Trusted Connectivity Alliance Recommended 5G

SIM: A Definition
February 2021

1
Copyright © 2021 Trusted Connectivity Alliance ltd.

The information contained in this document may be used, disclosed and reproduced without the prior written authorization of Trusted Connectivity
Alliance. Readers are advised that Trusted Connectivity Alliance reserves the right to amend and update this document without prior notice.
Updated versions will be published on the Trusted Connectivity Alliance website at http://www.trustedconnectivityalliance.org

Intellectual Property Rights (IPR) Disclaimer

Attention is drawn to the possibility that some of the elements of any material available for download from the specification pages on Trusted
Connectivity Alliance's website may be the subject of Intellectual Property Rights (IPR) of third parties, some, but not all, of which are identified
below. Trusted Connectivity Alliance shall not be held responsible for identifying any or all such IPR, and has made no inquiry into the possible
existence of any such IPR. TRUSTED CONNECTIVITY ALLIANCE SPECIFICATIONS ARE OFFERED WITHOUT ANY WARRANTY
WHATSOEVER, AND IN PARTICULAR, ANY WARRANTY OF NON- INFRINGEMENT IS EXPRESSLY DISCLAIMED. ANY IMPLEMENTATION
OF ANY TRUSTED CONNECTIVITY ALLIANCE SPECIFICATION SHALL BE MADE ENTIRELY AT THE IMPLEMENTER'S OWN RISK, AND
NEITHER TRUSTED CONNECTIVITY ALLIANCE, NOR ANY OF ITS MEMBERS OR SUBMITTERS, SHALL HAVE ANY LIABILITY
WHATSOEVER TO ANY IMPLEMENTER OR THIRD PARTY FOR ANY DAMAGES OF ANY NATURE WHATSOEVER DIRECTLY OR
INDIRECTLY ARISING FROM THE IMPLEMENTATION OF ANY TRUSTED CONNECTIVITY ALLIANCE SPECIFICATION.

2
Contents

1. What is a 5G SIM? ............................................................................................................................................................................................ 4

2. Types of 5G SIM ............................................................................................................................................................................................... 4

3. Recommended 5G SIM Use Cases .................................................................................................................................................................. 5

3.1 Recommended 5G SIM – Impact Overview ................................................................................................................................................... 6

3.2 Recommended 5G SIM – Use Case Overview .............................................................................................................................................. 7

3.3 Recommended 5G SIM versus Rel 15 5G SIM ............................................................................................................................................ 12

4. Conclusion ...................................................................................................................................................................................................... 13

3
1. What is a 5G SIM?

A SIM (also known as a Universal Integrated Circuit Card or UICC) is the only platform which can be used to secure access to a 3GPP Release
15, 16 or 17 network core (referred to in this document as a 5G network). The radio technology used to communicate with the network core can
be LTE, LTE CAT-M, NB-IoT, 5G New Radio or other supported non-3GPP radio bearers, such as Wi-Fi.

In November 2018, the Trusted Connectivity Alliance (TCA, formerly known as SIMalliance) released a set of 3GPP Release 15 technical
requirements, including a recommended level of support which mandates the support of SIM-based subscriber privacy at a minimum.

In the same way as the network core architecture is evolving, the SIM is evolving to meet new challenges and opportunities introduced by 5G.

Considering the evolution of 3GPP standards in 2020 with Release 16 for 5G Phase 2, key new use cases including “Network Slicing”,
“Enhanced Steering of Roaming”, “Private Networks”, “Enhanced Subscriber Privacy”, “Non-3GPP Network Access” and “Vehicle-to-Everything
(V2X) Communication” introduce valuable 5G SIM features in addition to the existing Release 15 functionality.

In this context, TCA has updated and enhanced its existing technical recommendations to deliver the full benefits of the SIM to 5G Phase 2
deployments.

2. Types of 5G SIM

While the 5G SIM enables a device to authenticate to the 5G network, it has additional capabilities defined for different 5G deployment
schemes. Trusted Connectivity Alliance has identified two different associated types of 5G SIM:

• Recommended 5G SIM (Rel 16): The Recommended 5G SIM is an evolution of the Release 15 5G SIM and incorporates new technical
requirements to support the latest Release 16 features, while maintaining full backwards compatibility, to maximise the benefits of 5G
Phase 2 deployments.

