ETSI ETS 300 391-1 ed.1 (1995-08)

SLOVENSKI STANDARD
01-december-2003
Svetovne osebne telekomunikacije (UPT) – Specifikacija varnostne arhitekture za
1. fazo sistema UPT – 1. del: Specifikacija
Universal Personal Telecommunication (UPT); Specification of the security architecture
for UPT phase 1; Part 1: Specification
Ta slovenski standard je istoveten z: ETS 300 391-1 Edition 1
ICS:
33.040.35 Telefonska omrežja Telephone networks
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN ETS 300 391-1
TELECOMMUNICATION August 1995
STANDARD
Source: ETSI TC-NA Reference: DE/NA-071401
ICS: 33.040
UPT, security, authentication
Key words:
Universal Personal Telecommunication (UPT);
Specification of the security architecture for UPT phase 1;
Part 1: Specification
ETSI
European Telecommunications Standards Institute
ETSI Secretariat
F-06921 Sophia Antipolis CEDEX - FRANCE
Postal address:
650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE
Office address:
c=fr, a=atlas, p=etsi, s=secretariat - secretariat@etsi.fr
X.400: Internet:
Tel.: +33 92 94 42 00 - Fax: +33 93 65 47 16
Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the
foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 1995. All rights reserved.
New presentation - see History box

Page 2
ETS 300 391-1: August 1995
Whilst every care has been taken in the preparation and publication of this document, errors in content,
typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to
"ETSI Editing and Committee Support Dept." at the address shown on the title page.

Page 3
ETS 300 391-1: August 1995
Contents
Foreword .7
Introduction.7
1 Scope .9
2 Normative references.9
3 Symbols and abbreviations .10
4 Security requirements and security features.10
4.1 Security features in general .10
4.2 UPT security requirements .11
4.2.1 Requirements from the threat analysis .11
4.2.2 Personal data integrity issues.11
4.3 UPT specific security features .12
4.3.1 UPT service features providing security.12
4.3.2 Authentication of UPT user/UPT subscriber .13
4.3.3 Access control features for the UPT access device.14
4.3.4 Access control to service profile information.14
4.3.5 Secure management of the subscription process.14
4.4 UPT security limitations .14
4.5 Security features for IN and inter-network links in general .15
5 Security mechanisms .15
5.1 Access control mechanisms .15
5.1.1 Access control to services.15
5.1.2 Access control to service profile data.16
5.1.3 Access control to the data in the UPT access device .18
5.2 User authentication mechanisms.18
5.2.1 Weak authentication.19
5.2.2 Strong authentication .21
5.3 Security management.23
5.3.1 Security audit trail.23
5.3.2 Event handling.23
5.3.3 Charging control .24
5.3.4 Information management .24
5.4 Service limitations.25
5.5 Security profiles .26
5.5.1 Security profile for weak authentication.26
5.5.2 Security profile for strong authentication .27
6 Parameter sizes and values.27
7 Requirements for the UPT access device.28
7.1 Storage of data .28
7.2 Processing .29
7.2.1 Time-out .30
7.2.2 Calculations by the authentication algorithm.30
7.2.3 Sequence number conversion.30
7.2.4 Authentication code conversion .30
7.2.5 Sequence number incrementation .30
7.3 User interface .30
8 Transmission protocol.31
8.1 Transmission coding.31

