RSPDefinitions {joint-iso-itu-t(2) international-organizations(23) gsma(146) rsp(1) spec-version(1) version-two(2)}
DEFINITIONS
AUTOMATIC TAGS
EXTENSIBILITY IMPLIED ::=
BEGIN
 
IMPORTS Certificate, CertificateList, Time FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18)}
SubjectKeyIdentifier FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19)};
 
id-rsp OBJECT IDENTIFIER ::= {joint-iso-itu-t(2) international-organizations(23) gsma(146) rsp(1)}
 
-- Basic types, for size constraints
Octet8 ::= OCTET STRING (SIZE(8))
Octet16 ::= OCTET STRING (SIZE(16))
OctetTo16 ::= OCTET STRING (SIZE(1..16))
Octet32 ::= OCTET STRING (SIZE(32))
Octet1 ::= OCTET STRING(SIZE(1))
Octet2 ::= OCTET STRING (SIZE(2))
VersionType ::= OCTET STRING(SIZE(3)) -- major/minor/revision version are coded as binary value on byte 1/2/3, e.g. '02 00 0C' for v2.0.12.
Iccid ::= [APPLICATION 26] OCTET STRING (SIZE(10)) -- ICCID as coded in EFiccid, corresponding tag is '5A'
RemoteOpId ::= [2] INTEGER {installBoundProfilePackage(1)}
TransactionId ::= OCTET STRING (SIZE(1..16))
 
-- Definition of EUICCInfo1 --------------------------
GetEuiccInfo1Request ::= [32] SEQUENCE { -- Tag 'BF20'
}
 
EUICCInfo1 ::= [32] SEQUENCE { -- Tag 'BF20'
    svn [2] VersionType,    -- GSMA SGP.22 version supported (SVN)
    euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification
    euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier -- List of CI Public Key Identifier supported on the eUICC for signature creation
}
 
-- Definition of EUICCInfo2 --------------------------
GetEuiccInfo2Request ::= [34] SEQUENCE { -- Tag 'BF22'
}
 
EUICCInfo2 ::= [34] SEQUENCE { -- Tag 'BF22'
    profileVersion [1] VersionType,     -- SIMAlliance Profile package version supported
    svn [2] VersionType,    -- GSMA SGP.22 version supported (SVN)
    euiccFirmwareVer [3] VersionType,   -- eUICC Firmware version
    extCardResource [4] OCTET STRING,   -- Extended Card Resource Information according to ETSI TS 102 226
    uiccCapability [5] UICCCapability,
    javacardVersion [6] VersionType OPTIONAL,
    globalplatformVersion [7] VersionType OPTIONAL,
    rspCapability [8] RspCapability,
    euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification
    euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifier supported on the eUICC for signature creation
    euiccCategory [11] INTEGER {
        other(0),
        basicEuicc(1),
        mediumEuicc(2),
        contactlessEuicc(3)
    } OPTIONAL,
    forbiddenProfilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
    ppVersion VersionType, -- Protection Profile version
    sasAcreditationNumber UTF8String (SIZE(0..64)),
    certificationDataObject [12] CertificationDataObject OPTIONAL
}
 
-- Definition of RspCapability
RspCapability ::= BIT STRING {
    additionalProfile(0), -- at least one more Profile can be installed
    crlSupport(1), -- CRL
    rpmSupport(2), -- Remote Profile Management
    testProfileSupport (3) -- support for test profile
}
 
-- Definition of CertificationDataObject
CertificationDataObject ::= SEQUENCE {
    platformLabel UTF8String,   -- Platform_Label as defined in GlobalPlatform DLOA specification [57]
    discoveryBaseURL UTF8String -- Discovery Base URL of the SE default DLOA Registrar as defined in GlobalPlatform DLOA specification [57]
}
 
CertificateInfo ::= BIT STRING {
 
    reserved(0),    -- eUICC has a CERT.EUICC.ECDSA in GlobalPlatform format. The use of this bit is deprecated.
    certSigningX509(1),     -- eUICC has a CERT.EUICC.ECDSA in X.509 format
    rfu2(2),
    rfu3(3),
    reserved2(4), -- Handling of Certificate in GlobalPlatform format. The use of this bit is deprecated.
    certVerificationX509(5)-- Handling of Certificate in X.509 format
}
 