• Low Power SIM: A TCA Recommended 5G SIM optimised for Low Power IoT use cases for which NB-IoT may be used. All the features
that support extended battery life, as listed in Section 3.2, shall be supported.

4
3. Recommended 5G SIM Use Cases

In the first release of this document, TCA identified use cases from 3GPP Release 15 that are supported by a 5G UICC platform. The
Recommended 5G SIM has now been enhanced to include new use cases introduced in Release 16.

Table 3.1 lists the Release 16 use cases and highlights which actors are impacted:

• SIM – the Secure Element hosting the USIM application.

• Device Endpoint – the mobile equipment hosting the SIM.

• Non-Standalone Network – a 5G network that still uses control plane of an existing 4G LTE network for control functions, while 5G NR
is exclusively focused on the user plane.

• Standalone Network – a pure 5G network using 5G technology for both signalling and information transfer.

• Private Network – a non-public network able to use 5G core network to deploy services.

Table 3.2 then provides a guide on the changes made to the SIM operating system and the configurations to be completed in the USIM to
support 5G network services, specified in Release 16. Table 3.3 then provides a comparison between the features of the Release 15 5G SIM
and the enhanced Recommended 5G SIM.

5
 3.1 Recommended 5G SIM – Impact Overview

SIM Device Endpoint Non-Standalone Standalone Private

Network Slicing support: Pre-configuration of

X X
Mobile device (URSP)

Network Slicing support: Toolkit evolutions X X X

Enhanced Steering of roaming service:

X X (already in Rel 15) X X
Secure messaging over NAS
X
5G Private Networks: Support for SNPN X X X

5G Private Networks: Support for PNI-NPN X X X X

5G Private Networks: 5G NAI SUPI Type X X X X

5G Private Networks: Wireless / Wireline

X X X X
Convergence
Enhanced Subscriber Privacy: NAI SUPI
X X X X
concealment

Non-3GPP Network Access X X X X

V2X in 5G Network X X X X

Ensuring Good Quality of Experience: Multi-

X X X X X
Device and Multi-Identity

6
 3.2 Recommended 5G SIM – Use Case Overview
Use-case Technical feature Standard reference 3GPP Additional details
3GPP
Network Slicing User Equipment Route Service n°132 User Equipment Route Selection Policy (URSP) is used by the UE to determine how to route outgoing
Selection Policy (URSP) Support for URSP by USIM traffic depending on capabilities expected by an application.
EFURSP
3GPP TS 31.102 Pre-configured URSP rules are linked to a PLMN and stored in a BER-TLV format in EF URSP under
5G file system.

URSP Rules coding in

3GPP 24.526

Toolkit Support Network Slicing information support retrieved in Network Slicing is the 5G networks ability to guarantee management of broadband and latency
the TERMINAL PROFILE: bit 4 of byte 36. connections. Each particular type of application should "see" a network configured in the best way to
manage its traffic.
Network Slicing information retrieved by
PROVIDE LOCAL INFORMATION toolkit Release 16 introduced a modification in the PROVIDE LOCAL INFORMATION toolkit command. If the
command. terminal supports the service slice information, (bit 4 of byte 36 of TERMINAL PROFILE), the
TERMINAL RESPONSE related to a PROVIDE LOCAL INFORMATION USIM request has to contain
3GPP TS 31.111 the Serving PLMN Single Network Slice Selection Assistance Information (S-NSSAI) list.

An S-NSSAI, as specified in 3GPP, is comprised of:

• A Slice/Service type (SST)
• A Slice Differentiator (SD)
Enhanced Steering of roaming Steering of Roaming 3GPP TS 31.102 with UST service N°127 5G OTA server fully interconnected with 5G core network functions as defined by 3GPP Rel. 16
Service (SOR) over control “Control plane of steering of roaming over control SoR-AF: provides PLMN list.
plane. plane” SP-AF: builds secure packet.
PLMN list secured packet is sent over signaling (control plane) to UICC by OTA server through the
UDM.
3GPP TS 23.122 for mechanism description
UDM (5G HLR) directly sends PLMN list to User Equipment.

