1029
Brief introduction to the SIM-card
When the question, "What are you?" I answered, "software developer for SIM-cards", even tech-savvy people are often surprised. Many think that the SIM-card is "something like a flash drive."
In this article I will try to explain briefly what the SIM-card (and smart cards in general), why it is needed, and that she had inside.
Actually SIM-card - this is a special case of a contact smart card microprocessor. In fact, represents a fairly secure microcomputer with CPU, ROM (optional), RAM and NVRAM (which acts as an analogue of the hard disk in PC), with Hardware random number generator, and hardware implementation of crypto-algorithms.
In some approximation architecture microprocessor smart cards can be represented as:
A little bit about the production h4>
Types of cards h4> The type of memory used recently SIM-card are divided into 2 groups: the cards that use the ROM and EEPROM, and a card that uses Flash memory.
Java maps h4> Yes, I was not mistaken. According to the program "stuffing" smart cards are divided into 2 groups - native i> and javacard i>.
Native card h5> software for the native-cards written in C. Appendices (if required by the manufacturer) is usually tightly integrated with the OS and loaded simultaneously on the OS map. Install any application developed by another company, to native-card can not be. Additional functionality requested by the operator, often have to add code to the OS. The dimensions of the OS from the use of C and the simplicity of the OS small enough (SIM card order 10-20Kbayt). Therefore, native-cards currently used in low-cost segment, where the operator does not want anything on the map, but the simple menu.
Javacard h5> In the era of proliferation of Java Sun Microsystems has written specifications javacard. Javacard idea was to make it possible to install applications (applets) to cards of different manufacturers (and on different chips). In 1996, the division of Smart Card Corporation Shlumberger (later renamed the Axalto, currently Gemalto) introduced the first javacard. The idea is simple enough. Besides the OS map contains a virtual machine Java. The developed application is compiled into bytecode and loaded onto the card. Applications in this case loaded after booting the OS (in the production process the card), and if the card contains the Remote Applet Manager, javacard applet can be installed after the release of the card through the CMC.
In this article I will try to explain briefly what the SIM-card (and smart cards in general), why it is needed, and that she had inside.
Actually SIM-card - this is a special case of a contact smart card microprocessor. In fact, represents a fairly secure microcomputer with CPU, ROM (optional), RAM and NVRAM (which acts as an analogue of the hard disk in PC), with Hardware random number generator, and hardware implementation of crypto-algorithms.
In some approximation architecture microprocessor smart cards can be represented as:
A little bit about the production h4>
For further understanding of the material seems to me the right to briefly explain the basic processes in the production of maps.
1. Production of chip
Artist: The manufacturer of chips (silicon vendor).
The final product: plate with chips (wafer).
The chips are manufactured by several companies, the most common - Samsung, ST Microelectronics, Infinion, SST etc.
The reverse side of the module. White rectangle in the center - chip SIM-card.
2. Assembling modules
Artist: manufacturer of smart cards (card vendor) or a third-party assembly plant modules.
The final product: ribbon modules (chip + pad).
At this stage the plate is cut into chips (often the plates are cut by the manufacturer of the chip), the chips are mounted on the pads, then soldered contacts and the chip is filled with glue (see. Previous photo back side of the module). All this construction is called "modules".
3. Manufacture card
Artist: card vendor.
The final product: SIM-card.
The modules are extracted from the tapes are mounted on a plastic base card, then load the file system, the application then goes personalization card - loading data unique to each card (different ID, keys, etc.) and applying them to the card (eg ICCID and PIN codes the case of SIM-cards).
Types of cards h4> The type of memory used recently SIM-card are divided into 2 groups: the cards that use the ROM and EEPROM, and a card that uses Flash memory.
In the first type of card operating system (OS), and used regularly and maloizmenyaemye applications are placed in the ROM chip manufacturer (the first stage of production). Production cycle in this case is very long and the gap between the release of the OS, and the first shipment of chips takes 2-3 months. EEPROM using the card manufacturer to download the file system (FS) and applications.
In the case of Flash Card OS, FS and applications are stored in Flash memory. Using Flash, you can download the OS during the assembly of modules or in the production of maps (steps 2 and 3). At this point the card using flash memory practically superseded ROM with market SIM-cards. Flash chips are cheaper and allow easy enough to make changes to the OS. Also, the card manufacturer's easier to plan the order of chips because they do not have to order chips with specific versions of the OS, but just ordered chips with different size of memory, and you have already downloaded the OS for a specific customer - the operator. Since the forecast for the purchase of chips is usually done only once a year, it greatly simplifies planning.
