ETSI TS 102 484 V11.2.0 (2019-04)

ETSI TS 102 484 V11.2.0 (2019-04)






TECHNICAL SPECIFICATION
Smart Cards;
Secure channel between a UICC and an end-point terminal
(Release 11)

---------------------- Page: 1 ----------------------
Release 11 2 ETSI TS 102 484 V11.2.0 (2019-04)



Reference
RTS/SCP-T0312vb20
Keywords
security, smart card
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2019.
All rights reserved.

TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.
TM TM
3GPP and LTE are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners.
®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
Release 11 3 ETSI TS 102 484 V11.2.0 (2019-04)
Contents
Intellectual Property Rights . 5
Foreword . 5
Modal verbs terminology . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 7
3 Definition of terms, symbols and abbreviations . 8
3.1 Terms . 8
3.2 Symbols . 8
3.3 Abbreviations . 8
4 Overview . 9
5 Secure channel properties . 10
5.0 General . 10
5.1 Secure Channel Lifecycle . 10
5.1.0 General . 10
5.1.1 Secure channel support discovery . 11
5.1.2 Discovery of available endpoints . 11
5.1.3 Negotiate secure channel parameters . 11
5.1.3.0 General . 11
5.1.3.1 Security Associations . 11
5.1.3.2 Master SA . 11
5.1.3.3 Connection SA . 12
5.1.4 Key Agreement . 12
5.1.4.0 General . 12
5.1.4.1 Strong Pre-shared Keys - GBA . 13
5.1.4.2 Strong Pre-shared Keys - Proprietary Pre-agreed keys . 14
5.1.4.3 Weak Pre-shared Keys - Proprietary Pre-agreed keys. 14
5.1.4.4 Certificate exchange . 14
5.1.4.5 Expiration values and Counter Limits for Key Material . 14
5.1.5 Secure Channel Operation . 15
5.1.6 Secure Channel Suspension and Resumption . 15
5.1.7 Secure Channel Termination. 15
5.2 Use of multiple secure channels . 15
5.3 Security Policy Enforcement . 15
6 TLS - Application to Application lifecycle . 16
6.0 General . 16
6.1 Discovery of available endpoints . 16
6.2 Master SA setup . 16
6.2.0 General . 16
6.2.1 Setup using a Pre-shared Key . 16
6.2.2 Setup using Certificates . 16
6.3 Connection SA setup . 17
6.4 Secure Connection Initiation and Data Transmission. 17
6.5 Secure Connection Termination and Resumption . 18
6.6 Master Security Association Termination . 18
7 Secured APDU - Application to Application lifecycle . 18
7.0 General . 18
7.1 Discovery of available endpoints . 18
7.2 Master SA setup . 18
7.3 Connection SA setup . 19
7.4 Secure Connection Initiation and Data Transmission. 20
ETSI

---------------------- Page: 3 ----------------------
Release 11 4 ETSI TS 102 484 V11.2.0 (2019-04)
7.5 SA Termination and Resumption . 21
8 Ipsec - USB class to USB class lifecycle . 21
8.0 General . 21
8.1 Discovery of available endpoints . 22
8.2 Master Security Association . 22
8.3 Secure Connections . 22
8.4 Secure Connection Initiation and Data Transmission. 22
8.5 Secure Connection Termination and Resumption . 23
8.6 Master Security Association Termination . 23
9 Platform to Platform APDU secure channel lifecycle . 23
9.1 Platform to Platform APDU secure channel . 23
9.2 Platform to Platform CAT APDU secure channel . 24
10 Encrypted data coding . 24
10.0 General . 24
10.1 Mapping Data from the Terminal to the UICC . 25
10.1.1 Structure of the data to be encrypted . 25
10.1.2 Definition of the encrypted blob TLV when sending data to the UICC . 26
10.1.3 Mapping of the encrypted blob TLV to C-APDUs . 26
10.2 Mapping response from the UICC to the Terminal . 27
10.2.1 Structure of the data to be encrypted . 27
10.2.2 Definition of the encrypted blob TLV when receiving data from the UICC . 28
10.2.3 Mapping of the encrypted blob TLV to C-APDUs . 28
11 Key Expansion Function Definition . 28
12 eCAT Secure Channel . 28
12.0 General . 28
12.1 Discovery of available endpoints . 29
12.2 Master SA setup . 29
12.3 Connection SA setup . 29
12.4 Secure Connection Initiation and Data Transmission. 30
12.5 SA Termination and Resumption . 31
Annex A (informative): Change history . 32
History . 33

ETSI

---------------------- Page: 4 ----------------------
Release 11 5 ETSI TS 102 484 V11.2.0 (2019-04)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Smart Card Platform (SCP).
The contents of the present document are subject to continuing work within TC SCP and may change following formal
TC SCP approval. If TC SCP modifies the contents of the present document, it will then be republished by ETSI with
an identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x the first digit:
0 early working draft;
1 presented to TC SCP for information;
2 presented to TC SCP for approval;
3 or greater indicates TC SCP approved document under change control.
y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections,
updates, etc.
z the third digit is incremented when editorial only changes have been incorporated in the document.
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI

---------------------- Page: 5 ----------------------
Release 11 6 ETSI TS 102 484 V11.2.0 (2019-04)
1 Scope
The present document specifies the technical implementation of the secure channel requirements specified in
ETSI TS 102 412 [8].
The present document includes the architecture, functional capabilities and characteristics of the Secure Channel
protocol and its associated interfaces transported over the UICC interface specified in ETSI TS 102 221 [1] and over the
UICC USB interface specified in ETSI TS 102 600 [15].
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
• In the case of a reference to a TC SCP document, a non specific reference implicitly refers to the latest version
of that document in the same Release as the present document.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
[1] ETSI TS 102 221: "Smart Cards; UICC-Terminal interface; Physical and logical characteristics".
[2] IETF RFC 4346 (2006): "The Transport Layer Security (TLS) Protocol Version 1.1".
NOTE: The reference to IETF RFC 4346 is intentional, even though the RFC is obsolete.
[3] IETF RFC 4366 (2003): "Transport Layer Security (TLS) Extensions".
NOTE: The reference to IETF RFC 4366 is intentional, even though the RFC is obsolete.
[4] IETF RFC 4279 (2005): "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)".
[5] Void.
[6] Void.
[7] ETSI TS 133 110: "Universal Mobile Telecommunications System (UMTS); LTE; Key
establishment between a Universal Integrated Circuit Card (UICC) and a terminal (3GPP
TS 33.110)".
[8] ETSI TS 102 412: "Smart Cards; Smart Card Platform Requirements Stage 1".
[9] ETSI TS 102 223: "Smart Cards; Card Application Toolkit (CAT)".
[10] ETSI TS 124 008: "Digital cellular telecommunications system (Phase 2+) (GSM); Universal
Mobile Telecommunications System (UMTS); LTE; Mobile radio interface Layer 3 specification;
Core network protocols; Stage 3 (3GPP TS 24.008)".
[11] IETF RFC 6234: "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)".
[12] IETF RFC 2104 (1997): "HMAC: Keyed-Hashing for Message Authentication".
[13] FIPS PUB 180-2: "Secure Hash Standard (SHS)".
ETSI

---------------------- Page: 6 ----------------------
Release 11 7 ETSI TS 102 484 V11.2.0 (2019-04)
[14] ETSI TS 102 225 (V7.3.0): "Smart Cards; Secured packet structure for UICC based applications
(Release 7)".
[15] ETSI TS 102 600: "Smart Cards; UICC-Terminal interface; Characteristics of the USB interface".
[16] ISO/IEC 9797-1: "Information technology -- Security techniques -- Message Authentication Codes
(MACs) -- Part 1: Mechanisms using a block cipher".
[17] Void.
[18] IETF RFC 3268 (2002): "Advanced Encryption Standard (AES) Ciphersuites for Transport Layer
Security (TLS)".
NOTE: The reference to IETF RFC 3268 is intentional, even though the RFC is obsolete.
[19] IETF RFC 5996: "Internet Key Exchange Protocol Version 2 (IKEv2)".
[20] IETF RFC 4301 (2005): "Security Architecture for the Internet Protocol".
[21] IETF RFC 4307 (2005): "Cryptographic Algorithms for Use in the Internet Key Exchange
Version 2 (IKEv2)".
NOTE: The reference to IETF RFC 4307 is intentional, even though the RFC is obsolete.
[22] Void.
[23] IETF RFC 4303 (2005): "IP Encapsulating Security Payload (ESP)".
[24] ETSI TS 102 483: "Smart cards; UICC-Terminal interface; Internet Protocol connectivity between
UICC and terminal".
[25] IETF RFC 4835 (2007): "Cryptographic Algorithm Implementation Requirements for
Encapsulating Security Payload (ESP) and Authentication Header (AH)".
NOTE: The reference to RFC 4835 is intentional, even though the RFC is obsolete.
[26] IETF RFC 5280: "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation
List (CRL) Profile".
[27] IETF RFC 6960: "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol –
OCSP".
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
• In the case of a reference to a TC SCP document, a non specific reference implicitly refers to the latest version
of that document in the same Release as the present document.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
Not applicable.
ETSI

