H.3 Authentication commands

11.113GPPRelease 1999Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME) InterfaceTS

It is necessary to provide six interfaces to the CAVE Algorithm and Secret Data areas, as listed below:

– Generation of Authentication Signature data, and generation of ciphering keys.

– Validation and storage of entered A-Key’s

– Ask Random task (generates RANDBS)

– Update Shared Secret Data (Generates SSD_A_NEW, SSD_B_NEW and AUTHBS values)

– Confirm Shared Secret Data (Updates SSD values)

– CMEA Encryption of voice channel data digits

NOTE: For each task, the expected normal (i.e. success) status code is listed in the status word description. A list of possible error codes that apply to all tasks can be found in the SIM Status Codes.

The interpretation of these instruction codes (INS in the table below) is valid only for class A0.

Task Name

CLA

INS

P1

P2

Lc

Internal_Authenticate

‘A0’

’88’

’00’

’00’

‘0F’

AKEY_validation

‘A0’

’86’

’00’

’00’

’12’

Ask_Random

‘A0’

‘8A’

’00’

’00’

’04’

Update_SSD

‘A0’

’84’

’00’

’00’

‘0C’

Confirm_SSD

‘A0’

’82’

’00’

’00’

’03’

CMEA_encrypt

‘A0’

‘8C’

’00’

’00’

‘nn’

H.3.1 Generation of Authentication Signature Data and Ciphering Keys

This task produces an Authentication response, and shall be used during mobile Registrations, Originations, Terminations, R_Data messages, SPACH Confirmations, and for the Unique Challenge-Response Procedure. If Byte 0, Bit 1 is set, the SIM should also generate key bits after completing the Authentication function. Some of those ciphering octets may be passed back to the ME for use with supplementary crypto mechanisms which reside in the ME. This task requires the following input parameters:

Task Name

CLA

INS

P1

P2

Lc

Internal_Authenticate

‘A0’

’88’

’00’

’00’

‘0F’

Coding::

Byte 0 Process Control Byte

Bit 0 0=RANDs, 1= RANDU

Bit 1 Generate Key Bits flag (0= No, 1= Yes)

Bit 2 Load Internal key flag:

(0= pass all generated key bytes to handset, 1= load first 8 bytes of generated keys internally to SIM, pass all remaining key bytes to ME)

Bits 3-7 Unused, future expansion

Bytes 1-4 RANDs (for Registrations, Originations, and Terminations)

or

Bytes 1-3 RANDU (for Unique Challenge-Response Procedures)

Byte 4 = 0 (MIN2 will be filled in by SIM)

Byte 5 Digits Length (in bits, =0, 4, 8, 12, 16, 20 or 24,

= 4 x number of digits in bytes 6-8)

Bytes 6-8 =0,0,0 (for Registrations, Terminations, Unique Challenge Response Procedures)

= Last Dialed Digits, unused bits filled with 0’s (for Originations). If more than 6 digits are dialed, these are the last 6 digits in the origination string. If less than 6 digits are dialed, MIN1 will be filled in by the SIM for the unused bits.

Byte 9 Use ME ESN (=’00’)

Bytes 10-13 ESN

Byte 14 Key_size (=0 if Byte 0, Bit 1= 0, =8 (or more) if Byte 0, Bit 1 = 1)

The output of this task shall be:

Status Bytes: SW1 (=’9F’ if success)

SW2 (=’nn’ if success)

(‘nn’ is 03+Key_size if Byte 0, Bit 2 above =0, 03+Key_size-08 if Byte 0, Bit 2 above =1)

H.3.2 Validation and Storage of Entered A-Key’s

With manual entry of the A-key, the input A-Key must be validated prior to its storage in the SIM. If successful, the A-key is saved in the SIM and the COUNTsp and Shared Secret Data (SSD) are reset to zero. This task requires the following input parameters:

Task Name

CLA

INS

P1

P2

Lc

AKEY_validation

‘A0’

’86’

’00’

’00’

’12’

Coding:

Bytes 0 – 12

Authentication digits string (first digit in Most-Significant nibble of byte 0, last digit in Least-Significant nibble of Byte 12, for a total of 26 digits)

Byte 13 Use ME ESN (=’00’)

Bytes 14-17 ESN

The output of this task shall be:

Status Bytes: SW1 (=’90’ if success)

SW2 (=’00’ if success)

H.3.3 Ask Random Task

This task is used to generate the RANDBS random value. This task must be executed prior to updating the Shared Secret Data (SSD). The value RANDSeed must be generated by the ME prior to calling this task. This task requires the following input parameters:

