Sim Application Toolkit

Sim Application Toolkit (SAT)

Overview of Sim Application Toolkit:

The SIM Application Toolkit is a set of commands which defines how the card should interact with the outside world and extends the communication protocol between the card and the handset.
With SIM Application Toolkit, the card has a proactive role in the handset (this means that the SIM initiates commands independently of the handset and the network).
SAT is designed as a client server application.
The applications are stored in the SIM card, and not on handset.
Applications are downloaded over the air and stored in SIM card and the process is controlled by the service provider.
Service provider keeps total control of the applications, when they are to be downloaded and when they should be removed.
It uses the SMS for the bearer medium to transfer the information between the handset and the service provider.
It can also use 3Des encryption technique with three keys for security
The key exchange, a potential weakness in other platforms, has been eliminated in SAT because secret keys are agreed upon implicitly or before the SIM is issued

Proactive Commands:

· When the SIM has a command to send to the handset, it must wait until it is asked to do something.

· When this task is complete, rather than responding with a status word of 0x9000, the SIM responds with 0x91xx. (This means “The command you gave me executed just fine and I have a command of xx bytes for you.”).

· Handset sends the SIM a FETCH command. The FETCH command pulls the SIM’s command onto the handset, where it is parsed and executed.

· The handset then tells the SIM how things went. It does this with TERMINAL RESPONSE command. In this command, the handset passes back to the SIM the results of executing SIM command.

SIM -> ME communication:

· The SIM gives the handset a sequence Tag-Length-Values (TLVs).

· The sequence of bytes looks like:

Tag – Length – Value

(kind of data – How many bytes follows – Data bytes)

· The Tag and Value can be any number of bytes.

· The Value can be itself be yet another TLV.

Operation of SAT:

Profile Download Allows the Mobile Equipment to tell the SIM card what SIM Application Toolkit facilities it is capable of supporting, so that the SIM card can limit its instructions range accordingly.

Proactive SIM is a mechanism through which the SIM card can inform the Mobile Equipment that it has some information or commands for the Mobile Equipment to carry out, which the Mobile Equipment then FETCH. Such actions include displaying text on the screen, provided by the SIM card, sending a SMS, setting up a voice call to a umber held on SIM card ad so on.

Cell Broadcast Download or SMS-PP Download This command allows the mobile network operator to use sms or cell broadcast to transfer the information to the SIM card. For example when the Mobile Equipment receives a short message with the protocol identifier set equal to the SIM data download and the data coding scheme equals a class 2 message, then the mobile equipment will pass the short message directly to the SIM card without the knowledge or intervention of the mobile phone user.

Set Up Menu This causes the creation of a menu tree on the mobile device. The handset will include these menu items in its own menu. For example, a new service is added to the subscription the Set Up Menu command will modify the menu by adding the new service to the menu.

Menu Selection If the user subsequently uses the mobile phone keypad to select a menu option, the mobile equipment informs the sim card using this mechanism.

Call Control When this service is activated by the Mobile Equipment, all call setup attempts will result in the telephone numbers, supplementary services and unstructured supplementary services data (USSD) strings being sent first to the SIM card. The SIM card can then decide whether to allow those actions to be carried out it can selectively bar them.

Mobile Originated Short Message Control Before sending any short message, the handset asks the SIM for authorization to send a message. The SIM returns an answer which can either be authorization, refusal or authorization with changes.

This is basically the same principle as Call Control, only it applies to SMS and not voice calls.

More Time This procedure is provided to allow the SIM Toolkit task in the SIM more time for processing, where the processing is long enough to affect normal GSM operation, and clock stop prevents processing to take place in the background. For example, if an application is downloaded in more than one SMS and a call is received, the More Time command will be activated.

Event Download This command is sent from the handset to the SIM to state that an event happened. The events to be downloaded are as follows:

1. Mobile Terminated call (incoming call)

2. Call Connected

3. Call Disconnected

4. User Activity (the user has been pressing buttons on the handset)

5. Idle Screen Available (there is a blank screen)

This command is particularly useful because it gives the SIM the opportunity to react to events other than simple user actions.

Set Up Event List The SIM will give the handset the list of events it wants to know about if they happen. For example, the SIM could ask to be informed about Idle Screen Available so as to insert short advertisements while the screen is blank.

Timer Management/Timer Expiration This feature allows the SIM to manage the handsets timer. For instance, this feature could be used in a personal organizer application, for example a beep could ring for important meetings or appointments. The timer expiration feature allows the SIM to ask for the time remaining in the timer, for example the SIM could ask the handset to display 5 Minutes before Meeting.

Power On Card / Power Off Card This command will supply power to the card that is in the second slot, the Power off Card command will turn the power off. Get Reader Status. The SIM will ask the reader for the status of the card in the second slot, whether then is a card in the slot, and whether it is on or off.

Perform Card APDU The SIM will send a command to the second card. An APDU refers to the ISO 7816 4 standard.