5G Private Networks SNPN (Standalone Non- 3GPP defined specific AID for a dedicated SNPN A Standalone Non-Public Network (SNPN) is assumed to be operated by an SNPN operator without
Public Network) USIM, using a non-IMSI SUPI as subscriber relying on network functions offered by the PLMN. An SNPN-enabled UE is configured with subscriber
identifier. identifier (NAI SUPI type, or reserved MCC/MNC) as Subscription Permanent Identifier.
3GPP TS 31.102, TS 31.101
AID to be defined in ETSI TS 101 220

PNI-NPN (Public If IMSI is used as SUPI, regular USIM AID is A Public Network integrated Non-Public Network (PNI-NPN) is deployed with the support of a PLMN. In
Network integrated Non- used. these scenarios, the NPN and the public network share part of the radio access network, while other
Public Network) network functions remain segregated. Public Network Integrated NPNs are NPNs made available via
3GPP defined specific AID for a dedicated PNI- PLMNs. When a PNI-NPN is made available via a PLMN, then the UE shall have a subscription for the
NPN USIM, using a non-IMSI SUPI as subscriber PLMN to access PNI-NPN. IMSI or NAI are used as subscriber identifier.
identifier.
3GPP TS 31.102, TS 31.101
AID to be defined in ETSI TS 101 220

7
 NAI SUPI Type Service n°130 If service n°130 is available EF SUPI_NAI file shall be present, containing coding of possible NAIs
Dedicated SUPI Type Support for SUPI of type NSI or GLI or GCI today defined by 3GPP.
for private Network EFSUPI_NAI 3GPP TS 31.102
Access Identifier in 5G 3GPP defined a specific AID for a USIM, using a
Network non-IMSI SUPI as subscriber identifier. Coding of SUPI NAI type
3GPP TS 31.102, TS 31.101 3GPP TS 24.501
AID to be defined in ETSI TS 101 220

5GWWC 3GPP specific 5G Wireless Wireline 3GPP Release 16 finalized convergence of core networks supporting wireline
NAI SUPI Type and wireless access. Advantages are for both parties, customers and network operators. 5G
authentication is performed with dedicated NAI SUPI Type.
GCI (Global Cable Identifier)

GLI (Global Line Identifier)

3GPP TS 31.102

Coding of GCI and GLI is specified in 3GPP

TS 23.003

Enhanced Subscriber Privacy Enhancement of GET IDENTITY command In Release 16 an enhancement of the GET IDENTITY COMMAND has been introduced to support
Release 15 GET concealment of a SUPI NAI Type.
IDENTITY COMMAND 3GPP TS 31.102 and ETSI 102.221

Non-3GPP Network Access Trusted non-3GPP 3GPP specified support of multiple access technologies and also the handover between these
network access Service n°135 accesses. The idea is to improve a convergence using a unique core network (5GC) providing services
Support for Trusted non-3GPP access networks over multiple access technologies also for non-3GPP access technologies. Non-3GPP means that
by USIM these accesses were not specified in the 3GPP. In Release 16 has been defined the non-3GPP
trusted access: the mobile operator trusts and operates the access points, i.e. the encryption of the
If service n°135 is available EFTN3GPPSNN (Trusted radio link is also controlled by the operator and the credentials are derived from the security context in
non-3GPP Serving network names list) shall be the UE and the network.
present. EFTN3GPPSNN contains the coding for several Serving networks name configured by operator
Coding of EFTN3GPPSNN is specified in TS 23.003
V2X in 5G Network C-V2X technology in 5G Service n°119 in EFUST has to be set to support 5G technology improves C-V2X technology thanks to lower latency, greater responsiveness, higher
Network V2X parameters configuration. reliability, and wider bandwidths. 3GPP have worked on new specifications providing V2X support in
5GS. Services developed on V2X can be grouped in:
EFVST (V2X Service Table) has been updated to
support V2X feature in 5GS. Following services • Road Safety
have been added: • Traffic management & efficiency
• Infotainment & Business
Service n°2. V2X policy configuration data over
PC5
Service n°3: V2X policy configuration data over
Uu

EFV2XP_PC5 (V2X data policy over PC5) file has

been defined. If service n°2 is set, this file shall

8
 be present and contains parameters dedicated to
PC5 interface.

EFV2XP_Uu (V2X data policy over Uu) file has been

defined. If service n°3 is set, this file shall be
present and contains parameters dedicated to Uu
interface.

