11 Security requirements

(U)SIM Application Toolkit (USAT)22.0383GPPRelease 17Service descriptionStage 1TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The integrity of the USIM and existing security mechanisms shall not be compromised with the introduction of USAT services.

The security of the PLMN, the USIM and the USAT applications shall not be able to be compromised by an external execution environment.

Applications running within an external execution environment are considered "non-trusted" until a secure authentication and identification procedure has been successfully performed. MExE is considered to be an external execution environment. MExE is not covered by this specification.

Applications designed using the features in this specification may require additional methods to provide additional data confidentiality, data integrity, and data sender validation, or any subset thereof.

11.1 Secure Environment requirements

A major aspect of the UICC is the security provided by the chip technology combined with the encryption and challenge/response procedures. The enhancement of the UICC by USAT shall not reduce nor endanger the current security. In addition, the USAT environment shall maintain (or improve) the same high levels of security. Adequate (future) measures shall be taken to ensure the fulfilment of this requirement also with future advances in technologies/services (either network-centric and/or UE-centric).