Wireless Access Protocol (WAP) is an open international standard[1] for application-layer network

communications in a wireless-communication environment. Most use of WAP involves accessing the mobile web
from a mobile phone or from a PDA.

A WAP browser provides all of the basic services of a computer-based web browser but simplified to operate within
the restrictions of a mobile phone, such as its smaller view screen. Users can connect to WAP sites: websites written
in, or dynamically converted to, WML (Wireless Markup Language) and accessed via the WAP browser.

Before the introduction of WAP, service providers had extremely limited opportunities to offer interactive data
services, but needed interactivity to support now-commonplace activities such as:

• Email by mobile phone

• Tracking of stock-market prices
• Sports results
• News headlines
• Music downloads

The Japanese i-mode system offers another major competing wireless data protocol.

• The WAP standard[2] describes a protocol suite that allows the interoperability of WAP equipment and
software with many different network technologies, thus allowing the building of a single platform for
competing network technologies such as GSM and IS-95 (also known as CDMA) networks.

+------------------------------------------+
| Wireless Application Environment (WAE) |
+------------------------------------------+ \
| Wireless Session Protocol (WSP) | |
+------------------------------------------+ |
| Wireless Transaction Protocol (WTP) | | WAP
+------------------------------------------+ | protocol
| Wireless Transport Layer Security (WTLS) | | suite
+------------------------------------------+ |
| Wireless Datagram Protocol (WDP) | |
+------------------------------------------+ /
| *** Any Wireless Data Network *** |
+------------------------------------------+

• The bottom-most protocol in the suite, the WAP Datagram Protocol (WDP), functions as an adaptation
layer that makes every data network look a bit like UDP to the upper layers by providing unreliable
transport of data with two 16-bit port numbers (origin and destination). All the upper layers view WDP as
one and the same protocol, which has several "technical realizations" on top of other "data bearers" such as
SMS, USSD, etc. On native IP bearers such as GPRS, UMTS packet-radio service, or PPP on top of a
circuit-switched data connection, WDP is in fact exactly UDP.
 • WTLS, an optional layer, provides a public-key cryptography-based security mechanism similar to TLS.

• WTP provides transaction support (reliable request/response) adapted to the wireless world. WTP supports
more effectively than TCP the problem of packet loss, which occurs commonly in 2G wireless technologies
in most radio conditions, but is misinterpreted by TCP as network congestion.

• Finally, one can think of WSP initially as a compressed version of HTTP.

This protocol suite allows a terminal to transmit requests that have an HTTP or HTTPS equivalent to a WAP
gateway; the gateway translates requests into plain HTTP.

WAP?

WAP, or Wireless Application Protocol, is a communications language that lets mobile phones and handheld
computers connect to the (specially designed) web pages on the Internet. Of course the screens are tiny, and have
low resolution and few colours, but if you're travelling and need Tibet's weather forecast for the next day it may be
handy.

Some WAP devices in 2002

And 3G?

"Third Generation" mobile phone technology aims to increase the speed at which WAP-enabled devices can
communicate with the Internet. Current speeds are pretty low - e.g. 33Kbps (about 33,000 bits per second or about
4200 bytes per second) - but 3G promises to get this up to between 150Kbps and 2000Kbps. This will allow
videoconferencing in taxis, watching TV on the toilet, downloading Britney Spears movie clips during board
meetings - and other vital, life-fulfilling functions :-)

And the Shoe Phone?

Fans of Maxwell Smart, Secret Agent 86, might fondly remember the first mobile phone...

Spy phone built into secret agent Maxwell Smart's left shoe on the espionage comedy GET SMART (1965-70). His
shoe phone number was 306. When he dialed the number 117, his shoe would convert into a gun. Max's shoes also
contained deadly weaponry. Housed in a small compartment of his left heel were two pellets-the small one explodes
when thrown or heated; the larger one was a suicide pill which killed painlessly in twenty seconds when swallowed.
In the movie spin-off 'The Nude Bomb', a.k.a. 'The Return of Maxwell Smart' (1980), the shoe phones were updated
to include touch-tone dialing and an answering machine.

