Title: Proactive SIM Training
1SIM Toolkit in GSM Wilson Cheung Schlumberger
Technologies (Asia) Ltd.
2Communication
Communication between any smart card and Terminal
must follow ISO 7816-3
Command
Status Word
3Command and Status Word
Examples of commands
CREATE FILE UPDATE RECORD SELECT
What are status words
SUCCESSFUL FILE ALREADY EXISTS ACCESS CONDITION
NOT FULFIL
4Command
Each command must have this format
Class
Instruction
Parameter 1
Parameter 2
Parameter 3
5Example of Command
For the Command UPDATE BINARY
Offset in file to update (5 bytes)
00
Instruction code for UPDATE BINARY
length of data to update (16 bytes)
6Example of Status Word
Status Word only contains 2 bytes
SW1
SW2
Example 9000 successful 9804 access
condition not fulfilled
7Phase 2 and Phase 2
The essence of Phase 2 (w/o STK) is that the
mobile phone is the MASTER and the SIM is the
SLAVE
Give me the content of the 12th phone number
OK. Here is the phone number you want
8Example of phase 2 operation
What did the phone and SIM actually send in
the previous slide?
Select file 6F3A
No data sent, SW 9000
Read Record no. 12
Data sent, SW 9000
9What is different in phase 2 ?
Now, SIM can be the MASTER!
The applications in phase 2(with STK) is done by
sending PROACTIVE COMMANDS to the phone.
Do this Proactive Command for me!
OK, and here is the status of your command
104 new ME commands
New ME commands
1. TERMINAL PROFILE (Which proactive commands ME
can do) 2. FETCH (ME gets the proactive command
from SIM) 3. TERMINAL RESPONSE (Status of the
execution of the command) 4. ENVELOPE (Activation
of STK)
11What are Proactive Commands?
Proactive Commands to be executed by the phone
Examples Display Text Get Input Select
Item Send Short Message Set Up Call Send
SS Play Tone Provide Loci
12How to send Proactive Commands within ISO 7816-3?
By the status word 91XX and the command FETCH
Execution of Proactive Command
13How does the phone send statusto the SIM ?
By the command TERMINAL RESPONSE
Execution of Proactive Command
TERMINAL RESPONSE (status OK)
SW 91XX (if more Proactive Command pending)
SW 9000 (if no Proactive Command pending)
14Initialization Procedure ( Normal )
ME setup level 1 and 2 of user menu, then send
TERMINAL RESPONSE
9000
15SIM Application Operating Procedure
Initialization Procedure
When user selects any item in level 2 of the user
menu
ENVELOPE (MENU SELECTION)
SIM sends sw 91XX
ME FETCH proactive command
SIM sends sw 91XX
ME sends TERMINAL RESPONSE to SIM
SIM sends sw 9000
End of session, phone will go to idle mode
16The structure of proactive commands TLV
TLV is the short form for Tag, Length and Value
V
T
L
Value the actual data for this data field
Length Length for the Value part
Tag meaning / identifier for this data field
GSM 11.14 contain the complete reference for
structures of all Proactive Command
17Proactive Command - Setup Call
Setup Call BER-TLV
Address
Address TLV
T L V
81 09 82 08 00
local call, 90288000
91 58 92 20 08 00 F0
int call, 852 90288000
TONNPI
Address in BCD format
18Proactive Command - Send SMS
Send SMS BER-TLV
address alpha tpdu (SMS-SUBMIT)
tpdu TLV
T L V
01 00 03 81 21 F3 00 04 05 32 31 32 31 31
User data
TONNPI for dest addr
No of digits in dest. addr
Dest addr 123
PID
DCS 7-bit, 8-bit and 16-bit (UCS2)
User data length
19SMS-PP data download(SMS from network to SIM)
SMSPP is an other way to receive a SMS from the
network.
- With Phase 2 SMS the SIM is the SLAVE
- With Phase 2 SMSPP the SIM can be THE MASTER
- - decrypt a message like stock trading
information - - activation of application already stored in
the - SIM
- - ...
20SMSPP download
GSM SMS Service Center
04 03 81 21 F3 7F F6 05 32 31 32 31 31
User data
TONNPI for dest addr
No of digits in dest. addr
Dest addr 123
PID
DCS
User data length