11.113GPPRelease 1999Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME) InterfaceTS
The security aspects of GSM are described in the normative references TS 02.09  and TS 03.20 . This clause gives information related to security features supported by the SIM to enable the following:
‑ authentication of the subscriber identity to the network;
‑ data confidentiality over the radio interface;
‑ file access conditions.
7.1 Authentication and cipher key generation procedure
This subclause describes the authentication mechanism and cipher key generation which are invoked by the network. For the specification of the corresponding procedures across the SIM/ME interface see clause 11.
The network sends a Random Number (RAND) to the MS. The ME passes the RAND to the SIM in the command RUN GSM ALGORITHM. The SIM returns the values SRES and Kc to the ME which are derived using the algorithms and processes given below. The ME sends SRES to the network. The network compares this value with the value of SRES which it calculates for itself. The comparison of these SRES values provides the authentication. The value Kc is used by the ME in any future enciphered communications with the network until the next invocation of this mechanism.
A subscriber authentication key Ki is used in this procedure. This key Ki has a length of 128 bits and is stored within the SIM for use in the algorithms described below.
7.2 Algorithms and processes
The names and parameters of the algorithms supported by the SIM are defined in TS 03.20 . These are:
‑ Algorithm A3 to authenticate the MS to the network;
‑ Algorithm A8 to generate the encryption key.
These algorithms may exist either discretely or combined (into A38) within the SIM. In either case the output on the SIM/ME interface is 12 bytes. The inputs to both A3 and A8, or A38, are Ki (128 bits) internally derived in the SIM, and RAND (128 bits) across the SIM/ME interface. The output is SRES (32 bits)/Kc (64 bits) the coding of which is defined in the command RUN GSM ALGORITHM in clause 9.
7.3 File access conditions
Every file has its own specific access condition for each command. The relevant access condition of the last selected file shall be fulfilled before the requested action can take place.
For each file:
‑ the access conditions for the commands READ and SEEK are identical;
‑ the access conditions for the commands SELECT and STATUS are ALWays.
No file access conditions are currently assigned by GSM to the MF and the DFs.
The access condition levels are defined in the following table:
Table 7: Access condition level coding
4 to 14
Reserved for GSM Future Use
The meaning of the file access conditions is as follows:
ALWAYS: The action can be performed without any restriction;
CHV1 (card holder verification 1): The action shall only be possible if one of the following three conditions is fulfilled:
‑ a correct CHV1 value has already been presented to the SIM during the current session;
‑ the CHV1 enabled/disabled indicator is set to "disabled";
NOTE: Some Phase 1 and Phase 2 SIMs do not necessarily grant access when CHV1 is "disabled" and "blocked".
‑ UNBLOCK CHV1 has been successfully performed during the current session;
CHV2: The action shall only be possible if one of the following two conditions is fulfilled:
‑ a correct CHV2 value has already been presented to the SIM during the current session;
‑ UNBLOCK CHV2 has been successfully performed during the current session;
ADM: Allocation of these levels and the respective requirements for their fulfilment are the responsibility of the appropriate administrative authority
The definition of access condition ADM does not preclude the administrative authority from using ALW, CHV1, CHV2 and NEV if required.
NEVER: The action cannot be performed over the SIM/ME interface. The SIM may perform the action internally.
Condition levels are not hierarchical. For instance, correct presentation of CHV2 does not allow actions to be performed which require presentation of CHV1. A condition level which has been satisfied remains valid until the end of the GSM session as long as the corresponding secret code remains unblocked, i.e. after three consecutive wrong attempts, not necessarily in the same card session, the access rights previously granted by this secret code are lost immediately. A satisfied CHV condition level applies to both DFGSM and DFTELECOM.
The ME shall determine whether CHV2 is available by using the response to the STATUS command. If CHV2 is "not initialized" then CHV2 commands, e.g. VERIFY CHV2, shall not be executable.