Task Name

CLA

INS

P1

P2

Lc

Ask_Random

‘A0’

‘8A’

’00’

’00’

’04’

Coding:

Bytes 0-3 RANDSeed

The output of this task shall be:

Status Bytes: SW1 (=’9F’ if success)

SW2 (=’04’ if success)

H.3.4 Update Shared Secret Data

This task is used to generate the preliminary new Shared Secret Data (SSD_A_NEW, SSD_B_NEW) and the AUTHBS value. The Ask Random Task (see above) must be executed prior to this routine. The task requires the following input parameters:

Task Name

CLA

INS

P1

P2

Lc

Update_SSD

‘A0’

’84’

’00’

’00’

‘0C’

Coding:

Bytes 0-6 RANDSSD

Byte 7 Use ME ESN (=’00’)

Bytes 8-11 ESN

The output of this task shall be:

Status Bytes: SW1 (=’90’ if success, =’98’ if failure)

SW2 (=’00’ if success, =’04’ if failure)

H.3.5 Confirm Shared Secret Data

This task is used to validate the new Shared Secret Data (SSD_A_NEW, SSD_B_NEW) by comparing the internally computed AUTHBS with the AUTHBSs received from the system. If successful, the SSD_A and SSD_B values will be updated to match the SSD_A_NEW and SSD_B_NEW values, respectively The task requires the following input parameters:

Task Name

CLA

INS

P1

P2

Lc

Confirm_SSD

‘A0’

’82’

’00’

’00’

’03’

Coding:

Bytes 0-2 AUTHBSs

The output of this task shall be:

Status Bytes: SW1 (=’90’ if success)

SW2 (=’00’ if success)

H.3.6 CMEA Encryption of Voice Channel Data Digits

This task is used when the MS is on a Voice Channel, to encrypt and decrypt some portions of digital messages transmitted to the BS. These will occur for the following messages:

– Called Address Message (in response to a hookflash, up to 4 bytes per word, 4 words, total of 16 bytes)

Task Name

CLA

INS

P1

P2

Lc

CMEA_encrypt

‘A0’

‘8C’

’00’

’00’

‘nn’

where ‘nn’ is hex value of data length n

Coding:

Bytes 0 – (n-1) The n-byte data to be encoded, max. size = 32 bytes.

The output of this task shall be:

Status Bytes: SW1 (=’9F’ if success)

SW2 (=’nn’ if success) (‘nn’ is hex value of data length n)

H.3.7 SIM Status Codes

The following status codes, returned by the SIM in response to the execution of any of the tasks specified in this document, are valid. The first hex value is returned in SW1, the second hex value in SW2.

Success Codes:

90, 00 Generic success code

9F, xx Success, xx bytes of data available to be read via "Get_Response" task.

Error Codes:

92, 40 Error, memory problem

94, 08 Error, file is inconsistent with the command

98, 04 Error, no CHV1 has been presented successfully

98, 34 Error, Update SSD order sequence not respected (should be used if SSD Update commands are received out of sequence).

67, xx Error, incorrect parameter P3 (ISO code)

6B, xx Error, incorrect parameter P1 or P2 (ISO code)

6D, xx Error, unknown instruction code given in the command (ISO code)

6E, xx Error, wrong instruction class given in the command (ISO code)

6F, xx Error, technical problem with no diagnostic given (ISO code)

6F, 00 Error, invalid input parameters to authentication computation

Annex I (informative):
EF changes via Data Download or SIM Toolkit applications

This annex defines if changing the content of an EF by the network (e.g. by sending an SMS), or by SIM Toolkit Application (e.g. by using the SIM API), is advisable. Updating of certain EFs, "over the air" such as EFACC could result in unpredictable behaviour of the MS; these are marked "Caution" in the table below. Certain EFs are marked "No"; under no circumstances should "over the air" changes of these EFs be considered.

File identification

Description

Change advised

‘2F05’

Extended Language preference

Yes

‘2FE2’

ICC identification

No

‘4F20’

Image data

Yes

‘4Fxx’

Image Instance data Files

Yes

‘6F05’

Language preference

Yes

‘6F07’

IMSI

Caution (note)

‘6F20’

Ciphering key Kc

No

‘6F2C’

De-personalization Control Keys

Caution

‘6F30’

PLMN selector

Caution

‘6F31’

Higher Priority PLMN search period

Caution

‘6F32’

Co-operative network

Caution

‘6F37’

ACM maximum value

Yes

‘6F38’

SIM service table

Caution

‘6F39’

Accumulated call meter

Yes

‘6F3A’

Abbreviated dialling numbers

Yes

‘6F3B’

