SIM card

Last updated
A typical SIM card (mini-SIM with micro-SIM cutout) SIM-Karte von Telefonica O2 Europe - Standard und Micro.jpg
A typical SIM card (mini-SIM with micro-SIM cutout)
T-Mobile nano-SIM card with NFC capabilities in the SIM tray of an iPhone 6s cell phone Simkarte NFC SecureElement.jpg
T-Mobile nano-SIM card with NFC capabilities in the SIM tray of an iPhone 6s cell phone

A SIM (Subscriber Identity Module) card is an integrated circuit (IC) intended to securely store an international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices (such as mobile phones and laptops). SIMs are also able to store address book contacts information, [1] and may be protected using a PIN code to prevent unauthorized use.

Contents

SIMs are always used on GSM phones; for CDMA phones, they are needed only for LTE-capable handsets. SIM cards are also used in various satellite phones, smart watches, computers, or cameras. [2] The first SIM cards were the size of credit and bank cards; sizes were reduced several times over the years, usually keeping electrical contacts the same, to fit smaller-sized devices. [3] SIMs are transferable between different mobile devices by removing the card itself.

Technically the actual physical card is known as a universal integrated circuit card (UICC); this smart card is usually made of PVC with embedded contacts and semiconductors, with the SIM as its primary component. In practice the term "SIM card" is still used to refer to the entire unit and not simply the IC. A SIM contains a unique serial number, integrated circuit card identification (ICCID), international mobile subscriber identity (IMSI) number, security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to, and four passwords: a personal identification number (PIN) for ordinary use, and a personal unblocking key (PUK) for PIN unlocking as well as a second pair (called PIN2 and PUK2 respectively) which are used for managing fixed dialing number and some other functionality. [4] [5] In Europe, the serial SIM number (SSN) is also sometimes accompanied by an international article number (IAN) or a European article number (EAN) required when registering online for the subscription of a prepaid card.

A TracFone Wireless SIM card has no distinctive carrier markings and is only marked as a "SIM card". Tf sim both sides.png
A TracFone Wireless SIM card has no distinctive carrier markings and is only marked as a "SIM card".

As of 2020, eSIM is superseding physical SIM cards in some domains, including cellular telephony. eSIM uses a software-based SIM embedded into an irremovable eUICC.

History and procurement

The SIM card is a type of smart card, [2] the basis for which is the silicon integrated circuit (IC) chip. [6] The idea of incorporating a silicon IC chip onto a plastic card originates from the late 1960s. [6] Smart cards have since used MOS integrated circuit chips, along with MOS memory technologies such as flash memory and EEPROM (electrically EPROM). [7]

The SIM was initially specified by the ETSI in the specification TS 11.11. This describes the physical and logical behaviour of the SIM. With the development of UMTS, the specification work was partially transferred to 3GPP. 3GPP is now responsible for the further development of applications like SIM (TS 51.011 [8] ) and USIM (TS 31.102 [9] ) and ETSI for the further development of the physical card UICC.

The first SIM card was manufactured in 1991 by Munich smart-card maker Giesecke+Devrient, who sold the first 300 SIM cards to the Finnish wireless network operator Radiolinja, [10] [11] who launched the world's first commercial 2G GSM cell network that year. [12]

Today, SIM cards are considered ubiquitous, allowing over 8 billion devices to connect to cellular networks around the world daily. According to the International Card Manufacturers Association (ICMA), there were 5.4 billion SIM cards manufactured globally in 2016 creating over $6.5 billion in revenue for traditional SIM card vendors. [13] The rise of cellular IoT and 5G networks was predicted by Ericsson to drive the growth of the addressable market for SIM cards to over 20 billion devices by 2020. [14] The introduction of embedded-SIM (eSIM) and remote SIM provisioning (RSP) from the GSMA [15] may disrupt the traditional SIM card ecosystem with the entrance of new players specializing in "digital" SIM card provisioning and other value-added services for mobile network operators. [7]

Design

SIM chip structure and packaging Smartcard chip structure and packaging EN.svg
SIM chip structure and packaging

There are three operating voltages for SIM cards: 5 V, 3 V and 1.8 V (ISO/IEC 7816-3 classes A, B and C, respectively). The operating voltage of the majority of SIM cards launched before 1998 was 5 V. SIM cards produced subsequently are compatible with 3 V and 5 V. Modern cards support 5 V, 3 V and 1.8 V. [7]

4-by-4-millimetre (0.16 in x 0.16 in) silicon chip in a SIM card which has been peeled open. Note the thin gold bonding wires, and the regular, rectangular digital memory areas. Sim Chip.jpg
4-by-4-millimetre (0.16 in × 0.16 in) silicon chip in a SIM card which has been peeled open. Note the thin gold bonding wires, and the regular, rectangular digital memory areas.

Modern SIM cards allow applications to load when the SIM is in use by the subscriber. These applications communicate with the handset or a server using SIM Application Toolkit, which was initially specified by 3GPP in TS 11.14. (There is an identical ETSI specification with different numbering.) ETSI and 3GPP maintain the SIM specifications. The main specifications are: ETSI TS 102 223 (the toolkit for smart cards), ETSI TS 102 241 (API), ETSI TS 102 588 (application invocation), and ETSI TS 131 111 (toolkit for more SIM-likes). SIM toolkit applications were initially written in native code using proprietary APIs. To provide interoperability of the applications, ETSI chose Java Card. [16] A multi-company collaboration called GlobalPlatform defines some extensions on the cards, with additional APIs and features like more cryptographic security and RFID contactless use added. [17]

Data

SIM cards store network-specific information used to authenticate and identify subscribers on the network. The most important of these are the ICCID, IMSI, authentication key (Ki), local area identity (LAI) and operator-specific emergency number. The SIM also stores other carrier-specific data such as the SMSC (Short Message service center) number, service provider name (SPN), service dialing numbers (SDN), advice-of-charge parameters and value-added service (VAS) applications. (Refer to GSM 11.11. [18] )

