C-APDU

Command Application Protocol Data Unit

Protocol
Introduced in Rel-4
C-APDU is a standardized command structure used in 3GPP networks for communication between applications and smart cards (UICC/USIM). It enables secure execution of commands like authentication, file access, and applet management. This protocol ensures interoperability between network equipment and subscriber identity modules across different manufacturers and network generations.

Description

The Command Application Protocol Data Unit (C-APDU) is a fundamental protocol structure defined in 3GPP specifications for communication between terminal equipment (TE) and the Universal Integrated Circuit Card (UICC), which contains the USIM application. This protocol follows the ISO/IEC 7816-4 standard for smart card communications and provides a standardized format for sending commands to the UICC. The C-APDU structure consists of a mandatory header and an optional body, where the header contains the Class byte (CLA), Instruction byte (INS), and two Parameter bytes (P1, P2), while the body contains the command data and expected response length.

In operation, the terminal equipment constructs a C-APDU with specific command parameters and sends it to the UICC through the terminal interface. The UICC processes the command and returns a Response APDU (R-APDU) containing the execution results. This exchange occurs during various network procedures including authentication, file system access, application selection, and secure messaging. The protocol supports both case 1 (no data) and case 4 (both command and response data) operations, with the Le field in the C-APDU indicating the expected response data length.

The C-APDU architecture enables secure communication through various mechanisms including secure messaging with cryptographic protection, command chaining for large data transfers, and logical channel management for concurrent application access. Key components include the CLA byte which defines the command class and secure messaging requirements, the INS byte specifying the exact operation, and the P1/P2 bytes providing command-specific parameters. The protocol also supports extended length fields for handling larger data blocks beyond 256 bytes, which became increasingly important with the introduction of more complex USIM applications.

Within the 3GPP network architecture, C-APDU commands are essential for subscriber authentication through the AKA protocol, where the network sends authentication vectors to the USIM via C-APDUs. The protocol also facilitates file system management on the UICC, including EF (Elementary File) and DF (Dedicated File) access, as well as application management for Java Card applets. The standardized format ensures that UICCs from different manufacturers can interoperate with network equipment from various vendors, maintaining the essential principle of global interoperability in mobile telecommunications.

Purpose & Motivation

The C-APDU protocol was created to establish a standardized command interface between mobile terminals and smart cards (UICC/USIM) in 3GPP networks. Prior to standardization, various manufacturers used proprietary command structures that hindered interoperability and increased complexity in network deployment. The adoption of ISO/IEC 7816-4 as the basis for C-APDU ensured that 3GPP networks could leverage existing smart card technology while maintaining compatibility with global telecommunications standards.

The primary problem C-APDU solves is the need for a universal command language that enables secure and reliable communication between network equipment and subscriber identity modules. This standardization was particularly crucial as mobile networks evolved from 2G to 3G, requiring more sophisticated authentication mechanisms and application support. By providing a consistent command structure, C-APDU allows network operators to deploy UICCs from multiple vendors while ensuring they work correctly with all compliant network equipment.

Historical context reveals that early mobile systems faced interoperability challenges due to proprietary implementations. The introduction of C-APDU in Release 4 addressed these limitations by establishing a common protocol foundation that supported the growing complexity of USIM applications. This standardization enabled advanced features like secure application download, enhanced authentication protocols, and multi-application support on a single UICC, all while maintaining backward compatibility with existing systems.

Key Features

  • Standardized command structure based on ISO/IEC 7816-4
  • Support for secure messaging with cryptographic protection
  • Extended length capability for handling large data blocks
  • Logical channel management for concurrent application access
  • Backward compatibility across 3GPP releases
  • Support for both case 1 and case 4 command operations

Evolution Across Releases

Rel-4 Initial

Initial introduction of C-APDU based on ISO/IEC 7816-4 standards, establishing the fundamental command structure for USIM communication. The architecture included mandatory header fields (CLA, INS, P1, P2) and optional body fields for command data and expected response length. This release defined basic command operations for authentication, file access, and application management.

TS 21.905

Defining Specifications

SpecificationTitle
TS 21.905 3GPP TS 21.905