Fixed dialling numbers

Yes

‘6F3C’

Short messages

Yes

‘6F3D’

Capability configuration parameters

Yes

‘6F3E’

Group identifier level 1

Yes

‘6F3F’

Group identifier level 2

Yes

‘6F40’

MSISDN storage

Yes

‘6F41’

PUCT

Yes

‘6F42’

SMS parameters

Yes

‘6F43’

SMS status

Yes

‘6F44’

Last number dialled

Yes

‘6F45’

CBMI

Caution

‘6F46’

Service provider name

Yes

‘6F47’

Short message status reports

Yes

‘6F48’

CBMID

Yes

‘6F49’

Service Dialling Numbers

Yes

‘6F4A’

Extension 1

Yes

‘6F4B’

Extension 2

Yes

‘6F4C’

Extension 3

Yes

‘6F4D’

Barred dialling numbers

Yes

‘6F4E’

Extension 4

Yes

‘6F50’

CBMIR

Yes

‘6F51’

Network’s indication of alerting

Caution

‘6F52’

GPRS Ciphering key KcGPRS

No

‘6F53’

GPRS Location Information

Caution

‘6F58’

Comparison method information

‘6F60’

User controlled PLMN Selector with Access Technology

see 3GPP TS 22.011

‘6F61’

Operator controlled PLMN Selector with Access Technology

Caution

‘6F62’

HPLMN Selector with Access Technology

Caution

‘6F63’

CPBCCH information

No

‘6F64’

Investigation scan

Caution

‘6F74’

BCCH information

No

‘6F78’

Access control class

Caution

‘6F7B’

Forbidden PLMNs

Caution

‘6F7E’

Location information

No (note)

‘6FAD’

Administrative data

Caution

‘6FAE’

Phase identification

Caution

Continued…..

File identification

Description

Change advised

‘6FB1’

Voice Group Call Service

Yes

‘6FB2’

Voice Group Call Service Status

Yes

‘6FB3’

Voice Broadcast Service

Yes

‘6FB4’

Voice Broadcast Service Status

Yes

‘6FB5’

Enhanced Multi Level Pre-emption and Priority

Yes

‘6FB6’

Automatic Answer for eMLPP Service

Yes

‘6FB7’

Emergency Call Codes

Caution

NOTE: If EFIMSI is changed, the SIM should issue REFRESH as defined in TSĀ 11.14 [27] and update EFLOCI accordingly.

Annex J (informative):
Change history

This annex lists all change requests approved for this document since the first phase2+ version was approved by ETSI SMG and 3GPP.

Meet
ing

Plenary

tdoc

WG

tdoc

VERS

CR

RV

Rel-
ease

CAT

SUBJECT

Resulting

Version

s16

709/95

154/95

4.15.0

A008

R96

1

SIM Speed Enhancement

5.0.0

s17

062/96

147/95

5.0.0

A006

R96

B

Service Dialling Numbers

5.1.0

060/96

06/96

A009

R96

B

ASCI for VGCS and VBS

060/96

06/96

A010

R96

B

ASCI for eMLPP

059/96

204/95r

A013

R96

C

Interaction between FDNs and ADNs

061/96

05/96

A014

R96

D

Correction of baud rate for SIM Speed enhancement

s18

263/96

57/96

5.1.0

A011

3

R96

B

SIM Application Toolkit protocol enhancements

5.2.0

260/96

45/96

A016

R96

A

SIM presence detection clarification

261/96

54/96

A018

R96

A

Reponse codes and coding of SIM service table

262/96

55/96

A020

R96

A

Reference to International Standards

s19

374/96

102/96

5.2.0

A012

R96

C

Contacting elements

5.3.0

373/96

105/96

A023

R96

A

Clarification of clock stop timing

409/96

107/96

A024

1

R96

B

Emergency Call Codes (ECC)

374/96

108/96

A025

R96

C

Using ranges of CBMIs

s20

580/96

206/96

5.3.0

A021

R96

B

Barred Dialling Numbers

5.4.0

734/96

197/96

A026

R96

B

Addition of Cooperative Network List EF

734/96

197/96

A027

R96

B

Addition of ME Depersonalisation feature and EF

702/96

207/96

A031

R96

D

RFU bit taken into use in GSM 11.12

s21

101/97

97/079

5.4.0

A032

2

R96

D

Ammendment to BDN diagrams in Annex B

5.5.0

101/97

97/086

A033

1

R96

B

DFs for MSS/ PCS1900/other use

101/97

97/056

A034

R96

C

Reading of EFDCK during SIM initialisation

101/97

97/058

A036

R96

D

Administrative Access Conditions

101/97

97/059

A037

R96

B

Format of EFCNL to include fields for Corporate Personal. Code

101/97

97/089

A041

R96

B

Administrative Data field

s22

356/97

183/97

5.5.0

A042

R97

B

Extended language preference

5.6.0

356/97

163/97

A044

1

R96

A

Clarification of electrical/mechanical SIM/ME interface

356/97

179/97

A045

R96

D

Security procedures for 2nd level; DFs located under DF GSM

356/97

187/97

A047

R96

F

Number of bytes returned after a SELECT command

356/97

093/97

A048

R96

D

Serivce table and "radio interface"

