SIST ETS 300 790 E1:2003

SLOVENSKI STANDARD
01-december-2003
Svetovne osebne telekomunikacije (UPT) – Varnostna arhitektura za UPT – Faza 2:
Specifikacija
Universal Personal Telecommunication (UPT); Security architecture for UPT phase 2;
Specification
Ta slovenski standard je istoveten z: ETS 300 790 Edition 1
ICS:
33.040.35 Telefonska omrežja Telephone networks
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN ETS 300 790
TELECOMMUNICATION October 1997
STANDARD
Source: NA Reference: DE/NA-064006
ICS: 33.020
Key words: UPT, security, card
Universal Personal Telecommunication (UPT);
Security architecture for UPT Phase 2;
Specification
ETSI
European Telecommunications Standards Institute
ETSI Secretariat
Postal address: F-06921 Sophia Antipolis CEDEX - FRANCE
Office address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCE
X.400: c=fr, a=atlas, p=etsi, s=secretariat - Internet: secretariat@etsi.fr
Tel.: +33 4 92 94 42 00 - Fax: +33 4 93 65 47 16
Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and the
foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 1997. All rights reserved.

Page 2
ETS 300 790: October 1997
Whilst every care has been taken in the preparation and publication of this document, errors in content,
typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to
"ETSI Editing and Committee Support Dept." at the address shown on the title page.

Page 3
ETS 300 790: October 1997
Contents
Foreword .5
Introduction.5
1 Scope .7
2 Normative references.7
3 Definition and abbreviations .8
3.1 Definition.8
3.2 Abbreviations .8
4 Security requirements and security features.8
4.1 UPT Phase 2 security requirements .9
4.1.1 Requirements from the threat analysis .9
4.1.2 Personal data integrity issues.11
4.1.3 Additional requirements on UPT interworking with GSM .11
4.1.4 Additional requirements on UPT interworking with ISDN.12
4.1.5 Additional requirements on UPT interworking with data services .12
4.1.6 UPT Security requirements associated with the use of UPT cards.12
4.1.6.1 Management requirements.12
4.1.6.2 Operational requirements .13
4.2 UPT security features .14
4.2.1 Authentication features.14
4.2.1.1 Discussion on possible features to meet the
authentication requirements .14
4.2.1.2 Evaluation and choice of security features for
authentication .15
4.2.2 Security management .15
4.2.3 Reset and blocking.15
4.2.4 Security features related to the use of UPT cards .16
4.2.5 Security features available as UPT supplementary services .16
4.3 UPT security limitations .16
5 Security mechanisms .17
5.1 Access control mechanisms .17
5.1.1 Access control to the services.17
5.1.2 Access control to the service profile data.17
5.1.3 Access control to the data in the UPT card.18
5.2 User authentication mechanism .18
5.2.1 Two pass strong authentication.19
5.2.2 Authentication of the user to the UPT card .21
5.3 Extra authentication for outgoing calls.21
5.4 Special authentication for called party specified secure answering of incoming calls.22
5.5 Security management.22
5.5.1 Charging control .22
5.5.2 Information management .23
5.5.3 Service restrictions for OCR and for Remote OCR (ROCR).23
5.5.4 Warnings about registration side effects.23
5.5.5 Security management of the UPT card .23
5.6 Service limitations.23
5.7 Security profiles .24
5.7.1 Security profile for weak authentication.25
5.7.2 Security profile for one pass strong authentication .25
5.7.3 Security profile for two pass strong authentication.25
6 Parameter sizes and values.26

