Tech-invite3GPPspecsSIPRFCs
Overview21222324252627282931323334353637384‑5x

Content for  TS 31.102  Word version:  17.1.0

Top   Top   Up   Prev   Next
0…   3…   4…   4.2.9…   4.2.17…   4.2.26…   4.2.34…   4.2.44…   4.2.52…   4.2.60…   4.2.68…   4.2.76…   4.2.85…   4.2.93…   4.2.101…   4.2.107…   4.3…   4.4.2…   4.4.2.4…   4.4.3…   4.4.4…   4.4.5…   4.4.6…   4.4.8…   4.4.8.7…   4.4.9…   4.4.11…   4.4.11.7…   4.5…   4.6…   4.7   5…   5.2   5.3   5.4…   5.9…   6…   7…   7.1.2…   7.3…   A   B…   D   E…   G   H…   I…   L…   M…

 

L (Normative)  USIM-INI and USIM-RN for Relay Nodes |R10|Word‑p. 316

L.1  Introduction

USIM-RN and USIM-INI are used for Relay Node network connections establishment.
USIM-INI, if present on the UICC, and USIM-RN include at least all mandatory files defined for a USIM in the present document, with the exception of files related to emergency calls.
USIM-INI is only required in case of a certificate based solution as described in TS 33.401.
For the certificate-based solution, the UICC shall support BIP-UICC server mode (see TS 31.111) and may support the Inter-Chip USB UICC/terminal interface (see TS 31.101) to perform the TLS handshake.
The USIM-RN is used to ensure a one to one binding with the Relay Node. The security architecture for Relay Nodes is defined in TS 33.401.
Up

L.2  Application selection procedure

Application selection is performed according to the procedures defined in clause 5.1.1.1. The following provisions apply:
When using pre-shared keys, only a USIM-RN is required, and the Relay Node will establish directly a secure channel with USIM-RN. It is assumed that the Relay Node knows the "3G application code" within the PIX value reserved for 3GPP USIM-RN.
When using certificate based procedure, the UICC inserted in the Relay Node shall contains two USIMs, the USIM-RN and USIM-INI. In case initial provisioning is required, the Relay Node will first select USIM-INI, either by direct application selection or by use of the EF_DIR file.
  1. Direct application selection: with full or with partial AID. It is assumed that the Relay Node knows the "3G application code" within the PIX value reserved for 3GPP USIM-INI.
  2. By use of the EF_DIR file: The Relay Node identifies the USIM-INI, which is characterised by an AID with a "3G application code" within the PIX value reserved for 3GPP USIM-INI, see TS 31.101, and selects the USIM-INI by AID. The AID of the USIM-RN is characterised by an AID with a "3G application code" within the PIX value reserved for 3GPP USIM-RN, see TS 31.101. If the only applications present in EF_DIR are a USIM-RN and a USIM-INI, the terminal omits user presentation and proceeds to application selection.
The USIM applications USIM-INI and USIM-RN are not simultaneously active. USIM-INI is used to establish an initial network connection and USIM-INI is deactivated once the network related operations are finished. USIM-INI is deactivated prior to activating USIM-RN.
USIM-INI may be selected on any logical channel, see TS 31.101. Prior to selecting USIM-RN a new logical channel shall be opened using the MANAGE CHANNEL command as specified in TS 31.101, an application to application secure channel can only be established on a logical channel different from channel 0. USIM-RN is then selected on the new logical channel.
USIM-RN shall be configured to support implicit and explicit application selection. The Relay Node will first select USIM-INI, according to the application selection mechanisms specified in TS 31.101. When the USIM-RN is selected explicitly, the Relay Node shall send a SELECT by AID APDU command in clear text prior to secure channel establishment. The implicit selection mechanism is performed by specifying USIM-RN AID in the MANAGE SECURE CHANNEL - Establish Master SA command.
Up