Advantages and Disadvantages of M- Commerce

the advantage of m-commerce is:

1- providing wider reach.

2- reducing transaction cost

3- streamline business processes.

4- competitive pricing.

5- reducing time to order.

The disadvantages of m-commerce.

1- small screens of most devices still limit types of file and data transfer (i.e. streaming videos, etc.)

2- standards guiding applications and technology development and connection(s)

3- WAP and SMS limited to small number of characters and text.

4- use of graphics limited

5- less functionality for mobile Internet over mobile phones and existing generation of handhelds than for mobile
computers (laptops and next generation handhelds)

6- user interface is often difficult to learn how to use

7- limited bandwidth

8- limited roll out of higher bandwidth mobile networks and devices (i.e. 3g networks and wireless broadband
networks are predominantly located in cities)

9- cost of establishing mobile and wireless broadband infrastructure

10- technology constraints of mobile devices (memory, processing power, display capabilities, input methods)

11- security of data moved across some mobile and wireless networks

12- businesses investment in hardware and infrastructure is seen as riskier as rapid evolution of mobile and wireless
technologies continues.

Wireless Portals

The business models for wireless Internet portals are still emerging, but if
history shows us anything, it is that the creation of wireless data businesses
can be extremely difficult. Careful attention must be paid to developing
revenue-generating applications that make sense. The trend toward low-
cost, flat-rated, volume airtime plans should spur the development of this
market as increasing numbers of end users look to wireless as a convenient
substitute for wireline services.

The market for wireless internet services will grow, but only as rapidly as
advanced technologies are deployed and more enticing applications—audio
streaming, video streaming, stock trading, and games—can evolve. For
now, the best opportunities in the wireless data space will remain in the
business data-only wireless services sector. This report sizes the business
and consumer market, discusses the wireless portal value chain, examines
supporting technologies, and profiles wireless service providers, wireless
portals, and device manufacturers.
The Wireless Internet

Ever since its conception, wireless carriers and analysts alike have touted the wireless Internet as The Next Internet.
Many companies, for both corporate and commercial purposes, have implemented strategies based on this premise,
creating entire departments devoted to keeping pace with this evolving technology—speeding them into the next
generation of Internet access. Following the belief that the wireless Internet would evolve at the same breakneck
speed that the wired Internet did six years ago, these companies have poured money into developing wireless portals,
vying for dominance in an as yet unproven field.

Some industry analysts even trumpeted the emerging wireless Internet as becoming the predominant medium for
Web-browsing and mobile e-commerce (m-commerce). The e-commerce boom began on the wired Web five years
ago, and investors wanted nothing more than to be there when this phenomenon plays out again in the world of
wireless. Caught up in the frenzy, Internet service providers and other consumer portals of the wired Internet rushed
to develop and market wireless versions of their existing Web sites.

These companies soon discovered the caveat that lay behind anytime, anywhere accessibility to their portals:
mimicking the look and feel, the “magic,” of a Web site on today’s wireless, hand-held devices is an impossibility; a
whole new set of rules must be learned and applied. Further exacerbating the situation is the abundance of
competing technologies, standards, protocols, platforms, and devices—many of which are incompatible and require
their own individual set of rules and restrictions.

Some industry experts have gone so far as to liken the current state of the wireless Web to the now prehistoric days
of the wired Web, when users tapped into bulletin boards using a 300-baud modem. The grim reality is that when
compared to its predecessor—for those accustomed to the rich content and graphical offerings of the current wired
Internet—today’s wireless Internet is no more than a bastardized counterpart with severe functionality handicaps.
The small size and graphical limitations of a wireless, hand-held device’s screen, coupled with mere rudimentary
interface capabilities, place severe restrictions on what content can be offered and how it is accessed and displayed.
Applications that feature rich graphical displays are doomed, as are Web sites that are several levels deep, because
they require too many keystrokes to navigate. These limitations are only compounded by current bandwidth and
data transmission speeds, generally 9.6 to 14.4 Kbit/s. Such a platform does not drive a consumer market.

