|
TECHNICAL SPECIFICATION
Smart Secure Platform (SSP);
Part 1: Test Specification, general characteristics
(Release 15)
---------------------- Page: 1 ----------------------
Release 15 2 ETSI TS 103 999-1 V15.1.0 (2022-11)
Reference
RTS/SET-00103999-1vf10
Keywords
SSP, testing
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - APE 7112B
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° w061004871
Important notice
The present document can be downloaded from:
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
If you find errors in the present document, please send your comment to one of the following services:
If you find a security vulnerability in the present document, please report it through our
Coordinated Vulnerability Disclosure Program:
https://www.etsi.org/standards/coordinated-vulnerability-disclosure
Notice of disclaimer & limitation of liability
The information provided in the present deliverable is directed solely to professionals who have the appropriate degree of
experience to understand and interpret its content in accordance with generally accepted engineering or
other professional standard and applicable regulations.
No recommendation as to products and services or vendors is made or should be implied.
No representation or warranty is made that this deliverable is technically accurate or sufficient or conforms to any law
and/or governmental rule and/or regulation and further, no representation or warranty is made of merchantability or fitness
for any particular purpose or against infringement of intellectual property rights.
In no event shall ETSI be held liable for loss of profits or any other incidental or consequential damages.
Any software contained in this deliverable is provided "AS IS" with no warranties, express or implied, including but not
limited to, the warranties of merchantability, fitness for a particular purpose and non-infringement of intellectual property
rights and ETSI shall not be held liable in any event for any damages whatsoever (including, without limitation, damages
for loss of profits, business interruption, loss of information, or any other pecuniary loss) arising out of or related to the use
of or inability to use the software.
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and
microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.
© ETSI 2022.
All rights reserved.
ETSI
---------------------- Page: 2 ----------------------
Release 15 3 ETSI TS 103 999-1 V15.1.0 (2022-11)
Contents
Intellectual Property Rights . 15
Foreword . 15
Modal verbs terminology . 16
Introduction . 16
1 Scope . 17
2 References . 17
2.1 Normative references . 17
2.2 Informative references . 18
3 Definition of terms, symbols and abbreviations . 19
3.1 Terms . 19
3.2 Symbols . 19
3.3 Abbreviations . 19
3.4 Formats . 21
3.4.1 Format of the table of optional features: Table 4.1 . 21
3.4.2 Format of the table of optional features: Table 4.2 . 22
3.4.3 Format of the applicability Tables 4.3 and 4.4. 22
3.4.4 Format of the conformance requirements tables . 23
3.4.5 Numbers and Strings . 23
3.4.6 Format of test description clauses . 23
3.4.7 Dynamic content validation in ASN.1 structure . 26
4 Tests environment architecture . 27
4.1 Overview . 27
4.2 Test Tool Data exchange . 29
4.2.1 Introduction. 29
4.2.2 Test tool requirements . 30
4.2.3 Test Tool interface requirements . 30
4.3 Test of a service in the SSP . 30
4.4 Test of a service in the terminal . 30
4.5 Table of services . 31
4.6 Table of service options and other optional features . 31
4.7 Applicability table . 32
5 Conformance requirements . 33
5.0 Introduction . 33
5.1 SSP architecture . 33
5.1.1 Overview . 33
5.1.2 SSP software architecture . 33
5.1.3 SSP hardware architecture . 33
5.1.4 Protocol stacks . 34
5.1.5 Execution framework . 34
5.2 SSP characteristics . 34
5.2.1 Form factors . 34
5.2.2 Power . 35
5.2.3 Clock . 36
5.2.4 SSP initialization . 36
5.2.5 Storage . 37
5.2.6 Data Management . 37
5.2.7 SSP identification . 42
5.2.8 Runtime environment . 42
5.2.9 SSP suspension . 43
5.2.10 SSP applications . 43
5.2.11 SSP security . 44
5.2.12 User interface . 45
5.2.13 Accessor authentication service . 46
ETSI
---------------------- Page: 3 ----------------------
Release 15 4 ETSI TS 103 999-1 V15.1.0 (2022-11)
5.3 Physical interfaces . 51
5.3.1 Overview . 51
5.3.2 Reset . 52
5.3.3 ISO/IEC 7816 interface . 52
5.3.4 SPI interface. 53
5.4 SSP Common Layer (SCL) . 53
5.4.1 Introduction. 53
5.4.2 SCL network . 53
5.4.3 Protocol layers . 54
5.4.4 SCL core services . 54
5.4.5 SCL procedures . 55
5.5 Secure SCL . 56
5.5.1 Protocol Stack . 56
5.5.2 Secure datagram . 56
5.5.3 Security protocol . 57
5.5.4 Accessor authentication service procedure . 57
5.6 Communication layers above SCL . 58
5.6.1 Overview . 58
5.6.2 APDU protocol . 58
