|
TECHNICAL REPORT
Universal Mobile Telecommunications System (UMTS);
LTE;
SIM/USIM internal and external interworking aspects
(3GPP TR 31.900 version 15.0.0 Release 15)
---------------------- Page: 1 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 1 ETSI TR 131 900 V15.0.0 (2018-07)
Reference
RTR/TSGC-0631900vf00
Keywords
LTE,UMTS
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
The present document can be downloaded from:
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
If you find errors in the present document, please send your comment to one of the following services:
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2018.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
TM TM
3GPP and LTE are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M logo is protected for the benefit of its Members.
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI
---------------------- Page: 2 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 2 ETSI TR 131 900 V15.0.0 (2018-07)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Report (TR) has been produced by ETSI 3rd Generation Partnership Project (3GPP).
The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or
GSM identities. These should be interpreted as being references to the corresponding ETSI deliverables.
The cross reference between GSM, UMTS, 3GPP and ETSI identities can be found under
.
Modal verbs terminology
In the present document "should", "should not", "may", "need not", "will", "will not", "can" and "cannot" are to be
interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
---------------------- Page: 3 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 3 ETSI TR 131 900 V15.0.0 (2018-07)
Contents
Intellectual Property Rights . 2
Foreword . 2
Modal verbs terminology . 2
Foreword . 5
Introduction . 5
1 Scope . 6
2 References . 6
3 Abbreviations . 7
4 Primary clarifications and definitions . 7
4.1 2G and 3G . 7
4.2 SIM, USIM and UICC . 8
4.3 Types of ME . 8
4.4 Types of VLR/SGSN and HLR/AuC . 8
4.5 Security related terms . 9
5 Interworking between the ME and the ICC . 9
5.1 3G ME and UICC . 10
5.2 2G ME and UICC . 11
5.2.1 2G ME of Rel-4 (or earlier) without USIM support . 11
5.2.2 2G ME of R99 or Rel-4 with USIM support or of Rel-5 . 11
5.3 3G ME and SIM . 11
5.3.1 3G ME of R99 or Rel-4 . 11
5.3.2 3G ME of Rel-5 . 11
5.4 2G ME and SIM . 11
5.4.1 2G ME of Rel-4 (or earlier) . 11
5.4.2 2G ME of Rel-5 . 12
6 Authentication and key agreement in mixed networks . 12
6.1 With 3G ME and UICC . 12
6.2 With 2G ME and UICC . 15
6.2.1 2G ME of Rel-4 (or earlier) without USIM support . 15
6.2.2 2G ME of R99 or Rel-4 with USIM support or of Rel-5 . 16
6.3 With 3G ME and SIM . 18
6.3.1 3G ME of R99 or Rel-4 . 18
6.3.2 3G ME of Rel-5 . 20
6.4 With 2G ME and SIM . 20
6.4.1 2G ME of Rel-4 (or earlier) . 20
6.4.2 2G ME of Rel-5 . 21
7 Interworking between a SIM application and a USIM application on a UICC . 21
7.1 IMSI, secret key and authentication algorithm . 22
7.2 File mapping . 23
7.3 Access conditions . 23
7.4 Secret codes . 23
7.5 Activation of 2G and 3G operation modes . 24
7.6 Selection of cyclic files . 25
7.7 Enabling/disabling procedures for dialling numbers . 25
8 Interworking between USIM applications on a UICC . 25
9 SIM and UICC Interworking on the Card/Terminal Interface . 26
Annex A: Interworking table . 27
Annex B: Features for security interworking . 31
ETSI
---------------------- Page: 4 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 4 ETSI TR 131 900 V15.0.0 (2018-07)
B.1 Conversion functions . 31
B.2 3G algorithm execution modes . 31
Annex C: SIM/USIM file mapping table . 33
Annex D: CHV mapping . 35
D.1 In a single-verification capable UICC . 36
D.2 In a multi-verification capable UICC (static mapping) . 36
D.3 In a multi-verification capable UICC (dynamic mapping) . 36
Annex E: Change history . 38
History . 39
ETSI
---------------------- Page: 5 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 5 ETSI TR 131 900 V15.0.0 (2018-07)
Foreword
rd
This Technical Report has been produced by the 3 Generation Partnership Project (3GPP).
The contents of the present document are subject to continuing work within the TSG and may change following formal
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an
identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x the first digit:
1: presented to TSG for information;
2: presented to TSG for approval;
3: or greater indicates TSG approved document under change control.
y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections,
updates, etc.
z the third digit is incremented when editorial only changes have been incorporated in the document.