Page 4
ETS 300 391-1: August 1995
8.2 Weak authentication. 31
8.2.1 The authentication process. 31
8.2.2 Changing of PIN . 31
8.2.3 Authentication with unblocking . 31
8.3 Strong authentication . 32
8.3.1 General structure. 32
8.3.2 The authentication process. 32
9 Requirements for the AE of the SDF. 32
9.1 Check of PUI and authentication type used . 33
9.2 Weak authentication. 33
9.3 Change of PIN. 33
9.4 Strong authentication . 33
9.4.1 Conversions. 33
9.4.2 Checking and expanding of n . 34
s
10 Authentication algorithms . 34
10.1 The specific UPT algorithm. 34
10.2 The TE 9 algorithm. 34
10.3 Other algorithms. 34
Annex A (informative): Device holder verification. 35
A.1 Introduction. 35
A.2 DHV in the UPT access device . 35
Annex B (informative): Interface between General Part and SM in the DTMF device . 36
B.1 Introduction. 36
B.2 Verification of the device holder by an LPIN. 36
B.3 Time-out . 37
B.4 Unblocking of the device. 37
B.5 Change of LPIN . 38
B.6 One pass authentication by use of a sequence number . 38
B.7 Key management. 38
Annex C (informative): Bill limitation . 39
C.1 Absolute bill limitation . 39
C.2 Bill limitation with respect to time. 39
Annex D (informative): Subscription process and key management. 40
D.1 Subscription process . 40
D.2 Key management. 40
D.2.1 Key generation . 40
D.2.2 Key loading. 41
D.2.3 Key use . 41
D.2.4 Lost key. 42
Annex E (informative): Activity monitoring. 43
E.1 Monitoring points . 43

Page 5
ETS 300 391-1: August 1995
E.1.1 Network centre.43
E.1.2 Network periphery.43
E.2 Monitored activities.44
E.2.1 Authentication .44
E.2.2 UPT calls.44
E.3 Monitoring procedures.44
E.3.1 Account monitoring .44
E.3.2 Authentication monitoring .45
E.3.3 Call monitoring.45
Annex F (informative): Bibliography.46
History.47

Page 6
ETS 300 391-1: August 1995
Blank page
Page 7
ETS 300 391-1: August 1995
Foreword
This European Telecommunication Standard (ETS) has been produced by the Network Aspects (NA)
Technical Committee of the European Telecommunications Standards Institute (ETSI).
This ETS defines the security architecture for Universal Personal Telecommunication (UPT) phase 1.
This ETS consists of 3 parts as follows:
Part 1: "Specification".
Part 2: "Implementation Conformance Statement (ICS) proformas".
Part 3: "Conformance Test Specification (CTS)".
Transposition dates
Date of adoption of this ETS: 28 July 1995
Date of latest announcement of this ETS (doa): 30 November 1995
Date of latest publication of new National Standard
or endorsement of this ETS (dop/e): 31 May 1996
Date of withdrawal of any conflicting National Standard (dow): 31 May 1996
Introduction
UPT is a service which enables improved access to telecommunication services by allowing personal
mobility.
The UPT service enables each UPT user to participate in a user defined set of subscribed services, and
to initiate and receive calls on the basis of a unique, personal, network independent UPT number across
multiple networks at any terminal, fixed, movable or mobile. Such participation is irrespective of
geographic location, limited only by the network capabilities and restrictions imposed by the network
provider. Calls to UPT may also be made by non-UPT users.
ETR 055-2 describes three service scenarios for UPT. This specification of the security architecture deals
only with the restricted, short term UPT service scenario for UPT phase 1. This scenario has restrictions
on networks, services, user friendliness and also on the possibilities to implement security features. The
UPT phase 1 scenario is a set of UPT features that can be implemented without major changes to current
technology, and is basically restricted to provision in Public Switched Telephone Networks (PSTNs) and
Integrated Services Digital Networks (ISDNs). Only the telephone service is provided.
A high level of security is a necessary condition for a telecommunication system like UPT to become a
success. Accountability, incontestable charging and privacy are important examples for requirements that
need to be fulfilled by technical and organizational security measures.
Security mechanisms can only meet their purpose if they are integrated into the system in an appropriate
way. Many of these mechanisms depend on the secure handling of secret information like authentication
keys and Personal Identification Numbers (PINs). Such data needs strong protection against unauthorized
access, e.g. by implementation in logically and physically protected security modules.

