Description
ADM (Administrative Access Condition) is a fundamental security concept within 3GPP specifications for Universal Integrated Circuit Card (UICC) and Universal Subscriber Identity Module (USIM) applications. It functions as an access control flag or condition associated with specific Elementary Files (EFs) stored on the smart card. An EF marked with ADM can only be accessed (for reading, updating, or deleting) by entities possessing the correct ADM key or credentials, which are exclusively held by the administrative authority—usually the mobile network operator (MNO) or the service provider that created and personalized the UICC.
The mechanism operates within the framework of the UICC's security architecture, which includes a hierarchy of access conditions: ALWays (free access), NEVer (no access), CHV (Card Holder Verification using PIN), and ADM. ADM sits at the top of this hierarchy, providing the strongest protection. When an application on the terminal (Mobile Equipment) attempts to access an EF, the UICC's operating system checks the file's access conditions. If ADM is set, the terminal must present valid authentication using the ADM key, typically through a secure channel established with the card. This process often involves cryptographic challenges and responses to prove possession of the key without exposing it.
Key components involved in ADM enforcement include the EF's file descriptor (which stores the access condition), the UICC's security manager, and the authentication algorithms. The ADM condition is defined during the card personalization phase and is crucial for protecting sensitive files such as those containing network access credentials (like IMSI), operator-specific service parameters, and roaming lists. The administrative authority uses ADM to maintain control over these critical parameters, ensuring they can be updated securely over-the-air (OTA) or during physical maintenance while preventing tampering by end-users or unauthorized applications.
In the broader network architecture, ADM supports secure subscription management and service provisioning. It enables operators to remotely manage UICC content through OTA platforms by authenticating with ADM keys. This is essential for modern eSIM (eUICC) profiles and IoT deployments where remote management is paramount. The integrity of the ADM mechanism underpins trust in the subscriber identity module, as compromise could lead to unauthorized network access or service theft. Thus, ADM keys are among the most closely guarded secrets in an operator's security infrastructure, often managed through Hardware Security Modules (HSMs) in secure provisioning centers.
Purpose & Motivation
ADM was created to address the critical need for mobile network operators to maintain exclusive administrative control over sensitive data stored on subscriber identity modules. In early GSM systems, as smart cards evolved from simple authentication tokens to complex service platforms, operators required a mechanism to protect network-specific files from unauthorized access—whether by end-users, third-party applications, or malicious actors. Without ADM, operators would be unable to securely update essential parameters like IMSI, cryptographic keys, or service settings, compromising network security and service integrity.
The introduction of ADM in 3GPP Release 5 formalized this highest-level access control within the standardized security framework for UICC/USIM applications. It solved the limitation of earlier, more rudimentary access controls that lacked a clear hierarchy for administrative privileges. By defining ADM as a distinct condition, 3GPP enabled operators to delegate certain user-accessible functions (via CHV/PIN) while reserving ultimate authority over critical files. This separation of concerns is fundamental to modern subscription management, allowing users to personalize some aspects (like phonebooks) while ensuring network-critical data remains under operator control.
Historically, ADM's creation was motivated by the growing complexity of mobile services and the shift toward OTA updates. As operators began deploying value-added services and needed to manage subscriptions remotely, a robust administrative access mechanism became essential. ADM provided the technical foundation for secure OTA platforms, enabling trusted service management without physical card access. This capability has become even more crucial with the advent of eSIM and IoT, where remote provisioning and lifecycle management are standard requirements, making ADM a cornerstone of contemporary mobile security architectures.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (8 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.
Studied in Rel-5, normative work from Rel-15.
In Release 15, the specification for the Administrative Access Condition (ADM) function was updated by adding headers for cache control and conditional request to the Nudr Services API. This enhancement provides more granular control over data access and management procedures. The change specifically relates to the security attributes and access conditions associated with files on the UICC, such as the USIM application.
- Adding headers for cache control and conditional request to the Nudr Services API TS 29.504CR0013
In Release 16, the ADM function was enhanced by introducing Conditional POST, PUT, PATCH, and DELETE requests, allowing administrative actions to be executed based on specific access conditions. Furthermore, the capability for multiple temporal validity conditions was added for AF traffic influence, enabling more granular control. These updates were formalized through the definition of new ConditionalSubscription and NotificationResourceFragment features.
In Release 17, the new feature "ConditionalSubscriptionWithExcludeNotification" was introduced for the Administrative Access Condition (ADM) function. This feature, which was also updated with a revised description within the same release, provides a mechanism for conditional subscriptions that can exclude specific notifications. It represents an enhancement to the set of security attributes and access conditions associated with files on the UICC, such as the USIM.
In Release 19, the ADM (Administrative Access Condition) function was enhanced to support operations involving a temporary identifier. Furthermore, the service operations for ADM were updated, refining the set of procedures and security attributes associated with managing file access conditions on the UICC.
Explore further
Broader topics and technologies where ADM plays a role.
Defining Specifications
3GPP specifications that define or reference ADM, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TR 21.905 vj00 | 3GPP Technical Terms and Definitions | Rel-19 |
| TS 23.369 vj20 | 5G System Architecture for Ambient IoT | Rel-19 |
| TS 24.022 vj00 | Radio Link Protocol (RLP) for Circuit Switched Data | Rel-19 |
| TS 28.540 vk10 | 5G Network Resource Model (NRM) Management | Rel-20 |
| TS 29.504 vj50 | Nudr Service Based Interface Stage 3 Protocol | Rel-19 |
| TS 31.103 vj00 | ISIM Application Specification | Rel-19 |
| TS 32.181 vj00 | User Data Convergence Management Framework | Rel-19 |
| TR 32.901 vj00 | UDC Application Data Models Study | Rel-19 |
| TS 33.369 vj00 | Security for AIoT in Isolated Private 5G Networks | Rel-19 |
| TS 33.713 vj00 | Security Study for Ambient IoT in 5G | Rel-19 |
| TS 44.064 vj00 | GPRS Logical Link Control (LLC) Protocol | Rel-19 |