Byte(s) |
Description |
Length |
1 | Length of RAND (L1) | 1 |
2 to (L1+1) | RAND | L1 |
(L1+2) | Length of AUTN (L2) (see note) | 1 |
(L1+3) to (L1+L2+2) | AUTN (see note) | L2 |
NOTE:
Parameter present if and only if in 3G/EPS/5G security context.
|
The coding of AUTN is described in
TS 33.102. The most significant bit of RAND is coded on bit 8 of byte 2. The most significant bit of AUTN is coded on bit 8 of byte (L1+3).
Response parameters/data, case 1, 3G/EPS/5G security context, command successful:
Byte(s) |
Description |
Length |
1 |
"Successful 3G authentication" tag = 'DB'
| 1 |
2 | Length of RES (L3) | 1 |
3 to (L3+2) | RES | L3 |
(L3+3) | Length of CK (L4) | 1 |
(L3+4) to (L3+L4+3) | CK | L4 |
(L3+L4+4) | Length of IK (L5) | 1 |
(L3+L4+5) to (L3+L4+L5+4) | IK | L5 |
(L3+L4+L5+5) | Length of KC (= 8) (see note) | 1 |
(L3+L4+L5+6)
to
(L3+L4+L5+13) | KC (see note) | 8 |
NOTE:
Parameter present if and only if Service No. 27 is "available".
|
The most significant bit of RES is coded on bit 8 of byte 3. The most significant bit of CK is coded on bit 8 of byte (L3+4). The most significant bit of IK is coded on bit 8 of byte (L3+L4+5).
Response parameters/data, case 2, 3G/EPS/5G security context, synchronisation failure:
Byte(s) |
Description |
Length |
1 |
"Synchronisation failure" tag = 'DC'
| 1 |
2 | Length of AUTS (L1) | 1 |
3 to (L1+2) | AUTS | L1 |
The coding of AUTS is described in
TS 33.102. The most significant bit of AUTS is coded on bit 8 of byte 3.
Response parameters/data, case 3, GSM security context, command successful:
Byte(s) |
Description |
Length |
1 | Length of SRES (= 4) | 1 |
2 to 5 | SRES | 4 |
6 | Length of KC (= 8) | 1 |
7 to 14 | KC | 8 |
The most significant bit of SRES is coded on bit 8 of byte 2. The most significant bit of Kc is coded on bit 8 of byte 7.
Byte(s) |
Description |
Length |
1 | Length of Vservice_Id | 1 |
2 to 5 | Vservice_Id | 4 |
6 | Length of VK_Id | 1 |
7 | VK_Id | 1 |
8 | Length of VSTK_RAND (L1) | 1 |
9 to L1+8 | VSTK_RAND | L1 |
Vservice_Id is coded in the same way as the octets 2-5 in the Descriptive group or broadcast call reference information element as defined in
TS 24.008.
An Example for the coding of Vservice_Id can be found in
Annex K.
The coding of VK_Id is as follows:
Coding of VK_Id
Coding
b8-b1 |
Meaning |
'00000001' | Corresponds to the 1st group key |
'00000010' | Corresponds to the 2nd group key |
The coding of VSTK_RAND is described in
TS 43.020. The VSTK_RAND shall be inserted left-aligned into the L1 bytes, with unused bits to the right set to zero.
Response parameters/data, VGCS/VBS security context, command successful:
Byte(s) |
Description |
Length |
1 |
"Successful VGCS/VBS operation" tag = 'DB',
| 1 |
2 | Length of VSTK (16) | 1 |
3 to 18 | VSTK | 16 |
Byte(s) |
Description |
Length |
1 |
"GBA Security Context Bootstrapping Mode" tag = 'DD'
| 1 |
2 | Length of RAND (L1) | 1 |
3 to (L1+2) | RAND | L1 |
(L1+3) | Length of AUTN (L2) | 1 |
(L1+4) to (L1+L2+3) | AUTN | L2 |
Response parameters/data, GBA security context (Bootstrapping Mode), synchronisation failure:
Byte(s) |
Description |
Length |
1 |
"Synchronisation failure" tag = 'DC'
| 1 |
2 | Length of AUTS (L1) | 1 |
3 to (L1+2) | AUTS | L1 |
AUTS coded as for UMTS Security context.
