Mobile application development PDF

Preview

Summary

Guthery FM 10/22/01 2:52 PM Page i Mobile Application Development with SMS and the SIM Toolkit Scott B. Guthery Mary J. Cronin McGraw-Hill New York • Chicago • San Francisco • Lisbon London • Madrid • Mexico City • Milan • New Delhi San Juan • Seoul • Singapore • Sydney • Toronto Guthery FM 10/22/01...

Description

Guthery FM

10/22/01

2:52 PM

Page i

Mobile Application Development with SMS and the SIM Toolkit

Scott B. Guthery Mary J. Cronin

McGraw-Hill New York • Chicago • San Francisco • Lisbon London • Madrid • Mexico City • Milan • New Delhi San Juan • Seoul • Singapore • Sydney • Toronto

Guthery FM

10/22/01

2:52 PM

Page ii

Copyright © 2002 by McGraw-Hill Companies, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a data base or retrieval system, without the prior written permission of the publisher. 1 2 3 4 5 6 7 8 9 0 DOC/DOC 0 9 8 7 6 5 4 3 2 1 ISBN 0-07-137540-6 The sponsoring editor for this book was Marjorie Spencer, the editing supervisor was Steven Melvin, and the production supervisor was Sherri Souffrance. It was set in Vendome by Patricia Wallenburg. Printed and bound by R. R. Donnelley & Sons Company. McGraw-Hill books are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please write to the Director of Special Sales, Professional Publishing, McGraw-Hill, Two Penn Plaza, New York, NY 10121-2298. Or contact your local bookstore. Throughout this book, trademarked names are used. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. The 3GPP TS 31.102 Third Generation Mobile System Release 1999, v.3.2.0 is the property of ARIB, CWTS, ETSI, T1, TTA andTTC who jointly own the copyright in it. It is subject to furthermodifications and is therefore provided to you "as is" forinformation purpose only. Further use is strictly prohibited.

Information contained in this book has been obtained by The McGraw-Hill Companies, Inc., (“McGraw-Hill”) from sources believed to be reliable. However, neither McGraw-Hill nor its authors guarantee the accuracy or completeness of any information published herein, and neither McGraw-Hill nor its authors shall be responsible for any errors, omissions, or damages arising out of use of this information. This work is published with the understanding that McGraw-Hill and its authors are supplying information, but are not attempting to render engineering or other professional services. If such services are required, the assistance of an appropriate professional should be sought.

This book is printed on recycled, acid-free paper containing a minimum of 50 percent recycled, de-inked fiber.

Guthery FM

10/22/01

2:52 PM

Page iii

This book is dedicated to Tyler Guthery Rebecca Cronin Johanna Cronin Our next generation

Guthery FM

10/22/01

2:52 PM

Page iv

Guthery FM

10/22/01

2:52 PM

Page v

CONTENTS

Foreword Acknowledgments

1

2

Introducing SMS and the SIM

1

Foundations and Definitions SMS and SIM in the Network Context Protocol Stacks The Role of Standards Preview of Coming Chapters Summary

4 7 9 11 16 16

Basic SMS Messaging Connecting the Handset Communicating with the Handset Communicating with the Network Hello, Mobile World Summary

3

xi xiii

Details of SMS-SUBMIT and SMS-DELIVER Numbering Plans and Mobile Telephone Numbers SMS_SUBMIT Protocol Identifier Data Coding Scheme Concatenated Short Messages “You’ve Got Mail” Application Port Addressing SIM Toolkit Security Enhanced Messaging Services Sounds, Pictures, and Animations Internet E-Mail SMS_DELIVER Summary

19 20 21 24 25 38

39 42 42 47 49 51 52 53 54 54 56 60 61 63

v

Guthery FM

10/22/01

2:52 PM

Page vi

vi

Contents

4

SMS Integration Summary

5

SMS Brokers Summary

6

7

78

79 92

SMS in an Airport Logistics Application

95

SMS Case Study: Atraxis Project Background Focus on the Essentials Design and Development Process The Action on the Ground Project Performance Review Evaluating the Business Results Summary

96 97 98 99 101 103 104 105

The SIM Smart Cards 101 The Evolution of the SIM Who Are You? Evolution of SIM Standards The Birth of the SIM Application Toolkit The SAT API The USAT Interpreter Summary

