Understanding Telecom SIM and USIM/ISIM for LTE

Understanding Telecom SIM
and USIM for LTE
By
Ikwe Gideon
gideon.ikwe@datahouseconsulting.com
Telecom Revenue Assurance Expert
1

What is a SIM Card?
• SIM or Subscriber Identification Module is a smart card
that is included in every cell phone of the GSM family of
networks
A fully fledge microcomputer with an OS
• UICC stands for Universal Integrated Circuit Cardisa
new generation SIM
Source:3, Java Card 3: Classic Functionality Gets a Connectivity Boost
Ikwe Gideon
Revenue Assurance

More on SIM and SIM Cards
• SIM cards hold subscriber information and memory,for
example for personal directory of numbers
SIM identifies a subscriber via unique International Mobile
Subscriber Identity(IMSI)
>The first 3 digits represent the Mobile Country Code (MCC)
>The next 2 digits represent the Mobile Network Code(MNC)
>The next 10 digits represent the mobile station identification number
• SIM is the application that runs on a SIM Card
SIM is to GSM, what USIM is to UMTS & RUIM/CSIM is to
CDMA
• Today most SIM cards are based on Java Card
Ikwe Gideon
Revenue Assurance

SIM and Smartcard Standards
Source: Gemalto
•ETSI -- Specifications in blue
•3GPP -- Specifications in green and red
Standardsfor:
•Toolkit
•File&Auth
•APIs
•OTA
•Smartcards
ISO/IEC 14443 is the international standard for
contactless smart chips and cards that operate
(i.e., can be read from or written to) at a
distance of less than 10 centimeters (4 inches).
This standard operates at 13.56 MHz and
includes specifications for the physical
characteristics, radio frequency power and
signal interface, initialization and anti-collision
protocols and transmission protocol.
ISO/IEC 7816 is the international standard for
contact smart cards. ISO/IEC 7816 Parts 4 and
above are used bybothcontact and contactless
smart card applications for security operations
and commands for interchange.
Source: Smart Card Alliance
Java Card (classic or 3.0) Applets are built using Java and run in a JCRE
Ikwe Gideon
Revenue Assurance

Next Generation SIM Cards
• Next gen SIMCards integrate with new functionality…
• Mobile Near Field Communication (NFC)
• More advanced Applications
Address book,calendar back-up, messaging, teleconferencing
And file transfers, banking and access control,Web!
• Smart Card Web Server
Web apps running right on SIM Cards! And TCP stacks
• High-capacity SIMcards
More and more memory/capacity
• Multi-Media support (in conjunction w/ browser)
Ikwe Gideon
Revenue Assurance

Overview: Programming SIM Cards
• SIMToolkit
A SIM Toolkit is a data management application(applet) for SIM
cards, part of which is resident inthe SIM card
•Icon, application, settingsandhelp management
•User(simple menus), mobile, networkandcardinteractions
Source: Gemalto
Toolkit
“conversation”
between phone
and Smartcard
Ikwe Gideon
Revenue Assurance

Command APDU Structure
SIM / Smart Card Application Communication
Application Communication Architecture
ResponseAPDU Structure
Ikwe Gideon
Revenue Assurance

Classical Java Card Development
Source: Introductionto Java Card Technology by C. Enrique Ortiz
IDEscan
simplify
thesesteps!
Ikwe Gideon
Revenue Assurance

Java Card 3.0
• Extends(and simplifies) the programming model
• Classic Applets (Java Card 2 limitations apply for these
applications)
Communication using APDU protocol
Backward compatibility
• Extended Applets
Communicationusing APDU protocol
Similar to Classic Applets, and can use all the new APIs, like
Threads, Strings, and GCF(Generic Connection Framework)
• Web Enabled!
Based on Servlet2.4API
Communication using standard HTTP/HTTPS protocol
HTML, JavaScript, etc. (much richer Uis than prior)
Ikwe Gideon
Revenue Assurance

Java Card 3 Architecture
•All datatypes exceptfloat and double
•Multiple threads
•Directhandlingof class files, withall loading and linking oncard
•All newJava language syntaxconstructs (enums, generics, …)
•Automatic garbage collection
Source -- Java Card 3: ClassicFunctionality Gets a Connectivity Boost by PeterAllenbach
NEW! •Extensive APIsupport(java.lang, java.util, GCF, andsoon)
Ikwe Gideon
Revenue Assurance

