A subscriber identification module is a smart card that is used in a communication device. It is usually known by its acronym, SIM. There were approximately 600 million SIMs in GSM and 3G mobile phones and 70 million SIMs in DTH TV set-top boxes as of the end of 2001. SIM smart cards are being added to TDMA and CDMA mobile phones and to PDAs such as the Palm Pilot™ and the Handspring Visor™; their use as general-purpose network identity tokens is being actively explored. SIMs are by far the leading application of smart cards and the big-ticket items from most smart card manufacturers.
The SIM has two primary purposes. The first is to enable access to a particular communication network by the device (telephone handset) in which it, the SIM, has been inserted. The second is to undeniably and contractually associate the subsequent use of that network with a payment account. The first purpose is authorization and the second purpose is authentication, non-repudiation and accounting. The SIM often provides other services such as the creation of session keys for encryption and the storage of personal information such as telephone numbers.
Historically, the SIM was owned, issued, and managed by the operator of the network to which it authorized access. In particular, it was not owned by the person paying the bills for network use or by the person using the communication device. In this regard, SIM is like a bank card that is owned by the bank. But also like a bank card, as the SIM evolves to become an application platform that can contain multiple accounts and provide access to multiple (and possibly competing) networks, this is changing.
In this new model, what used to be the purpose-built SIM smart card is a bag of bits on a multiapplication and multi-issuer smart card. Not surprisingly, this has set off a scramble for who is the card's super user and has root privileges. Telecom operators are convinced that you should put your banking applications on their SIM cards. Banks are of the view that you should put your telecommunications applications on their bank cards. About the only thing they see eye-to-eye on is that person paying the piper—you—doesn't call the tune. The cardholder owned and operated “white card” is an anathema to both of them. This too is slowly changing.
Besides being a tamper-resistant place to store keys and perform cryptographic operations, the easy portability of the SIM card lets both the issuer and the subscriber move the SIM's data, including payment account information from one communication device to another and even to use this payment data in non-network settings. There is no technical reason, for example, that the same keys that protect your bits on a 3G network couldn't protect your bits on a WiFi network. In fact, there are some European GSM network operators that are doing exactly this. Pop the SIM out of your Nokia 5190® GSM handset, pop it into your Nokia C110® WiFi card, and carry on. It's all digital communications and it's always you.
The portability story of the SIM is given lie somewhat by some cellular network operators who don't want you to use another operator's SIM in the handset that comes with the packages they sell. Handsets that only work with one operator's SIM are called locked, or latched, phones because they will only work with (are locked to) SIMs from the network operator that sold you the handset. If you buy a phone from VoiceStream, for example, it will likely (as of this writing) only work with a SIM provided by VoiceStream. The cost of the handsets in these packages is heavily subsidized by the operator selling the package and they understandably want to recoup this subsidy through your use of their network. Of course, you can buy unsubsidized handsets that are not locked and can be used with any operator's SIM. Just don't typically expect to buy one from an operator.
SIMs are becoming application platforms. This seems strange at first blush for a smart card that has such a highly focused purpose and has been so financially successful fulfilling this purpose. Why add applications with dubious business models and risk upsetting the authorization applecart?
Note
The reason the SIM is programmable at all is due in no small part to the locking behavior discussed previously. In the early 1990s, a European Telecommunications Standards Institute (ETSI) technical working group was drafting specifications for a standard way to unlatch phones over the air. When wind of this activity got to the market-oversighted Eurocrats, they saw what was essentially anticompetitive behavior being enshrined in European telecommunications standards. This caused no small amount of very official “harrumphing” in Brussels. As a result, the ETSI committee, promulgating the unlatching standards in a particularly deft piece of field reversal running, promptly rewrote the specifications as a general-purpose way of administering the SIM over the air and called the result the SIM Application Toolkit. A technique to make the phone less useful led to a technique that makes it more useful. James Burke is taking notes.
Because they protect two very valuable assets—a network and a payment obligation—SIMs are highly secure and carefully guarded computers. It may therefore seem strange that we are devoting a whole chapter of this book to building applications for them. But it is exactly because they do hold the keys—literally and figuratively—to valuable assets that make SIMs such attractive platforms for mobile applications. After all, how many other application platforms can you name that come with a worldwide communication capability, secure user identification, and microbilling; all for only about $10?
Primarily because they been around longer and because there are more of them in actual daily use, the GSM and 3G SIM currently are the most advanced of the SIMs from an application development point of view. As a result, we will focus on building applications on the GSM and 3G SIMs in this chapter. But while the details of the discussion in the chapter will pertain to these particular SIMs, the application designs, security considerations, and application development opportunities that we discuss apply by and large to SIMs wherever they are and will be found.
It is an ongoing quest of the telecommunications network operators—the current owners of SIM populations—to figure out a way to provide the services of the SIM to non-network applications without in any way compromising the SIM's network security responsibilities. The Holy Grail at the end of this quest is filled with the gold they will charge to provide these services. Initially, the operators imagined that they and only they would build these services. The success of NTT DoCoMo that flowed from energizing the independent application development community has, however, started to change this view. Applications developed by independents are now not only considered but are actively sought by the more forward-thinking network operators.
What differentiates SIM applications from handset applications based on the Wireless Application Protocol (WAP) or BREW framework is that they can be trusted. Mobile computing is about transactions, which to be of any use, must be able to be trusted and acted upon. The handset is an untrusted platform. It's fine for surfing the Web or catching the Joke–of–the–Day, but when it comes to sending a message that makes a difference—one that buys a book or boots a mail server, for example—it is more likely that the message will be trusted if it came from a SIM than if it came from the handset. Such mobile transaction applications for the SIM are the topic of this chapter.
While the ISO 7816 series of smart card standards leave many points of ambiguity, the SIM standards tend to be much more complete and are implemented to the letter by the smart card manufacturers. The International Standards Organization (ISO) standards are really more conceptual than practical. There are no ISO 7816 cards because there are no ISO 7816 compliance tests. A SIM, on the other hand, is compliance-tested each time the mobile telephone is turned on. If it doesn't follow the standards, the subscriber doesn't get on the network. This makes for grumpy subscribers and even grumpier network operators. And all these grumps end up at the doorstep of the smart card manufacturer. As a result, unlike the ISO standards, interoperable applications can be built on top of the SIM standards with considerable hope that they will work when they get into the field and, what's more, work on SIMs from any smart card manufacturer.
SIM standards were originally part and parcel of the overall GSM standards set that is administered by the ETSI. Again, unlike the ISO standards, these standards are available for free download from the ETSI Web site at www.etsi.org. In the late 1990s, these standards were turned over to the Third Generation Partnership Program (3GPP) when GSM itself began its evolution to higher data rates and more universal usage. The 3GPP versions of these standards are also available for download from ftp.3gpp.org. On these Web sites, you can not only get all the current and past versions of the standards, but you also can monitor the standards meetings that are held to correct, update, and evolve them.