Analysts said that wireless would be The Next Internet. It’s not. They said it would drive m-commerce. It hasn’t.
The only thing that outperformed expectations was the hype.

Today, companies are backpedaling. The most notable scaling down has been Amazon, who, in light of
disappointing revenue—$1 million from m-commerce versus $2.8 billion overall for 2000—has all but eliminated its
m-commerce department, which numbered some 38 employees at its peak.

The perception that enterprise wireless Internet use would be leveraged by consumer use, where wireless devices are
most prevalent, has proven inane. Wireless Internet access can, in fact, be uniquely exploited by mobile enterprise
users: it is optimized for anytime, anywhere access to time-critical information (push or pull from corporate
databases). In this respect, the wireless Internet opens a floodgate for a variety of potential vertical and horizontal
industry applications.

Internet services such as e-mail and short messaging services (SMS) are growing rapidly and will continue to do so.
These two data services alone, however, are incapable of driving an entire market. The expectations of consumers
for robust and stimulating media have swelled too much for such a scenario to be conceivable.

Extensive Web-browsing and m-commerce, viewed as boons for the wireless Internet consumer market, are not yet
practical—given the present limitations on content, delivery, and presentation—and are not expected to exert any
sizable market clout in the near term. In the long term, as advances in technology allow such innovations as
streaming video and voice-activated applications, perhaps even an as-yet unthought of killer application, these uses
will become more widely accepted by consumers. In the end though, the interface and display capabilities of the
mobile devices themselves, which must be small-sized to remain practical, will endure as limiting factors.

While Insight does not foresee the wireless Web generating many opportunities over the next few years, the overall
sector of wireless data is expected to demonstrate sizable growth during the forecast period, particularly in the area
of business data-only wireless services. Business data-only wireless initiatives, and the growth of this market, are
discussed in further detail in Insight’s report entitled Wireless Data, Wireless IP, and Vertical Markets, 2001-2006.

Wireless Portals

The traditional definition of a portal as a doorway, gate, or entrance is stretched to the limit when referring to the
Internet; a portal can be practically any site, so long as it is one positioned as an entrance to other sites on the
Internet. Portals, essentially, are aggregators, providing access to Web services—generally search capabilities, e-
mail, and instant messaging—and a plethora of content. From a financial perspective, a portal should be a revenue-
generating online community that offers enticing interactive services.

A portal can be the first place a user goes online—the default Web page set on a browser or one selected personally
by the user—but need not be; secondary portals are those that provide equivalent content and services, but are just
not a user’s initial point of entry.

On the wireless Web, many wireless carriers transform the home deck of a user’s Internet-ready mobile device into a
carrier-branded portal—the default and premier portal for accessing the Internet with that carrier’s services. It is
through this carrier-branded portal that a user has access to Internet services and can search the wireless Web.
Carriers aim to include all of the capabilities in their portals that major wireless portals, such as America Online and
Yahoo!, Inc. do, hoping that users will not seek out such secondary portals because they will want to retain their
assigned e-mail addresses and bookmarks.

These carrier-branded portals, whose evolution sprang as a solution to the variety and disparate capabilities of
mobile devices, have come to be known as “walled gardens”; so named because wireless carriers dictate which
services and content, and ultimately which wireless Web sites, are accessible. Many Web content providers
disapprove of this practice, arguing that wireless carriers are controlling subscribers by limiting them to only those
Web sites that have paid for the privilege of admittance into their walled gardens.

Every Web site that wants to make its content available through the wireless Internet must create a version compliant
with wireless application protocol (WAP) or one of the other leading standards for wireless content delivery, such as
i-mode. Less than one percent of Web sites today have a WAP counterpart—a further reason, stemmed from
combined technological and financial complications, why the wireless Web has not been adopted by the consumer
market as rapidly as industry analysts initially predicted.