SIM cards can come in various data capacities, from 8 KB to at least 256 KB. [11] All can store a maximum of 250 contacts on the SIM, but while the 32 KB has room for 33 Mobile country code (MCCs) or network identifiers, the 64 KB version has room for 80 MNCs. [1] This is used by network operators to store data on preferred networks, mostly used when the SIM is not in its home network but is roaming. The network operator that issued the SIM card can use this to have a phone connect to a preferred network that is more economic for the provider instead of having to pay the network operator that the phone discovered first. This does not mean that a phone containing this SIM card can connect to a maximum of only 33 or 80 networks, instead it means that the SIM card issuer can specify only up to that number of preferred networks. If a SIM is outside these preferred networks, it uses the first or best available network. [14]

ICCID

Each SIM is internationally identified by its integrated circuit card identifier (ICCID). Nowadays ICCID numbers are also used to identify eSIM profiles, not only physical SIM cards. ICCIDs are stored in the SIM cards and are also engraved or printed on the SIM card body during a process called personalisation.

The ICCID is defined by the ITU-T recommendation E.118 as the primary account number. [19] Its layout is based on ISO/IEC 7812. According to E.118, the number can be up to 19 digits long, including a single check digit calculated using the Luhn algorithm. However, the GSM Phase 1 [20] defined the ICCID length as an opaque data field, 10 octets (20 digits) in length, whose structure is specific to a mobile network operator.

The number is composed of three subparts:

Their format is as follows.

Issuer identification number (IIN)

Individual account identification

Check digit

With the GSM Phase 1 specification using 10 octets into which ICCID is stored as packed BCD[ clarification needed ], the data field has room for 20 digits with hexadecimal digit "F" being used as filler when necessary. In practice, this means that on GSM cards there are 20-digit (19+1) and 19-digit (18+1) ICCIDs in use, depending upon the issuer. However, a single issuer always uses the same size for its ICCIDs.

As required by E.118, the ITU-T updates a list of all current internationally assigned IIN codes in its Operational Bulletins which are published twice a month (the last as of January 2019 was No. 1163 from 1 January 2019). [22] ITU-T also publishes complete lists: as of August 2023, the list issued on 1 December 2018 was current, having all issuer identifier numbers before 1 December 2018. [23]

International mobile subscriber identity (IMSI)

SIM cards are identified on their individual operator networks by a unique international mobile subscriber identity (IMSI). Mobile network operators connect mobile phone calls and communicate with their market SIM cards using their IMSIs. The format is:

Authentication key (Ki)

The Ki is a 128-bit value used in authenticating the SIMs on a GSM mobile network (for USIM network, the Ki is still needed but other parameters are also needed). Each SIM holds a unique Ki assigned to it by the operator during the personalisation process. The Ki is also stored in a database (termed authentication center or AuC) on the carrier's network.

The SIM card is designed to prevent someone from getting the Ki by using the smart-card interface. Instead, the SIM card provides a function, Run GSM Algorithm, that the phone uses to pass data to the SIM card to be signed with the Ki. This, by design, makes using the SIM card mandatory unless the Ki can be extracted from the SIM card, or the carrier is willing to reveal the Ki. In practice, the GSM cryptographic algorithm for computing a signed response (SRES_1/SRES_2: see steps 3 and 4, below) from the Ki has certain vulnerabilities [1] that can allow the extraction of the Ki from a SIM card and the making of a duplicate SIM card.

Authentication process:

  1. When the mobile equipment starts up, it obtains the international mobile subscriber identity (IMSI) from the SIM card, and passes this to the mobile operator, requesting access and authentication. The mobile equipment may have to pass a PIN to the SIM card before the SIM card reveals this information.
  2. The operator network searches its database for the incoming IMSI and its associated Ki.
  3. The operator network then generates a random number (RAND, which is a nonce) and signs it with the Ki associated with the IMSI (and stored on the SIM card), computing another number, that is split into the Signed Response 1 (SRES_1, 32 bits) and the encryption key Kc (64 bits).
  4. The operator network then sends the RAND to the mobile equipment, which passes it to the SIM card. The SIM card signs it with its Ki, producing Signed Response 2 (SRES_2) and Kc, which it gives to the mobile equipment. The mobile equipment passes SRES_2 on to the operator network.
  5. The operator network then compares its computed SRES_1 with the computed SRES_2 that the mobile equipment returned. If the two numbers match, the SIM is authenticated and the mobile equipment is granted access to the operator's network. Kc is used to encrypt all further communications between the mobile equipment and the operator.

Location area identity

The SIM stores network state information, which is received from the location area identity (LAI). Operator networks are divided into location areas, each having a unique LAI number. When the device changes locations, it stores the new LAI to the SIM and sends it back to the operator network with its new location. If the device is power cycled, it takes data off the SIM, and searches for the prior LAI.

SMS messages and contacts

Most SIM cards store a number of SMS messages and phone book contacts. It stores the contacts in simple "name and number" pairs. Entries that contain multiple phone numbers and additional phone numbers are usually not stored on the SIM card. When a user tries to copy such entries to a SIM, the handset's software breaks them into multiple entries, discarding information that is not a phone number. The number of contacts and messages stored depends on the SIM; early models stored as few as five messages and 20 contacts, while modern SIM cards can usually store over 250 contacts. [24]

Formats

SIM cards have been made smaller over the years; functionality is independent of format. Full-size SIM was followed by mini-SIM, micro-SIM, and nano-SIM. SIM cards are also made to embed in devices.

