6 Implementation for USSD

31.1153GPPRelease 17Secured packet structure for (Universal) Subscriber Identity Module (U)SIM Toolkit applicationsTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The USSD application mode enables the transparent transport of data between an application residing in the network and a UICC based application. In such a case, to secure the payload of USSD operations, security mechanisms defined in TS 102 225 [9] shall be applied to the USSD messages. Generic secured Command Packet and secured Response Packet as defined in TS 102 225 [9] are contained, as defined hereafter, in the UM part of the USSD String. The USSD String shall be formatted according to annex X, where the PFI byte indicates that Application Data are formatted according to the present document.

The Data Coding Scheme of the USSD String (as defined in TS 23.038 [8]) shall be set to 0x96 (DCS = ‘10010110’) to indicate that data is binary (8 bit data), and formatted according to annex X. In USSD Application mode, which uses an 8-bit character set, the maximum length of the USSD String field is 160 bytes.

Command and Response packets exceeding 159 bytes shall be segmented as described in clauses 6.2 and 6.4.

6.1 Structure of the Command Packet contained in a Single USSD Message

The UM field of an USSD String contains the Command Packet.

The Command Packet shall be coded as the generic Command Packet described in TS 102 225 [9].

In the Command Packet, the Command Packet Identifier (CPI) value is ’03’ and the Command Header Identifier (CHI) is a Null field.

CPI, CPL and CHL shall be included in the calculation of the RC/CC/DS.

The SPI shall be coded as specified in TS 102 225 [9].

6.2 Structure of the Command Packet contained in concatenated USSD Messages

If the Command Packet, which is structured as described in clause 6.1, is longer than 159 bytes (including the Command Header) then it shall be handled as follows.

– The entire Command Packet including the Command Header shall be separated into its component concatenated parts.

– The Command Packet is handled as a Concatenated USSD Message as described in annex X of the present document.

– The Command Packet Header will only be present in the first segment of a concatenated message.

If the data is ciphered, then it is ciphered as described above, before being broken down into individual concatenated elements.

CPI, CPL and CHL shall be included in the calculation of the RC/CC/DS.

The SPI shall be coded as specified in TS 102 225 [9].

An example illustrating a Command Packet split over a sequence of three messages is shown below.

Figure 4: Example of command split using concatenated USSD messages

6.3 Structure of the Response Packet

The Response Packet is generated by the Receiving Entity and possibly includes some data supplied by the Receiving Application, and returned to the Sending Entity/Sending Application. In the case where the Receiving Entity is the UICC, this Response Packet is generated on the UICC, retrieved by the ME from the UICC, and included in the Return Result Component of a Facility message (see TS 24.090 [10]) returned to the network.

The USSD operations are defined in TS 24.090 [10].

The UM field of an USSD String contains the Response Packet.

The Response Packet shall be coded as the generic Response Packet described in TS 102 225 [9].

In the Response Packet, the Response Packet Identifier (RPI) value is ’04’ and the Response Header Identifier (RHI) is a Null field.

RPI, RPL and RHL shall be included in the calculation of the RC/CC/DS.

Coding of Response Status Codes is defined in clause 7.

6.4 Structure of the Response Packet contained in concatenated USSD Messages

If the Response Packet, which is structured as described in clause 6.3, is longer than 159 bytes (including the Response Header) then it shall be handled as follows.

– The entire Response Packet including the Response Header shall be separated into its component concatenated parts.

– The Response Packet is handled as a Concatenated USSD Message as described in annex X of the present document.

– The Response Packet Header will only be present in the first segment of a concatenated message.

If the data is ciphered, then it is ciphered as described above, before being broken down into individual concatenated elements.

RPI, RPL and RHL shall be included in the calculation of the RC/CC/DS.

An example illustrating a Response Packet split over a sequence of three messages is shown below.

Figure 5: Example of Response split using concatenated USSD messages

If it is indicated in the SPI2 of a Command Packet to send back a PoR and if the Response Packet is too large to be contained in a single USSD String, then:

– One single Response Packet shall be sent back to the SE using the Return Result Component contained in the subsequent Facility message. This Response Packet:

– Shall not contain any additional response data

– Shall contain the Response Status Code set to ‘0C’ (‘Actual response data to be sent using a ProcessUnstructuredSS‑Request invoke component (i.e. using SEND USSD proactive command) ‘).

– The security applied to this Response Packet shall be the one indicated in the SPI2 of the Command Packet.

– This shall be followed by a complete Response Packet, contained in a concatenated USSD Message as defined above