In the US, the Internet available to wireless users is considerably more limited than the wired Internet. Few vendors
have adapted their Web sites to accommodate WAP or other standards. According to one research study that
considered 577 commercially-operated English language wireless Web sites, 14 percent qualified as portals. In their
findings, they reported that “these sites are not as user-friendly as their wired world counterparts.”

Enterprise Wireless Portals

Many enterprises view wireless as an extension of their existing Internet strategies. The wireless Internet must not
be thought of as a new platform, but rather as a new technology for business modeling. Wireless Web services
should facilitate transactions and functions and improve an enterprise’s value chain.

Even with today’s limitations of wireless speed, quality of service, and reliability, many examples of sales force
automation, customer care, health service, warehouse management, and shipment tracking are already in use. One
thing is for sure: where value is achieved today will be different from where it will be achieved three to five years
from now. Three significant technologies will change the future short-term value of wireless data transmission:

• 2.5G and 3G technologies

• Voice recognition, and
• Bluetooth.

Once these technologies are combined and harnessed, mission-critical solutions that sit behind corporate firewalls
and require broader wireless bandwidth will become practical. Of those businesses that have a Web site in 2001,
approximately 7 percent also have a wireless Web site—a site with special accommodations for mobile users. By
2006, the percentage of businesses maintaining a wireless Web site in addition to a regular Web site will grow to 12
percent.

CDMA

What is CDMA?

Code Division Multiple Access, a cellular technology orginally known as IS-95, competes with GSM technology for
dominance in the cellular world.

There are now different variations, but the original CDMA is now known as cdmaOne.

• Latest CDMA Global Subscriber & Operator Numbers

• 10 million new CDMA2000 subscribers were added in 3Q 2003

• See other cellular technologies of the world

• CDMA2000 Coverage & Operators

CDMA is a Code Division Multiple Access

• Spread spectrum technique

 • Multiple users share the same frequency in one cell
• Same frequency in all the cells
• Takes advantage of Multipath
• Capacity is soft
• Operates under presence of interference

• Code division multiple access (CDMA) is a channel access method utilized by various radio
communication technologies. It should not be confused with the mobile phone standards called cdmaOne
and CDMA2000 (which are often referred to as simply "CDMA"), which use CDMA as an underlying
channel access method.
• One of the basic concepts in data communication is the idea of allowing several transmitters to send
information simultaneously over a single communication channel. This allows several users to share a
bandwidth of different frequencies. This concept is called multiplexing. CDMA employs spread-spectrum
technology and a special coding scheme (where each transmitter is assigned a code) to allow multiple users
to be multiplexed over the same physical channel. By contrast, time division multiple access (TDMA)
divides access by time, while frequency-division multiple access (FDMA) divides it by frequency. CDMA
is a form of "spread-spectrum" signaling, since the modulated coded signal has a much higher data
bandwidth than the data being communicated.
• An analogy to the problem of multiple access is a room (channel) in which people wish to communicate
with each other. To avoid confusion, people could take turns speaking (time division), speak at different
pitches (frequency division), or speak in different languages (code division). CDMA is analogous to the
last example where people speaking the same language can understand each other, but not other people.
Similarly, in radio CDMA, each group of users is given a shared code. Many codes occupy the same
channel, but only users associated with a particular code can understand each other.

Spread spectrum
Spread-spectrum techniques are methods by which a signal (e.g. an electrical, electromagnetic,
or acoustic signal ) generated in a particular bandwidth is deliberately spread in the frequency
domain, resulting in a signal with a wider bandwidth. These techniques are used for a variety of
reasons, including the establishment of secure communications, increasing resistance to natural
interference and jamming, to prevent detection, and to limit power flux density (e.g. in satellite
downlinks).