---------------------- Page: 7 ----------------------
Release 11 8 ETSI TS 102 484 V11.2.0 (2019-04)
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the following terms apply:
encrypted blob: Binary Large Object resulting from encrypting plain data
endpoint: application or platform handler on either the terminal or UICC that is capable of being an end of a secure
channel
nonce: number used once
NOTE: Random value that is used only once in a cryptographic message to protect against replay attacks.
security association: set of information required for the channel endpoints to start communicating securely
3.2 Symbols
Void.
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
3DES Triple DES
AES Advanced Encryption Standard
AH Authentication Header
APDU Application Protocol Data Unit
ASCII American Standard Code for Information Interchange
ATR Answer To Reset
BCD Binary Coded Decimal
BER Basic Encoding Rules
BIP Bearer Independent Protocol
CAT Card Application Toolkit
CBC Cipher Block Chaining
CL Counter Limit
CMAC Cipher-based Message Authentication Code
CRL Certificate Revocation List
CSA Connection Security Association
CSAMAC Connection Security Association Message Authentication Code
DES Data Encryption Standard
ESP Encapsulating Security Payload
FFS For Further Study
FIPS Federal Information Processing Standard
GBA Generic Bootstrap Architecture
HMAC Hash Message Authentication Code
ICCID Integrated Circuit Card Identification
IETF Internet Engineering Task Force
IKE Internet Key Exchange
IKE_SA Internet Key Exchange - Security Association
IMEI International Mobile Equipment Identity
IP Internet Protocol
IPsec Internet Protocol security
KIC Key and algorithm Identifier for ciphering
KID Key and algorithm IDentifier for RC/CC/DS
MAC Message Authentication Code
MF Master File
MODP MODular exPonential
ETSI

---------------------- Page: 8 ----------------------
Release 11 9 ETSI TS 102 484 V11.2.0 (2019-04)
MS Master Secret
MSA Master Security Association
OCSP Online Certificate Status Protocol
PPS Protocol and Parameter Selection
PSK Pre-Shared Key
SA Security Association
SHA Secure Hash Algorithm
SSCMAC Start Secure Channel Message Authentication Code
TCP Transmission Control Protocol
TLS Transport Layer Security
TLV Tag Length Value
TSCA Terminal-Supported Ciphering Algorithms
TSIM Terminal-Supported Integrity Mechanisms
UCA UICC Ciphering Algorithm
UIM UICC Integrity Mechanism
USB Universal Serial Bus
UTF Universal Character Set Transformation Format
4 Overview
The present document defines several types of secured data transport protocols that can be used to deliver the secure
channel usecases and requirements specified in ETSI TS 102 412 [8] and the associated mechanisms that can be used to
setup these protocols.
The secured data transport protocols are:
• TLS - Application to Application: This protocol secures IP communication between an application in the
UICC and an application in the terminal or in a device connected to the terminal. Using this protocol, IP
communication by other applications to the UICC may be unsecured. This protocol may be used over the
APDU interface specified in ETSI TS 102 221 [1] using the BIP - UICC Server mode commands specified in
ETSI TS 102 223 [9] or over the Ethernet emulation class of the USB interface specified in ETSI
TS 102 600 [15]. Support for this type of secure channel shall be indicated on per application basis.
• Secured APDU - Application to Application: This protocol secures the APDU communication between an
application in the UICC and an application in the terminal or in a device connected to the terminal. Using this
protocol, APDU communication by other applications to the UICC may be unsecured. This protocol may be
used over the APDU interface specified in ETSI TS 102 221 [1] or the APDU class of the USB interface
specified in ETSI TS 102 600 [15]. Support for this type of secure channel shall be indicated on per
application basis.
• IPsec - USB class to USB class: This protocol secures all IP communication between the UICC and the
terminal when ETSI TS 102 483 [24] is supported over the Ethernet emulation class of the USB interface
specified in ETSI TS 102 600 [15].
• Secured APDU - Platform to Platform: This protocol secures all APDU communication between the UICC
and the terminal. This protocol may be used over the APDU interface specified in ETSI TS 102 221 [1] or the
APDU class of the USB interface specified in ETSI TS 102 600 [15]. Support for this type of secure channel
shall be indicated in the ATR.
• Secured APDU - Platform to Platform CAT: This protocol secures all CAT APDU communication between
the UICC and the terminal and is reusing the Secured APDU - Platform to Platform mechanism but restricted
to CAT related APDUs. This protocol may be used over the APDU interface specified in ETSI TS 102 221 [1]
or the APDU class of the USB interface specified in ETSI TS 102 600 [15]. Support for this type of secure
channel shall be indicated in the MF file control parameters. A terminal and a UICC claiming conformance to
the present document may support this secured data transport protocol.
• eCAT Secure Channel: This protocol secures the eCAT communication between the UICC and an eCAT
client in the terminal as specified in ETSI TS 102 223 [9]. Support for this type of secure channel shall be
indicated on per application basis.
ETSI

---------------------- Page: 9 ----------------------
Release 11 10 ETSI TS 102 484 V11.2.0 (2019-04)
Terminals/applications in the terminal/eCAT clients and UICCs/UICC applications claiming conformance to the present
document shall explicitly state which of these secured data transport protocols they support.
Secured platform to platform channels between the Terminal and a device connected to the terminal are out of scope of
the present document.
To manage the security aspects of these secure channel protocols, Security Contexts are setup which con
...