Introduction
This document describes the different cases of interaction between an Identity Module (GSM-SIM or a 3G-UICC) and a
GSM or 3G mobile equipment with a special focus on the diverse situations that can apply in a mixed 2G/3G network
environment.
Depending on the technical properties of other involved network elements, particularly during authentication and key
agreement, the ICC and the ME may or must support some specific features to allow for compatibility. This is a
complex matter and has generated some amount of confusion as the basic conditions implied by the 3G UICC are not
always as clearly understood as they should be. The present document gives guidance by summarising the important
details and applying them to the (theoretically) possible cases of security interworking along the transmission chain.
The document further tries to explain the options of interworking that exist internally when a SIM and one or more
USIM(s) are implemented together on a single UICC.
As this document is a technical report and not a technical specification, none of its contents have the character of a
requirement. Merely they should be seen as a clarifying summary and straightforward interpretation of the underlying
core specifications.
ETSI
---------------------- Page: 6 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 6 ETSI TR 131 900 V15.0.0 (2018-07)
1 Scope
The present document describes
- the different cases of interworking between a 2G or 3G ICC and a 2G or 3G ME.
- the different cases of interworking between any given ME/ICC combination and the rest of the network
- the possibilities of interworking between a SIM and a USIM together on a single UICC
- the possibilities of interworking between several USIMs on a single UICC
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
• References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies.
[1] 3GPP TS 31.101: "UICC-Terminal Interface; Physical and Logical Characteristics".
[2] 3GPP TS 31.102: "Characteristics of the USIM Application".
[3] 3GPP TS 21.111: "USIM and IC Card Requirements".
[4] 3GPP TS 22.100: "UMTS Phase 1".
[5] 3GPP TS 22.101: "Service Aspects; Service Principles".
[6] 3GPP TS 33.102: "3G Security; Security Architecture".
[7] 3GPP TS 11.11: "Specification of the Subscriber Identity Module - Mobile Equipment Interface".
[8] 3GPP TS 51.011: "Specification of the Subscriber Identity Module - Mobile Equipment Interface".
ETSI
---------------------- Page: 7 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 7 ETSI TR 131 900 V15.0.0 (2018-07)
3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
nd
2G 2 Generation
rd
3G 3 Generation
AKA Authentication and Key Agreement
AuC Authentication Centre
AUTN Authentication Token
BSS Base Station Subsystem
CHV Card Holder Verification
CK Ciphering Key in 3G
DF Dedicated File
EF Elementary File
GERAN GSM/EDGE Radio Access Network
GSM Global System for Mobile Communication
HLR Home Location Register
ICC Integrated Circuit Card
IK Integrity Key
IMSI International Mobile Subscriber Identity
K Secret Key in 3G
Kc Ciphering Key in 2G
Ki Secret Key in 2G
MAC Message Authentication Code
ME Mobile Equipment
PIN Personal Identification Number
RAND Random Challenge
RES Authentication value returned by the USIM in 3G AKA or delivered by the 2G HLR/AuC
SGSN Serving GPRS Support Node
SIM Subscriber Identity Module
SRES Authentication value returned by the SIM or by the USIM in 2G AKA
SQN Sequence Number
TS Technical Specification
TR Technical Report
UICC Universal Integrated Circuit Card
UMTS Universal Mobile Telecommunication System
USIM Universal Subscriber Identity Module
VLR Visitor Location Register
XMAC Expected Message Authentication Code calculated in the USIM in 3G AKA
XRES Expected Authentication value delivered by the 3G HLR/AuC
4 Primary clarifications and definitions
For the purpose of this report, the following clauses clarify the meaning of some important terms.
4.1 2G and 3G
nd
The abbreviation 2G stands for 2 generation technology and characterises elements of a mobile communication
system which are based on the GSM standard, i.e. 2G technical specifications or their equivalent successors under the
3GPP administration. A 2G entity only comprises the mandatory and optional functionality specified in GSM and does
not ensure any forward compatibility with 3G, with a particular exception: 2G terminals of R99 and Rel-4 may and
from Rel-5 onwards have to support the 3G USIM.
rd
The abbreviation 3G stands for 3 generation technology and characterises elements of a mobile communication system
which are based on 3GPP technical specifications. A 3G entity only comprises the mandatory and optional functionality
specified in 3G, features for 2G backward compatibility are only included if explicitly required by the relevant 3G
specifications.
