This command is used to produce an Authentication response. The GET RESPONSE command shall be used to get the response data. If the SAVE_REGISTER flag is set, some values of the cave algorithm are held in the card to be used by the GENERATE KEY VPM command. For the calculation of the AUTHR/AUTHU value, the card uses the "Auth_Signature" procedure:

Syntax
CLA	INS	P1	P2	Lc
A0	88	00	00	11

Data
Bytes	Description	Length
1	RANDTYPE (RAND/RANDU)	1
2-5	RAND or RANDU	4
6	Digits Length	1
7-9	Digits	3
10	Process control	1
11-17	ESN (of the ME)	7

Response
Bytes	Description	Length
1-3	The 18-bit authentication signature (AUTHR/AUTHU) value	3

Example

.DEFINE %RAND32 00000064 .DEFINE %DIG_LEN 00 .DEFINE %DIGITS 000000 .DEFINE %ESN 000000A1A2A3A4 .DEFINE %AUTH 006422 ; .DEFINE %PIN1 30303030 FFFFFFFF .POWER_ON ; A020 0001 08 %PIN1 (9000) ; verify PIN1 A0A4 0000 02 3F00 (9FXX) ; select MF Command A0 A4 00 00 02 Data In 3F 00 Data Out Status 9F 22 A0A4 0000 02 7F25 (9FXX) ; select DF_CDMA Command A0 A4 00 00 02 Data In 7F 25 Data Out Status 9F 22 A088 0000 11 00 %RAND32 %DIG_LEN %DIGITS 00 %ESN (9F03) ; run CAVE Command A0 88 00 00 11 Data In 00 00 00 00 64 00 00 00 00 00 00 00 00 A1 A2 A3 A4 Data Out Status 9F 03 A0C0 0000 03 [%AUTH] (9000) Command A0 C0 00 00 03 Data In Data Out 00 64 22 Status 90 00 ;; it is now time for 'Generate Key/VPM' or for 'Base Station Challenge'

This command generates "key bits" and a "VPM key bits". Part of the VPM key bit is given as response to the ME.

Syntax
CLA	INS	P1	P2	Lc
A0	8E	00	00	02

Data
Bytes	Description	Length
1	First octet of VPM to be output	1
2	Last octet of VPM to be output	1

Response
Bytes	Description	Length
1-8	Key	8
9-*	VPM Key part	*

Example

;; run Cave just executed .DEFINE %KEY 933A0DC379956849 .DEFINE %VPM C2264FC8D8D0 A08E 0000 02 3B40 (9F0E) ; Generate Key/VPM Command A0 8E 00 00 02 Data In 3B 40 Data Out Status 9F 0E A0C0 0000 0E [%KEY %VPM] (9000) ; 8 bytes %KEY, 6 bytes %VPM Command A0 C0 00 00 0E Data In Data Out 93 3A 0D C3 79 95 68 49 C2 26 4F C8 D8 D0 Status 90 00 .POWER_OFF

This command is used to generate the RANDBS random value.
The random value is held until a successful UPDATE SSD, otherwise it is lost.
The GET RESPONSE command shall be used to get the response data of this command.

Syntax
CLA	INS	P1	P2	Lc
A0	8A	00	00	04

Data
Bytes	Description	Length
1-4	RANDseed	4

Response
Bytes	Description	Length
1-4	RANDBS	4

Example

;; run Cave just executed A08A 0000 04 11223344 (9F04) ; Base Station Challenge Command A0 8A 00 00 04 Data In 11 22 33 44 Data Out Status 9F 04 A0C0 0000 04 (9000) Command A0 C0 00 00 04 Data In Data Out 33 2F F9 DF Status 90 00 ;; and now - time for 'Update SSD', 'Confirm SSD'

This command performs the calculation of a new Shared Secret Data (AUTHBS, SSD_A_NEW and SSD_B_NEW). These values are held until a successful CONFIRM SSD, otherwise they are lost. The card uses either ESN or UIMID (stored in EFUIMID) depending on the value stored in EF R-UIMID:

Syntax
CLA	INS	P1	P2	Lc
A0	84	00	00	0F

Data
Bytes	Description	Length
1-7	RANDSSD	7
8	Process Control	1
9-15	ESN	7

Response: 9000

Example

;; Base Station Challenge just executed .DEFINE %RANDBS R .DEFINE %AUTH 00750D .DEFINE %RANDSSD F24F2B0A9983D3 A0 84 00 00 0F %RANDSSD 00 %ESN (9000) ; Update SSD Command A0 84 00 00 0F Data In F2 4F 2B 0A 99 83 D3 00 00 00 00 A1 A2 A3 A4 Data Out Status 90 00 ;; and, finally, Confirm SSD

This command is used to validate the new Shared Secret Data (SSD_A_NEW and SSD_B_NEW) by comparing the AUTHBS value calculated by the UPDATE SSD command with the AUTHBS received from the system. If successful, SSD_A and SSD_B values are updated in EF SSD.

Example

;; Update SSD just executed A0 82 00 00 03 %AUTH (9000) ; Confirm SSD Command A0 82 00 00 03 Data In 00 75 0D Data Out Status 90 00 .POWER_OFF

This command is used to store the ESN of the ME into the EF ESN_ME file and return a flag indicating if ESN_ME is different from the previous ESN which was stored in EFESN_ME. It modifies the value stored in the EF R-UIMID. No modification are involved if the file is invalidated. EF R-UIMID is always 0x00 (Usage Indicator Preference is RFU).

Syntax
CLA	INS	P1	P2	Lc
A0	DE	00	00	08

Data
Bytes	Description	Length
1	ESN_ME Length and ME Usage Indicator Preference	1
2 - (X+1)	ESN_ME	X
(X+2) - 8	Padding bytes	8-(X+1)

Response
Bytes	Description	Length
1	Change Flag and Usage Indicator Confirmation	1