Smartcard Web Server
• VeryexcitingandpowerfulSIMcardevolutioninmyopinion!
Ittookmore than10yearsbutwe finallyhaveit!Verypowerful.
• Leveragesthe browseralreadypresentinthe handset to runlocal
webapplicationspreloadedinto the SIM
• Localweb-basedapplicationsare securelystoredinthe SIMcard
andcanbeupdatedremotely
• ServletsframeworkonSIMCards!
Potential Apps:
•RichSIMcardapps
•On-DeviceSelf-Service
•ApplicationManagement
•MobilePayments
Bestofbothworlds
MobileSIM+Web
Source: Gemalto
Source: Gemalto
Ikwe Gideon
Revenue Assurance

Benefits of Smartcard Web Server
• Rich UI and Advanced Capabilities
Accesstolocation,SMS,serversontheweb,securelocal-storage,
personalizedexperience
Call-interceptstoperformactionson-device,forexample help
troubleshootissuesbefore callingthesupportrepresentative
• Manageable
Secure,remoteapplicationmanagement
• SIM-card based /On-Device
WorksConnectedandDisconnected
Secureconnectionsandenvironment
Usesnowirelessresourceswhendoingon-devicewebapps
Accesstoinformationsuchaslocationthatcanhelppersonalizethe
experience
• Easy todeploy
Highlycustomizableapplication;canbemodifiedasneededandpushto
handsetsinreal-time
BasedonOMAandWebstandards-xHTML,CSS,JavaScript
Ikwe Gideon
Revenue Assurance

Some Challenges
• SIMCard Applicationsstill a niche,controlled by
operators
Butif you have the relationships, it isagoodniche ($)
• Applet development isnot trivial with few experts
Thiscantranslate to opportunitiesforyou!
• Smartcard Web Server requiresnew generation SIM
cards
Thusconversionprocesswillmake adoptionslow&expensive
Expectemergingmarketsadopting first
Ikwe Gideon
Revenue Assurance

Gemalto Toolkit & UpTeq Multimedia SIM Card
Download from: http://developer.gemalto.com/
See http://www.gemalto.com/telecom/upteq/multimedia.html
Toolkit
SmartcardWebServer
Ikwe Gideon
Revenue Assurance

Types of cards
ICC UICC
SIM-- Single IMSI USIM
Dual IMSI CSIM
ISIM
RUIM-- “Single”--CDMA RUIM
“Combo”--CDMA+GSM SIM
Ikwe Gideon
Revenue Assurance

SIM
 Subscriber Identity Module
 SIM-- Single IMSI
Dual IMSI (Multiple Subscription, Useful for Business needs)
 Polarization Mark, Chipset Mark (ID)
 SIM card was made in 1991 by Giesecke & Devrien (Munich) to Finnish wireless
network operator Radiolinja
Size: 32K,64K and 128K.
Ikwe Gideon
Revenue Assurance

ICCID
• Integrated circuit card identifier (ICC-ID)
• Each SIM is internationally identified by its ICC-ID.
• ICC-IDs are stored in the SIM cards and are also engraved or printed on the SIM card
body during a process called personalization.
• The ICC-ID is defined by the ITU-T recommendation E.118.
• A 19 digits long including a single check digit calculated using the Luhn algorithm.
• Eg:
• 89 91 15 100 000000011 8
• Tele CC MNC Vendor S.No Checksum
Ikwe Gideon
Revenue Assurance

IMSI
• International Mobile Subscriber Identity
• Unique Value across all the operators through out the globe
• 15- digit number
• Indicates the Home Network of the Subscriber
• All the Subscription details will be saved in the HLR against IMSI
Ikwe Gideon
Revenue Assurance

Types
• Native(old) and Java (For Changing the card Parameters via OTA)
• ID-1: 85.60 mm × 53.98 mm x 0.76 mm
• Permanently fit in End device
• Plug-in
Width: 25mm, Height: 15mm.
• Dual IMSI:
SIM having Multiple Profiles
• Proactive: SIM which can Initiate commands to the ME.
• Use: Sending IMEI or ESN to the network.
Ikwe Gideon
Revenue Assurance

SIM Profile Definition
• One of the first steps the network operator takes when procuring SIM
cards is to develop a SIM profile. This is normally done with the help
of the SIM supplier. There are two ways this task can be
accomplished. First, the network operator can obtain a copy of the
GSM 11.11 or 3GPP 51.011 standard (see Appendix C), review each
SIM file to determine if it is a required or optional file and decide on
the content of each file (this is called “mapping”).
• Alternatively, the network operator can use a template provided by
the SIM supplier. Each of the major SIM suppliers has a template.
Using the template is a simpler and more efficient method of
establishing the SIM profile.
• In setting up the mapping, the network operator will also need to take
into account security policy, OTA procedures and SIM Toolkit
requirements

