The SIM card as an enabler for security, privacy, and trust in mobile services

The paper describes an architecture for mobile services where the SIM card is integrated for providing basic services related to security, privacy, and trust. The presented work is part of a cooperative research initiative aiming at an open architecture for mobile services. Nowadays, the security of mobile networks is mainly established through the SIM card. It provides an identity and can be used for authentication. Moreover, the SIM includes secure tamper-proof storage capabilities as well as cryptographic modules required for basic functions like signing, and ciphering. Consequently, in our architecture for mobile services, the SIM has also the role of a security token providing basic security related services. The SIM is integrated in the architecture using standard internet protocols. A web server on the card enables the exchange of data with the mobile device through HTTP. Moreover, a servlet architecture on the card allows for the provisioning of SIM services with an interface similar to that of WEB services. An important issue within the open and heterogeneous infrastructures for future mobile services is support for identification, evaluation, and rating of service offers. As an example for a SIM based service, we therefore propose a trust management service. The service is designed following the ideas of a web of trust infrastructure with an on-card key ring and trust value management. It uses digital signing for identification of services as well as for signatures by the user.