What is DCK? Depersonalisation Control Keys

Description

Depersonalisation Control Keys (DCK) are a fundamental security mechanism defined in 3GPP specifications for managing the lifecycle of UICC (Universal Integrated Circuit Card) applications, particularly the Subscriber Identity Module (SIM) and USIM. These keys are part of the secure channel protocols established between the network operator's systems and the UICC. DCKs are used to authorize and execute the depersonalization command, which securely erases personalized data such as the International Mobile Subscriber Identity (IMSI), authentication keys (Ki), and other operator-specific configurations from the card. This process renders the UICC unusable on the network and returns it to a blank or factory-default state, preventing its unauthorized reuse.

The architecture for DCK operation involves several key components: the UICC containing the secure file system and applications, the Mobile Equipment (ME) or device that provides the physical interface, and the network operator's Over-The-Air (OTA) platform or provisioning system. The DCK itself is a symmetric cryptographic key, typically 128-bit, that is securely stored both in the operator's secure key management system and within a protected area of the UICC during the personalization phase. When depersonalization is required, the network operator initiates a secure session using the DCK to authenticate the command. The UICC verifies the command's authenticity using the stored DCK before executing the irreversible deletion of personalized data.

Technically, the depersonalization process follows the 3GPP TS 31.102 specification for USIM applications. The DCK is used within a secure messaging envelope, often employing the Secure Channel Protocol (SCP) with cryptographic mechanisms like AES or DES. The command structure includes authentication codes (MACs) calculated using the DCK to ensure integrity and authenticity. Successful execution involves the UICC wiping sensitive files from its Elementary Files (EF) structure, particularly those in the DF_GSM and DF_5GS directories, and potentially locking the card from further use. This mechanism is distinct from PIN unblocking keys (PUK) or administrative codes, as it targets the complete removal of network credentials rather than just unlocking access.

The role of DCK in the network ecosystem is multifaceted. It serves as a critical tool for operators to manage security incidents, such as when a UICC is reported stolen or compromised. By using the DCK, operators can remotely disable the card, preventing fraud. It also facilitates efficient recycling and reprovisioning of UICCs in inventory management. Furthermore, DCK mechanisms support regulatory requirements for data privacy by ensuring that personal data can be securely erased when a subscriber terminates service. The secure handling and storage of DCKs within operator infrastructures are subject to strict security policies, as compromise of these keys could allow unauthorized depersonalization or other malicious actions against subscriber cards.

Purpose & Motivation

DCK was introduced to address the growing need for secure, remote management of UICC cards in mobile networks. Prior to standardized depersonalization mechanisms, operators faced significant challenges in dealing with lost, stolen, or compromised SIM cards. Without a secure remote wipe capability, these cards could continue to be used fraudulently, leading to revenue loss and security breaches. The manual processes for blacklisting IMSIs were reactive and slow, and they didn't remove the credentials from the physical card itself, leaving potential for misuse in other networks or with cloned devices.

The creation of DCK was motivated by the evolution toward Over-The-Air (OTA) management of UICCs, which enabled operators to provision, update, and manage cards without physical access. As networks expanded and subscriber bases grew into the millions, the ability to efficiently and securely manage the end-of-life or security remediation of cards became essential. DCK provided a standardized, cryptographically secure method to authorize depersonalization commands, ensuring that only authorized network operators could perform this critical function. This addressed limitations of proprietary solutions and enhanced interoperability across different UICC manufacturers and operator systems.

Historically, the introduction of DCK in Release 6 aligned with the broader 3GPP push toward enhanced security features for 3G/UMTS networks. It complemented other security mechanisms like the Authentication and Key Agreement (AKA) protocol and secure OTA platforms. By providing a controlled method to erase personalized data, DCK helped maintain the integrity of the subscriber identity system, protected against SIM cloning attacks, and supported compliance with data protection regulations that mandate secure erasure of personal information upon service termination.

Classification

Part ofUSIM

Related approaches

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (33 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-6, normative work from Rel-15.

Rel-15 8 changes

In Release 15, updates to USIM management procedures for 5GS were introduced. This included enhancements to the USIM OPL configuration to support 3-byte Tracking Area Codes when connected to an NG-RAN. Additionally, control for Mission Critical Services configuration data was updated within the USIM.

