--Version V2.5 RSPDefinitions {joint-iso-itu-t(2) international-organizations(23) gsma(146) rsp(1) asn1modules(1) sgp22v2(2)} DEFINITIONS AUTOMATIC TAGS EXTENSIBILITY IMPLIED ::= BEGIN IMPORTS Certificate, CertificateList, Time FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18)} SubjectKeyIdentifier FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19)} UICCCapability FROM PEDefinitions {joint-iso-itu-t(2) international-organizations(23) tca(143) euicc-profile(1) spec-version(1) version-three(3)}; -- The UICCCapability import module version is defined in section 5.7.8 id-rsp OBJECT IDENTIFIER ::= {joint-iso-itu-t(2) international-organizations(23) gsma(146) rsp(1)} -- Basic types, for size constraints Octet8 ::= OCTET STRING (SIZE(8)) Octet4 ::= OCTET STRING (SIZE(4)) Octet16 ::= OCTET STRING (SIZE(16)) OctetTo16 ::= OCTET STRING (SIZE(1..16)) Octet32 ::= OCTET STRING (SIZE(32)) Octet1 ::= OCTET STRING(SIZE(1)) Octet2 ::= OCTET STRING (SIZE(2)) VersionType ::= OCTET STRING(SIZE(3)) -- major/minor/revision version are coded as binary value on byte 1/2/3, e.g. '02 00 0C' for v2.0.12. -- If revision is not used (e.g. v2.1), byte 3 SHALL be set to '00'. Iccid ::= [APPLICATION 26] OCTET STRING (SIZE(10)) -- ICCID as coded in EFiccid, corresponding tag is '5A' RemoteOpId ::= [2] INTEGER {installBoundProfilePackage(1)} TransactionId ::= OCTET STRING (SIZE(1..16)) -- Definition of EUICCInfo1 -------------------------- GetEuiccInfo1Request ::= [32] SEQUENCE { -- Tag 'BF20' } EUICCInfo1 ::= [32] SEQUENCE { -- Tag 'BF20' svn [2] VersionType, -- GSMA SGP.22 version supported (SVN) euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier -- List of CI Public Key Identifier supported on the eUICC for signature creation } -- Definition of EUICCInfo2 -------------------------- GetEuiccInfo2Request ::= [34] SEQUENCE { -- Tag 'BF22' } EUICCInfo2 ::= [34] SEQUENCE { -- Tag 'BF22' profileVersion [1] VersionType, -- Base eUICC Profile package version supported svn [2] VersionType, -- GSMA SGP.22 version supported (SVN) euiccFirmwareVer [3] VersionType, -- eUICC Firmware version extCardResource [4] OCTET STRING, -- Extended Card Resource Information according to ETSI TS 102 226 uiccCapability [5] UICCCapability, ts102241Version [6] VersionType OPTIONAL, globalplatformVersion [7] VersionType OPTIONAL, rspCapability [8] RspCapability, euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifier supported on the eUICC for signature creation euiccCategory [11] INTEGER { other(0), basicEuicc(1), mediumEuicc(2), contactlessEuicc(3) } OPTIONAL, forbiddenProfilePolicyRules [25] PprIds OPTIONAL, -- Tag '99' ppVersion VersionType, -- Protection Profile version sasAcreditationNumber UTF8String (SIZE(0..64)), certificationDataObject [12] CertificationDataObject OPTIONAL, treProperties [13] BIT STRING { isDiscrete(0), isIntegrated(1), usesRemoteMemory(2) -- refers to the usage of remote memory protected by the Remote Memory Protection Function described in SGP.21 [4] } OPTIONAL, treProductReference [14] UTF8String OPTIONAL, -- Platform_Label as defined in GlobalPlatform DLOA specification [57] additionalEuiccProfilePackageVersions [15] SEQUENCE OF VersionType OPTIONAL } -- Definition of RspCapability RspCapability ::= BIT STRING { additionalProfile(0), -- at least one more Profile can be installed crlSupport(1), -- CRL rpmSupport(2), -- Remote Profile Management testProfileSupport (3), -- support for test profile deviceInfoExtensibilitySupport (4), -- support for ASN.1 extensibility in the Device Info serviceSpecificDataSupport (5) -- support for Service Specific Data in the Profile Metadata } -- Definition of CertificationDataObject CertificationDataObject ::= SEQUENCE { platformLabel UTF8String, -- Platform_Label as defined in GlobalPlatform DLOA specification [57] discoveryBaseURL UTF8String -- Discovery Base URL of the SE default DLOA Registrar as defined in GlobalPlatform DLOA specification [57] } CertificateInfo ::= BIT STRING { reserved(0), -- eUICC has a CERT.EUICC.ECDSA in GlobalPlatform format. The use of this bit is deprecated. certSigningX509(1), -- eUICC has a CERT.EUICC.ECDSA in X.509 format rfu2(2), rfu3(3), reserved2(4), -- Handling of Certificate in GlobalPlatform format. The use of this bit is deprecated. certVerificationX509(5)-- Handling of Certificate in X.509 format } -- Definition of DeviceInfo DeviceInfo ::= SEQUENCE { tac Octet4, deviceCapabilities DeviceCapabilities, imei Octet8 OPTIONAL } DeviceCapabilities ::= SEQUENCE { -- Highest fully supported release for each definition -- The device SHALL set all the capabilities it supports gsmSupportedRelease VersionType OPTIONAL, utranSupportedRelease VersionType OPTIONAL, cdma2000onexSupportedRelease VersionType OPTIONAL, cdma2000hrpdSupportedRelease VersionType OPTIONAL, cdma2000ehrpdSupportedRelease VersionType OPTIONAL, eutranEpcSupportedRelease VersionType OPTIONAL, contactlessSupportedRelease VersionType OPTIONAL, rspCrlSupportedVersion VersionType OPTIONAL, nrEpcSupportedRelease VersionType OPTIONAL, nr5gcSupportedRelease VersionType OPTIONAL, eutran5gcSupportedRelease VersionType OPTIONAL, lpaSvn VersionType OPTIONAL, -- Not defined in this version of SGP.22 catSupportedClasses CatSupportedClasses OPTIONAL, -- Not defined in this version of SGP.22 euiccFormFactorType EuiccFormFactorType OPTIONAL, -- Not defined in this version of SGP.22 deviceAdditionalFeatureSupport DeviceAdditionalFeatureSupport OPTIONAL } -- Definition of DeviceAdditionalFeatureSupport DeviceAdditionalFeatureSupport ::= SEQUENCE { naiSupport VersionType OPTIONAL -- Device supports Network Access Identifier } CatSupportedClasses ::= BIT STRING EuiccFormFactorType ::= INTEGER ProfileInfoListRequest ::= [45] SEQUENCE { -- Tag 'BF2D' searchCriteria [0] CHOICE { isdpAid [APPLICATION 15] OctetTo16, -- AID of the ISD-P, tag '4F' iccid Iccid, -- ICCID, tag '5A' profileClass [21] ProfileClass -- Tag '95' } OPTIONAL, tagList [APPLICATION 28] OCTET STRING OPTIONAL -- tag '5C' } -- Definition of ProfileInfoList ProfileInfoListResponse ::= [45] CHOICE { -- Tag 'BF2D' profileInfoListOk SEQUENCE OF ProfileInfo, profileInfoListError ProfileInfoListError } ProfileInfo ::= [PRIVATE 3] SEQUENCE { -- Tag 'E3' iccid Iccid OPTIONAL, isdpAid [APPLICATION 15] OctetTo16 OPTIONAL, -- AID of the ISD-P containing the Profile, tag '4F' profileState [112] ProfileState OPTIONAL, -- Tag '9F70' profileNickname [16] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '90' serviceProviderName [17] UTF8String (SIZE(0..32)) OPTIONAL, -- Tag '91' profileName [18] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '92' iconType [19] IconType OPTIONAL, -- Tag '93' icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94', see condition in ES10c:GetProfilesInfo profileClass [21] ProfileClass OPTIONAL, -- Tag '95' notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL, -- Tag 'B6' profileOwner [23] OperatorId OPTIONAL, -- Tag 'B7' dpProprietaryData [24] DpProprietaryData OPTIONAL, -- Tag 'B8' profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99' serviceSpecificDataStoredInEuicc [34] VendorSpecificExtension OPTIONAL -- Tag 'BF22' } PprIds ::= BIT STRING {-- Definition of Profile Policy Rules identifiers pprUpdateControl(0), -- defines how to update PPRs via ES6 ppr1(1), -- Indicator for PPR1 'Disabling of this Profile is not allowed' ppr2(2) -- Indicator for PPR2 'Deletion of this Profile is not allowed' } OperatorId ::= SEQUENCE { mccMnc OCTET STRING (SIZE(3)), -- MCC and MNC coded as defined in 3GPP TS 24.008 [32] gid1 OCTET STRING OPTIONAL, -- referring to content of EF GID1 (file identifier '6F3E') as defined in 3GPP TS 31.102 [54] gid2 OCTET STRING OPTIONAL -- referring to content of EF GID2 (file identifier '6F3F') as defined in 3GPP TS 31.102 [54] } ProfileInfoListError ::= INTEGER {incorrectInputValues(1), undefinedError(127)} -- Definition of StoreMetadata request StoreMetadataRequest ::= [37] SEQUENCE { -- Tag 'BF25' iccid Iccid, serviceProviderName [17] UTF8String (SIZE(0..32)), -- Tag '91' profileName [18] UTF8String (SIZE(0..64)), -- Tag '92' (corresponds to 'Short Description' defined in SGP.21 [2]) iconType [19] IconType OPTIONAL, -- Tag '93' (JPG or PNG) icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94'(Data of the icon. Size 64 x 64 pixel. This field SHALL only be present if iconType is present) profileClass [21] ProfileClass DEFAULT operational, -- Tag '95' notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL, profileOwner [23] OperatorId OPTIONAL, -- Tag 'B7' profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99' serviceSpecificDataStoredInEuicc [34] VendorSpecificExtension OPTIONAL, -- Tag 'BF22' serviceSpecificDataNotStoredInEuicc [35] VendorSpecificExtension OPTIONAL -- Tag 'BF23' } NotificationEvent ::= BIT STRING { notificationInstall(0), notificationEnable(1), notificationDisable(2), notificationDelete(3) } NotificationConfigurationInformation ::= SEQUENCE { profileManagementOperation NotificationEvent, notificationAddress UTF8String -- FQDN to forward the notification } OPENTYPE ::= CLASS { &typeId OBJECT IDENTIFIER, &Type } VendorSpecificExtension ::= SEQUENCE OF SEQUENCE { vendorOid [0] OPENTYPE.&typeId, -- OID of the vendor who defined this specific extension vendorSpecificData [1] OPENTYPE.&Type } IconType ::= INTEGER {jpg(0), png(1)} ProfileState ::= INTEGER {disabled(0), enabled(1)} ProfileClass ::= INTEGER {test(0), provisioning(1), operational(2)} -- Definition of UpdateMetadata request UpdateMetadataRequest ::= [42] SEQUENCE { -- Tag 'BF2A' serviceProviderName [17] UTF8String (SIZE(0..32)) OPTIONAL, -- Tag '91' profileName [18] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '92' iconType [19] IconType OPTIONAL, -- Tag '93' icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94' profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99' serviceSpecificDataStoredInEuicc [34] VendorSpecificExtension OPTIONAL -- Tag 'BF22' } -- Definition of data objects for command PrepareDownload ------------------------- PrepareDownloadRequest ::= [33] SEQUENCE { -- Tag 'BF21' smdpSigned2 SmdpSigned2, -- Signed information smdpSignature2 [APPLICATION 55] OCTET STRING, -- DP_Sign1, tag '5F37' hashCc Octet32 OPTIONAL, -- Hash of confirmation code smdpCertificate Certificate -- CERT.DPpb.ECDSA } SmdpSigned2 ::= SEQUENCE { transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+ ccRequiredFlag BOOLEAN, --Indicates if the Confirmation Code is required bppEuiccOtpk [APPLICATION 73] OCTET STRING OPTIONAL -- otPK.EUICC.ECKA already used for binding the BPP, tag '5F49' } PrepareDownloadResponse ::= [33] CHOICE { -- Tag 'BF21' downloadResponseOk PrepareDownloadResponseOk, downloadResponseError PrepareDownloadResponseError } PrepareDownloadResponseOk ::= SEQUENCE { euiccSigned2 EUICCSigned2, -- Signed information euiccSignature2 [APPLICATION 55] OCTET STRING -- tag '5F37' } EUICCSigned2 ::= SEQUENCE { transactionId [0] TransactionId, euiccOtpk [APPLICATION 73] OCTET STRING, -- otPK.EUICC.ECKA, tag '5F49' hashCc Octet32 OPTIONAL -- Hash of confirmation code } PrepareDownloadResponseError ::= SEQUENCE { transactionId [0] TransactionId, downloadErrorCode DownloadErrorCode } DownloadErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2), unsupportedCurve(3), noSessionContext(4), invalidTransactionId(5), undefinedError(127)} -- Definition of data objects for command AuthenticateServer-------------------- AuthenticateServerRequest ::= [56] SEQUENCE { -- Tag 'BF38' serverSigned1 ServerSigned1, -- Signed information serverSignature1 [APPLICATION 55] OCTET STRING, -- tag ‘5F37’ euiccCiPKIdToBeUsed SubjectKeyIdentifier, -- CI Public Key Identifier to be used serverCertificate Certificate, -- RSP Server Certificate CERT.XXauth.ECDSA ctxParams1 CtxParams1 } ServerSigned1 ::= SEQUENCE { transactionId [0] TransactionId, -- The Transaction ID generated by the RSP Server euiccChallenge [1] Octet16, -- The eUICC Challenge serverAddress [3] UTF8String, -- The RSP Server address serverChallenge [4] Octet16 -- The RSP Server Challenge } CtxParams1 ::= CHOICE { ctxParamsForCommonAuthentication CtxParamsForCommonAuthentication -- New contextual data objects MAY be defined for extensibility } CtxParamsForCommonAuthentication ::= SEQUENCE { matchingId UTF8String OPTIONAL,-- The MatchingId could be the Activation code token or EventID or empty deviceInfo DeviceInfo -- The Device information } AuthenticateServerResponse ::= [56] CHOICE { -- Tag 'BF38' authenticateResponseOk AuthenticateResponseOk, authenticateResponseError AuthenticateResponseError } AuthenticateResponseOk ::= SEQUENCE { euiccSigned1 EuiccSigned1, -- Signed information euiccSignature1 [APPLICATION 55] OCTET STRING, --EUICC_Sign1, tag 5F37 euiccCertificate Certificate, -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM eumCertificate Certificate -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI } EuiccSigned1 ::= SEQUENCE { transactionId [0] TransactionId, serverAddress [3] UTF8String, serverChallenge [4] Octet16, -- The RSP Server Challenge euiccInfo2 [34] EUICCInfo2, ctxParams1 CtxParams1 } AuthenticateResponseError ::= SEQUENCE { transactionId [0] TransactionId, authenticateErrorCode AuthenticateErrorCode } AuthenticateErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2), unsupportedCurve(3), noSessionContext(4), invalidOid(5), euiccChallengeMismatch(6), ciPKUnknown(7), undefinedError(127)} -- Definition of Cancel Session------------------------------ CancelSessionRequest ::= [65] SEQUENCE { -- Tag 'BF41' transactionId TransactionId, -- The TransactionID generated by the RSP Server reason CancelSessionReason } CancelSessionReason ::= INTEGER {endUserRejection(0), postponed(1), timeout(2), pprNotAllowed(3), metadataMismatch(4), loadBppExecutionError(5), undefinedReason(127)} CancelSessionResponse ::= [65] CHOICE { -- Tag 'BF41' cancelSessionResponseOk CancelSessionResponseOk, cancelSessionResponseError INTEGER {invalidTransactionId(5), undefinedError(127)} } CancelSessionResponseOk ::= SEQUENCE { euiccCancelSessionSigned EuiccCancelSessionSigned, -- Signed information euiccCancelSessionSignature [APPLICATION 55] OCTET STRING -- tag '5F37 } EuiccCancelSessionSigned ::= SEQUENCE { transactionId TransactionId, smdpOid OBJECT IDENTIFIER, -- SM-DP+ OID as contained in CERT.DPauth.ECDSA reason CancelSessionReason } -- Definition of Bound Profile Package -------------------------- BoundProfilePackage ::= [54] SEQUENCE { -- Tag 'BF36' initialiseSecureChannelRequest [35] InitialiseSecureChannelRequest, -- Tag 'BF23' firstSequenceOf87 [0] SEQUENCE OF [7] OCTET STRING, -- sequence of '87' TLVs sequenceOf88 [1] SEQUENCE OF [8] OCTET STRING, -- sequence of '88' TLVs secondSequenceOf87 [2] SEQUENCE OF [7] OCTET STRING OPTIONAL, -- sequence of '87' TLVs sequenceOf86 [3] SEQUENCE OF [6] OCTET STRING -- sequence of '86' TLVs } -- Definition of Get eUICC Challenge -------------------------- GetEuiccChallengeRequest ::= [46] SEQUENCE { -- Tag 'BF2E' } GetEuiccChallengeResponse ::= [46] SEQUENCE { -- Tag 'BF2E' euiccChallenge Octet16 -- random eUICC challenge } -- Definition of Profile Installation Result ProfileInstallationResult ::= [55] SEQUENCE { -- Tag 'BF37' profileInstallationResultData [39] ProfileInstallationResultData, euiccSignPIR EuiccSignPIR } ProfileInstallationResultData ::= [39] SEQUENCE { -- Tag 'BF27' transactionId[0] TransactionId, -- The TransactionID generated by the SM-DP+ notificationMetadata[47] NotificationMetadata, smdpOid OBJECT IDENTIFIER, -- SM-DP+ OID (same value as in CERT.DPpb.ECDSA) finalResult [2] CHOICE { successResult SuccessResult, errorResult ErrorResult } } EuiccSignPIR ::= [APPLICATION 55] OCTET STRING -- Tag '5F37', eUICC’s signature SuccessResult ::= SEQUENCE { aid [APPLICATION 15] OCTET STRING (SIZE (5..16)), -- AID of ISD-P simaResponse OCTET STRING -- contains (multiple) 'EUICCResponse' as defined in [5] } ErrorResult ::= SEQUENCE { bppCommandId BppCommandId, errorReason ErrorReason, simaResponse OCTET STRING OPTIONAL -- contains (multiple) 'EUICCResponse' as defined in [5] } BppCommandId ::= INTEGER {initialiseSecureChannel(0), configureISDP(1), storeMetadata(2), storeMetadata2(3), replaceSessionKeys(4), loadProfileElements(5)} ErrorReason ::= INTEGER { incorrectInputValues(1), invalidSignature(2), invalidTransactionId(3), unsupportedCrtValues(4), unsupportedRemoteOperationType(5), unsupportedProfileClass(6), scp03tStructureError(7), scp03tSecurityError(8), installFailedDueToIccidAlreadyExistsOnEuicc(9), installFailedDueToInsufficientMemoryForProfile(10), installFailedDueToInterruption(11), installFailedDueToPEProcessingError (12), installFailedDueToDataMismatch(13), testProfileInstallFailedDueToInvalidNaaKey(14), pprNotAllowed(15), installFailedDueToUnknownError(127) } ListNotificationRequest ::= [40] SEQUENCE { -- Tag 'BF28' profileManagementOperation [1] NotificationEvent OPTIONAL } ListNotificationResponse ::= [40] CHOICE { -- Tag 'BF28' notificationMetadataList SEQUENCE OF NotificationMetadata, listNotificationsResultError INTEGER {undefinedError(127)} } NotificationMetadata ::= [47] SEQUENCE { -- Tag 'BF2F' seqNumber [0] INTEGER, profileManagementOperation [1] NotificationEvent, /*Only one bit SHALL be set to 1*/ notificationAddress UTF8String, -- FQDN to forward the notification iccid Iccid OPTIONAL } -- Definition of Profile Nickname Information SetNicknameRequest ::= [41] SEQUENCE { -- Tag 'BF29' iccid Iccid, profileNickname [16] UTF8String (SIZE(0..64)) } SetNicknameResponse ::= [41] SEQUENCE { -- Tag 'BF29' setNicknameResult INTEGER {ok(0), iccidNotFound (1), undefinedError(127)} } id-rsp-cert-objects OBJECT IDENTIFIER ::= { id-rsp cert-objects(2)} id-rspExt OBJECT IDENTIFIER ::= {id-rsp-cert-objects 0} id-rspRole OBJECT IDENTIFIER ::= {id-rsp-cert-objects 1} -- Definition of OIDs for role identification id-rspRole-ci OBJECT IDENTIFIER ::= {id-rspRole 0} id-rspRole-euicc OBJECT IDENTIFIER ::= {id-rspRole 1} id-rspRole-eum OBJECT IDENTIFIER ::= {id-rspRole 2} id-rspRole-dp-tls OBJECT IDENTIFIER ::= {id-rspRole 3} id-rspRole-dp-auth OBJECT IDENTIFIER ::= {id-rspRole 4} id-rspRole-dp-pb OBJECT IDENTIFIER ::= {id-rspRole 5} id-rspRole-ds-tls OBJECT IDENTIFIER ::= {id-rspRole 6} id-rspRole-ds-auth OBJECT IDENTIFIER ::= {id-rspRole 7} --Definition of data objects for InitialiseSecureChannel Request InitialiseSecureChannelRequest ::= [35] SEQUENCE { -- Tag 'BF23' remoteOpId RemoteOpId, -- Remote Operation Type Identifier (value SHALL be set to installBoundProfilePackage) transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+ controlRefTemplate[6] IMPLICIT ControlRefTemplate, -- Control Reference Template (Key Agreement). Current specification considers a subset of CRT specified in GlobalPlatform Card Specification [8], section 6.4.2.3 for the Mutual Authentication Data Field smdpOtpk [APPLICATION 73] OCTET STRING, ---otPK.DP.ECKA as specified in GlobalPlatform Card Specification [8] section 6.4.2.3 for ePK.OCE.ECKA, tag '5F49' smdpSign [APPLICATION 55] OCTET STRING -- SM-DP's signature, tag '5F37' } ControlRefTemplate ::= SEQUENCE { keyType[0] Octet1, -- Key type according to GlobalPlatform Card Specification [8] Table 11-16, AES= '88', Tag '80' keyLen[1] Octet1, --Key length in number of bytes. For current specification key length SHALL by 0x10 bytes, Tag '81' hostId[4] OctetTo16 -- Host ID value , Tag '84' } --Definition of data objects for ConfigureISDPRequest ConfigureISDPRequest ::= [36] SEQUENCE { -- Tag 'BF24' dpProprietaryData [24] DpProprietaryData OPTIONAL -- Tag 'B8' } DpProprietaryData ::= SEQUENCE { -- maximum size including tag and length field: 128 bytes dpOid OBJECT IDENTIFIER -- OID in the tree of the SM-DP+ that created the Profile -- additional data objects defined by the SM-DP+ MAY follow } -- Definition of request message for command ReplaceSessionKeys ReplaceSessionKeysRequest ::= [38] SEQUENCE { -- tag 'BF26' /*The new initial MAC chaining value*/ initialMacChainingValue OCTET STRING, /*New session key value for encryption/decryption (PPK-ENC)*/ ppkEnc OCTET STRING, /*New session key value of the session key C-MAC computation/verification (PPK-MAC)*/ ppkCmac OCTET STRING } -- Definition of data objects for RetrieveNotificationsList RetrieveNotificationsListRequest ::= [43] SEQUENCE { -- Tag 'BF2B' searchCriteria CHOICE { seqNumber [0] INTEGER, profileManagementOperation [1] NotificationEvent } OPTIONAL } RetrieveNotificationsListResponse ::= [43] CHOICE { -- Tag 'BF2B' notificationList SEQUENCE OF PendingNotification, notificationsListResultError INTEGER { undefinedError(127)} } PendingNotification ::= CHOICE { profileInstallationResult [55] ProfileInstallationResult, -- tag 'BF37' otherSignedNotification OtherSignedNotification } OtherSignedNotification ::= SEQUENCE { tbsOtherNotification NotificationMetadata, euiccNotificationSignature [APPLICATION 55] OCTET STRING, -- eUICC signature of tbsOtherNotification, Tag '5F37' euiccCertificate Certificate, -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM eumCertificate Certificate -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI } -- Definition of notificationSent NotificationSentRequest ::= [48] SEQUENCE { -- Tag 'BF30' seqNumber [0] INTEGER } NotificationSentResponse ::= [48] SEQUENCE { -- Tag 'BF30' deleteNotificationStatus INTEGER {ok(0), nothingToDelete(1), undefinedError(127)} } -- Definition of Enable Profile -------------------------- EnableProfileRequest ::= [49] SEQUENCE { -- Tag 'BF31' profileIdentifier CHOICE { isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F' iccid Iccid -- ICCID, tag '5A' }, refreshFlag BOOLEAN -- indicating whether REFRESH is required } EnableProfileResponse ::= [49] SEQUENCE { -- Tag 'BF31' enableResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInDisabledState(2), disallowedByPolicy(3), wrongProfileReenabling(4), catBusy(5), undefinedError(127)} } -- Definition of Disable Profile -------------------------- DisableProfileRequest ::= [50] SEQUENCE { -- Tag 'BF32' profileIdentifier CHOICE { isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F' iccid Iccid -- ICCID, tag '5A' }, refreshFlag BOOLEAN -- indicating whether REFRESH is required } DisableProfileResponse ::= [50] SEQUENCE { -- Tag 'BF32' disableResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInEnabledState(2), disallowedByPolicy(3), catBusy(5), undefinedError(127)} } -- Definition of Delete Profile -------------------------- DeleteProfileRequest ::= [51] CHOICE { -- Tag 'BF33' isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F' iccid Iccid -- ICCID, tag '5A' } DeleteProfileResponse ::= [51] SEQUENCE { -- Tag 'BF33' deleteResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInDisabledState(2), disallowedByPolicy(3), undefinedError(127)} } -- Definition of Memory Reset -------------------------- EuiccMemoryResetRequest ::= [52] SEQUENCE { -- Tag 