Command descriptionp. 309

The function can be used in the following contexts:
  • a SUCI context, to retrieve the SUCI when "SUCI calculation is to be performed by the USIM".
  • a SUCI NSWO context, to retrieve the SUCI when "SUCI calculation is to be performed by the USIM" and "5G NSWO support" is activated (i.e. Service No. 142 is "available").
The function is related to a particular USIM and shall not be executable unless the USIM application has been selected and activated, and the current directory is the USIM ADF or any subdirectory under this ADF and a successful PIN verification procedure has been performed (see clause 5).
If GET IDENTITY command is not supported by the UICC, then the status word '6D00' (Instruction code not supported or invalid) shall be returned.
Up

7.5.1.1  SUCI contextp. 309

SUCI context shall be supported if "SUCI calculation is to be performed by the USIM" (i.e. Service No. 124 and Service No. 125 are "available").
The command returns the SUCI which is a privacy preserving identifier containing the concealed SUPI. The function is used in 5GS in the specific cases described in TS 33.501 prior to mutual authentication between the UE and the SN.
The SUCI returned is calculated as described in TS 33.501.
For the execution of the command, the following information shall be available in the USIM:
  • Home network identifier (i.e. MCC and MNC when SUPI Type is IMSI or domain name when SUPI Type is Network Specific Identifier, Global Line Identifier or Global Cable Identifier) (see NOTE).
  • Routing indicator (configured in EFRouting_Indicator).
  • Home network public key (see Note).
  • Home network public key identifier (see Note).
  • Protection scheme identifier (see Note).
  • SUPI.
The SUCI is designed for one-time use, however, the freshness and randomness of SUCI returned upon each call of the command depends on the protection scheme configured. There is the special case where the protection scheme used is null-scheme, in such case SUCI contains the non concealed SUPI.
If the home network public key is not provisioned in the USIM, the SUCI shall be calculated using the null-scheme irrespective of the protection scheme stored in the USIM.
The returned SUCI consists of the concatenation of the following information as described in TS 23.003:
  • SUPI Type
  • Home network identifier (i.e. MCC and MNC when SUPI Type is IMSI or domain name when SUPI Type is Network Specific Identifier, Global Line Identifier or Global Cable Identifier).
  • Routing indicator.
  • Protection scheme identifier.
  • Home network pu33.501
  • Scheme output, resulting from the protection scheme profile, identified by the protection scheme identifier. The protection scheme profile shall be one of those defined in Annex C of TS 33.501 or one of those specified by the Home network.
If SUCI context is supported and:
  • Service No. 124 is not "available" or:
  • "SUCI calculation is to be performed by the ME" (i.e. Service No. 124 is "available", and Service No. 125 is not "available")
the status word '6985' (Conditions of use not satisfied) shall be returned
Up

7.5.1.2  SUCI 5G NSWO context |R17|p. 310

SUCI 5G NSWO context shall be supported if "SUCI calculation is to be performed by the USIM" (i.e. Service No. 124 and Service No. 125 are "available") and "5G NSWO support" is activated (i.e. Service No. 142 is "available").
The command returns the SUCI which is a privacy preserving identifier containing the concealed SUPI. The function is used in 5GS in the specific cases of NSWO authentication described in TS 33.501 Annex S.
For the execution of the command, the following information shall be available in the USIM:
  • Home network identifier (i.e. MCC and MNC when SUPI Type is IMSI) (see NOTE 1).
  • Routing indicator (configured in EFRouting_Indicator).
  • Home network public key (see NOTE 1).
  • Home network public key identifier (see NOTE 1).
  • Protection scheme identifier (see NOTE 1).
  • SUPI (NOTE 2).
The SUCI is designed for one-time use, however, the freshness and randomness of SUCI returned upon each call of the command depends on the protection scheme configured. There is the special case where the protection scheme used is null-scheme, in such case, SUCI contains the non concealed SUPI.
If the home network public key is not provisioned in the USIM, the SUCI shall be calculated using the null scheme irrespective of the protection scheme stored in the USIM.
The returned SUCI shall be in the NAI format as in TS 23.003 and is computed as described in TS 33.501 Annex S.3.
If SUCI 5G NSWO context is supported and:
  • Service No. 124 is not "available" or
  • "SUCI calculation is to be performed by the ME" (i.e. Service No. 124 is "available", and Service No. 125 is not "available") or
  • "5G NSWO support" is not activated (i.e. Service No. 142 is not "available")
    the status word '6985' (Conditions of use not satisfied) shall be returned.
Up