5.6.3 File system protocol . 60
5.6.4 Transmission Control Protocol support . 62
5.6.5 User Datagram Protocol support . 65
5.6.6 CRON service support . 67
5.6.7 Contactless related applications support . 68
5.6.8 Card Application Toolkit (CAT) over SCL . 68
5.6.9 Access Control Protocol . 69
5.7 Requirements not testable, implicitly verified or verified elsewhere . 70
5.7.1 Requirements implicitly tested . 70
6 Test Descriptions: SSP Characteristics . 71
6.1 Form Factors . 71
6.1.1 Requirements not testable, implicitly verified or verified elsewhere . 71
6.1.1.1 Requirements not tested . 71
6.2 Power . 71
6.2.1 Requirements not testable, implicitly verified or verified elsewhere . 71
6.2.1.1 Requirements not tested . 71
6.2.1.2 Requirements verified elsewhere . 71
6.3 Clock . 71
6.3.1 Requirements not tested . 71
6.4 SSP Initialization . 72
6.4.1 Configurations . 72
6.4.1.1 CINI_001 . 72
6.4.1.2 CINI_002 . 72
6.4.1.3 ASN.1 definitions . 73
6.4.2 Procedures. 73
6.4.2.1 PINI_001 - Open a pipe session with the Identity gate of the SSP host . 73
6.4.2.2 PINI_002 - Open a pipe session with the Identity gate of the Terminal host . 74
6.4.3 Test descriptions . 74
6.4.3.1 INI_001 - Capability Exchange of SSPCapabilities . 74
6.4.3.2 INI_002 - Capability Exchange of TerminalCapabilities . 76
6.4.3.3 End of test descriptions - INITIALIZATION ASN.1 descriptions . 76
6.4.3.3.1 Annex - End of ASN.1 structure . 76
6.4.3.4 Implicitly tested requirements . 76
6.5 Storage . 76
6.5.1 Requirements not tested . 76
6.6 SSP File System . 77
6.6.1 Configurations . 77
6.6.1.1 CFSS_001 . 77
6.6.1.2 CFSS_002 . 78
6.6.1.3 CFSS_003 . 78
6.6.1.4 CFSS_004 . 79
6.6.1.5 CFSS_005 . 79
ETSI
---------------------- Page: 4 ----------------------
Release 15 5 ETSI TS 103 999-1 V15.1.0 (2022-11)
6.6.1.6 CFSS_006 . 80
6.6.1.7 ASN.1 Configuration . 80
6.6.2 Procedures. 85
6.6.2.1 PFSS_001 - Open a pipe session with the identity gate . 85
6.6.2.2 PFSS_002 - Open a pipe session with the Accessor Authentication service . 86
6.6.2.3 PFSS_003 - Authentication of the root accessor . 87
6.6.2.4 PFSS_004 - Access to the Authentication Service from the root accessor . 88
6.6.2.5 PFSS_005 - Open a pipe session with the Accessor Authentication service . 89
6.6.2.6 PFSS_006 - Creation of FS accessors . 90
6.6.2.6.1 PFSS_061 - Creation of an accessor FS Accessor 1 . 90
6.6.2.6.2 PFSS_0062 - Open a pipe session with the Accessor Authentication service for the FSA1
accessor . 91
6.6.2.6.3 PFSS_0063 - Authentication of the accessor . 91
6.6.2.6.4 PFSS_0064 - Creation of an accessor FS Accessor 2 . 92
6.6.2.6.5 PFSS_0065 - Open a pipe session with the Accessor Authentication service for the FSA2
accessor . 93
6.6.2.6.6 PFSS_0066 - Authentication of the accessor . 93
6.6.2.7 PFSS_007 - Open a secure pipe session to FS control service . 94
6.6.2.7.1 PFSS_0071 - Access to FS control service for FSA1 with secure pipe . 94
6.6.2.7.2 PFSS_0072 - Open a secure pipe session with the FS control service for the FSA1 accessor . 94
6.6.2.7.3 PFSS_0073 - Access to FS control service for FSA2 with secure pipe . 95
6.6.2.7.4 PFSS_0074 - Open a secure pipe session with the FS control service for the FSA2 accessor . 95
6.6.2.8 PFSS_008 - Create directories . 96
6.6.2.8.1 PFSS_0081 - Create directory 1 . 96
6.6.2.8.2 PFSS_0082 - Create directory 2 . 97
6.6.2.8.3 PFSS_0083 - Create directory 3 . 98
6.6.2.8.4 PFSS_0084 - Create directory 4 . 99
6.6.2.9 PFSS_009 - Create files . 100
6.6.2.9.1 PFSS_0091 - Create file 1 . 100
6.6.2.9.2 PFSS_0092 - Create file 2 . 101
6.6.2.9.3 PFSS_0093 - Create file 3 . 102
6.6.2.9.4 PFSS_0094 - Create file 4 . 103
6.6.2.9.5 PFSS_0095 - Create file 5 . 104
6.6.2.9.6 PFSS_0096 - Create file 6 . 105
6.6.2.9.7 PFSS_0097 - Create link 1 . 106
6.6.2.9.8 PFSS_0098 - Create file 7 . 107
6.6.2.9.9 PFSS_0099 - Create file 8 . 108
6.6.3 Test descriptions . 108
6.6.3.1 Create node . 108
6.6.3.1.1 FSS_0011 - Create directory and file . 108
6.6.3.1.2 FSS_0012 - Create link . 110
6.6.3.2 Read file . 111
6.6.3.2.1 FSS_0021 - Read file through Control Pipe . 111
6.6.3.2.2 FSS_0022 - Read file through Data Pipe . 112
6.6.3.2.3 FSS_0023 - Read file with long name from file tree hierarchy . 114
6.6.3.2.4 FSS_0024 - Read file through a Secured Control Pipe. 116
6.6.3.2.5 FSS_0025 - Error when reading file without ReadContent access right . 117
6.6.3.2.6 FSS_0026 - Error when trying to read a file while a previous command is ongoing in the
same file session . 117
6.6.3.3 Write file . 118
6.6.3.3.1 FSS_0031 - Write file . 118
6.6.3.3.2 FSS_0032 - Write file by omitting aOffset . 119
6.6.3.3.3 FSS_0033 - Error when writing file without Write access right. 121
6.6.3.3.4 FSS_0034 - Error when trying to write a file while a previous command is ongoing in the
same file session .
...