Page 8
ETS 300 391-1: August 1995
Blank page
Page 9
ETS 300 391-1: August 1995
1 Scope
This European Telecommunication Standard (ETS) provides a description of the mechanisms necessary
to provide adequate security within the Universal Personal Telecommunication (UPT) service for phase 1.
It is based on the discussion and the conclusions of the general UPT security architecture given in
ETR 083 [1].
In ETR 083 [1], the threat analysis leads to security features which are needed to counter the threats
detected. Some of the threats are already countered by UPT service features. The security features and
mechanisms against the remaining threats are discussed there for all UPT phases. In this ETS, the
specific security requirements, features and mechanisms for UPT phase 1 are specified in detail.
Clause 4 summarizes the phase 1 relevant security requirements and security features by means of
general descriptions. Clause 5 specifies the security mechanisms, especially for access control,
authentication and some security management aspects. Profiles are specified for weak and strong
authentication, respectively. Service limitations and other measures are recommended due to the
restricted possibilities for the implementation of security features in UPT phase 1, especially if only weak
authentication is used.
In clause 6, the sizes and some values of the parameters used in the following clauses are given. clause 7
specifies the requirements for the UPT access device concerning input, output, data storage and the
processing of data. Clause 8 contains the standardization of the exchanged data in the protocol for
authentication. The security requirements for the Service Data Function (SDF) are specified in clause 9.
Finally, the options for the used authentication algorithm are discussed in clause 10.
Only aspects of the UPT security architecture that concern the security of the overall UPT system or data
exchanges with network components are standardized.
Some security aspects need not be standardized, e.g. the mechanism used for Device Holder Verification
(DHV), bill limitation techniques, the interface between the general part of the Dual Tone Multi Frequency
(DTMF) device and its Security Module (SM), the subscription process and key management. They can
be specified according to the service providers' needs, provided that the general security requirements are
considered. However, examples and recommendations on how to realise these features are given in
informative annexes.
Upwards compatibility to later UPT phases is considered as far as useful and possible. This covers
especially the use of IC cards as recommended for UPT phase 2.
2 Normative references
This ETS incorporates by dated or undated reference, provisions from other publications. These
normative references are cited at the appropriate places in the text and the publications are listed
hereafter. For dated references, subsequent amendments to or revisions of any of these publications
apply to this ETS only when incorporated in it by amendment or revision. For undated references, the
latest edition of the publication referred to applies.
[1] ETR 083 (1993): "Universal Personal Telecommunication (UPT); General UPT
security architecture".
[2] ETS 300 380 (1995): "Universal Personal Telecommunications (UPT); Access
devices Dual Tone Multi Frequency (DTMF) sender for acoustic coupling to the
microphone of a handset telephone".