-- Definition of UICCCapability
UICCCapability ::= BIT STRING {
/* Sequence is derived from ServicesList[] defined in SIMalliance PEDefinitions*/
    contactlessSupport(0),  -- Contactless (SWP, HCI and associated APIs)
    usimSupport(1),         -- USIM as defined by 3GPP
    isimSupport(2),         -- ISIM as defined by 3GPP
    csimSupport(3),         -- CSIM as defined by 3GPP2
 
    akaMilenage(4),         -- Milenage as AKA algorithm
    akaCave(5),             -- CAVE as authentication algorithm
    akaTuak128(6),          -- TUAK as AKA algorithm with 128 bit key length
    akaTuak256(7),          -- TUAK as AKA algorithm with 256 bit key length
    rfu1(8),                    -- reserved for further algorithms
    rfu2(9),                    -- reserved for further algorithms
 
    gbaAuthenUsim(10),  -- GBA authentication in the context of USIM
    gbaAuthenISim(11),  -- GBA authentication in the context of ISIM
    mbmsAuthenUsim(12),     -- MBMS authentication in the context of USIM
    eapClient(13),          -- EAP client
 
    javacard(14),               -- Javacard support
    multos(15),             -- Multos support
 
    multipleUsimSupport(16),     -- Multiple USIM applications are supported within the same Profile
    multipleIsimSupport(17),      -- Multiple ISIM applications are supported within the same Profile
    multipleCsimSupport(18)   -- Multiple CSIM applications are supported within the same Profile
}
 
-- Definition of DeviceInfo
DeviceInfo ::= SEQUENCE {
    tac Octet8,
    deviceCapabilities DeviceCapabilities,
    imei Octet8 OPTIONAL
}
 
DeviceCapabilities ::= SEQUENCE { -- Highest fully supported release for each definition
  -- The device SHALL set all the capabilities it supports
    gsmSupportedRelease VersionType OPTIONAL,
    utranSupportedRelease VersionType OPTIONAL,
    cdma2000onexSupportedRelease VersionType OPTIONAL,
    cdma2000hrpdSupportedRelease VersionType OPTIONAL,
    cdma2000ehrpdSupportedRelease VersionType OPTIONAL,
    eutranSupportedRelease VersionType OPTIONAL,
    contactlessSupportedRelease VersionType OPTIONAL,
    rspCrlSupportedVersion VersionType OPTIONAL,
    rspRpmSupportedVersion VersionType OPTIONAL
}
 
ProfileInfoListRequest ::= [45] SEQUENCE { -- Tag 'BF2D'
    searchCriteria [0] CHOICE {
        isdpAid [APPLICATION 15] OctetTo16, -- AID of the ISD-P, tag '4F'
        iccid Iccid, -- ICCID, tag '5A'
        profileClass [21] ProfileClass -- Tag '95'
    } OPTIONAL,
    tagList [APPLICATION 28] OCTET STRING OPTIONAL -- tag '5C'
}
 
-- Definition of ProfileInfoList
ProfileInfoListResponse ::= [45] CHOICE { -- Tag 'BF2D'
    profileInfoListOk SEQUENCE OF ProfileInfo,
    profileInfoListError ProfileInfoListError
}
 
ProfileInfo ::= [PRIVATE 3] SEQUENCE { -- Tag 'E3'
    iccid Iccid OPTIONAL,
    isdpAid [APPLICATION 15] OctetTo16 OPTIONAL, -- AID of the ISD-P containing the Profile, tag '4F'
    profileState [112] ProfileState OPTIONAL, -- Tag '9F70'
    profileNickname [16] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '90'
    serviceProviderName [17] UTF8String (SIZE(0..32)) OPTIONAL, -- Tag '91'
    profileName [18] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '92'
    iconType [19] IconType OPTIONAL, -- Tag '93'
    icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94', see condition in ES10c:GetProfilesInfo
    profileClass [21] ProfileClass DEFAULT operational, -- Tag '95'
    notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL, -- Tag 'B6'
    profileOwner [23] OperatorID OPTIONAL, -- Tag 'B7'
    dpProprietaryData [24] DpProprietaryData OPTIONAL, -- Tag 'B8'
    profilePolicyRules [25] PprIds OPTIONAL -- Tag '99'
}
 
PprIds ::= BIT STRING {-- Definition of Profile Policy Rules identifiers
    pprUpdateControl(0), -- defines how to update PPRs via ES6
    ppr1(1), -- Indicator for PPR1 'Disabling of this Profile is not allowed'
    ppr2(2), -- Indicator for PPR2 'Deletion of this Profile is not allowed'
    ppr3(3)  -- Indicator for PPR3 'Deletion of this Profile is required upon its successful disabling'
}
 
OperatorID ::= SEQUENCE {
    mccMnc OCTET STRING (SIZE(3)), -- MCC and MNC coded as defined in 3GPP TS 24.008 [32]
    gid1 OCTET STRING OPTIONAL, -- referring to content of EF GID1 (file identifier '6F3E') as defined in 3GPP TS 31.102 [54]
    gid2 OCTET STRING OPTIONAL -- referring to content of EF GID2 (file identifier '6F3F') as defined in 3GPP TS 31.102 [54]
}
 
