6.3.6 Framework Security Management

3GPP51.013Release 17Test specification for Subscriber Identity Module (SIM) Application Programming Interface (API) for Java CardTS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Security Parameters

The table that follows contains the security parameters that shall be used when the 3GPP TS 23.048 [8] security is required in the test cases developed in the current clause.

Parameter	Value in hexadecimal
KIC	Value as described in the TS 23.048[8] (recommended value: 15)
KID	Value as described in the TS 23.048[8] (recommended value: 15)
CNTR	00 00 00 00 01
Key for ciphering	Corresponding to KIC (recommended value: 01 41 42 7F DA E8 91 A7 02 41 42 7F DA E8 91 A7)
Key for RC/CC/DS	Corresponding to KID (recommended value: 01 23 45 67 89 AB CD EF EF CD AB 89 67 45 23 01)

If a parameter is not listed explicitly in the above table, the default values of clause 4.7.3.1 apply.

6.3.6.1 Input Data

Test Area Reference: FWK_FWS_INDA

6.3.6.1.1 Conformance Requirements

6.3.6.1.1.1 Normal Execution

CRRN1: If the SIM receives an envelope APDU containing an SMS_PP_DATADOWNLOAD BER TLV formatted according to 3GPP TS 23.048 [8], the SIM Toolkit Framework shall verify the security of the SMS TPDU.
CRRN2: The toolkit applet will only be triggered if the TAR is known and the security verified.
CRRN3: If the SIM receives an envelope APDU containing an SMS_CB_DATADOWNLOAD formatted according to 3GPP TS 23.048 [8], the SIM Toolkit Framework shall verify the security of the cell broadcast page.
CRRN4: If the SIM receives an Update Record EFsms instruction formatted according to TS 23.048[8], the SIM Toolkit Framework shall verify the security of the SMS.
CRRN5: The STF shall provide the input data deciphered.

6.3.6.1.1.2 Parameters error

No requirements.

6.3.6.1.1.3 Context Errors

No requirements.