Java maps h4> Yes, I was not mistaken. According to the program "stuffing" smart cards are divided into 2 groups - native i> and javacard i>.
Native card h5> software for the native-cards written in C. Appendices (if required by the manufacturer) is usually tightly integrated with the OS and loaded simultaneously on the OS map. Install any application developed by another company, to native-card can not be. Additional functionality requested by the operator, often have to add code to the OS. The dimensions of the OS from the use of C and the simplicity of the OS small enough (SIM card order 10-20Kbayt). Therefore, native-cards currently used in low-cost segment, where the operator does not want anything on the map, but the simple menu.
Javacard h5> In the era of proliferation of Java Sun Microsystems has written specifications javacard. Javacard idea was to make it possible to install applications (applets) to cards of different manufacturers (and on different chips). In 1996, the division of Smart Card Corporation Shlumberger (later renamed the Axalto, currently Gemalto) introduced the first javacard. The idea is simple enough. Besides the OS map contains a virtual machine Java. The developed application is compiled into bytecode and loaded onto the card. Applications in this case loaded after booting the OS (in the production process the card), and if the card contains the Remote Applet Manager, javacard applet can be installed after the release of the card through the CMC.
Language to develop under javacard - it greatly cut down Java. Trimmed it is much stronger than in J2ME. From primitives were only
boolean, byte, short code> pre> and optionally supported int (but hardly used for the sake of compatibility, as not supported by all manufacturers). No usual type of classes
String code> pre> (all of
java.lang code> pre> migrated Only
Object code> pre>,
Throwable code> pre> and some
Exceptions code> pre>), no multithreading, no garbage collector'a. Cons javacard, in my opinion - is the speed and large memory requirements (like RAM, and EEPROM / Flash). Java-cards are more expensive due to the use of more expensive chips and more complex structure.
Applications h5> The preceding text is often cited application, but the person is not familiar with smart cards, most often it is unclear what kind of applications can be on the map.
Firstly, the basic functionality of the card can be put in a separate annex. For example, it may be SIM applet, written in java, which implements all the functionality of SIM. May be R-UIM application (R-UIM card used in CDMA networks). This application can be Visa or Mastercard, converting smart card into a bank card. In fact, when using java, you can leave the OS memory management, input-output and Java machine. In this case, if the manufacturer must make SIM-card - SIM applet is loaded, if it is necessary to make Visa - downloadable application Visa.
Secondly, there is a class of applications on the cards - microbrowsers. This bytecode interpreter for the construction of the SIM-menu. This is not java bytecode and bytecode understandable installed browsers. The menu in this case most often developed on xml-like markup language is converted to bytecode and loaded into the browser. Currently the most widely used browsers S @ T from Simalliance and WIB from Smarttrust < / a>. Both organizations are not developing browsers, they write the specifications and certify browsers, writing on these specifications.
Third, it may be SIM menu, developed on java (without the use of browsers), or just some background applet. For example, it may be an applet that monitors in what phone you use. If you insert the card into the new phone, the SIM sends the IMEI of the new phone operator, who in turn sends you to configure wap / gprs for your model.
Applications h5> The preceding text is often cited application, but the person is not familiar with smart cards, most often it is unclear what kind of applications can be on the map.
Firstly, the basic functionality of the card can be put in a separate annex. For example, it may be SIM applet, written in java, which implements all the functionality of SIM. May be R-UIM application (R-UIM card used in CDMA networks). This application can be Visa or Mastercard, converting smart card into a bank card. In fact, when using java, you can leave the OS memory management, input-output and Java machine. In this case, if the manufacturer must make SIM-card - SIM applet is loaded, if it is necessary to make Visa - downloadable application Visa.
Secondly, there is a class of applications on the cards - microbrowsers. This bytecode interpreter for the construction of the SIM-menu. This is not java bytecode and bytecode understandable installed browsers. The menu in this case most often developed on xml-like markup language is converted to bytecode and loaded into the browser. Currently the most widely used browsers S @ T from Simalliance and WIB from Smarttrust < / a>. Both organizations are not developing browsers, they write the specifications and certify browsers, writing on these specifications.