USIM Service Table update for PDU session call control support TS 31.102CR0786
Allow configuration of MCS (Access Identity 2) via USIM. TS 31.102CR0794
Mission Critical Services configuration data update to USIM TS 31.102CR0808
Remove the control plane based SoR related EF and use only the EF-UST. TS 31.102CR0798
Corrections to the control plane based SoR related EF TS 31.102CR0799
Enhance USIM OPL configuration to support 3 bytes TAC when in NG-RAN. TS 31.102CR0818

+ 2 more changes

Rel-16 10 changes

In Release 16, the new DCK function was introduced to enable the USIM to configure operator-controlled lists for features like the "PS Data Off list" for home and roaming, and the "RLOS PLMN list" and "RLOS allowed MCC list" for network selection control. This extended the USIM's role in storing network policy data, such as the URSP rules and the list for Trusted non-3GPP access networks. Additionally, Release 16 specified support for a dedicated AID for USIM applications using non-IMSI based SUPI types.

Support for USIM configuration of RLOS PLMN list TS 31.102CR0847
URSP storage in USIM TS 31.102CR0861
Specify storage for a potentially separate KSEAF for non-3gpp access on the USIM TS 31.102CR0864
USIM configuration of RLOS allowed MCC list TS 31.102CR0881
Support for Trusted non-3GPP access networks list by USIM TS 31.102CR0891
Either IMSI or NSI - Report of SA3 S3-194455 Tdocs recommendation (in Rel16) TS 31.102CR0884

+ 4 more changes

Rel-17 9 changes

In Release 17, the DCK function was enhanced by introducing new USIM files for storing pre-configured CAG information and for the configuration of warning message reception in SNPNs. Additionally, support was added for storing SOR-CMCI parameters and disaster roaming configuration data, such as an enabled indicator and wait ranges, directly on the USIM. These changes expanded the USIM's role in managing network access and service parameters for 5G systems.

Introduce a USIM file to store pre-configured CAG information list TS 31.102CR0904
SOR-CMCI storage in USIM TS 31.102CR0917
Addition of USIM files for the indication of whether disaster roaming is enabled in the UE, disaster roaming wait range, disaster return wait range and applicability indicator for disaster roaming PLMNs list provided by VPLMN. TS 31.102CR0938
Adding eDRX parameters in the USIM for NG-RAN TS 31.102CR0943
5G NSWO (Non-Seamless WLAN Offload) configuration support in the USIM compromised proposal. TS 31.102CR0946
Support of 'No E-UTRA Disabling In 5GS' in USIM TS 31.102CR0947

+ 3 more changes

Rel-18 4 changes

In Release 18, the enhancements for the DCK function focused on extending the storage of security parameters on the USIM. Specifically, the update mandated that a particular service (Service n°133) must be enabled whenever another specific service (Service n°123) is enabled. This change ensures extended and more controlled storage for critical 5G security parameters directly on the UICC.

5G Security Parameters extended storage on USIM (Mandating Service n°133 to be enabled when Service n°123 is enabled) Rel18. TS 31.102CR1014
Add EF of Access Control to GBA_U_APIs to the USIM TS 31.102CR1007
Add EF of IMS Data Channel configuration to the USIM TS 31.102CR1006
Fix issues with FID for Access Control files TS 31.102CR1041

Rel-19 2 changes

In Release 19, the DCK function was updated to handle backward compatibility for USIMs that lack extended security parameter storage in the EF_5GAuthKeys file. This ensures that the depersonalisation control keys function can operate correctly with legacy USIM implementations. The changes focus on maintaining security and functionality across different USIM generations.

Introducing Operator-controlled-LSP-PLMN and PeriodicSearchTimerNonLSP TS 31.102CR1081
Backward compatibility handling of USIM without extended security parameter storage in EF_5GAuthKeys - Rel19 TS 31.102CR1074

Explore further

Broader topics and technologies where DCK plays a role.

Topics

SON (Self-Organizing Networks)Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)Encryption & Integrity MEC (Edge Computing)Privacy (SUPI, SUCI)

Technologies

Defining Specifications

3GPP specifications that define or reference DCK, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

Specification	Title	Release
TR 21.905 vj00	3GPP Technical Terms and Definitions	Rel-19
TS 31.102 vj40	USIM Application Specification	Rel-19