eSIM RSP SM-DP+ Common Mutual Authentication Part 3: InitiateAuthentication
InitiateAuthentication Request
The LPAd submits the eUICCInfo1 and eUICCChallenge data to the SM-DP+ in the InitiateAuthentication request along with the expected SM-DP+ Address. The SM-DP+ then verifies this data:
Example InitiateAuthentication Request
The euiccChallenge and euiccInfo1 parameters are base 64 encoded, as the raw hexadecimal is likely to contain non-alphanumeric characters:
{"euiccChallenge":"v9ZRgGebs90qFb0YAvFX6w==",
"euiccInfo1":"vyBhggMCAgCpLAQUwLxwujaSnUO0Z/9XVwUw5Xq4/NgEFPVBcr35ipXWXL64ijihwR2ACoXDqiwEFMC8cLo2kp1DtGf/V1cFMOV6uPzYBBT1QXK9+YqV1ly+uIo4ocEdgAqFw5AA",
"smdpAddress":"testsmdpplus1.example.com"}
InitiateAuthentication Response
InitiateAuthentication responds with a new TransactionID, serverChallenge, the serverSigned1 data structure and a signature created using the private key from a certificate signed by a certificate issuer that is reported as trusted by the eUICC in the eUICCInfo1 data structure.
Example InitiateAuthentication Response
{"header":
{"functionExecutionStatus":
{"status":"ExecutedSuccess"}
},
"transactionId":"0123456789ABCDEF8899aabbccddeeff",
"serverSigned1":"MFGAEAEjRWeJq83viJmqu8zd7v+BEL/WUYBnm7PdKhW9GALxV+uDGXRlc3RzbWRwcGx1czEuZXhhbXBsZS5jb22EEIiZqrvM3e7/ABEiM0RVZnc=",
"serverSignature1":"XzdAGKXNBZqRrxRgDTfCkPrWVjf3AA/8QsoYKs1zOXbqglNr0TlHlgz+ehdsypA+Me1GGdubXEpu0lJ/QoL4rLd7fA==",
"euiccCiPKIdToBeUsed":"BBT1QXK9+YqV1ly+uIo4ocEdgAqFww==",
"serverCertificate":"MIICODCCAd+gAwIBAgICAQAwCgYIKoZIzj0EAwIwRDEQMA4GA1UEAwwHVGVzdCBDSTERMA8GA1UECwwIVEVTVENFUlQxEDAOBgNVBAoMB1JTUFRFU1QxCzAJBgNVBAYTAklUMB4XDTIwMDQwMTA4MzEzMFoXDTMwMDMzMDA4MzEzMFowJTENMAsGA1UECgwEQUNNRTEUMBIGA1UEAwwLVEVTVCBTTS1EUCswWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARN/tT0aUeRvxaVzqAwejW0GAGWlTh7t1t9JEe2tSCfBEWuTl5SHNE4iNdf4HyFgCIq4g26rB13zXYwSZNCG9c5o4HfMIHcMB8GA1UdIwQYMBaAFPVBcr35ipXWXL64ijihwR2ACoXDMB0GA1UdDgQWBBS9WoLMGpZgIRi6dWCh/4OniyEL5TAOBgNVHREEBzAFiAOINwowDgYDVR0PAQH/BAQDAgeAMBcGA1UdIAEB/wQNMAswCQYHZ4ESAQIBBDBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY2kudGVzdC5leGFtcGxlLmNvbS9DUkwtQS5jcmwwKqAooCaGJGh0dHA6Ly9jaS50ZXN0LmV4YW1wbGUuY29tL0NSTC1CLmNybDAKBggqhkjOPQQDAgNHADBEAiAII+59+l490Hg46TD4G8NK6Z8Gy6NZJ/6eUCxGTcH+4wIgDS1Ah9sBpTgtIWkKwEiLFQZ/skYNM2MyRGypnwiopO8="
}
The base64 decoded serverSigned1 ASN.1 data structure:
305180100123456789ABCDEF8899AABBCCDDEEFF8110BFD65180679BB3DD2A15BD1802F157EB831974657374736D6470706C7573312E6578616D706C652E636F6D84108899AABBCCDDEEFF0011223344556677
Annotated serverSigned1:
// serverSigned1
// ASN.1 SEQUENCE with length 81
30 51
// Transaction ID
80 10 0123456789ABCDEF8899AABBCCDDEEFF
// eUICC challenge
81 10 BFD65180679BB3DD2A15BD1802F157EB
// Server domain, UTF-8 "testsmdpplus1.example.com"
83 19 74657374736D6470706C7573312E6578616D706C652E636F6D
// Server challenge
84 10 8899AABBCCDDEEFF0011223344556677
The base 64 encoded euiccCiPKIdToBeUsed indicated by the server idenitifies the trusted certificate issuer by subjectKeyIdentifier for the LPAd.
In the next step, part 4, the LPAd sends serverSigned1 to the eUICC.