8

65

SIM Toolkit API: Proactive Commands and Event Download Proactive Commands Details of SIM Toolkit Commands Application Commands Smart-Card Proactive Commands General Purpose Communication Commands System Commands

107 111 115 118 119 122 127 128 130

131 133 142 143 146 146 147

Guthery FM

10/22/01

2:52 PM

Page vii

vii

Contents Event Download Summary

9

End-to-End Security for SMS Messages Security Parameter Indicator (SPI) Ciphering Key Identifier (KIc) and the Key Identifier (KID) Toolkit Application Reference (TAR) Counter (CNTR) Padding Counter (PCNTR) Redundancy Check (RC), Cryptographic Checksum (CC), or Digital Signature (DS) Secured SMS Message Example Proof of Receipt Pairing a Sent Message with its Response Summary

10 The SmartTrust Microbrowser and the 3GPP USAT Interpreter Some More SIM Toolkit History A Short History of Byte Code Interpreters on Smart Cards Sonera SmartTrust WIB The 3GPP USAT Interpreter Remote Procedure Call Using the USAT Interpreter Summary

11 The USAT Interpreter at Work Business Drivers Technology Overview Starting With SMS From WAP to One Integrated Portal Integrating with the Microbrowser Moving to Mobile Banking and M-Commerce From the User Point of View Implementation Challenges and Strategies Bottom-Line Benefits Lessons Learned

148 155

157 161 162 164 165 165 166 166 168 170 172

173 174 176 180 188 193 195

197 198 200 200 202 204 204 205 207 209 210

Guthery FM

10/22/01

2:52 PM

Page viii

viii

Contents

12 The USAT Virtual Machine and SIM Toolkit Programs Variants of the USAT Virtual Machine Virtual Machine Architectures The USAT Virtual Machine from Microsoft Real-Time Travel Example Central versus Local Storage of Personal Information Java Card™ SIMs Installation of USAT Virtual Machine Programs Summary

13 Smart Signatures for Secure Mobile Commerce Starting With the Mobile Customer SmartSignature Features Forms and Templates Keys and PINs Menu Design Changing Service Providers Mobile Certification and Trust Using SmartSignature Trust Relationships for Making the Transaction Trust Relationship for Enabling the Transaction Certification Authorities Business Enablers of SmartSignature SmartSignature in Operation SmartSignature in the Setup Phase Managing a Large Pilot of SmartSignature Pilot Background The Key Participants Revenue Model Pricing of SmartTrust Components Security in a Mobile Trust Hierarchy Lessons of the Pilot Delivery Importance of the Customer’s Experiences Implications to the Business Model Implications for SmartTrust Business Strategy Next Steps with SmartSignature

211 214 216 218 224 224 235 235 237

239 241 243 243 244 244 245 248 251 252 253 253 254 256 258 258 259 260 260 261 262 262 263 263 264

Guthery FM

10/22/01

2:52 PM

Page ix

ix

Contents

14 The ETSI Smart Card Platform Managed Data Sharing Using Access Control Lists Associating Access Control Lists with Files Coding Access Control Rules Access Mode TLV Key References Boolean Expressions of Key References Key Reference Semantics Authentication of Key References Application Activation and Concurrent Execution The Application Directory and Application Activation Application Activation and Concurrent Execution Application Selection Concurrent Application Execution Summary

APPENDIX Standards for SMS and the SIM Third Generation Partnership Project (3GPP) 3GPP Technical Specification Group T (Terminals)—Working Group 2 Mobile Terminal Services and Capabilities 3GPP Technical Specification Group T (Terminals)—Working Group 3 Universal Subscriber Identity Module (USIM) European Telecommunications Standards Institute (ETSI) Smart Card Project International Organization for Standardization (ISO)

