A subscriber identity module (SIM) or a universal integrated circuit card (UICC) (herein after collectively referred to as a “SIM card”) is one type of a tamper-resistant authentication device (tamper-resistant module) for a mobile terminal such as a cellular phone, a personal digital assistant (PDA) or a mobile computer. The SIM card includes an integrated circuit (IC) that securely stores the International Mobile Subscriber Identity (IMSI) and a related key used to identify and authenticate the subscriber on the mobile network. A SIM card contains, for example, its unique serial number (integrated circuit card identifier “ICCID”), IMSI and network authentication keys.
The ICCID is a unique serial number for the SIM that is used to visually identify each SIM. The ICCID includes a number up to 19 digits long including an issuer identification number, individual account identification and a check digit. The IMSI enables an operator of mobile communication service (e.g., a wireless service carrier) to uniquely identify the subscriber on their network. The IMSI is tied to the corresponding telephone number so that a network of the mobile communication operator can connect phone calls with the mobile device that contains the SIM card by using the IMSI.
The authentication key Ki is a 128-bit value used in authenticating the SIM on the wireless network. Each SIM holds a unique Ki assigned to it by the mobile communication operator during the personalization process. The Ki is also stored in a database (known as Authentication Center) on the mobile communication operator's network.
The SIM card can also store, for example, a user's private key, a public key, certificate or personal information. The information stored in the SIM card is tamper-resistant and secure. Accordingly, information stored in the SIM card may by utilized for security, authentication or encryption purposes. For example, the SIM information can be used for personal identification or for mobile payment.
However, the SIM card is accessible only by a trusted server of the operator of mobile communication service because of security reasons, and a server of a third party that is located outside of the mobile network operator cannot directly communicate with the SIM card. Accordingly, there are more potential uses of the security features of the SIM cards by the third party under control of the mobile network operator.