ProfileInfoListError ::= INTEGER {incorrectInputValues(1), undefinedError(127)}
 
-- Definition of StoreMetadata request
 
StoreMetadataRequest ::= [37] SEQUENCE { -- Tag 'BF25'
    iccid Iccid,
    serviceProviderName [17] UTF8String (SIZE(0..32)), -- Tag '91'
    profileName [18] UTF8String (SIZE(0..64)), -- Tag '92' (corresponds to 'Short Description' defined in SGP.21 [2])
    iconType [19] IconType OPTIONAL, -- Tag '93' (JPG or PNG)
    icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94'(Data of the icon. Size 64 x 64 pixel. This field SHALL only be present if iconType is present)
    profileClass [21] ProfileClass OPTIONAL, -- Tag '95' (default if absent: 'operational')
    notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL,
    profileOwner [23] OperatorID OPTIONAL, -- Tag 'B7'
    profilePolicyRules [25] PprIds OPTIONAL -- Tag '99'
}
 
NotificationEvent ::= BIT STRING {
    notificationInstall (0),
    notificationEnable(1),
    notificationDisable(2),
    notificationDelete(3)
}
 
NotificationConfigurationInformation ::= SEQUENCE {
    profileManagementOperation NotificationEvent,
    notificationAddress UTF8String -- FQDN to forward the notification
}
 
IconType ::= INTEGER {jpg(0), png(1)}
ProfileState ::= INTEGER {disabled(0), enabled(1)}
ProfileClass ::= INTEGER {test(0), provisioning(1), operational(2)}
 
-- Definition of UpdateMetadata request
UpdateMetadataRequest ::= [42] SEQUENCE {  -- Tag 'BF2A'
    serviceProviderName [17] UTF8String (SIZE(0..32)) OPTIONAL, -- Tag '91'
    profileName [18] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '92'
    iconType [19] IconType OPTIONAL, -- Tag '93'
    icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94'
    profilePolicyRules [25] PprIds OPTIONAL -- Tag '99'
}
 
-- Definition of data objects for command PrepareDownload -------------------------
PrepareDownloadRequest ::= [33] SEQUENCE {  -- Tag 'BF21'
    smdpSigned2 SmdpSigned2,            -- Signed information
    smdpSignature2 [APPLICATION 55] OCTET STRING,   -- DP_Sign1, tag '5F37'
    hashCc Octet32 OPTIONAL, -- Hash of confirmation code
    smdpCertificate Certificate -- CERT.DPpb.ECDSA
}
 
SmdpSigned2 ::= SEQUENCE {
    transactionId [0] TransactionId,    -- The TransactionID generated by the SM DP+
    ccRequiredFlag BOOLEAN, --Indicates if the Confirmation Code is required
    bppEuiccOtpk [APPLICATION 73] OCTET STRING OPTIONAL     -- otPK.EUICC.ECKA already used for binding the BPP, tag '5F49'
}
 
PrepareDownloadResponse ::= [33] CHOICE {  -- Tag 'BF21'
    downloadResponseOk PrepareDownloadResponseOk,
    downloadResponseError PrepareDownloadResponseError
}
 
PrepareDownloadResponseOk ::= SEQUENCE {
    euiccSigned2 EUICCSigned2,  -- Signed information
    euiccSignature2 [APPLICATION 55] OCTET STRING   -- tag '5F37'
}
 
EUICCSigned2 ::= SEQUENCE {
    transactionId [0] TransactionId,
    euiccOtpk [APPLICATION 73] OCTET STRING,        -- otPK.EUICC.ECKA, tag '5F49'
    hashCc Octet32 OPTIONAL         -- Hash of confirmation code
}
 
PrepareDownloadResponseError ::= SEQUENCE {
    transactionId [0] TransactionId,
    downloadErrorCode DownloadErrorCode
}
 
DownloadErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2), unsupportedCurve(3), noSessionContext(4), invalidTransactionId(5), undefinedError(127)}
 
-- Definition of data objects for command AuthenticateServer--------------------
AuthenticateServerRequest ::= [56] SEQUENCE { -- Tag 'BF38'
    serverSigned1 ServerSigned1,                -- Signed information
    serverSignature1 [APPLICATION 55] OCTET STRING,     -- tag ?5F37?
    euiccCiPKIdToBeUsed SubjectKeyIdentifier,       -- CI Public Key Identifier to be used
    serverCertificate Certificate, -- RSP Server Certificate CERT.XXauth.ECDSA
    ctxParams1 CtxParams1
}
 
ServerSigned1 ::= SEQUENCE {
    transactionId [0] TransactionId,        -- The Transaction ID generated by the RSP Server
    euiccChallenge [1] Octet16,     -- The eUICC Challenge
    serverAddress [3] UTF8String,   -- The RSP Server address
    serverChallenge [4] Octet16     -- The RSP Server Challenge
}
 
CtxParams1 ::= CHOICE {
    ctxParamsForCommonAuthentication CtxParamsForCommonAuthentication -- New contextual data objects may be defined for extensibility
}
 
CtxParamsForCommonAuthentication ::= SEQUENCE {
    matchingId UTF8String OPTIONAL,-- The MatchingId could be the Activation code token or EventID or empty
    deviceInfo DeviceInfo -- The Device information
}
 
AuthenticateServerResponse ::= [56] CHOICE { -- Tag 'BF38'
    authenticateResponseOk AuthenticateResponseOk,
    authenticateResponseError AuthenticateResponseError
}
 
AuthenticateResponseOk ::= SEQUENCE {
    euiccSigned1 EuiccSigned1,      -- Signed information
    euiccSignature1 [APPLICATION 55] OCTET STRING,  --EUICC_Sign1, tag 5F37
    euiccCertificate Certificate,   -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM
    eumCertificate Certificate  -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI
}
 
EuiccSigned1 ::= SEQUENCE {
    transactionId [0] TransactionId,
    serverAddress [3] UTF8String,
    serverChallenge [4] Octet16,    -- The RSP Server Challenge
    euiccInfo2 [34] EUICCInfo2,
    ctxParams1 CtxParams1
}
 
AuthenticateResponseError ::= SEQUENCE {
    transactionId [0] TransactionId,
    authenticateErrorCode AuthenticateErrorCode
}
 
AuthenticateErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2), unsupportedCurve(3), noSessionContext(4), invalidOid(5), euiccChallengeMismatch(6), ciPKUnknown(7), undefinedError(127)}
 
-- Definition of Cancel Session------------------------------
CancelSessionRequest ::= [65] SEQUENCE { -- Tag 'BF41'
    transactionId TransactionId,     -- The TransactionID generated by the RSP Server
    reason CancelSessionReason
}
 
CancelSessionReason ::= INTEGER {endUserRejection(0), postponed(1), timeout(2), pprNotAllowed(3)}
 
CancelSessionResponse ::= [65] CHOICE { -- Tag 'BF41'
    cancelSessionResponseOk CancelSessionResponseOk,
    cancelSessionResponseError INTEGER {invalidTransactionId(5), undefinedError(127)}
}
 
CancelSessionResponseOk ::= SEQUENCE {
    euiccCancelSessionSigned EuiccCancelSessionSigned,  -- Signed information
    euiccCancelSessionSignature [APPLICATION 55] OCTET STRING   -- tag '5F37
}
 
EuiccCancelSessionSigned ::= SEQUENCE {
    transactionId TransactionId,
    smdpOid OBJECT IDENTIFIER, -- SM-DP+ OID as contained in CERT.DPauth.ECDSA
    reason CancelSessionReason
}
 
-- Definition of Bound Profile Package --------------------------
BoundProfilePackage ::= [54] SEQUENCE { -- Tag 'BF36'
    initialiseSecureChannelRequest [35] InitialiseSecureChannelRequest, -- Tag 'BF23'
    firstSequenceOf87 [0] SEQUENCE OF [7] OCTET STRING, -- sequence of '87' TLVs
    sequenceOf88 [1] SEQUENCE OF [8] OCTET STRING, -- sequence of '88' TLVs
    secondSequenceOf87 [2] SEQUENCE OF [7] OCTET STRING OPTIONAL, -- sequence of '87' TLVs
    sequenceOf86 [3] SEQUENCE OF [6] OCTET STRING -- sequence of '86' TLVs
}
 
-- Definition of Get eUICC Challenge --------------------------
GetEuiccChallengeRequest ::= [46] SEQUENCE { -- Tag 'BF2E'
}
 
GetEuiccChallengeResponse ::= [46] SEQUENCE { -- Tag 'BF2E'
    euiccChallenge Octet16  -- random eUICC challenge
}
 
-- Definition of Profile Installation Resulceipt
ProfileInstallationResult ::= [55] SEQUENCE { -- Tag 'BF37'
    profileInstallationResultData [39] ProfileInstallationResultData,
    euiccSignPIR EuiccSignPIR
}
 
ProfileInstallationResultData ::= [39] SEQUENCE { -- Tag 'BF27'
    transactionId[0] TransactionId, -- The TransactionID generated by the SM-DP+
    notificationMetadata[47] NotificationMetadata,
    smdpOid OBJECT IDENTIFIER OPTIONAL, -- SM-DP+ OID (same value as in CERT.DPpb.ECDSA)
    finalResult [2] CHOICE {
        successResult SuccessResult,
        errorResult ErrorResult
    }
}
 
EuiccSignPIR ::= [APPLICATION 55] OCTET STRING -- Tag '5F37', eUICC?s signature
 
SuccessResult ::= SEQUENCE {
    aid [APPLICATION 15] OCTET STRING (SIZE (5..16)), -- AID of ISD-P
    simaResponse OCTET STRING -- contains (multiple) 'EUICCResponse' as defined in [5]
}
 