In early 2000, ETSI started a new project called the Smart Card Platform (SCP) to consider the use of the SIM in all telecommunications settings—not just GSM and 3G networks. The theory is that SCP will create a foundation of generic standards for the SIM and SIM applications on which the GSM and 3GPP standards for the mobile telephone can rest. The not-so-secret agenda of SCP is to build a set of standards for all smart cards that can actually be built and that will deliver on the promise of interoperability that the ISO 7816 standard really hasn't achieved. The latest versions of the SCP standards are available at www.docbox.etsi.org/tech-org/scp/Document/scp/.
The formation of the SCP project has led to a certain amount of confusion as the tried-and-true GSM standards were split into three parts; those being
specific to the GSM phone and staying within ETSI
applicable to all 3GPP phones, but not to all network devices and going to 3GPP
common to all network devices and going to back the ETSI, but in the SCP project
No one ever said evolution with backward compatibility was either pretty or elegant.
Table 8.1 gives a snapshot of the state of a small part of evolution as of late 2001.
Table 8.1. The Evolution of Some SIM Standards
Description | GSM | 3GPP | SCP |
|---|---|---|---|
(U)SIM and IC Card Requirements | 21.111 | ||
Physical and Logical Characteristics | 11.11 | 51.011 | 102.221 |
Characteristics of the SIM Application | 31.102 | ||
Security Mechanisms for the SAT-Stage 1 | 02.48 | ||
Security Mechanisms for the SAT-Stage 2 | 03.48 | 33.102 | 102.225 |
Administrative Commands | 102.222 | ||
Numbering System for Card Applications | 31.110 | 101.220 | |
(U)SIM Application Toolkit | 11.14 | 31.111 | 102.223 |
UICC Application Programming Interface | 102.240 | ||
SIM API for Java | 03.19 | 102.241 | |
SIM API for C | 31.131 | ||
USAT Interpreter | 31.113 |
As of 2002, this evolution is still very much underway and new entries are being made in this table on an almost-monthly basis. The reader is well advised to check with the Web sites mentioned previously for the latest version of the current standards and the arrival of new ones.
The seminal SIM standards are GSM 11.11 and GSM 11.14. You will hear these standards referred to frequently in discussions of the SIM. The SCP evolutions of these two oldies but goodies are ETSI TS 102.221 and ETSI TS 101.223, respectively.
GSM 11.11 is the original SIM standard and covers the SIM data files and application protocol data units (APDUs) that are sent by the handset to the SIM in establishing network access and subscriber account authentication. GSM 11.11 is based on ISO 7816-4 and certainly credits this standard to be its genesis, at least in public. As you read GSM 11.11, you will find all of your old APDU friends from ISO 7816-4. Where ISO 7816-4 is vague or provides wiggle room for proprietary implementations or hollow claims of standards compliance, GSM 11.11 is specific and says exactly how it shall be.
GSM 11.14 describes a quiet smart card revolution that took place in the mid-1990s. You will recall that from the dawn of smart card time, the smart card was the slave and the terminal was the master. The card spoke only when spoken to and did only what it was bid to do. GSM 11.14 turns history on its head and describes commands that the SIM can send to the handset. It was this document, GSM 11.14, that transformed the smart card in the GSM mobile telephone from a simple data store and session key computer to a full-fledged network-aware application platform. Two business necessities and two elegant insights into their solution provided the explosive power for this revolution.
First, when the network operator wanted to perform some administrative functions on the SIM, he couldn't very well just tell the subscriber to drop by network headquarters at an appointed time. The SIM was connected to a network device—the handset—so why couldn't the administration be done over the air? The instructions to be followed by the SIM had to go through the network and the handset right to the SIM, untouched and uninterpreted by these intermediate nodes. This brought the SIM itself onto the network. It was no longer just a peripheral on the handset, but a network node engaging in direct, end-to-end communication with network central.
Second, if the SIM was going to be a viable network node, it had to be able to initiate activity and not just be a slave to duty. Up to this time, a basic tenet of smart cards was that code running inside the smart card only needed to respond to commands from outside. GSM 11.14 introduced the radical notion that on-card code could initiate calls on services outside the card. In one flourish of the standard writer's pen, the GSM handset was transformed from a demanding master to a mere docking station.
The two technical innovations that converted these standards requirements to street realities were called event download and proactive commands. Event download requires the handset to tell the SIM about events that are taking place on the handset itself and on the network. Proactive commands let the SIM tell the handset what to do. Event download was invented by Swisscom and proactive commands were invented by BT Cellnet. For a detailed description of their discoveries, see Mobile Application Development with SMS and the SIM Toolkit (Guthery and Cronin, 2001).
These two new smart card usage conventions—event download and proactive commands—form the foundation of the SIM Application Toolkit, which we discuss in detail a bit later. The first convention governs the flow of information and control from the mobile equipment to the card and the second governs the flow of information and control from the card to the mobile handset. Both were simple straightforward elaborations of existing practice, but when used together, caused a revolution in the use of the GSM mobile phone.
A SIM is just a smart card with the plastic cut away so that it snuggles down inside the tiniest mobile handset. The handset reads and writes information on the SIM using the same basic ISO 7816-4 commands that we discussed in previous chapters. These APDUs are documented in detail in ETSI TS 102.221 and listed in Table 8.2.
Table 8.2. Smart Card Commands Recognized by SIMs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The software on the handset uses these commands in its interactions with the SIM in the process of performing various telecommunications functions. For example, it would use the READ BINARY command to read telephone numbers from the phone book on the SIM and VERIFY PIN to authenticate the warm-ware at the keypad.
There are five additional APDU commands that are unique to any ETSI TS 102.221 SIM. These are the APDUs that implement event download and proactive commands. They are listed in Table 8.3.
Table 8.3. Commands for Event Download and Proactive Commands
|
|
|
|
|
What differentiates one SIM from another, what separates the GSM SIM from the 3G SIM, or the 3G SIM from the CDMA SIM, for example, is not these everyday APDUs, but the one used for INTERNAL AUTHENTICATION. This is because each network has its own authentication protocols and cryptographic algorithms. Table 8.4 lists the authentication APDUs for some popular networks.
Table 8.4. Subscriber Authentication Commands for Various Networks
Network Technology | Authentication APDU |
|---|---|
GSM |
|
3G |
|
TDMA |
|
WAP |
|
These are all variants of the INTERNAL AUTHENTICATE APDU because they are all used by the network to determine if the SIM is a SIM with which the network wants to do business. The commands are used by the network to authenticate the SIM. The details of these APDUs are particular to each network and beyond the scope of this book.
What about EXTERNAL AUTHENTICATION? How does the SIM make sure that it is dealing with a network with which it wants to do business? Recall that was what the EXTERNAL AUTHENTICATION APDU was all about. There was no provision for this in GSM networks and this turned out to be a minor problem. The situation has been addressed in 3G, but it is handled as an integral part of the internal authentication protocol so no additional external authentication APDU is needed. Interestingly enough, a very similar approach was introduced in the OP specifications and the Cyberflex Access command set we looked at in Chapter 6. That is, the authentication operation has become a mutual authentication operation. As SIMs come into use outside of strictly telecommunication settings, these APDUs will probably have to be added. So will the DECREASE APDU, but that's another story.