L.3  Secure channel operationWord‑p. 317
The USIM-RN shall allow communication only via "Secured APDU" secure channel as defined in ETSI TS 102 484 [66].
In case the certificate based solution is used, the UICC inserted in the Relay Node shall contain two USIMs, USIM-RN and USIM-INI. A TLS handshake shall be used to provide key material for the Master SA for the secured APDU protocol, according to ETSI TS 102 484 [66].
Up

L.4  Support of commands

The Relay Node may limit the set of APDU commands encapsulated in TRANSACT DATA command to the strict minimum (READ BINARY, READ RECORD, SELECT, STATUS, UPDATE BINARY, UPDATE RECORD, AUTHENTICATE).
The Relay Node and the UICC shall support letter class 'e' toolkit commands for BIP, see TS 31.111. In order to support toolkit the TERMINAL PROFILE, TERMINAL RESPONSE, ENVELOPE and FETCH commands need to be supported. These commands are not issued on the secure channel. According to TS 31.111, USAT commands shall be sent on logical channel 0.
Up

L.5  Storage of certificates

If the UICC supports the certificate based procedure, the UICC shall be provisioned with the UICC certificate and the root certificate. The UICC certificate, which is used as a server certificate in the TLS handshake, is stored in EFCERT in USIM-INI as it needs to be accessed by the RN for reading the CRL distribution point before establishing the secure channel, for details cf. TS 33.401. The root certificate, which is used to verify the RN certificate in the TLS handshake, is only needed for UICC-internal purposes and need not be stored in an EF.
Up

L.6  Relay Node files support

L.6.1  USIM-INI Files

L.6.1.1  EFCERT (UICC Certificate)

This file contains the UICC Certificate.
Identifier: '6FE9'Structure: transparentOptional
File size: N bytesUpdate activity: low
Access Conditions:
READALW
UPDATEADM
DEACTIVATEADM
ACTIVATEADM
Bytes Description M/O Length
XUICC CertificateMX
The format is as specified in TS 33.401.
Up

L.6.2  USIM-RN FilesWord‑p. 318

L.6.2.1  EFRNid (Relay Node identifier)

This EF contains the Relay Node identifier the USIM-RN is bound to, see TS 33.401.
An USIM-RN shall contain this file. The content of this file is not intended to be read on UICC-RN interface. It serves as a storage location for the Relay Node identifier to which the UICC is bound. The file content is described for the purpose of Over-The-Air update.
Identifier: '6FEA'Structure: transparentOptional
File size: N bytesUpdate activity: low
Access Conditions:
READADM
UPDATEADM
DEACTIVATEADM
ACTIVATEADM
Bytes Description M/O Length
Country Tag '80'O1 byte
Country Length = 2C1 byte
Country code (ASCII characters)C2 bytes
Organization Tag '81'M1 byte
Organization LengthM1 byte
Organization name (characters coded in UTF8)MK bytes
Common Name Tag '82'M1 byte
Common Name LengthM1 byte
Common Name (characters coded in UTF8)ML bytes
Serial Number Tag '82'O1 byte
Serial Number LengthC1 byte
Serial Number (characters coded in ASCII)CM bytes
NOTE:
C: if the Tag is present, this is mandatory
Up

L.6.2.2  EFSCCmax (maximum value of Secure Channel Counter)Word‑p. 319
This EF contains the maximum number of transaction allowed with the same Connection SA, when a secure channel is established. When the counter value in TRANSACT DATA command reaches the maximum value, the terminal shall derive new key material using Manage Secure Channel APDU - establish SA - Connection SA, see ETSI TS 102.484 [66].
An USIM with an Application ID in the USIM-RN range shall contain this file.
Identifier: '6FEB'Structure: transparentOptional
File size: 8 bytesUpdate activity: low
Access Conditions:
READALW
UPDATEADM
DEACTIVATEADM
ACTIVATEADM
Bytes Description M/O Length
8Secure Channel counterM8 byte
Up


Up   Top   ToC