Use

• One of the early applications for code division multiplexing is in GPS. This predates and is distinct from
cdmaOne.
• The Qualcomm standard IS-95, marketed as cdmaOne.
• The Qualcomm standard IS-2000, known as CDMA2000. This standard is used by several mobile phone
companies, including the Globalstar satellite phone network.
• CDMA has been used in the OmniTRACS satellite system for transportation logistics.
Significance of various digits of a Mobile Number

A telephone number or phone number is a sequence of numbers used to call from one telephone line to another in
a public switched telephone network. When telephone numbers were invented, they were short — as few as one,
two or three digits — and were given verbally to a switchboard operator. As phone systems have grown and
interconnected to encompass the world, telephone numbers have become longer. In addition to telephones, they now
access other devices, such as computers and fax machines.

The number contains the information necessary to identify uniquely the intended endpoint for the telephone call.
Each such endpoint must have a unique number within the public switched telephone network. Most countries use
fixed length numbers (for normal lines at least) and therefore the number of endpoints determines the necessary
length of the telephone number. It is also possible for each subscriber to have a set of shorter numbers for the
endpoints most often used. These "shorthand" or "speed calling" numbers are automatically translated to unique
telephone numbers before the call can be connected. Some special services have their own short numbers (e.g. 1-1-
9, 9-1-1, 0-0-0, 9-9-9 and 1-1-1, being the Emergency Services numbers for China, Japan, South Korea, Taiwan and
Sri Lanka; Canada and the United States; Australia; the United Kingdom; and New Zealand, respectively.)

Many systems also allow calls within a local area to be made without dialing the local area code. For example, a
phone number in North America will start with three numbers (such as 918), which is the area code, followed by
seven digits split into sections of three and four (such as 555-1212), which is the local number.

Most telephone networks today are interconnected in the international telephone network, where the format of
telephone numbers is standardized by ITU-T in the recommendation E.164, which specifies that the entire number
should be 15 digits or shorter, and begin with a country prefix. For most countries, this is followed by an area code
or city code and the subscriber number, which might consist of the code for a particular telephone exchange. ITU-T
recommendation E.123 describes how to represent an international telephone number in writing or print, starting
with a plus sign ("+") and the country code. When calling an international number from a fixed line phone, the +
must be replaced with the international call prefix chosen by the country the call is being made from. Some mobile
phones allow the + to be entered directly.

The format and allocation of local phone numbers are controlled by each nation's respective government, either
directly or by sponsored organizations (such as NANPA overseen by NeuStar Inc.).

Before a telephone call is connected, the telephone number must be dialed by the calling party or Caller. The called
party might have equipment that presents caller ID before the call is answered.

The telephone number that you dial to call somebody is basically an address, similar to the IP address of a
computer or the street address of your home. The length of the telephone number varies depending on the
 country you are calling. In many European countries, phone numbers are variable in length, ranging from
just five or six digits in small towns to ten or more in large cities.

In the United States, phone numbers are fixed-length, with a total of 10 digits. The 3-3-4 scheme, developed by
AT&T in 1947, uses three blocks of numbers arranged in two blocks of three and a single block of four digits. Look
at the main phone number for HowStuffWorks as we go through the meaning of the different blocks.

Area code Prefix Line number

919 882 5000

• Area code - Regulated by the Federal Communications Commission (FCC), area codes are used to
designate a specific geographic region, such as a city or part of a state. In the example of HowStuffWorks,
the geographic location is the middle section of the state of North Carolina.
• Prefix - The prefix originally referred to the specific switch that a phone line connected to. Each switch at
a phone carrier's central office had a unique three-digit number. With the arrival of computerized switches,
many systems now allow local number portability (LNP). This means that a customer's phone number
can be moved to another switch without having to change any part of it, including the prefix, as long as the
customer does not move out of the local-rate area. For example, HowStuffWorks moved into new offices in
the summer of 2000, but our main phone number did not change. Therefore, our prefix of 882 is not on a
specific 882 switch anymore, but our telephone-service provider, Intermedia Communications Incorporated
(ICI), is using LNP so that we did not have to change our number.
• Line number - This is the number assigned at the switch level to the phone line that you are using. Since
the number is assigned to the line and not to the phone itself, you can easily change phones or add more
phones to the same line.

