GSMA 官方文档：嵌入式UICC消费者设备保护配置文件

需积分: 12 16 浏览量更新于2024-07-17 收藏 3.12MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

"嵌入式UICC（Embedded UICC）是GSMA官方文档SGP.25中的核心技术，主要应用于消费类设备。该文档详细介绍了如何在设备中集成和使用嵌入式SIM（eSIM）技术，以实现更灵活、安全的移动连接。" 嵌入式UICC（Embedded UICC）是一种专门设计用于消费类设备的安全模块，它允许设备制造商在产品内部集成SIM卡功能，而无需物理SIM卡插槽。这种技术的主要优势在于其可远程编程的能力，使得用户可以在不更换物理SIM卡的情况下切换运营商或更新服务计划。 eSIM，即嵌入式SIM，是嵌入式UICC的一种实现形式，它将传统SIM卡的集成电路集成到设备的主板上。这为物联网设备、智能手表、平板电脑和智能手机等提供了更多可能性，如更小的外形尺寸、更高的耐用性和防水防尘能力。此外，eSIM还可以方便地进行远程激活和配置，简化了用户的订阅过程。 SGP.25文档是GSMA发布的非保密且永久性参考文件，旨在定义和规范嵌入式UICC的安全保护配置文件。文档版本1.0于2018年6月发布，涵盖了关于数据安全、访问控制以及版权保护等多个方面。其中，安全性是关键焦点，因为嵌入式UICC处理着敏感的通信数据，包括用户身份、网络接入信息和计费数据。文档中详细规定了嵌入式UICC应遵循的安全标准，包括加密算法、密钥管理、安全启动过程和对恶意攻击的防护措施。此外，它还涉及了如何确保只有授权人员可以访问和分发此类信息，并强调未经GSMA事先书面同意，不得向未授权人员泄露或提供文档内容。版权方面，GSMA对2018年的此版文档拥有全部版权，并在免责声明中明确指出，他们不对文档的准确性、完整性或及时性做任何明示或暗示的保证，不承担由此产生的任何责任。 SGP.25-Embedded UICC for Consumer Devices Protection Profile V1.0是移动通信领域的一份重要参考资料，对于理解并实施eSIM技术及其安全规范具有极高的价值。

资源详情

资源推荐

GSM Association Non-confidential

Official Document SGP.25 - Embedded UICC for Consumer Devices Protection Profile

V1.0 Page 16 of 153

1.2.1.1 Application Layer

The goal of the Application layer is to implement the eUICC functionalities described in [23]

and [24], which rely on the notion of a Profile. A Profile is the combination of a file structure,

data and applications to be provisioned onto, or present on, an eUICC. Each Profile, combined

with the functionality of the eUICC, behaves basically as a SIM card. An eUICC may contain

more than one Profile, but one and only one is activated at a time. Each Profile is controlled

by a unique ISD-P; consequently, there is one and only one enabled ISD-P at a time on the

eUICC.

A Profile can have several forms:

 A Provisioning Profile: A Profile that allows connectivity to a mobile network solely to

provide the provisioning of Profiles;

 An Operational Profile: A Profile that allows connectivity to a mobile network;

 A Test Profile: A Profile that can only be used in Device Test Mode and cannot be used

to connect to any MNO. The support of this kind of profile is not mandatory for an

eUICC implementation.

This document will use the term “Profile” to describe either Provisioning Profiles, Operational

Profiles, or Test Profiles.

All Profiles include Network Access Applications and associated Parameters, but these

applications rely on the algorithms stored in the platform layer of the eUICC.

In the same manner, the Profile includes policy rules (PPR), but relies on the Platform Layer

to have them enforced on the eUICC. The Profile structure, composed of a set of Profile

Components, is specified by, and under the full control of, the MNO. The full Profile structure

shall be contained in a unique ISD-P. The Profile structure shall contain a Profile Component,

called MNO-SD, which performs an identical Role as the ISD for a UICC. The Profile structure

shall include:

 The MNO-SD;

 Supplementary Security Domains (SSD) and a CASD;

 Applets;

 Applications, e.g. NFC applications;

 NAAs;

 Other elements of the File System;

 Profile metadata, including Profile Policy Rules (PPR).

More details on the Profile can be found in [23] and [24].

In addition to Profile data, the eUICC itself has a Rules Authorisation Table (RAT) that is used

by the Profile Policy Enabler (PPE) and the Local Profile Assistant (non-TOE element LPAd) to

determine whether or not a Profile containing PPRs is authorised and can be installed on the

eUICC.