SIM Card Mapping
File Structure
• When establishing SIM mapping, the network operator must decide which
files will be utilized on the SIM as well as the content of each mandatory and
optional file. The content of the files can impact the decision of which size
SIM card the network operator requires (8k, 16k, 32k, 64k, 128k, etc.).
List of Files
• The SIM mapping goal is to determine all of the files – Master files (MF),
Dedicated Files (DF) and Elementary Files (EF) – that should be present on the
SIM after personalization. A list and description of the standardized SIM files
can be found in GSM 11.11 and/or 3GPP 51.011.
• The SIM card can be compared to a PC in the file structure set up. The Master
Files are like the core software files. The Dedicated Files are like file
directories. The Elementary Files are the actual documents or files that hold
data. In most SIM reader equipment (provided by SIM manufacturers), the
software displays these files much in the same manner that Windows
Explorer displays the contents of a PC hard drive. The SIM file structure is
illustrated in
Ikwe Gideon
Revenue Assurance

Memory Architecture
 Flexible Architecture
 Similar to all the types of cards
 ‘3F': Master File;
 ‘7F': 1st level Dedicated File;
 '5F': 2nd level Dedicated File;
 '2F': Elementary File under the Master File;
 6F': Elementary File under a 1st level Dedicated File;
 '4F': Elementary File under 2nd level Dedicated File.
Ikwe Gideon
Revenue Assurance

File Characteristics
• The file characteristics that must be defined include:
• File size
• Number of bytes for transparent file
• Number of records and record size (for record type files only)
• File access conditions
• Basic access conditions (e.g. for read, update, increase commands)
• OTA access conditions (for OTA operations)

File Content
• Once created, SIM files can be empty, filled, or (in some cases) updated during the
SIM’s lifetime. To complete the SIM personalization process, the network operator
needs to designate the content of each SIM file by either specifying the content or
electing to use default values.
Default Values
• Some files have default values or are of undefined content. GSM 11.11 and/or 3GPP
51.011 provide a detailed list of suggested values.
Operator Defined
• Some file content and file attributes are defined by the network operator. To enable
the SIM manufacturer to complete the SIM personalization process, the network
operator should provide information on the following:
• Security Rules
• Services
• Common PCS Handset Specification (CPHS) services and Customer Service Profile
• Over the Air (OTA) Features
• SIM Toolkit Features

Permanent Vs Dynamic SIM Card Data
Permanent Dynamic
 SIM card type
 IC card identification - serial number of
card
 SIM service table - list of services
subscribed to
 IMSI
 CHV1( PIN1) and CHV2 (PIN2)
 PUK - Pin unblocking key
 Authentication key Ki and A3, A5, and
A8 algorithms
 ADM keys
 Location Information
 TMSI, LAI, LA update timer (t3212),
 Ciphering key Kc and sequence number
 BCCH information (ARFCN,MCC and
MNC)
 List of carrier frequencies for cell
selection during handover and call setup
 List of blocked PLMNs (FPLMNs)
 HPLMN search timer

USIM Vs SIM
USIM SIM
 UMTS-SIM
 Universal Subscriber Identity Module
 Global Phone Book & Hidden Phone
Book (Bank account no's)
 APN settings can be written directly on
to the card
 MMS can be stored on to the card
 Extended Phone book (256K)
 Backward compatible with 2G-GSM
technology
 Operator Logo can be stored on the card
 More secured: Milenage and kausami
Alog’s
 GSM-SIM
 Subscriber Identity Module
 Global Phone Book
 NA
 NA
 Limited Phone book (32K or 64K)
compatible with 3G also
 Can’t store Images
 A5, A3 and A8 algo’s are not very
secured

UICC
 Universal Integrated card
 A single card on which all applications can be placed (USIM,CSIM,RUIM and
SIM)
 3G, 3G+ card

UICC Vs ICC
UICC ICC
 Universal ICC
 Can have multiple Applications of
Similar Kind
 Can have 2 USIMs/SIMs
 A single card: USIM+ISIM+CSIM+SIM etc
 Used for 2G, 3G and 3G+ techs

 Integrated Circuit Card
 Single profile of similar kind
 Single Application (USIM or IM
 SIM or RUIM or USIM
 Used for 2G and 3G only

CSIM Vs RUIM
CSIM RUIM
 3G, 3G+ Application
 runs on UICC

 2G and 3G
 runs on ICC and UICC


STK and DSTK
1) STK: SIM Tool Kit
Request can be answered through SMSC Gateway
2) DSTK: Dynamic SIM Tool Kit
Request can be answered through SMSC Gateway
WIB PULL
WIB Push
Updating Parameters OTA
Sending GPRS settings.