Think of the three parts like a street address, where the area code is the city, the prefix is the street and the line
number is the house. You can even go a step further with this analogy by including the country. The "1" that you
dial on long-distance calls within the United States is actually the country code.

Every country has a different country code. To make calls to another country, you must first dial 011, which is the
international access code, and then the country code. In addition to country codes, some countries also have city
codes that you dial after the country code but before the local number.

We are running short of numbers in the country. With the population growing and our network of freinds and
business associates growing, our phonebooks are also growing and so are the shortage of the numbers. The only way
out is to add 1 more digit to the mobile numbers in the country. This way, given the rate of growth of the phone
connections in the country, this would last for another 5 years, and after that perhaps, another digit could be added,
and in about 50 years, we would be seeing 20 digit mobile numbers in the country. 99887 66554 33221 00000
would be a fancy number.

When Mobile Phones came to India first in 1994 it was strictly a device for the rich and the famous. BPL Mobile,
Orange, Spice and Escotel were among the first to start the service.

A device that would look stupid today, and had features no more than that of a cordless phone with the caller
identification facility were priced at Rs 15000 to 20,000. All services operated in the 900 Mhz band then. Activation
of a mobile connection used to cost around Rs 6000 in those times, and for every minute of the calls you make, you
will be billed around Rs 13, and for every minute of the call you take, you will be billed Rs. 5. It was strictly a
device for the filthy rich. Even the most luxurious cars of today traveling at 120 Kmph dont consume more than Rs
5 worth of petrol in a minute.

Time went by and more licenses got sold, and the mobile networks expanded to the major cities of the country.
Mobiles were strictly for the city, and not for the highways or the smaller towns and the villages.

The cost of the incoming call gradgually reduced to Re. 1 per minute at around 1999, and the outgoing call costs
stuck to around Rs. 5 a minute.

In the year 2000, I bought my first cell phone. The unit cost arond 11 grand, and the connection cost was another 2
grand, and outgoing calls cost Rs 2.40 a minute, and incoming calls where *FREE*. The rental for the line was Rs
700 a month.

3 years went by and the incoming was made free. Before this period calls from your landline to a mobile phone had
been very cheap. Rs 1 per 3 mins which is not the case now. Calls to mobiles are billed on a per minute basis from
the landlines. Thats because the TRAI, or the Tarrif Regulatory Authority of India said that the caller should pay for
the calls and not the receiving party, so every operator who calls another network, shoudl pay around 30 paise to the
called operator as termination charges, and the incoming calls would be made free for the called party.

Also prior to this, all inter network calls used to be diverted through the DoT, and so, if you call the same network,
you will be charged only the *airtime*, and if you call a different network you will be charted the standard airtime
plus Rs. 1.20 per 3 minutes as DoT charges. BPL Mobile used to charge an Airtime of Rs 3.50 per minute, so if you
make a 3 minute call to a different operator, your charge would be like 3.5 x 3 + 1.2. If you call a BPL number then
you will be charged only at 3.5 x 3.

When the new rule came along, all operators got VPNs for themselves and they connected to each other directly.
Though the DoT projected that it is loosing money, it was found out later that it was making more money from the
VPNs that it was leasing out to various operators across the country. BSNL, a public sector company that is owned
by the Govt. rolled out its CellOne GSM services by the end of 2002. Incoming calls were charged at 40 paise, and
incoming call charges while roaming was only Rs. 1.2 and it was very useful for the students from Kerala who were
studying in Tamil Nadu, while roaming charges of other networks were close to Rs. 7 a minute. BSNL was the first
network that promised connectivity and network coverage across the nation, along the highways and the railway
lines.