The RAT is initialised at eUICC manufacturing time, or during the initial Device setup provided

that there is no installed Operational Profile. In particular, it cannot be affected by the Memory

Reset function.

ISD-P

The ISD-P is a secure container (Security Domain) for the hosting of a Profile. The ISD-P is

also used for updating the Profile Metadata on behalf of the MNO.

As defined in [24], the ISD-P shall ensure that:

GSM Association Non-confidential

Official Document SGP.25 - Embedded UICC for Consumer Devices Protection Profile

V1.0 Page 17 of 153

a) It hosts a unique Profile;

b) Only the following Application Layer components shall have access to the profiles:

 ISD-P;

 ISD-R, which shall only have access to the metadata of the profiles;

c) A Profile component shall not have any visibility of, or access to, components outside

its ISD-P. An ISD-P shall not have any visibility of, or access to, any other ISD-P;

d) Deletion of a Profile shall remove the containing ISD-P and all Profile components of

the Profile.

ISD-R

The ISD-R is responsible for the creation of new ISD-Ps and life-cycle management of all ISD-

Ps. An ISD-R shall be created within an eUICC at the time of manufacture.

The ISD-R is used for the Profile download and installation, in collaboration with the Profile

Package Interpreter for the decoding/interpretation of the received Profile Package, and with

an ISD-P as a target.

As defined in [24]:

a) There shall be only one ISD-R on an eUICC;

b) The ISD-R shall be installed and personalized by the EUM during eUICC manufacturing.

The ISD-R shall be associated with itself;

c) The ISD-R cannot be deleted or disabled.

LPA Services

The LPA Services is the subset of ISD-R functionalities that provide the necessary access to

the services and data required by LPA (the non-TOE element LPAd or the LPAe PP-Module-

TOE-element LPAe). These services are:

 Transfer Bound Profile Package from the LPAd to the ISD-P;

 Provide list of installed Profiles;

 Retrieve EID;

 Provide Local Profile Management Operations.

LPA Services are mandatory even if the LPAe is provided in the eUICC. LPA Services code is

located in the ISD-R.

MNO-SD

The MNO-SD is the on-card representative of the MNO Platform. It contains the MNO Over-

The-Air (OTA) keys and provides a secure OTA channel.

ECASD

The Embedded UICC Controlling Authority Security Domain (ECASD) is responsible for the

secure storage of credentials used to enforce trust in the identities of Actors (eUICC, remote

Actors such as SM-DS or SM-DP+) and provides security functions used during key

establishment and eUICC authentication.

The ECASD is the representative of the off-card entity CI root.

As defined in [23], the ECASD has the following properties:

GSM Association Non-confidential

Official Document SGP.25 - Embedded UICC for Consumer Devices Protection Profile

V1.0 Page 18 of 153

a) There can only be one ECASD on an eUICC;

b) It is installed and personalised by the EUM during the eUICC manufacturing as

described in [11];

c) It has eUICC private key(s) for creating signatures;

d) It has associated certificate(s) for eUICC authentication;

e) It has the Certificate Issuers’ (CI) root public key(s) for verifying SM-DP+ and SM-DS

certificates;

f) It has the certificate of the EUM.

1.2.1.2 Platform layer

This PP does not assume that the Platform code is realized by applications, native

applications/libraries or OS services, that is, the Platform layer is

not

meant to relate to

“platform” as a pseudonym for a runtime environment (e.g. JavaCard). The Platform

capabilities include:

 The Telecom Framework, which includes algorithms used by Network Access

Applications (NAA) to access mobile networks. The NAAs are part of the Profiles, but

the algorithms, as part of the Telecom Framework, are provisioned onto the eUICC

during manufacturing.

 The Profile Package Interpreter, an eUICC Operating System service that translates the

Profile Package data as defined in SIMalliance eUICC Profile Package Specification [5]

into an installed Profile using the specific internal format of the target eUICC.

 The Profile Policy Enabler, which has two functions:

o Verification that a Profile containing PPRs is authorised by the RAT;

o Enforcement of the PPRs of a Profile.

A developer may choose, if at all possible, to implement some of Profile management functions

in the SDs, for example the policy enforcement may be realized completely by the ISD-R. The

Profile Package Interpreter and Profile Policy Enabler are only defined here to identify the

platform code supporting the SDs

if it exists

Application Note 1:

Authentication to a Public Mobile Network (PMN) is done in accordance

with the 3GPP standards [22]. According to these standards (especially TS 33.102) the 3G and

4G authentication mechanisms allow the response values RES to have a length that is any

multiple of 8 bits between 32 and 128 bits inclusive. In practice, either 32-bit or 64-bit RES is

used. This protection profile covers products only when used to create 64-bit RES. Operators

choosing to use 32-bit RES will therefore be using the product outside the scope of this

protection profile.