Specific contents of the above files is defined in

3GPP TS 24.588
Ensuring Good Quality of Multi-device and Multi- Service nº2 1 MuD and MuI configuration data The Multi-Device (MuD) enables a user to use different UEs that are registered under the same public
Experience identity 3GPP TS 31.103 user identity.
EFMuDMiDConfigData (MuD and MiD Configuration The Multi-Identity (MiD) enables a user to use different identities. It enables a served user to use any of
Data) 3GPP TS 24.175 its identities.
Call control on PDU Service n°128 Call control on PDU Session by The call control on PDU session by USIM forces the ME to first pass the corresponding data to USIM
Session by USIM USIM before any PDU session establishment.
3GPP TS 31.102
Network Rejection Event Network Rejection event Network Rejection Event 5GS allows the UICC to retrieve the network rejection codes when network
3GPP TS 31.111 issues prevent connection.
Data Connection Status Data Connection Status Change event Informs the UICC that the ME has detected a change in 5GS data connection.
Change Event for 5GS 3GPP TS 31.111
Provide Local PROVIDE LOCAL INFORMATION proactive ME provides to UICC information on MNC, MCC, LAC/TAC, Cell ID, NG-RAN cell ID.
information extended to command
support NG-RAN 3GPP TS 31.111
information
Timing Advance PROVIDE LOCAL INFORMATION proactive ME provides UICC with NR Primary Timing Advance as defined in 3GPP 38.211.
Information command
3GPP TS 31.111
Network Measurement PROVIDE LOCAL INFORMATION proactive ME provides UICC with available Network measurement reports (NMR) related to NR as defined in
Report command 3GPP 38.331.
3GPP TS 31.111

Subscriber Privacy Encrypted SUPI The method to protect end user privacy by MANDATORY: Home Network Public Key has to be stored in the USIM and not in the ME.
Subscription Permanent encryption of subscriber identifier previously
Identifier for 5G named IMSI (International Mobile Subscriber Step 1: Ephemeral SIM encryption key pair generation (private and public).
Identity) is defined in the standard
3GPP TS 33.501 Step 2: Ephemeral SIM encryption key = f(Home Network’s public key, ephemeral SIM encryption
private key)

Step 3: Encrypted SUPI = f(ephemeral SIM encryption key, SUPI)

SUCI = HN ID | HN public key ID | encrypted SUPI

SUCI stands for Subscription Concealed Identifier
Service n°124 Subscription identifier privacy End user privacy activation.
support If service n°124 is activated then EF SUCI_Calc_Info shall be present and EF RoutingIndicator shall be
EFSUCI_Calc_Info and EFRoutingIndicator present.
3GPP TS 31.102 If service n°124 is deactivated then EF SUCI_Calc_Info shall not be present.

9
 Service n°125 SUCI calculation by the USIM If service 125 SUCI calculation by the USIM is activated then EF SUCI_Calc_Info shall not be present.
3GPP TS 31.102
Get IDENTITY command SIM card operating system must support the Get Identity command used by the ME to retrieve the
3GPP TS 31.102 and ETSI TS 102 221 encrypted SUCI computed by the SIM and deliver it to the network each time it is requested.
SUCI registry API Enable to compute encrypted SUCI from a standalone and interoperable Javacard application using
3GPP TS 31.130 standardised APIs.
Extended Battery Life1 Suspend and resume UICC suspension as defined in 11.1.22 in ETSI Before switching off, the SIM must store its internal status. When the device resumes the UICC, certain
TS 102 221 states which were used in a previous card session can be also used in a new card session.

