1 / 20

SIM Toolkit in GSM Wilson Cheung Schlumberger Technologies (Asia) Ltd.

SIM Toolkit in GSM Wilson Cheung Schlumberger Technologies (Asia) Ltd. Communication. Schlumberger. Electronic Transactions. Communication between any smart card and Terminal must follow ISO 7816-3. Command. Status Word. Command and Status Word. Examples of commands:. CREATE FILE

kynthia
Download Presentation

SIM Toolkit in GSM Wilson Cheung Schlumberger Technologies (Asia) Ltd.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SIM Toolkit in GSM Wilson Cheung Schlumberger Technologies (Asia) Ltd.

  2. Communication Schlumberger Electronic Transactions Communication between any smart card and Terminal must follow ISO 7816-3 Command Status Word

  3. Command and Status Word Examples of commands: CREATE FILE UPDATE RECORD SELECT What are status words: SUCCESSFUL FILE ALREADY EXISTS ACCESS CONDITION NOT FULFIL

  4. Command Cls Ins P1 P2 P3 Data (Optional) Each command must have this format: Class Instruction Parameter 1 Parameter 2 Parameter 3

  5. Example of Command A0 D6 05 10 Data For the Command UPDATE BINARY: Offset in file to update (5 bytes) 00 Instruction code for UPDATE BINARY length of data to update (16 bytes)

  6. Example of Status Word Status Word only contains 2 bytes: SW1 SW2 Example: 9000 = successful 9804 = access condition not fulfilled

  7. Phase 2 and Phase 2+ Schlumberger Electronic Transactions The essence of Phase 2 (w/o STK) is that the mobile phone is the MASTER and the SIM is the SLAVE Give me the content of the 12th phone number OK. Here is the phone number you want

  8. Example of phase 2 operation Schlumberger Electronic Transactions What did the phone and SIM actually send in the previous slide? Select file 6F3A No data sent, SW = 9000 Read Record no. 12 Data sent, SW = 9000

  9. What is different in phase 2+ ? Now, SIM can be the MASTER! The applications in phase 2+(with STK) is done by sending PROACTIVE COMMANDS to the phone. Do this Proactive Command for me! OK, and here is the status of your command

  10. 4 new ME commands New ME commands: 1. TERMINAL PROFILE (Which proactive commands ME can do) 2. FETCH (ME gets the proactive command from SIM) 3. TERMINAL RESPONSE (Status of the execution of the command) 4. ENVELOPE (Activation of STK)

  11. What are Proactive Commands? Proactive Commands to be executed by the phone Examples: Display Text Get Input Select Item Send Short Message Set Up Call Send SS Play Tone Provide Loci

  12. How to send Proactive Commands within ISO 7816-3? SW = 91XX (some Proactive Command pending) FETCH XX bytes Send XX bytes containing Proactive command, SW = 9000 By the status word 91XX and the command FETCH Execution of Proactive Command

  13. How does the phone send statusto the SIM ? By the command TERMINAL RESPONSE Execution of Proactive Command TERMINAL RESPONSE (status = OK) SW = 91XX (if more Proactive Command pending) SW = 9000 (if no Proactive Command pending)

  14. Initialization Procedure ( Normal ) Read EF phase ID ME Phase = 03 SIM TERMINAL PROFILE 91XX FETCH XX bytes SETUP MENU ME setup level 1 and 2 of user menu, then send TERMINAL RESPONSE 9000

  15. SIM Application Operating Procedure Initialization Procedure When user selects any item in level 2 of the user menu ENVELOPE (MENU SELECTION) SIM sends sw = 91XX ME “FETCH” proactive command SIM sends sw = 91XX ME sends TERMINAL RESPONSE to SIM SIM sends sw = 9000 End of session, phone will go to idle mode

  16. The structure of proactive commands : TLV TLV is the short form for Tag, Length and Value V T L Value: the actual data for this data field Length: Length for the Value part Tag: meaning / identifier for this data field * GSM 11.14 contain the complete reference for structures of all Proactive Command

  17. Proactive Command - Setup Call Setup Call BER-TLV ` Address Address TLV T L V 81 09 82 08 00 = local call, 90288000 91 58 92 20 08 00 F0 = int call, 852 90288000 TONNPI Address in BCD format

  18. Proactive Command - Send SMS Send SMS BER-TLV address alpha tpdu (SMS-SUBMIT) tpdu TLV T L V 01 00 03 81 21 F3 00 04 05 32 31 32 31 31 User data TONNPI for dest addr No of digits in dest. addr Dest addr = 123 PID DCS 7-bit, 8-bit and 16-bit (=UCS2) User data length

  19. SMS-PP data download(SMS from network to SIM) SMSPP is an other way to receive a SMS from the network. • With Phase 2 SMS the SIM is the SLAVE • With Phase 2+ SMSPP the SIM can be THE MASTER - decrypt a message like stock trading information - activation of application already stored in the SIM - ...

  20. SMSPP download GSM SMS Service Center 04 03 81 21 F3 7FF6 05 32 31 32 31 31 User data TONNPI for dest addr No of digits in dest. addr Dest addr = 123 PID DCS User data length

More Related