ErrorResult ::= SEQUENCE {
    bppCommandId BppCommandId,
    errorReason ErrorReason,
    simaResponse OCTET STRING OPTIONAL -- contains (multiple) 'EUICCResponse' as defined in [5]
}
 
BppCommandId ::= INTEGER {initialiseSecureChannel(0), configureISDP(1), storeMetadata(2), storeMetadata2(3), replaceSessionKeys(4), loadProfileElements(5)}
 
ErrorReason ::= INTEGER {
    incorrectInputValues(1),
    invalidSignature(2),
    invalidTransactionId(3),
    unsupportedCrtValues(4),
    unsupportedRemoteOperationType(5),
    unsupportedProfileClass(6),
    scp03tStructureError(7),
    scp03tSecurityError(8),
    installFailedDueToIccidAlreadyExistsOnEuicc(9), installFailedDueToInsufficientMemoryForProfile(10),
    installFailedDueToInterruption(11),
    installFailedDueToPEProcessingError (12),
    installFailedDueToIccidMismatch(13),
    testProfileInstallFailedDueToInvalidNaaKey(14),
    pprNotAllowed(15),
    installFailedDueToUnknownError(127)
}
 
ListNotificationRequest ::= [40] SEQUENCE { -- Tag 'BF28'
    profileManagementOperation [1] NotificationEvent OPTIONAL
}
 
ListNotificationResponse ::= [40] CHOICE { -- Tag 'BF28'
    notificationMetadataList SEQUENCE OF NotificationMetadata,
    listNotificationsResultError INTEGER {undefinedError(127)}
}
 
NotificationMetadata ::= [47] SEQUENCE { -- Tag 'BF2F'
    seqNumber [0] INTEGER,
    profileManagementOperation [1] NotificationEvent, --Only one bit set to 1
    notificationAddress UTF8String, -- FQDN to forward the notification
    iccid Iccid OPTIONAL
}
 
-- Definition of Profile Nickname Information
SetNicknameRequest ::= [41] SEQUENCE {  -- Tag 'BF29'
    iccid Iccid,
    profileNickname [16] UTF8String (SIZE(0..64))
}
 
SetNicknameResponse ::= [41] SEQUENCE { -- Tag 'BF29'
    setNicknameResult INTEGER {ok(0), iccidNotFound (1), undefinedError(127)}
}
 
id-rsp-cert-objects OBJECT IDENTIFIER ::= {  id-rsp cert-objects(2)}
 
id-rspExt OBJECT IDENTIFIER ::= {id-rsp-cert-objects 0}
 
id-rspRole OBJECT IDENTIFIER ::= {id-rsp-cert-objects 1}
 
-- Definition of OIDs for role identification
id-rspRole-ci OBJECT IDENTIFIER ::= {id-rspRole 0}
id-rspRole-euicc OBJECT IDENTIFIER ::= {id-rspRole 1}
id-rspRole-eum OBJECT IDENTIFIER ::= {id-rspRole 2}
id-rspRole-dp-tls OBJECT IDENTIFIER ::= {id-rspRole 3}
id-rspRole-dp-auth OBJECT IDENTIFIER ::= {id-rspRole 4}
id-rspRole-dp-pb OBJECT IDENTIFIER ::= {id-rspRole 5}
id-rspRole-ds-tls OBJECT IDENTIFIER ::= {id-rspRole 6}
id-rspRole-ds-auth OBJECT IDENTIFIER ::= {id-rspRole 7}
 
--Definition of data objects for InitialiseSecureChannel Request
InitialiseSecureChannelRequest ::= [35] SEQUENCE { -- Tag 'BF23'
    remoteOpId RemoteOpId, -- Remote Operation Type Identifier (value SHALL be set to installBoundProfilePackage)
    transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+
    controlRefTemplate[6] IMPLICIT ControlRefTemplate, -- Control Reference Template (Key Agreement). Current specification considers a subset of CRT specified in GlobalPlatform Card Specification [8], section 6.4.2.3 for the Mutual Authentication Data Field
    smdpOtpk [APPLICATION 73] OCTET STRING, ---otPK.DP.ECKA as specified in GlobalPlatform Card Specification [8] section 6.4.2.3 for ePK.OCE.ECKA, tag '5F49'
    smdpSign [APPLICATION 55] OCTET STRING -- SM-DP's signature, tag '5F37'
}
 
ControlRefTemplate ::= SEQUENCE {
keyType[0] Octet1, -- Key type according to GlobalPlatform Card Specification [8] Table 11-16, AES= '88', Tag '80'
keyLen[1] Octet1, --Key length in number of bytes. For current specification key length SHALL by 0x10 bytes, Tag '81'
hostId[4] OctetTo16 -- Host ID value , Tag '84'
}
 
