re: The SIM moves forward
>> SIMply the Best?
Ian Channing
Mobile Communications International
Issue 9, 01 September 2001
The SIM card has already moved on significantly from its original role as the security device in a mobile phone. Now, as mobile communications evolve towards more complex non-voice services and applications, the SIM card is also evolving to meet these new challenges.
It can be reasonably argued that the decision by the authors of the GSM specification to standardise a removable security device to be known as the Subscriber Identity Module (SIM) card played a key role in driving the GSM market to its present global level. The SIM card's original role was to provide authentication and security functions which ensured that only valid users were able to make and receive calls over valid networks.
Over time that role evolved and the card became a platform for storing user generated data such as phone numbers and personal preferences.
Then, as Philippe Vallee, vice president of marketing in the telecoms business unit of Gemplus, explains, the SIM card took a giant step forward with the introduction of the SIM ToolKit (STK). "The STK enables operators to install user interface menus in the card. These trigger incremental added value to the card and the handset. The STK establishes an interface between the card and the handset to enable the GSM operator to provide access to any partner who may wish to use the handset to provide services."
According to Xavier Chanay, vice president of mobile communications products at Schlumberger, more than 70 per cent of the cards shipped today support these value-added services. "Most of these applications are of the information-on-demand type, such as weather forecasting, stock prices and getting a balance from your bank. However, more and more you are seeing applications such as mobile payments, stock trading, and applications linked to financial transactions. Today the SIM card is doing more than security and authentication features on the network, more and more of them are supporting applications which are more or less complex but which are the starting point for non-voice services for the operators."
One of the problems which has inhibited the introduction of more value-added services has been the lack of interoperability between SIM cards from different suppliers. Historically, GSM operators have preferred to source their SIM cards from multiple suppliers and although the physical dimensions and basic functions of the card are all standardised, the way in which each of them supported value-added services has differed. This created major problems for operators as Schlumberger's Chanay explains.
"Until recently, when an operator wanted to deploy a new application, he had to have it developed for every different card he was planning to use. If they wanted to have two or three card suppliers they needed to have the application developed two or three times." As Chanay points out this process is both expensive and time consuming.
This problem was addressed earlier this year when the three biggest SIM card suppliers - Gemplus, Oberthur and Schlumberger - inked an interoperability agreement. The three companies, working with Sun Microsystems, agreed a standard implementation for the Java Card 2.1 technology on SIM cards.
This common standard based on a readily available open platform will ensure complete interoperability. "The 2.1 Java Card technology ensures that interoperability becomes a fact," comments Chanay. "This will enable operators to work on the development of an application only once and to have it run on the cards of all the vendors they want to work with. So time to market is going to be quicker, the cost of ownership for the application is going to decrease and that will enable operators to be much more proactive in the diversity and complexity of the applications that they will be able to deploy through the SIM card."
The original SIM card was an extremely basic device with an 8-bit processor and around 3kilobytes of memory. This was sufficient for simple security and authentication but patently, as the demands on the card grew, more processing power and memory became necessary. The specification of the SIM card is totally standardised, which puts a limit on the size of the silicon die which can be embedded in the card. Luckily Moore's Law works for smartcards as well, and currently the industry is seeing a doubling of the size of the chip memory every 18 months - a situation which will continue for the next five to six years according to Chanay. Already SIM cards with 64kilobytes of memory are being shipped and this will grow to 128kilobytes within the next year or so. These increases in memory size give hidden gains in addition to the obvious doubling of capacity says Chanay. "In today's 32k chip about half of the memory is used to store data, such as the network personalisation information, and subscriber-generated data, such as the phonebook. As a result there is only 16k left for applications. When we go to 64k the amount of stored data is not multiplied by two, in fact it will remain around the same size as it is today, the size of the phonebook for example is already enough. That means that the operator will be able to use 48k for applications instead of 16k. So, by doubling the size of the memory of the chips, we are able to offer three times more space for the applications. This is going to enable more complex applications to be utilised." The industry is also looking at new chip technologies. The technology used in the majority of SIM cards is EEPROM but a move to Flash EPROM is being considered which would give an additional boost to memory size.
In an environment of declining voice revenues it has become an article of faith amongst mobile operators that the answer to reversing this trend is through the introduction of value-added, non-voice services. The SIM card is effectively the only credible and secure way in which these new services can be delivered to the end user. Voice activation and keystroke entry are unreliable and cumbersome and, although services can be embedded in the terminal, this requires costly software development and is limited in application. The SIM card offers a high degree of security that is essential for applications such as mobile payment and m-commerce. Philippe Vallee sums up the role of the SIM card in the future mobile commerce environment.