6.3.6.1.2 Test Area Files

Test Script: FWK_FWS_INDA_1.scr

Test Applet: FWK_FWS_INDA_1.java

FWK_FWS_INDA_2.java

FWK_FWS_INDA_3.java

FWK_FWS_INDA_4.java

FWK_FWS_INDA_5.java

FWK_FWS_INDA_6.java

Load Script: FWK_FWS_INDA_1.ldr

Cleanup Script: FWK_FWS_INDA_1.clr

Parameter File: FWK_FWS_INDA_1.par

6.3.6.1.3 Test Procedure

Id	Description	API/Framework Expectation	APDU Expectation
1	Framework checks the Cryptographic checksum and deciphers the data Applet1 is loaded and installed 1-Envelope(SMS-PP) single and formatted is sent to the SIM with this features: Ciphering; Cryptographic checksum; No proof of receipt; TAR of Applet1; Data = 01 2- Short Message concatenated and formatted is sent to the SIM by an Envelope (SMS PP)with these features: Ciphering; Cryptographic checksum; No proof of receipt; TAR of Applet1; Data length is 150.	1- Applet1 is triggered and the value integrity is checked. 2- Applet1 is triggered and the value integrity is checked	1- The SIM answers to the Envelope with status words 9000 2- The SIM answers to the Envelope with status words 9000
2	Triggering two different applets with different security Applet2 is installed 1-Envelope(SMS-PP) single and formatted is sent to the SIM with this features: Ciphering; Cryptographic checksum; No proof of receipt; TAR of Applet1 Data = 03 2- Short Message concatenated and formatted is sent to the SIM by an Envelope (SMS PP)with these features: Ciphering; Cryptographic checksum; No proof of receipt; TAR of Applet1 Data length = 150 3-Envelope(SMS-PP) single and formatted is sent to the SIM with this features: No ciphering; No cryptographic checksum; No proof of receipt; TAR of Applet2 Data = 05 4- Short Message concatenated and formatted is sent to the SIM by an Envelope (SMS PP)with these features: No ciphering; No cryptographic checksum; No proof of receipt; TAR of Applet2 Data length = 150.	1- Applet1 is triggered and the value integrity is checked 2- Applet1 is triggered and the value integrity is checked 3- Applet2 is triggered and the value integrity is checked 4- Applet2 is triggered and the value integrity is checked	1- The SIM answers to the Envelope with status words 9000 2- The SIM answers to the Envelope with status words 9000 3- The SIM answers to the Envelope with status words 9000 4- The SIM answers to the Envelope with status words 9000
3	Envelope(SMS-PP) formatted with wrong cryptographic checksum 1-Envelope 03.48 single and formatted is sent to the SIM with this features: No ciphering; Wrong cryptographic checksum; No proof of receipt; TAR of Applet1 Data = 07 2- Short Message concatenated and formatted is sent to the SIM by an Envelope (SMS PP)with these features: No ciphering; Wrong cryptographic checksum; No proof of receipt; TAR of Applet1 Data length = 150	1- No applet is triggered. 2- No applet is triggered.	1- The SIM answers to the Envelope with status words 9000
4	Framework checks the Cryptographic checksum and deciphers the data Applet3 is loaded and installed 1-Envelope(SMS-CB) formatted is sent to the SIM with this features: Ciphering; Cryptographic checksum; No proof of receipt; Data = 01	1- Applet3 is triggered and the value integrity is checked	1- The SIM answers to the Envelope with status words 9000
5	Triggering two different applets with different security on Envelope(SMS-CB) formatted Applet4 is installed 1-Envelope(SMS-CB) formatted is sent to the SIM with this features: Ciphering; Cryptographic checksum; No proof of receipt; TAR of Applet3 Data = 02 2-Envelope(SMS-CB) formatted is sent to the SIM with this features: No ciphering; No cryptographic checksum; No proof of receipt; TAR of Applet4 Data = 03	1- Applet3 is triggered and the value integrity is checked 2- Applet4 is triggered and the value integrity is checked	1- The SIM answers to the Envelope with status words 9000 2- The SIM answers to the Envelope with status words 9000
6	Envelope(SMS-CB) formatted with wrong cryptographic checksum No ciphering; Wrong Cryptographic checksum; No proof of receipt; TAR of Applet3 Data = 04	No applet is triggered	1- The SIM answers to the Envelope with status words 9000
7	Framework checks the Cryptographic checksum and deciphers the data Applet5 is installed 1- Short Message single and formatted is sent to the SIM by Update Record EFsms instruction with these features: Ciphering; Cryptographic checksum; No proof of receipt; TAR of Applet5; Data = 01 2- Short Message concatenated and formatted is sent to the SIM by Update Record EFsms instruction with these features: Ciphering; Cryptographic checksum; No proof of receipt; TAR of Applet5; Data length = 150.	1- Applet5 is triggered and the value integrity is checked. 2- Applet5 is triggered and the value integrity is checked	1- The SIM answers to the Update Record EFsms instruction with status words 9000 2- The SIM answers to the Update Record EFsms instruction with status words 9000
8	Triggering two different applets with different security Applet6 is installed 1- Short Message single and formatted is sent to the SIM by Update Record EFsms instruction with these features: Ciphering; Cryptographic checksum; No proof of receipt; TAR of Applet5 Data = 03 2- Short Message concatenated and formatted is sent to the SIM by Update Record EFsms instruction with these features: Ciphering; Cryptographic checksum; No proof of receipt; TAR of Applet5 Data length = 150. 3- Short Message single and formatted is sent to the SIM by Update Record EFsms instruction with these features: No ciphering; No cryptographic checksum; No proof of receipt; TAR of Applet6; Data = 05 4- Short Message concatenated and formatted is sent to the SIM by Update Record EFsms instruction with these features: No ciphering; No cryptographic checksum; No proof of receipt; TAR of Applet6; Data length = 150.	1- Applet5 is triggered and the value integrity is checked. 2- Applet5 is triggered and the value integrity is checked. 3- Applet6 is triggered and the value integrity is checked. 4- Applet6 is triggered and the value integrity is checked.	1- The SIM answers to the Update Record EFsms instruction with status words 9000 2- The SIM answers to the Update Record EFsms instruction with status words 9000 3- The SIM answers to the Update Record EFsms instruction with status words 9000 4- The SIM answers to the Update Record EFsms instruction with status words 9000
9	Update Record EFsms instruction formatted with wrong cryptographic checksum 1- Short Message single and formatted is sent to the SIM by Update Record EFsms instruction with these features:No ciphering; Wrong Cryptographic checksum; No proof of receipt; TAR of Applet5 Data = 07 2- Short Message concatenated and formatted is sent to the SIM by Update Record EFsms instruction with these features: No ciphering; Wrong Cryptographic checksum; No proof of receipt; TAR of Applet5 Data length = 150	1- No applet is triggered. 2- No applet is triggered.	1- The SIM answers to the Update Record EFsms instruction with status words 9000 2- The SIM answers to the Update Record EFsms instruction with status words 9000

Description

API/Framework Expectation

APDU Expectation

Framework checks the Cryptographic checksum and deciphers the data

Applet1 is loaded and installed

1-Envelope(SMS-PP) single and formatted is sent to the SIM with this features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

TAR of Applet1;

Data = 01

2- Short Message concatenated and formatted is sent to the SIM by an Envelope (SMS PP)with these features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

TAR of Applet1;

Data length is 150.

