Mobile Application Development with SMS and the SIM Toolkit Scott B. Guthery Mary J. Cronin McGraw-Hill New York • Chicago • San Francisco • Lisbon London • Madrid • Mexico City • Milan • New Delhi San Juan • Seoul • Singapore • Sydney • Toronto Guthery FM 10/22/01 2:52 PM Page i Copyright © 2002 by McGraw-Hill Companies, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a data base or retrieval system, without the prior written permission of the publisher. 1 2 3 4 5 6 7 8 9 0 DOC/DOC 0 9 8 7 6 5 4 3 2 1 ISBN 0-07-137540-6 The sponsoring editor for this book was Marjorie Spencer, the editing supervisor was Steven Melvin, and the produc- tion supervisor was Sherri Souffrance. It was set in Vendome by Patricia Wallenburg. Printed and bound by R. R. Donnelley & Sons Company. McGraw-Hill books are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please write to the Director of Special Sales, Professional Publishing, McGraw-Hill, Two Penn Plaza, New York, NY 10121-2298. Or contact your local bookstore. Throughout this book, trademarked names are used. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. The 3GPP TS 31.102 Third Generation Mobile System Release 1999, v.3.2.0 is the property of ARIB, CWTS, ETSI, T1, TTA andTTC who jointly own the copyright in it. It is subject to furthermodifications and is therefore provided to you "as is" forinformation purpose only. Further use is strictly prohibited. This book is printed on recycled, acid-free paper containing a minimum of 50 percent recycled, de-inked fiber. Information contained in this book has been obtained by The McGraw-Hill Companies, Inc., (“McGraw-Hill”) from sources believed to be reliable. However, neither McGraw-Hill nor its authors guarantee the accuracy or completeness of any information published herein, and neither McGraw-Hill nor its authors shall be responsible for any errors, omissions, or damages arising out of use of this information. This work is published with the understanding that McGraw-Hill and its authors are supplying information, but are not attempting to render engineering or other professional services. If such services are required, the assistance of an appropriate professional should be sought. Guthery FM 10/22/01 2:52 PM Page ii This book is dedicated to Tyler Guthery Rebecca Cronin Johanna Cronin Our next generation Guthery FM 10/22/01 2:52 PM Page iii Guthery FM 10/22/01 2:52 PM Page iv CONTENTS Foreword xi Acknowledgments xiii 1 Introducing SMS and the SIM 1 Foundations and Definitions 4 SMS and SIM in the Network Context 7 Protocol Stacks 9 The Role of Standards 11 Preview of Coming Chapters 16 Summary 16 2 Basic SMS Messaging 19 Connecting the Handset 20 Communicating with the Handset 21 Communicating with the Network 24 Hello, Mobile World 25 Summary 38 3 Details of SMS-SUBMIT and SMS-DELIVER 39 Numbering Plans and Mobile Telephone Numbers 42 SMS_SUBMIT 42 Protocol Identifier 47 Data Coding Scheme 49 Concatenated Short Messages 51 “You’ve Got Mail” 52 Application Port Addressing 53 SIM Toolkit Security 54 Enhanced Messaging Services 54 Sounds, Pictures, and Animations 56 Internet E-Mail 60 SMS_DELIVER 61 Summary 63 v Guthery FM 10/22/01 2:52 PM Page v 4 SMS Integration 65 Summary 78 5 SMS Brokers 79 Summary 92 6 SMS in an Airport Logistics Application 95 SMS Case Study: Atraxis 96 Project Background 97 Focus on the Essentials 98 Design and Development Process 99 The Action on the Ground 101 Project Performance Review 103 Evaluating the Business Results 104 Summary 105 7 The SIM 107 Smart Cards 101 111 The Evolution of the SIM 115 Who Are You? 118 Evolution of SIM Standards 119 The Birth of the SIM Application Toolkit 122 The SAT API 127 The USAT Interpreter 128 Summary 130 8 SIM Toolkit API: Proactive Commands and Event Download 131 Proactive Commands 133 Details of SIM Toolkit Commands 142 Application Commands 143 Smart-Card Proactive Commands 146 General Purpose Communication Commands 146 System Commands 147 Contents vi Guthery FM 10/22/01 2:52 PM Page vi Event Download 148 Summary 155 9 End-to-End Security for SMS Messages 157 Security Parameter Indicator (SPI) 161 Ciphering Key Identifier (KIc) and the Key Identifier (KID) 162 Toolkit Application Reference (TAR) 164 Counter (CNTR) 165 Padding Counter (PCNTR) 165 Redundancy Check (RC), Cryptographic Checksum (CC), or Digital Signature (DS) 166 Secured SMS Message Example 166 Proof of Receipt 168 Pairing a Sent Message with its Response 170 Summary 172 10 The SmartTrust Microbrowser and the 3GPP USAT Interpreter 173 Some More SIM Toolkit History 174 A Short History of Byte Code Interpreters on Smart Cards 176 Sonera SmartTrust WIB 180 The 3GPP USAT Interpreter 188 Remote Procedure Call Using the USAT Interpreter 193 Summary 195 11 The USAT Interpreter at Work 197 Business Drivers 198 Technology Overview 200 Starting With SMS 200 From WAP to One Integrated Portal 202 Integrating with the Microbrowser 204 Moving to Mobile Banking and M-Commerce 204 From the User Point of View 205 Implementation Challenges and Strategies 207 Bottom-Line Benefits 209 Lessons Learned 210 Contents vii Guthery FM 10/22/01 2:52 PM Page vii 12 The USAT Virtual Machine and SIM Toolkit Programs 211 Variants of the USAT Virtual Machine 214 Virtual Machine Architectures 216 The USAT Virtual Machine from Microsoft 218 Real-Time Travel Example 224 Central versus Local Storage of Personal Information 224 Java Card™ SIMs 235 Installation of USAT Virtual Machine Programs 235 Summary 237 13 Smart Signatures for Secure Mobile Commerce 239 Starting With the Mobile Customer 241 SmartSignature Features 243 Forms and Templates 243 Keys and PINs 244 Menu Design 244 Changing Service Providers 245 Mobile Certification and Trust Using SmartSignature 248 Trust Relationships for Making the Transaction 251 Trust Relationship for Enabling the Transaction 252 Certification Authorities 253 Business Enablers of SmartSignature 253 SmartSignature in Operation 254 SmartSignature in the Setup Phase 256 Managing a Large Pilot of SmartSignature 258 Pilot Background 258 The Key Participants 259 Revenue Model 260 Pricing of SmartTrust Components 