Poll interval negotiation Negotiation of Poll Interval as defined in 3GPP Negotiation between the SIM and the device to find the optimum poll interval that will reduce device
TS 31.111 activity to save battery while letting the SIM applications contact some servers or the device when
required.
eDRX/PSM EF AD The proper personalisation shall be put in the SIM to allow the usage of eDRX to be able to reduce the
Administrative Data power consumption of the device.
3GPP 31.102 & 31.101
Service n°121 EARFCN list for MTC/NB-IOT Contains the geographical areas associated with the EARFCNs for enabling cell search of MTC carrier
UEs or NB-IOT carrier.
3GPP 31.102
USAT Pairing UE-based procedure with USAT application The SIM card can be locked to a device or a device type so it would be useless to steal a SIM in a
pairing defined in 3GPP TS 33.187 Security traffic light for example to use it in a smartphone because thanks to this functionality the SIM is locked
aspects of Machine-Type Communications to a device type: the traffic light. This is especially useful in the IOT context.
Unleashing Deployment of Remote file and applet GP 2.2 Amendment B and ETSI TS 102 226 Reaching the SIM to update some data or launch application in an all IP world.
New Services management Over The
Air
Access to IMS networks ISIM ADF and related Efs as defined in 3GPP TS Application protocol
31.103 ISIM application selection
IMPI request
IMPU request
SIP Domain request
ISIM service table request
P-CSCF address request
ISIM session termination
5G support for the OPEN CHANNEL proactive command Bearer Type NG-RAN must be supported in addition to legacy modes (GPRS, UTRAN, etc…).
OPEN CHANNEL 3GPP TS 31.111
command
Network Resource Unified Access Control Service n°126 UAC Access Identities support: Prioritisation of multi-media services configured within the SIM
Optimisation EF UAC_AIC
3GPP TS 31.102
Service n 127 Steering of UE in VPLMN. If service nº 127 is activated then the device is to receive Steering of Roaming, including the list of
3GPP TS 31.102 preferred networks and access technology combinations, during initial registration in a visited network
as specified in 3GPP TS 23.122.
Security Service n°122 5GS Mobility Management Contains NAS full native security context from 5G Mobility Management Information
Information: EF 5GS3GPPLOCI,
5GSN3GPPLOCI, EF 5GS3GPPNSC, EF
5GSN3GPPNSC

1
Note these features only apply to a Recommended 5G SIM optimised for Low Power IoT use -cases.

10
Service n°129 5GS Operator PLMN List
EF OPL5GS

3GPP TS 31.102
Service n°123 5G Security Parameters EF Secure temporary keys for 5G but also non 3GPP security context such as WiFi are stored in EF
5GAUTHKEYS 5GAUTHKEYS:
3GPP TS 31.102 A key called KAUSF derived from CK/IK, left at the AUSF and that home operator can use on its own
policy.
An anchor key called the KSEAF provided by the AUSF to the SEAF, which can be used for more than
one security context.
A derived key per security context called KAMF.

11
 3.3 Recommended 5G SIM versus Rel 15 5G SIM
Use-case Technical feature Recommended
5G SIM (Rel 15) 5G SIM (Rel 16)
3GPP
User Equipment Route Selection Policy (URSP) X
Network Slicing
Toolkit Support X
Enhanced Steering of Roaming X X
Steering of Roaming (SOR) over control plane.
Service
SNPN (Standalone Non-Public Network) X
PNI-NPN (Public Network integrated Non-Public Network) X
5G Private Networks NAI SUPI Type X
Dedicated SUPI Type for private Network Access Identifier in 5G Network
5GWWC X
Enhanced Subscriber Privacy Enhancement of Release 15 GET IDENTITY COMMAND X
Non-3GPP Network Access Trusted non-3GPP network access X
V2X in 5G Network C-V2X technology in 5G Network X
Multi-device and Multi-identity X
Call control on PDU Session by USIM X X
Network Rejection Event X X
Ensuring Good Quality of
experience Data Connection Status Change Event for 5GS X X
Provide Local information extended to support NG-RAN information X X
Timing Advance Information X X
Network Measurement Report X X
Subscriber Privacy X X
Encrypted SUPI Subscription Permanent Identifier for 5G
Suspend and resume X X
Poll interval negotiation X X
Extended Battery Life2
eDRX/PSM X X
EARFCN list for MTC/NB-IoT UEs X X
USAT Pairing X X
Deployment of New Services Remote file and applet management Over The Air X X
Access to IMS networks X X
5G support for the OPEN CHANNEL command X X
X X
Network Resource Optimisation Unified Access Control
X X
Mobility Management Information X X
Security
5G Security Parameters EF 5GAUTHKEYS X X

2
Note these features only apply to a Recommended 5G SIM optimised for Low Power IoT use -cases.

12
4. Conclusion

The Release 15 5G SIM originally recommended by TCA included technical features which addressed the many challenges, beyond network
access, faced by Mobile Network Operators (MNOs) as they migrated to 5G networks. Now, with momentum for 5G Phase 2 deployments
building, TCA strongly recommends the adoption of the enhanced Recommended 5G SIM to fully benefit from the opportunities presented by
3GPP Release 16, while maintaining full backwards compatibility.

13