In the context of the disclosure herein, the following terms and expressions can be interpreted as set forth below:    Smart card, chip card or integrated circuit card (ICC): is any pocket-sized card with embedded integrated circuits which can process information.    UICC (Universal Integrated Circuit Card): is the smart card, chip card or integrated circuit card used in mobile terminals in GSM and UMTS networks. In a GSM network, the UICC contains a SIM application and in a UMTS network it is the USIM application. A UICC may contain several applications, making it possible for the same smartcard to give access to both GSM and UMTS networks, and also provide storage of a phone book and other applications. It is also possible to access a GSM network using an USIM application and it is possible to access UMTS networks using a SIM application with mobile terminals prepared for this.    SIM (Subscriber Identity Module): is part of a removable smart card or ICC (Integrated Circuit Card), also known as SIM Card, for mobile cellular telephony devices such as mobile computers and mobile phones. It is managed by a GSM mobile network operator (MNO) and comprises a module for identifying a subscriber who accesses a MNO. It is also capable of storing subscriber information, such as its agenda or text messages.    USIM (Universal Subscriber Identity Module: is an application for UMTS mobile telephony running on a UICC (Universal Integrated Circuit Card), also known as USIM Card, which is inserted in a 3 G mobile phone.    MegaSIM Card: is a large capacity Universal Integrated Circuit Card (UICC). In other words, it is a SIM Card or USIM Card which additionally comprises a large amount of storing capacity (i.e. more than 128 MBytes), typically flash memory, which allows the subscriber and the MNO to store a large amount of information, such as video or images. A large capacity Universal Integrated Circuit Card (UICC) or MegaSIM Card usually comprises a high-speed communications interface, such as USB but not limited thereto, which allows offering services which imply a large exchange of information. MegaSIM is a registered term (MegaSIM™) by MSYSTEMS LTD., Kefar Saba, Israel.    USB Inter chip (USB-IC): is an electrical interface between the Universal Serial Bus (USB) interface of a large capacity UICC or MegaSIM card and the device supporting said USB. This interface is an adaptation of the interface USB 2.0 designed for short-distance communications. It only refers to electrical parameters.    USB Mass Storage Device Class (USB MSC): is a set of computing communications protocols, developed by the USB Implementers Forum, Inc. (www.usb.org), which run on the USB and allow a USB host to access to files stored in a File Allocation Table (FAT). USB MSC provides a standardized interface to a variety of storage devices (e.g., flash memories), through which allows the host to access a storage device by simple read/write operations on data sectors. This basic funcionality of USB MSC requires no file system.    File Allocation Table (FAT) is a file system developed by Microsoft. Typically, the disk formatting scheme used in a large capacity UICC or MegaSIM card is FAT32, which allows a maximum file size of 4 Gbytes.
A large capacity UICC or MegaSIM card fulfils the standard (U)SIM functionalities and has extra non-volatile memory for data and application storage, typically comprising both Flash Memory and Electrically-Erasable Programmable Read-Only Memory (EEPROM).
The EEPROM memory of the MegaSIM card is part of the standard SIM functionality and one of its usages is to store SIM data files which are managed via the ISO 7816 interface through the (U)SIM application. Such data files are protected by the (U)SIM application, being required, for an external entity which requires the access to any file, to fulfil the security requirements associated with each access type. Security requirements are based on the presentation of keys. Access types include: read, update, increase, create, delete, invalidate, rehabilitate. Thus, it is considered a highly-secure memory component because the EEPROM memory access is always under the control of the SIM controller, which is more secure than the conventional mass storage memory.
The mass storage memory of the MegaSIM Card consists of a commercial Flash Memory, conventionally without special security mechanisms. User data such as pictures, video, music and applications are stored in this mass storage memory. Unlike the EEPROM, the Flash Memory is usually formatted as a standard FAT32 file system, which is managed by the operating system of the host device (e.g., the mobile terminal) and not by the (U)SIM operating system itself. The mass storage memory is accesible by a standard mass storage protocol (MSP) through a high-speed interface, such as USB-IC, MultiMedia Card (MMC) interface, or Secure Digital (SD) card interface, for example among others.
Therefore, two different file systems can be located in a MegaSIM Card: ISO File System, which is accessed by host applications through (U)SIM application via ISO 7816 interface; and mass storage file system, which is accessed by host application through the host operating system (host OS).