SIM Rollout – Key Considerations
•SIM Profile
•Test Cards
•Data Handling
•Graphics & Numbering
•Activation Scenarios
38

SIM Card Rollout
• Who needs to be involved?
• SIM Card Product Manager
• Engineering
• IT
• Marketing and Sales
• Customer Care
• Billing
• Finance
39

Algorithm Selection
*
• Most operators use one of the GSM Association algorithms called:
• Comp 128-1, Comp 128-2, Comp 128-3, Milenage and kausami Alog’s
• Test/production SIMs:
• Complete the GSMA GSM MoU document
• Send manufacturer the authorization documents from GSMA
• Send Manufacturer a numbered copy of the algorithm
40

SIM Card Profile
• Approximately 70 Files on a SIM
• Files require definitions
• Network Requirements e.g.
• Mobile Country Code / Mobile Network Code
• International Mobile Subscriber Identity (IMSI)
• Integrated Circuit Card Identification (ICCID)
• Short Message Service Parameters
• Marketing Requirements e.g.
• Number of Abbreviated Dialing Numbers (Phonebook)
• Number of Short Messages
• Service Dialling Numbers (Customer Care Numbers)
• Mailbox Number
• Business Requirements
• Roaming Partner List
• PIN Handling
41

Test Cards
• Test profile before committing to commercial shipments
• Required data:
• Mobile Country Code / Mobile Network Code
• IMSI (International Mobile Subscriber Identity)
• Algorithm (Comp 128, proprietary or XOR)
• SMSC Parameters
• Advanced Requirements
• Telecom Files (for subscriber data)
• GSM Files (Network-specific files)
• Browser Files (WIB, SAT, etc)
42

Data Exchange
43
Header= Basic Order Info
Input Variables =
Starting Serial Number
& Starting IMSI Ranges
Output File Info

Data Handling - Encryption
• There are two types of security to be concerned with:
•
 Securing the Ki
• Encrypting the Ki vs. clear text
 Securing the Output File
• Safe handling of output file
• Physical transfer - mail/courier/fax
• “Soft” transfer - floppy disk/cd-rom/email
• 3 DES (156 Bit Strong Encryption)
44

Data Handling - Encryption
• PGP Usage Example
• Go to web and download PGP version
• Install onto your PC
• Create Public and Private Keys
• Send Public Key to recipient for data encryption
• Receive file and open with PGP
• Enter your pass phrase and file will deciphered
• Load data into network (billing system, switch, AUC)
45

Design Considerations - Artwork
• Designing your cards
• Card Dimensions
• 85.6mm by 54mm (add 3mm trim margin to each side for bleed)
• Supported Artwork File Types
• Resolution = 300 dpi at 100% scaling
• Proof
• 2-3 weeks after artwork receipt
• Card delivery 4-6 weeks after proof approval*
46

Card Design- Graphics
47
85.6 mm
54 mm
27 mm
17 mm
5.25mm
Front Side
In case of a bleed border, please
add 3mm trim margin to each side

Card Design - Graphics
48
85.6 mm
54 mm
27 mm
17 mm
5.25mm
Back Side
In case of a bleed border, please
add 3mm trim margin to each side

Packaging & Logistics
• SIM Cards:
• have value
• are small in size
• are sequential
• Part of Branding campaign
• Labeling (Description, Starting & Ending ICCID, Batch #, other relevant
information)
49

Over-the-AIR SIM Services
• The ability to send commands to the SIM via GSM SMS or other
bearer services:
• To add or delete SIM files
• To add, change or delete SIM file data
• To add, change or delete SIM applications
• To activate or deactivate SIM applications
• To query for SIM data
50

Typical OTA Architecture
51
GUI
SMPP
or
?
API
CC/TS
OTA
HLR/AuC MSC
BSSCC Sys
Prov Sys
SMS-C
SIMSIMSIMSIM
Admin
MS

Typical OTA Platform Features
• Support for multiple SIM vendors
• GSM 03.48 / 23.048 specification
• SIM Libraries
• Support of GSM 03.48 / 23.048 Security Mechanisms
• OTA Security keys
• Counters
• Checksums/signatures
• Modular Functionality
• SIM File Management
• Campaign Management
• Application Management
• Point of Sale
• Internet Gateway
• WAP Gateway
52

OTA Platform Provisioning
• Build SIM database
• IccID, IMSI, OTA Keys, SIM Profile
• Data from the SIM Manufacturer’s Data Output File
• Typically done at the same time HLR / AuC are preloaded
• Build subscriber data base
• Map or add customer data such as MSISDN and other relevant data
• Typically done when the account is established
• Activate subscriber
• Following activation of network elements (HLR)
• Send OTA update of relevant files
(MSISDN, VMX, SMS-C, etc.)
53