ETSI
---------------------- Page: 8 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 8 ETSI TR 131 900 V15.0.0 (2018-07)
Some 3G specifications differentiate the functional extent of a mobile network entity between releases 98 and earlier
(R98-) and releases 99 and later (R99+). As for example a GSM ME exists in both release categories while a 3G ME is
only defined from release 99 onwards, this split does not make sense without mentioning the respective technology. For
the purpose of this document it therefore appears more appropriate to differentiate between 2G and 3G only, with the
relationship given by
2G = GSM = GSM R98- or GSM R99+
3G = 3G R99+
4.2 SIM, USIM and UICC
The most general term for a smart card, i.e. a micro-controller based access module, not only for mobile communication
purposes, is "ICC". It is always a physical and logical entity and, in the context of this document, either a SIM or a
UICC.
The SIM is the ICC defined for 2G. It has originally been specified as one physical and logical entity, not distinguishing
platform and application. In 3G, the SIM may also be an application on the 3G UICC, then of course only represented
by its logical characteristics. If the SIM application is active, the UICC is functionally identical to a 2G SIM. The SIM
(or SIM application on a UICC) does only accept 2G commands. It is specified in GSM TS 11.11 [7] / TS 51.011 [8].
Unlike the SIM, the USIM is not a physical entity, but a purely logical application that resides on a UICC. It does only
accept 3G commands and is therefore not compatible with a 2G ME. The USIM may provide mechanisms to support
2G authentication and key agreement to allow a 3G ME to access a 2G network. It is specified in 3G TS 31.102 [2].
The UICC is the physical and logical platform for the USIM. It does at least contain one USIM application and may
additionally contain a SIM application. Further to that, the UICC may contain additional USIMs and other applications,
e.g. for mobile banking or mobile commerce purposes, if these fit with the basic physical and logical characteristics of
the UICC. It is specified in 3G TS 31.101 [1].
4.3 Types of ME
For the purpose of this document, the following definitions apply for the ME:
- A 3G ME is either a 3G single mode ME that only supports a 3G radio access network or a 2G/3G dual mode
ME that supports both, a 2G radio access network (GSM) and a 3G radio access network, which ever is present.
In either case it can handle 3G AKA and 2G AKA and is able to interwork with either a USIM application on a
UICC or a SIM. For better understanding, explicit usage of the term "2G/3G dual mode ME" points out
particular requirements.
- A 2G ME does only support a 2G radio access network (GSM).
- If it is of R98 or earlier, it can only handle 2G AKA and is only able to interwork with either a SIM
application on a UICC or a SIM. Then the card interface complies to GSM TS 11.11 [7].
- If it is of R99 or Rel-4, it can handle 2G AKA and is able to interwork with either a SIM application on a
UICC or a SIM. Then the card interface complies to GSM TS 11.11 [7] / TS 51.011 [8]. Additionally, it may
support 3G AKA and be capable to interwork with a USIM application on a UICC. In this optional mode, the
card interface complies to 3G TS 31.101 [1] and 3G TS 31.102 [2].
- If it is of Rel-5 or later, it can handle 2G AKA and 3G AKA (depending on the current network situation) and
is capable to work with a USIM application on a UICC. On the card interface, it behaves just like a 3G ME,
i.e. it complies to 3G TS 31.101 [1] and 3G TS 31.102 [2]. As a recommended option, the 2G ME of Rel-5
and onwards may additionally support a 2G SIM.
4.4 Types of VLR/SGSN and HLR/AuC
For the purpose of this document, the following definitions apply for the VLR/SGSN and HLR/AuC:
- A 2G HLR/AuC supports triplet generation for 2G subscriptions, but does not support quintet generation. Only
2G AKA can be performed. A triplet consists of RAND, RES and Kc, while a quintet comprises RAND, XRES,
CK, IK and AUTN. A 2G HLR/AuC does not support any conversion functions.
ETSI
---------------------- Page: 9 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 9 ETSI TR 131 900 V15.0.0 (2018-07)
- A 3G HLR/AuC supports quintet generation for 3G subscriptions. To support 2G AKA, i.e. to convert quintets
into triplets, it shall support conversion functions c2 and c3 as defined in 3G TS 33.102 [6]. It may additionally
support pure triplet generation for 2G subscriptions.
- A 2G VLR/SGSN only supports 2G AKA and can only be attached to a 2G BSS. It does not support any
conversion functions.
- A 3G VLR/SGSN supports 3G AKA and 2G AKA. It can be attached to a 3G BSS and/or a 2G BSS. To convert
quintets from a 3G HLR/AuC into triplets necessary for 2G AKA, it shall support conversion functions c2 and c3
as defined in 3G TS 33.102 [6].