FIG. 1 shows the physical entities involved in exchanging information stored inside the non-volatile memory modules of a large capacity UICC (100): a EEPROM memory (101) where the ISO file system (110) is located; a mass storage memory (102), like a Flash Memory, which stores a FAT file system (111); a host device (103) that is the mobile terminal; and a mobile network operator (MNO) communicating with said host device (103) through the mobile network (109). The EEPROM (101) and the mass storage memory (102) are located within the large capacity UICC (100), which is sited in the host device (103). For the MegaSIM or large capacity UICC (100), the exchanging of information stored in the EEPROM (101) between the host device (103) and its large capacity UICC (100) is carried out using the standard ISO 7816 channel (107), accessing to the EEPROM (101) by the UICC operating system or UICC OS (104); while the exchanging of information stored in the mass storage memory (102) associated to a memory controller (105) is managed by the host operating system (106), which uses a high-speed channel (108), for example according to the specifications USB-IC, between the host device (103) and the large capacity UICC (100). The functionalities of the UICC operating system (104) are offered to a specific application (113) running in the host device (103) by means of a ISO Application Programmer Interface or ISO API (114), in order to, for example, allow authentication in a GSM network to send SMS. Another application (115) running in the host device (103) can access to the mass storage memory (102) by means of a File System Application Programmer Interface or FS API (116), which uses the USB MSC and USB-IC, in order to, for example, write into a file of the FAT file system (111). On the other hand, the EEPROM memory (101) is capable of storing other UICC OS data (112), such as data for internal card applications and applications (e.g., SIM or USIM applications) controlled by the UICC OS (104), which are accessible to external applications by means of the ISO API (114) and exchangable through the ISO 7816 channel (107).
The ISO file system (110) in the EEPROM memory (101) of the large capacity UICC (100) can have a hierarchical file system structure (200), as defined in ISO 7816-4 and shown in FIG. 2. ISO 7816-4 file system supports three types of files: master file (MF), dedicated file (DF) and elementary file (EF). Every file of this ISO file system (110) is associated to certain security requirements according to a security configuration (201A, 201B, 201C, 201D, 201E) defined specifically for the file. Thus, each file and directory content in the ISO file system (110) is accessible only if the defined security requirements are met; otherwise, the UICC OS (104) returns an error to the external application requesting access to the ISO file system (110) through the standard ISO 7816 channel (107).
The FAT file system (111) located in the mass storage memory (102) of the large capacity UICC (100) is a mass storage file system (300), depicted in FIG. 3, which has the file contents stored in memory data sectors (302). These memory data sectors (302) are allocated and managed externally by the host operating system (106). The host operating system (106) address to the concrete memory data sectors (302) through a file allocation table or FAT (301) which is a list of entries that map to each sector and in turn located in memory sectors of the mass storage memory (102).
There are problems related to the files stored in the mass storage memory of MegaSIM cards, including lack of security, since these files are handled by standard mass storage protocols (MSP) that do not support access to the content of files in a secure manner, and standard access not allowing the mobile network operator (MNO) to control the content of the mass storage memory inside a MegaSIM cards.
The lack of security of content which is stored in the mass storage memory has already been addressed by secure protocols such as the TrustedFlash™ protocol.
The TrustedFlash™ protocol provides several types of authentication algorithms and allows for multiple authenticated entities to concurrently use the card. The TrustedFlash™ security system allows for configuring a specific set of permissions (rights) for every authenticated entity. Every command that is received by a flash memory module is associated with a currently authenticated entity, and the service request is validated against the registered rights for that entity. The flash memory module grants the request and executes the command only if the service is permitted for the requesting entity. TrustedFlash™ is a trademark of SanDisk Corporation.
In a TrustedFlash™ secure file system, as shown in FIG. 4, a large capacity UICC (400) is provided with a public partition (411), typically of a flash memory (402) and formatted as a conventional FAT file system, and a private or hidden partition (419) of the same flash memory (402).
The public partition (411) is visible to the standard host operating system (406) and accessible through the standard memory card interface. The host operating system (406) is provided with File System Application Programmer Interface or FS API (416) for allowing an application (415) to access the public partition (411).
The hidden partition (419) is accessible only through a TrustedFlash Application Programmer Interface implemented by the Host agent (418) for communication with a TrustedFlash memory controller (405) located in the large capacity UICC (400).
Each hidden partition (419) stores read-only contents or license objects, content encryption keys and credentials, etc., for protected contents in public partition. Using them, the files contained within the public partition boundary are protected by encryption to unauthorised applications of a host device (403). By preventing the host operating system (406) from accessing the hidden partition (419), the TrustedFlash memory controller (405) is required for delivering physical protection of the data files contained within said partition. The host operating system (406) is provided with the USB Mass Storage Device Class or USB MSC (417) for exchanging TrustedFlash™ commands with the TrustedFlash memory controller (405) in order to, for example, authenticate a user in the system and create a secure channel, over a high-speed physical channel (408), through which the authorised application (415) can access to some content stored in hidden partition (411) or public partition (411).
The TrustedFlash™ secure file system requires a host agent (418) in the host device (403) cooperating with the TrustedFlash memory controller (405) of the large capacity UICC (400). The host agent (418) implements an intermediate layer between the host operating system (406) and the application (415) running in the host device (403). When this application (415) requires access to a file through the FS API (416) and finds its content protected by encryption, the application (415) authenticates in the entity associated to the required content from the public partition (419) using the host agent (418) services. To relieve the application from handling the checking whether the file is encrypted, the checking can be handled by a file system filter layer between application and the file system. If the file system filter is implemented, the filter determines if the host agent or the host file system will be used for accessing this file.
A drawback of the secure protocols for access mass storage memory in MegaSIM cards, as the above described TrustedFlash™ protocol, is the fact that current mobile terminals do not support them and require a specific software agent to handle a given secure protocol.
Furthermore, existing bearers controlled by the MNO like SMS or GPRS, which allow the management of the ISO functionality, do not cover the management of the secure mass storage feature.