The protection profile includes origin authentication of the PMN that owns the customer

subscription to the Profile. It includes also entity authentication of the Profile to the PMN in

which a customer subscriber is roaming on. It does not include entity authentication of this

visited PMN to the Profile, except in 4G authentication.

The RE code is out of scope of this Protection Profile.

1.2.2 TOE usage

The eUICC will contain several MNO Profiles, each of them being associated with a given

International Mobile Subscriber Identity (IMSI).

GSM Association Non-confidential

Official Document SGP.25 - Embedded UICC for Consumer Devices Protection Profile

V1.0 Page 20 of 153

- Phase 7 is the product operational phase.

The eUICC life-cycle is composed of the following stages:

 Phase a : Development corresponds to the first two stages of the IC development;

 Phase b : Storage, pre-personalisation and test cover the stages related to

manufacturing and packaging of the IC;



TOE Delivery [optional]: At this phase the delivery of the TOE to the customer of the

eUICC manufacturer could happen, if the TOE is already self-protected;

 Phase c : eUICC platform storage, pre-personalization, test covers the stage of the

embedding of software products onto the eUICC;



TOE Delivery [optional]: At this phase the delivery of the TOE to the customer of the

eUICC manufacturer could happen, if the TOE is already self-protected;

 Phase d : eUICC personalization covers the insertion of provisioning Profiles and

Operational Profiles onto the eUICC;



TOE Delivery [optional]: At this phase the delivery of the TOE to the customer of the

eUICC manufacturer happens at the latest;

 Phase e : operational usage of the TOE covers the following steps:

o eUICC integration onto the Device is performed by the Device Manufacturer.

The Device Manufacturer and/or the eUICC Manufacturer also register the

eUICC in a given SM-DS;

o The eUICC is then used to provide connectivity to the Device end-user. The

eUICC may be provisioned again, at post-issuance, using the remote

provisioning infrastructure.

Application Note 2:

The ST writer must describe which delivery activities are required in their own life-cycle

model and at which phase the delivery of the self-protected TOE happens.

1.2.3.2 Actors of the TOE

The eUICC delivered to the end-user can be either embedded onto the Device or removable.

In addition, the end-user can have a direct interface to the eUICC.

The MNO-SD not being part of the TOE, this PP also considers that the MNO is not an Actor

of the TOE.

The only Actors having an interface to the TOE are:

- The Device Manufacturer, when integrating the eUICC onto the Device;

- The remote provisioning Actors, during the final usage of the eUICC;

- The application developers, during the final usage of the eUICC (since their

applications, within the Profiles, will have interfaces with the applications of the

eUICC);

- And, the End User, through the Local User Interface, but possibly also via the direct

interface to the eUICC in the case when this later is removable.

剩余152页未读，继续阅读

君子攸跻

粉丝: 1
资源: 73

GSMA 官方文档：嵌入式UICC消费者设备保护配置文件

GSMA SGP.01协议学习（M2M）.docx

GSMA SGP.01-v4.0 规范

SGP.02-v4.0.pdf

IAR Embedded Workbench for ARM 8.22.1

iar embedded workbench ide - 8051 10.20.1

iar的工程文件是什么后缀

Spring boot Unable to start embedded Tomcat报错 java.lang.NoSuchMethodError: javax.servlet.ServletCont...

sql complete free

在another redis desktop manager中可以连接docker中部署的redis，但是我通过springboot配置这个redis，会出现这样的错误Failed to configure a DataSource: ‘url‘ attribute is not specified and no embedded datasource.......我该怎么解决这个问题呢？

java中 将byte[]类型数据转为pdf，并在指定坐标位置添加文字，要求使用com.itextpdf.text.pdf

iar embedded workbench for atmel avr和iar embedded workbench for ide avr有区别吗

vesa proposed embedded displayport v1.4b d3.pdf

blinker 第三方库_GitHub - blinker-iot/blinker-library: An IoT Solution,Blinker library for embedded hard...

openembedded mozjs_60.9.0

介绍stm32f103单片机

java itextpdf调整pdf文本域行间距

最新资源

java中将byte[]类型数据转为pdf，并在指定坐标位置添加文字，要求使用com.itextpdf.text.pdf