中华人民共和国 通信行业标准 YD/T XXXX —XXXX 面向消费电子设备的嵌入式通用集成电路 卡（ eUICC）安全能力技术要求 Embedded Universal Integrated Circuit Card (eUICC) consumer devices security requirements specification （报批稿） XXXX-XX-XX发布 ICS 33.030 CCS M21 YD XXXX-XX-XX实施 中国人民共和国工业和信息化部   发 布 目  次 前言 ................................................................................... 3 1 范围 ................................................................................ 4 2 规范性引用文件 ...................................................................... 4 3 术语、定义和缩略语 .................................................................. 4 3.1 术语定义 ........................................................................ 4 3.2 缩略语 .......................................................................... 5 4 介绍 ................................................................................ 5 4.1 TOE范围 ........................................................................ 6 4.2 本文件的使用 .................................................................... 6 4.3 符合性声明 ...................................................................... 6 5 eUICC架构 .......................................................................... 6 5.1 eUICC架构概述 .................................................................. 6 5.2 ECASD ........................................................................... 7 5.3 ISD-R ........................................................................... 7 5.4 ISD-P ........................................................................... 8 5.5 Profile ......................................................................... 8 5.6 LPA服务 ........................................................................ 9 5.7 LPAd(LPA in Device) ............................................................. 9 5.8 LPAe (LPA in eUICC) ............................................................. 9 6 eUICC安全问题定义 ................................................................. 10 6.1 安全资产 ....................................................................... 10 6.2 用户/主体 ...................................................................... 14 6.3 安全威胁 ....................................................................... 15 6.4 组织安全策略 ................................................................... 18 6.5 假设 ........................................................................... 18 7 安全目标 ........................................................................... 19 7.1 TOE的安全目标 ................................................................. 19 7.2 运行环境的安全目标 ............................................................. 21 7.3 安全目标基本原理 ............................................................... 23 8 扩展要求 ........................................................................... 30 8.1 扩展族FIA_API- 身份验证证明 .................................................... 30 8.2 扩展族FPT_EMS-TOE 发散 ......................................................... 31 8.3 扩展族FCS_RNG- 随机数生成 ...................................................... 32 9 安全要求 ........................................................................... 32 9.1 概述 ........................................................................... 32 9.2 安全功能要求 ................................................................... 33 9.3 安全保障要求 ................................................................... 50 9.4 安全要求基本原理 ............................................................... 59 10 LPAe .............................................................................. 67 YD/T XXXX—XXXX 10.1 介绍 .......................................................................... 67 10.2 LPAe架构 ..................................................................... 68 10.3 LPAe安全问题定义 ............................................................. 68 10.4 LPAe安全目标 ...................