OTA Security
•OTA can be very secure (03.48 / 23.048)
• Strong algorithms – DES/TDES
• Replay and Sequence Counter
• Redundancy Check
• Cryptographic Checksum
• Digital Signature
• Proof of Receipt
•Requires secure transfer of OTA keys
• Use secure data exchange with SIM Manufacturer
• Use encryption to further protect OTA key (as is done with
Ki value)
54

Common Value Added Services
•Banking and finance
• Balance, Bill Payment, Purchases
•Information on Demand
• News, Stocks, Sports, Weather
•Chat or IM
•Multimedia
•Location
• Dating, Advertising, Shopping
•Self Provisioning
• Automatic, User-Initiated
55

Key Points
• OTA is a trusted, secure method of managing SIM
• OTA services are widely deployed in GSM today
• There are implementation options to fit nearly every
operator’s environment
• Basic OTA services provide flexibility for operators
• More advanced OTA services can be added as business
grows
• OTA increases the effectiveness and flexibility of SIM based
applications
• OTA is a key to unlocking the opportunities of SIM based
value added services
56

Relevant Specifications
• GSM/3GPP specifications (SIM / USIM)
• 03.40 / 23.040 Point to Point SMS
• 03.48 / 23.048 Security Mechanisms (U)SIM Application Toolkit
• 11.11 / 51.011 (U)SIM – ME Interface
• 11.14 / 31.111 (U)SIM Application Toolkit
• SCP specifications (UICC)
• ETSI TS 102 124 Transport Protocol for UICC
• ETSI TS 102 224 Security Mechanisms for UICC
• ETSI TS 102 225 Secured Packet Structure for UICC
• ETSI TS 102 226 Remote APDU Structure for UICC
57

2G – 3 G Migration
• Operator Considerations
• New Radio Access Network
• New Services
• New SIM Cards
• New Multi-function devices
• Changes in OTA & Provisioning
59

3G Radio Access
• CDMA : Code Division Multiple Access
• a unique code is assigned to each user
• the call is locked by this code no one else can open it
• all users are on the same frequency band :
• this code allows to separate the users
60

UMTS Network
61
USIM W-CDMA
W-CDMA
Core Network
Circuit Switch
Packet Switch
new
newnew

62
UMTS Radio Access : Difference with GSM
BSC
BTS BTS
Base Transceiver Station
BSS
Base Station Sub-System
Base Station Controller
RNC
Node B
UTRAN
Universal Terrestrial Radio Access Network
Radio Network Controller
Node B
GSM UMTS

3G Services
63
4 Classes of services
Conversational class (voice, video telephony, video, gaming)
Streaming class (multimedia, video on demand, webcast)
Interactive class (web browsing, network gaming, database access)
Background class (email, SMS, downloading)
Quality of services (QoS)
data rates guarantee, delay variation
Data rates
up to 144 kbits/s satellite and rural outdoor
up to 384 kbits/s urban outdoor
up to 2048 kbits/s indoor and low range outdoor

3G Cards Features I
64
digital right management for
downloads
Copyright
• A new card platform for 3G applications (UICC)
– UICC : Universal Integrated Circuit Card
– Designed to store several applications
Telecom
ISIM
USIM
R-UIM
Security
PKI
WIM
Banking
EMV
E-Purse
Others...
Copyright
SIM
plastic roaming
multi subscription
Telecom
digital signature
end to end secure
communication
Security
project with Eurocard
Master Card Visa
standards
Banking

3G Cards Features II
•Logical Channels
• Possible to run several applications in parallel
65
• Secure Local Link
– 3G handsets support new bearers (Bluetooth, IrDA,
RS232, USB)
– 3G application can open and secure local channel
• ex : Using the mobile as a modem for a PC using
bluetooth link

UICC vs. USIM
• UICC is the Smart Card Platform
• Universal Integrated Circuit Card
• Physical & electrical characteristics
• File system
• Commands
• Access conditions, PIN system...
66
EP-SCP
• USIM is the UMTS Telecom Application
– Universal Subscriber Identity Module
– List of UMTS files
– Authentication process
– Phonebook...

USIM features
• Enhanced Security
• Mutual authentication ( Network User)
• New generation of Algorithms
• Integrity check on signalling data
67
• Advanced phonebook
– E-organizer format
– Easy to customize
– Synchronization ready (SIM/USIM)

USIM Security Features
• Authentication
• user by the network
• network by the user
68
• Confidentiality
– User identity (IMSI, Location, services)
– User voice & data
• Integrity
– signalling data

69
Key Agreement
After a successful authentication process
USIM and network shares a couple of computed keys
Integrity key (IK)
Ciphering key (CK)
K
RAND
f3
f4
will be used to perform an
integrity protection
of signalling data
will be used to cipher both
voice and data communications
f9
data
data
Integrity stamp
f8
data
data
Ciphered Data