Page 10
ETS 300 391-1: August 1995
3 Symbols and abbreviations
For the purposes of this ETS, the following symbols and abbreviations apply:
AC Authentication Code, calculated in the UPT access device
AC' Authentication Code, calculated in the AE
AE Authenticating Entity
ARA Access Registration Address
CER Call Event Record
d tolerance for the difference between the sequence number sent by the UPT
access device and the sequence number stored in the SDF
DHV Device Holder Verification
DTMF Dual Tone Multi Frequency
f algorithm for the calculation of the AC
FC Feature Code
GP General Part (of the DTMF device)
IN Intelligent Network
K Key
LPIN Local Personal Identification Number
n sequence number, used by the UPT access device
n' expected sequence number, stored in the AE
n sent part of the sequence number, i.e. the 16 least significant bits of n
s
NAP Network Access Point
PABX Private Automatic Branch Exchange
PIN Personal Identification Number
PLMN Public Land Mobile Network
PUI Personal User Identity
RAA Remaining Authentication Attempts
SCF Service Control Function
SDF Service Data Function
SLPIN Special Local Personal Identification Number
SM Security Module
SPIN Special Personal Identification Number
UPT Universal Personal Telecommunication
UPTN UPT Number
4 Security requirements and security features
Security features needed for UPT are specified according to the requirements presented in this ETS and
other related documents.
The different aspects which, alone or combined, serve to create a security feature are described in
subclause 4.1. The security requirements are summarized in subclause 4.2. The chosen security features
for UPT phase 1 are then presented in subclause 4.3, while subclause 4.4 describes some limitations of
UPT security in phase 1. Finally subclause 4.5 gives a statement regarding the need for a secure
Intelligent Network (IN) platform.
4.1 Security features in general
In UPT, as in all practical systems accessible by the general public, many different security features need
to be present and co-operate to give the required level of overall security.
Security services may be distinguished as having one of the following properties:
preventive: intending to make the threat impossible;
reporting: giving the system management or the user information about security problems;
limiting: introducing restrictions into the system in order to limit the consequences of
possible security breaches;
Page 11
ETS 300 391-1: August 1995
restoring: making a quick, safe and orderly return to normal operation after security
problems have occurred;
deterrent: having the property that potential mis-users are deterred because they know
about this security feature.
All of these properties are necessary and valuable elements in the overall UPT security architecture.
4.2 UPT security requirements
The main sources for assessing the security requirements are the threat analysis performed in
ETR 083 [1], ETR 055-11 and the requirements on personal data integrity which have been presented in
the legislative arena.
4.2.1 Requirements from the threat analysis
For phase 1, the most important threats are the following:
- masquerading threats, i.e. the threats where intruders masquerade as UPT users for incoming or
outgoing calls;
- threats connected with unauthorized modification of subscription data or service profile data;
- incorrectness of billing data;
- unauthorized use of UPT access device;
- unauthorized remote registrations.
NOTE: For more detailed information, see ETR 083 [1].
Threats connected with secure answer, multiple registration and outcall registration are not relevant,
because these features are not present in phase 1.
4.2.2 Personal data integrity issues
The security requirements on UPT resulting from the need to protect personal data are not, to a large
extent, specific to UPT, but are typical for many telecommunication services, especially those offering
personal or terminal mobility. Furthermore, they will depend heavily on European and national legislation
enforced for the protection of personal data and the protection of third parties.
Therefore, when offering a specific UPT service or when designing data processing functions and defining
the kind of data being generated or stored within the UPT systems, UPT service providers shall consider
the relevant national data protection laws. Provisional guidelines are to be found in CEC
Directive SYN 287. For UPT, special concern in this respect needs to be paid to the contents of personal
data in the UPT service profile. This data and the access conditions to it for the service provider's
personnel, the subscriber and the UPT user need to be limited, to be in close accordance with the relevant
European guidelines and national laws. As these are, to a large extent, being progressed at present, this
ETS only advises service providers to pay close attention to the requirements being formulated in this
area.
Concerning the protection of third parties the most imminent requirement is the one proposed by CEC
Directive SYN 288 regarding the necessary agreement of the third party in the call forwarding situation.
Although this requirement is not yet formally decided it seems likely that this or a similar requirement will
be legally enforced for the UPT service. This should primarily have impact on the UPT features which
make use of remote registration. Remote registration for incoming calls is, in its effect, very similar to
normal call forwarding, whereas local registration (performed at the line subscriber's premises) may be
considered as having the (indirect) agreement of the line subscriber.
The threat analysis in ETR 083 [1] and the special document on third party protection, ETR 055-11, have
also identified this requirement.