1- Applet1 is triggered and the value integrity is checked.

2- Applet1 is triggered and the value integrity is checked

1- The SIM answers to the Envelope with status words 9000

2- The SIM answers to the Envelope with status words 9000

Triggering two different applets with different security

Applet2 is installed

1-Envelope(SMS-PP) single and formatted is sent to the SIM with this features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

TAR of Applet1

Data = 03

2- Short Message concatenated and formatted is sent to the SIM by an Envelope (SMS PP)with these features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

TAR of Applet1

Data length = 150

3-Envelope(SMS-PP) single and formatted is sent to the SIM with this features:

No ciphering;

No cryptographic checksum;

No proof of receipt;

TAR of Applet2

Data = 05

4- Short Message concatenated and formatted is sent to the SIM by an Envelope (SMS PP)with these features:

No ciphering;

No cryptographic checksum;

No proof of receipt;

TAR of Applet2

Data length = 150.

1- Applet1 is triggered and the value integrity is checked

2- Applet1 is triggered and the value integrity is checked

3- Applet2 is triggered and the value integrity is checked

4- Applet2 is triggered and the value integrity is checked

1- The SIM answers to the Envelope with status words 9000

2- The SIM answers to the Envelope with status words 9000

3- The SIM answers to the Envelope with status words 9000

4- The SIM answers to the Envelope with status words 9000

Envelope(SMS-PP) formatted with wrong cryptographic checksum

1-Envelope 03.48 single and formatted is sent to the SIM with this features:

No ciphering;

Wrong cryptographic checksum;

No proof of receipt;

TAR of Applet1

Data = 07

2- Short Message concatenated and formatted is sent to the SIM by an Envelope (SMS PP)with these features:

No ciphering;

Wrong cryptographic checksum;

No proof of receipt;

TAR of Applet1

Data length = 150

1- No applet is triggered.

2- No applet is triggered.

1- The SIM answers to the Envelope with status words 9000

Framework checks the Cryptographic checksum and deciphers the data

Applet3 is loaded and installed

1-Envelope(SMS-CB) formatted is sent to the SIM with this features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

Data = 01

1- Applet3 is triggered and the value integrity is checked

1- The SIM answers to the Envelope with status words 9000

Triggering two different applets with different security on Envelope(SMS-CB) formatted

Applet4 is installed

1-Envelope(SMS-CB) formatted is sent to the SIM with this features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

TAR of Applet3

Data = 02

2-Envelope(SMS-CB) formatted is sent to the SIM with this features:

No ciphering;

No cryptographic checksum;

No proof of receipt;

TAR of Applet4

Data = 03

1- Applet3 is triggered and the value integrity is checked

2- Applet4 is triggered and the value integrity is checked

1- The SIM answers to the Envelope with status words 9000

2- The SIM answers to the Envelope with status words 9000

Envelope(SMS-CB) formatted with wrong cryptographic checksum

No ciphering;

Wrong Cryptographic checksum;

No proof of receipt;

TAR of Applet3

Data = 04

No applet is triggered

1- The SIM answers to the Envelope with status words 9000

Framework checks the Cryptographic checksum and deciphers the data

Applet5 is installed

1- Short Message single and formatted is sent to the SIM by Update Record EFsms instruction with these features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

TAR of Applet5;

Data = 01

2- Short Message concatenated and formatted is sent to the SIM by Update Record EFsms instruction with these features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

TAR of Applet5;

Data length = 150.

1- Applet5 is triggered and the value integrity is checked.

2- Applet5 is triggered and the value integrity is checked

1- The SIM answers to the Update Record EFsms instruction with status words 9000

2- The SIM answers to the Update Record EFsms instruction with status words 9000

Triggering two different applets with different security

Applet6 is installed

1- Short Message single and formatted is sent to the SIM by Update Record EFsms instruction with these features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

TAR of Applet5

Data = 03

2- Short Message concatenated and formatted is sent to the SIM by Update Record EFsms instruction with these features:

Ciphering;

Cryptographic checksum;

No proof of receipt;

TAR of Applet5

Data length = 150.

3- Short Message single and formatted is sent to the SIM by Update Record EFsms instruction with these features:

No ciphering;

No cryptographic checksum;

No proof of receipt;

TAR of Applet6;

Data = 05

4- Short Message concatenated and formatted is sent to the SIM by Update Record EFsms instruction with these features:

No ciphering;

No cryptographic checksum;

No proof of receipt;

TAR of Applet6;

Data length = 150.

1- Applet5 is triggered and the value integrity is checked.

2- Applet5 is triggered and the value integrity is checked.

3- Applet6 is triggered and the value integrity is checked.

4- Applet6 is triggered and the value integrity is checked.

