SIM card


A SIM card or SIM is a type of integrated circuit, often in the form of a smart card. They are intended to securely store an international mobile subscriber identity number and its related key, which are used to identify and authenticate subscribers on mobile telephone devices. SIMs are also able to run apps and to store arbitrary information like address book contact information, and may be protected using a PIN code to prevent unauthorized use.
These SIM cards are always used on GSM phones; for CDMA phones, they are needed only for LTE-capable handsets. SIM cards are also used in various satellite phones, smart watches, computers, or cameras. The first SIM cards were the size of credit and bank cards; sizes were reduced several times over the years, usually keeping electrical contacts the same, to fit smaller-sized devices. SIMs are transferable between different mobile devices by removing the card itself.
Technically, the actual physical card is known as a universal integrated circuit card ; this smart card is usually made of PVC with embedded contacts and semiconductors, with the SIM as its primary component. In practice the term "SIM card" is still used to refer to the entire unit and not simply the IC. A SIM contains a unique serial number, integrated circuit card identification, international mobile subscriber identity number, security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to, and four passwords: a personal identification number for ordinary use, and a personal unblocking key for PIN unlocking as well as a second pair which are used for managing fixed dialing number and some other functionality. In Europe, the serial SIM number is also sometimes accompanied by an international article number or a European article number required when registering online for the subscription of a prepaid card.file:Tf sim both sides.png|thumb|A TracFone Wireless SIM card has no distinctive carrier markings and is only marked as a "SIM card".As of 2020, eSIM is superseding physical SIM cards in some domains, including cellular telephony. eSIM uses a software-based SIM embedded into an irremovable eUICC.

History and procurement

The SIM card is a type of smart card, the basis for which is the silicon integrated circuit chip. The idea of incorporating a silicon IC chip onto a plastic card originates from the late 1960s. Smart cards have since used MOS integrated circuit chips, along with MOS memory technologies such as flash memory and EEPROM.
The SIM was initially specified by the ETSI in the specification TS 11.11. This describes the physical and logical behaviour of the SIM. With the development of UMTS, the specification work was partially transferred to 3GPP. 3GPP is now responsible for the further development of applications like SIM and USIM and ETSI for the further development of the physical card UICC.
The first SIM card was manufactured in 1991 by Munich smart-card maker Giesecke+Devrient, who sold the first 300 SIM cards to the Finnish wireless network operator Radiolinja, who launched the world's first commercial 2G GSM cell network that year.
Today, SIM cards are considered ubiquitous, allowing over 8 billion devices to connect to cellular networks around the world daily. According to the International Card Manufacturers Association, there were 5.4 billion SIM cards manufactured globally in 2016 creating over $6.5 billion in revenue for traditional SIM card vendors. The rise of cellular IoT and 5G networks was predicted by Ericsson to drive the growth of the addressable market for SIM cards to over 20 billion devices by 2020. The introduction of embedded-SIM and remote SIM provisioning from the GSMA may disrupt the traditional SIM card ecosystem with the entrance of new players specializing in "digital" SIM card provisioning and other value-added services for mobile network operators.

Design

There are three operating voltages for SIM cards:, and . The operating voltage of the majority of SIM cards launched before 1998 was. SIM cards produced subsequently are compatible with and. Modern cards support, and.
Modern SIM cards allow applications to load when the SIM is in use by the subscriber. These applications communicate with the handset or a server using SIM Application Toolkit, which was initially specified by 3GPP in TS 11.14. ETSI and 3GPP maintain the SIM specifications. The main specifications are: ETSI TS 102 223, ETSI TS 102 241, ETSI TS 102 588, and ETSI TS 131 111. SIM toolkit applications were initially written in native code using proprietary APIs. To provide interoperability of the applications, ETSI chose Java Card. A multi-company collaboration called GlobalPlatform defines some extensions on the cards, with additional APIs and features like more cryptographic security and RFID contactless use added.

Data

SIM cards store network-specific information used to authenticate and identify subscribers on the network. The most important of these are the ICCID, IMSI, authentication key, local area identity and operator-specific emergency number. The SIM also stores other carrier-specific data such as the SMSC number, service provider name, service dialing numbers, advice-of-charge parameters and value-added service applications.
SIM cards can come in various data capacities, from to at least. All can store a maximum of 250 contacts on the SIM, but while the has room for 33 Mobile country code or network identifiers, the version has room for 80 MNCs. This is used by network operators to store data on preferred networks, mostly used when the SIM is not in its home network but is roaming. The network operator that issued the SIM card can use this to have a phone connect to a preferred network that is more economic for the provider instead of having to pay the network operator that the phone discovered first. This does not mean that a phone containing this SIM card can connect to a maximum of only 33 or 80 networks, instead it means that the SIM card issuer can specify only up to that number of preferred networks. If a SIM is outside these preferred networks, it uses the first or best available network.