"In the future installation of mobile commerce services the SIM card is seen as the de facto tool to manage user privacy, user integrity and user security in terms of transactions over the wireless networks. Most of the mobile commerce services being forecasted around public infrastructure means third party certification to approve a transaction between a merchant and a buyer, the SIM card in the mobile commerce arena will be used to manage the public key certificate management and digital encryption."
Games and gambling, for example, are expected to be significant revenue generators for operators in the future and security and user authentication are obviously essential for such transactions.
There is, for instance, already a major gaming application running in Hong Kong which links the user to the Hong Kong Jockey Club and a number of local banks with Oberthur supplying the cards.
Using their mobile phone users can place a wager with the Jockey Club and at the same time authorise their bank to transfer the necessary funds to the Jockey Club account. Should the wager be successful the winnings are transferred by the Jockey Club into the user's bank account. This service is already enjoying enormous success in Hong Kong and the introduction of more advanced technologies such as GPRS and 3G will enhance the end-user experience and increase usage. Every step of the application is dependent upon the security and authentication provided by the SIM card.
Another area which is expected to be a 'killer' application is music downloading. What is important in this application is ensuring that the rights of the original music owner are protected by only downloading music to users who have paid for the rights to that music. At the GSM World Congress in 2001, a number of leading industry players announced the formation of the Mobile Music Forum (MMF) which aims to play a key role in the development of this potentially high revenue application. Nigel Brammar, marketing manager Northern Europe with Oberthur, one of the founders of the MMF, outlines the logic behind the new organisation. "The Mobile Music Forum is trying to create an environment which, one, takes care of the security and payment issues relating to the rights to have the music and the collaboration of the owners of the original rights, and, two, provides a mechanism that delivers the sound quality streamed over the airwaves with all the encryption that is necessary."
The role of the SIM card in this world of rights and permissions is outlined by Brammar. "The SIM card is the gatekeeper, the keyholder, it holds the keys that give the permissions to use the applications or the information. So if services are on a subscription basis then the capability to display and use the information may be inherent in the handset. But if your permission runs out at the end of the month then that key management is still retained on the SIM. In the MMF system, for example, the key on the SIM is used to decrypt the information over the air and if it is not up to date you cannot decrypt."
With the current status of technological development, the only mechanism for communicating with the SIM card is through SMS. Although established and cost-effective, SMS is limited in the amount of data it is able to transfer. The arrival of GPRS will transform this situation but the industry is still working on the standardisation of the GPRS data channel. Although GPRS will speed up information downloading and enable more sophisticated services and applications, the impact of GPRS on the SIM card will be minimal as today's cards are already able to support GPRS-driven applications. The real changes in the SIM card will come with the introduction of 3G. In the UMTS/WCDMA 3G standard being specified by 3GPP, a SIM card is mandatory. This is not the case with the cdma2000 3G standard being developed by 3GPP2.
It is now widely accepted that the 3G implementation strategy of existing GSM operators will be to deploy islands of UMTS coverage, probably in city centres and other high density environments where the initial market demand for high speed data will be located. Only a long way down the road will there be a requirement for national UMTS coverage. Therefore, in the early stages of 3G roll-out, users will need dual-mode 2G/3G phones to ensure continuity of service when moving outside of 3G coverage. There will also be WCDMA only terminals being deployed by greenfield 3G operators. To meet these multiple demands the SIM card will evolve and become a platform supporting multiple functions as Schlumberger's Chanay explains. "The card will have the USIM [Universal SIM], the 3G application which allows the user to be recognised by the 3G network, as well as the SIM application because of the need to support 2G operation whilst outside of 3G coverage.
Then there will probably be the RUIM [Removable Universal Identity Module], the cdma2000 application that will allow roaming onto non-WCDMA networks providing there are roaming agreements in place.
"On top of this there will be more and more WIM [WAP Identity Module] applications to support public key infrastructure (PKI) applications via the card for m-commerce and other services that require a very high level of security in an open environment. Finally, we are defining the STK for 3G - the Universal SIM Application ToolKit [USAT]. So instead of looking at one card that is a closed system, we are seeing a system that is a platform that will support the different applications that operators will wish to offer their customers." This platform is known at the UICC (USIM Integrated Circuit Card).