Page 12
ETS 300 391-1: August 1995
These requirements mean that there is a need for some kind of agreement by third parties in the UPT
remote registration situation, and service providers need to take account of the relevant (forthcoming)
national laws concerning the protection features that are required.
4.3 UPT specific security features
In the service descriptions of UPT some features are defined that serve as countermeasures to some of
the identified threats. These features, as well as some frequently used precautions that are normal
practice in telecommunication based services, are described here together with the more specific security
features needed to fulfil the security requirements.
4.3.1 UPT service features providing security
These features alone are not always sufficient to counteract a particular threat, but they nevertheless
contribute (together with other security measures) to attaining the required security level. Important
security features in this category are:
- bill limitation;
- itemized bills;
- activity monitoring;
- announcements;
- blocking of registration;
- reset of registration;
- contractual agreements.
Bill limitation or credit control is the only effective way to limit the consequences of extensive, possibly
unauthorized, use by the user or fraudulent use by masquerading intruders. The limit for accumulated
charges should be set by the service provider in co-operation with the subscriber. In order to be effective,
the control should be performed in connection with the authentication for every outgoing call (in later
phases this may even be extended to in-call control). In the case of overrun of the limit, the service
provider shall not allow any more calls which increase the charges. The user should be made aware of
this situation immediately before the limit is reached and when making attempts for calls after the limit has
been reached.
For extra protection, follow-on outgoing calls may be restricted by the service provider.
Itemized bills play an important role for some threats, which are not easily discovered or prevented
otherwise. A drawback is that detection of problems is delayed until the receipt of the bill and is dependent
on the bill being scrutinized in detail. Knowledge of the fact that itemized billing is used will give a deterrent
effect, which may restrain people from some abuse or misuse of the service.
NOTE 1: Itemized bills can cause privacy problems (e.g. by giving information about the
whereabouts of the user). Special precautions need to be taken to observe the
relevant legal aspects on the protection of personal data when itemized bills are used.
Activity monitoring is the real-time monitoring of activities and events associated with a user's account
or with the UPT service itself including some or all of: authentication attempts; call activities; and charging
indications. The pattern of a user's activity may indicate that the user's account is subject to abuse.
Activity monitoring is the only fast-acting protection against fraudulent use that the UPT service provider
(and indirectly, the service providers UPT subscribers and users) have. This is necessary, particularly if
weak user authentication is used.
Announcements given can play an important role for the security of the service. They need to be
carefully designed to enlighten users and third parties on the different states of their connection or relation
with the operator/service provider.

Page 13
ETS 300 391-1: August 1995
NOTE 2: Announcements can cause privacy problems (e.g. by giving information about the
whereabouts of the UPT user). Special precautions need to be taken to observe the
relevant legal aspects on the protection of personal data when announcements are
chosen.
Blocking of registration can be a way for third parties to permanently avoid UPT registrations. If UPT
blocking is the original default state for all line subscribers and only active unblocking from the line
subscriber permits UPT registrations, then a substantial third party protection can be achieved. This could
be the normal practice for remote registrations for incoming calls. The unblocking could be carried out in
different ways: by written consent from the line subscriber allowing either specific UPT number
registrations or all UPT registrations, or by on-line procedures. The consent could be subject to different
conditions according to what is offered by the UPT service provider in this respect. The third party shall be
able to withdraw any previous agreements.
Local registrations, where registration for incoming calls to a specific line terminal is made from the same
terminal (e.g. determined by a calling line identification feature), should be excluded from this requirement.
NOTE 3: The detailed solution(s) for third party protection against unwanted registrations will
have to await the outcome of the proposed CEC Directive SYN 288 as well as national
legislation regarding call forwarding.
Reset of registration is an essential part of the UPT service. However, it does not give full protection
against problems with unwanted registrations as third parties cannot, in general, be expected to be
familiar with the reset procedures. In phase 1, reset can only be performed as an off line procedure via the
local UPT service provider.
Contractual agreements relating to security issues shall be included in the conditions for the
subscription. Security related parts of the conditions to be agreed and signed by the subscriber may
include:
- to follow the rules (as declared by the UPT service provider and adjoined to the subscription
contract) regarding secure handling of Personal User Identities (PUIs) and PINs for weak
authentication and the corresponding rules regarding use of the advanced DTMF device;
- to report immediately to the service provider, loss of PIN or device or other conditions which may
lead to fraud or misuse;
- to follow the restrictions in the use of service which may be imposed with regard to third party
protection;
- to accept limitations of service with regard to agreed levels of credit control/bill limitation;
- to accept limitations of service which the service provider may subsequently find necessary to
introduce to protect the UPT service as such against misuse or fraud;
- to accept liability regarding the possible fraud or misuse of the subscriber's account when the
subscriber or the subscriber's users have severely broken the rules;
- to impose the corresponding instructions and restrictions on users (if different from the subscriber).
4.3.2 Authentication of UPT user/UPT subscriber
The threats concerning masquerading towards the UPT service provider are the strongest identified and
authentication of the UPT user (and UPT subscriber) is the most important security feature for UPT. For
this reason, only strong authentication, using an advanced DTMF device, is recommended. Weak
authentication is not a sufficient solution in itself and may only be acceptable if accompanied by several
other security features and limitations of the service.
A user contacting the operator or service provider in the case of operator assisted service should be
authenticated, if necessary, to protect the service provider or the UPT users from abuse.