7.5.2  Command parameters and datap. 311

Code Value
CLAAs specified in TS 31.101
INS'78'
P1'00'
P2 Identity context, see Table 7.5.2-1 below
LcLength of the subsequent data field or not present, see below
DataSee below
Le'00', or maximum length of data expected in response
 
Parameter P2 specifies the identity context as follows:
b8 b7 b6 b5 b4 b3 b2 b1 Meaning
-XXXXXXXIdentity Context (See below)
-0000001SUCI
-0000010SUCI 5G NSWO
 
All other codings are RFU.
Up

7.5.2.1  SUCI contextp. 311

Command parameters/data: None
Response parameters/data:
Byte(s) Description Length
1 to LeSUCI TLV data objectLe
 
Subscription Concealed Identifier TLV data object:
Description Value M/O/C Length (bytes)
SUCI TLV data object tag'A1'M1
LengthXMNote
SUCI value--MX
NOTE:
The length is coded according to ISO/IEC 8825-1 [35].
  • SUCI It contains the SUCI as defined in TS 33.501.
    When SUPI Type is IMSI, the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "IMSI" defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:
    Byte 1 corresponds to "octet 4" and the value is '01':
    b8 b7 b6 b5 b4 b3 b2 b1
    0 0 0 0 0 0 0 1
     
    From byte 2 to 4, the Home Network Identifier (i.e. MCC and MNC) is coded and corresponds from "octet 5" to "octet 7".
    Byte 5 and 6 code the Routing Indicator which correspond to "octet 8" and "octet 9".
    Byte 7 codes the Protection Scheme Identifier which corresponds to "octet 10".
    Byte 8 codes the Home Network Public Key Identifier which corresponds to "octet 11".
    Byte 9 corresponds to "octet 12". From Byte 9 onwards, the Scheme Output is coded and the length depends on the Protection Scheme used.
    When SUPI Type is Network Specific Identifier (i.e. service No. 130 is "available" and EFSUPI_NAI contains a Network Specific Identifier), the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "Network specific identifier" defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:
    Byte 1 corresponds to "octet 4" and the value is '11':
    b8 b7 b6 b5 b4 b3 b2 b1
    0 0 0 1 0 0 0 1
     
    Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI is coded as defined in TS 24.501.
    When SUPI Type is Global Line Identifier (i.e. service No. 130 is "available" and EFSUPI_NAI contains a Global Line Identifier), the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "Global Line Identifier" (GLI) defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:
    Byte 1 corresponds to "octet 4" and the value is '31':
    b8 b7 b6 b5 b4 b3 b2 b1
    0 0 1 1 0 0 0 1
     
    Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI is coded as defined in TS 24.501.
    When SUPI Type is Global Cable Identifier (i.e. service No. 130 is "available" and EFSUPI_NAI contains a Global Cable Identifier), the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "Global Cable Identifier" (GCI) defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:
    Byte 1 corresponds to "octet 4" and the value is '21':
    b8 b7 b6 b5 b4 b3 b2 b1
    0 0 1 0 0 0 0 1
     
    Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI is coded as defined in TS 24.501.
  • Up

    7.5.2.2  SUCI 5G NSWO context |R17|p. 313

    Command parameters/data: None
    Response parameters/data:
    Byte(s) Description Length
    1 to LeSUCI TLV data objectLe
     
    Subscription Concealed Identifier TLV data object:
    Description Value M/O/C Length (bytes)
    SUCI TLV data object tag'A1'M1
    LengthXMNote
    SUCI value--MX
    NOTE:
    The length is coded according to ISO/IEC 8825-1 [35].
    SUCI
    It contains the SUCI in NAI format as defined in TS 33.501 Annex S.
    When SUPI Type is IMSI, the SUCI in NAI format is coded as part of 5GS mobile identity information element as defined in TS 24.501 Figure 9.11.3.4.4. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:
    Byte 1 corresponds to "octet 4" and the value is '01':
    b8 b7 b6 b5 b4 b3 b2 b1
    0 0 0 0 0 0 0 1
     
    Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI field contains an NAI constructed as specified in clause 28.7.3 of TS 23.003.
    Up

    8Void


    Up   Top   ToC