1- The SIM answers to the Update Record EFsms instruction with status words 9000

2- The SIM answers to the Update Record EFsms instruction with status words 9000

3- The SIM answers to the Update Record EFsms instruction with status words 9000

4- The SIM answers to the Update Record EFsms instruction with status words 9000

Update Record EFsms instruction formatted with wrong cryptographic checksum

1- Short Message single and formatted is sent to the SIM by Update Record EFsms instruction with these features:No ciphering;

Wrong Cryptographic checksum;

No proof of receipt;

TAR of Applet5

Data = 07

2- Short Message concatenated and formatted is sent to the SIM by Update Record EFsms instruction with these features:

No ciphering;

Wrong Cryptographic checksum;

No proof of receipt;

TAR of Applet5

Data length = 150

1- No applet is triggered.

2- No applet is triggered.

1- The SIM answers to the Update Record EFsms instruction with status words 9000

2- The SIM answers to the Update Record EFsms instruction with status words 9000

6.3.6.1.4 Test Coverage

CRR Number	Test Case Number
CRRN1	1, 2, 3
CRRN2	3,6,9
CRRN3	4, 5, 6
CRRN4	7,8,9
CRRN5	1,2,4,5,7,8

6.3.6.2 Output Data

Test Area Reference: FWK_FWS_OUDA

6.3.6.2.1 Conformance Requirements

6.3.6.2.1.1 Normal Execution

CRRN1: The SIM Toolkit Framework shall secure and send the response packet.

6.3.6.2.1.2 Parameters error

No requirements.

6.3.6.2.1.3 Context Errors

No requirements.

6.3.6.2.2 Test Area Files

Test Script: FWK_FWS_OUDA_1.scr

Test Applet: FWK_FWS_OUDA_1.java

Load Script: FWK_FWS_OUDA_1.ldr

Cleanup Script: FWK_FWS_OUDA_1.clr

Parameter File: FWK_FWS_OUDA_1.par

6.3.6.2.3 Test Procedure

Id	Description	API/Framework Expectation	APDU Expectation
1	Envelope(SMS-PP) formatted Ciphering; Cryptographic checksum; proof of receipt response shall be sent using SMS-Deliver-Report; no security applied to proof of receipt Data in plain text = "APPLET1"	The applet is triggered and sends a "Display Text" proactive command with the data received in the Envelope.	The SIM answers to the Envelope with status words 9Fxx and a PoR is retrieved with a GetResponse command. The PoR has no application data. The SIM answers to the Get Response command with status words 91xx to issue a Display Text "APPLET1".
2	Envelope(SMS-PP) formatted Ciphering; Cryptographic checksum; proof of receipt response shall be sent using SMS-Deliver-Report; no security applied to proof of receipt Data in plain text = "APPLET1"	The applet posts application data. It does not call the ProactiveHandler.send() method	The SIM answers to the Envelope with status words 9Fxx and a PoR is retrieved with a GetResponse command. The PoR has the application data posted by the application. The SIM answers to the Get Response command with status words 9000.
3	Envelope(SMS-PP) formatted Ciphering; Cryptographic checksum; proof of receipt response shall be sent using SMS-Deliver-Report; no security applied to proof of receipt Data in plain text = "TEST"	The applet posts application data and calls the ProactiveHandler.send() method to send a "Display Text" proactive command with the data received in the Envelope.	The SIM answers to the Envelope with status words 9Fxx and a PoR is retrieved with a GetResponse command. The PoR has the application data posted by the application. The SIM answers to the Get Response command with status words 91xx to issue the Display Text "TEST".
4	Envelope(SMS-PP) formatted Ciphering; Cryptographic checksum; proof of receipt response shall be sent using SMS-Deliver-Report; proof of receipt shall be ciphered Data in plain text = "TEST"	The applet posts application data and calls the ProactiveHandler.send() method to send a "Display Text" proactive command with the data received in the Envelope.	The SIM answers to the Envelope with status words 9Fxx and a PoR is retrieved with a GetResponse command. The PoR has the application data posted by the application. The SIM answers to the Get Response command with status words 91xx to issue the Display Text "TEST".
5	Envelope(SMS-PP) formatted The Terminal Profile command shall be issued with the facility "’9EXX’ response code for SIM data download error" enabled The Envelope(SMS-PP) formatted has to be issued with the following features: No ciphering; Wrong Cryptographic checksum; proof of receipt response shall be sent using SMS-Deliver-Report; no security applied to proof of receiptData in plain text = "TEST"	No applet is triggered	The SIM answers to the Envelope with status words 9Exx and a PoR is retrieved with a GetResponse command. The Response Status Code Octet shall be ’01’.

6.3.6.2.4 Test Coverage

CRR Number	Test Case Number
CRRN1	1, 2, 3, 4, 5