More Information

Introduction

Smart cards in the wireless marketplace provide: improved network security through user identification, a facility for storing user data, and a mechanism for recording various service data events. These capabilities enable improved service customization and portability in a secure environment, especially suited for various transaction based services.

Smart cards are tamper resistant and utilize ISO-standardized Application Protocol Data Units (APDU) to communicate with host devices via PIN codes and cryptographic keys.

This paper provides an overview of various smart card technologies and business issues.

Research

Wholesale Mobile Report

Secrets of MVNO Success

Mobile in Minute papers

Types of Smart Cards

Contact Cards and Contactless Cards

Contact Cards require insertion into a smart card reader with a direct connection to a conductive micro-module on the surface of the card.

Contactless Cards require only close proximity (a few inches) of a reader.

Categories of Smart Cards

• Integrated Circuit (IC) Microprocessor Cards: Allow for adding, deleting, or manipulating information in memory, allowing for a variety of applications and dynamic read/write capabilities. Most Smart Cards in use for mobile applications are of this type.

• IC Memory Cards: Can store data, but do not have a processor on the card.

• Optical Memory Cards: Can only store data, but have a larger memory capacity than IC memory cards.

Smart Card Standards

ISO 7816 is the international standard for Smart Cards.

SIM

The introduction of smart cards for wireless communications occurred in the early 1990’s when GSM networks deployed the Subscriber Identity Module (SIM) – a security module initially deployed to provide a facility for challenge/response authentication for GSM subscribers.

SIM hardware consists of a microprocessor, ROM, persistent EEPROM memory, volatile RAM, and a serial I/O interface. SIM software usually consists of an operating system, file system, and application programs. As with all smart cards, the SIM relies on the card terminal – the GSM handset – for battery and clock.

STK

The SIM evolved to incorporate the use of the SIM Toolkit (STK) - an important API for securely loading applications to the SIM. STK allows the mobile operator to create/provision services by loading them into the SIM without changing anything in the GSM handset. One convenient way for loading applications to the SIM is over-the-air via Short Message Service (SMS). Once loaded, applications on the SIM can be activated via various event triggers registered by the application at the STK. Occurrences such as an incoming/outgoing call or SMS message, call duration, and/or location of the mobile can all act as triggers. Control software with the SIM monitors such events and reports activities via SMS to a network based application server. This facilitates an excellent systems for smart card based value-added services such as mobile prepay and location based services.

Java Card

The Java card sits on top of the smart card OS, allowing application programmers access for deployment of services independent of the hardware and OS of the smart card. Executable code is platform independent, meaning that any card incorporating a Java Card interpreter can run the same application. When coupled with the STK, the Java card allows services to load and run on cards from different vendors.

UIM

Introduced by the CDMA Development Group and the 3GPP2, the Removable User Identity Module (R-UIM) card represents a smart card for use with CDMA based mobile phones.

WIM

Introduced with WAP specification 1.2, the WAP Identification Module (WIM) provides end-to-end security for WAP, improving on version 1.1 which only provided transport security between the handset and the WAP gateway.

S@T

The SIM Alliance has proposed a SIM Alliance Toolkit (S@T) as an industry standard for WAP based services for via any GSM phase 2+ phone that is not WAP enabled. The SIM Alliances states that one of the key benefits of S@T is the availability of WAP based services to non-WAP phones. Furthermore, all WAP browsers earlier than version 1.2 do not support WIM, making S@T and an enabler of secure transactions thanks to the SIM.

Smart Card Applications for Mobile Networks

Smart Cards may be used for a variety of applications such as financial services and mobile prepay. Ability for them to store personal user-related information allows them to be used for key data such as personal preferences, health history, and financial information such as account balances. The ability to dynamically update the information is a key attribute.

For further information

SIM GSM 11.11

STK GSM 11.14

Smart Card Readers & Programmers Offers smart card readers and smart card programmers, including development kits, biometric fingerprint readers, chip, IC, PIC and memory cards.

Additional Resources:

Books about: Smart Cards (coming soon)