4.5 Security related terms
2G AKA is the procedure to provide authentication of an ICC to a serving network domain and to generate the key Kc
in accordance to the mechanisms specified in TS 03.20. In a mixed 2G/3G network environment 2G AKA is performed
when - except for the BSS - at least one other element is 2G.
3G AKA is the procedure to provide mutual authentication between an ICC and a serving network domain and to
generate the keys CK and IK in accordance to the mechanisms specified in 3G TS 33.102 [6]. For 3G AKA all involved
elements - except for the BSS - have to be 3G.
2G Security Context is a state that is established between a user and a serving network domain (i.e. between the ICC
and the VLR/SGSN) after the execution of 2G AKA, with ciphering Kc available at either side.
3G Security Context is a state that is established between a user and a serving network domain (i.e. between the ICC
and the VLR/SGSN) after the execution of 3G AKA, with ciphering and integrity protection keys CK and IK available
at either side. 3G Security Context is still given, if these keys are converted into Kc to work with a 2G BSS.
5 Interworking between the ME and the ICC
The 3G system is designed to be compatible with GSM and several interworking requirements apply. Regarding the
ICC/ME interface, some basic requirements can be identified in the 3G standards. They are differing between the
subsequent releases:
For R99, the following applies:
- In 3G TS 22.100 [4]: "The UMTS mobile terminal shall support phase 2 and phase 2+ GSM SIMs as access
modules to UMTS networks." In other words: A R99 3G ME shall support a 2G ICC.
- In 3G TS 22.101 [5]: "It shall be possible to use the UICC in 2G terminals to provide access to GSM networks.
In order to achieve that option, it shall be possible to store a module containing 2G access functionalities on the
UICC which shall be accessed via the standard GSM SIM-terminal interface. " In other words: The R99 UICC
may contain a SIM application.
- Additionally, a 2G terminal of R99 may provide a USIM interface. For Rel-4, 3G TS 22.100 [4] does not exist.
There are however similar statements in 3G TS 22.101 [5]:
- "The basic mandatory UE requirements are: Support for GSM phase 2 and 2+ SIM cards […]", meaning that
also a Rel-4 ME does work with a 2G ICC.
- "It shall be possible to use the UICC in 2G terminals to provide access to networks supporting GERAN
(including networks based on earlier GSM specifications). In order to achieve that option, it shall be possible to
store a module containing 2G access functionalities on the UICC, which shall be accessed via the standard SIM-
terminal interface." In other words: The Rel-4 UICC may contain a SIM application.
- Additionally, a 2G terminal of Rel-4 may provide a USIM interface.
Therefore, in R99 and Rel-4 we have the same situation. Note that it is not a mandatory requirement in R99 and Rel-4
that a USIM has to be supported by a 2G ME. However, it is optional and in addition to the 2G SIM interface. In order
to allow a 3G UICC to work in a 2G ME where the USIM is not supported, it is feasible to put a SIM application
[7] / TS 51.011 [8]) onto the UICC in addition to the USIM.
(according to TS 11.11
ETSI
---------------------- Page: 10 ----------------------
3GPP TR 31.900 version 15.0.0 Release 15 10 ETSI TR 131 900 V15.0.0 (2018-07)
For Rel-5, the requirement for 2G MEs to support 2G ICCs was deleted from 3G TS 22.101[5], instead the following
statements were inserted:
- "In Release 5 and later, terminals supporting only GERAN shall support USIM." with a note "It is strongly
recommended that manufacturers implement SIM support on GERAN only terminals until the population of
SIMs in the market is reduced to a low level."
- "The basic mandatory UE requirements are: Support for USIM. Optional support of GSM phase 2, 2+, 3GPP
Release 99 and Release 4 SIM cards. […] Support for the SIM is optional for the UE, however, if it is supported,
all the mandatory requirements for SIM shall be supported in the UE […]."
This means basically that for 2G and 3G MEs of Rel-5 the support of 2G SIMs is now optional and it is mandatory (in
particular for the 2G ME) to support the USIM. Note that although a SIM application on the UICC is no longer
mentioned, it is still essential (and certainly allowed) to support Rel-4 and earlier terminals that do not optionally accept
a USIM with a SIM application on Rel-5 UICCs. In this case, the Rel-4 SIM specifications apply.
For the ICC/ME interface, with two main types of ME (3G and 2G) and two main types of ICC (UICC and SIM), four
different scenarios can be identified. They are described in the following sections with appropriate splits into sub-
sections if release specific differences have to be taken into account.
5.1 3G ME and UICC
...