--Definition of data objects for ConfigureISDPRequest
ConfigureISDPRequest ::= [36] SEQUENCE { -- Tag 'BF24'
    dpProprietaryData [24] DpProprietaryData OPTIONAL -- Tag 'B8'
}
 
DpProprietaryData ::= SEQUENCE { --  maximum size including tag and length field: 128 bytes
    dpOid OBJECT IDENTIFIER -- OID in the tree of the SM-DP+ that created the Profile
    -- additional data objects defined by the SM-DP+ MAY follow
}
 
-- Definition of request message for command ReplaceSessionKeys
ReplaceSessionKeysRequest ::= [38] SEQUENCE { -- tag 'BF26'
/*The new initial MAC chaining value*/
    initialMacChainingValue OCTET STRING,
/*New session key value for encryption/decryption (PPK-ENC)*/
    ppkEnc OCTET STRING,
/*New session key value of the session key C-MAC computation/verification (PPK-MAC)*/
    ppkCmac OCTET STRING
}
 
-- Definition of data objects for RetrieveNotificationsList
RetrieveNotificationsListRequest ::= [43] SEQUENCE { -- Tag 'BF2B'
    searchCriteria CHOICE {
        seqNumber [0] INTEGER,
        profileManagementOperation [1] NotificationEvent
    } OPTIONAL
}
 
RetrieveNotificationsListResponse ::= [43] CHOICE { -- Tag 'BF2B'
    notificationList SEQUENCE OF PendingNotification,
    notificationsListResultError INTEGER {noResultAvailable(1), undefinedError(127)}
}
 
PendingNotification ::= CHOICE {
    profileInstallationResult [55] ProfileInstallationResult, -- tag 'BF37'
    otherSignedNotification OtherSignedNotification
}
 
OtherSignedNotification ::= SEQUENCE {
    tbsOtherNotification NotificationMetadata,
    euiccNotificationSignature [APPLICATION 55] OCTET STRING,   -- eUICC signature of tbsOtherNotification, Tag '5F37'
    euiccCertificate Certificate,   -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM
    eumCertificate Certificate  -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI
}
 
-- Definition of notificationSent
NotificationSentRequest ::= [48] SEQUENCE { -- Tag 'BF30'
    seqNumber [0] INTEGER
}
 
NotificationSentResponse ::= [48] SEQUENCE { -- Tag 'BF30'
    deleteNotificationStatus INTEGER {ok(0), nothingToDelete(1), undefinedError(127)}
}
 
-- Definition of Enable Profile --------------------------
EnableProfileRequest ::= [49] SEQUENCE { -- Tag 'BF31'
    profileIdentifier CHOICE {
        isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F'
        iccid Iccid -- ICCID, tag '5A'
    },
    refreshFlag BOOLEAN -- indicating whether REFRESH is required
}
 
EnableProfileResponse ::= [49] SEQUENCE { -- Tag 'BF31'
    enableResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInDisabledState(2), disallowedByPolicy(3), wrongProfileReenabling(4), undefinedError(127)}
}
 
-- Definition of Disable Profile --------------------------
DisableProfileRequest ::= [50] SEQUENCE { -- Tag 'BF32'
    profileIdentifier CHOICE {
        isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F'
        iccid Iccid -- ICCID, tag '5A'
    },
    refreshFlag BOOLEAN -- indicating whether REFRESH is required
}
 
DisableProfileResponse ::= [50] SEQUENCE { -- Tag 'BF32'
    disableResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInEnabledState(2), disallowedByPolicy(3), undefinedError(127)}
}
 
-- Definition of Delete Profile --------------------------
DeleteProfileRequest ::= [51] CHOICE { -- Tag 'BF33'
    isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F'
    iccid Iccid -- ICCID, tag '5A'
}
 
DeleteProfileResponse ::= [51] SEQUENCE { -- Tag 'BF33'
    deleteResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInDisabledState(2), disallowedByPolicy(3), undefinedError(127)}
}
 
-- Definition of Memory Reset --------------------------
EuiccMemoryResetRequest ::= [52] SEQUENCE { -- Tag 'BF34'
    resetOptions [2] BIT STRING {
        deleteOperationalProfiles(0),
        deleteFieldLoadedTestProfiles(1),
        resetDefaultSmdpAddress(2)}
}
 
EuiccMemoryResetResponse ::= [52] SEQUENCE { -- Tag 'BF34'
    resetResult INTEGER {ok(0), nothingToDelete(1), undefinedError(127)}
}
 
-- Definition of Get EID --------------------------
GetEuiccDataRequest ::= [62] SEQUENCE { -- Tag 'BF3E'
    tagList [APPLICATION 28] Octet1  -- tag '5C', the value SHALL be set to '5A'
}
 
