R-UIM Tools Home Page

Our Articles

Simple and powerfull GSM + LTE Authentication Calculator: TUAK, Milenage, COMP128-1, 2, 3, Xor Visualyze and Analyze all APDUs between handset and RUIM, (U)SIM All you need to work with SIM, USIM, R-UIM card: build card tree, read, write, export GSM 03.48 compliant solutions for Over-The-Air campaign DES, 3DES, AES, MD5, and other encryptions and hashes Parse an ISO 7816-3 ATR online A collection of Java Card projects in source A simple tool to convert CAP files into IJC format

    Cascaded (Concatenated) PRLs, designed by China Unicom

    EF_PRL (Preferred Roaming List)

    This EF stores the Preferred Roaming List, as described in Section3.5.3 of C.S0016-B. The preferred Roaming List includes section parameters from Annex F of 3GPP2 C.S0005-0.

    Identifier: 6F30
    Structure: transparent
    Update activity: low
    Mandatory EF
    File size: 'PR_LIST_SIZE'
    Access Conditions: READ
    Bytes Description M/O Length

    The PRL file could be n cascaded PRL files of different version, appended 2 bytes CRC check value for all PRL files in the end.

    PR_LIST_SIZE_x (x=1~N) is the corresponding PR_LIST_SIZE value in different version cascaded PRL files.

    Annex B is a recommended provision example for CU networking. The remained and not used bits are set to 1 in each cascaded PRL file (Because minimum PR_LIST_SIZE is 8 bits).

    Annex A : Example of Cascaded PRL Files Format

    C.S0016-B redefines PRL format in order to support CDMA2000 HRPD networking, and when SSPR_P_REV >00000001, the format is not compatible with version before B. The specification defined cascaded PRL IN 5.4.16 Preferred Roaming List, in order to CU existing terminal could be compatible with UIM card complying with the specification.
    The example of cascaded PRL is shown as follows, and detailed meaning and format for each field is specified in C.S0016-A and B

    Part of IS-95/cdma1X (SSPR_P_REV = 00000001) or before version B Field Size Comments
    PR_LIST_SIZE 16 Preferred roaming list size
    PR_LIST_ID 16 Preferred Roaming List Identification
    PREF_ONLY 1 Preferred only
    DEF_ROAM_IND 8 Default roaming indication
    NUM_ACQ_RECS 9 Number of acquisition records
    NUM_SYS_RECS 14 Number of system records
    EXT_ACQ_TABLE Variable Extended Acquisition Table
    SYS_TABLE Variable System Table
    RESERVED 0 to 7 Reserved bits
    PR_LIST_CRC 16 CRC for Part Rel. A
    Part of cdma2000 HRPD (SSPR_P_REV > or = 00000011) PR_LIST_SIZE 16 Preferred roaming list size
    PR_LIST_ID 16 Preferred Roaming List Identification
    CUR_SSPR_P_REV 8 Protocol revision for the PRL format
    PREF_ONLY 1 Preferred only
    DEF_ROAM_IND 8 Default roaming indication
    NUM_ACQ_RECS 9 Number of acquisition records
    NUM_COMMON_SUBNET_RECS 9 Number of records in the Common Subnet Table
    NUM_SYS_RECS 14 Number of system records
    ACQ_TABLE Variable Acquisition Table
    COMMON_SUBNET_TABLE Variable Common Subnet Table
    EXT_SYS_TABLE Variable Extended System Table
    RESERVED 0 to 7 Reserved bits
    PR_LIST_CRC 16 CRC for Part Rel. C
    Total CRC TOTAL_CRC 16 CRC for preferred roaming list

    In above table
    PRL parameter whose version is older than C.S0016-B is used when IS-95/cdma 1x terminal acquires network during power on.
    PRL parameter whose version is C.S0016-B is used when HRPD only and 1x/HRPD mixed terminal acquires HRPD network during power on.

    Annex B: Consideration and Choose about Isolation of Terminal and Card in 1X/HRPD networking for China Unicom

    China Unicom adopt the technology that card is isolated from terminal in CDMA 1X networking, and the mix networking of 1x/HRPD still use the isolation after upgrading to HRPD. Considering that the existing users have no need to replace with new UIM card, China Unicom have a different solution with existing international specification in the technology of isolation, so we need some specific definition for terminal, UIM card and some networking equipment.