From left, full-size SIM (1FF), mini-SIM (2FF), micro-SIM (3FF), and nano-SIM (4FF) GSM SIM card evolution.svg
From left, full-size SIM (1FF), mini-SIM (2FF), micro-SIM (3FF), and nano-SIM (4FF)
SIM card formats and dimensions
SIM card formatIntroducedStandard referenceLengthWidthThickness
Full-size (1FF)1991 ISO/IEC 7810:2003, ID-185.6 mm (3.37 in)53.98 mm (2.125 in)0.76 mm (0.030 in)
Mini-SIM (2FF)1996ISO/IEC 7810:2003, ID-00025 mm (0.98 in)15 mm (0.59 in)0.76 mm (0.030 in)
Micro-SIM (3FF)2003 ETSI TS 102 221 V9.0.0, Mini-UICC15 mm (0.59 in)12 mm (0.47 in)0.76 mm (0.030 in)
Nano-SIM (4FF)early 2012ETSI TS 102 221 V11.0.012.3 mm (0.48 in)8.8 mm (0.35 in)0.67 mm (0.026 in)
Embedded-SIM
(eSIM)
2016ETSI TS 102.671 V9.0.0

JEDEC Design Guide 4.8, SON-8
GSMA SGP.22 V1.0

6 mm (0.23622 in)5 mm (0.19685 in)?

All versions of the non-embedded SIM cards share the same ISO/IEC 7816 pin arrangement.

Full-size SIM

The full-size SIM (or 1FF, 1st form factor) was the first form factor to appear. It was the size of a credit card (85.60 mm × 53.98 mm × 0.76 mm).

Mini-SIM

The memory chip from a micro-SIM card without the plastic backing plate, next to a US dime, which is approx. 18 mm in diameter Disassembled SIM Card Film.JPG
The memory chip from a micro-SIM card without the plastic backing plate, next to a US dime, which is approx. 18 mm in diameter
X-ray image of a mini-SIM, showing the chip and connections SIM-Card X-ray contrast.jpg
X-ray image of a mini-SIM, showing the chip and connections

The mini-SIM (or 2FF) card has the same contact arrangement as the full-size SIM card and is normally supplied within a full-size card carrier, attached by a number of linking pieces. This arrangement (defined in ISO/IEC 7810 as ID-1/000) lets such a card be used in a device that requires a full-size card  or in a device that requires a mini-SIM card, after breaking the linking pieces. As the full-size SIM is obsolete, some suppliers refer to the mini-SIM as a "standard SIM" or "regular SIM".

Micro-SIM

The micro-SIM (or 3FF) card has the same thickness and contact arrangements, but reduced length and width as shown in the table above. [25]

The micro-SIM was introduced by the European Telecommunications Standards Institute (ETSI) along with SCP, 3GPP (UTRAN/GERAN), 3GPP2 (CDMA2000), ARIB, GSM Association (GSMA SCaG and GSMNA), GlobalPlatform, Liberty Alliance, and the Open Mobile Alliance (OMA) for the purpose of fitting into devices too small for a mini-SIM card. [21] [26]

The form factor was mentioned in the December 1998 3GPP SMG9 UMTS Working Party, which is the standards-setting body for GSM SIM cards, [24] and the form factor was agreed upon in late 2003. [27]

The micro-SIM was designed for backward compatibility. The major issue for backward compatibility was the contact area of the chip. Retaining the same contact area makes the micro-SIM compatible with the prior, larger SIM readers through the use of plastic cutout surrounds. The SIM was also designed to run at the same speed (5 MHz) as the prior version. The same size and positions of pins resulted in numerous "How-to" tutorials and YouTube videos with detailed instructions how to cut a mini-SIM card to micro-SIM size.

The chairman of EP SCP, Klaus Vedder, said [27]

ETSI has responded to a market need from ETSI customers, but additionally there is a strong desire not to invalidate, overnight, the existing interface, nor reduce the performance of the cards.

Micro-SIM cards were introduced by various mobile service providers for the launch of the original iPad, and later for smartphones, from April 2010. The iPhone 4 was the first smartphone to use a micro-SIM card in June 2010,[ citation needed ] followed by many others.

Nano-SIM

After a debate in early 2012 between a few designs created by Apple, Nokia and RIM, Apple's design for an even smaller SIM card was accepted by the ETSI. [28] [29] The nano-SIM (or 4FF) card was introduced in June 2012, when mobile service providers in various countries first supplied it for phones that supported the format. The nano-SIM measures 12.3 mm × 8.8 mm × 0.67 mm (0.484 in × 0.346 in × 0.026 in) and reduces the previous format to the contact area while maintaining the existing contact arrangements. [30] A small rim of isolating material is left around the contact area to avoid short circuits with the socket. The nano-SIM can be put into adapters for use with devices designed for 2FF or 3FF SIMs, and is made thinner for that purpose, [31] and telephone companies give due warning about this. [32] 4FF is 0.67 mm (0.026 in) thick, compared to the 0.76 mm (0.030 in) of its predecessors.

The iPhone 5, released in September 2012, was the first device to use a nano-SIM card, [33] followed by other handsets.

Security

In July 2013, Karsten Nohl, a security researcher from SRLabs, described [34] [35] vulnerabilities in some SIM cards that supported DES, which, despite its age, is still used by some operators. [35] The attack could lead to the phone being remotely cloned or let someone steal payment credentials from the SIM. [35] Further details of the research were provided at BlackHat on 31 July 2013. [35] [36] In response, the International Telecommunication Union said that the development was "hugely significant" and that it would be contacting its members. [37]

In February 2015, The Intercept reported that the NSA and GCHQ had stolen the encryption keys (Ki's) used by Gemalto (now known as Thales DIS, manufacturer of 2 billion SIM cards annually) [38] ), enabling these intelligence agencies to monitor voice and data communications without the knowledge or approval of cellular network providers or judicial oversight. [39] Having finished its investigation, Gemalto claimed that it has “reasonable grounds” to believe that the NSA and GCHQ carried out an operation to hack its network in 2010 and 2011, but says the number of possibly stolen keys would not have been massive. [40]

In September 2019, Cathal Mc Daid, a security researcher from Adaptive Mobile Security, described [41] [42] how vulnerabilities in some SIM cards that contained the S@T Browser library were being actively exploited. This vulnerability was named Simjacker. Attackers were using the vulnerability to track the location of thousands of mobile phone users in several countries. [43] Further details of the research were provided at VirusBulletin on 3 October 2019. [44] [45]

Developments

When GSM was already in use, the specifications were further developed and enhanced with functionality such as SMS and GPRS. These development steps are referred as releases by ETSI. Within these development cycles, the SIM specification was enhanced as well: new voltage classes, formats and files were introduced.