ICCID

Each SIM is internationally identified by its integrated circuit card identifier. Nowadays ICCID numbers are also used to identify eSIM profiles, not only physical SIM cards. ICCIDs are stored in the SIM cards and are also engraved or printed on the SIM card body during a process called personalisation.
The ICCID is defined by the ITU-T recommendation E.118 as the primary account number. Its layout is based on ISO/IEC 7812. According to E.118, the number can be up to 19 digits long, including a single check digit calculated using the Luhn algorithm. However, the GSM Phase 1 defined the ICCID length as an opaque data field, 10 octets in length, whose structure is specific to a mobile network operator.
The number is composed of three subparts:
  • Issuer identification number
  • Check digit
  • Individual account identification
Their format is as follows.

Issuer identification number (IIN)

  • Maximum of seven digits:
  • * Major industry identifier, 2 fixed digits, 89 for telecommunication purposes.
  • * Country code, 2 or 3 digits, as defined by ITU-T recommendation E.164.
  • ** NANP countries, apart from Canada, use 01, i.e. prepending a zero to their common calling code +1
  • ** Canada uses 302
  • ** Russia uses 701, i.e. appending 01 to its calling code +7
  • ** Kazakhstan uses 997, even though it shares the calling code +7 with Russia
  • * Issuer identifier, 1–4 digits.
  • * Often identical to the Mobile country code.

    Individual account identification

  • Its length is variable, but every number under one IIN has the same length.
  • * Often identical to the Mobile identification number.

    Check digit

  • Single digit calculated from the other digits using the Luhn algorithm.
With the GSM Phase 1 specification using 10 octets into which ICCID is stored as packed BCD, the data field has room for 20 digits with hexadecimal digit "F" being used as filler when necessary. In practice, this means that on GSM cards there are 20-digit and 19-digit ICCIDs in use, depending upon the issuer. However, a single issuer always uses the same size for its ICCIDs.
As required by E.118, the ITU-T updates a list of all current internationally assigned IIN codes in its Operational Bulletins which are published twice a month. ITU-T also publishes complete lists: as of August 2023, the list issued on 1 December 2018 was current, having all issuer identifier numbers before 1 December 2018.

International mobile subscriber identity (IMSI)

SIM cards are identified on their individual operator networks by a unique international mobile subscriber identity. Mobile network operators connect mobile phone calls and communicate with their market SIM cards using their IMSIs. The format is:
  • The first three digits represent the Mobile country code.
  • The next two or three digits represent the Mobile network code. Three-digit MNC codes are allowed by E.212 but are mainly used in the United States and Canada. One MCC can have both 2 digit and 3 digit MNCs, an example is 350 007.
  • The next digits represent the Mobile identification number.
  • Normally there are 10 digits, but can be fewer in the case of a 3-digit MNC or if national regulations indicate that the total length of the IMSI should be less than 15 digits.
  • Digits are different from country to country.

    Authentication key (Ki)

The Ki is a 128-bit value used in authenticating the SIMs on a GSM mobile network. Each SIM holds a unique Ki assigned to it by the operator during the personalisation process. The Ki is also stored in a database on the carrier's network.
The SIM card is designed to prevent someone from getting the Ki by using the smart-card interface. Instead, the SIM card provides a function, Run GSM Algorithm, that the phone uses to pass data to the SIM card to be signed with the Ki. This, by design, makes using the SIM card mandatory unless the Ki can be extracted from the SIM card, or the carrier is willing to reveal the Ki. In practice, the GSM cryptographic algorithm for computing a signed response from the Ki has certain vulnerabilities that can allow the extraction of the Ki from a SIM card and the making of a duplicate SIM card.
Authentication process:
  1. When the mobile equipment starts up, it obtains the international mobile subscriber identity from the SIM card, and passes this to the mobile operator, requesting access and authentication. The mobile equipment may have to pass a PIN to the SIM card before the SIM card reveals this information.
  2. The operator network searches its database for the incoming IMSI and its associated Ki.
  3. The operator network then generates a random number and signs it with the Ki associated with the IMSI, computing another number, that is split into the Signed Response 1 and the encryption key Kc.
  4. The operator network then sends the RAND to the mobile equipment, which passes it to the SIM card. The SIM card signs it with its Ki, producing Signed Response 2 and Kc, which it gives to the mobile equipment. The mobile equipment passes SRES_2 on to the operator network.
  5. The operator network then compares its computed SRES_1 with the computed SRES_2 that the mobile equipment returned. If the two numbers match, the SIM is authenticated and the mobile equipment is granted access to the operator's network. Kc is used to encrypt all further communications between the mobile equipment and the operator.