Today mobile network operators (MNOs) require SIM Locks by the device manufacturers to protect the use of subsidized mobile devices with other than intended SIMs (based on MCC/MNC, SP, etc.). The goal is to prevent the user from using the device with another SIM (in general the SIM of another MNO). One such approach to SIM locking is described in the Applicant's patent, GB2287855.
Conventional SIM Lock is implemented by mechanisms on the device which check based on the IMSI and GID if a SIM is allowed to be used in this device. These SIM Lock mechanisms are often compromised.
SIM cards (also referred to as Universal Integrated Circuit Cards, UICCs) are a ubiquitous form of smart card. Wireless telecommunications network standards mandate that authentication of networked devices is facilitated though SIM cards (in fact the term SIM card is often used collectively to encompass true SIM cards and USIM cards). These cards securely store essential components of the network authentication procedure: secret keys (including the network authentication key (Ki)), “over the air” (OTA) transport keys and parameters for one or more operator encryption algorithms.
Each SIM card is specific to the customer and, in addition to authentication information, carries information particular to that customer such as the customer's International Mobile Subscriber Identifier (IMSI).
SIM cards are used to provide the relevant identification (e.g. IMSI) and authentication information for each terminal. In certain applications, for instance telematics applications, the SIM may not be provided on a card per se but on an integrated circuit implanted or integrated into the device. This may, for example, take the form of a VQFN8 package for standardised installation.
Existing SIM cards are typically personalized for a single MNO: in other words, they store secret keys that are only valid on the network of one MNO. Each SIM will thus be specific to a particular network (the “home” network)—that is, it will have been issued under the control of the operator of that network and will be for use within that network.
Changing MNO requires the physical exchange of removable SIM cards. This exchange of card is impracticable some cases—the terminals where SIMs need to be swapped may be widely distributed or embedded (and consequently unswappable).
The GlobalPlatform Card specification V2.2 (published in March 2006) describes techniques for remote application management (RAM) of UICCs via OTA, including dynamic addition & modification of applications. RAM is also described in ETSI TS 101 226. This specification is based on the paradigm that there is one single Card Issuer for any given UICC card and offers to the Card Issuer the flexibility for managing an ever-changing array of service providers who may want to run applications on the Card Issuer's cards.
To facilitate the secure management and provisioning of the applications issued by service providers and the MNO, GlobalPlatform describes a standardised entity known as a Trusted Service Manager (TSM). Provisioning is typically performed over the air (OTA) and includes the download and installation of the applications onto the UICC/SIM. The TSM is essentially a network component functionality that brokers connections with MNOs, phone manufacturers or other entities controlling the UICC. To act as broker, a TSM must be “trusted” by the MNO (at least) and is required to include facilities for storing tables of data policy information, such as the rules around device and UICC card locking. In some cases an MNO itself may be considered a special case of a TSM.
Further secure elements are provided on the UICC itself: Security Domains (SD) are defined as on-card entities providing support for the control, security, and communication requirements of the Application Provider: they are used for the management of Service Provider applications on a SIM card. An Issuer Security Domain (ISD) is defined to provide support for requirements of the Card Issuer—e.g. the MNO.
Depending upon circumstances, SDs are arranged in a number of different hierarchies. In one hierarchy, a dedicated Security Domain is provided for TSM usage—a so-called TSD, or “Trusted Service Manager Security Domain”. The TSD is associated with an Issuer Security Domain (ISD), which in turn is managed by the MNO, as issuer of the SIM, Security Domains of Service Providers may be associated directly to the Issuer Security Domain (ISD).
In addition to the functions of a security domain, the ISD supports secure communications for card content management and for applications and manages data stored in registers on the UICC.
A facility for enabling an MNO or Trusted Service Manager (TSM) to trigger a smart card to derive appropriate secret keys for operating with that network and thereby “defining” a smartcard as a card for use with a given MNO is described in copending patent application (GB 1021300.7).
In a conventional telecommunications system, the secret key Ki is paired with the International Mobile Subscriber Identity (IMSI) of the SIM at the point of manufacture. Only the IMSI and hence its intrinsically coupled Ki, dictates to which network a device can connect natively. It is not presently feasible for a SIM to connect natively to, or inherit the footprint of, a variety of networks because the Ki, as mentioned above, is not transmittable, transferable or programmable. Furthermore, there are often strong commercial reasons for the MNO associated with the Ki to wish that the SIM—once thus “provisioned”—continue to be used with that same network.
Clearly, enforcing a SIM-lock or subscription lock feature in cases where smartcards may be embedded/impractical to access and a change of subscription is required presents a number of challenges. Further complications ensue when smartcards are permitted to carry multiple subscriptions.