Page 14
ETS 300 391-1: August 1995
NOTE: The authentication service is used by the UPT user accessing the system in various
aspects (registration, outgoing calls, service profile management, etc.) as well as by
the UPT subscriber's access to service profile management.
4.3.3 Access control features for the UPT access device
A strong physical protection is required for implementing the access control to the sensitive information in
the advanced DTMF access device.
Use of an advanced DTMF access device shall be controlled by authentication of the user (i.e. DHV).
4.3.4 Access control to service profile information
Users, subscribers and the service provider's staff shall have access to different parts of the service
profile. For this reason there shall be an access control system. Part of the access control for users and
subscribers will be the authentication described in subclause 4.3.2. Authentication of personnel and
access control in the service provider's local environment should have a dedicated state of the art
solution, suitable for this hardware and software environment.
4.3.5 Secure management of the subscription process
Sound and stringent procedures for administration of subscriptions, all secret information and devices as
well as adequate access control systems for subscription database systems are required.
NOTE: Subscription may (partly) be handled via telecommunication means if there are
adequate security measures (authentication, access control). It is more likely that the
subscription will be manual (personal presence, mail) with the corresponding security
measures taken for this environment.
This service should be designed to cover threats like the following:
- unauthorized modification of subscription data by user or subscriber;
- unauthorized de-subscription;
- denial of service by device malfunction;
- mis-delivery of UPT devices.
The security features to attain the required level of security management may vary substantially
depending on the different environments to be found with service providers and should not be
standardized. Therefore, these requirements and the solutions to them are not discussed further in this
ETS.
4.4 UPT security limitations
Only a few threats identified have not been covered by relevant security features so far, they are all
commented upon in this subclause. Some of these threats are considered to be of less importance either
because of low likelihood, or because they have only minor consequences, often both. For other threats,
no feasible (cost justified) way to protect against them has been identified.
Threats not covered include all those concerned with eavesdropping or active manipulation of the lines
used for UPT registrations. The eavesdropping threats have high vulnerability especially if authentication
data is recorded. There is, however, a substantial difference in risk if weak authentication is used instead
of the recommended strong authentication. This is especially true if the registration data passes over the
air (e.g. in a Public Land Mobile Network (PLMN) access) or if it passes some equipment that has inherent
recording facilities (e.g. some Private Automatic Branch Exchanges (PABXs)). This is one reason to limit
the service of UPT when weak authentication is used.