In this chapter, we will concentrate on the APDUs in Table 8.3 that are specific to ETSI TS 102.221 SIMs. These are the APDUs that bring applications on a SIM to life.
How can five simple APDUs create an application platform where none existed before? There are hundreds of calls on the Windows or Linux application programming interface (API), for example. Are these guys just making heavy water?
We will discover that these five simple ETSI TS 102.221 APDUs aren't really so simple after all and that they pack a lot of information and functionality into their little frames. What is simple, however, is the model of computation for the use of these APDUs.
First, early in the initial interaction between a handset and a SIM, the handset sends the SIM the first of the five platform APDUs, the TERMINAL PROFILE APDU. The data field of this APDU tells the SIM exactly what the terminal can do. The implicit semantics of the APDU are “Here's what I, the handset, am capable of. If you ask me to do anything else, you'll get an error return.” Table 8.5 is a list of the capabilities the handset can tell the SIM about in the TERMINAL PROFILE APDU. The handset sends up to 160 bits (20 bytes) to the SIM in the data field of the TERMINAL PROFILE APDU and sets a bit to 1 if it (the handset) has the associated capability and to 0 if it doesn't. This makes for a lot of information packed into a little package.
The TERMINAL PROFILE APDU is half of the getting-to-know-you protocol. The other half is the terminal finding out what the SIM can do. The terminal accomplishes this by using a plain old READ BINARY APDU to read the contents of a file called the SIM service table. This is file “6F38” in the SIM ADF. Table 8.6 lists the format of this file. Just like the TERMINAL PROFILE data field, the SIM sets a bit to 1 in this file if it can perform a particular function and to 0 if it can't. Table 8.7 gives the services.
Table 8.7. Services Indicated in the SIM Service Table
Services | |
Service n°1: | Local Phone Book |
Contents: | |
Service n°2: | Fixed Dialing Numbers (FDN) |
Service n°3: | Extension 2 |
Service n°4: | Service Dialing Numbers (SDN) |
Service n°5: | Extension 3 |
Service n°6: | Barred Dialing Numbers (BDN) |
Service n°7: | Extension 4 |
Service n°8: | Outgoing Call Information (OCI and OCT) |
Service n°9: | Incoming Call Information (ICI and ICT) |
Service n°10: | Short Message Storage (SMS) |
Service n°11: | Short Message Status Reports (SMSR) |
Service n°12: | Short Message Service Parameters (SMSP) |
Service n°13: | Advice of Charge (AoC) |
Service n°14: | Capability Configuration Parameters (CCP) |
Service n°15: | Cell Broadcast Message Identifier |
Service n°16: | Cell Broadcast Message Identifier Ranges |
Service n°17: | Group Identifier Level 1 |
Service n°18: | Group Identifier Level 2 |
Service n°19: | Service Provider Name |
Service n°20: | User-Controlled PLMN Selector with Access Technology |
Service n°21: | MSISDN |
Service n°22: | Image (IMG) |
Service n°23: | Not Used (Reserved for SoLSA) |
Service n°24: | Enhanced Multilevel Precedence and Pre-emption Service |
Service n°25: | Automatic Answer for eMLPP |
Service n°26: | RFU |
Service n°27: | GSM Access |
Service n°28: | Data Download via SMS-PP |
Service n°29: | Data Download via SMS-CB |
Service n°30: | Call Control by USIM |
Service n°31: | MO-SMS Control by USIM |
Service n°32: |
|
Service n°33: | Shall Be Set to “1” |
Service n°34: | Enabled Services Table |
Service n°35: | APN Control List (ACL) |
Service n°36: | Depersonalization Control Keys |
Service n°37: | Cooperative Network List |
Service n°38: | GSM Security Context |
Service n°39: | CPBCCH Information |
Service n°40: | Investigation Scan |
Service n°41: | MExE |
Service n°42: | Operator-Controlled PLMN Selector with Access Technology |
Service n°43: | HPLMN Selector with Access Technology |
Service n°44: | Extension 5 |
Service n°45: | PLMN Network Name |
Service n°46: | Operator PLMN List |
Service n°47: | Mailbox Dialing Numbers |
Service n°48: | Message Waiting Indication Status |
Service n°49: | Call Forwarding Indication Status |
Service n°50: | RPLMN Last-Used Access Technology |
Service n°51: | Service Provider Display Information |
At the end of this mutual introduction phase of the SIM Toolkit model of computation, the handset and the SIM each know what the other can do and will avoid asking the other to do something that it knows it can't do. Now they can get down to work.
Recall that the two technical capabilities that we are creating are event download and proactive commands. Event download is where the terminal tells the SIM about something that happened—an event of some sort. Proactive commands are where the SIM tells the handset to do something. The ENVELOPE APDU implements event download and the FETCH, TERMINAL RESPONSE, and STATUS APDUs implement proactive commands. Let's look at event download first because that's the easy one.
The ISO 7816-3 T=0 and T=1 communication protocols between the handset and the SIM let the handset talk to the SIM just about anytime it wants to. It just sends the SIM an APDU. In order to tell the SIM about an event, it uses the escape APDU from ISO 7816-4, the ENVELOPE APDU. The ENVELOPE APDU was first defined as a way to overcome deficiencies in the secure messaging mechanisms of ISO 7816-4; however, it is a way to send a random undifferentiated blob of data to a smart card. Unlike UPDATE RECORD or VERIFY PIN, which carry data intended for a specific use, namely the use defined by the APDU, the semantics of ENVELOPE are more like “Here's a blob of data. I assume you know what to do.” What GSM 11.14 and ETSI 102.223 do is organize and give meaning to the data field of the ENVELOPE APDU when it is sent to a SIM smart card.
As you recall, ISO 7816-4 establishes, roughly speaking, a one-to-one relationship between what you want the card to do and a command to ask it to do it. READ BINARY reads from a file, VERIFY PIN checks a PIN value, and so forth. But the folks that wrote ISO 7816-4 understood well that they couldn't imagine all possible uses of a smart card, so they built themselves and all the rest of us an escape hatch to the future: the ENVELOPE command. The design intent of ENVELOPE was to be able to put proprietary and special-purpose information and commands inside a standard ISO 7816 command “envelope” in order to transmit them to the card.
In keeping with the over-arching policy of being as compatible as possible with existing smart card standards, the authors of GSM 11.14 chose the ENVELOPE command to get all sorts of non-APDU–based information to the SIM.Thus, whether it is message traffic coming from the user, the handset, or somewhere out on the network, it is moved to the SIM tucked inside an ENVELOPE command. There are a number of different variants of the SIM ENVELOPE command, but the three primary ones correspond to these three sources of message traffic for the SIM. We discuss these immediately after we look at the ENVELOPE command itself.
The syntax of the ISO 7816-4 ENVELOPE APDU is simplicity itself:
Command | Class | INS | P1 | P2 | P3 | Data Field |
|---|---|---|---|---|---|---|
ENVELOPE | A016 | C216 | 0016 | 0016 | n | Blob of n bytes of undifferentiated data |
There is no P1 or P2—just a CLA and an INS, a length, and a data field. The entire message to be loaded into the smart card—in the case at hand, the SIM—is put into the data field. The thinking was that if you wanted to dream up a new smart card command, you could still use all the smart card readers in the field by encapsulating or tunneling your command in the ENVELOPE command.
The first type of SIM event download ENVELOPE APDU is for messages from the user and is called ENVELOPE (MENU SELECTION). The data field contains an index of the menu item that was selected and assumes that the SIM kept track of the list of choices that were offered to the user.
The second type of event comes from the handset itself and consists of the handset informing the card of events that are taking place upstairs. Examples of such events are pressing a key or initiating a call. An ENVELOPE APDU that contains such event notifications is called ENVELOPE (EVENT DOWNLOAD).
The final type of the ENVELOPE APDU for events originating in the network (e.g., the host-side or off-card component of your application sitting on a server somewhere) is called ENVELOPE (SMS-PP DOWNLOAD).
Of the three event types, SMS-PP DOWNLOAD is the most useful and the most powerful from the point of view of application construction. Using this event download, the off-card application communicates with the on-card application by sending it a short message using the network's short message system (SMS). Coding in the SMS message tells the handset to pack the entire SMS message into an ENVELOPE command and pass it onto the SIM. SMS-PP DOWNLOAD can also be used to load new applications onto the SIM.
Table 8.8 is a list of the all the event download ENVELOPEs defined in 3GPP TS 31.111. There are 13 for event notification, 2 for short message reception, 2 for call control, and 1 each for menu selection and timer expiration.
Table 8.8. ENVELOPE Commands in 3GPP TS 31.111
ENVELOPE (SMS-PP DOWNLOAD) |
ENVELOPE (CELL BROADCAST DOWNLOAD) |
ENVELOPE (OUTGOING CALL CONTROL) |
ENVELOPE (OUTGOING SHORT MESSAGE CONTROL) |
ENVELOPE (TIMER EXPIRATION) |
ENVELOPE (MENU SELECTION) |
ENVELOPE (EVENT DOWNLOAD – Incoming Call) |
ENVELOPE (EVENT DOWNLOAD – Call Connected) |
ENVELOPE (EVENT DOWNLOAD – Call Disconnected) |
ENVELOPE (EVENT DOWNLOAD – Location Status) |
ENVELOPE (EVENT DOWNLOAD – User Activity) |
ENVELOPE (EVENT DOWNLOAD – Idle Screen Available) |
ENVELOPE (EVENT DOWNLOAD – Card Reader Status) |
ENVELOPE (EVENT DOWNLOAD – Language Selection) |
ENVELOPE (EVENT DOWNLOAD – Browser Termination) |
ENVELOPE (EVENT DOWNLOAD – Data Available) |
ENVELOPE (EVENT DOWNLOAD – Channel Status) |
ENVELOPE (EVENT DOWNLOAD – Access Technology Change) |
ENVELOPE (EVENT DOWNLOAD – Display Parameters Change) |
The innovation in event download wasn't in the invention of new technique or the promulgation of a new standard. It was using a piece of existing smart card technology, the ENVELOPE APDU, for a revolutionary purpose: to carry information from outside the SIM to inside the SIM to enable the SIM to respond to this information based on the policies it contained. The original use for which Swisscom invented event download was to silently let the SIM redirect calls being placed on the handset in order to use the network more efficiently. When combined with proactive commands that we describe next, event download turns the SIM from a passive data store into an integral and interactive part of the mobile application framework.
Even with event download, the SIM is still reactive rather than proactive. It can react to the events that it is told about but it can't create an event. You can easily imagine tinkering with the communication protocol between the handset and the SIM to let the SIM initiate communication, but any changes had to be a graceful evolution of the existing SIM because new SIMs had to work in all the old handsets. In particular, a proactive SIM had to live within the ISO 7816-4 framework on which the existing SIMs were built. This meant that at the lower levels of the communication protocol, the handset had to be the master and the card was still the slave.
In order to turn the tables at the higher levels, Colin Hamling of BT Cellnet, then vice-chairman of SMG9, the ETSI committee charged with solving the over-the-air unlatching problem, proposed something very modest and innocent but with far-reaching consequences: a new status word.
Here are the words taken directly from GSM 11.14 version 5.9.0 Release 1996 that gave the SIM a voice:
“The response code '91 XX' shall indicate to the ME that the previous command has been successfully executed by the SIM in the same way as '90 00' (i.e., “OK”), but additionally it shall indicate response data which contains a command from the SIM for a particular ME procedure (defined in subclause 6.4).”
In other words, upon receiving a “0x91xx” status code, the handset is now obliged to respond with a FETCH APDU to find out what the card wants it, the handset, to do... and, what's more, it was obliged to do it. Gasp! The slave presumes to issue commands to the master.
Thus, at the lower levels of the T=0 protocol, the handset was still the master, but at the upper levels, the smart card was now in charge. This modest and yet elegant addition to the set of ISO 7816-4 status words transformed the SIM from a floppy disk with an attitude to a secure mobile computer with a perfectly useable human interface and some truly awesome communication capabilities. But one more conceptual leap had to be taken before this would be an application platform. Kristian Woodsend, who worked for Colin Hamling at the time, took this leap.
What had to happen was that the commands the SIM could give to the handset had to be standardized. This standardization, together with the standardization of event downloads, would mean that any SIM with applications could work with any handset. This was where we started when the SIM was just a data store and this had to be where we ended when the SIM became an application platform.
The recognition of the need for a general way to build mobile applications using the SIM was in the air in the middle of 1994. Up to that time, each new SIM application required application-specific and often operator-specific modifications to the handset; this was obviously a very large impediment to rolling out new applications. A general-purpose way to control the phone from the SIM had been discussed briefly at SMG9 #2 of that year and a work item titled “Proactive SIM” approved at the SMG9 #12 plenary meeting.
At the same time, discussions were being held within SMG9 on a general-purpose and standardized way to extend Swisscom's “SicapNATEL” technique for the data on the SIM. This work item was called “SIM Data Download.” The synergy between these two work items was quickly realized—applications needed to be able to catch data and downloaded data needed someone to catch it. These two tasks were combined in early 1995 into the SIM Application Toolkit work item, which was approved at the SMG9 #14 plenary meeting.
The description of the SIM Application Toolkit work item was:
“A set of facilities which allow the SIM to interact with external entities (e.g., the network, the mobile equipment, or the user) to enable value-added applications to exist in the SIM.”
Colin Hamling was the rapporteur of the original SIM Application Toolkit work item but this duty was passed to Kristian Woodsend, also of BT Cellnet, at SMG9 #6 in September 1995. Kristian set to work to create the first draft of GSM 11.14, which was to combine the ideas of Swiss Telecom PTT for data download, the need for standardized unlatching, and above all else, a standard way for the SIM to give commands to the handset. The first draft of GSM 11.14 was presented to SMG9 #7 at the end of November 1995, a mere two months later.
