Personalisation Control Key

Description

The Personalisation Control Key (PCK) is a security feature defined within the 3GPP UICC (Universal Integrated Circuit Card) and USIM (Universal Subscriber Identity Module) application toolkit. It is a secret cryptographic key, typically 128 bits long, stored securely in a protected file (EF_PCK) on the UICC. The primary function of the PCK is to facilitate network, service provider, or corporate personalisation of the Mobile Equipment (ME). Personalisation refers to the ability to restrict the ME's operation to work only with a specific UICC, network, or set of services. The mechanism is invoked via the "PERSONALISE" command from the UICC to the ME, which includes a challenge-response authentication protocol using the PCK.

The technical process works as follows: When a personalised ME is powered on with a UICC, the ME reads the personalisation data from the UICC. If personalisation is active, the ME sends a random challenge (RAND) to the UICC. The UICC uses the stored PCK and a cryptographic algorithm (like MILENAGE) to compute a response (RES) and an expected response (XRES). The RES is sent back to the ME. The ME, which also possesses the PCK (programmed into its non-volatile memory during the personalisation process), independently computes the XRES using the same RAND and algorithm. If RES matches XRES, the personalisation check passes, and the ME operates normally. If the check fails, the ME may deny service, restrict functionality, or display a message, depending on the personalisation category (e.g., network, service provider, corporate).

The architecture involves several components: the ME's personalisation framework, the UICC's USIM application with the PCK file, and the over-the-air (OTA) platform used to provision or update the PCK on the UICC. The PCK is distinct from the authentication keys (Ki/K) used for network access; it is solely for device locking. Its role is critical for enforcing commercial policies. For example, a subsidised phone sold by Operator A is personalised with Operator A's PCK, preventing its use with a competitor's SIM until unlocked. The specifications detail multiple personalisation categories (Network, Network Subset, Service Provider, Corporate) each potentially with its own PCK, allowing for granular control. Management commands allow for disabling personalisation (unlocking) if the correct PCK is provided.

Purpose & Motivation

The PCK was introduced to address the commercial need for network operators and handset manufacturers to control the usage environment of mobile devices, particularly in markets where handsets are heavily subsidised. Without such a mechanism, a subsidised device could be immediately used with a competitor's SIM card, undermining the business model of recouping subsidy costs through service revenue. Prior to standardised personalisation, proprietary locking solutions existed, leading to fragmentation and interoperability issues. The PCK, standardised from Release 4 onwards, provided a universal, secure method for personalisation across all 3GPP-compliant devices and UICCs. It solves the problem of device locking in a cryptographically secure manner, preventing easy circumvention. Its creation was motivated by the desire to protect operator investments, manage device fleets for corporate customers, and enable branded service offerings, while maintaining a standardised security framework that is interoperable between different ME and UICC vendors.

Key Features

• Secret cryptographic key (e.g., 128-bit) stored in the EF_PCK file on the UICC/USIM.
• Used in a challenge-response protocol to authenticate the ME to the UICC for personalisation checks.
• Supports multiple personalisation categories: Network, Network Subset, Service Provider, and Corporate.
• Enables restriction of ME operation based on the inserted UICC's credentials.
• Can be provisioned and managed securely via OTA platforms.
• Distinct from network authentication keys (Ki/K), dedicated to device/service locking control.

Evolution Across Releases

Defining Specifications