02.483GPPSecurity mechanisms for the SIM Application ToolkitStage 1TS
For the purpose of the present document, the following terms and definitions apply:
Application Layer: layer above the Transport Layer on which the Application Messages are exchanged between the Sending and Receiving Applications.
Application Message: package of commands or data sent from the Sending Application to the Receiving Application, or vice versa, independently of the transport mechanism. An Application Message is transformed with respect to a chosen Transport Layer and chosen level of security into one or more secured packets.
Counter: mechanism or data field used for keeping track of a message sequence. This could be realised as a sequence oriented or time stamp derived value maintaining a level of synchronisation.
Cryptographic Checksum: string of bits derived from some secret information, (e.g. a secret key), part or all of the Application Message, and possible further information (e.g. part of the Security Header). The secret key is known to the Sending Entity and to the Receiving Entity. The Cryptographic Checksum is often referred to as Message Authentication Code.
Digital Signature: string of bits derived from some secret information, (e.g. a secret key), the complete Application Message, and possible further information (e.g. part of the Security Header). The secret information is known only to the Sending Entity. Although the authenticity of the Digital Signature can be proved by the Receiving Entity, the Receiving Entity is not able to reproduce the Digital Signature without knowledge of the secret information owned by the Sending Entity.
Receiving Application: this is the entity to which the Application Message is destined.
Receiving Entity: this is the entity where the Secured Packet is received (e.g. SMS‑SC, SIM, USSD entry point, or dedicated SIM Toolkit Server) and where the security mechanisms are utilised. The Receiving Entity processes the Secured Packets.
Redundancy Check: string of bits derived from the Application Message and possible further information for the purpose of detecting accidental changes to the message, without the use of any secret information.
Secured Packet: information flow on top of which the level of required security has been applied. An Application Message is transformed with respect to a chosen Transport Layer and chosen level of security into one or more Secured Packets.
Security Header: that part of the Secured Packet which consists of all security information (e.g. counter, key identification, indication of security level, checksum or Digital Signature).
Sender Identification: this is the simple verification of the identity of the Sending Entity by the Receiving Entity comparing the sender identity with an apriori stored identity of the sender at the Receiving Entity.
Sending Application: entity generating an Application Message to be sent.
Sending Entity: this is the entity from which the Secured Packet originates (e.g. SMS‑SC, SIM, USSD entry point, or dedicated SIM Toolkit Server) and where the security mechanisms are invoked. The Sending Entity generates the Secured Packets to be sent.
Status Code: this is an indication that a message has been received (correctly or incorrectly, indicating reason for failure).
Transport Layer: this is the layer responsible for transporting Secured Packets through the GSM network. The transport layer implements one or more transport mechanisms, (e.g. SMS or USSD).
Unsecured Acknowledgement: this is a Status Code included in a response message.
In addition to those below, abbreviations used in the present document are listed in GSM 01.04.
SIM Subscriber Identity Module
SMS Short Message Service
SMS‑SC Short Message Service – Service Centre
USSD Unstructured Supplementary Service Data