A GSM handset was already obliged to send a STATUS APDU to the SIM every 30 seconds. The primary purpose of the STATUS command was to make sure the SIM was still there. If it wasn't, the call that was in progress was immediately terminated and the handset dropped off the network. With this new status word, if the card had a command waiting for the handset, it would respond to the STATUS command with a “91xx” as previously. Otherwise, it would just respond with “9000” as before.
So that's the story of five little APDUs and how they turned the SIM smart card from a data store into an application platform: TERMINAL PROFILE, to tell the SIM about the capabilities of the docking station it has been plugged into; the event download ENVELOPE, to tell it what is going on; a new status word with two new APDUs, FETCH and TERMINAL RESPONSE, to let it initiate action; and finally, an update of the STATUS APDU to let it get a word in edgewise. This is a motley set of technical bits and pieces to be sure, but when working together, they create what could turn out to be the salvation of many a network operator's business: a mobile application platform. The remainder of this chapter is about putting this motley crew to work for your applications.
Things have moved on since GSM 11.14. The proactive command set is now called the Card Application Toolkit and the commands themselves are codified in ETSI TS 102.223, which is under the care of ETSI's Smart Card Platform project.
Table 8.9 contains a list of the 32 proactive commands defined in the latest version of ETSI TS 102.223.
Table 8.9. The 32-Card Application Toolkit Proactive Commands
CLOSE CHANNEL |
DECLARE SERVICE |
DISPLAY TEXT |
GET CHANNEL STATUS |
GET INKEY |
GET INPUT |
GET READER STATUS |
GET SERVICE INFORMATION |
LANGUAGE NOTIFICATION |
LAUNCH BROWSER |
MORE TIME |
OPEN CHANNEL |
PERFORM CARD APDU |
PLAY TONE |
POLL INTERVAL |
POLLING OFF |
POWER OFF CARD |
POWER ON CARD |
PROVIDE LOCAL INFORMATION |
RECEIVE DATA |
REFRESH |
RUN AT COMMAND |
SELECT ITEM |
SEND DATA |
SEND DTMF |
SEND SHORT MESSAGE |
SERVICE SEARCH |
SET UP CALL |
SET UP EVENT LIST |
SET UP IDLE MODE TEXT |
SET UP MENU |
TIMER MANAGEMENT |
Even without knowing the details of these commands, you can see that there is a lot that your mobile application can do. The Card Application Toolkit is a very rich application development environment, far richer, for example, than the WAP application environment. You can find all the grisly details in ETSI TS 102.223, but a couple of these commands deserve a brief description here so you can get a sense of what is possible.
The POLLING INTERVAL command lets you set how frequently the handset polls the SIM with the STATUS command. You can't set it to a value less than the 30 seconds called for in other GSM standards, but if you have a lot of work for the handset to do, you can set the interval to less than 30 seconds. An issue that hasn't yet been fully resolved is: Who is ultimately in charge here? The handset? The 11.11 part of the SIM? The SIM application? The WAP browser? The network? The user? The PC to which the handset is connected? The server sending commands to the SIM? There are a lot of entities demanding space on the screen and the user's attention and virtually no machinery in place for them to coordinate or cooperate their activities.
The POWER ON CARD, PERFORM CARD APDU, and POWER OFF CARD commands are all meant to let the application on the SIM control and communicate with another smart card plugged into the handset. POWER ON and POWER OFF obviously tell the handset to provide power to the second card and to remove power from the second card, respectively. The PERFORM CARD APDU lets the SIM send an APDU to the second card by way of the handset.
The TERMINAL RESPONSE to this command is the reply of the second card. The vision was that the second card could be a credit card or an e-cash card of some sort that could be used in conjunction with SIM applications to conduct e-commerce. Unfortunately, dual-slot handsets haven't become widely available, so this vision is still more of a dream than a reality.
The PROVIDE LOCAL INFORMATION command lets the SIM application acquire data about the current environment from the handset. Included in the data available is information about the current location of the handset so that the SIM application can be sensitive to the geography in which it finds itself. These are called location-based applications, and there is a lot of work going on in this area. The resolution of the mobile's location available to the SIM is not as good as, say, GPS or even what is available to the network operator, but it is a beginning and certainly sufficient to get the creative juices flowing.
DISPLAY TEXT, GET INKEY, GET INPUT, PLAY TONE, SELECT ITEM, SETUP IDLE MODE TEXT, and SETUP MENU are all human interface commands that access the screen and the keypad on the handset. While there are certainly standards for handsets as well as for the SIM card, they aren't so tight that you can write fully handset-independent applications. There is still enough variation in screen size, display capability, and keypad layout that you will want to test your SIM application with a number of different handsets before you send it out into the world.
OPEN CHANNEL, RECEIVE DATA, SEND DATA, GET CHANNEL STATUS, and CLOSE CHANNEL enable your SIM application to communicate with servers out on the Internet. There is not yet a full TCP/IP stack on the SIM but this is coming.
Finally, SEND DTMF, SEND SHORT MESSAGE, SEND SS, SEND USSD, and SETUP CALL provide the means for your application to communicate with the outside world using the telephone network as opposed to the Internet. Of particular note is SEND SHORT MESSAGE, which enables your application to send a text message of up to 140 characters to any other GSM phone. SETUP CALL opens a voice channel to any other telephone number and SEND DTMF sends the touch pad tones down the wire. You can doubtless imagine some creative uses of this capability.
The Card Application Toolkit is a very capable application platform that provides some unique and very useful services to your mobile application. It is understandable why network operators don't let just anybody download applications to their SIMs. In fact, getting your applications into use—and thus turning them into money—will loom as just as big a challenge as creating the applications in the first place.
From a technical perspective, there are two kinds of SIM applications: ones that are translated into the hardware instructions of the SIM microprocessor and ones that are translated into byte codes that are interpreted by an interpreter program installed on the SIM. Interpreted applications can be loaded onto and deleted from the SIM more easily than native code applications, but they run up to an order of magnitude slower than native code applications, depending on how much of the application is done by underlying “system code,” which is invoked from the interpreted application.
Whether it is translated into microprocessor instructions or interpreted byte codes, an application is written in a programming language against an API. The generic programming API for applications on the Card Application Toolkit is codified in ETSI TS 102.240 “UICC Application Programming Interface (API).” Language-specific bindings of this generic API have been produced for a number of procedural programming languages, including Visual Basic, C, Java, and Modula.
Recently, however, what may ultimately be the winning programming paradigm for creating and deploying SIM-based mobile applications, has emerged. It is called the USAT Interpreter. Rather than supporting procedural programming languages such as Visual Basic or Java, the USAT Interpreter takes a cue from the success of the World Wide Web and focuses on markup languages that have been designed specifically for mobile applications such as HDML, cHTML, WML, and XHTML. A USAT Interpreter application is a series of pages that are sent to the mobile phone in SMS messages. The USAT Interpreter interprets each page just like your desktop browser interprets HTLM pages it retrieves from the Web. (This is why the USAT Interpreter is sometimes called a SIM microbrowser.) After the USAT Interpreter has processed a page, the page is thrown away and another page of the application is retrieved from the network.