3G/GSM Cards
3G/GSM cards
70
SIM+USIM in the same card
it’s a SIM card in a GSM mobile
it is a USIM card in a 3G mobile
fully compliant with 3G & GSM
standards
SIM USIM

3G/2G Interfaces
71
UMTS
SIM
USIM
SIM
USIM
2G
2G2G
3G
SIM
USIM 3G
GSM2G
3G
3G
2G/3G
3G

Activation of 2G and 3G Operation Mode
72
 ATR compliant with UICC standards is sent to the mobile
 Selection of SIM or USIM is implicitly done by the mobile
1st APDU command received in 3G format : USIM is activated
1st APDU command received in 2G format : SIM is activated
After the selection
if SIM is activated : 3G commands are rejected
if USIM is activated : 2G commands are rejected

2G / 3G File Mapping
73
 Some files are identical in GSM and 3G (EF ADN, EF SMS..)
 File sharing allows :
to better use the memory resource
UMTS and SIM subscription on a same card can use the same IMSI, secret
key (optional)
The mechanism is not standardized (proprietary)
 Shared files :
 may have different access condition
must be of the same type and of the same length

SIM/USIM File Sharing Mechanism
74
EF X1
11111111111
11111111111
EF X2
EF X3
100111001
100001010
EF Y1
00000000000
11111111111
EF Y2
EF Y3
100111001
100001010
00000000
100001010
SIM USIM
File Header
File Body
Link file
(without body)
mapped to EF Y3
Data File

OTA - Over the Air
75
release 99
03.48
GLOBAL SYSTEM FOR
MOBILE COMMUNICATIONS
R
release 6
31.116
31.115
USIM
& SIM
102.225
102.226
UICC
release 4 & 5
23.048

UICC File System
Titredudiagramme
DFEFEFDIR
MF
76
Titredudiagramme
EF
EF DF
DF EF
ADFUSIM
Titredudiagramme
EF
EF DF
DF EF
ADFPKI
Titredudiagramme
EF
EF DF
DF EF
ADFBank
Titredudiagramme
EF
EF DF
DF EF
ADFR-UIM
CDMA2000
dedicated to an application
contains the appli. file system
apart from the MF file system
only selected by its identifier AID
An ADF is :
EF DIR :
contains the list of the AID
• AID 1
• AID2
• AID3
• AID4
AID1 AID2
AID3
AID4

3G File Structure
• Each file has a 2 independent sets of Access Conditions :
• GSM access conditions (ex : Read :CHV1 Update: CHV2) for GSM mobile
• 3G access conditions (ex : Read :GPIN2 Update: GPIN1) for 3G mobile
77
Access Condition GSM
AC1 AC2 AC3 AC4
Access Condition 3G
EF ARR FID EF ARR Record #
File Header
File Body

3G OTA Mechanisms
78
GOP INTERPRETER Remote Applet management
GSM INTERPRETER
Remote File management at MF level
with 2G access conditions check
Titredudiagramme
DFEFEFDIR
MF
UICC INTERPRETER
Remote File management at MF level
Titredudiagramme
DFEFEFDIR
MF
USIM INTERPRETER
Remote File management at MF +ADF level
dedicated to 1 specific ADF
1 USIM instance per ADF !
USIM INTERPRETER
USIM INTERPRETER
Titredudiagramme
DFEFEFDIR
MF
Titredudiagramme
EF
EF DF
DF EF
ADFUSIM
4 applets !

23.048 formatted SMS
Titredudiagramme
EF
EF DF
DF EF
ADFUSIMPR0
79
OTA
length
OTA
header
length
security keys TAR3 counter padding OTA body
RC
CC
DS
TAR3 : AID USIM Pro
TAR 4 : AID USIM Perso
EF RFM
AID USIM Pro
1
3
USIM
Interpreter
“PRO”
USIM
Interpreter
Perso
TAR 3
TAR 4
2
EF RFM under MF
mapping between TAR
value of the USIM
interpreter with the AID of
the associated ADF

3G Phonebook Features
80
...
1st name 2sd name 3rd name...
home business mobile...
e-mail
groups
E-Organizer Format
Easily customizable
Synchronization ready
SIM/USIM, PDA, PC, OTA..

Phonebook in 3G Cards (1st Solution)
81
MFMF
DFDF DFDF EF
gsm Telecom
EF ADN DF
Phonebook
GLOBAL SYSTEM FOR
R
23.048
Sharing of
data possible
23.048
ADF
USIM
EF EFEFEF

Phonebook in 3G Cards (2nd Solution)
82
MFMF
DFDF DFDF EF
gsm Telecom
EF ADN
DF
PhonebookGLOBAL SYSTEM FOR
R
23.048
ADF
USIM
Sharing of data
impossible !

