SIM Card Overview

© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com

SIM Cards OverviewC. Enrique Ortiz | August 2009

http://weblog.cenriqueortiz.com


What is a SIM Card?

• SIM or Subscriber Identification Module is a smart card

that is included in every cell phone of the GSM family of

networks

� 6 or 8-pin flat connector embedded on the top of the card

� A fully fledge microcomputer with an OS

• UICC stands for Universal Integrated Circuit Card is a

new generation SIM

Source:3, Java Card 3: Classic Functionality Gets a Connectivity Boost


More on SIM and SIM Cards

• SIM cards hold subscriber information and memory, for

example for personal directory of numbers

� SIM identifies a subscriber via unique International Mobile Subscriber Identity (IMSI)

>The first 3 digits represent the Mobile Country Code (MCC)

>The next 2 digits represent the Mobile Network Code (MNC)

>The next 10 digits represent the mobile station identification number

• SIM is the application that runs on a SIM Card

� SIM is to GSM, what USIM is to UMTS & RUIM/CSIM is to CDMA

• Today most SIM cards are based on Java Card


SIM and Smartcard Standards

•ETSI -- Specifications in blue•3GPP -- Specifications in green and red

Source: Gemalto

Standards for:

•Toolkit

•File & Auth

•APIs

•OTA

•Smartcards

ISO/IEC 14443 is the international standard for contactless smart chips and cards that operate

(i.e., can be read from or written to) at a

distance of less than 10 centimeters (4 inches).

This standard operates at 13.56 MHz and

includes specifications for the physical characteristics, radio frequency power and

signal interface, initialization and anti-collision

protocols and transmission protocol.

ISO/IEC 7816 is the international standard for contact smart cards. ISO/IEC 7816 Parts 4 and

above are used by both contact and contactless

smart card applications for security operations

and commands for interchange.

Source: Smart Card Alliance

Java Card (classic or 3.0) Applets are built using Java and run in a JCRE


Industry: Interesting Numbers for 2008

• Global SIM card shipments exceeded 2.9 billion units

during 2008

� Strong demand from the emerging markets of India, China, Asia Pacific and Latin America contributing to a 29 per cent

increase on shipments over the previous year

• On average, memory size increased by 11 per cent on

2007 figures

• Number of cards shipped with a S@T (SIMalliance

Toolkit) browser had a growth rate of 22 per cent

• 3G enabled SIM cards represented 14 per cent of total

shipments in 2008

Source:SIMalliance


Next Generation SIM Cards

• Next gen SIM Cards integrate with new functionality…

• Mobile Near Field Communication (NFC)

• More advanced Applications

� Address book, calendar back-up, messaging, teleconferencing

and file transfers, banking and access control, Web!

• Smart Card Web Server

� Web apps running right on SIM Cards! And TCP stacks

• High-capacity SIM cards

� More and more memory/capacity

• Multi-Media support (in conjunction w/ browser)


Overview: Programming SIM Cards

• SIM Toolkit

A SIM Toolkit is a data management application (applet) for SIM cards, part of which is resident in the SIM card

•Icon, application, settings and help management

•User (simple menus), mobile, network and card interactions

Source: Gemalto

Toolkit “conversation”between phone and Smartcard


Overview: Java Card Classic

import javacard.framework.*

...

public class MyApplet extends Applet {

// Definitions of APDU-related instruction codes

...

MyApplet() {...} // Constructor

// Life-cycle methods

install() {...}

select() {...}

deselect() {...}

process() {...}

// Private methods

...

}

Source: Introduction to Java Card Technology by C. Enrique Ortiz


SIM / Smart Card Application Communication

Command APDU Structure

Response APDU Structure

Application Communication Architecture

Source: SIM Protocols by Mobile Forensics


Classical Java Card Development

Source: Introduction to Java Card Technology by C. Enrique Ortiz

IDEs can

simplify

these steps!


Java Card 3.0

• Extends (and simplifies) the programming model

• Classic Applets (Java Card 2 limitations apply for these applications) � Communication using APDU protocol

� Backward compatibility

• Extended Applets � Communication using APDU protocol

� Similar to Classic Applets, and can use all the new APIs, like Threads, Strings, and GCF (Generic Connection Framework)

• Web Enabled!� Based on Servlet 2.4 API

� Communication using standard HTTP/ HTTPS protocol

� HTML, JavaScript, etc. (much richer UIs than prior)


Java Card 3 Architecture

•All data types except float and double

•Multiple threads

•Extensive API support (java.lang, java.util, GCF, and so on)

•Direct handling of class files, with all loading and linking on card

•All new Java language syntax constructs (enums, generics, …)

•Automatic garbage collection

Source -- Java Card 3: Classic Functionality Gets a Connectivity Boost by Peter Allenbach

NEW!


Smartcard Web Server

• Very exciting and powerful SIM card evolution in my opinion!

� It took more than 10 years but we finally have it! Very powerful.

• Leverages the browser already present in the handset to run local

web applications preloaded into the SIM

• Local web-based applications are securely stored in the SIM card

and can be updated remotely

• Servlets framework on SIM Cards!

Potential Apps:•Rich SIM card apps•On-Device Self-Service•Application Management•Mobile Payments•Mobile NFC

Best of both worlds

Mobile SIM + Web

Source: Gemalto

Source: Gemalto


Benefits of Smartcard Web Server

• Rich UI and Advanced Capabilities� Access to location, SMS, servers on the web, secure local-storage,

personalized experience

� Call-intercepts to perform actions on-device, for example help troubleshoot issues before calling the support representative

• Manageable� Secure, remote application management

• SIM-card based /On-Device� Works Connected and Disconnected

� Secure connections and environment

� Uses no wireless resources when doing on-device web apps

� Access to information such as location that can help personalize the experience

• Easy to deploy� Highly customizable application; can be modified as needed and push to

handsets in real-time

� Based on OMA and Web standards - xHTML, CSS, JavaScript


Some Challenges

• SIM Card Applications still a niche, controlled by

operators

� But if you have the relationships, it is a good niche ($)

• Applet development is not trivial with few experts

� This can translate to opportunities for you!

• Smartcard Web Server requires new generation SIM

cards

� Thus conversion process will make adoption slow & expensive

� Expect emerging markets adopting first


Gemalto Toolkit & UpTeq Multimedia SIM Card

Download from: http://developer.gemalto.com/

See http://www.gemalto.com/telecom/upteq/multimedia.html

Toolkit

Smartcard Web Server


Resources

• Gemalto Developer Website

• Sun Java Card Website

• SIMalliance Website

• Smart Card Alliance Website

• SIM Card Protocols Paper by Mobile Forensics

• Mobile Forensics Blog

• Introduction to Java Card Technology, part 1 by C.

Enrique Ortiz

• Article Java Card 3: Classic Functionality Gets a

Connectivity Boost by Peter Allenbach