sim cards overview
TRANSCRIPT
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
SIM Cards OverviewC. Enrique Ortiz | August 2009
http://weblog.cenriqueortiz.com
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
What is a SIM Card?
• SIM or Subscriber Identification Module is a smart card
that is included in every cell phone of the GSM family of
networks
� 6 or 8-pin flat connector embedded on the top of the card
� A fully fledge microcomputer with an OS
• UICC stands for Universal Integrated Circuit Card is a
new generation SIM
Source:3, Java Card 3: Classic Functionality Gets a Connectivity Boost
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
More on SIM and SIM Cards
• SIM cards hold subscriber information and memory, for
example for personal directory of numbers
� SIM identifies a subscriber via unique International Mobile Subscriber Identity (IMSI)
>The first 3 digits represent the Mobile Country Code (MCC)
>The next 2 digits represent the Mobile Network Code (MNC)
>The next 10 digits represent the mobile station identification number
• SIM is the application that runs on a SIM Card
� SIM is to GSM, what USIM is to UMTS & RUIM/CSIM is to CDMA
• Today most SIM cards are based on Java Card
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
SIM and Smartcard Standards
•ETSI -- Specifications in blue•3GPP -- Specifications in green and red
Source: Gemalto
Standards for:
•Toolkit
•File & Auth
•APIs
•OTA
•Smartcards
ISO/IEC 14443 is the international standard for contactless smart chips and cards that operate
(i.e., can be read from or written to) at a
distance of less than 10 centimeters (4 inches).
This standard operates at 13.56 MHz and
includes specifications for the physical characteristics, radio frequency power and
signal interface, initialization and anti-collision
protocols and transmission protocol.
ISO/IEC 7816 is the international standard for contact smart cards. ISO/IEC 7816 Parts 4 and
above are used by both contact and contactless
smart card applications for security operations
and commands for interchange.
Source: Smart Card Alliance
Java Card (classic or 3.0) Applets are built using Java and run in a JCRE
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Industry: Interesting Numbers for 2008
• Global SIM card shipments exceeded 2.9 billion units
during 2008
� Strong demand from the emerging markets of India, China, Asia Pacific and Latin America contributing to a 29 per cent
increase on shipments over the previous year
• On average, memory size increased by 11 per cent on
2007 figures
• Number of cards shipped with a S@T (SIMalliance
Toolkit) browser had a growth rate of 22 per cent
• 3G enabled SIM cards represented 14 per cent of total
shipments in 2008
Source:SIMalliance
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Next Generation SIM Cards
• Next gen SIM Cards integrate with new functionality…
• Mobile Near Field Communication (NFC)
• More advanced Applications
� Address book, calendar back-up, messaging, teleconferencing
and file transfers, banking and access control, Web!
• Smart Card Web Server
� Web apps running right on SIM Cards! And TCP stacks
• High-capacity SIM cards
� More and more memory/capacity
• Multi-Media support (in conjunction w/ browser)
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Overview: Programming SIM Cards
• SIM Toolkit
A SIM Toolkit is a data management application (applet) for SIM cards, part of which is resident in the SIM card
•Icon, application, settings and help management
•User (simple menus), mobile, network and card interactions
Source: Gemalto
Toolkit “conversation”between phone and Smartcard
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Overview: Java Card Classic
import javacard.framework.*
...
public class MyApplet extends Applet {
// Definitions of APDU-related instruction codes
...
MyApplet() {...} // Constructor
// Life-cycle methods
install() {...}
select() {...}
deselect() {...}
process() {...}
// Private methods
...
}
Source: Introduction to Java Card Technology by C. Enrique Ortiz
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
SIM / Smart Card Application Communication
Command APDU Structure
Response APDU Structure
Application Communication Architecture
Source: SIM Protocols by Mobile Forensics
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Classical Java Card Development
Source: Introduction to Java Card Technology by C. Enrique Ortiz
IDEs can
simplify
these steps!
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Java Card 3.0
• Extends (and simplifies) the programming model
• Classic Applets (Java Card 2 limitations apply for these applications) � Communication using APDU protocol
� Backward compatibility
• Extended Applets � Communication using APDU protocol
� Similar to Classic Applets, and can use all the new APIs, like Threads, Strings, and GCF (Generic Connection Framework)
• Web Enabled!� Based on Servlet 2.4 API
� Communication using standard HTTP/ HTTPS protocol
� HTML, JavaScript, etc. (much richer UIs than prior)
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Java Card 3 Architecture
•All data types except float and double
•Multiple threads
•Extensive API support (java.lang, java.util, GCF, and so on)
•Direct handling of class files, with all loading and linking on card
•All new Java language syntax constructs (enums, generics, …)
•Automatic garbage collection
Source -- Java Card 3: Classic Functionality Gets a Connectivity Boost by Peter Allenbach
NEW!
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Smartcard Web Server
• Very exciting and powerful SIM card evolution in my opinion!
� It took more than 10 years but we finally have it! Very powerful.
• Leverages the browser already present in the handset to run local
web applications preloaded into the SIM
• Local web-based applications are securely stored in the SIM card
and can be updated remotely
• Servlets framework on SIM Cards!
Potential Apps:•Rich SIM card apps•On-Device Self-Service•Application Management•Mobile Payments•Mobile NFC
Best of both worlds
Mobile SIM + Web
Source: Gemalto
Source: Gemalto
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Benefits of Smartcard Web Server
• Rich UI and Advanced Capabilities� Access to location, SMS, servers on the web, secure local-storage,
personalized experience
� Call-intercepts to perform actions on-device, for example help troubleshoot issues before calling the support representative
• Manageable� Secure, remote application management
• SIM-card based /On-Device� Works Connected and Disconnected
� Secure connections and environment
� Uses no wireless resources when doing on-device web apps
� Access to information such as location that can help personalize the experience
• Easy to deploy� Highly customizable application; can be modified as needed and push to
handsets in real-time
� Based on OMA and Web standards - xHTML, CSS, JavaScript
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Some Challenges
• SIM Card Applications still a niche, controlled by
operators
� But if you have the relationships, it is a good niche ($)
• Applet development is not trivial with few experts
� This can translate to opportunities for you!
• Smartcard Web Server requires new generation SIM
cards
� Thus conversion process will make adoption slow & expensive
� Expect emerging markets adopting first
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Gemalto Toolkit & UpTeq Multimedia SIM Card
Download from: http://developer.gemalto.com/
See http://www.gemalto.com/telecom/upteq/multimedia.html
Toolkit
Smartcard Web Server
© 2009 C. Enrique Ortiz – http://CEnriqueOrtiz.com
Resources
• Gemalto Developer Website
• Sun Java Card Website
• SIMalliance Website
• Smart Card Alliance Website
• SIM Card Protocols Paper by Mobile Forensics
• Mobile Forensics Blog
• Introduction to Java Card Technology, part 1 by C.
Enrique Ortiz
• Article Java Card 3: Classic Functionality Gets a
Connectivity Boost by Peter Allenbach