Page 15
ETS 300 391-1: August 1995
Protection against nuisance registrations to terminals of unknowing or unwilling third parties also do not
yet have a definite solution. The recommended indications, special dial tones, etc. are not sufficient. Reset
of registrations is not generally available in phase 1. Default blocking conditions and active agreement
through pre-registration or on-line agreements are possible, but have not yet been sufficiently evaluated. It
is felt that the best recommendation which can be given at present is for every service provider to closely
watch and follow the requirements of national and European legal entities.
4.5 Security features for IN and inter-network links in general
The requirements for the safe and trusted relation between all the different IN entities, inter and
intra-network, has intentionally been left out of the scope of this ETS. This is not because of the lack of
importance, but because the security architecture on this level should be standardized on a generic basis,
not as a UPT specific solution.
5 Security mechanisms
This clause describes how the security requirements and the security features stated in clause 4 can be
accomplished by security mechanisms. It comprises mechanisms for access control and authentication,
as well as some aspects of the security management (audit trail, event handling, charging control,
information management). Finally, based on specific service limitations, the concept of security profiles for
weak and strong authentication is introduced.
5.1 Access control mechanisms
Access control mechanisms shall be used in the following three fields:
- access to the service based on the user's or subscriber's PUI;
- access to the service profile and other management data by users, subscribers, authorized
personnel of the service providers, and by inquiries from home or visited network nodes;
- access to the data in the UPT access device.
5.1.1 Access control to services
Access control to the UPT service or to certain service functions can be seen as a combined process with
identification and authentication of the involved parties. The process flow of the combined process is
described in subclause 5.2. Access control shall be supported by security management procedures as
described in subclause 5.3.
Mechanisms for access control to services shall make use of the following authorization lists:
- whitelists;
- blacklists.
Whitelists are access control lists or capability lists, which specify the services that the individual UPT
users and subscribers are allowed to use. They may be realized as part of the corresponding service
profile data (see subclause 5.1.2).
Blacklists specify those identities (PUIs) that shall not be accepted to get access to the UPT service, e.g.
because the UPT user has exceeded the credit limit. Blacklists shall be updated as often as necessary.
They shall be realized in the Authenticating Entity (AE) associated with the SDF.
The UPT service provider may define hot lists, too, for those identities where additional measures should
take place, e.g. if detailed activity monitoring should be activated (see annex E).
A PUI is blocked if the access is temporarily denied because of too many consecutive wrong
authentication attempts. Blocking shall be realized in the AE. An unblocking procedure is described in
subclause 5.2.1.
A PUI is named "invalid" if no corresponding service profile data exists.

Page 16
ETS 300 391-1: August 1995
In UPT phase 1, the check of the service profile data for authorization will always be carried out at the
home location of the UPT user. Therefore, no data related to access control needs to be submitted
through the network.
All authorization lists shall be installed in a protected environment.
5.1.2 Access control to service profile data
The access to service profile data should be restricted to the following subjects with different access
rights:
- UPT user;
- UPT subscriber;
- UPT service provider.
The information stored in the service profile can be subdivided into fixed information and variable
information from the UPT user's point of view. The fixed information is typically fixed at subscription time
and can be changed only by the UPT service provider, possibly on request of the UPT subscriber. The
variable information can be changed by the UPT user or the UPT user's UPT subscriber, explicitly by
using UPT service profile management functions or implicitly by using UPT personal mobility functions.
Table 1 shows examples of the different parts of the UPT service profiles, which are essentially taken
from ETR 055-6.
Page 17
ETS 300 391-1: August 1995
Table 1: Parts of the UPT service profiles
A Information set by the service provider at subscription time:
- UPT number;
- PUI;
- default home location of the UPT user;
- bearer services subscribed to (only ISDN);
- teleservices subscribed to (only ISDN);
- UPT supplementary services subscribed to;
- maximum number of failed authentication attempts, before disabling the UPT service profile
access;
- types of authentication procedures subscribed to (weak or strong authentication);
- not allowed Access Registration Addresses (ARAs) for incoming calls.
B Information changeable by the UPT subscriber:
- maximum allowed credit for the user (individual threshold of credit);
- maximum number of terminal accesses for remote registration;
- allowed procedures for the UPT user;
- type of authentication procedure allowed (weak or strong authentication).
C Information changeable by the UPT user:
C1 Service related information:
- activation status for each UPT supplementary service;
C2 Mobility related information modified by UPT service profile management procedures
only:
- default terminal accesses for incoming calls;
- list of terminal accesses for remote registration;
- default duration (or number of calls) for registration for incoming calls;
- information related to UPT supplementary services;
C3 Mobility related information modified by UPT personal mobility procedures only:
- current terminal access for incoming calls.
NOTE: According to the requirements
...