Response parameters/data, GBA security context (Bootstrapping Mode), command successful:
Byte(s) |
Description |
Length |
1 |
"Successful GBA operation" tag = 'DB'
| 1 |
2 | Length of RES (L) | 1 |
3 to (L+2) | RES | L |
RES coded as for UMTS Security context.
Byte(s) |
Description |
Length |
1 |
"GBA Security Context NAF Derivation Mode" tag = 'DE'
| 1 |
2 | Length of NAF_ID (L1) | 1 |
3 to (L1+2) | NAF_ID | L1 |
(L1+3) | Length of IMPI (L2) | 1 |
(L1+4) to (L1+L2+3) | IMPI | L2 |
Response parameters/data, GBA security context (NAF Derivation Mode), command successful:
Byte(s) |
Description |
Length |
1 |
"Successful GBA operation" tag = 'DB'
| 1 |
2 | Length of Ks_ext_NAF (L) | 1 |
3 to (L+2) | Ks_ext_NAF | L |
Coding of Ks_ext_NAF as described in
TS 33.220.
Byte(s) |
Description |
Coding |
Length |
1 | MBMS Data Object tag ('53') | As defined in TS 31.101 for BER-TLV data object | 1 |
2 to 1+A bytes (A ≤ 4) | MBMS Data Object length (L1) | As defined in TS 31.101 for BER-TLV data object | A |
A+2 | MBMS Security Context Mode | See below | 1 |
A+3 to (A+L1+1) | MIKEY message or Key Domain ID || MSK ID Key Group part or MUK ID TLV | | L1-1 |
Only the MIKEY message shall be transmitted in the MBMS security context mode '01' or '02'.
Only the Key Domain ID (coded on 3 bytes as described in
TS 33.246) concatenated with the Key Group part of the MSK ID (coded on two bytes as described in
TS 33.246 where the last transmitted byte represents the least significant byte of the Key Group part) shall be transmitted in the MBMS security context mode '03'.
Only the MUK ID TLV shall be transmitted in the MBMS security context mode '04'. The MUK ID TLV, containing the MUK Idr and MUK Idi only, shall be encoded as described in
clause 4.2.81.
Parameter MBMS Security Context Mode specifies the MBMS mode in which MBMS security procedure is performed as follows:
Coding of MBMS Security Context Mode
Response parameters/data, MBMS security context (MSK Update Mode), command successful:
Byte(s) |
Description |
Coding |
Length |
1 | MBMS operation response Data Object tag ('53') | As defined in TS 31.101 for BER-TLV data object | 1 |
2 to 1+A bytes (A ≤ 4) | MBMS operation response Data Object length (L) | As defined in TS 31.101 for BER-TLV data object | A |
A+2 |
"Successful MBMS operation" tag = 'DB' (see note 1)
| | 1 |
A+3 to (A+L+1) | MIKEY message (see note 1) | | L-1 |
NOTE:
Parameter present if a MIKEY verification message is returned. Otherwise, the USIM returns "53 01 DB"
|
Response parameters/data, MBMS security context (MTK Generation Mode), command successful:
Byte(s) |
Description |
Coding |
Length |
1 | MBMS operation response Data Object tag ('53') | As defined in TS 31.101 for BER-TLV data object | 1 |
2 to 1+A bytes (A ≤ 4) | MBMS operation response Data Object length (L) | As defined in TS 31.101 for BER-TLV data object | A |
A+2 |
"Successful MBMS operation" tag = 'DB'
| | 1 |
A+3 to (A+L+1) | MTK || Salt (if Salt key is available) | | L-1 |
Response parameters/data, MBMS security context (MSK and MUK Deletion Mode), command successful:
Byte(s) |
Description |
Coding |
Length |
1 | MBMS operation response Data Object tag ('53') | As defined in TS 31.101 for BER-TLV data object | 1 |
2 | MBMS operation response Data Object length | As defined in TS 31.101 for BER-TLV data object | 1 |
3 |
"Successful MBMS operation" tag = 'DB'
| | 1 |
The coding of parameters is described in
TS 33.246.
The Local Key Establishment Control TLV is included in the command data to indicate the security context mode. The Local Key Establishment Control TLV is also included in the response data to indicate the operation status.