The USAT Interpreter approach to mobile applications has a number of very attractive characteristics from the point of view of the network operators. It may also more closely model the intrinsic nature of mobile applications than a procedural language program.
There are three things that make USAT Interpreter applications an attractive alternative to procedural language applications to a network operator:
The administration costs of USAT Interpreter programs are much lower than those of procedural language programs. The USAT Interpreter's “fire and forget” model of computation means that applications don't have to be installed on the SIM and linked into the SIM Toolkit framework. Loading and installing SIM Application Toolkit programs understandably involves a lot of fancy cryptography and procedural safeguards because live code is being added to the SIM. The cost of these administrative procedures is avoided with USAT Interpreter programs because an interpreter page is just held in a temporary buffer while it is being processed. Of course, if you turn off the phone, the pages go away. For a network operator, this is a feature, not a bug.
A USAT Interpreter program doesn't take up any of the precious EEPROM space on the SIM because it isn't installed permanently. This means that there is plenty of room for telephony data such as phonebooks, dialing policies, and routing and roaming data. It also means that the subscriber can change his or her mind about what mobile applications he or she wants to use without contacting the operator's SIM administration system. This is much more convenient for the subscriber and much more efficient for the operator.
A USAT Interpreter program has regularization and control of the user interface. Customer care centers are expensive to operate. They are a necessary part of doing business, but each call to a customer care center is money down the tubes. If a subscriber has problems with a mobile application, they aren't going to call the provider of the program. They are going to call the operator's customer care center.
It is hard to tell by analyzing a procedural language program what the user experience with the program will be. It's even harder to build a procedural language program that adapts itself to the human interface style policies of different operators. Exactly the opposite is true of markup language programs. A markup language page in a sense is the human interface to the page. And each operator can publish markup language style templates that describe and enforce the user experience with that particular operator's applications. Applications just add data to these templates. The human interface stays consistent, just the application context and task change. The requirements of the network operators are exactly why markup languages were invented. The operator controls the presentation and the application provider controls the content.
Table 8.10 lists the standards documents that define the USAT Interpreter. Full-text markup language pages are converted to USAT Interpreter byte codes for efficient transmission and execution but this is purely a behind-the-scenes process as far as the application provider is concerned. All the application provider has to do is put the pages for his or her application on an Internet server. The network operator takes it from there.
Table 8.10. 3GPP Standards Describing the USAT Interpreter
Number | Title |
|---|---|
3GPP TS 22.112 | USAT Interpreter Stage 1 |
3GPP TS 31.112 | USAT Interpreter Stage 2 |
3GPP TS 31.113 | USAT Interpreter Byte Codes |
3GPP TS 31.114 | USAT Interpreter Transmission Protocol and Administration |
That's just like WAP, you say. Yes, but there is one very big difference. A SIM-originated transaction is secured and can be trusted and acted upon. A handset-originated transaction is not secure because the handset is not a trusted computing platform. You trust it at your own risk. There's a reason the WIM card was added to WAP after all. USAT Interpreter transactions are WIM transactions without the overhead of WAP.
To make the building of SIM Application Toolkit applications concrete, we will develop a simple example.
Imagine that you are the proprietor of a small convenience store or even a street vendor. You have a small inventory of items to sell and, within that small inventory, there are items that move very quickly. For a number of reasons, not the least of which is that you can't afford to, you don't keep a lot of inventory on the shelf or in your cart. When you start to run short of an item, you want to call the distributor of the item and get delivery quickly.
You've got a 3G mobile phone and, of course, you could place a voice call, but the person you'd speak with is a significant added expense for the distributor and really only listens to what you are saying and fills out a form on a screen. The screen contents then get translated into a transaction on an inventory and delivery scheduling system.
Why not just move that screen from the distributor to your mobile phone and do away with the slow, error-prone mouth-to-ear communication link? You can fill out the form right on the phone and then have the application on the phone send the transaction directly into the inventory and delivery system. This works because the number of items is small and the list of items is relatively fixed. We will call this the Rapid Reorder application and we will develop both the part that sits on the SIM in the mobile phone and the part that sits on the servers of the various distributors from whom inventory is ordered.
In the world of our example, the distributors have trucks with inventory in them, always on the move in the field. Transactions that you send in from your mobile phone are immediately sent to the drivers of these trucks after being run through the billing department, of course. The truck closest to you is on its way to you with your order as soon as you press the Send key.
Interaction with the on-card (mobile phone) Rapid Reorder application looks like this:
Pick the Rapid Reorder application from the list of applications on the SIM chip.
Scroll down the list of presented product categories (Dairy Products, Cold Drinks, Cold Cuts, Chip Products, etc.) and pick the category from which you are ordering.
Within the product category chosen, pick the product you are ordering (2% Milk/Quart, Skim Milk/Quart, Cottage Cheese).
Answer the pop-up question “Usual amount?” If your answer is “No,” use the keypad to enter the number of units you want in the pop-up box provided.
Review the complete order displayed on the screen and press OK if it is correct and should be sent.
It is up to the SIM application to know the phone number of the distributor of each of the product categories, to format the message sent to the distributor, and to keep trying to send the message until it gets through and an acknowledgement is received. When an acknowledgement is received, the application may pop up a “Hot Dogs on the Way” message on the phone and, depending on the IT maturity of the distributor, could even give an estimated arrival time.
The off-card application is running on a machine that can communicate with the distributor's order entry system. A GSM phone is connected to the machine as a kind of wireless modem. When an SMS message from the SIM arrives at the phone, it is retrieved from the phone by the off-card application, translated into the format needed by the order entry system, and passed off to the order entry system. The off-card application then goes back to polling the air modem, looking for the next incoming message.
Before starting to write the on-card application, we have to say a little about what the programming environment on the SIM card looks like.
There is a main menu on the SIM that displays a pick list of all of the available applications. When the Rapid Reorder selection is made from this menu, an ENVELOPE (MENU SELECTION) APDU is sent from the handset to the SIM containing the index of the menu item selected. The SIM card operating system knows that the index selected is Rapid Reorder and activates our application.
Rapid Reorder uses the list of product categories to build a SELECT ITEM proactive command and passes this command back to the operating system. The operating system returns a “91xx” to the handset in response to its ENVELOPE command and the handset turns around and issues a FETCH command to retrieve our SELECT ITEM command.
After presenting the category list to the user and getting a pick, the handset issues a TERMINAL RESPONSE command to the SIM containing the list index of the item picked. The operating system remembers that it was the Rapid Reorder application that sent the proactive command and calls Rapid Reorder with the reply from the handset.
Rapid Reorder goes around this loop once more using the list of products in the chosen category to get a selection of the exact product that is being reordered. The Rapid Reorder application uses the GET INKEY proactive command to get a “Y” or “N” response to the question about whether the usual quantity of items should be ordered.
After acquiring the quantity either from an internal table (“Y”) or asking for a numeric input using GET INPUT (“N”), the Rapid Reorder application uses the GET INKEY proactive command again to display the entire transaction and get back another “Y” or “N” response. Assuming all the information is correct and that “Y” is chosen, Rapid Reorder formats the transaction, retrieves the phone number of the distributor associated with the category, and uses the SEND SHORT MESSAGE proactive command to send the transaction to the distributor.