Page 4
ETS 300 790: October 1997
7 Functional specification of the UPT card. 26
7.1 Storage of data. 26
7.2 Processing. 27
7.2.1 Time-out. 27
7.2.2 Calculations by the authentication algorithm . 27
7.3 User interface. 27
8 Functional specification of the security protocol . 28
8.1 Two pass strong authentication . 28
8.2 Extra authentication for OCPIN. 28
8.3 Special authentication for SAPIN . 28
9 Functional specification of the AE. 29
9.1 Check of PUI and authentication type used . 29
9.2 Two-pass strong authentication . 29
9.3 SAPIN and OCPIN procedures . 30
9.4 PIN change check .30
10 Authentication algorithms . 30
10.1 The USA-4 algorithm.30
10.2 The TESA-7 algorithm. 30
10.3 Other algorithms. 31
10.4 Same algorithm for one pass and two pass strong authentication . 31
Annex A (normative): Implementation Conformance Statement (ICS) proformas . 32
A.1 Scope. 32
A.2 Abbreviations . 32
A.3 ICS proforma for UPT cards used for two pastrong authentication. 33
A.3.1 Introduction. 33
A.3.2 Identification of the implementation, product supplier and test laboratory client. 33
A.3.3 Identification of the ETS . 33
A.3.4 Global statement of conformance . 33
A.3.5 Main features. 33
A.4 ICS proforma for card reading terminals supporting UPT . 34
A.4.1 Introduction. 34
A.4.2 Identification of the implementation, product supplier and test laboratory client. 34
A.4.3 Identification of the ETS . 34
A.4.4 Global statement of conformance . 34
A.4.5 Main features. 35
A.5 ICS proforma for the AE . 35
A.5.1 Introduction. 35
A.5.2 Identification of the ETS . 35
A.5.3 Global statement of conformance . 35
A.5.4 Main features. 35
Annex B (informative): Bibliography . 37
History. 38

Page 5
ETS 300 790: October 1997
Foreword
This European Telecommunication Standard (ETS) has been produced by the Network Aspects (NA)
Technical Committee of the European Telecommunications Standards Institute (ETSI).
This ETS, in association with ETS 300 791 [5], forms the specification of the security architecture for UPT
Phase 2.
Transposition dates
Date of adoption: 19 September 1997
Date of latest announcement of this ETS (doa): 31 December 1997
Date of latest publication of new National Standard
or endorsement of this ETS (dop/e): 30 June 1998
Date of withdrawal of any conflicting National Standard (dow): 30 June 1998
Introduction
Universal Personal Telecommunication (UPT) is a service that enables improved access to
telecommunication services by allowing personal mobility. It enables each UPT user to participate in a
user defined set of subscribed services, and to initiate and receive calls on the basis of a unique,
personal, network independent UPT number across multiple networks at any terminal, fixed, movable or
mobile. Such participation is irrespective of geographic location, limited only by the network capabilities
and restrictions imposed by the Service Provider (SP), the subscriber or the user himself. Calls to a UPT
user may also be made by non-UPT users.
ETSI TC NA has defined three service scenarios for UPT (ETR 055). This ETS of the security architecture
deals with the basic UPT service scenario (UPT Phase 2). This scenario should cover also the Global
System for Mobile communications (GSM) network (whereas Phase 1 covered Public Switched
Telephone Network (PSTN) and Integrated Services Digital Network (ISDN)), data services (whereas
Phase 1 covered the telephony service), Identity Code (IC) cards and IC card reading devices or terminals
for authentication (whereas Phase 1 covered only Dual Tone Multi-Frequency (DTMF) signalling for
authentication). The UPT Phase 2 also offers a more complete set of service features, including
registration for outgoing calls, secure answer, call pick-up and a set of supplementary UPT features.
A high level of security is a necessary condition for a telecommunication service like UPT to become a
success. Accountability, incontestable charging, and privacy are important examples on requirements that
have to be fulfilled by technical and organizational security measures.
Security mechanisms can only meet their purpose if they are integrated into the system in an appropriate
way. Many of these mechanisms depend on the secure handling of secret information like authentication
keys and Personal Identity Numbers (PINs).
This ETS in combination with ETS 300 391-1 [2] specifies the complete security architecture for UPT
Phase 2. It should be noted that this ETS is meant to be in addition to the Phase 1 ETS ("delta
document"). For instance, a new security mechanism using IC cards is described. For security reasons,
authentication should be performed by means of UPT cards, when the infrastructure of UPT card reading
terminals has been widely established. It is envisaged that the use of strong authentication will increase.

Page 6
ETS 300 790: October 1997
Blank page
Page 7
ETS 300 790: October 1997
1 Scope
This European Telecommunication Standard (ETS) provides a description of the additional requirements,
features and mechanisms necessary to provide adequate security within the UPT service for Phase 2. It is
based on the specification of the Security Architecture for UPT Phase 1, given in ETS 300 391-1 [2] and it
specifies the additions to Phase 1 only. The specific security requirements, features and mechanisms
additionally needed for UPT Phase 2 are specified in detail. Where applicable Phase 1 is referred to.
Downwards compatibility to UPT Phase 1 is fulfilled. Both this ETS and ETS 300 391-1 [2] are based on
the general UPT security architecture given in ETR 083 [1], which describes the threat analysis and
security requirements. Only aspects of the UPT security architecture that concern the security of the
overall UPT service and information exchange between the user and the network are standardized.
Clause 4 summarizes the Phase 2 relevant security requirements and security features. It also specifies
the security requirements to provide UPT on GSM, ISDN and other modern networks. Furthermore, the
requirements for cards in UPT (either via card reading terminals or card reading devices) and the
requirements for data services are specified.
Clause 5 specifies the security mechanisms for access control, the two pass strong authentication
mechanism, security management measures and security profiles.
Clause 6 summarizes the sizes of the parameters used in the mechanisms.
The next three clauses give the functional specifications of respectively the UPT card (see clause 7), the
security protocol (see clause 8) and the Authenticating Entity (AE), (see clause 9).
Clause 10 describes the possible authentication algorithms to be used in UPT Phase 2, such as
UPT Security Algorithm (USA-4) and TE7 Security Algorithm (TESA-7).
Three relevant Implementation Conformance Statement (ICS) proformas are specified in annexes.
2 Normative references
This ETS incorporates by dated or undated reference, provisions from other publications.
These normative references are cited at the appropriate places in the text and the publications are listed
hereafter. For dated references, subsequent amendments to or revisions of any of these publications
apply to this ETS only when incorporated in it by amendment or revision. For undated references, the
latest edition of the publication referred to applies.
[1] ETR 083 (1993): "Universal Personal Telecommunication (UPT); General UPT
security architecture".
[2] ETS 300 391-1 (1995): "Universal Personal Telecommunication (UPT);
Specification of the security architecture for UPT Phase 1; Part 1: Specification".
[3] ISO/IEC 9646-7 (1995): "Information technology - Open systems interconnection
- Conformance testing methodology and framework - Part 7: Implementation
Conformance Statements".
[4] ETS 300 406 (1995): "Methods for Testing and Specification (MTS); Protocol
and profile conformance testing specifications - Standardization methodology".
[5] ETS 300 791: " Universal Personal Telecommunication (UPT); Security
architecture for UPT Phase 2 Conformance Test Specification (CTS)".

Page 8
ETS 300 790: October 1997
3 Definition and abbreviations
3.1 Definition
For the purposes of this ETS, the following definition applies:
UPT card: A UPT card is an IC card used for identification and authentication purposes in a UPT service.
UPT cards can be used for one pass strong authentication in the advanced DTMFdevices and for two
pass strong authentication in card reading terminals. For the purpose of this ETS the latter definition
applies.
3.2 Abbreviations
For the purposes of this ETS, the following abbreviations apply:
AC Authentication Code, calculated in the UPT cardand in the AE
AE Authenticating Entity
ARA Access Registration Address
CHV Card Holder Verification
CLIP Calling Line Identification Presentation
CLIR Calling Line Identification Restriction
COLP COnnected Line identity Presentation
CT Command Type
CUG Closed User Group
DTMF Dual Tone Multi-Frequency
f authentication algorithm
GSM Global System for Mobile communications
IC Identity Code
ICS Implementation Conformance Statement
ISDN Integrated Services Digital Network
K Authentication Key
MAC Message Authentication Code
NAP Network Access Point
OCPIN Outgoing Call PIN
OCR Outgoing Call Registration
PIN Personal Identity Number
PSTN Public Switched Telephone Network
PUI Personal User Identity
RAND RANdom number
ROCR Remote Outgoing Call Registration
SA Secure Answer
SAPIN Secure Answer PIN
SDF Service Data Function
SIM Subscriber Identification Module
SP Service Provider
T Timer value in the UPT card
T Maximum value of T
MAX
TESA-7 TE7 Security Algorithm
UPT Universal Personal Telecommunication
USA-4 UPT Security Algorithm
4 Security requirements and security features
Security features needed for UPT Phase 2 are specified according to the requirements presented in
ETR 083 [1] and other ETSI UPT reports. In ETS 300 391-1 [2] are specified the security requirements
related to the Phase 1 service.
Subclause 4.1 specifies the additional Phase 2 requirements. Subclause 4.2 specifies the security
features and subclause 4.3 describes the limitations of security in UPT Phase 2.

Page 9
ETS 300 790: October 1997
4.1 UPT Phase 2 security requirements
The main sources for assessing the security requirements are the threat analysis performed in
ETR 083 [1]. However, properties of Phase 1 security features when combined with Phase 2 services lead
to new threats and security requirements as described in this subclause.
4.1.1 Requirements from the threat analysis
The same text as in ETS 300 391-1 [2], subclause 4.2.1 is valid. For UPT Phase 2 the following additions
and changes, if any, are relevant.
Hereafter are listed the Phase 2 core and additional features, the new threats related to the use of these
new UPT features and the requirements arising from the threat analysis.
Outcall registration, allcall registration, linked registration (features remotely activated or not):
- some people can take a subscription, intensively use it and avoid paying the bill. The impact is
emphasized by the possibility to make several outcall registrations at the same time. This implies
the need for more efficient security management and services restrictions in order to limit losses;
- masquerading as a UPT user for outcall registration, allcall registration and linked registration. For
these UPT features masquerading is a stronger threat tyhan it is for single outgoing calls.
Introducing these UPT features increases the economic risks in the case that an intruder acquires
valid authentication data. An unauthorized UPT registration for outgoing calls can be exploited in a
straight forward way and resulting in very high fraudulent usage. Therefore, the authentication
feature shall make it as difficult as possible for an intruder to get valid authentication data. One pass
strong authentication codes can sometimes be recorded offline or online in an unauthorized way
and be used fraudulently there after. Two pass strong authentication is therefore considered
stronger. A sophisticated way to masquerade as a UPT user is to monitor the line between the real
user and his SP and when the authentication has been performed to cut the line to the user and act
as the real user. This may lead to fake Outgoing Call Registration (OCR) and requires a security
feature reducing the risks of this threat;
- a registered user may be unable to supervise the registered terminal(s). It shall be possible for the
user to have the option to use an extra authentication feature in order to protect the access of the
terminals he is registered on;
- a line subscriber may use his own line without being aware that a UPT user is registered on it for
outgoing calls. The UPT user may receive later on the list of calls (itemized bill) made by the line
subscriber. It is required that the line subscriber is warned that someone has registered for outgoing
calls on his terminal.
Called party specified secure answering of incoming calls:
- if a third party is succeeding to masquerade as a UPT SP he may require an authentication to be
performed simply by making a telephone call to the UPT user. The resulting authentication code (if
the existing one pass strong authentication is used) or PIN (if the weak authentication is used), can
be recorded and used later on for an illegal registration or outgoing call etc. This leads to the
security requirement that two pass strong authentication shall be used.
- However, certain network access points do not support the use of two pass strong authentication. In
that case a UPT user who is normally authenticated with two pass strong authentication, may be
given the possibility to use the called party specified secure answer service with another
authentication mechanism. Considering the threat mentioned above, therefore, a special
authentication code for secure answer is introduced as a user option. This code shall be different
from the one used for weak authentication.
Network specified secure answer:
- network specified secure answer is a UPT Phase 2 supplementary service with the same definition
as for called party specified secure answer except this service requires two pass strong
authentication. The service cannot be deactivated by the UPT user once subscribed to. It is
recognized that this implies that some calls will be prevented.

Page 10
ETS 300 790: October 1997
Calling UPT user specified secure answer of calls to UPT users:
- similar threat and requirement as called party specified secure answering of incoming calls.
Call pick-up:
- to be sure that the right UPT user picks up the call, the use of the call pick-up procedure requires
authentication of the user.
Multiple registration:
- in case of multiple terminal access registration, the threats misuse of subscription (no intention to
pay the bill) and the masquerading threat will have increased risks and evaluation level.
The security management functions (charging control, bill limitation) shall be dimensioned for this
situation. The number of simultaneously registered terminals shall be limited.
Calling party identity presentation and calling party identity restriction:
- these supplementary services are similar to the corresponding services defined for PSTN and ISDN
and should be subject to the same availability and restrictions as required by laws and rules for
personal data integrity protection. If the calling party is a UPT user the terminal access number (line
identity) shall never be presented to the called party, only the UPT identity, so that the UPT user
location is not given away. This is required even in the case that the corresponding service Calling
Line Identification Presentation (CLIP) for PSTN or ISDN is active i.e. UPT requirement in this case
shall override the service of the underlying network;
- for emergency reasons certain called parties (e.g. police, fire brigade) may nevertheless be allowed
to receive the CLIP even if the caller is a UPT user (override Calling Line Identification Restriction
(CLIR));
- similar, even if the originating terminal access has CLIR activated, the UPT identity of a calling UPT
user shall be presented to the called party if this is a UPT user with the supplementary service CLIP
activated.
Connected user identity presentation:
- the location of a UPT user shall not be disclosed. If the called party is a UPT user, only the UPT
identity shall be presented, not the terminal access number, even if the originating network terminal
has the corresponding service COnnected Line identification Presentation (COLP) activated.
Connected user identity restriction:
- the terminal access number used by a UPT user shall not be presented. The calling terminal in this
case also shall get no presentation of the terminal access number, even if the network service
COLP is active.
Personal addressing:
- this service could lead to the misuse of personal data. SPs who offer this service shall avoid
conflicts with relevant national laws and rules concerning the protection of personal data integrity.
UPT call forwarding supplementary services, ongoing call redirection, multiparty communication and all
charge acceptance for incoming UPT calls:
- these services have in common that they effect charging in a way which may not have been
envisaged when the initial call was set up. Charging may be increased substantially or transferred to
other parties. Therefore the activation of these calls/services shall be subject to the same
restrictions and limitations as are valid for other charged calls and are set in security or service
profiles. Authentication shall be performed as during a normal outgoing call.

Page 11
ETS 300 790: October 1997
Reset of a UPT registration:
- this service is designed to protect third parties against unwanted UPT registrations. However it may
also cause denial of service for the UPT users. This may be annoying especially if the registration is
reset without the UPT user being aware of it.
NOTE: No special security requirement is set up due to this threat. It is assumed that people,
when the UPT service is widely spread, will develop new social habits that solves the
problem, e.g. that a UPT user will ask the line subscriber for permission to register on
his terminal and that the line subscriber will tell the UPT user, if he resets a registration
already in use.
4.1.2 Personal data integrity issues
The same text as in ETS 300 391-1 [2], subclause 4.2.2. is valid. For UPT Phase 2 the following additions
and changes are relevant.
UPT Phase 2 introduces new features which may be subject to special restrictions for the reason of
personal data protection.
The UPT supplementary service calling party identity presentation can be expected to get the same legal
restrictions as the corresponding service in the fixed networks. That means it can only be offered to users
with the companion restriction service being made readily available. Care shall be taken that these
restrictions do not bypass or are bypassed by supplementary services in the UPT supporting networks.
Directives from the European Union in this area have not yet been approved (see document commission's
amended proposal for a directive concerning personal data and privacy in the context of digital
telecommunication networks (COM (94) 128) so the detailed solutions in this area shall be kept open for
future legal requirements. (see also subclause 4.1.1)
Services like:
- connected user identity presentation;
- personal addressing;
- intended recipient identity presentation;
- advice of charge;
may also have implications regarding personal integrity and shall be designed in accordance with national
laws and rules on the protection of personal data.
The use of multi application cards for supporting UPT may have effects on the protection of user data in
one application against another application in the same card. The requirement is that user data in the UPT
card application shall be protected against the unintended use by other applications located inside or
outside the IC card.
4.1.3 Additional requirements on UPT interworking with GSM
Some additional security requirements may have to be fulfilled when UPT and GSM are interworking.
The interworking between UPT and GSM can be achieved in different ways which are not mutually
exclusive.
The following list gives some examples:
- using the key pad of a GSM mobile station and weak authentication;
- using a simple DTMF device and weak authentication with a GSM mobile station;
- using an advanced DTMF device and strong authentication with a GSM mobile station;
- using a UPT card in a separate card reader connected to the GSM Mobile equipment;
- using a combined UPT/GSM multi application card with a GSM mobile station and the proposed
GSM services based on the Subscriber Identification Module (SIM) application tool kit;

