14 Security

22.0223GPPMobile functionality specificationPersonalisation of Mobile Equipment (ME)Release 17TS

This clause lists a number of security requirements which should be satisfied if the personalisation features are to be effective. The requirements are not arranged in any particular order.

a) The control keys shall be decimal strings with an appropriate number of digits for the level of personalisation. PCK should be at least 6 digits, and the remaining control keys at least 8 digits in length. The maximum length for any control key is 16 digits.

b) Where more than one of the personalisation features are in use, distinct control keys should be used for the different features.

c) The NCK, NSCK, SPCK and CCK should be randomly selected or pseudo‑randomly generated and differ from ME to ME.

d) The PCK should be randomly selected for each ME. In particular, subscribers should be strongly encouraged not to use obvious values such as part of the dialling number.

e) It should be impractical to read or recover any of the control keys from the ME.

f) It should be impractical to alter or delete the values of the personalisation indicators, the control keys, the stored IMSI or the stored network operator, SP and corporate codes, other than by the defined personalisation and de‑personalisation processes, without completely disabling the ME from working with any SIM/USIM. (Possible methods that might be used by criminals to alter or delete the values include freezing, baking, exposure to magnetic fields or UV light.)

g) For each de‑personalisation procedure, there shall be a mechanism to prevent unauthorised attempts to de‑personalise the ME. These may include blocking the ME if the number of failed attempts to de‑personalise the ME exceeds a certain limit, or alternatively introducing an increasing delay after each successive failed de‑personalisation attempt. Other mechanisms may be also be used.

h) The SIM/USIM personalisation feature will only succeed in discouraging thieves if they know or suspect that the ME is SIM/USIM personalised. Therefore, unless and until SIM/USIM personalised MEs become the norm, it is desirable that the ME should advertise the fact that it is SIM/USIM personalised.

i) Manufacturers should not de‑personalise a ME for a user unless they have obtained the appropriate level of approval, e.g., from the network operator for network personalisation, from the service provider for service provider personalisation, etc.

j) ME manufacturers should ensure that the personalisation processes (except for SIM/USIM personalisation) are protected against unauthorised, accidental or malicious operation.

Annex A (normative):
Technical information