Index

267 269 272 274 275 276 278 280 283 284 285 285 287 288 289

291 291

291

292 293 294

295

Guthery FM

10/22/01

2:52 PM

Page x

Guthery FM

10/22/01

2:52 PM

Page xi

FOREWORD

The success story of GSM is also the success story of the SIM. Every subscriber needs a SIM and there is no service without it. This is unlike some other systems where the micro-computer in the smart card offers just an additional service which may or may not be used by the customer. With more than 600 million subscribers worldwide, GSM is by far the largest application employing smart cards and it has taken the smart card industry from its infancy to adulthood. GSM is closely linked with the introduction of mass production of smart cards and the ever increasing requirements of the SIM have given a huge impetus not only to the technological advancement of the microcomputer itself, be it the memory provided by today’s chips or their electrical parameters, but also to the development of operating systems, application provision and programming interfaces of smart cards in general. Only in the last few years has the telecommunications community at large begun to recognize the importance of the contribution of the SIM to the success of GSM. At the birth of GSM, the goal of the SIM was to provide an unprecedented level of security in mobile communications. The SIM also “freed” the mobile phone from the subscription and security aspects. This created, for the first time, a virtually global terminal market. Today, the SIM offers more than just these two things. The standardization of the SIM Application Toolkit and now the Interpreter, together with the advancement in the hardware platform for the SIM created an ever advancing platform for secure value added services at the discretion and under the control of the operator and the service provider. Content is the magic word and it will even be more so in the future. This book is the first comprehensive presentation of the technical issues, including a very detailed introduction to SMS, which currently form the basis of Toolkit and Interpreter. It combines these technical details with thorough presentations of life-examples, making it also a useful source for marketing people with a technical background. This is what Toolkit and Interpreter need: more marketing attention in the higher ranks of the operators and service providers. Everybody there

xi

Guthery FM

10/22/01

2:52 PM

Page xii

xii

Foreword knows WAP but who has heard of Toolkit and Interpreter, let alone how to make money by deploying them in an innovative manner? WAP-like handset-based services and SIM-based Toolkit and Interpreter services do not exclude each other, they can complement each other in an optimal way. The fact that this book exists at all, illustrates one of the benefits of having a single standard over multiple proprietary solutions. Toolkit and Interpreter have been standardized for SIM and USIM by ETSI and the 3GPP. They are solution based standards. The history of GSM has clearly shown that only solution based standards can provide the high level of interoperability between system components necessary for a multivendor environment and the independence from disparate proprietary solutions which are essential for the long-term success. I hope and expect this book to spread the knowledge of these great tools and thus to broaden the penetration of the SIM as a platform for value added services providing content. I also expect this book to cause a lot of interesting and, I am sure, controversial discussions on technical and market aspects of Toolkit and Interpreter as well as on some of the “historical” statements. Having been involved in the standardization of the SIM from its beginning and believing in its future as being more than a security device, I am looking forward to these discussions. They will certainly give a new impetus to the world of the UICC as the smart card platform for (mobile) communications. Dr. Klaus Vedder Giesecke & Devrient Chairman ETSI EP SCP (Smart Card platform) Chairman 3GPP TSG-T3 (USIM) email: [email protected]

Guthery FM

10/22/01

2:52 PM

Page xiii

ACKNOWLEDGMENTS

The development of international SMS and SIM standards and interoperable application platforms for SIM and SMS requires a collective effort that spans many countries and points of view. So it’s no surprise that this book draws heavily on the expertise and experience of many, many participants in the standards development process. We owe a large debt of gratitude to all the busy people who read early versions of chapters, answered complicated questions promptly, and generously shared their recollections and documentation of the early decisions that helped to shape today’s SMS and SIM standards and point the way to the next generation applications. We have named many of these below, but fully realize that the list is by no means complete— so thank you to all the colleagues in 3GPP Terminals (T) and ETSI Smart Card Platform (SCP) standards bodies whose standards work literally made this book possible and to the denizens of various newsgroups and listserv lists including alt.technology.smartcards and eurowireless. Likewise, the case studies that illustrate how operators and corporations are using SIM and SMS applications exist primarily because of the generosity and responsiveness of managers and practitioners who devoted many hours to answering questions, supplying data and detailed explanations, and carefully reviewing early drafts of the cases. Special thanks to Anselmo A. Mazzoleni of the Atraxis Group in Zurich and to Paul Aebi of Swisscom Ltd for their help in completing the Atraxis case write up, to Thomas Bruun Pedersen of Sonofon in Denmark for the extensive interviews and follow up on the Sonofon case, and to Jarkko Rossi, Lars-Erik Sellin, and Werner Freystätter of SmartTrust for their insights and explanations about the technical and business complexities of security for mobile commerce and for multiple updates and reading of drafts. Also thanks to Ari-Pekka Kitinoja of Sonera and Jouni Heinonen of Setec for essential background details and explanation. Our gratitude also goes to Anders Sellin of SmartTrust for his essential early help in framing case topics and introducing us to case prospects among his many contacts in the SIM applications world. Once the book reached its final draft, three experts took the time to read the entire manuscript closely and make valuable comments and

