WHY THE SIM CARD ?

3

PSCR and the challenge partners are requesting solvers’ assistance to explore possibilities for using the Universal Integrated Circuit Card (UICC), commonly known as the SIM card, as a secure storage container for user credentials. The SIM card is already used in most mobile devices and trusted by mobile network operators to secure the most sensitive mobile network subscriber data. The SIM card is a tamper-resistant hardware storage container and, if it was expanded for storing user credentials, it could enable seamless, secure authentication to public safety applications. In addition to its strong security characteristics, the SIM card offers the following potential usability benefits for public safety: more user-friendly; allow networks to provision credentials over-the-air via a secure channel; and potentially enable device sharing by keeping sensitive information on the removable SIM card. Additionally, because the SIM card is currently used in most mobile devices, it could offer cost savings for public safety organizations as extra hardware would not be necessary.

To enable seamless, secure authentication to public safety applications on a mobile device, the user’s credential must be stored on the SIM card. A mobile device operating system will communicate with the SIM card to pass the user’s credential for authentication to the public safety application.

High Level Schematic of Mobile Device Architecture

High Level Schematic of Mobile Device Architecture

PSCR and the challenge partners are requesting solvers’ assistance to explore possibilities for using the Universal Integrated Circuit Card (UICC), commonly known as the SIM card, as a secure storage container for user credentials. The SIM card is already used in most mobile devices and trusted by mobile network operators to secure the most sensitive mobile network subscriber data. The SIM card is a tamper-resistant hardware storage container and, if it was expanded for storing user credentials, it could enable seamless, secure authentication to public safety applications. In addition to its strong security characteristics, the SIM card offers the following potential usability benefits for public safety: more user-friendly; allow networks to provision credentials over-the-air via a secure channel; and potentially enable device sharing by keeping sensitive information on the removable SIM card. Additionally, because the SIM card is currently used in most mobile devices, it could offer cost savings for public safety organizations as extra hardware would not be necessary.

To enable seamless, secure authentication to public safety applications on a mobile device, the user’s credential must be stored on the SIM card. A mobile device operating system will communicate with the SIM card to pass the user’s credential for authentication to the public safety application.

Leveraging Credentials stored on the UICC/SIM Card

The operating system that runs on top of the SIM card provides the capability for smaller applications to operate in its runtime environment. The SIM card operating system contains executable code that manages the logical resources of the SIM card, including external and inter-application communication, process scheduling, file system management, and resource access control. These applications are what make up the functional services that are used on the SIM card. The SIM card can contain multiple applications whose files can be shared amongst each other, while also being accessed by applications that reside elsewhere on the mobile device.

Leveraging Credentials stored on the UICC/SIM Card

The operating system that runs on top of the SIM card provides the capability for smaller applications to operate in its runtime environment. The SIM card operating system contains executable code that manages the logical resources of the SIM card, including external and inter-application communication, process scheduling, file system management, and resource access control. These applications are what make up the functional services that are used on the SIM card. The SIM card can contain multiple applications whose files can be shared amongst each other, while also being accessed by applications that reside elsewhere on the mobile device.

Additional Resources

=
For more information about the SIM card architecture, standards and file structure, please visit resource materials from ETSI, European Telecommunications Standards Institute, such as the following:

Overview about Smart Cards and SIM Cards

“Smart Cards; UICC-Terminal interface; Physical and Logical characteristics” technical specification