Page 12
ETS 300 790: October 1997
- using a UPT card, following GSM card specifications, but dedicated for UPT use.
The first three methods are not different from what has been described for UPT with PSTN terminals in
the security architecture for UPT Phase 1. No additional security requirements have been identified.
The last three methods, using cards, have not been technically specified and need further study as to their
feasibility. Possible additional security requirements have to be treated in context with eventual future
descriptions of one or more of these options.
4.1.4 Additional requirements on UPT interworking with ISDN
The following extra threats and requirements to UPT are identified in case UPT is used on an ISDN:
- a registration on an ISDN phone implies a registration on all other terminals connected to the same
ISDN S-bus. The UPT user is threatened by the possibility of not being aware of having made a
registration at more than one terminal (maybe placed in other rooms);
the UPT user who is going to make a UPT registration at an ISDN number, shall be warned that the
registration will be active at all terminals connected to that ISDN number. It is more user friendly to
steer calls to specific terminals;
- service interaction between UPT and ISDN supplementary services may cause serious security
problems, as a core UPT feature might override a (security) supplementary service of an ISDN.
E.g. imagine an ISDN Closed User Group (CUG) and a third party who makes a (remote) UPT
registration or a call forwarding to a number into the ISDN CUG. The ISDN CUG subscriber will not
be aware of this registration. Also ISDN CLIR and various ISDN call barring features may not be
affected by UPT;
UPT as a new service shall not damage the security services and features in existing networks,
such as CUG, CLIR and various call barring services. It shall never result in a lower security level.
Vice versa ISDN supplementary services may not damage existing UPT supplementary services.
4.1.5 Additional requirements on UPT interworking with data services
No additional requirements have been identified.
4.1.6 UPT Security requirements associated with the use of UPT cards
This subclause deals with security requirements, based on identified threats, for management and use of
UPT cards.
4.1.6.1 Management requirements
Manufacturing:
- the data and coding in the card's memory is exposed to unauthorized persons or tampered with
during the manufacturing of the card. Therefore, the data and the coding shall be physically and
logically protected to maintain the integrity of the data and coding (e.g. the program code for the
authentication algorithm).
Personalization:
- someone can make copies of a UPT card. Therefore the personalization process has to be
designed in such a way that authentication keys are not exposed to anyone else than trusted
personnel;
- if Card Holder Verification (CHV) is shared between UPT and another application in a multi
application card the CHV may be disabled by the user for the other application (e.g. a GSM SIM),
and hence also for the UPT application. Therefore, the UPT CHV shall never be shared with an
application where the CHV can be disabled;

Page 13
ETS 300 790: October 1997
- if there is another application in the same card as the UPT application, then the other application
may violate the security of the UPT application. Therefore the UPT application shall not be put in
the same card as other applications, if this security violation cannot be avoided.
Initial Card Holder Verification:
- if all UPT cards from a UPT SP contain the same initial CHV value some UPT users may keep it
without changing it. Unauthorized users may then try this initial CHV if they find or steal a UPT card.
Therefore all UPT cards shall not have the same initial CHV information.
Distribution:
- the card can be stolen or distributed to wrong person. Therefore CHV information shall be
distributed separately from the card.
Stolen or lost cards:
- a stolen UPT card may be used by someone unauthorized, who has either guessed the CHV
information or stolen that as well. Therefore the SP shall keep a black list of PUIs, and the users
shall be instructed to report stolen or lost cards to the SP.
Termination:
- a UPT user may keep his card even though his subscription has been terminated. Therefore, the
UPT SP shall invalidate the PUI and delete the corresponding authentication key in the AE. Care
shall be taken so that a reused PUI does not get the same key again.
4.1.6.2 Operational requirements
Card Holder Verification:
- the card can be lost or stolen. Therefore, the UPT card shall be protected against unauthorized use,
by means of a CHV;
- the CHV may be found by exhaustive search. Therefore, the card shall be blocked in case of three
consecutive wrong CHV presentations;
- someone unauthorized can use the UPT card after the authorized UPT user has performed the
CHV, if the UPT user forgets it in the terminal. Therefore, the duration of the access rights granted
by the CHV shall be limited, to protect both the UPT user and the UPT SP;
- the CHV data can be disclosed if a line is eavesdropped, if the UPT card is remotely controlled by
the UPT SP. Therefore, the CHV data shall never be transferred over the line, or it shall be
protected against eavesdropping;
- the UPT user may forget his CHV information, and unintentionally block his UPT card. He cannot
then use the UPT service. Therefore, a procedure to handle this situation is required;
- someone can get hold of the CHV information (e.g. by looking over the UPT user's shoulder).
Therefore, it shall be possible for the user to change his CHV information.
Data protection:
- if the UPT card is lost or stolen the data stored in the card can be accessed. Therefore, access
control to the data in the card is required. The authentication algorithm and the key(s) shall never be
possible to read out from the card;
- additional program code can be added to the card. Therefore, it is required that program code can
be added only under control of the card issuer or the card or chip manufacturer.