With the level of complexity and multiplicity of different applications all on the SIM card of the future, there will need to be a commensurate increase in the capabilities of the card and to meet this demand the smartcard industry has been investing heavily in developing new microprocessor technology.
Already available are 16-bit WCDMA cards, which are being utilised by operators and vendors in trials such as in the Isle of Man and Monaco.
Around the corner are 32-bit cards, which should be available for the commercial launch of 3G. Schlumberger's Chanay emphasises that the industry was anxious to ensure that smartcard availability was not the limiting factor in the deployment of 3G, "and in that we have succeeded," he says.
As perceptive readers will have already noted, the SIM business is very acronym heavy with WIM, RUIM, USAT, RMI being just a few. Ever helpful to its readers, MCI offers a brief guide to the more significant acronyms in the SIM business.
Although currently not enjoying the best of public images, WAP will continue to have a positive role to play in the delivery of applications and services going forward. Recognising the advantages of the SIM card the WAP Forum specified a smartcard-based application known as the WAP Identity Module (WIM) in its release 2.1. The WIM has two key functions; it provides security for the wireless transport layer (WTLS) between the WAP Gateway and the end-user terminal; and it secures the application layer via a digital signature. In the latter case the security ensures that transactions over the mobile network, m-commerce or banking, for example, cannot be repudiated by either party. Security within the WIM is carried out using advanced algorithms which are stored inside the chip on the card. This approach provides a very high level of security using PKI technology.
Today's SIM cards use the GSM 11.14 version of the SIM ToolKit but as the mobile world evolves towards 3G, two new variants of the STK have been developed. These are the Universal SIM Application ToolKit (USAT) and a generic version which is not tied to any particular communications technology know as the Card Application ToolKit (CAT). The CAT moves the benefits of SIM plus STK into areas other than mobile communications.
With the CAT, for example, java applets could be downloaded on to the SIM card using a local communications link so a terminal could be configured to work with an airline or railway ticketing terminal or a supermarket terminal as and when required. Both new versions of the STK offer the ability to work with different bearers such as Bluetooth, RS232 or infrared.
The original vision of third generation was a single ubiquitous global technology which would enable users to roam anywhere making and receiving calls. For a variety of reasons the reality has been two major 3G technologies plus a number of less significant alternatives. However, the demand for global roaming continues to exist so everyone is looking for a way to bridge the gap between WCDMA and cdma2000. In the longer term the solution might be multimode terminals but in the shorter term plastic roaming provides an answer. Following co-operative development work between the CDMA community and the smartcard vendors, the RUIM - Removable Universal Identity Module - was developed and this too will be part of the UICC. There has even been some SIM card activity in the CDMA IS-95 environment. Until recently the SIM card was unique to GSM but the benefits of this technology are now being recognised, somewhat belatedly by rival technology camps. A number of CDMA operators have been pressing for the introduction of SIM card technology.
Notable amongst these is China Unicom which is in the process of rolling out a CDMA network in parallel with its GSM network. Unicom has been accustomed to managing its GSM subscriber base through the SIM card and is anxious to continue this approach with its CDMA customers. This will be achieved using a UIM (Universal Identity Module). There is even a suggestion that the North American TDMA operators are looking to introduce the flexible SIM approach as they evolve their networks to future technologies.
Then there is RMI - Remote Method Invocation. Despite sounding like some arcane religious rite, RMI is in fact a java-related technology that allows applications to be run almost anywhere on the network as if they were local to the card or handset. As Vallee points out, in the future each user will probably have multiple SIM cards; one for his portable device, perhaps one in his car to communicate information on status and so on so the penetration of SIM cards will actually be higher than the number of potential users. With this multiplicity of SIM cards, it will be important to establish, both for the network and the owner of the main card, some kind of synchronisation. "The RMI technology establishes a peer to peer connection between two cards or between a card and a java-based handset.
It is an agent technology whereby an agent can be sent into the network to find its way to the other SIM card with which you need to establish a connection."
The SIM card has come a long way from being the simple user/network authentication device envisaged by the standardisers of the GSM technology. As mobile communications makes the transition to the new world of non-voice services, the SIM card will provide the essential security without which these new services will not happen. Fortunately, it would appear that the SIM card industry has recognised the importance of its products and is responding in an efficient - and timely - fashion. <<
- Eric - |