Later, intra circle outgoing calls were brought down to 50 paise a minute, out of which 30 paise is the termination
charge. These are undoubtedly the lowest costs in the world. And given the population of the country, the mobile
business has outgrown its 10 digits of numbers now.

When this started, you can tell with the number from which area you are getting a call. 98100 and 98110 are delhi,
98200 and 98210 is Bombay, 98220 and 98230 is Maharashtra, 98280 and 98290 are for the Gujju bhais. Likewise,
down south, 98400 98410 is for Chennai, 98420 and 98430 is for Tamil Nadu, 98440 and 98450 are for Karnataka,
9846 and 9847 for kerala, and 9848 and 9849 for Andhra.

When the business grew, new switches were just allocated randomly that aircel got 9865 when it ran out of numbers
in the 9842 series, and the first call I received from a 9865 number, I couldnt really place it, and I was all english
and hindi first till I found out that it was the new number of my electrician whom I had asked to call earlier. Airtel in
Tamil Nadu had 9894 and Hutch in chennai had 9884.

Networks ran out of the 98 series, and so in 2006 came the new 99 series. It was still predictable. BPL got 9943 and
aircel got 9942 and 9965.
A few more months passed and there were no more numbers anywehre in the country starting with 99, and then
there was 97. Again that got exhausted, and then came 96, 95, 90 and 91. 96 was a number alloted to Pagers earlier,
and 95 and 91 were numbers alloted to make intra circle calls from the BSNL land lines.

And Now, everything in the 10 digits have exhausted, There is nothing left to do but to change the 9 in the first digit
of the number, and if that is changed, the numbering system will just not work. as all numbers these days are routed
through the first digit of the number. 1 is for special numbers like police, fire, ambulance, press, tv stations, radios
etc, 2 is for bsnl and mtnl, 3 is for reliance landline, 4 is for airtel landline, 5 is for the services that rip you off your
money like voting systems that cost you Re 1 per 2 seconds and stuff, and 6 is for tata indicom landlines. & and 8 I
guess are in reserve. But I do remember seeing some number starting with 7 somehwere, but i didn’t really notice
and a little research on google didn’t really help.

Like I said above, 99887 66554 33221 00000 would the a fancy number, easy to remember number 20 years later.

SIM(Subscriber Identity Module)

SIM cards are used with carriers that operate on the Global System for Mobile Communication (GSM) network.
The competing network is Code Division Multiple Access (CDMA), a technology created by U.S. company
Qualcomm. As of fall 2005, CDMA cell phones and CDMA carriers do not support SIM cards in most parts of the
world, though this is changing. A CDMA SIM card called the R-UIM (Re-Useable Identification Module) was made
available in China in 2002, and will eventually be available worldwide. Expectations for the future include a cell
phone market that supports both SIM (GSM) and R-UIM (CDMA) cards by default.

What is a Subscriber Identity Module (SIM)?

The Subscriber Identity Module (SIM) is a small smart card which contains both programming and information.

The A3 and A8 algorithms are implemented in the Subscriber Identity Module (SIM).

Subscriber information, such as the IMSI (International Mobile Subscriber Identity), is stored in the Subscriber
Identity Module (SIM).

The Subscriber Identity Module (SIM) can be used to store user-defined information such as phonebook entries.

One of the advantages of the GSM architecture is that the SIM may be moved from one Mobile Station to another.
This makes upgrades very simple for the GSM telephone user.
A SIM card is short for Subscriber Identity Module card. It is a tiny encoded circuit board which is fitted into GSM
cell phones at the time of signing on as a subscriber. It holds the details of the subscriber, security data, and memory
to store personal numbers. A SIM card stores information which helps the network service provider to recognize the
caller. Whether it is a plug-in type or credit card sized, it retains the same uses.

A SIM card is a removable memory card and can be put into any compatible GSM handset, permitting the user to
keep the same number while changing handsets. It is a standard unique chip which is a must in every GSM cell
phone.