Poll Interval / Polling off Periodically, the handset sends a status command to the card to check whether the card is present. The SIM can send a poll interval command to request a certain amount of time between status commands. The polling off command cancels previous poll interval commands that were sent.

Refresh The purpose of this command is to enable the handset to be notified of any changes in SIM files during an application. The SIM must inform the handset of the changes that occur. For example, in the event a set of numbers is downloaded into the Fixed Dialing Numbers (FDN) File in the SIM, the SIM would ask the handset to update its own image of the FDN file.

Command Result When the Mobile Equipment has attempted to execute a proactive command from the SIM card, the Mobile Equipment informs it of the success or otherwise of this command.

More on Proactive Commands:

When the DISPLAY TEXT command is used, it allows the SIM to define the priority of that message, and the text string format.

Two types of priority are defined:

· Display normal priority text and/or icon on screen;

· Display high priority text and/or icon on screen.

The text string can be in one of three formats:

Packed format in SMS default alphabet. This is indicated by the data coding scheme having a value of 7 bit GSM default alphabet. Other parts of the data coding are ignored.
Unpacked format in SMS default alphabet. This format uses the full 8 bit SMS alphabet.
UCS2 alphabet format. All characters are mapped according to the UCS2 alphabet.

When the COMMAND RESULT message is returned to the SIM upon completion of the

Proactive command, the command can belong to one of three categories:

Command performed successfully. This is returned by the ME for every successful command.
Temporary problem with executing command. This is further defined below, but generally these indicate to the SIM that it is worth trying again later. An example of this is when the Mobile Equipment is currently busy with a call.
Permanent problem with executing command. These are further defined below, but generally indicate that the same command will end in the same result if repeated during the same GSM session. This could mean that the Mobile Equipment is not capable of interpreting that command.

An Example

The following example operation of the STK illustrates the above concepts.

The subscriber is in cell 19123 in Tokyo, and he wants to book an Indian restaurant. He needs to access a list of the names and telephone numbers of restaurants nearby, in order to make a booking.

In order to offer this restaurant booking service, the operator needs:

1. A database of selected restaurants per cell.

2. A SIM Toolkit application in the SIM.

The user needs:

1. An SIM Toolkit compatible handset.

The SIM Toolkit application on the SIM should have the functionality as shown in fig below

On Power On, the SIM verifies if the handset is SIM Toolkit compatible. The SIM then sends a Set Up Menu command to the handset, with the Services menu displayed on the handsets screen. Once the user has selected a Restaurant Booking application, the handset returns a Menu Selection envelope to the SIM. The application can then begin.

Development for SIM Toolkit

The Application Program Interface (API) for SIM Application Toolkit is a platform that allows developers to create STK applets for the SIM. These applets can be loaded onto the SIM remotely by the provider using STK functions. The STK API on a GSM Phase 2+ SIM is based on the Java 2.1 Runtime Environment is shown below in figure

Each of the modules in figure is described below as defined in the specification:

SIM Toolkit Framework This is the GSM Java Card runtime environment; it is composed of the JCRE, the Toolkit Registry, the Toolkit Handler and the File System.

JCRE This is specified in Java Card 2.1 Runtime Environment Specification and is able to select any specific applet and transmit to it the process of its APDU (Application Protocol Data Unit).

Toolkit Registry This handles all the registration information of the toolkit applets, and their link to the JCRE registry.

Toolkit Handler This handles the availability of the system handler and the toolkit protocol (i.e. toolkit applet suspension).

File System This contains the card issuer file system, and handles the file access control and the applet file context. It is a JCRE owned object implementing the shareable interface sim.access.SIMView.

Applets These derive from javacard.framework.applet and provide the entry points: process, select, deselect and install.

Toolkit applets These derive from javacard.framework.applet, so provide the same entry points, and implement the shareable interface sim.toolkit.ToolkitInterface so that these applets can be triggered by an invocation of their processToolkit method.

GSM Applet This is the default applet, and it behaves as a regular applet. It handles the GSM authentication algorithm and the subscriber file access control according.

Loader applet This is handles the installation and uninstallation of the applets. The framework in which STK applets operate is shown in figure below.

Reference Documents:

· GSM 11.11: Subscriber Identity Module – Mobile Equipment (SIM-ME) Interface.

· GSM 11.14: SIM Application Toolkit

· GSM 02.19: SIM API Applications

· GSM 31.111: SIM Application Toolkit

· GSM 3.48: SIM Toolkit Security

· 3GPP 31.101: UICC – Terminal Interface

· 3GPP 31.102: USIM Application

· ISO 7816-4 File system

· ETSI TS 102.223: Proactive Commands

Abbreviations and Definitions

Term Definition

3GPP The 3rd Generation Partnership Project

APDU Application Process Data Unit

ETSI European Telecommunications Standards Institute

GSM Global System for Mobile Communications

JAVA Card A smart card that contains Java applets. Several applets can be stored in the card, and new ones can be added after issuance to the customer.

SIM Subscriber Identity Module

USAT Universal SIM Application Toolkit