3G Phonebook Principle
83
names e-mails groups...fields
phonebook entry = set of fields
fields : spread out in specific files
Phone book reference file : EF PBR
defines the structure of the phone book

Data Exchange
Once the network operator and SIM supplier have developed a SIM profile, the next
consideration is the method of Data Exchange between the network operator and the SIM
supplier’s production site. Since there are several elements of sensitive information
(specification documents, source code, customer profiles, etc.) that must move back and forth, it
is recommended that secure e-mail or PKI smart cards be used for these data exchanges.
Data to be Exchanged
• The most common documents and data transferred between the SIM supplier’s production site
and the network operator are:
• Purchase Orders
• SIM profile
• SIM Toolkit Application Specification
• SIM card artwork
• Input Files (see sample Input File in Appendix A)
• Transport Keys (see below)
• Output Files (see sample Output File in Appendix A)
84

Data Exchange Details
Purchase Order
• For production to begin, each purchase order should contain at least the
following information:
• Issue Date and Expected Delivery Date
• Ship To and Bill To addresses
• Quantity of SIMs being ordered
• Type of SIM being ordered (8k, 16k, 32k, 64k, Java interoperable, etc.)
• Card Description (e.g., JAVA Interoperable, GAIT files, etc.)
• Price per SIM and Extended Price
• Graphic Profile (e.g., Graphic Profile #1234; Red Sunset; Mount Everest
picture, etc.)
• Electronic Profile (e.g., Electronic Profile #5678, 8k Profile, etc.)
85

SIM Profile
• The SIM supplier uses the SIM Profile document to set-up SIM personalization as part of the
SIM production process.
SIM Card Artwork
• The SIM Card Artwork is an image file that contains the graphics to be printed on the
production SIMs. The print design must provide the following information:
• Positioning reference
• Number of colors
• Presence of logos, etc.
• ICCID printing method and position
• After agreement on the specific format, the network operator should provide the SIM supplier
with the SIM artwork image file. Typically this image file is transported using high memory
media such as Zip Disk, CD, etc. Once the SIM artwork image file has been received from the
network operator, the SIM supplier creates a “proof” which is then sent to the network
operator for approval. Once approved, the image file should be assigned a unique name or
number, which can be associated with future purchase orders.
86

SIM Card Artwork
• The SIM Card Artwork is an image file that contains the graphics to be printed on the production SIMs.
The print design must provide the following information:
• Positioning reference
• Number of colors
• Presence of logos, etc.
• ICCID printing method and position
• After agreement on the specific format, the network operator should provide the SIM supplier with the
SIM artwork image file. Typically this image file is transported using high memory media such as Zip
Disk, CD, etc. Once the SIM artwork image file has been received from the network operator, the SIM
supplier creates a “proof” which is then sent to the network operator for approval. Once approved, the
image file should be assigned a unique name or number, which can be associated with future purchase
orders.
87

Input File
• To produce SIM cards, the SIM supplier needs Input Files from the network operator indicating all the
data to be generated during personalization. Typically, the Input Files are broken into batches of
approximately 5,000 cards. Input Files contain information that automates SIM production and
minimizes the need for human involvement in the production environment. Therefore, Input File
information must be sufficient to uniquely identify the different possible versions of the product to be
delivered. Some network operators will have more than one Electronic Profile and more than one
Graphic Profile. As a result, unique identity is critical.
• Although many network operators use a similar Input File format, some network operators have specific
requirements. Thus, the SIM supplier and network operator need to agree on the format, and each
Input File must strictly comply with the specification.
• Any secure medium can be used to communicate Input Files to the SIM supplier. Typically used are
floppy disks, CDs, and secure e-mails to transfer Input Files from the network operator to the SIM
supplier.
• The SIM supplier and network operator must also agree on the method for generating “variable data”
(e.g. Ki, secret codes, etc). These data can be generated by either using a random generator or by using
Root Card to diversify a master key with the card serial number of the target SIM.
• NOTE: When using the Root Card method, it is possible to avoid transmitting sensitive data. Only the
diversifying value is returned in the personalization report file, and there is no need for encryption.
88

Transport Key
• The use of encryption algorithms is recommended when exchanging sensitive data such as the Ki and
OTA keys between the SIM manufacturer and operator.
• Typically a strong public algorithm such as DES is used. The key(s) used for this protection is(are) called
the Transport Key (or sometimes the K4). The algorithm and key values are used by the SIM
manufacturer’s production systems to encrypt the sensitive data, and by the network operator’s
Authentication Center and OTA platform to decrypt the sensitive data.
• This key is referenced in the Input File so that the personalization system knows what key to use to
encrypt the sensitive data of the Output File.
• Most AuC’s support up to 256 key sets to ensure the ability to utilize unique key sets between SIM
providers and between SIM order batches.
• The network operator should document procedures to define and securely retain the key values while
securely disseminating the Transport Key(s) to the SIM, AuC and OTA Platform supplier(s), in a secure
way before card personalization begins.
89

Output File
• Operational parameters such as Ki, CHV1, CHV2, PUK and PUK2 are generated during the
personalization process.
• The generated data must then be communicated by the SIM supplier to the network operator to enable
storage of appropriate information in the AuC/HLR.
• The medium of communication is usually floppy disk or secure e-mail. The information is then
associated with the corresponding ICCID and IMSI of each SIM (previously received via Input Files).
These elements then become part of the Output File.
• The format of the Output File follows that of the corresponding Input File. Data contained in the Output
File can be encrypted depending on customer requirements.
• If encrypted, the entire file can be encrypted (confidentiality) and signed (integrity and authentication
of origin).
90

SIM Testing
• Mobile network operators are well advised to implement some sort of SIM card testing program. This
should include qualification testing to validate the SIM profile and catch errors and omissions prior to
full scale production, as well as some form of acceptance testing to ensure that subscribers receive fully
functional cards.
Qualification Testing
• The purpose of qualification testing in general is to validate the design of a system or component prior
to production. A well-known quasi-exponential relationship exists between the cost of fixing a design
defect vs. the phase in the program life cycle in which it was detected. This is sometimes referred to as
the 1-10-100 rule; a defect caught in the design phase of a program costs (hypothetically) $1 to fix,
whereas it costs $10 to fix if caught in the production phase, and $100 after the item is deployed.
• SIM card manufacturers employ their own forms of qualification testing to ensure, for example, that
their cards meet the physical, electrical, and logical requirements of the ISO standards. Network
operators need not replicate these tests, but may want or need to review a summary of the data. On
the other hand, operators do need to implement their own form of qualification testing (typically on a
small batch of test cards supplied by the SIM vendor) to ensure that:
• The SIM profile is complete and as expected
• The data fields contain the correct values
• The card interoperates correctly with the handset(s) and network
91

SIM Testing (GSMA)
Test Equipment
• Qualification testing can be performed either by the operator or by an independent third party. In
either case, the test facility must have the following basic equipment:
Test Set
• The test set consists of some form of ME simulator, consisting of hardware and software that can:
• Communicate via the ISO protocols
• Generate all command APDUs and receive and process all responses
• Provide all appropriate physical connections to the SIM, including a voltages, a clock signal, and an
input/output connection.
• Several commercially available SIM card test sets exist which incorporate SIM card readers, automated
testing software, and a graphic interface that facilitates easy examination of file structure and contents.
Test Cards
• The SIM vendor should be asked to supply a quantity of test cards (typically less than 10) for
qualification test purposes. These should have test IMSIs and Ki’s. Depending on the agreement with
the SIM vendor, these may be provided with final front and back artwork for inspection and acceptance
by the operator.
Handsets
• The test suite should include production model handsets for testing interoperability with the SIM card.
Ideally, it would be preferable to test the SIM in all handsets that the subscriber might conceivably use,
however this is impractical. The operator should therefore select a representative subset of the most
likely handsets the subscriber might use.
Network Infrastructure
• It is important to test operation of the SIM and handset within the context of the operator’s actual
network. The test facility should therefore be located in an area with good RF coverage and should have
access to the operator’s OTA platform. 92

Contents
 Abbreviations
 Types of Cards
 SIM Card Memory Architecture
 SIM Card File Structure
 RUM- Classifications
 NV Vs RUIM
 PRL
 USIM
 UICC Vs ICC

Abbreviations
 SIM: Subscriber Identity Module
 USIM: Universal Subscriber Identity Module
 RUIM: Removable User Identity Module
 ICC: Integrated Circuit Card
 UICC: Universal Integrated Circuit Card
 OMH: Open Mobile Handset
 ISIM: IMS SIM
 NV : Non Volatile
 PRL: Preferred Roaming List
 GSM: Global System for Mobile Communications
 UMTS: Universal Mobile Telecommunications
 CDMA: Code Division Multiple Access
 IMS: IP Multimedia Subsystem

95
Ikwe Gideon
gideon.ikwe@datahouseconsulting.com
Telecom Revenue Assurance Expert
Thanks

Understanding Telecom SIM and USIM/ISIM for LTE

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Understanding Telecom SIM and USIM/ISIM for LTE

Similar to Understanding Telecom SIM and USIM/ISIM for LTE (20)

Recently uploaded

Recently uploaded (20)

Understanding Telecom SIM and USIM/ISIM for LTE