GetEuiccDataResponse ::= [62] SEQUENCE { -- Tag 'BF3E'
    eidValue [APPLICATION 26] Octet16  -- tag '5A'
}
 
-- Definition of Get Rat
 
GetRatRequest ::= [67] SEQUENCE { -- Tag ' BF43'
    -- No input data
}
 
 
GetRatResponse ::= [67] SEQUENCE { -- Tag 'BF43'
    rat RulesAuthorisationTable
}
 
RulesAuthorisationTable ::= SEQUENCE OF ProfilePolicyAuthorisationRule
ProfilePolicyAuthorisationRule ::= SEQUENCE {
    pprIds PprIds,
    allowedOperators SEQUENCE OF OperatorID,
    pprFlags BIT STRING {consentRequired(0)}
}
 
-- Definition of data structure command for loading a CRL
LoadCRLRequest ::= [53] SEQUENCE { -- Tag 'BF35'
    -- A CRL-A
    crl CertificateList
}
 
-- Definition of data structure response for loading a CRL
LoadCRLResponse ::= [53] CHOICE {  -- Tag 'BF35'
loadCRLResponseOk LoadCRLResponseOk,
loadCRLResponseError LoadCRLResponseError
}
 
LoadCRLResponseOk ::= SEQUENCE {
    missingParts SEQUENCE OF SEQUENCE {
        number INTEGER (0..MAX)
    } OPTIONAL
}
LoadCRLResponseError ::= INTEGER {invalidSignature(1), invalidCRLFormat(2), notEnoughMemorySpace(3), verificationKeyNotFound(4), undefinedError(127)}
 
-- Definition of the extension for Certificate Expiration Date
id-rsp-expDate OBJECT IDENTIFIER ::= {id-rspExt 1}
ExpirationDate ::= Time
 
-- Definition of the extension id for total partial-CRL number
id-rsp-totalPartialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 2}
TotalPartialCrlNumber ::= INTEGER
 
 
-- Definition of the extension id for the partial-CRL number
id-rsp-partialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 3}
PartialCrlNumber ::= INTEGER
 
-- Definition for ES9+ ASN.1 Binding --------------------------
RemoteProfileProvisioningRequest ::= [2] CHOICE { -- Tag 'A2'
    initiateAuthenticationRequest [57] InitiateAuthenticationRequest,  -- Tag 'BF39'
    authenticateClientRequest [59] AuthenticateClientRequest, -- Tag 'BF3B'
    getBoundProfilePackageRequest [58] GetBoundProfilePackageRequest,  -- Tag 'BF3A'
    cancelSessionRequestEs9 [65] CancelSessionRequestEs9, -- Tag 'BF41'
    handleNotification [61] HandleNotification -- tag 'BF3D'
}
 
RemoteProfileProvisioningResponse ::= [2] CHOICE { -- Tag 'A2'
    initiateAuthenticationResponse [57] InitiateAuthenticationResponse, -- Tag 'BF39'
    authenticateClientResponseEs9 [59] AuthenticateClientResponseEs9, -- Tag 'BF3B'
    getBoundProfilePackageResponse [58] GetBoundProfilePackageResponse, -- Tag 'BF3A'
    cancelSessionResponseEs9 [65] CancelSessionResponseEs9, -- Tag 'BF41'
    authenticateClientResponseEs11 [64] AuthenticateClientResponseEs11 -- Tag 'BF40'
}
 
InitiateAuthenticationRequest ::= [57] SEQUENCE { -- Tag 'BF39'
    euiccChallenge [1] Octet16, -- random eUICC challenge
    smdpAddress [3] UTF8String,
    euiccInfo1 EUICCInfo1
}
 
InitiateAuthenticationResponse ::= [57] CHOICE { -- Tag 'BF39'
    initiateAuthenticationOk InitiateAuthenticationOkEs9,
    initiateAuthenticationError INTEGER {
        invalidDpAddress(1),
        euiccVersionNotSupportedByDp(2),
        ciPKNotSupported(3)
    }
}
 
InitiateAuthenticationOkEs9 ::= SEQUENCE {
    transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+
    serverSigned1 ServerSigned1, -- Signed information
    serverSignature1 [APPLICATION 55] OCTET STRING, -- Server_Sign1, tag '5F37'
    euiccCiPKIdToBeUsed SubjectKeyIdentifier, -- The curve CI Public Key to be used as required by ES10b.AuthenticateServer
    serverCertificate Certificate
}
 
AuthenticateClientRequest ::= [59] SEQUENCE { -- Tag 'BF3B'
    transactionId [0] TransactionId,
    authenticateServerResponse [56] AuthenticateServerResponse -- This is the response from ES10b.AuthenticateServer
}
 
