80591ST10886A Rev.2
Page
50
of
200
2018-07-02
OK
6.14. AT+CEAP EAP authentication
This command allows a TE to exchange EAP packets with the UICC or the ME.
Prior to the execution of this command, the TE shall retrieve the available AIDs using the +CUAD command.
The TE shall select one appropriate AID to be addressed. Selection may include asking the user, and
considering EAP methods supported by the AIDs. The TE shall set the <dfname> value using the selected AID
and shall set the <EAPMethod> value to the requested EAP method. The TE may set the <Dfeap> value to the
directory file
identifier that is applicable to the <EAPMethod>; which is derived from the discretionary data returned by
+CUAD. The parameter is mandatory for EAP terminated in UICC.
If the targeted application on the UICC does support the requested EAP method, the MT shall use the value
provided in <Dfeap>, and it shall transmit the <EAP packet data> to the UICC application using the Authenticate
APDU command as defined in ETSI TS 102 310 [66]. The appropriate DF
EAP
in the ADF must be selected prior
to the submission of an EAP Authenticate command with the <EAP packet data>. Then the EAP Response data
sent by the UICC application in its response to the Authenticate command shall be provided to the TE in <EAP
packet response>.
If the targeted application on the UICC does not support the requested EAP method and if the MT does support
this method then the <EAP packet data> shall be handled by the MT. During the handling of the EAP method,
the MT shall run the authentication algorithm on the SIM or USIM, respectively.
Also the MT has to allocate an <EAPsessionid> in order to identify an EAP session and its corresponding keys
and parameters.
If neither the MT nor the appropriate UICC application supports the requested EAP method, the MT shall
respond with CME ERROR: 49 (EAP method not supported).
Syntax
