All you need to know about nano SIMs - before they are EXTERMINATED
The chip inside the iPhone 5
Apple's iPhone 5 uses a nano SIM, the smallest SIM ever designed and, quite possibly, the last SIM we'll see in any mobile telephone.
The nano SIM used in the new smartphone is tiny and its pattern of electrical contacts are about two thirds the size of the original SIM. It's almost too small to hold and certainly small enough to lose in a pocket, but despite the diminutive size its basic functionality remains unchanged: hosting encryption electronics and serial communications at 9,600 baud.
The SIM and nano SIM in proportion
The GSM standard mandates a removable SIM, and consumer devices can conform to one of four different form factors [PDF, dry, really dry]. The first is a credit-card-sized monster. The second is the traditional SIM we've come to know. The third form factor (3FF) retains the same contact pattern as the first two so one can just trim down an existing SIM, but the fourth - the nano SIM - makes these DIY jobs a lot more challenging (although not impossible) as it changes the layout and positioning of the connections.
A Subscriber Identity Module (SIM) contains a cryptographic chip, but critically it also stores a copy of the unique subscriber key, the other copy being held in the network operator's authentication server (AuC). During the GSM authentication a random number is encrypted using that key and must be decrypted by the phone to prove the subscriber is genuine. On 3G networks the process is also reversed to mitigate against man-in-the-middle attacks, and it's notable that while the encryption on GSM calls has been compromised (once or twice) the authentication remains secure.
The chips holding the key, and doing the cryptography, are suspended in space, glued to the back of the SIM's metal contacts. The silicon dies are small, but it's the air space around them which has hitherto prevented SIMs from getting thinner. The nano SIM is slimmer, thanks to thinner chips and more precise engineering, so the nano SIM is only .67mm thick.
It's also exempted it from the physical flexibility requirements of the SIM specification, which SIMs inherited largely from the credit card specification (ISO 7816). Nano SIMs will snap more easily than their larger contemporaries, but given the size that's not really important.
Let's make a connection
Contacts on the nano SIM. C1-3 and C5-7 are compatible with previous SIMs.
Source: ETSI. Pads highlighted by The Reg
There are eight connections on all the SIM designs, although on both the traditional SIM and the mini SIM (3FF) the electrical ground connection (C5, see diagram) is generally extended down the middle. That's harder on the nano SIM because it has two connections in the middle (C4 and C8), although some designs stretch the ground pad out and more than a few don't bother with those two optional pads.
As the chips in a SIM shrank, manufacturers tried to extend the functionality many times, from optimistic GPS to accelerometers, and ultimately loads of memory - up to 4GB of flash storage hampered only by the impossibility of getting the data off the SIM in a reasonable timeframe.
SIMs communicate with the phone over a single wire (C7) using a serial protocol similar to RS232 running at 9,600 baud. Older readers will remember that as the Blue US Robotics Sportster, younger readers should just understand that this is really, really, slow - transferring the aforementioned 4GB would take more than a month.
So the manufacturers lobbied for, and got, an extension to the standard that allocated the two lowermost pins to create a USB connection for fast communications. But despite enthusiastic support, from France Telecom, high-capacity SIMs never took off, so the USB connection quickly became redundant and the two contacts are optional. On traditional and mini SIMs that means losing the two bottom connectors, on the nano SIM that removes the two central pads.
Reg man Bill Ray proves his SIM credentials
with this tasteful tattoo
Also optional is pad C6, known as Vpp as it was used to carry the higher voltage needed for writing data to early chips. Vpp is redundant these days as the voltage used to run the SIM, Vcc supplied over C1, is good enough for programming, but C6 is now used for transferring data wirelessly over NFC if the Single Wire Protocol (SWP) is supported, enabling the SIM (even in nano form) to communicate direct with NFC radio hardware. This avoids the security implications of going through the handset.
Of the eight contacts, therefore, three are optional, but in most cases six pads will be visible. C1 is the supply voltage; C2 is the reset signal so the SIM knows when to start doing something; and C3 is the clock signal as the timing clock was left out of the SIM spec to keep the cost down. C5 is ground, often extended down the middle; C6 is the NFC SWP contact; and C7 is the serial communications connection that actually does the stuff one expects a SIM to do.
The SIM can't, realistically, get any smaller, but if the requirement to make it removable is dropped then the functionality could be fitted into a processor die in the form of a typical system-on-a-chip. Hardware-based security can be implemented on the package, as exemplified by ARM's TrustZone and Intel's Secure Element which provide comparable functionality without the need for a physical SIM.
Such a "soft SIM" would require a change to the GSM standard, to which all mobile phones in Europe are required to conform, but that change is already in progress having been proposed in 2010 by Apple.
Apple's interest isn't just in making the SIM even smaller: it also wants to wrest control of the secure store from the network operators whose ownership of the SIM would appear unassailable. The repeated paring away of the physical SIM might be technically driven, but its ultimate disappearance is a matter of politics and power rather than technical necessity. That's particularly irritating for those of us who've opted to have the iconic pattern permanently marked upon us, but it could have been much, much worse. ®
Sponsored: The Nuts and Bolts of Ransomware in 2016