A Subscriber Identity Module (SIM) is part of a removable smart card ICC (Integrated Circuit Card), also known as SIM Cards, for mobile, telephony devices (such as computers) and mobile phones. SIM cards securely store the service-subscriber key (IMSI) used to identify a subscriber. The SIM card allows users to change phones by simply removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device.
SIM cards are available in two standard sizes. The first is the size of a credit card (85.60 mm × 53.98 mm x 0.76 mm). The newer, more popular miniature-version has a width of 25 mm, a height of 15 mm, and a thickness of 0.76 mm. However most SIM cards are supplied as a full-sized card with the smaller card held in place by a few plastic links and can be easily broken off to be used in a phone that uses the smaller SIM.
The exact format of the SSN differs according to the mobile operator, however the following is constant:
The numbering of the ICC-ID is based on International Standard ISO/IEC 7812. The maximum length of the visible card number is 20 characters; 19 digits are preferred, but telecommunication network operators who are already issuing Phase 1 SIM cards with an identification number length of 20 digits may retain this length. The number is composed of the following subparts:
Issuer Identification number (max. 7 digits)
Individual account identification
W-SIM is a SIM card which also integrates core cellular technology into the card itself.
The use of SIM cards is mandatory in GSM devices. The equivalent of a SIM in UMTS is called the Universal Integrated Circuit Card (UICC), which runs a USIM application, whereas the Removable User Identity Module (RUIM) is more popular in CDMA-based devices. Many CDMA-based standards do not include any such card, and the service is bound to a unique identifier contained in the handset itself.
The Satellite phone networks Iridium, Thuraya and Inmarsat's BGAN also use SIM cards. Sometimes these SIM cards work in regular GSM phones and also allow GSM customers to roam in satellite networks by using their own SIM card in a satellite phone.
The SIM card introduced a new and significant business opportunity of mobile telecoms operator/carrier business of the MVNO (Mobile Virtual Network Operator) which does not own or operate a cellular telecoms network, but which leases capacity from one of the network operators, and only provides a SIM card to its customers. MVNOs first appeared in Denmark, Hong Kong, Finland and the UK and today exist in over 50 countries including most of Europe, USA and Canada, and Australia and parts of Asia and account for approximately 10% of all mobile phone subscribers around the world.
On some networks the mobile phone is locked to its SIM card such as on the GSM networks in the USA. This tends to happen only in countries where mobile phones are heavily subsidised, but even then not all countries and not all operators; such as in the UK, typically, most phones with subsidies are not SIM-locked. In countries where the phones are not subsidised, such as Italy and Belgium, all phones are unlocked. Where the phone is not locked to its SIM card, the users can easily switch networks by simply replacing the SIM card of one network with that of another while using only one phone. This is typical for example among young users who may want to optimise their telecoms traffic by different tariffs to different friends on different networks. It is called the "SIM card switch"
SIM cards store network specific information used to authenticate and identify subscribers on the Network, the most important of these are the ICCID, IMSI, Authentication Key (Ki), Local Area Identity (LAI) and Operator-Specific Emergency Number. The SIM also stores other carrier specific data such as the SMSC (Short Message Service Center) number, Service Provider Name (SPN), Service Dialing Numbers (SDN), Advice-Of-Charge parameters and Value Added Service (VAS) applications. (look to GSM 11.11)
Each SIM is Internationally identified by its ICC-ID (Integrated Circuit Card ID). ICCIDs are stored in the SIM cards and are also engraved or printed on the SIM card body during a process called personalization. The ICCID is defined by the ITU-T recommendation E.118. The number is up to 18 digits long and in addition is often associated with a single check digit calculated using the Luhn algorithm.
SIM cards are identified on their individual operator networks by holding a unique International Mobile Subscriber Identity. Mobile operators connect mobile phone calls and communicate with their market SIM cards using their IMSI.
The Ki is a 128-bit value used in authenticating the SIMs on the mobile network. Each SIM holds a unique Ki assigned to it by the operator during the personalization process. The Ki is also stored on a database (known as Authentication Center or AuC) on the carrier’s network.
The SIM card is designed not to allow the Ki to be obtained using the smart-card interface. Instead, the SIM card provides a function, "RUN GSM ALGORITHM", that allows the phone to pass data to the SIM card to be signed with the Ki. This, by design, makes usage of the SIM card mandatory unless the Ki can be extracted from the SIM card, or the carrier is willing to reveal the Ki. In practice, the GSM "crypto" algorithm for computing SRES_2 (see step 4, below) from the Ki has certain vulnerabilities which can allow the extraction of the Ki from a SIM card and the making of a duplicate SIM card.
The SIM stores network state information, which is received from the Location Area Identity (LAI). Operator networks are divided into Location Areas, each having a unique LAI number. When the device changes locations, it stores the new LAI to the SIM and sends it back to the operator network with its new location. If the device is power cycled, it will take data off the SIM, and search for the previous LAI. This saves time by avoiding having to search the whole list of frequencies that the telephone normally would.
Most SIM cards will orthogonally store a number of SMS messages and phonebook contacts. The contacts stored are in simple 'Name and number' pairs - entries containing multiple phone numbers and additional phone numbers will usually not be stored on the SIM card. When a user tries to copy such entries to a SIM the handset's software will break them up into multiple entries, discarding any information that isn't a phone number. The number of contacts and messages stored depends on the SIM; early models would store as little as 5 messages and 20 contacts while modern SIM cards can usually store over 250 contacts.
A Universal Subscriber Identity Module is an application for UMTS mobile telephony running on a UICC smart card which is inserted in a 3G mobile phone. There is a common misconception to call the UICC card itself a USIM, but the USIM is merely a logical entity on the physical card.
For authentication purposes, the USIM stores a long-term preshared secret key K, which is shared with the Authentication Center (AuC) in the network. The USIM also verifies a sequence number that must be within a range using a window mechanism to avoid replay attacks, and is in charge of generating the session keys CK and IK to be used in the confidentiality and integrity algorithms of the KASUMI block cipher in UMTS.
Equivalents on 2G