This European Telecommunication Standard (ETS) provides a description of the additional requirements@ features and mechanisms necessary to provide adequate security within the UPT service for Phase 2. It is based on the specification of the Security Architecture for UPT Phase 1@ given in ETS 300 391-1 [2] and it specifies the additions to Phase 1 only. The specific security requirements@ features and mechanisms additionally needed for UPT Phase 2 are specified in detail. Where applicable Phase 1 is referred to. Downwards compatibility to UPT Phase 1 is fulfilled. Both this ETS and ETS 300 391-1 [2] are based on the general UPT security architecture given in ETR 083 [1]@ which describes the threat analysis and security requirements. Only aspects of the UPT security architecture that concern the security of the overall UPT service and information exchange between the user and the network are standardized. Clause 4 summarizes the Phase 2 relevant security requirements and security features. It also specifies the security requirements to provide UPT on GSM@ ISDN and other modern networks. Furthermore@ the requirements for cards in UPT (either via card reading terminals or card reading devices) and the requirements for data services are specified. Clause 5 specifies the security mechanisms for access control@ the two pass strong authentication mechanism@ security management measures and security profiles. Clause 6 summarizes the sizes of the parameters used in the mechanisms. The next three clauses give the functional specifications of respectively the UPT card (see clause 7)@ the security protocol (see clause 8) and the Authenticating Entity (AE)@ (see clause 9). Clause 10 describes the possible authentication algorithms to be used in UPT Phase 2@ such as UPT Security Algorithm (USA-4) and TE7 Security Algorithm (TESA-7). Three relevant Implementation Conformance Statement (ICS) proformas are specified in annexes.