356/97

109/97

A049

R96

F

Update Access condition of EFDCK (aligns 11.11 & 02.22)

s23

788/97

97/249

5.6.0

A046

2

R97

B

Short Message Status Reports

5.7.0

788/97

97/243

A050

R96

F

Addition of SDN and BDN in the description of EFCCP

788/97

97/259

A051

1

R97

C

SIM and ME behaviour when SIM is disabled and blocked

788/97

97/262

A053

R96

F

Response data following an ENVELOPE command

788/97

97/260

A054

R96

F

Coding of EFPhase

788/97

97/271

A055

R97

C

Changes to Dialling Number Files and extensions

788/97

97/261

A056

R97

B

Network’s indication of alerting in the MS

s24

97-0886

97/365

5.7.0

A052

2

R97

b

Introduction of UCS2

5.8.0

97-0886

97/383

A057

R97

c

MO SMS control by SIM

At SMG #25, it was decided to create a version 6.0.0 of every specification that contained at least one release ’97 work item and a version 7.0.0 of every specification that contained at least one release ’98 work item.

s25

98-0157

98p052

5.8.0

A058

2

R97

B

Addition of EFs for GPRS

6.0.0

98-0157

98p108

A059

R97

F

Clarification regarding EFCCP records

98-0157

98p094

A061

1

R96

A

Clarification of removal of the SIM

s26

98-0398

98p228

6.0.0

A062

2

R98

B

Icons – addition of EF IMG and DF GRAPHICS

7.0.0

98-0398

98p227

A064

R98

B

Operation of ME with multiple card readers

98-0400

98p237

A065

R98

F

Deletion of all release 97 markers from the R98 version

98-0398

98p240

A066

R97

F

RP-ACK RP-ERROR for SIM data download error

98-0398

98p263

A069

R97

D

Allocation of file ID for IS-41

(continued)

Change History (continued)

Meet
ing

Plenary

tdoc

WG

tdoc

VERS

CR

RV

Rel-
ease

CAT

SUBJECT

ResultingVersion

s27

98-0671

98p339

7.0.0

A071

R98

C

Enhanced image coding schemes (colour icons)

7.1.0

98-0671

A072

1

R98

D

Addition of reference to PCS 1900

s28

P-99-185

9-99-076

7.1.0

A073

1

R98

F

Alignment with 2nd edition of ISO/IEC 7816-3 (1997)

7.2.0

P-99-185

9-99-037

A074

R98

B

Addition of SoLSA data fields

P-99-185

9-99-066

A075

1

R98

B

Addition of CTS fields

P-99-185

9-99-095

A076

1

R98

B

Definition of a file containing the title of the main menu

P-99-185

9-99-072

A077

R98

C

USSD format indication in the SIM Service Table

P-99-185

9-99-093

A078

R98

B

Informative annex on EF changes

P-99-185

9-99-097

A080

R98

C

Additional GPRS field

P-99-188

A082

R98

D

Deletion of $(…….)$ release markers

s29

P-99-412

9-99-163

7.2.0

A083

1

R98

C

EF IMSI changes via data download or SIM toolkit application

8.0.0

P-99-412

9-99-180

A084

R98

F

Addition of RUN AT COMMAND to the SIM service table

P-99-412

9-99-208

A085

R99

C

Alignment of maximum of records in a linear fixed file in GSM 11.11 with ISO/IEC 7816-4

s30

P-99-670

9-99-260

8.0.0

A089

R99

A

Correction for coding of SoLSA "Priority" field

8.1.0

P-99-670

9-99-277

A090

R99

D

Clarification of the Ciphering Indicator disable bit in the EFad File on the SIM

P-99-670

9-99-281

A091

R99

F

Introduction of a new DF for the TIA/EIA-136 technology

P-99-670

9-99-294

A092

1

R99

B

Addition of EF definitions under the PCS 1900 DF

P-99-670

9-99-310

A093

R99

F

Clarification about "Memory Problem" error for EFLOCI update

P-99-670

9-99-300

A094

R99

F

Execution time of SIM toolkit procedures

P-99-670

9-99-311

A095

R99

B

Introduction of a new DF for the TIA/EIA-95 technology

P-99-670

9-99-258

A097

R99

A

Clarification of Optional Status for GPRS files

s31

P-00-137

9-00-0088

8.1.0

A098

R99

F

Clarification of interactions for CBS and the language files on the SIM

8.2.0

P-00-137

9-00-0092

A101

R99

F

Correction to coding of ASCI EF eMLPP.