When the transaction gets to the off-card application and is entered into the distributor's order entry system, the off-card Rapid Reorder application sends an SMS back to the mobile that sent it the transaction containing whatever information had been given to it by the order entry system. This short message is received by the handset and passed to the SIM in an ENVELOPE (SMS-PP DOWNLOAD) APDU. The operating system hands the SMS to each of the applications on the card that indicated they might be receiving SMS messages. In due time, it is handed to Rapid Reorder, which recognizes it as a message from its off-card application and uses a DISPLAY TEXT proactive command to pop up a window that contains whatever information that had been passed along from the order entry system. It also informs the operating system that it handled the message.
Very abbreviated, here's what the on-card Rapid Reorder application looks like:
SELECT ITEMproactive command to get the product category.SELECT ITEMproactive command to get the product within the category.GET INKEYproactive command to inquire about the amount.Optional:
GET INPUTproactive command to get the amount from the user.SEND SHORT MESSAGEproactive command to send the transaction to the distributor.SMS-PP DOWNLOADto receive acknowledgement of the transaction from the distributor.DISPLAY TEXTto display status of order.
To say the least, this is not top-down, fastback, fully recursive compiler programming. The challenge in SIM Toolkit programming isn't writing wads of code, but rather working efficiently and elegantly within a rich but very complex and highly constrained environment. In other words, the challenge is to get the environment to do the work, not your code.
To build our example Rapid Reorder SIM Toolkit application, we used the Microsoft Smart Card for Windows Visual Studio development environment coupled with Rowley's SmartWorks C® compiler. This lets us program in C and run on the Microsoft Smart Card for Windows SIM card.
Whatever SIM Application Toolkit development environment you use, start by configuring a main menu on the SIM card. In the case at hand, we add a “Rapid Reorder” entry to the main menu and connect it to the compiled code we download onto the card. When this menu entry is selected on the handset, an ENVELOPE (MENU SELECTION) APDU is sent to the card. The SIM operating system notes which menu item has been selected, starts the corresponding application, and passes the entire ENVELOPE APDU to it.
Here's the entire ENVELOPE APDU that the Rapid Reorder application gets from the operating system (see Table 8.11):
Table 8.11. ENVELOPE (MENU SELECTION) APDU
CLA | INS | P1 | P2 | Lc | Menu Select Tag | Length | Device Tag | Length | ME | SIM | Item Tag | Length | Item No. |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
A0 | C2 | 00 | 00 | 09 | D3 | 07 | 82 | 02 | 83 | 82 | 90 | 01 | 01 |
The data field of the ENVELOPE APDU is a compound TLV. The tag of this TLV, D3, is the Toolkit tag for the Menu Selection. The value field of the Menu Selection TLV consists of two simple TLVs: Device Identifier (tag 82) and Item Identifier (tag 90). The Device Identifier TLV says that the command is going from the ME (83) to the SIM (81). The Item Identifier TLV says that Item #1 was selected.
Because there are two events that can cause our Rapid Reorder application to be placed into execution, the first thing that the application does is check to see which of the two events has occurred this time. If it is the Menu Selection event, then it sends a SELECT ITEM proactive command menu back to the handset to get the category of the product to be reordered.
Under the covers, the SIM operating system returns the status code 0x9134 to the handset in response to the ENVELOPE APDU. This says, “The ENVELOPE command was executed successfully and I have 0x34 bytes of proactive command for you.” The handset sends a FETCH APDU to the card to retrieve the 0x34 bytes of the proactive command. The SIM operating system responds with
CAL | INS | P1 | P2 | Lc | Le |
|---|---|---|---|---|---|
A0 | 12 | 00 | 00 | 00 | 34 |
D0 32 // Proactive Command of 0x32 bytes
81 03 02 24 01 // Command Details
82 02 81 82 // Device Identifier
05 07 43 61 74 65 67 6F 72 // Alpha Identifier "Category"
8F 06 01 44 61 69 72 79 // Item #1 "Dairy"
8F 06 02 44 72 69 6E 6B // Item #2 "Drink"
8F 06 03 4D 65 61 74 73 // Item #3 "Meats"
8F 06 04 43 68 69 70 73 // Item #4 "Chips"
The handset collects a choice from the user and sends a TERMINAL RESPONSE APDU back to the SIM:
CLA | INS | P1 | P1 | Lc | Data Field |
|---|---|---|---|---|---|
A0 | 14 | 00 | 00 | 0F | 81 03 06 24 01 82 02 82 81 83 01 00 90 01 01 |
This particular TERMINAL RESPONSE says that Item #1 was selected. The SIM operating system feeds the final 01 back to the Rapid Reorder application in the variable passed to the GsmEndSelectItem call that sent the menu to the handset.
This fundamental Card Application Toolkit protocol continues through the selection of a product from the category, an answer to the “Usual Amount?” question and terminates in the sending of an SMS message to the distributor that contains the order.
In actual fact, the display of the status message back from the distributor could have been left to the handset because it is nothing but a normal SMS message, but we've included its handling in the application to demonstrate how you might catch and process normal incoming SMS messages in a SAT application as follows.