260 Security in a Mobile Trust Hierarchy 261 Lessons of the Pilot Delivery 262 Importance of the Customer’s Experiences 262 Implications to the Business Model 263 Implications for SmartTrust Business Strategy 263 Next Steps with SmartSignature 264 Contents viii Guthery FM 10/22/01 2:52 PM Page viii 14 The ETSI Smart Card Platform 267 Managed Data Sharing Using Access Control Lists 269 Associating Access Control Lists with Files 272 Coding Access Control Rules 274 Access Mode TLV 275 Key References 276 Boolean Expressions of Key References 278 Key Reference Semantics 280 Authentication of Key References 283 Application Activation and Concurrent Execution 284 The Application Directory and Application Activation 285 Application Activation and Concurrent Execution 285 Application Selection 287 Concurrent Application Execution 288 Summary 289 APPENDIX Standards for SMS and the SIM 291 Third Generation Partnership Project (3GPP) 291 3GPP Technical Specification Group T (Terminals)—Working Group 2 Mobile Terminal Services and Capabilities 291 3GPP Technical Specification Group T (Terminals)—Working Group 3 Universal Subscriber Identity Module (USIM) 292 European Telecommunications Standards Institute (ETSI) Smart Card Project 293 International Organization for Standardization (ISO) 294 Index 295 Contents ix Guthery FM 10/22/01 2:52 PM Page ix Guthery FM 10/22/01 2:52 PM Page x [...]... telephone company finds the mobile and passes the SMS message to it The message has a flag set in it that tells the handset to pass the message to the SIM The message also has a flag that says which application on the SIM should receive the message When the SIM receives the message from the handset, it checks to see which application to give it to and hands it off to the mobile side of your application Figure... Building applications for the SIM has a lot in common with designing smart card applications and, as we will see later, the standards that guide the evolution of smart cards and the SIM have started to converge in the international standard-setting bodies One of the most important standards for SIM application developers is the SIM Application Toolkit (SAT) As the name implies, the SAT standardizes the. .. surprisingly given the title, this book is divided into two major sections: SMS messaging and SIM application programming The SIM section is divided further into two parts, one on the SIM microbrowser and the other on SIM applets In the SMS section we focus on getting an SMS message to the mobile and handling an SMS message that is sent from the mobile Because our primary concern is working with the 3G system... communicates with the SIM and the mobile device The dynamic duo of SMS and SIM works as follows The part of your application on your desktop computer or corporate server creates an SMS message to be sent to the part of your application on the mobile This message is handed off to the short messge center of your local telephone company with the telephone number of the mobile you want it sent to The telephone... is now done by the network The mobile network is like the early days of the Internet The application has to be concerned with multiple envelopes Some of these envelopes steer your SMS message through the network to the mobile device, others correctly process it on the handset, and others correctly handle it on the SIM If you are not careful to remember how each segment follows the other, you can easily... “freed” the mobile phone from the subscription and security aspects This created, for the first time, a virtually global terminal market Today, the SIM offers more than just these two things The standardization of the SIM Application Toolkit and now the Interpreter, together with the advancement in the hardware platform for the SIM created an ever advancing platform for secure value added services at the. .. need applications that make mobile employees more productive and enable them to reach their mobile customers There are different ideas about who should develop such applications Some carriers prefer to do their own development work, whereas others contract with thirdparty developers or look to the SIM and mobile equipment vendors to provide the applications One way or another, the demand for applications... Module (SIM) inside GSM phones into a standardized and secure application platform for GSM and next-generation networks; and 3 The demand for applications that let people use their mobile phones for more than just talking Let’s take a quick look at how SMS and the SIM have contributed to the growth of wireless applications and then discuss what you can expect to learn from this book The number of SMS messages... applications, the current high-end SIM provides 32K of memory, with 64K SIMs anticipated within the next year The computer chip that runs the handset is much larger, typically with a couple of megabytes of memory and a couple of MIPs of computer power The larger chip controls the keypad and the display, encodes and decodes voice conversations, and runs the protocols that enable the handset to connect to the. .. programs to the mobile handset and take control of the screen and the keypad The wireless operators looked around and discovered that all they still really controlled was the SIM, a tiny computer deep in the guts of the mobile phone that was designed to protect security, not support applications We’ll discuss how this computer sprouted an application programming interface called the SIM Application Toolkit . 104 Summary 105 7 The SIM 107 Smart Cards 101 111 The Evolution of the SIM 115 Who Are You? 118 Evolution of SIM Standards 119 The Birth of the SIM Application Toolkit 122 The SAT API 127 The USAT Interpreter. offers more than just these two things. The stan- dardization of the SIM Application Toolkit and now the Interpreter, together with the advancement in the hardware platform for the SIM created an ever. 19 Connecting the Handset 20 Communicating with the Handset 21 Communicating with the Network 24 Hello, Mobile World 25 Summary 38 3 Details of SMS- SUBMIT and SMS- DELIVER 39 Numbering Plans and Mobile