Professional Documents
Culture Documents
23.040 Protocol
The following page gives a details on what should be within each of the above sectors
of the 23.040
DESCRIPTION
header in body (Y/N) ?
from Network/to Network ?
requested : (Y/N) ?
to come : (Y/N )?
DESCRIPTION
If equal to :
0 The TP-UD field contains only the short message
1 The beginning of the TP-UD field contains a Header in
addition to the short message
identification
The address length represents the number of significant nibbles in the address value (nibbles
are swapped in the bytes). When the number of nibbles is odd, Fh is used as a terminator in the
last byte of the address field.
example of address field: 09 xx 21 43 65 87 F9
The address length must be in the range 0 to 20; therefore, the minimum length of the address
field is 2 bytes, and the maximum length is 12 bytes.
Coding of the TP-DA field :
This field contains the Destination Address.
NB OF BYTES
DESCRIPTION
1
address length
1
type of number / numbering plan
(TON/NPI)
0 to 10
address value
identification
This number represents the MSISDN number or Subscriber Mobile Phone number to which the
message is to be sent too.
Coding of the TP-PID field :
PID VALUE
7F
40
41
DESCRIPTION
Envelope Mode
Update record ME must acknowledge receipt
Update record (U)SIM must acknowledge receipt
This explains to the Mobile Equipment (ME) how the message is to be transferred to the card :
Description
0
1
2
3
Flash Message
ME-specific
(U)SIM specific
TE specific
DCS 7
Byte
F0
F1
F2
F3
DCS 8
Byte
F4
F5
F6
F7
When the (U)SIM handles an executable SMS record (received from the network), it will assume
that the TP-UD is 8-bit coded, because the TP-UD shall contain in that case commands.
When the (U)SIM overwrites an SMS record after the execution of an SMS application, the Data
Coding Scheme is modified in order to indicate a 7-bit coding, because the subsequent text
string in the TP-UD uses a 7-bit alphabet. This allows the storage of a 160-character string.
TP-UDL (User-Data-Length)
This byte indicates the number of significant characters in the TP-UD field. It is limited in every
case to 140 bytes. When TP-DCS indicates a 7-bit coding, it is possible to store 160 characters;
when TP-DCS indicates a 8-bit coding, it is possible to store 140 bytes or 140 8-bit coded
characters.
23.048 Protocol
Sigue el udl y precede el tp cpl y vale 02 70 00 generalmente
UDHL
1
IEI
1
IEIDL
1
TP-CPL
(2)
Target?
Target?
Which
WhichDomain
Domain
should receive the
should receive the
data.
data.
Security?
Security?
Secured Packet
Secured Packet
Information
Information
TP-CHL
(1)
Length?
Length?
Header
Headerlength
length
TP-SPI
(2)
TP-KIc
(1)
TP-KId
(1)
TP-TAR
(3)
Length?
Length?
Padding
Padding(FF)
(FF)
TPCNTR
(5)
Replay?
Replay?
TPPCNTR
(1)
TP-RC/CC
(O,4 or 8 )
Signature?
Signature?
Response Level
Security Check
if the incoming SMS has a 23.048 security level insufficient from the Minimum
Security Level, the command is rejected.
Cryptographic operation
K IC
Confidentiality
Integrity
ID
K IK
Key Confidentiality
ID
key
By default all encryption and signature calculation are performed using 3DES
15 different key sets can be used for the OTA communication (key sets are numbered
1 to 15)
1
A
2
0
3
0
4
0
5
0
6
8
7
3
8
9
9
0
10
0
11
0
12
0
13
0
14
0
15
1
The synchro counter is used to stop the same SMS message being executed twice in the card. Depending
on the minimum security level (MSL) of the application being targeted in the (U)SIM.
Example:
Telecom applets the synchro counter should just be greater than the counter stored in the (U)SIM
Banking applets the synchro counter should be just >1 than the counter stored in the (U)SIM
16
When an applet is loaded in a card it is not accessible without a form of API, it is this API type which holds
the TAR value which corresponds to the Applet to be targeted.
10
The Instruction & Parameter bytes afterward are 99% identical between 2G & 3G commands.
You can see in the above table that on the A4 Select column the only different is P2.
2G Application Message example
2G Application Message
A0 A4 00 00 02 3F 00 A0 A4 00 00 02 7F 10 A0 A4
00 00 02 6F 3A A0 DC 01 04 1C 47 2B 20 53 75 70
70 6F 72 74 FF FF FF FF 07 91 33 44 32 66 06 F0
FF FF FF FF FF FF FF
This example has been split to allow easy reading. Normally the APDU is one long string.
This 2G APDU is selecting:
Master File A0 A4 00 00 02 3F00
Telecom DF A0 A4 00 00 02 7F10
ADN EF A0 A4 00 00 02 4F3A
Then the APDU performs an Update (ADN Specifications applied)
Nibble
Description
A0 DC
01 04 1C
47 2B 20 53 75 70 70 6F 72 74
07
91 33 44 32 66 06 F0
2G Update Record
Record 1, Current mode, Length 28
Name in Binary (G+ Support)
N of bytes for the TEL. N
+33442366600 (International)
11
3G Application Message
00 A4 00 0C 02 3F 00 00 A4 00 0C 02 7F10 00 A4 00
0C 02 5F 3A 00 A4 00 0C 02 6F 3A 00 DC 01 04 1C
47 2B 20 53 75 70 70 6F 72 74 FF FF FF FF 07 91 33
44 32 66 06 F0 FF FF FF FF FF FF FF
Description
00 DC
01 04 1C
47 2B 20 53 75 70 70 6F 72 74
07
91 33 44 32 66 06 F0
2G Update Record
Record 1, Current mode, Length 28
Name in Binary (G+ Support)
Number of bytes for TEL. N
+33442366600 (International)
Note that the Update Record command between 2G (A0 DC) & 3G (00 DC) are
different !
12
1.1.1.
Contents:
Type of number (TON) and numbering plan identification (NPI).
Coding:
according to TS 04.08 [15]. If the Dialling Number/SSC String does not contain a dialling number, e.g. a
control string deactivating a service, the TON/NPI byte shall be set to 'FF' by the ME (see note 2).
NOTE 2: If a dialling number is absent, no TON/NPI byte is transmitted over the radio interface (see TS 04.08 [15]).
Accordingly, the ME should not interpret the value 'FF' and not send it over the radio interface.
b8
b7
b6
b5
b4
b3
b2
b1
NPI
TON
1
These fields define the Type of Number (TON) to be used in the SME address parameters. The
following TON values are defined:
Unknown 00000000
International 00000001
National 00000010
Network Specific 00000011
Subscriber Number 00000100
Alphanumeric 00000101
Abbreviated 00000110
All other values reserved
Table: TON values
These fields define the Numeric Plan Indicator (NPI) to be used in the SME address parameters.
The following NPI values are defined:
Unknown 00000000
ISDN (E163/E164) 00000001
Data (X.121) 00000011
Telex (F.69) 00000100
Land Mobile (E.212) 00000110
National 00001000
Private 00001001
ERMES 00001010
Internet (IP) 00001110
WAP Client Id (to be
defined by WAP Forum)
00010010
All other values reserved
Table: NPI values
13
1.1.2.
smpp
14