USIM

In GSM-only times, the SIM consisted of the hardware and the software. With the advent of UMTS, this naming was split: the SIM was now an application and hence only software. The hardware part was called UICC. This split was necessary because UMTS introduced a new application, the universal subscriber identity module (USIM). The USIM brought, among other things, security improvements like mutual authentication and longer encryption keys, and an improved address book.

UICC

"SIM cards" in developed countries today are usually UICCs containing at least a SIM application and a USIM application. This configuration is necessary because older GSM only handsets are solely compatible with the SIM application and some UMTS security enhancements rely on the USIM application.

Other variants

On cdmaOne networks, the equivalent of the SIM card is the R-UIM and the equivalent of the SIM application is the CSIM.

A virtual SIM is a mobile phone number provided by a mobile network operator that does not require a SIM card to connect phone calls to a user's mobile phone.

Embedded SIM (eSIM)

Embedded SIM from M2M supplier Eseye with an adapter board for evaluation in a mini-SIM socket Embedded SIM from M2M supplier Eseye with an adapter board for evaluation in a Mini-SIM socket blurred.jpg
Embedded SIM from M2M supplier Eseye with an adapter board for evaluation in a mini-SIM socket

An embedded SIM (eSIM) is a form of programmable SIM that is embedded directly into a device. [46] The surface mount format provides the same electrical interface as the full size, 2FF and 3FF SIM cards, but is soldered to a circuit board as part of the manufacturing process. In M2M applications where there is no requirement [15] to change the SIM card, this avoids the requirement for a connector, improving reliability and security.[ citation needed ] An eSIM can be provisioned remotely; end-users can add or remove operators without the need to physically swap a SIM from the device or use multiple eSIM profiles at the same time. [47] [48]

The eSIM standard, initially introduced in 2016, has progressively supplanted traditional physical SIM cards across various sectors, notably in cellular telephony. [49] [50] [51] In September 2017, Apple introduced the Apple Watch Series 3 featuring eSIM. [52] In October 2018, Apple introduced the iPad Pro (3rd generation), [53] which was the first iPad to support eSIM. In September 2022, Apple introduced the iPhone 14 series which was the first eSIM exclusive iPhone in the United States. [54]

Integrated SIM (iSIM)

An integrated SIM (iSIM) is a form of SIM directly integrated into the modem chip or main processor of the device itself. As a consequence they are smaller, cheaper and more reliable than eSIMs, they can improve security and ease the logistics and production of small devices i.e. for IoT applications. In 2021, Deutsche Telekom introduced the nuSIM, an "Integrated SIM for IoT". [55] [56] [57]

Usage in mobile phone standards

SIM cards of various German mobile operators SIM Karten (47514651302).jpg
SIM cards of various German mobile operators

The use of SIM cards is mandatory in GSM devices. [58] [59]

The satellite phone networks Iridium, Thuraya and Inmarsat's BGAN also use SIM cards. Sometimes, these SIM cards work in regular GSM phones and also allow GSM customers to roam in satellite networks by using their own SIM cards in a satellite phone.

Japan's 2G PDC system (which was shut down in 2012; SoftBank Mobile shut down PDC from 31 March 2010) also specified a SIM, but this has never been implemented commercially. The specification of the interface between the Mobile Equipment and the SIM is given in the RCR STD-27 annexe 4. The Subscriber Identity Module Expert Group was a committee of specialists assembled by the European Telecommunications Standards Institute (ETSI) to draw up the specifications (GSM 11.11) for interfacing between smart cards and mobile telephones. In 1994, the name SIMEG was changed to SMG9.

Japan's current and next-generation cellular systems are based on W-CDMA (UMTS) and CDMA2000 and all use SIM cards. However, Japanese CDMA2000-based phones are locked to the R-UIM they are associated with and thus, the cards are not interchangeable with other Japanese CDMA2000 handsets (though they may be inserted into GSM/WCDMA handsets for roaming purposes outside Japan).

CDMA-based devices originally did not use a removable card, and the service for these phones is bound to a unique identifier contained in the handset itself. This is most prevalent in operators in the Americas. The first publication of the TIA-820 standard (also known as 3GPP2 C.S0023) in 2000 defined the Removable User Identity Module (R-UIM). Card-based CDMA devices are most prevalent in Asia.

The equivalent of a SIM in UMTS is called the universal integrated circuit card (UICC), which runs a USIM application. The UICC is still colloquially called a SIM card. [60]

SIM and carriers

The SIM card introduced a new and significant business opportunity for MVNOs who lease capacity from one of the network operators rather than owning or operating a cellular telecoms network and only provide a SIM card to their customers. MVNOs first appeared in Denmark, Hong Kong, Finland and the UK. By 2011 they existed in over 50 countries, including most of Europe, the United States, Canada, Mexico, Australia and parts of Asia, and accounted for approximately 10% of all mobile phone subscribers around the world. [61]

On some networks, the mobile phone is locked to its carrier SIM card, meaning that the phone only works with SIM cards from the specific carrier. This is more common in markets where mobile phones are heavily subsidised by the carriers, and the business model depends on the customer staying with the service provider for a minimum term (typically 12, 18 or 24 months). SIM cards that are issued by providers with an associated contract, but where the carrier does not provide a mobile device (such as a mobile phone) are called SIM-only deals. Common examples are the GSM networks in the United States, Canada, Australia, and Poland. UK mobile networks ended SIM lock practices in December 2021. Many businesses offer the ability to remove the SIM lock from a phone, effectively making it possible to then use the phone on any network by inserting a different SIM card. Mostly, GSM and 3G mobile handsets can easily be unlocked and used on any suitable network with any SIM card.

In countries where the phones are not subsidised, e.g., India, Israel and Belgium, all phones are unlocked. Where the phone is not locked to its SIM card, the users can easily switch networks by simply replacing the SIM card of one network with that of another while using only one phone. This is typical, for example, among users who may want to optimise their carrier's traffic by different tariffs to different friends on different networks, or when travelling internationally.

