116 ETSI TS 102 221 V17.1.

0 (2022-02)

The present document only allows an extended logical channels terminal support TLV with zero length. In order to
allow future extensions of this TLV, a UICC implemented according to the present document shall interpret any
extended logical channels terminal support TLV as if it was sent with zero length.

The extended logical channels terminal support is indicated by tag '81' within the constructed TLV object.

Byte(s) Description Value Length

1 Tag '81' 1
2 Length '00' 1

11.1.19.2.3 Additional interfaces support

Terminals supporting an interface in addition to the interface defined in the present document and present in the list
below (e.g. the UICC-CLF interface as defined in ETSI TS 102 613 [19]) shall indicate it to the UICC by issuing the
TERMINAL CAPABILITY command with an additional interface support TLV object during a new card session
before the first application selection.

In order to allow future extensions of this TLV, a UICC implemented according to the present document shall ignore
any additional bytes in the TLV.

The additional interfaces support is indicated by tag '82' within the constructed TLV object.

Byte(s) Description Value Length

1 Tag '82' 1
2 Length '01' 1
3 Additional interface, see table 11.20a 1

Table 11.20a: Coding of additional interfaces

b8 b7 b6 b5 b4 b3 b2 b1 Meaning
- - - - - - - 1 UICC-CLF interface according to ETSI TS 102 613 [19] supported
- - - - - - - 0 UICC-CLF interface according to ETSI TS 102 613 [19] not supported
x x x x x x x - RFU

11.1.19.2.4 Additional Terminal capability indications related to eUICC

Terminals supporting eUICC functionality, as defined in GSMA SGP.22 [33], shall indicate it to the UICC by issuing
the TERMINAL CAPABILITY command with an additional terminal capability indication related to eUICC TLV
object during a new card session before the first application selection.

The terminal capability indications related to eUICC functionality are indicated by tag '83' within the constructed TLV
object.

Table 11.20b: Terminal capabilities for eUICC

Byte(s) Description Value Length
1 Tag '83' 1
2 Length X 1
3 to X+2 Terminal capabilities for eUICC, see RSP Device X
Capabilities in GSMA SGP.22 [33]

ETSI
 117 ETSI TS 102 221 V17.1.0 (2022-02)

11.1.20 MANAGE SECURE CHANNEL

11.1.20.1 General functional description

This command performs the functionality specified by ETSI TS 102 484 [20] to manage APDU based secure channels.

P1 determines which sub procedure is required, the P2 parameter value meaning is specific to each P1 value. The
command and response data are encapsulated in BER-TLV objects structured as defined in clause 11.3 using tag '73' for
BER-TLV structured data and tag '53' otherwise.

This command can chain successive blocks of command data, if present, with a maximum size of 255 bytes each,
required for one operation using P2 to indicate the first/next block. The terminal performs the segmentation of the data,
and the UICC the concatenation of the data. The first MANAGE SECURE CHANNEL APDU is sent with P2
indicating "First block of command data". Following MANAGE SECURE CHANNEL APDUs are sent with P2
indicating "Next block of command data". As long as the UICC has not received all segments of the command data it
shall answer with SW1 SW2 '63 F1'. When all segments of the command data are received and if the command
produces a response, the UICC shall answer with SW1 SW2 '62 F3'.

The command response data is retrieved from the UICC using one or more separate MANAGE SECURE CHANNEL
APDUs with the same chaining mechanism as for the command data. The UICC performs the segmentation of the data,
and the terminal the concatenation of the response data. The first MANAGE SECURE CHANNEL APDU is sent with
P2 indicating "First block of response data". Following MANAGE SECURE CHANNEL APDUs are sent with P2
indicating "Next block of response data". As long as the UICC has not sent all segments of the response data it shall
answer with SW1 SW2 '62 F1'. When all segments of the response data are sent, the UICC shall answer with
SW1 SW2 '90 00'.

The following P1 values are defined:

Table 11.21a: Coding of P1

b8 b7 b6 b5 b4 b3 b2 b1 Meaning
- - - - - 0 0 0 Retrieve UICC Endpoints
- - - - 0 0 0 1 Establish SA - Master SA
- - - - 0 0 1 0 Establish SA - Connection SA
- - - - 0 0 1 1 Start Secure Channel
- - - - 0 1 0 0 Terminate secure channel SA
- - - - All other values RFU
X X X X - - - - RFU (shall be set to 0)

Each sub procedure indicated by P1 is defined below.

The following P2 values are defined:

Table 11.21b: Coding of P2

b8 b7 b6 b5 b4 b3 b2 b1 Meaning
1 0 0 - - - - - First block of command data
0 0 0 - - - - - Next block of command data
0 1 0 - - - - - Retransmit previous block of command data
1 0 1 - - - - - First block of response data
0 0 1 - - - - - Next block of response data
0 1 1 - - - - - Retransmit previous block of response data
All other values - - - - - RFU
- - - X X X X X RFU (shall be set to 0)

RFU bits in P1 and P2 shall be ignored by the UICC.

ETSI
 118 ETSI TS 102 221 V17.1.0 (2022-02)

11.1.20.2 Retrieve UICC Endpoints

11.1.20.2.0 Introduction
Clause 11.1.20.2 defines the MANAGE SECURE CHANNEL function and coding when P1 = 'Retrieve UICC
Endpoints'.

11.1.20.2.1 Functional description

This command allows the terminal to retrieve a list of secure channel endpoints from the UICC as defined in ETSI
TS 102 484 [20] and the maximum data container size available for the TRANSACT DATA command. In order to
retrieve the end point information P2 is set to "First block of response data" or in case of the response data longer than
255 bytes following blocks are retrieved be setting P2 to "Next block of response data".

If this command is sent via any existing secure channel, then the endpoints returned shall be the end points that are
currently available at the UICC end of this secure channel.

If there are endpoints available on the UICC, then an "Endpoint information" TLV shall be present for each available
endpoint.

If the remaining Response is greater than 255 bytes then the next 255 bytes shall be returned and the SW1 SW2 shall be
set to "More data available".

If the remaining Response is less than or equal to 255 bytes then all of the bytes shall be returned and SW1 SW2 shall
be set to "normal ending of command".

11.1.20.2.2 Command parameters and data

Code Value
CLA As specified in clause 10.1.1
INS As specified in clause 10.1.2
P1 '00'
P2 See table 11.21b
Lc Not Present
Data Not Present
Le Length of expected response data

Response data:

The UICC shall return the following data encapsulated in tag '73':

Table 11.22: Response Retrieve UICC endpoints

Description Tag Status
UICC_ID TLV '81' M
Endpoint information TLV '82' C
Endpoint information TLV '82' C
… … …
Endpoint information TLV '82' C

If no endpoints are available tag '82' is not returned. Multiple endpoints are indicated by multiple BER-TLV objects
using tag '82'.

• Coding of UICC_ID TLV:

Byte(s) Description Value Length

1 Tag '81' 1
2 Length X 1
3 to 3+X UICC_ID X

ETSI