/*
** Rapid Reorder SIM Toolkit Application
*/
#include <scw.h>
#include <string.h>
#include <gsm.h>
typedef const unsigned char *STR;
#define CLA_GSM 0xA0
#define INS_ENVELOPE 0xC2
#define SW_BADCLA 0x6402
#define SW_BADINS 0x6404
#define SW_BADTAG 0x6406
#define TAG_SMS_PP_DOWNLOAD 0xD1
#define TAG_MENU_SELECTION 0xD3
#define CATEGORY_DAIRY 0x01
#define CATEGORY_DRINK 0x02
#define CATEGORY_MEATS 0x03
#define CATEGORY_CHIPS 0x04
char *sms_title = "Rapid Reorder";
char *distributor_number="16179256888";
char *product[4][4] = {
{{"020 Skim Milk/Pt"},
{"020 Whole Milk/Pt"},
{"010 Skim Milk/Qt"},
{"010 Whole Milk/Qt"}},
{{"050 Coke/6Pack"},
{"030 Coke/2Lt"},
{"050 Pepsi/6Pack"},
{"030 Pepsi/2Lt"}},
{{"035 Hot Dogs"},
{"020 Bologna"},
{"040 Salami"},
{"010 Liverwurst"}},
{{"100 Potato Chips"},
{"050 Fritos"},
{"025 Pringles"},
{"040 Pretzels"}}
};
void main(void)
{
BYTE dlTag, dlLen, category, pick, answer[4], anslen;
BYTE data[36];
GsmDCSValue dcsValue;
/*
** Make sure it's an ENVELOPE command
*/
if (ScwGetOSParam(CURRENT_CLA) != CLA_GSM)
ScwExitSW(SW_BADCLA);
if (ScwGetOSParam(CURRENT_INS) != INS_ENVELOPE)
ScwExitSW(SW_BADINS);
/*
** Get the download tag and total length of the download
*/
dlTag = ScwGetCommByte();
dlLen = ScwGetCommByte();
/* Branch on the download tag */
switch (dlTag)
{
/*
** MENU_SELECTION
**
** The Rapid Reorder Application has been selected to place an order
** - get a selection from the list of product categories
** - get a subselection from the products in that category
** - if not usual amount, get the amount desired
** - send an SMS message to the distributor to place the order
*/
case TAG_MENU_SELECTION:
GsmSelectItem(7, (STR)"Category", PRESENT_AS_DATA_VALUES_NO_HELP);
GsmAddItem(5, (STR)"Dairy", CATEGORY_DAIRY);
GsmAddItem(5, (STR)"Drink", CATEGORY_DRINK);
GsmAddItem(5, (STR)"Meats", CATEGORY_MEATS);
GsmAddItem(5, (STR)"Chips", CATEGORY_CHIPS);
GsmEndSelectItem(&category);
switch(category) {
case CATEGORY_DAIRY:
GsmSelectItem(14, (STR)"Dairy Products",
PRESENT_AS_DATA_VALUES_NO_HELP);
GsmAddItem(5, (STR)"Skim Milk/Pt", 1);
GsmAddItem(5, (STR)"Whole Milk/Pt", 2);
GsmAddItem(5, (STR)"Skim Milk/Qt", 3);
GsmAddItem(5, (STR)"Whole Milk/Qt", 4);
GsmEndSelectItem(&pick);
break;
case CATEGORY_DRINK:
GsmSelectItem(12, (STR)"Cold Drinks",
PRESENT_AS_DATA_VALUES_NO_HELP);
GsmAddItem(5, (STR)"Coke/6Pack", 1);
GsmAddItem(5, (STR)"Coke/2Lt", 2);
GsmAddItem(5, (STR)"Pepsi/6Pack", 3);
GsmAddItem(5, (STR)"Pepsi/2Lt", 4);
GsmEndSelectItem(&pick);
break;
case CATEGORY_MEATS:
GsmSelectItem(7, (STR)"Cold Cuts",
PRESENT_AS_DATA_VALUES_NO_HELP);
GsmAddItem(8, (STR)"Hot Dogs", 1);
GsmAddItem(7, (STR)"Bologna", 2);
GsmAddItem(6, (STR)"Salami", 3);
GsmAddItem(11, (STR)"Liverwurst", 4);
GsmEndSelectItem(&pick);
break;
case CATEGORY_CHIPS:
GsmSelectItem(7, (STR)"Snack Food",
PRESENT_AS_DATA_VALUES_NO_HELP);
GsmAddItem(12, (STR)"Potato Chips", 1);
GsmAddItem(6, (STR)"Fritos", 2);
GsmAddItem(8, (STR)"Pringles", 3);
GsmAddItem(8, (STR)"Pretzels", 4);
GsmEndSelectItem(&pick);
break;
}
/* See if the usual amount is to be ordered */
GsmGetInKey(DCS_SMS_UNPACKED, 14, (STR)"Usual Amount?",
YES_NO_OPTION_NO_HELP, &dcsValue, &answer[0]);
/* If not, get the amount to be ordered */
if(!answer) {
GsmGetInput(DCS_SMS_UNPACKED, 9, (STR)"How Many?",
UNPACKED_DIGITS_ONLY_NO_HELP,
DCS_SMS_UNPACKED, 4, (STR)"10",
3, 3, &dcsValue, answer, &anslen);
memcpy(product[category][pick], answer, 3);
}
/* Send the order off to the distributor */
GsmSendSMS(13, (STR)sms_title, TON_INTERNATIONAL_AND_NPI_TELEPHONE,
sizeof(distributor_number), (STR)distributor_number,
14, (STR)(&product[category][pick][0]), PACKING_NOT_REQUIRED);
break;
/*
** SMS_PP_DOWNLOAD
**
** If it's an order status message from the distributor, display it
**
*/
case TAG_SMS_PP_DOWNLOAD:
ScwGetCommBytes(data, 2);
ScwGetCommBytes(data, data[1]); // Fan the device TLV
ScwGetCommBytes(data, 2);
ScwGetCommBytes(data, data[1]); // Fan the address of the SMSC
ScwGetCommBytes(data, 2);
ScwGetCommBytes(data, data[1]); // Get the Originating Address
if(memcmp(data, distributor_number, data[1]) != 0)
break;
ScwGetCommBytes(data, 10);
anslen = data[9];
ScwGetCommBytes(data, anslen); // Get the message from the distributor
GsmDisplayText(DCS_SMS_UNPACKED, anslen, (STR)data,
HIGH_PRIORITY_USER_CLEAR, 0);
break;
default:
ScwExitSW(SW_BADTAG);
}
/* Add standard success SW. */
ScwExitSW(GSM_S_COMMAND_SUCCESSFUL);
}
There is no shortage of ideas from application developers to evolve the Card Application Toolkit and also plenty of financial incentive for the SIM manufacturers and system software providers to do so. At the same time, there are 600 million SIM-packin' handsets in the field that have to be kept whole. Even large-scale changes in the mobile network such as those envisioned by 3GPP and UMTS don't include a process step titled “SIM Recall and Reissuing.” This is why engineering elegance such as that exhibited by Colin Hamling when he made that slight change to the smart card status word is the greatest challenge in the years to come. Small evolutionary changes with complete backward compatibility that open broad new possibilities is an excellent model for standards extension.
A question often asked is, “Will the SIM go away?” The authors don't think so. Some tamper-resistant way of controlling access to the network is required as much in the future as it was in the past. An alternative to the SIM would be to put the keys and such into a tamper-resistant part of the chip that runs the handset. This is essentially what AMPS phones did. The cost and hassle of moving keys from one handset to another throttled the introduction of new handsets and thereby the growth of mobile applications. Furthermore, making part or all of a handset processor tamper-resistant adds noticeable cost to the handset, and blurs what is the user's property and what is the network operator's property. Separating the keys and the handset is a compelling architectural decision on both technical and business grounds and one that may well find its way into other computing domains.
A follow-up question is, “Do SIM applications really make any sense?” Positive answers to this question usually involve a lot of abstract heavy breathing about security. While the security contribution of the SIM is real and an integral part of the security offer of GSM, telephone operators (except NTT DoCoMo) have been very slow to extend the application of their key infrastructure beyond their own networks (i.e., to provide security to non-network applications). What is more compelling about the SIM as an application environment is that it is a controlled environment. A side effect of the operator's security concerns is that the operator is able to control which applications get on the SIM. This provides an opportunity to coordinate the applications (e.g., imposing a common human interface style on all of them). Bottom line? SIM applications can make sense if the operators want them to, which means they can figure out how to make money in the process.
The SIM Application Toolkit is a highly specialized smart card programming environment and a very powerful one. The raw technology is in place today to build a wide range of compelling mobile applications. What is not in place is a business model to fund them. The SIM Application Toolkit is being used creatively by some telecom operators, Radiomobil in the Czech Republic, for example, but its potential hasn't begun to be tapped. Whether it ever will be is up to the owners of the SIM, the mobile network operators.