Content for  ETSI TS 102 221   PDF version:  17.1.0

This function initiates a reversible deactivation of an EF. After a DEACTIVATE FILE function the respective flag in the file LCSI_DO shall be changed accordingly. This function shall only be performed if the DEACTIVATE FILE access condition for the EF is satisfied. In case of successful execution of the command, the EF on which the command was applied becomes the current EF. After an unsuccessful execution, the current EF and current DF shall remain the same as prior to the execution. The availability of a deactivated file depends on the "Special File Information (File Status Byte)" byte in the CREATE FILE command (see Table 5 of ETSI TS 102 222 [32]) which was used to create the file:

• if the "Special File Information (File Status Byte)" was not present in the CREATE FILE command or if it was present with b7 set to 0, a deactivated file shall no longer be available within the selected application for any function except for the SELECT and the ACTIVATE FILE functions;
• if the "Special File Information (File Status Byte)" was present in the CREATE FILE command with b7 set to 1, the file is readable and updatable when deactivated.

Input:

• File ID, path or empty.

Output:

• None.

If P1 = P2 = '00' and the data field is empty, then the command applies on the current EF.

This function reactivates a deactivated EF. After an ACTIVATE FILE function the respective flag in the file LCSI_DO shall be changed accordingly. This function shall only be performed if the ACTIVATE FILE access condition for the EF is satisfied. In case of successful execution of the command, the EF on which the command was applied becomes the current EF. After an unsuccessful execution, the current EF and current DF shall remain the same as prior the execution. Input:

• File ID, path or empty.

Output:

• None.

If P1 = P2 = '00' and the data field is empty, then the command applies on the current EF.

An appropriate application shall be selected in the UICC before issuing this command. The function initiates the computation of authentication data by the UICC using a challenge sent from the terminal and a secret stored in the UICC. This command can be used with an EVEN or an ODD instruction (INS) code. The EVEN instruction code can be used when the challenge data provided by the terminal is not TLV encapsulated data and the length of the challenge data provided by the terminal is less than 256 bytes. The support of the ODD instruction code is application specific. It is used when challenge and response data is TLV encapsulated regardless of their length. Terminals and UICCs that do not support applications requiring TLV format do not have to support AUTHENTICATE command with ODD instruction code. EVEN INS code Input:

• Challenge data.

Output:

• Authentication and ciphering data.

ODD INS code The authentication data and the authentication response data are encapsulated in BER-TLV objects structured as defined in clause 11.3 using tag '73' for BER-TLV structured data and tag '53' otherwise. This command can chain successive blocks of authentication data, with a maximum size of 255 bytes each, required for one authentication operation using P1 to indicate the first/next block. The terminal performs the segmentation of the data, and the UICC the concatenation of the data. The first AUTHENTICATE APDU is sent with P1 indicating "First block of authentication data". Following AUTHENTICATE APDUs are sent with P1 indicating "Next block of authentication data". As long as the UICC has not received all segments of the authentication data it shall answer with SW1 SW2 '63 F1'. When all segments of the authentication data are received, the UICC answer with SW1 SW2 '62 F3'. The authentication response data is retrieved from the UICC using one or more separate AUTHENTICATE APDUs with the same chaining mechanism as for the authentication data. The UICC performs the segmentation of the data, and the terminal the concatenation of the response data. The first AUTHENTICATE APDU is sent with P1 indicating "First block of authentication response data". When the UICC receives this first AUTHENTICATE APDU with P1 indicating "First block of authentication response data", it shall perform the command and calculate the authentication response. Following AUTHENTICATE APDUs are sent with P1 indicating "Next block of authentication response data". As long as the UICC has not sent all segments of the authentication response data it shall answer with SW1 SW2 '62 F1'. When all segments of the authentication response data are sent, the UICC shall answer with SW1 SW2 '90 00'. The terminal may issue an AUTHENTICATE APDU indicating "retransmit previous block of authentication data" or "retransmit previous block of authentication response data". Except for P1 the terminal shall use the same parameters as in the previous command. substantial part of the segmented object was already transmitted. If P1 indicates "First block of authentication data" or "Next block of authentication data": Input:

• Authentication data encapsulated in a BER-TLV data object.

Output:

• None.

If P1 indicates "First block of authentication response data" or "Next block of authentication response data": Input:

• None.

Output:

• Authentication response data encapsulated in a BER-TLV data object.

The five least significant bits of parameter P2 specify the PIN key reference number (see clause 9.5.1 for permissible values). Command data:

Response data (generic):

P1 indicates "First block of authentication data" or "Next block of authentication data":

P1 indicates "First block of authentication response data" or "Next block of authentication response data":

Command data:

Response data (generic):

This command opens and closes logical channels. The open function opens a new logical channel other than the basic channel '0'. The UICC shall support channel number assignment by the UICC. If the TERMINAL CAPABILITY command with the tag '81' (Extended logical channels terminal support) is not sent by the terminal then the UICC shall not open more than 3 logical channels in addition to the basic channel. The UICC shall first assign channel numbers in the range 1 to 3 before assigning the extended logical channels number (i.e. from 4 to 19). The close function explicitly closes a logical channel. When a channel has been successfully closed, the channel can be reassigned. The basic logical channel '0' is always available and cannot be closed. Input:

• None.

Output:

• None; or
• the channel number of the logical channel assigned by the UICC.

Response data:

Response data shall only be returned if the value of the parameters P1-P2 of the command is '0000'.

This function is used to create a random number. The generated random number is associated with the logical channel specified in the GET CHALLENGE command CLA. The maximum length of the random number returned by the UICC is specified by the Le parameter in the command parameters data. The quality of the random number generated by this command is determined by the application and is outside the scope of the present document. The generated random number may be used internally by the UICC in procedures specified by the application. The validity of the random number is at least for the next command, on the same logical channel, following the GET CHALLENGE command if not specified differently by the application. The random number referenced is always the latest generated on the logical channel specified in the CLA by the command referencing the usage of a generated random number. Input:

• None.

Output:

• Random number.

Response data: