L.3 Secure channel operation

31.1023GPPCharacteristics of the Universal Subscriber Identity Module (USIM) applicationRelease 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The USIM-RN shall allow communication only via "Secured APDU" secure channel as defined in ETSI TS 102 484 [66].

NOTE: The above implies in particular that the AUTHENTICATE command to the USIM-RN is not executed outside the secure channel.In case the pre-shared key solution is used to establish the secure channel only the USIM-RN is required for establishing the connection, and the Relay Node will establish directly a secure channel with the USIM-RN before attaching to the network. The initial network connection using USIM-INI is not required in this case, and hence USIM-INI is not required.

In case the certificate based solution is used, the UICC inserted in the Relay Node shall contain two USIMs, USIM-RN and USIM-INI. A TLS handshake shall be used to provide key material for the Master SA for the secured APDU protocol, according to ETSI TS 102 484 [66].