SIM cards (also referred to as Universal Integrated Circuit Cards, UICCs) are a ubiquitous form of smart card. Wireless telecommunications network standards mandate that authentication of networked devices is facilitated though SIM cards (in fact the term SIM card is often used collectively to encompass true SIM cards and USIM cards). These cards securely store essential components of the network authentication procedure: secret keys (including the network authentication key (Ki)), “over the air” (OTA) transport keys and parameters for one or more operator encryption algorithms.
Each SIM card is specific to the customer and, in addition to authentication information, carries information particular to that customer such as the customer's International Mobile Subscriber Identifier (IMSI).
SIM cards are used to provide the relevant identification (e.g. IMSI) and authentication information for each terminal. In certain applications, for instance telematics applications, the SIM may not be provided on a card per se but on an integrated circuit implanted or integrated into the device. This may, for example, take the form of a VQFN8 package for standardised installation.
Existing SIM cards are typically personalized for a single MNO: in other words, they store secret keys that are only valid on the network of one MNO. Each SIM will thus be specific to a particular network (the “home” network) —that is, it will have been issued under the control of the operator of that network and will be for use within that network.
Changing MNO requires the physical exchange of removable SIM cards. This exchange of card is impracticable some cases—the terminals where SIMs need to be swapped may be widely distributed or embedded (and consequently unswappable).
It is an essential security requirement of cellular telecommunications systems that the network authentication key (Ki) of the SIM is only ever stored at two points of the network, i.e. on the SIM and at the authentication centre (AuC). Additionally, the Ki is never transmitted in any sense, whatsoever. In fact, the removal or transmission of the Ki from the SIM at any point after manufacture is illegal in some territories.
In a conventional telecommunications system, the Ki is paired with the International Mobile Subscriber Identity (IMSI) of the SIM at the point of manufacture. Only the IMSI and hence its intrinsically coupled Ki, dictates which network a device can connect to natively. It is not presently feasible for a SIM to connect natively to, or inherit the footprint of, a variety of networks because the Ki, as mentioned above, is not transmittable, transferable or programmable.
The conventional SIM and network arrangement is less than satisfactory. If a terminal with its associated SIM card is in use within a product and functioning within a particular operating company's network, problems will arise if the terminal's owner wishes to avail himself of the services of a rival network operator (perhaps because the terminals is to be moved permanently into a geographical region not covered by the original network with which it is registered).
Switching the SIM has associated logistical difficulties, and, additionally, could have the result that useful information placed on the previous SIM card would be lost. Moreover, in certain applications, where the SIM is not stored in the form of a removable smart card but on an integrated circuit implanted into a device, a SIM replacement would not be possible.
Previous attempts to design a SIM capable of registering and re-registering on multiple networks have been based on the principle of producing multiple instances of a single SIM within one ‘super SIM’ which is then able to pick an IMSI-Ki pair to be used in each situation, i.e. when registering and re-registering on multiple networks. An example of this is described in International Patent publication WO 03/013174 where such a smart card is described. As a general solution to the problem of switching operator without switching the SIM card itself, this has a number of inherent disadvantages.
Firstly, as the SIM is effectively multiple SIMs placed within the same physical SIM card/UICC, there is an inherent ambiguity as to who would be the owner of the ‘super SIM’. Each IMSI-Ki pair would be considered the property of a network in each territory or the organisation responsible for the issuance of each IMSI-Ki pair.
Secondly, using this mechanism entails a change in operator logistics so that an operator only learns its “Ki” after the assignment to that operator is complete, rather than being able to pre-order (Ki, IMSI, ICCID)s and pre-load to a home location register, HLR. Alternatively, it might be possible for each MNO to receive, in advance, one of the pre-loaded (IMSI, Ki, ICCID) values, but then there must be just as many Kis on each “super SIM” as there are MNOs in the entire system (hundreds globally), and the vast majority of these keys will never be used. Still, MNOs would incur costs for keeping all the unused keys in their HLRs.
An alternative solution is presented in US20080276090: here a global, intermediate key Kint is used with a key derivation algorithm on the card. A pseudo-random generator in a personalisation module generates a respective random number RND for each final identity number IMSI sent. Then, the personalisation module determines a final authentication key Ki, not yet assigned to any card, for each IMSI number sent. The authentication key Ki is determined by an algorithm AD, which has been loaded in the card, according to the generated intermediate authentication key Kint and the generated random number RND associated with the IMSI number. Thereafter the card uses the final authentication key Ki. In ensuring that the same Ki is derived on each possible card, the same Kint value needs to be loaded to multiple cards,
Alternative mechanisms to send a “Ki” Over-The-Air involve a risk of the Ki being discovered in transit; they also incur a risk where a Ki is sent to a writable file on the card, which can then allow further writes (including partial overwrites). Such writes, especially partial overwrites, could compromise the secrecy of the Ki and/or associated parameters. A further danger is “lock in” whereby an MNO is forced to use the original vendor of the card (or a party chosen by that vendor) to send its Ki Over-The-Air. Alternatively, an MNO may be forced to use a keyset or algorithm that it does not design and does not entirely trust.