Skip to main content
SpringerLink
Log in

OTA and Secure SIM Lifecycle Management

  • Chapter
  • First Online:
Smart Cards, Tokens, Security and Applications

  • 2048 Accesses

Abstract

In the GSM mobile communication industry, the end-user is referred to as the subscriber and identified in the operator’s network using the Subscriber Identity Module (SIM) . In the third-generation network 3G, the equivalent application is called Universal Subscriber Identity Module (USIM ) card; although by convention we use SIM for both, unless a distinction is needed. A SIM card is a removable smart card for mobile phones. A mobile network operator is a telephone company that provides services for mobile phone subscribers. The SIM card is a managed platform, belonging to the operator’s network. It offers to store operator specific but also subscriber-related data. SIM cards are in use for a long time, compared to the handset and other entities in the network. Therefore, SIM card data—operator or subscriber dependent—changes over time and needs Over-the-Air (OTA) management. Customers cannot be asked to visit an operator shop for data management; Over-the-Air updates using the SMS as a bearer are the only possibility for mass updates. This implies certain security requirements which are specified in the 3GPP/ETSI standards. Also, the current bandwidth offered by SMS limits the range of possible adaptations and requires the mobile network operator to have a flexible Over-the-Air system, adapted to their needs. The Over-the-Air management is only one stage of the SIM life cycle. To be able to launch new services during the life cycle of a SIM card, the whole SIM life cycle has to be planned carefully. There exist systems that support the operator in knowing in real time the status of a SIM card in all phases of the SIM life cycle.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The examples mentioned are only a subset of the SIM capabilities and are valid for a SIM card. For a USIM card, some of the examples may differ from the SIM card. File names are referenced to the 3GPP TS 11.11 [1].

  2. 2.

    In this subchapter, only the SIM card is considered. For the USIM card exists a similar specification, called 3GPP TS 31.111 [2].

  3. 3.

    In this section, only the SIM card is considered. For the USIM card, there is a similar specification, called 3GPP TS 31.130 [5].

  4. 4.

    In this section, only the SIM card is considered. For the USIM card, there exists a similar specification, called 3GPP TS 23.048 “Security mechanisms for the SIM application toolkit ” [9].

References

  1. 3GPP TS 11.11 Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME) Interface. More information at http://www.3gpp.org/DynaReport/1111.htm, accessed August 2016.

  2. 3GPP TS 31.111 Universal Subscriber Identity Module (USIM) Application Toolkit (USAT). More information at http://www.3gpp.org/DynaReport/31111.htm, accessed August 2016.

  3. 3GPP TS 11.14 Specification of the SIM Application Toolkit (SAT) for the Subscriber Identity Module - Mobile Equipment (SIM-ME) interface. More information at http://www.3gpp.org/DynaReport/1114.htm, accessed August 2016.

  4. 3GPP TS 03.19 Subscriber Identity Module Application Programming Interface (SIM API) for Java Card. More information at http://www.3gpp.org/DynaReport/0319.htm, accessed August 2016.

  5. 3GPP TS 31.130 (U)SIM Application Programming Interface (API); (U)SIM API for Java Card (TM). More information at http://www.3gpp.org/DynaReport/31130.htm, accessed August 2016.

  6. 3GPP TS 03.48 Security mechanisms for SIM application Toolkit; Stage 2. More information at http://www.3gpp.org/DynaReport/0348.htm, accessed August 2016.

  7. GlobalPlatform Card Specifications. More information at http://www.globalplatform.org/specificationscard.asp, accessed August 2016.

  8. 3GPP TS 31.103 Characteristics of the IP Multimedia Services Identity Module (ISIM) application. More information at http://www.3gpp.org/DynaReport/31103.htm, accessed August 2016.

  9. 3GPP TS 23.048 Security mechanisms for the (U)SIM application toolkit; Stage 2. More information at http://www.3gpp.org/DynaReport/23048.htm, accessed August 2016.

  10. ETSI TS 102 221 Smart Cards; UICC-Terminal interface; Physical and logical characteristics. More information at http://www.etsi.org/deliver/etsi_ts/102200_102299/102221/08.02.00_60/ts_102221v080200p.pdf, accessed August 2016.

  11. 3GPP TS 31.102 Characteristics of the Universal Subscriber Identity Module (USIM) application. More information at http://www.3gpp.org/DynaReport/31102.htm, accessed August 2016.

  12. 3GPP TS 51.011 Specification of the Subscriber Identity Module - Mobile Equipment (SIM-ME) interface. More information at http://www.3gpp.org/DynaReport/51011.htm, accessed August 2016.

  13. ETSI TS 102 241 Smart Cards; UICC Application Programming Interface (UICC API) for Java Card (TM). More information at http://www.etsi.org/deliver/etsi_ts/102200_102299/102241/09.01.00_60/ts_102241v090100p.pdf, accessed August 2016.

  14. ETSI TS 102 124 Smart Cards; Transport Protocol for UICC based applications; Stage 1. More information at http://www.etsi.org/deliver/etsi_ts/102100_102199/102124/06.01.00_60/ts_102124v060100p.pdf, accessed August 2016.

  15. ETSI TS 102 127 Smart Cards; Transport Protocol for CAT applications; Stage 2. More information at http://www.etsi.org/deliver/etsi_ts/102100_102199/102127/06.06.00_60/ts_102127v060600p.pdf, accessed August 2016.

  16. Smart Card Web Server: How to bring operators applications and services to the mass market, SIMAlliance, http://simalliance.org/wp-content/uploads/2015/03/WP_SIMallianceSCWS_Feb09_Final.pdf, accessed August 2016.

  17. Smart Card Web Server Stepping Stones, OMA, SIMAlliance, http://simalliance.org/wp-content/uploads/2015/03/SCWS_SteppingStones_2009_v1.0.01.pdf, accessed August 2016.

  18. OMA Smart Card Web Server, Version 1.2, http://technical.openmobilealliance.org/Technical/technical-information/release-program/current-releases/smartcard-web-server-v1-2, accessed August 2016.

  19. Interoperability Stepping Stones Release 7, SIMAlliance, http://simalliance.org/wp-content/uploads/2015/06/SteppingStones_R7_v100.pdf, accessed August 2016.

  20. Remote Provisioning Architecture for Embedded UICC Technical Specification, Version 3.1, 27 May 2016, http://www.gsma.com/connectedliving/wp-content/uploads/2016/07/SGP.02_v3.1.pdf, accessed August 2016.

Download references

Author information

Authors and Affiliations

  1. iQuest Schweiz AG, Frankfurt am Main, Germany

    Joos Cadonau

  2. Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK

    Danushka Jayasinghe & Sheila Cobourne

Authors
  1. Joos Cadonau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Danushka Jayasinghe
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sheila Cobourne
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Danushka Jayasinghe .

Editor information

Editors and Affiliations

  1. Director of the Information Security Group, Head of the School of Mathematics and Information Security, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Keith Mayes

  2. Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Konstantinos Markantonakis

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Cadonau, J., Jayasinghe, D., Cobourne, S. (2017). OTA and Secure SIM Lifecycle Management. In: Mayes, K., Markantonakis, K. (eds) Smart Cards, Tokens, Security and Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-50500-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-50500-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-50498-8

  • Online ISBN: 978-3-319-50500-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation