Content for TS 31.102 Word version: 18.3.0

0… 3… 4… 4.2.9… 4.2.17… 4.2.26… 4.2.34… 4.2.44… 4.2.52… 4.2.60… 4.2.68… 4.2.76… 4.2.85… 4.2.93… 4.2.101… 4.2.107… 4.3… 4.4.2… 4.4.2.4… 4.4.3… 4.4.4… 4.4.5… 4.4.6… 4.4.8… 4.4.8.7… 4.4.9… 4.4.11… 4.4.11.7… 4.4.11.17… 4.4.12… 4.5… 4.6… 4.7 5… 5.2… 5.3… 5.4… 5.9… 6… 7… 7.1.2… 7.3… A B… D E… G H… I… L… M…

7.3 Status Conditions Returned by the USIM 7.3.1 Security management 7.3.2 Status Words of the Commands 7.4 Optional commands 7.5 GET IDENTITY 7.5.1 Command description 7.5.2 Command parameters and data
...

7.3 Status Conditions Returned by the USIM p. 326

Status of the card after processing of the command is coded in the status bytes SW1 and SW2. This clause specifies the coding of the status bytes in the following tables, in addition to the ones defined in TS 31.101.

7.3.1 Security management p. 326

SW1	SW2	Error description
'98'	'62'	Authentication error, incorrect MAC
'98'	'64'	Authentication error, security context not supported
'98'	'65'	Key freshness failure
'98'	'66'	Authentication error, no memory space available
'98'	'67'	Authentication error, no memory space available in EFMUK

7.3.2 Status Words of the Commands p. 327

The following table shows for each command the possible status conditions returned (marked by an asterisk *).

Commands and status words

Status Words	AUTHENTICATE	GET IDENTIYY
90 00	*	*
91 XX	*	*
93 00
98 50
98 62	*
98 64	*
98 65	*
98 66	*
98 67	*
62 00	*	*
62 81
62 82
62 83
62 F1	*
62 F3	*
63 CX
63 F1	*
64 00	*	*
65 00	*	*
65 81	*	*
67 00	*	*
67 XX - (see note)	*	*
68 00	*	*
68 81	*	*
68 82	*	*
69 81
69 82	*	*
69 83
69 84	*
69 85	*	*
69 86
6A 80
6A 81	*	*
6A 82
6A 83
6A 86	*	*
6A 87
6A 88	*	*
6B 00	*	*
6E 00	*	*
6F 00	*	*
6F XX - (see note)	*	*
NOTE: Except SW2 = '00'.

7.4 Optional commands |R6| p. 328

The following command is optional for the USIM application:

GET CHALLENGE command as defined in TS 31.101.
GET IDENTITY command as defined in clause 7.5

7.5 GET IDENTITY |R15| p. 328

7.5.1 Command description p. 328

The function can be used in the following contexts:

a SUCI context, to retrieve the SUCI when "SUCI calculation is to be performed by the USIM".
a SUCI NSWO context, to retrieve the SUCI when "SUCI calculation is to be performed by the USIM" and "5G NSWO support" is activated (i.e. Service No. 142 is "available").

The function is related to a particular USIM and shall not be executable unless the USIM application has been selected and activated, and the current directory is the USIM ADF or any subdirectory under this ADF and a successful PIN verification procedure has been performed (see clause 5).

If GET IDENTITY command is not supported by the UICC, then the status word '6D00' (Instruction code not supported or invalid) shall be returned.

7.5.1.1 SUCI context p. 328

SUCI context shall be supported if "SUCI calculation is to be performed by the USIM" (i.e. Service No. 124 and Service No. 125 are "available").

The command returns the SUCI which is a privacy preserving identifier containing the concealed SUPI. The function is used in 5GS in the specific cases described in TS 33.501 prior to mutual authentication between the UE and the SN.

The SUCI returned is calculated as described in TS 33.501.

