SIM Cards Overview

C. Enrique Ortiz | August 2009

http://weblog.cenriqueortiz.com

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

What is a SIM Card?

SIM or Subscriber Identification Module is a smart card

that is included in every cell phone of the GSM family of networks
6 or 8-pin flat connector embedded on the top of the card A fully fledge microcomputer with an OS

UICC stands for Universal Integrated Circuit Card is a

new generation SIM

Source:3, Java Card 3: Classic Functionality Gets a Connectivity Boost

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

More on SIM and SIM Cards

SIM cards hold subscriber information and memory, for

example for personal directory of numbers
SIM identifies a subscriber via unique International Mobile Subscriber Identity (IMSI)
> The first 3 digits represent the Mobile Country Code (MCC) > The next 2 digits represent the Mobile Network Code (MNC) > The next 10 digits represent the mobile station identification number

SIM is the application that runs on a SIM Card

SIM is to GSM, what USIM is to UMTS & RUIM/CSIM is to CDMA

Today most SIM cards are based on Java Card

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

SIM and Smartcard Standards

Standards for: Toolkit File & Auth APIs OTA Smartcards

ISO/IEC 14443 is the international standard for contactless smart chips and cards that operate (i.e., can be read from or written to) at a distance of less than 10 centimeters (4 inches). This standard operates at 13.56 MHz and includes specifications for the physical characteristics, radio frequency power and signal interface, initialization and anti-collision protocols and transmission protocol. ISO/IEC 7816 is the international standard for contact smart cards. ISO/IEC 7816 Parts 4 and above are used by both contact and contactless smart card applications for security operations and commands for interchange.
Source: Smart Card Alliance

Source: Gemalto

ETSI -- Specifications in blue 3GPP -- Specifications in green and red

Java Card (classic or 3.0) Applets are built using Java and run in a JCRE
2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Industry: Interesting Numbers for 2008

Global SIM card shipments exceeded 2.9 billion units

during 2008
Strong demand from the emerging markets of India, China, Asia Pacific and Latin America contributing to a 29 per cent increase on shipments over the previous year

On average, memory size increased by 11 per cent on

2007 figures Number of cards shipped with a S@T (SIMalliance Toolkit) browser had a growth rate of 22 per cent 3G enabled SIM cards represented 14 per cent of total shipments in 2008
Source:SIMalliance

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Next Generation SIM Cards

Next gen SIM Cards integrate with new functionality Mobile Near Field Communication (NFC) More advanced Applications
Address book, calendar back-up, messaging, teleconferencing and file transfers, banking and access control, Web!

Smart Card Web Server

Web apps running right on SIM Cards! And TCP stacks

High-capacity SIM cards

More and more memory/capacity

Multi-Media support (in conjunction w/ browser)

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Overview: Programming SIM Cards

SIM Toolkit
Toolkit conversation between phone and Smartcard
Source: Gemalto

A SIM Toolkit is a data management application (applet) for SIM cards, part of which is resident in the SIM card Icon, application, settings and help management User (simple menus), mobile, network and card interactions
2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Overview: Java Card Classic

import javacard.framework.* ... public class MyApplet extends Applet { // Definitions of APDU-related instruction codes ... MyApplet() {...} // Constructor // Life-cycle methods install() {...} select() {...} deselect() {...} process() {...} // Private methods ... }

Source: Introduction to Java Card Technology by C. Enrique Ortiz

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

SIM / Smart Card Application Communication

Application Communication Architecture

Response APDU Structure Command APDU Structure

Source: SIM Protocols by Mobile Forensics

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Classical Java Card Development

IDEs can simplify these steps!

Source: Introduction to Java Card Technology by C. Enrique Ortiz

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Java Card 3.0

Extends (and simplifies) the programming model Classic Applets (Java Card 2 limitations apply for these
applications)
Communication using APDU protocol Backward compatibility

Extended Applets
Communication using APDU protocol Similar to Classic Applets, and can use all the new APIs, like Threads, Strings, and GCF (Generic Connection Framework)

Web Enabled!
Based on Servlet 2.4 API Communication using standard HTTP/ HTTPS protocol HTML, JavaScript, etc. (much richer UIs than prior)
2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Java Card 3 Architecture

Source -- Java Card 3: Classic Functionality Gets a Connectivity Boost by Peter Allenbach

All data types except float and double Multiple threads NEW! Extensive API support (java.lang, java.util, GCF, and so on) Direct handling of class files, with all loading and linking on card All new Java language syntax constructs (enums, generics, ) Automatic garbage collection
2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Smartcard Web Server

Very exciting and powerful SIM card evolution in my opinion!
It took more than 10 years but we finally have it! Very powerful.

Leverages the browser already present in the handset to run local

web applications preloaded into the SIM Local web-based applications are securely stored in the SIM card and can be updated remotely Best of both worlds Servlets framework on SIM Cards! Mobile SIM + Web

Potential Apps:
Rich SIM card apps On-Device Self-Service Application Management Mobile Payments Mobile NFC

Source: Gemalto

Source: Gemalto

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Benefits of Smartcard Web Server

Rich UI and Advanced Capabilities

Access to location, SMS, servers on the web, secure local-storage, personalized experience Call-intercepts to perform actions on-device, for example help troubleshoot issues before calling the support representative

Manageable
Secure, remote application management

SIM-card based /On-Device

Works Connected and Disconnected Secure connections and environment Uses no wireless resources when doing on-device web apps Access to information such as location that can help personalize the experience

Easy to deploy
Highly customizable application; can be modified as needed and push to handsets in real-time Based on OMA and Web standards - xHTML, CSS, JavaScript
2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Some Challenges

SIM Card Applications still a niche, controlled by

operators
But if you have the relationships, it is a good niche ($)

Applet development is not trivial with few experts

This can translate to opportunities for you!

Smartcard Web Server requires new generation SIM

cards
Thus conversion process will make adoption slow & expensive Expect emerging markets adopting first

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Gemalto Toolkit & UpTeq Multimedia SIM Card

Toolkit

Download from: http://developer.gemalto.com/

See http://www.gemalto.com/telecom/upteq/multimedia.html

Smartcard Web Server

2009 C. Enrique Ortiz http://CEnriqueOrtiz.com

Resources

Gemalto Developer Website Sun Java Card Website SIMalliance Website Smart Card Alliance Website SIM Card Protocols Paper by Mobile Forensics Mobile Forensics Blog Introduction to Java Card Technology, part 1 by C.
Enrique Ortiz Article Java Card 3: Classic Functionality Gets a Connectivity Boost by Peter Allenbach
2009 C. Enrique Ortiz http://CEnriqueOrtiz.com