'BF34' resetOptions [2] BIT STRING { deleteOperationalProfiles(0), deleteFieldLoadedTestProfiles(1), resetDefaultSmdpAddress(2)} } EuiccMemoryResetResponse ::= [52] SEQUENCE { -- Tag 'BF34' resetResult INTEGER {ok(0), nothingToDelete(1), catBusy(5), undefinedError(127)} } -- Definition of Get EID -------------------------- GetEuiccDataRequest ::= [62] SEQUENCE { -- Tag 'BF3E' tagList [APPLICATION 28] Octet1 -- tag '5C', the value SHALL be set to '5A' } GetEuiccDataResponse ::= [62] SEQUENCE { -- Tag 'BF3E' eidValue [APPLICATION 26] Octet16 -- tag '5A' } -- Definition of Get Rat GetRatRequest ::= [67] SEQUENCE { -- Tag ' BF43' -- No input data } GetRatResponse ::= [67] SEQUENCE { -- Tag 'BF43' rat RulesAuthorisationTable } RulesAuthorisationTable ::= SEQUENCE OF ProfilePolicyAuthorisationRule ProfilePolicyAuthorisationRule ::= SEQUENCE { pprIds PprIds, allowedOperators SEQUENCE OF OperatorId, pprFlags BIT STRING {consentRequired(0)} } -- Definition of data structure containing the list of CRL segments SegmentedCrlList ::= SEQUENCE OF CertificateList -- Definition of data structure command for loading a CRL LoadCRLRequest ::= [53] SEQUENCE { -- Tag 'BF35' -- A CRL crl CertificateList } -- Definition of data structure response for loading a CRL LoadCRLResponse ::= [53] CHOICE { -- Tag 'BF35' loadCRLResponseOk LoadCRLResponseOk, loadCRLResponseError LoadCRLResponseError } LoadCRLResponseOk ::= SEQUENCE { missingParts SEQUENCE OF INTEGER OPTIONAL } LoadCRLResponseError ::= INTEGER {invalidSignature(1), invalidCRLFormat(2), notEnoughMemorySpace(3), verificationKeyNotFound(4), fresherCrlAlreadyLoaded(5), baseCrlMissing(6), undefinedError(127)} -- Definition of the extension for Certificate Expiration Date id-rsp-expDate OBJECT IDENTIFIER ::= {id-rspExt 1} ExpirationDate ::= Time -- Definition of the extension id for total partial-CRL number id-rsp-totalPartialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 2} TotalPartialCrlNumber ::= INTEGER -- Definition of the extension id for the partial-CRL number id-rsp-partialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 3} PartialCrlNumber ::= INTEGER -- Definition for ES9+ ASN.1 Binding -------------------------- RemoteProfileProvisioningRequest ::= [2] CHOICE { -- Tag 'A2' initiateAuthenticationRequest [57] InitiateAuthenticationRequest, -- Tag 'BF39' authenticateClientRequest [59] AuthenticateClientRequest, -- Tag 'BF3B' getBoundProfilePackageRequest [58] GetBoundProfilePackageRequest, -- Tag 'BF3A' cancelSessionRequestEs9 [65] CancelSessionRequestEs9, -- Tag 'BF41' handleNotification [61] HandleNotification -- tag 'BF3D' } RemoteProfileProvisioningResponse ::= [2] CHOICE { -- Tag 'A2' initiateAuthenticationResponse [57] InitiateAuthenticationResponse, -- Tag 'BF39' authenticateClientResponseEs9 [59] AuthenticateClientResponseEs9, -- Tag 'BF3B' getBoundProfilePackageResponse [58] GetBoundProfilePackageResponse, -- Tag 'BF3A' cancelSessionResponseEs9 [65] CancelSessionResponseEs9, -- Tag 'BF41' authenticateClientResponseEs11 [64] AuthenticateClientResponseEs11 -- Tag 'BF40' } InitiateAuthenticationRequest ::= [57] SEQUENCE { -- Tag 'BF39' euiccChallenge [1] Octet16, -- random eUICC challenge smdpAddress [3] UTF8String, euiccInfo1 EUICCInfo1 } InitiateAuthenticationResponse ::= [57] CHOICE { -- Tag 'BF39' initiateAuthenticationOk InitiateAuthenticationOkEs9, initiateAuthenticationError INTEGER { invalidDpAddress(1), euiccVersionNotSupportedByDp(2), ciPKNotSupported(3) } } InitiateAuthenticationOkEs9 ::= SEQUENCE { transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+ serverSigned1 ServerSigned1, -- Signed information serverSignature1 [APPLICATION 55] OCTET STRING, -- Server_Sign1, tag '5F37' euiccCiPKIdToBeUsed SubjectKeyIdentifier, -- The curve CI Public Key to be used as required by ES10b.AuthenticateServer serverCertificate Certificate } AuthenticateClientRequest ::= [59] SEQUENCE { -- Tag 'BF3B' transactionId [0] TransactionId, authenticateServerResponse [56] AuthenticateServerResponse -- This is the response from ES10b.AuthenticateServer } AuthenticateClientResponseEs9 ::= [59] CHOICE { -- Tag 'BF3B' authenticateClientOk AuthenticateClientOk, authenticateClientError INTEGER { eumCertificateInvalid(1), eumCertificateExpired(2), euiccCertificateInvalid(3), euiccCertificateExpired(4), euiccSignatureInvalid(5), matchingIdRefused(6), eidMismatch(7), noEligibleProfile(8), ciPKUnknown(9), invalidTransactionId(10), insufficientMemory(11), undefinedError(127) } } AuthenticateClientOk ::= SEQUENCE { transactionId [0] TransactionId, profileMetaData [37] StoreMetadataRequest, smdpSigned2 SmdpSigned2, -- Signed information smdpSignature2 [APPLICATION 55] OCTET STRING, -- tag '5F37' smdpCertificate Certificate -- CERT.DPpb.ECDSA } GetBoundProfilePackageRequest ::= [58] SEQUENCE { -- Tag 'BF3A' transactionId [0] TransactionId, prepareDownloadResponse [33] PrepareDownloadResponse } GetBoundProfilePackageResponse ::= [58] CHOICE { -- Tag 'BF3A' getBoundProfilePackageOk GetBoundProfilePackageOk, getBoundProfilePackageError INTEGER { euiccSignatureInvalid(1), confirmationCodeMissing(2), confirmationCodeRefused(3), confirmationCodeRetriesExceeded(4), bppRebindingRefused(5), downloadOrderExpired(6), invalidTransactionId(95), undefinedError(127) } } GetBoundProfilePackageOk ::= SEQUENCE { transactionId [0] TransactionId, boundProfilePackage [54] BoundProfilePackage } HandleNotification ::= [61] SEQUENCE { -- Tag 'BF3D' pendingNotification PendingNotification } CancelSessionRequestEs9 ::= [65] SEQUENCE { -- Tag 'BF41' transactionId TransactionId, cancelSessionResponse CancelSessionResponse -- data structure defined for ES10b.CancelSession function } CancelSessionResponseEs9 ::= [65] CHOICE { -- Tag 'BF41' cancelSessionOk CancelSessionOk, cancelSessionError INTEGER { invalidTransactionId(1), euiccSignatureInvalid(2), undefinedError(127) } } CancelSessionOk ::= SEQUENCE { -- This function has no output data } EuiccConfiguredAddressesRequest ::= [60] SEQUENCE { -- Tag 'BF3C' } EuiccConfiguredAddressesResponse ::= [60] SEQUENCE { -- Tag 'BF3C' defaultDpAddress UTF8String OPTIONAL, -- Default SM-DP+ address as an FQDN rootDsAddress UTF8String -- Root SM-DS address as an FQDN } ISDRProprietaryApplicationTemplate ::= [PRIVATE 0] SEQUENCE { -- Tag 'E0' svn [2] VersionType, -- GSMA SGP.22 version supported (SVN) lpaeSupport BIT STRING { lpaeUsingCat(0), -- LPA in the eUICC using Card Application Toolkit lpaeUsingScws(1) -- LPA in the eUICC using Smartcard Web Server } OPTIONAL } LpaeActivationRequest ::= [66] SEQUENCE { -- Tag 'BF42' lpaeOption BIT STRING { activateCatBasedLpae(0), -- LPAe with LUIe based on CAT activateScwsBasedLpae(1) -- LPAe with LUIe based on SCWS } } LpaeActivationResponse ::= [66] SEQUENCE { -- Tag 'BF42' lpaeActivationResult INTEGER {ok(0), notSupported(1)} } SetDefaultDpAddressRequest ::= [63] SEQUENCE { -- Tag 'BF3F' defaultDpAddress UTF8String -- Default SM-DP+ address as an FQDN } SetDefaultDpAddressResponse ::= [63] SEQUENCE { -- Tag 'BF3F' setDefaultDpAddressResult INTEGER { ok (0), undefinedError (127)} } AuthenticateClientResponseEs11 ::= [64] CHOICE { -- Tag 'BF40' authenticateClientOk AuthenticateClientOkEs11, authenticateClientError INTEGER { eumCertificateInvalid(1), eumCertificateExpired(2), euiccCertificateInvalid(3), euiccCertificateExpired(4), euiccSignatureInvalid(5), eventIdUnknown(6), invalidTransactionId(7), undefinedError(127) } } AuthenticateClientOkEs11 ::= SEQUENCE { transactionId TransactionId, eventEntries SEQUENCE OF EventEntries } EventEntries ::= SEQUENCE { eventId UTF8String, rspServerAddress UTF8String } END