In 2016, carriers started using the concept of automatic SIM reactivation [62] whereby they let users reuse expired SIM cards instead of purchasing new ones when they wish to re-subscribe to that operator. This is particularly useful in countries where prepaid calls dominate and where competition drives high churn rates, as users had to return to a carrier shop to purchase a new SIM each time they wanted to churn back to an operator.

SIM-only

Commonly sold as a product by mobile telecommunications companies, "SIM-only" refers to a type of legally liability contract between a mobile network provider and a customer. The contract itself takes the form of a credit agreement and is subject to a credit check.

SIM-only contracts can be pre-pay - where the subscriber buys credit before use (often called pay as you go, abbreviated to PAYG), or post-pay, where the subscriber pays in arrears, typically monthly.

Within a SIM-only contract, the mobile network provider supplies their customer with just one piece of hardware, a SIM card, which includes an agreed amount of network usage in exchange for a monthly payment. Network usage within a SIM-only contract can be measured in minutes, text, data or any combination of these. The duration of a SIM-only contract varies depending on the deal selected by the customer, but in the UK they are typically available over 1, 3, 6, 12 or 24-month periods.

SIM-only contracts differ from mobile phone contracts in that they do not include any hardware other than a SIM card. In terms of network usage, SIM-only is typically more cost-effective than other contracts because the provider does not charge more to offset the cost of a mobile device over the contract period. The short contract length is one of the key features of SIM-only  made possible by the absence of a mobile device.

SIM-only is increasing in popularity very quickly. [63] In 2010 pay monthly based mobile phone subscriptions grew from 41 percent to 49 percent of all UK mobile phone subscriptions. [64] According to German research company GfK, 250,000 SIM-only mobile contracts were taken up in the UK during July 2012 alone, the highest figure since GfK began keeping records.

Increasing smartphone penetration combined with financial concerns is leading customers to save money by moving onto a SIM-only when their initial contract term is over.

Multiple-SIM devices

Dual SIM slots as shown on a feature phone Picture of a feature phone with Dual SIM.png
Dual SIM slots as shown on a feature phone

Dual SIM devices have two SIM card slots for the use of two SIM cards, from one or multiple carriers. Multiple SIM devices are commonplace in developing markets such as in Africa, East Asia, South Asia and Southeast Asia, where variable billing rates, network coverage and speed make it desirable for consumers to use multiple SIMs from competing networks. Dual-SIM phones are also useful to separate one's personal phone number from a business phone number, without having to carry multiple devices. Some popular devices, such as the BlackBerry KeyOne, have dual-SIM variants; however, dual-SIM devices were not common in the US or Europe due to lack of demand. This has changed with mainline products from Apple and Google featuring either two SIM slots or a combination of a physical SIM slot and an eSIM.

In September 2018, Apple introduced iPhone XS, iPhone XS Max, and iPhone XR featuring Dual SIM (nano-SIM and eSIM) and Apple Watch Series 4 featuring Dual eSIM.

Thin SIM

A GPP-branded SIM interposer used to circumvent network restrictions on carrier-locked iPhones GPP SIM interposer.jpg
A GPP-branded SIM interposer used to circumvent network restrictions on carrier-locked iPhones

A thin SIM (or overlay SIM or SIM overlay) is a very thin device shaped like a SIM card, approximately 120 microns (1200 inch) thick. It has contacts on its front and back. It is used by placing it on top of a regular SIM card. It provides its own functionality while passing through the functionality of the SIM card underneath. It can be used to bypass the mobile operating network and run custom applications, particularly on non-programmable cell phones. [65]

Its top surface is a connector that connects to the phone in place of the normal SIM. Its bottom surface is a connector that connects to the SIM in place of the phone. With electronics, it can modify signals in either direction, thus presenting a modified SIM to the phone, and/or presenting a modified phone to the SIM. (It is a similar concept to the Game Genie, which connects between a game console and a game cartridge, creating a modified game). Similar devices have also been developed for iPhones to circumvent SIM card restrictions on carrier-locked models. [66]

In 2014, Equitel, an MVNO operated by Kenya's Equity Bank, announced its intention to begin issuing thin SIMs to customers, raising security concerns by competition, particularly concerning the safety of mobile money accounts. However, after months of security testing and legal hearings before the country's Parliamentary Committee on Energy, Information and Communications, the Communications Authority of Kenya (CAK) gave the bank the green light to roll out its thin SIM cards. [67]

See also

Related Research Articles

<span class="mw-page-title-main">GSM</span> Cellular telephone network standard since 1991

The Global System for Mobile Communications (GSM) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation (2G) digital cellular networks used by mobile devices such as mobile phones and tablets. GSM is also a trade mark owned by the GSM Association. "GSM" may also refer to the voice codec initially used in GSM.

In telecommunication, a public land mobile network (PLMN) is a combination of wireless communication services offered by a specific operator in a specific country. A PLMN typically consists of several cellular technologies like GSM/2G, UMTS/3G, LTE/4G, NR/5G, offered by a single operator within a given country, often referred to as a cellular network.

The international mobile subscriber identity is a number that uniquely identifies every user of a cellular network. It is stored as a 64-bit field and is sent by the mobile device to the network. It is also used for acquiring other details of the mobile in the home location register (HLR) or as locally copied in the visitor location register. To prevent eavesdroppers from identifying and tracking the subscriber on the radio interface, the IMSI is sent as rarely as possible and a randomly-generated TMSI is sent instead.

<span class="mw-page-title-main">International Mobile Equipment Identity</span> Cellphone identification code

The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also be displayed on-screen on most phones by entering the MMI Supplementary Service code *#06# on the dialpad, or alongside other system information in the settings menu on smartphone operating systems.

Mobility management is one of the major functions of a GSM or a UMTS network that allows mobile phones to work. The aim of mobility management is to track where the subscribers are, allowing calls, SMS and other mobile phone services to be delivered to them.