For the execution of the command, the following information shall be available in the USIM:

Home network identifier (i.e. MCC and MNC when SUPI Type is IMSI or domain name when SUPI Type is Network Specific Identifier, Global Line Identifier or Global Cable Identifier) (see NOTE).
Routing indicator (configured in EFRouting_Indicator).
Home network public key (see Note).
Home network public key identifier (see Note).
Protection scheme identifier (see Note).
SUPI.

The SUCI is designed for one-time use, however, the freshness and randomness of SUCI returned upon each call of the command depends on the protection scheme configured. There is the special case where the protection scheme used is null-scheme, in such case SUCI contains the non concealed SUPI.

If the home network public key is not provisioned in the USIM, the SUCI shall be calculated using the null-scheme irrespective of the protection scheme stored in the USIM.

The returned SUCI consists of the concatenation of the following information as described in TS 23.003:

SUPI Type
Home network identifier (i.e. MCC and MNC when SUPI Type is IMSI or domain name when SUPI Type is Network Specific Identifier, Global Line Identifier or Global Cable Identifier).
Routing indicator.
Protection scheme identifier.
Home network pu33.501
Scheme output, resulting from the protection scheme profile, identified by the protection scheme identifier. The protection scheme profile shall be one of those defined in Annex C of TS 33.501 or one of those specified by the Home network.
Network Identifier for SNPN (NID) in case of SUCI in NAI format (see TS 23.003 for details) and if Service No. 146 is "available".

If SUCI context is supported and:

Service No. 124 is not "available" or:
"SUCI calculation is to be performed by the ME" (i.e. Service No. 124 is "available", and Service No. 125 is not "available")

the status word '6985' (Conditions of use not satisfied) shall be returned

7.5.1.2 SUCI 5G NSWO context |R17| p. 329

SUCI 5G NSWO context shall be supported if "SUCI calculation is to be performed by the USIM" (i.e. Service No. 124 and Service No. 125 are "available") and "5G NSWO support" is activated (i.e. Service No. 142 is "available").

The command returns the SUCI which is a privacy preserving identifier containing the concealed SUPI. The function is used in 5GS in the specific cases of NSWO authentication described in TS 33.501 Annex S.

For the execution of the command, the following information shall be available in the USIM:

Home network identifier (i.e. MCC and MNC when SUPI Type is IMSI) (see NOTE 1).
Routing indicator (configured in EFRouting_Indicator).
Home network public key (see NOTE 1).
Home network public key identifier (see NOTE 1).
Protection scheme identifier (see NOTE 1).
SUPI (NOTE 2).
Network Identifier for SNPN (NID) (NOTE 3).

If the home network public key is not provisioned in the USIM, the SUCI shall be calculated using the null scheme irrespective of the protection scheme stored in the USIM.

The returned SUCI shall be in the NAI format as in TS 23.003 and is computed as described in TS 33.501 Annex S.3.

If SUCI 5G NSWO context is supported and:

Service No. 124 is not "available" or
"SUCI calculation is to be performed by the ME" (i.e. Service No. 124 is "available", and Service No. 125 is not "available") or
"5G NSWO support" is not activated (i.e. Service No. 142 is not "available")
the status word '6985' (Conditions of use not satisfied) shall be returned.

7.5.2 Command parameters and data p. 330

Code	Value
CLA	As specified in TS 31.101
INS	'78'
P1	'00'
P2	Identity context, see Table 7.5.2-1 below
Lc	Length of the subsequent data field or not present, see below
Data	See below
Le	'00', or maximum length of data expected in response

Parameter P2 specifies the identity context as follows:

Table 7.5.2-1: Coding of the reference control P2

b8	b7	b6	b5	b4	b3	b2	b1	Meaning
-	X	X	X	X	X	X	X	Identity Context (See below)
-	0	0	0	0	0	0	1	SUCI
-	0	0	0	0	0	1	0	SUCI 5G NSWO

All other codings are RFU.