P-00-137

9-00-0095

A104

R99

F

Addition of coding for ASCI Efs (VGCS and VBS)

P-00-137

9-00-0098

A107

R99

F

Correction of the byte numbering related to EF LOCIGPRS

P-00-137

9-00-0133

A108

R99

F

Corrections and additions to DF-5F40

P-00-137

9-00-0146

A109

1

R99

F

Clarification of manual entry of the A-Key.

P-00-137

9-00-0151

A110

R99

D

Addition of reference to the File ID as used in the TETRA specification.

P-00-137

9-00-0163

A111

1

R99

B

COMPACT Cell Selection

P-00-137

9-00-0155

A112

R99

B

COMPACT Cell Selection – Investigation Scan indicator for packet only systems

P-00-139

9-00-0161

A113

R99

B

Enhancement to CCP coding (CR number incorrect in P-00-139)

P-00-139

9-00-0159

A114

R99

B

Enhancement of BDN feature (CR number incorrect in P-00-139)

s32

P-00-296

9-00-0232

8.2.0

A120

R99

B

DFs for MExE

8.3.0

P-00-296

9-00-0276

A122

R99

C

HPLM length

P-00-296

9-00-0275

A123

R99

A

LAI, RAI and CNL : alignment with GSM 04.08

P-00-296

9-00-0273

A124

R99

F

PLMN Selection Corrections regarding RFU bits


Following the closure of ETSI SMG and the agreement of the 3GPP in July 2000 to undertake responsibility for remaining GSM specifications, the change requests listed below were approved by 3GPP TSG-T. This change in responsibility also changed the specification number from "GSM 11.11" to "3GPP TS 11.11".

TP-09

TP-000176

9-00-0253

8.3.0

A116

R99

F

PLMN Selection Corrections and additions for EDGE

8.4.0

TP-000176

9-00-0269

A119

R99

C

Addition of RPLMN file

TP-000148

T3-000479

A126

R99

F

Standardise the current GAIT commands and reserving these CLA/INS codes

TP-11

TP-010038

T3-010047

8.4.0

A127

R99

F

Addition of file ID for indicating iDEN access technology

8.5.0

TP-010038

T3-010045

A128

R99

F

Correction to default HPLMN RAT

TP-14

TP-010244

T3-010743

8.5.0

A130

R99

F

Corrections

8.6.0

TP-16

TP-020167

T3-020427

8.6.0

A131

R99

F

The identifier of EFRPLMNAcT (RPLMN Last used Access Technology) is inconsistent within the specification

8.7.0

TP-17

TP-020218

T3-020716

8.7.0

A132

R99

F

Inconsistent record length of EF(IMG)

8.8.0

TP-18

TP-020278

T3-020917

8.8.0

A133

R99

F

Essential corrections file size and record lengths in several EFs

8.9.0

Editorial changes to the ranges of bytes within the file as concluded at T3#25.

8.9.0

Removal of comments in clause 11 as given in action AP9/26 to the secretary at T3#26.

8.9.1

TP-21

TP-030177

T3-030652

8.9.1

A135

R99

F

Correction to SMS

8.10.0

TP-030186

T3-030725

A136

R99

F

CR to delete Elementary File EFRPLMNAcT, in accordance with TP-020168 from TP#16 in Marco Island.

TP-22

TP-030247

T3-030948

8.10.0

A137

R99

F

Correction to procedures for service no 21, 22 and 23

8.11.0

TP-030304

A138

1

R99

F

Alignment of EF-HPLMN Search Period with 22.011 and 23.122

TP-23

TP-040029

TP-040129

8.110

A139

R99

F

Correction of image instance descriptor for colour icons

8.12.0

CP-28

CP-050136

C6-050367

8.12.0

A140

R99

F

ISO/IEC 7816-series revision

8.13.0

CP-28

CP-050136

C6-050488

8.12.0

A141

R99

F

ISO/IEC 7811-Series Revision

8.13.0

CP-36

CP-070286

C6-070309

8.13.0

A142

1

R99

F

Correction of reference to ISO/IEC 7816-3

8.14.0