AuthenticateClientResponseEs9 ::= [59] CHOICE { -- Tag 'BF3B'
    authenticateClientOk AuthenticateClientOk,
    authenticateClientError INTEGER {
        eumCertificateInvalid(1),
        eumCertificateExpired(2),
        euiccCertificateInvalid(3),
        euiccCertificateExpired(4),
        euiccSignatureInvalid(5),
        matchingIdRefused(6),
        eidMismatch(7),
        noEligibleProfile(8),
        ciPKUnknown(9),
        invalidTransactionId(10),
        undefinedError(127)
    }
}
 
AuthenticateClientOk ::= SEQUENCE {
    transactionId [0] TransactionId,
    profileMetaData [37] StoreMetadataRequest,
    prepareDownloadRequest [33] PrepareDownloadRequest
}
 
GetBoundProfilePackageRequest ::= [58] SEQUENCE { -- Tag 'BF3A'
    transactionId [0] TransactionId,
    prepareDownloadResponse [33] PrepareDownloadResponse
}
 
GetBoundProfilePackageResponse ::= [58] CHOICE { -- Tag 'BF3A'
    getBoundProfilePackageOk GetBoundProfilePackageOk,
    getBoundProfilePackageError INTEGER {
        euiccSignatureInvalid(1),
        confirmationCodeMissing(2),
        confirmationCodeRefused(3),
        confirmationCodeRetriesExceeded(4),
        invalidTransactionId(95),
        undefinedError(127)
    }
}
 
GetBoundProfilePackageOk ::= SEQUENCE {
    transactionId [0] TransactionId,
    boundProfilePackage [54] BoundProfilePackage
}
 
HandleNotification ::= [61] SEQUENCE {  -- Tag 'BF3D'
    pendingNotification PendingNotification
}
 
CancelSessionRequestEs9 ::= [65] SEQUENCE { -- Tag 'BF41'
    transactionId TransactionId,
    cancelSessionResponse  CancelSessionResponse -- data structure defined for ES10b.CancelSession function
}
 
CancelSessionResponseEs9 ::= [65] CHOICE { -- Tag 'BF41'
    cancelSessionOk CancelSessionOk,
    cancelSessionError INTEGER {
        invalidTransactionId(1),
        euiccSignatureInvalid(2),
        undefinedError(127)
    }
}
 
CancelSessionOk ::= SEQUENCE { -- This function has no output data
}
 
EuiccConfiguredAddressesRequest ::= [60] SEQUENCE { -- Tag 'BF3C'
}
 
EuiccConfiguredAddressesResponse ::= [60] SEQUENCE {  -- Tag 'BF3C'
    defaultDpAddress UTF8String OPTIONAL,  -- Default SM-DP+ address as an FQDN
    rootDsAddress UTF8String  -- Root SM-DS address as an FQDN
}
 
ISDRProprietaryApplicationTemplate ::= [PRIVATE 0] SEQUENCE { -- Tag 'E0'  
    svn [2] VersionType,    -- GSMA SGP.22 version supported (SVN)
    lpaeSupport BIT STRING {
        lpaeUsingCat(0), -- LPA in the eUICC using Card Application Toolkit
        lpaeUsingScws(1) -- LPA in the eUICC using Smartcard Web Server
    } OPTIONAL
}
 
LpaeActivationRequest ::= [66] SEQUENCE { -- Tag 'BF42'
    lpaeOption BIT STRING {
        activateCatBasedLpae(0), -- LPAe with LUIe based on CAT
        activateScwsBasedLpae(1) -- LPAe with LUIe based on SCWS
    }
}
 
LpaeActivationResponse ::= [66] SEQUENCE { -- Tag 'BF42'
    lpaeActivationResult INTEGER {ok(0), notSupported(1)}
}
 
SetDefaultDpAddressRequest ::= [63] SEQUENCE { -- Tag 'BF3F'
    defaultDpAddress UTF8String -- Default SM-DP+ address as an FQDN
}
 
SetDefaultDpAddressResponse ::= [63] SEQUENCE { -- Tag 'BF3F'
    setDefaultDpAddressResult INTEGER { ok (0), undefinedError (127)}
}
 
AuthenticateClientResponseEs11 ::= [64] CHOICE {  -- Tag 'BF40'
    authenticateClientOk AuthenticateClientOkEs11,
    authenticateClientError INTEGER {
        eumCertificateInvalid(1),
        eumCertificateExpired(2),
        euiccCertificateInvalid(3),
        euiccCertificateExpired(4),
        euiccSignatureInvalid(5),
        eventIdUnknown(6),
        invalidTransactionId(7),
        undefinedError(127)
    }
}
 
AuthenticateClientOkEs11 ::= SEQUENCE {
    transactionId TransactionId,
    eventEntries SEQUENCE OF EventEntries
}
 
EventEntries ::= SEQUENCE {
    eventId UTF8String,
    rspServerAddress UTF8String
}
 
END