xiii

Guthery FM

10/22/01

2:52 PM

Page xiv

xiv

Acknowledgments corrections. Our appreciation to Nigel Barnes, Jean-Francois Rubon, and Kristian Woodsend for this invaluable service. Throughout the research and writing process, we called on a number of colleagues to supply background information and help clarify specific points of standards and application implementation. Among the many who responded to these queries, special thanks to David Birch, Peter De Vijt, Bertrand du Castel, David Everett, Tony Guilfoyle, Colin Hamling, Mark Kamers, Roger Kehr, Tim Jurgensen, Hans-Joachim Knobloch, Michael Meyer, Pierre Paradinas, David Pecham, Patrice Peyret, Jochaim Posegga, Fred Renner, Edouard Richard, Wolfgang Salge, Lars-Erik Sellin, Gerry Smith, Jean-Jacques Vandewalle, John Wood and last but definitely not least, Klaus Vedder. The tables and graphics that are reprinted herein with permission of ETSI, Atraxis, Setec, SmartTrust, and Sonofon enhance the readability of the book, and we gratefully acknowledge their help. A heartfelt salute to those closer to home who supported our research, writing, and updating efforts throughout the whole process. To the entire staff of Mobile-Mind, and in particular to Dan Eichenwald, Peter Laing, Scott Marks, Scott Olihovik and Perry Spero, we are happy to tell the world that we couldn’t have made it to the last page without your day-to-day contributions. A sincere thank you to Marjorie Spencer, our excellent and very patient editor, and to Rob Robertson, our agent, for his confidence that this book was meant to be. Finally, we fully recognize that even with the best of support and expert advice, in the fast-changing world of SMS and SIM applications there are bound to be changes and inaccuracies in any description that becomes frozen in print. We hope that readers will send us their comments and corrections to help improve the next edition.

Scott B. Guthery [email protected] Mary J. Cronin [email protected]

Guthery 01

10/18/01

1:19 PM

Page 1

CHAPTER

1

Introducing SMS and the SIM

Guthery 01

10/18/01

2

1:19 PM

Page 2

Chapter 1 Wireless devices have overtaken every other technology—including the Internet—in global adoption. By 2003 more than a billion people will be using a wireless phone or personal digital assistant (PDA) for voice and data communications. Three factors that have helped to drive this phenomenal growth have also inspired this book: 1. The worldwide availability and popularity of an inexpensive Short Message Service (SMS); 2. The evolution of the Subscriber Identity Module (SIM) inside GSM phones into a standardized and secure application platform for GSM and next-generation networks; and 3. The demand for applications that let people use their mobile phones for more than just talking. Let’s take a quick look at how SMS and the SIM have contributed to the growth of wireless applications and then discuss what you can expect to learn from this book. The number of SMS messages sent every month has risen from about 1 billion messages in July 1999 to more than 20 billion in July 2001, with projections that the total number of SMS messages exchanged in 2001 will top 200 billion. These SMS exchanges range from simple text greetings or questions sent between individual subscribers (sometimes called “texting”) to news and information services offered by the wireless carriers, to more advanced applications offered by third parties such as retrieving data from a corporate sales database or mobile banking. One result of all this texting and other SMS activity is that wireless carriers now view SMS as an important source of revenues. Another outcome is that hundreds of millions of subscribers are ready and eager to try out interesting new services based on SMS. But to move beyond the basic text message delivery and create applications that can be customized and trusted, developers need a standardized and secure application platform. That’s where the SIM comes in. The SIM is a smart chip that was designed as a secure, tamper-resistant environment for the cryptographic keys that GSM carriers use to authent...