There are currently different types of mobile telephones (also called “portable” or “cellular telephones”) which are usually provided with a keyboard and a display with the capacity to show alphanumerical symbols and, in many cases, graphics as well.
There are currently several mobile telephony systems, among them are the GSM and UMTS (also call “Third Generation Mobile Telephony”) systems.
The subscriber equipment in the GSM system as well as the UMTS system comprises:
a) on one hand, a terminal (which is what many times is called “mobile telephone”) (which includes a casing, display, keyboard, power source and several circuits); and
b) on the other hand, an ICC or UICC (UMTS Integrated Circuit Card) card. In the case of GSM, this is an ICC card called SIM card or simply SIM (Subscriber Identity Module), or it is a UICC card with a SIM application, and in the case of UMTS, it will be a UICC with a USIM application. Both the SIM card as well as the UICC card (with one or several SIM and/or USIM applications) contain a set of files with data of the mobile telephony network operator or of the subscriber, and they are provided with means for carrying out operations associated with a series of commands which permit the terminal to access those files (to read them, write them, select them, verify subscriber keys, etc.). The data authenticating the subscriber to the network is contained among the subscriber data.
Until the arrival of UMTS (the so-called Third Generation Mobile Telephony), no distinction was usually made between the physical interface of the application (dependent on the nature of the integrated circuit card ICC) and the application itself: both were called SIM. Third Generation Mobile Telephony (UMTS) introduced the separation of the physical interface and the applications. The physical interface receives the name UICC; it is a platform on which several applications can simultaneously coexist; there can be SIM and/or USIM applications among them. In UMTS, the subscriber identification application receives the name USIM.
An integrated circuit card is considered a physically secure device, i.e. it is a device in which the stored data is protected against third party attacks trying to read them, modify them, delete them or falsify them without permission of the owner of the information.
Reference is occasionally made below to the subscriber identity module as SIM for both GSM and UMTS (i.e. with SIM, reference is also made to a UICC with the corresponding SIM or USIM applications).
In the field of mobile telephony, the SAT=SIM Application Toolkit (in UMTS, USAT=USIM Application Toolkit) concept is known, consisting of a set of tools for SIM applications; reference is made below to an application based on said tools as a “Toolkit application”.
At first, mobile terminals were only capable of sending commands to the SIMs, whereas the SIMs were only capable of responding to commands received from the mobile terminal.
An evolution of mobile terminals and SIM cards later occurred, and on one hand, it permits the terminals to send commands to the SIM card as well as to receive commands therefrom, and on the other, it permits the SIM card to respond to commands received from the mobile terminal as well as to send commands thereto. These commands permit the SIM, for example, to request the terminal to send a short message (SM), to make a call, to show the subscriber a list of options, to request data from him/her, etc.
The applications existing in the SIM card capable of sending commands to the mobile terminal are known by the name of SAT (SIM Application Toolkit) applications. In UMTS, they are known by the name of USAT (USIM Application Toolkit) applications. Both of them are generally called Toolkit applications.
Toolkit applications are an optional feature of both SIM cards and UICC cards (with the corresponding applications). High level procedures, command content and command encoding, are specified in the GSM 11.14 standard for GSM and in the 3GPP TS 31.111 standard for UMTS.
The OTA (Over The Air) concept is also known, which refers to the remote access to the SIM (or USIM) card. When the cards initially became available on the market, the operator could not modify anything in them, they were out of its reach. However, it seemed interesting to be able to modify the content of some files in the card, to modify the customization profile and to load or modify Toolkit applications once the card was in possession of the client.
Therefore, card manufacturers began to incorporate OTA (remote access) systems which permitted managing the contents of the card by means of special short messages. Each manufacturer had a proprietary solution incompatible with that of the other manufacturers. Standard specifications have been subsequently generated for carrying out this type of remote OTA modifications (GSM 03.48 and 3GPP 23.048). Based on these specifications, compatible OTA systems which permit file and application management can be implemented.
Work is currently being done to define standards which permit using other types of carriers, not only short messages, to make communications faster and more flexible, these carriers can be GPRS (General Packet Radio Service), Bluetooth, data call, etc.
A multitude of SIM Toolkit applications are being developed in mobile telephony which are intended to be managed remotely by the operator. The problem arises when wanting to remotely access application data, such as the texts it shows, telephone numbers being called or being sent short messages, or any other type of data.
The applications can be loaded remotely following the standards, but the creation of files in a remote manner is not defined, therefore, if the desire is to be able to load an application and for it to contain some type of data, the data must be stored in an array and not in a file so that it can be downloaded remotely in the card. The problem is that remote access (i.e. “via OTA”) to the data stored in arrays is not defined in any way.
Therefore, if the intention is to load applications remotely, the data must be stored in arrays and not in files, but the arrays cannot be modified remotely, therefore the data of an application loaded remotely could not be modified remotely. To currently modify one piece of this data, the application must be deleted and completely reloaded with the modified data, losing all the information that the subscriber may have introduced to customize the application.
Having to eliminate and reload the application to modify, for example, a telephone number, makes it necessary to send between 40 to 60 short messages for a typical application (depending on the size of the application) when one short message would suffice if the telephone number to be modified were in a file.
FIG. 1 shows an example of the state of the art: a SIM (or USIM) card 1 contains a remote access manager (OTA manager) 2 comprising a remote application manager module 2A and a remote file manager module 2F. The card 1 also includes a first Toolkit application 3A and a second Toolkit application 4A. The applications can be SAT or USAT. The first Toolkit application 3A is related to (it reads, writes, handles, etc.) data 3D stored in a file 3F. Said file is established during the customization of the card in the factory (arrow “a” in FIG. 1). The second Toolkit application 4A is related to data 4D stored in an array forming part of the application itself.
The card 1 can be managed remotely by means of an OTA system; OTA messages are received in the subscriber equipment and transmitted to the card, where the remote access manager 2 (constituting a Toolkit application in itself takes charge of performing the appropriate operations. The applications 3A (arrow “b”) and 4A (arrow “c”) can be loaded in the card by means of the remote application manager module 2A, and if the file 3F has been established in the factory during the customization of the card, the data 3D can be written, read or manipulated remotely (OTA) by means of the file manager module (2F) (arrow “d”). (However, if the file 3F was not created during said customization in the factory, it will not be possible to correctly load the first Toolkit application 3A, since the associated file 3F cannot be created remotely (OTA)).
On the other hand, with regard to the second Toolkit application 4A, the current remote access (OTA) system permits loading the application correctly even though it does not have an associated file, since the application does not require a file: as indicated, the data 4D is stored in an array in the application itself. However, the current remote access (OTA) system for accessing the card does not permit modifying the data 4D associated to said application remotely, since the remote access system (including the remote access manager 2) does not comprise means for accessing and manipulating data in one array of one application. Therefore, to modify any data 4D, it would be necessary to delete the entire application 4A and reload it through the application manager module 2A, with the drawbacks this entails.