Third, it may be SIM menu, developed on java (without the use of browsers), or just some background applet. For example, it may be an applet that monitors in what phone you use. If you insert the card into the new phone, the SIM sends the IMEI of the new phone operator, who in turn sends you to configure wap / gprs for your model.
File System h4> SIM-cards on a file system, as well as on desktop computers. Files are 2 types - DF (Dedicated file - folder analogue) and EF (Elementary file - analogue of the usual file). DF root file called MF (Master File).
In the file system SIM-card stored secret keys, address book, recent SMS, operator name, network, preferred roaming network, prohibited for use, and so on. D. Of course, there are levels of access to the files. Keys often have NEVER as read access, which eliminates the possibility to read them from the outside.
File System h4> SIM-cards on a file system, as well as on desktop computers. Files are 2 types - DF (Dedicated file - folder analogue) and EF (Elementary file - analogue of the usual file). DF root file called MF (Master File).
In the file system SIM-card stored secret keys, address book, recent SMS, operator name, network, preferred roaming network, prohibited for use, and so on. D. Of course, there are levels of access to the files. Keys often have NEVER as read access, which eliminates the possibility to read them from the outside.
What is it all necessary? H4> SIM-menu and the other "non-system" apps are just value added services. The main purpose of the card - make identification and authentication of the subscriber on the network.
To do this, on the map there IMSI (International Mobile Subscriber Identity) - unique identifier SIM-card and a 128-bit key Ki.
Below is the authentication procedure in the GSM network and generate a session key Kc.
Authentication takes place using an algorithm A3, generation Kc - A8.
Authentication Center (AuC) an authentication request to the card generates 128-bit pseudo-random sequence RAND and sends it to SIM-card. Further, knowing the IMSI card, AuC uses key Ki, bound to this IMSI, data and RAND as inputs to algorithms A3 and A8. Map simultaneously performs the same calculations. The calculation result of the algorithm A3 Signed Response (SRES) is sent to the card AuC, which compares the received SRES with the value calculated on the AuC. When the coincidence of the results authentication procedure is considered successfully completed. Key Kc, obtained using the algorithm A8, subsequently used to encrypt traffic between the phone and the network.
Programs "clone" cards use the vulnerability in the older version of the algorithm A8 (COMP128-1). At this point in the GSM networks are widely used and COMP128-2 COMP128-3. A vulnerability was discovered in 1999, but some GSM operators have not switched to the 2nd and 3rd of algorithms (vulnerabilities that are currently not found).
What is it all necessary? H4> SIM-menu and the other "non-system" apps are just value added services. The main purpose of the card - make identification and authentication of the subscriber on the network.
To do this, on the map there IMSI (International Mobile Subscriber Identity) - unique identifier SIM-card and a 128-bit key Ki.
Below is the authentication procedure in the GSM network and generate a session key Kc.
Authentication takes place using an algorithm A3, generation Kc - A8.
Authentication Center (AuC) an authentication request to the card generates 128-bit pseudo-random sequence RAND and sends it to SIM-card. Further, knowing the IMSI card, AuC uses key Ki, bound to this IMSI, data and RAND as inputs to algorithms A3 and A8. Map simultaneously performs the same calculations. The calculation result of the algorithm A3 Signed Response (SRES) is sent to the card AuC, which compares the received SRES with the value calculated on the AuC. When the coincidence of the results authentication procedure is considered successfully completed. Key Kc, obtained using the algorithm A8, subsequently used to encrypt traffic between the phone and the network.
Programs "clone" cards use the vulnerability in the older version of the algorithm A8 (COMP128-1). At this point in the GSM networks are widely used and COMP128-2 COMP128-3. A vulnerability was discovered in 1999, but some GSM operators have not switched to the 2nd and 3rd of algorithms (vulnerabilities that are currently not found).
Epilogue h4> In this article I have tried quite succinctly tell what is a SIM-card. I hope I got it. Virtually all of the above description, except the authentication procedure, and to otnostitsja USIM-cards used in 3G networks (UMTS), and R-UIM card (CDMA network). If you have any comments or questions - please write.
Related Links:
Source:
Epilogue h4> In this article I have tried quite succinctly tell what is a SIM-card. I hope I got it. Virtually all of the above description, except the authentication procedure, and to otnostitsja USIM-cards used in 3G networks (UMTS), and R-UIM card (CDMA network). If you have any comments or questions - please write.
Related Links:
Source: