The growing availability of notebooks, smart phones and other mobile devices with embedded mobile broadband, also called computing devices, is paving the way for a raft of new services and applications.
A subscriber identity module or subscriber identification module (SIM) is an integrated circuit that securely stores the International Mobile Subscriber Identity (IMSI) and the related key used to identify and authenticate subscribers on mobile telephony devices. It is often referred to as a SIM card.
According to document GSM 02.17 V8.0.0 (1999-11), a GSM (Groupe Spécial Mobile) MS (mobile station) comprises a mobile entity (ME) and a subscriber identity module (SIM). The SIM is a removable module. The SIM contains the International Mobile. Subscriber Identity (IMSI) which unambiguously identifies a subscriber. Without a valid IMSI, GSM service is not accessible except emergency calls.
The user interface (MMI) of the ME related to SIM operations is defined in GSM 02.30.
GSM 02.09 specifies a security function for authenticating the SIM. This function, which is mandatory for any MS, is based on a cryptographic algorithm, A3, and a secret subscriber authentication key, Ki, both of which are located in the SIM.
The SIM provides storage of subscriber related information. This data is of three types: (1) data fixed during administrative phase; e.g. IMSI, subscriber authentication key, access control class; (2) temporary network data; (3) service related data; e.g. Language Preference, Advice of Charge.
The SIM may also contain further applications. According to document GSM 02.17 V8.0.0 (1999-11), the SIM has a physical layout as “ID-1 SIM” and as a “Plug-in SIM”.
Format and layout of the ID-1 SIM shall be in accordance with ISO 7816-1 and has a polarization mark which indicates how the user should insert the card into the ME.
As is well known, an UICC (Universal Integrated Circuit Card) is a so-called “smart card” comprising a processor which provides a computing basis for identification, authentication and security purposes.
An UICC may provide the basis for multiple applications. An USIM application provides identification of the user vis-à-vis one of the telecommunication standards: Universal Mobile Telecommunications System (UMTS), High Speed Packet Access (HSPA) or Long Term Evolution (LTE). The CDMA SIM (CSIM) is another application that provides access to CDMA networks. Other possible applications comprise an IP multimedia Services Identity Module (ISIM) for mobile access to multimedia services and non-telecom applications such as payment. For example, many subscribers have a UICC with USIM and IP multimedia Services Identity Module (ISIM) applications for phone service and multimedia respectively. The UICC can communicate using Internet Protocol (IP).
Existing computing devices with embedded mobile broadband modules (MBM) require access to such an Universal Integrated Circuit Card (UICC) for accessing services for the user. This cannot always be guaranteed since UICC can be physically removed from the device. In fact, most computing devices that hold a UICC are designed so that the UICC should be easy to remove.
Further, the penetration rate for embedded modules with a data subscription is quite low as of today. As of today, the subscriber needs a specific subscription to support specific services (for example a specific data subscription to access data services).
Prior art document 3GPP TS 33.812 v.9.2.0 (2010-06) relates to security aspects of remote provisioning and change of subscription for Machine to Machine (M2M) equipment and describes in section 4.2 three options with regard to UICC:
The UICC could be mechanically attached to the M2M equipment in such a way as to make it infeasible to remove the UICC, or where removing the UICC would render it permanently unusable. The USIM application would then still run and be managed in a secured, non-removable execution environment which is tamper resistant, namely the UICC.
The MCIM application could be integrated within the M2M equipment in a protected module (i.e. without a physical UICC). That protected module would be required to provide for the MCIM application a secured execution and storage environment which is tamper resistant in the M2M equipment. Such an environment requires counter-measures against logical and physical attacks on the MCIM application, similar to counter-measures that are currently provided by a physical UICC.
The USIM application is implemented on a removable UICC, but appropriate techniques could be applied to discourage or invalidate the UICC removal (i.e. making the UICC removal unproductive or even counterproductive for the attacker). These techniques may include physical countermeasures.
Prior art document “M2M Remote-Subscription Management, Luis Barriga et al, Ericsson Review 1, 2011 describes a machine-to-machine, M2M, communications identity module, MCIM, describes that an unauthorized party should not be able to remove or tamper with the UICC. One way of achieving this is to hermetically seal the device during production. This approach is appropriate, for example, in the health-care and automotive industries. Another solution is a soldered, embedded UICC, referred to as an eUICC, on the device PCB board. This document illustrates how an MCIM-enabled device can be initially provisioned and then re-provisioned for a new operational home operator, HO.
Prior art document Embedded SIM Task Force Requirements and Use Cases
1.0, 21 Feb. 2011, GSM Association Non-Confidential White paper; Embedded SIM Task Force: Requirements & Use Cases, discuss use cases for an UICC (eSIM), which is embedded in a communication device, i.e. where the UICC is not easily accessible and replaceable. This type of UICC is compatible with Machine-to-Machine (M2M) applications. This document describes an eUICC state model.
It appears that in the art, the notion eSIM covers embedded SIM's, such that MCIM can be seen as one variant of eSIM. Both MCIM and eSIM is believed to be seen as the hardware components that contains zero or more SIM applications.
“Evaluating Intel® Anti-Theft Technology”, IT@Intel Brief, Intel Information Technology, Business Solutions, July 2010, deals with an anti-theft technology for Laptop computers according to which hardware as well as data is disabled if the computer is lost or stolen, by means of a SMS message that can be delivered over LAN, WLAN or 3G network from a security provider.
Prior art document EP2339815 shows a method and apparatus for remote management over a wireless wide-area network using short message service. A short message over a wireless wide-area network, WWAN, is received using an out-of-band, OOB, processor of a computing device. The OOB processor is capable of communicating over the WWAN irrespective of an operational state of an in-band processor of the computing device. The computing device executes at least one operation with the OOB processor in response to receiving the short message.
A problem with existing SMS based monitoring and anti theft solutions is that tampering with the SIM application may render the disabling by SMS unworkable.