Feeds

Mind out, Apple: Ericsson leads charge against the SIM

Gemalto pitches in to manage the machines

The Essential Guide to IT Transformation

Gemalto and Ericsson have partnered to create SIM-less mobile phones aimed at machines rather than people - though the technology and techniques developed will be well-received in Cupertino.

The partnership will create a provisioning system to allow things (cars, electricity meters, etc) to be fitted with an embedded mobile phone*, without knowing the network on which it's going to operate, or even in which country it will be used. Gemalto, meanwhile, will kick in the secure provisioning system which will make the removable SIM redundant.

European mobile phones are required to conform to the GSM standard, which mandates a removable SIM so customers can easily switch networks, but Apple has been (successfully) leading a project to extend the standard to encompass embedded SIMs. Such SIMs could change network operators, letting Apple sell connectivity in the iTunes store and car buyers to select a mobile network** on first turn of the key.

Doing that in a secure way is hard, and replicating the long-term success of the removable SIM will be very tough.

Each GSM SIM stores a different secret key, which is replicated in the Authentication Server at the network operator. The key is never transmitted and can't be extracted from the SIM without an enormous amount of effort, and physical access. That shared secret is used to create matching "session" keys with which GSM communication is secured, and those session keys have been broken from time to time, but the shared-secret authentication made possible by the SIM remains secure.

Shared secret is always the best cryptography, assuming the secret can't be intercepted. Dual-key systems (such as RSA or ECC) only exist because of the difficulties in distributing a shared-secret, and such systems are only used in order to safely create a shared secret.

The removable SIM solves this problem by sending the secret in a secure package (the SIM) over a separate communications medium (the post), removing the need for more complicated solutions.

So an operator-independent SIM will have two options: store a shared secret for each network operator, and select which one based on user choice, or store a shared secret from a third party such as Gemalto, or Apple, then use that secret to encrypt the selected operator's secret on request.

The latter solution is better as it offers more flexibility and wider application, but it requires the network operators to share some secrets with that third party, and that is an enormous favour to ask. It's hard to imagine the operators agreeing to share secrets with anyone, but Gemalto is already providing the SIMs to many of them (and thus responsible for programming the secrets into those SIMs) so if they'd trust anyone then it would be Gemalto.

But it never pays to underestimate how craven the operators can be when confronted with iShiny, so where machines lead so human customers will likely follow. ®

* Technically the eUICC (embedded Universal Integrated Circuit Card) does perform the functions of a SIM, but through a chip soldered on the handset's motherboard rather than a detachable, removable unit.

** All new European cars will need a mobile network within two years, to conform with eCall legislation. ®

Build a business case: developing custom apps

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Speak your brains on SIGNAL-FREE mobile comms firm here
Is goTenna tech a goer? Time to grill CEO, CTO
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.