Network switching subsystem (NSS) is the component of a GSM system that carries out call out and mobility management functions for mobile phones roaming on the network of base stations. It is owned and deployed by mobile phone operators and allows mobile devices to communicate with each other and telephones in the wider public switched telephone network (PSTN). The architecture contains specific features and functions which are needed because the phones are not fixed in one location.

A personal unblocking key (PUK), sometimes called personal unblocking code (PUC), is used in SIM cards to reset a personal identification number (PIN) that has been lost or forgotten.

<span class="mw-page-title-main">Unstructured Supplementary Service Data</span> Communications protocol

Unstructured Supplementary Service Data (USSD), sometimes referred to as "quick codes" or "feature codes", is a communications protocol used by GSM cellular telephones to communicate with the mobile network operator's computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network. The service does not require a messaging app, and does not incur charges.

MSISDN is a number uniquely identifying a subscription in a Global System for Mobile communications or a Universal Mobile Telecommunications System mobile network. It is the mapping of the telephone number to the subscriber identity module in a mobile or cellular phone. This abbreviation has several interpretations, the most common one being "Mobile Station International Subscriber Directory Number".

GSM services are a standard collection of applications and features available over the Global System for Mobile Communications (GSM) to mobile phone subscribers all over the world. The GSM standards are defined by the 3GPP collaboration and implemented in hardware and software by equipment manufacturers and mobile phone operators. The common standard makes it possible to use the same phones with different companies' services, or even roam into different countries. GSM is the world's predominant mobile phone standard.

<span class="mw-page-title-main">Universal integrated circuit card</span> Smart card used to uniquely identify a mobile device on a cellular network

The universal integrated circuit card (UICC) is the physical smart card used in mobile terminals in 2G (GSM), 3G (UMTS), 4G (LTE), and 5G networks. The UICC ensures the integrity and security of all kinds of personal data, and it typically holds a few hundred kilobytes.

<span class="mw-page-title-main">Mobile station</span> Imsi catcher

A mobile station (MS) comprises all user equipment and software needed for communication with a mobile network.

<span class="mw-page-title-main">Removable User Identity Module</span>

Removable User Identity Module is a card developed for cdmaOne/CDMA2000 ("CDMA") handsets that extends the GSM SIM card to CDMA phones and networks. To work in CDMA networks, the R-UIM contains an early version of the CSIM application. The card also contains SIM (GSM) application, so it can work on both networks. It is physically compatible with GSM SIMs and can fit into existing GSM phones as it is an extension of the GSM 11.11 standard.

A mobile signature is a digital signature generated either on a mobile phone or on a SIM card on a mobile phone.

SIM Application Toolkit (STK) is a standard of the GSM system which enables the subscriber identity module to initiate actions which can be used for various value-added services. Similar standards exist for other network and card systems, with the USIM Application Toolkit (USAT) for USIMs used by newer-generation networks being an example. A more general name for this class of Java Card-based applications running on UICC cards is the Card Application Toolkit (CAT).

A CDMA subscriber identity module (CSIM) is an application to support CDMA2000 phones that runs on a UICC, with a file structure derived from the R-UIM card. By porting the application to the UICC, a card with CSIM, SIM, and USIM can operate with all major cellular technologies worldwide. The CSIM application allows users to change phones by simply removing the smart card from one mobile phone and inserting it into another mobile phone or broadband telephony device supporting the CDMA2000 radio interface.

The (U)SIM interface is the connecting point of the mobile phone and the UICC with its SIM or USIM application.

eSIM Programmable SIM card embedded into a device

An eSIM is a form of SIM card that is embedded directly into a device as software installed onto a eUICC chip. First released in March 2016, eSIM is a global specification by the GSMA that enables remote SIM provisioning; end-users can change mobile network operators without the need to physically swap a SIM from the device. eSIM technology has been referred to as a disruptive innovation for the mobile telephony industry. Most flagship devices manufactured since 2018 that are not SIM locked support eSIM technology; as of October 2023, there were 134 models of mobile phones that supported eSIMs. In addition to mobile phones, tablet computers, and smartwatches, eSIM technology is used for Internet of things applications such as connected cars, artificial intelligence translators, MiFi devices, smart earphones, smart metering, GPS tracking units, database transaction units, bicycle-sharing systems, advertising players, and closed-circuit television cameras. A report stated that by 2025, 98% of mobile network operators were expected to offer eSIMs.

Remote SIM provisioning is a specification realized by GSMA that allows consumers to remotely activate the subscriber identity module (SIM) embedded in a portable device such as a smart phone, smart watch, fitness band or tablet computer. The specification was originally part of the GSMA's work on eSIM and it is important to note that remote SIM provisioning is just one of the aspects that this eSIM specification includes. The other aspects being that the SIM is now structured into "domains" that separate the operator profile from the security and application "domains". In practise "eSIM upgrade" in the form of a normal SIM card is possible or eSIM can be included into an SOC. The requirement of GSMA certification is that personalisation packet is decoded inside the chip and so there is no way to dump Ki, OPc and 5G keys. Another important aspect is that the eSIM is owned by the enterprise, and this means that the enterprise now has full control of the security and applications in the eSIM, and which operators profiles are to be used.

eUICC refers to the architectural standards published by the GSM Association (GSMA) or implementations of those standard for eSIM, a device used to securely store one or more SIM card profiles, which are the unique identifiers and cryptographic keys used by cellular network service providers to uniquely identify and securely connect to mobile network devices. Applications of eUICC are found in mobile network devices that use GSM cellular network eSIM technology.

References

  1. 1 2 3 "Hackers crack open mobile network". bbc.co.uk. 20 April 2011. Archived from the original on 12 August 2011. Retrieved 13 August 2011.
  2. 1 2 Tait, Don (25 August 2016). "Smart card IC shipments to reach 12.8 billion units in 2021". IHS Technology. IHS Markit. Archived from the original on 24 October 2019. Retrieved 24 October 2019.
  3. GSMA Intelligence. "Understanding SIM evolution" (PDF). GSMA Intelligence. GSMA. Archived (PDF) from the original on 20 March 2023. Retrieved 31 May 2023.
  4. "Calling Features on Your Samsung Galaxy Phone". Samsung. Limit Calling to Specific Numbers. Retrieved 19 April 2022.
  5. "Access codes". Nokia.
  6. 1 2 3 Chen, Zhiqun (2000). Java Card Technology for Smart Cards: Architecture and Programmer's Guide. Addison-Wesley Professional. pp. 3–4. ISBN   9780201703290.
  7. 1 2 3 Veendrick, Harry J. M. (2017). Nanometer CMOS ICs: From Basics to ASICs. Springer. pp. 315, 481–2. ISBN   9783319475974.
  8. "3GPP specification: 51.011". Archived from the original on 28 April 2016. Retrieved 29 April 2016.
  9. "3GPP specification: 31.102". Archived from the original on 14 April 2016. Retrieved 29 April 2016.
  10. Asif, Saad Z. (2011). Next Generation Mobile Communications Ecosystem. John Wiley & Sons. p. 306. ISBN   978-1119995814.
  11. 1 2 "G&D – History of Giesecke & Devrient". Archived from the original on 24 September 2015. Retrieved 29 April 2016.
  12. "World's First GSM Call was made 20 years ago". www.fonearena.com. Retrieved 15 July 2024.
  13. "Official Publication of the International Card Manufacturers Association February 2017 Volume 27 No1" (PDF). Retrieved 28 May 2017.[ permanent dead link ]
  14. 1 2 "Ericsson Mobility Report November 2015" (PDF). Archived (PDF) from the original on 17 March 2017. Retrieved 28 May 2017.
  15. 1 2 "GSMA Embedded SIM and RSP". Archived from the original on 7 June 2017. Retrieved 28 May 2017.
  16. "ETSI TS 102 241: UICC API for Java Card™ Release 13" (PDF). Archived (PDF) from the original on 8 March 2021. Retrieved 8 August 2019.
  17. "Specifications Archive: Secure Element (Card)". GlobalPlatform. Archived from the original on 31 July 2019. Retrieved 8 August 2019.
  18. "3GPP specification: 11.11". Archived from the original on 18 August 2016. Retrieved 29 April 2016.
  19. ITU-T, ITU-T Recommendation E.118, The international telecommunication charge card, Revision history Archived 17 October 2012 at the Wayback Machine , Revision "05/2006"
  20. ETSI, ETSI Recommendation GSM 11.11, Specifications of the SIM-ME Interface, Version 3.16.0 Archived 27 November 2007 at the Wayback Machine
  21. 1 2 Gaby Lenhart (1 April 2006). "The Smart Card Platform". ETSI Technical Committee Smart Card Platform (TB SCP). Archived from the original on 24 August 2013. Retrieved 30 January 2010. SCP is co-operating on both technical and service aspects with a number of other committees both within and outside the telecommunications sector.
  22. "Operational Bulletin No. 1163 (1.I.2019)". www.itu.int. Archived from the original on 5 January 2019. Retrieved 5 January 2019.
  23. "List of issuer identifier numbers for the international telecommunication charge card (in accordance with Recommendation ITU-T E.118 (05/2006))". International Telecommunication Union. 5 January 2015. Archived from the original on 5 January 2019. Retrieved 4 January 2019.
  24. 1 2 "DRAFT Report of the SMG9 UMTS Working Party, meeting #7 hosted by Nokia in Copenhagen, 15–16 December 1998" (PDF). 3GPP. 25 January 1999. Archived (PDF) from the original on 23 August 2013. Retrieved 27 January 2010. One manufacturer stated that it may be difficult to meeting ISO mechanical standards for a combined ID-1/micro-SIM card.
  25. "What is a microsim card?". Foned.nl. Archived from the original on 22 February 2013. Retrieved 14 October 2012.
  26. Segan, Sascha (27 January 2010). "Inside the iPad Lurks the 'Micro SIM'". PC Magazine . Retrieved 30 January 2010.
  27. 1 2 Antipolis, Sophia (8 December 2003). "New form factor for smart cards introduced". SmartCard Trends. Archived from the original on 26 April 2010. Retrieved 30 January 2010. The work item for the so-called Third Form Factor, "3FF", was agreed, after intensive discussions, at the SCP meeting held last week in London.
  28. Ziegler, Chris (26 March 2012). "Nano-SIM war: here's what Apple and Nokia want to put in your next phone". The Verge. Retrieved 10 April 2024.
  29. "New SIM card format for slimmer, smaller phones". ETSI. Retrieved 10 April 2024.
  30. "TS 102 221 - V11.0.0 - Smart Cards; UICC-Terminal interface; Physical and logical characteristics (Release 11)" (PDF).
  31. Dr. Klaus Vedder (18 January 2012). "The UICC – Recent Work of ETSI TC Smart Card Platform" (PDF). ETSI. p. 12. Archived from the original (PDF) on 30 August 2017. Retrieved 22 July 2012. Thinner to allow adapters so that the 4FF can be "clicked" into adapters for use as a Plug-in SIM or 3FF SIM giving a kind of backward usability
  32. Virgin Mobile. "An important guide to inserting your SIM into your mobile" (PDF). Archived from the original (PDF) on 25 January 2018. Retrieved 21 January 2017. You may also have to use one of the enclosed adaptors. If you don't follow these guidelines your phone warranty could be invalidated. We're afraid we can't accept responsibility for any damage to your phone if you choose to ignore this advice.
  33. While no actual source is available for this fact, GSMArena is a reputable website for mobile phone specifications, and seems to prove this. "Phone Finder results - GSMArena.com". www.gsmarena.com. Retrieved 10 April 2024.
  34. Encryption Bug in SIM Card Can be Used to Hack Millions of Phones Archived 24 July 2013 at the Wayback Machine , published 2013-07-21, accessed 2013-07-22
  35. 1 2 3 4 Rooting SIM cards, SR Labs, accessed 2013-07-22
  36. "Black Hat USA 2013". Archived from the original on 2 January 2018. Retrieved 29 April 2016.
  37. UPDATE 1-UN warns on mobile cybersecurity bugs in bid to prevent attacks Archived 19 March 2022 at the Wayback Machine , Reuters, 2013-07-21, accessed 2013-07-21
  38. "Thales Completes Acquisition Of Gemalto To Become A Global Leader In Digital Identity And Security | Thales Group". www.thalesgroup.com. 2 April 2019. Retrieved 24 December 2023.
  39. "The Great SIM Heist – How Spies Stole the Keys to the Encryption Castle". The Intercept. The Intercept (First Look Media). 19 February 2015. Archived from the original on 19 February 2015. Retrieved 19 February 2015.
  40. "Gemalto: NSA/GCHQ Hack 'Probably Happened' But Didn't Include Mass SIM Key Theft". techcrunch.com. 25 February 2015. Archived from the original on 30 March 2015. Retrieved 2 April 2015.
  41. Cimpanu, Catalin. "Simjacker attack exploited in the wild to track users for at least two years". ZDNet. Archived from the original on 28 July 2021. Retrieved 28 July 2021.
  42. "Simjacker – Next Generation Spying Over Mobile | Mobile Security News | AdaptiveMobile". blog.adaptivemobile.com. Archived from the original on 28 July 2021. Retrieved 28 July 2021.
  43. Olson, Parmy (13 September 2019). "Hackers Use Spyware to Track SIM Cards". The Wall Street Journal . ISSN   0099-9660. Archived from the original on 28 July 2021. Retrieved 28 July 2021.
  44. "Virus Bulletin :: Simjacker — the next frontier in mobile espionage". www.virusbulletin.com. Archived from the original on 28 July 2021. Retrieved 28 July 2021.
  45. "Simjacker — Frequently Asked Questions and Demos | Mobile Security News | AdaptiveMobile". blog.adaptivemobile.com. Archived from the original on 28 July 2021. Retrieved 28 July 2021.
  46. Krüssel, Peter (23 July 2018). Future Telco: Successful Positioning of Network Operators in the Digital Age. Springer. p. 13. ISBN   978-3-319-77724-5.
  47. "eUICC – The Future for SIM Technology". PodM2M. 5 July 2019. Archived from the original on 29 August 2019. Retrieved 18 September 2018.
  48. "How does an eSIM work?". Saily Help Center. Retrieved 23 December 2024.
  49. "The eSIM opportunity". asianwirelesscomms.com. Retrieved 4 August 2024.
  50. "Travel esim". wowesim.com. Retrieved 4 August 2024.
  51. Bair, John (17 November 2017). Seeking the Truth from Mobile Evidence: Basic Fundamentals, Intermediate and Advanced Overview of Current Mobile Forensic Investigations. Academic Press. p. 73. ISBN   978-0-12-811057-7.
  52. "Apple Watch Series 3 – Technical Specifications". support.apple.com. Archived from the original on 8 August 2019. Retrieved 7 September 2022.
  53. "New iPad Pro with all-screen design Is most advanced, powerful iPad ever". Apple Newsroom. Archived from the original on 30 October 2018. Retrieved 6 September 2022.
  54. "iPhone 14 Pro – Technical Specifications". support.apple.com. Archived from the original on 24 March 2023. Retrieved 24 March 2023.
  55. "eSIM und nuSIM – was sind die Unterschiede? Telekom arbeitet an nuSIM". M2M-Kommunikation.de (in German). Portalavenue GmbH. Archived from the original on 22 June 2022. Retrieved 22 June 2022.
  56. "nuSIM: Unsere innovative iSIM-Lösung" (in German). Deutsche Telekom. Archived from the original on 22 June 2022. Retrieved 22 June 2022.
  57. Kunz, Daniel (15 February 2022) [2021]. "nuSIM – die integrierte SIM für das Internet der Dinge" (in German). Deutsche Telekom. Archived from the original on 23 November 2021. Retrieved 22 June 2022.
  58. Bolton, David (26 August 2013). "New Vulnerabilities in Older SIM Cards". Dice Insights. Retrieved 4 August 2024.
  59. Correia, Luis M.; Abramowicz, Henrik; Johnsson, Martin; Wünstel, Klaus (6 January 2011). Architecture and Design for the Future Internet: 4WARD Project. Springer Science & Business Media. p. 300. ISBN   978-90-481-9346-2.
  60. "Communication · Mobile Threat Catalogue". National Institute of Standards and Technology . Archived from the original on 20 May 2021. Retrieved 19 June 2021. ...colloquially referred to as the Subscriber Identity Module (SIM) card, although current standards use the term Universal Integrated Circuit Card (UICC).
  61. Kimiloglu, Hande; Ozturan, Meltem; Kutlu, Birgul (2011). "Market Analysis for Mobile Virtual Network Operators (MVNOs): The Case of Turkey". International Journal of Business and Management. 6 (6). doi: 10.5539/ijbm.v6n6p39 . ISSN   1833-8119. Archived from the original on 20 June 2023. Retrieved 31 October 2022.
  62. "Gemalto pioneers SIM reactivation". 3 November 2016. Archived from the original on 4 November 2016. Retrieved 3 November 2016.
  63. "A nation addicted to smartphones". Ofcom. Archived from the original on 23 April 2014. Retrieved 6 July 2016.
  64. "UK sales of SIM-only mobile contracts set a new record". The Fone Cast. Archived from the original on 25 February 2013. Retrieved 29 October 2012.
  65. Archived at Ghostarchive and the Wayback Machine : CCS 2016 (7 November 2016). "Keynote by Ross Anderson at CCS 2016" via YouTube.{{cite web}}: CS1 maint: numeric names: authors list (link)
  66. "Gevey SIM Unlocks iPhone 4 on iOS 4.3". www.fonearena.com. Archived from the original on 26 February 2022. Retrieved 26 February 2022.
  67. Heuler, Hilary. "Africa's new thin SIM cards: The line between banks and telcos just got thinner – ZDNet". ZDNet . Archived from the original on 2 May 2019. Retrieved 24 November 2018.