7.5.2.1 SUCI context p. 330

Command parameters/data: None

Response parameters/data:

Byte(s)	Description	Length
1 to Le	SUCI TLV data object	Le

Subscription Concealed Identifier TLV data object:

Description	Value	M/O/C	Length (bytes)
SUCI TLV data object tag	'A1'	M	1
Length	X	M	Note
SUCI value	--	M	X
NOTE: The length is coded according to ISO/IEC 8825-1 [35].

SUCI It contains the SUCI as defined in TS 33.501.

When SUPI Type is IMSI, the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "IMSI" defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:

Byte 1 corresponds to "octet 4" and the value is '01':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	0	0	0	0	0	1

From byte 2 to 4, the Home Network Identifier (i.e. MCC and MNC) is coded and corresponds from "octet 5" to "octet 7".

Byte 5 and 6 code the Routing Indicator which correspond to "octet 8" and "octet 9".

Byte 7 codes the Protection Scheme Identifier which corresponds to "octet 10".

Byte 8 codes the Home Network Public Key Identifier which corresponds to "octet 11".

Byte 9 corresponds to "octet 12". From Byte 9 onwards, the Scheme Output is coded and the length depends on the Protection Scheme used.

When SUPI Type is Network Specific Identifier (i.e. service No. 130 is "available" and EFSUPI_NAI contains a Network Specific Identifier), the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "Network specific identifier" defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:

Byte 1 corresponds to "octet 4" and the value is '11':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	0	1	0	0	0	1

Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI is coded as defined in TS 24.501.

When SUPI Type is Global Line Identifier (i.e. service No. 130 is "available" and EFSUPI_NAI contains a Global Line Identifier), the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "Global Line Identifier" (GLI) defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:

Byte 1 corresponds to "octet 4" and the value is '31':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	1	1	0	0	0	1

Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI is coded as defined in TS 24.501.

When SUPI Type is Global Cable Identifier (i.e. service No. 130 is "available" and EFSUPI_NAI contains a Global Cable Identifier), the SUCI is coded as part of 5GS mobile identity information element for type of identity "SUCI" and SUPI format "Global Cable Identifier" (GCI) defined in TS 24.501. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:

Byte 1 corresponds to "octet 4" and the value is '21':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	1	0	0	0	0	1

Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI is coded as defined in TS 24.501.

7.5.2.2 SUCI 5G NSWO context |R17| p. 332

Command parameters/data: None

Response parameters/data:

Byte(s)	Description	Length
1 to Le	SUCI TLV data object	Le

Subscription Concealed Identifier TLV data object:

Description	Value	M/O/C	Length (bytes)
SUCI TLV data object tag	'A1'	M	1
Length	X	M	Note
SUCI value	--	M	X
NOTE: The length is coded according to ISO/IEC 8825-1 [35].

SUCI

It contains the SUCI in NAI format as defined in TS 33.501 Annex S.

When SUPI Type is IMSI, the SUCI in NAI format is coded as part of 5GS mobile identity information element as defined in TS 24.501 Figure 9.11.3.4.4. The correspondence between the SUCI value and the octets of the above referenced 5GS mobile identity information element is provided below:

Byte 1 corresponds to "octet 4" and the value is '01':

b8	b7	b6	b5	b4	b3	b2	b1
0	0	0	0	0	0	0	1

Byte 2 corresponds to "octet 5". From byte 2 onwards, the SUCI NAI field contains an NAI constructed as specified in clause 28.7.3 of TS 23.003.

Content for TS 31.102 Word version: 18.3.0

7.3 Status Conditions Returned by the USIM p. 326

7.3.1 Security management p. 326

7.3.2 Status Words of the Commands p. 327

7.4 Optional commands |R6| p. 328

7.5 GET IDENTITY |R15| p. 328

7.5.1 Command description p. 328

7.5.1.1 SUCI context p. 328

7.5.1.2 SUCI 5G NSWO context |R17| p. 329

7.5.2 Command parameters and data p. 330

7.5.2.1 SUCI context p. 330

7.5.2.2 SUCI 5G NSWO context |R17| p. 332

8 Void