    1. Choose for Authentication and Algorithm

    The current CDMA 1X networking uses CAVE algorithm for access authentication, which is stored in existing UIM cards; HRPD networking uses MD5 algorithm for access authentication, which is not supported by existing CDMA 1X UIM cards. According to current internation standards, the users of China Unicom CDMA 1X shall replace with new UIM card if they need to use HRPD service. To make sure no replacing for new HRPD/1X service, China Unicom decide to implement HRPD authentication using CAVE algorithm for existing IS-820-0 UIM cards after solution argumentation and test. The method uses the standard CHAP flow (inquiry- shakehand authentication protocal) recommended by IS-878, however, it uses the same authentication info (such as key SSD-A) and authentication algorithm (CAVE algorithm) as CDMA 1X networking in terminal and AN-AAA, which encapsulates related info of CAVE algorithm into CHAP message of HRPD standard, and delivers to AN-AAA for authentication via AN. At the same time, to make HRPD networking share and synchronize authentication info, it adds the signal link in accordance with ANSI-41 specification, distributes signal spot coding for AN-AAA, and add client workstation to support No.7 signal of low level.
    For developing new users and 1X renew users, new UIM cards adopt MD5 authentication algorithm, which is in accordance with current international standard and other networking.

    2. Networking Choose via PRL

    China Unicom CDMA UIM card specification adopts IS820 series international standards, however, it defines that PRL updating shall use short message download. IS683A international standards define PRL format that support HRPD/1X. In China Unicom solution of isolation, PRL shall adopt the format that PRL of IS683A binded following PRL of IS683C, to make sure HRPD terminal could read Rel.C, 1X could read Rel.A, then finish normal networking choose after UIM card is inserted into terminal.
    Terminal shall check MSG_DISPLAY_MODE to know if it is PRL updating message after it gets the message including PRL. If it is, the PRL message shall be copied into internal PRL buffer of UIM card. UIM card shall statistic length and calculate CRC, then compare it with OTA_CRC according to the last message (when Current PRL update message number is equal to Total number of PRL update messages). If it is equal, the checkout is successful, and update Efprl of UIM card.
    When 1X terminal turn on to choose networking, it shall first read the content of EFprl, and only read PRL part A according to the first two bytes 'PR_LIST_SIZE length'of PRL, then it could get complete choosing networking info for 1X searching successfully.
    When 1X /HRPD terminal turn on to choose networking, it shall read the content of PRL part A, then it shall continue to read the content of PRL part C, then it could finish choosing networking of 1X and HRPD according to info of PRL part C.
    To make users who don't update PRL in time or can't update PRL use HRPD service, all terminal chip preset a default HRPD carrier frequency, No.37 carrier frequency of 800MHz. If 1X/HRPD terminal can't get PRL of IS683-A+C, that means terminal can't read the PRL of IS683-C, it shall adopt default HRPD PRL generated by HRPD carrier frequency, and combine with 1X PRL of IS683A in UIM card. Then, terminal shall search and access HRPD system in the default HRPD carrier frequency. If terminal could get PRL of IS683-A+C in UIM, it shall search HRPD networking via the PRL, and the default HRPD carrier frequency is invalid at this time.

    3. Alteration of Related Equipment caused by Isolation of terminal and card

  • Requirement for terminal of 1X/HRPD
    1. Terminal shall choose CAVE or MD5 implemented by HRPD according to 'n5' in CDMA service table of UIM card.
    2. Terminal shall get RAND of AN from HRPD interface, and put the result of authentication'AUTHR' in HRPD interface to return to AN.
    3. HRPD termianl shall identify PRL format of UIM card to choose networking.
    4. Terminnal chip adds setting of HRPD default carrier frequency, and could generate default PRL according to default carrier frequency. When terminal can't identify PRL of UIM card, it still choose networking accoding to default frequency.
  • Requirement for UIM card
    1. UIM card is UTK card, which support updating PRL via OTA short message.
    2. UIM card of CDMA 1X IS-820-0 ( called 'old card') and UIM card of IS-820-B(called 'new card')could support cascaded PRL format of IS683A for 1X and IS683C for 1X/HRPD.
    3. UIM 'new card' of 1X/HRPD support MD5 authentication algorithm, and could adopt SHA-1 authentication algorithm.
  • Requirement for AN-AAA
    1. AN-AAA shall get CAVE authentication result 'AUTHR' of AT from AN.
    2. AN-AAA adds interface with HLR, distributes signal spot coding, and add client workstation to support No.7 signal, to make AN-AAA implement updating SSD initialed by 'AUTHREQ' message, which is the part of VLR function.