Page 14
ETS 300 790: October 1997
Manipulated lines, (in case of transparent terminals):
- if a UPT card is controlled by the UPT SP over the network, (i.e. the UPT card is introduced in a
"transparent" terminal controlled from the network) then also a line intruder can gain control of the
UPT card. If this happens after a successful CHV the access control to the UPT card cannot
prevent access to data and the authentication algorithm from the line. Therefore, it is required that
the authentication mechanism is not vulnerable for this attack.
Manipulated terminals:
- if a terminal is manipulated it can read out or modify data in the UPT card in an unauthorized
manner. Therefore, it is required that the authentication mechanism is not vulnerable for this attack.
4.2 UPT security features
Enhanced security features are necessary for a well functioning UPT Phase 2. In ETS 300 391-1 [2] many
security features are already described, both features for the interaction with the UPT user and features
integrated in the service management. Security features already specified in Phase 1 are e.g. weak and
strong user authentication and access control to the service profile. Examples of security management
features are the security profiles, bill limitation, itemized bills and activity monitoring.
This subclause specifies security features for UPT Phase 2, which are new or modified compared to
Phase 1.
4.2.1 Authentication features
A new user authentication feature is required for UPT Phase 2 and becomes possible with the support of
UPT cards and card reading terminals.
In subclause 4.2.1.1 a discussion on possible features is described, followed by the evaluation in the next
subclause.
4.2.1.1 Discussion on possible features to meet the authentication requirements
The one pass strong authentication specified for UPT Phase 1 is not sufficient to meet the requirements
when the UPT Phase 2 feature OCR is introduced. The security can be improved by any of the following
alternatives:
- two pass strong authentication;
- message authentication, i.e. data integrity protection of critical information between UPT user and
SP.
Moreover, security management features to limit the use of this service are strongly demanded
(see subclause 4.2.2).
The one pass strong authentication specified for Phase 1 does not meet the requirements of the Phase 2
service Secure Answer (SA). This service can make use of any of the following alternatives:
- two pass strong authentication;
- mutual authentication;
plus a special authentication code to be used only for SA service in case two pass strong authentication
can not be used.
Protection against active line manipulation can not be achieved by an authentication feature only. It can
only be achieved by a data integrity feature (such as Message Authentication Codes, MAC). A MAC
protection can be designed to provide protection to meet also the security requirements for OCR.

Page 15
ETS 300 790: October 1997
4.2.1.2 Evaluation and choice of security features for authentication
Summarizing, the following features can be used to offer the required protection:
- two pass strong authentication or data Integrity protection (e.g. MAC) for increased security
especially when OCR is allowed;
- two pass strong authentication, mutual authentication or special PIN for secure answer;
- data integrity protection (e.g. MAC) for the protection against active line attacks.
Two pass strong authentication is chosen as a new UPT Phase 2 security feature. It solves the most
important needs. Two pass strong authentication also has the advantage to be closely related to GSM
authentication and evolution from UPT Phase 1 cards used as a security module of the advanced DTMF
device to UPT Phase 2 cards will be straight forward. It is to be noted that two pass strong authentication
can be easily implemented in cards. Mutual authentication is not needed in case two pass strong
authentication is chosen, as this covers the threat with SA.
The need for a separate feature called "extra authentication for OCR" has been identified (service
requirement). This feature shall be implemented in UPT. The feature is optional for the UPT user as a
simple protection against unauthorized use of his OCR.
Two pass strong authentication is chosen for calling UPT user specified secure answering of incoming
calls.
Two pass strong authentication is chosen for called party specified secure answering of incoming calls
service. However, in order to allow these users to use this service from terminals not equipped with a card
reader, a separate feature called "special authentication for secure answering" is needed. This feature
shall be implemented in UPT.
Data Integrity protection (e.g. MAC) implemented for UPT Phase 2 cards is considered too complicated
and gives little extra value in this situation as the active line manipulation threat has been evaluated as not
significant. This feature is therefore not part of this Phase 2 ETS.
4.2.2 Security management
UPT Service Features providing security are bill limitation, itemized bills, activity monitoring,
announcements, blocking of registration, reset of registration and contractual agreements. For UPT
Phase 2 the same text as in ETS 300 391-1 [2], subclauses 4.3.1, 4.3.2, 4.3.4 and 4.3.5, is valid. For UPT
Phase 2 the following additions are relevant:
- as the requirements related to the active line attack threats
...