The working of a SIM card

A SIM card is a digital identification chip in cell phones. The validation and encoding ability of a SIM help to stop
your cell phone from being stolen and your conversations from being overheard. The SIM stores personal data, user
ID and billing information and can be interchanged between phones. So you can easily receive personal calls even
while using someone else's phone just by installing your unique SIM in that cell phone.

Some cellular phone carriers sell phones in a "locked" condition (either locked in with a particular service provider
or a specific SIM). If you have such a cellular phone then you will not be able to use different SIM cards with it
unless you can "unlock" your phone.

If you have a country specific SIM card then it will most likely work only in the country of its origin. A U.S.
specific SIM card may give you limited coverage while traveling through Europe or some of the Greek Isles. Most
country specific SIM cards have voice mail so a caller can leave you a message if your cell phone is turned off or
not reachable.

SIM Key Keyring Databank

Ever misplaced your cell phone or had it stolen? Well, buying a new cell phone is bad enough but trying to replace
all the numbers stored in your old SIM card can be an impossible task. A SIMKey Keyring Databank is a novel
device which helps you to backup your SIM data so that you never have to worry about losing vital information.
You simply put your SIM card into this device, follow the simple directions and have a backup SIM card ready.
This is handy not just if your cell phone is stolen but also if you decide to change your SIM card and get a new one.

What is a SIM card?

A SIM card, also known as a subscriber identity module, is a subscriber identity module application on a
smartcard that stores data for GSM/CDMA Cellular telephone subscribers. Such data includes user identity, network
authorization data, personal security keys, contact lists and stored text messages.
Security features include Authentication and encryption to protect data and prevent eavesdropping.
The smartcard with Subscriber identity module application is generally known as SIMCARD. But, In reality, the
SIM is effectively a mass-market smartcard.
When the SIM is viewed as a smartcard, it opens up security possibilities that resonate far beyond the mobile
world.
By combining stored evidence of identity (such as a key) with personal information only the user will know (a
password, for example), it offers the same two-tier authorisation provided by smartcards.
It is becoming clear that the SIM --- a feature unique to the mobile world --- has applications far beyond those for
which it was originally designed. The clue is in the name --- Subscriber Identity Module. It was created to remotely
authenticate users to the network and to the billing systems that allow operators to generate revenues from voice
traffic.
The GSM standards as specified by ETSI requires authentication of a mobile subscriber through a secure device (the
SIM card).

Functionality of the SIM card?

The SIM card performs the following valuable functions:

1) Identification of a subscriber: The IMSI programmed on the SIM card, is the identity of a subscriber. Each
IMSI is mapped to a mobile number and provisioned on the HLR to allow a subscriber to be identified.
2) Authentication of a subscriber: This is a process, where, using the authentication algorithm (COMP128V3
for 2/2.5 G GSM, CAVE for CDMA and Milenage for 3G) on the SIM card, a unique response is provided
by each subscriber based on IMSI, Ki (stored on SIM) and RAND (provided by network). By matching this
response with values computed on the network a legal subscriber is logged on to the network and he or she
can now make use the services of the mobile service provider.
3) Storage: To store phone numbers and SMS.
4) Applications: The SIM Tool Kit or GSM 11.14 standard allows creating applications on the SIM to provide
basic information on demand and other applications for m-commerce, chatting, cell broadcast, phonebook
backup, location based services etc.

Diagram---
Subscriber information, such as the IMSI (International Mobile Subscriber Identity), is stored in the Subscriber
Identity Module (SIM).
The Subscriber Identity Module (SIM) can be used to store user-defined information such as phonebook entries.
One of the advantages of the GSM architecture is that the SIM may be moved from one Mobile Station to another.
This makes upgrades very simple for the GSM telephone user.
Why is the SIM card secure?
SIM card in reality is a mass market smartcard with a subscriber identity module application. SIM Cloning can not
be confused with smartcard cloning. It is not possible to clone the smartcard and only data can be read when
application allows the reading of the data.(SIM Cloning is covered below)
Smartcard is very secure and provides

i) the secure loading of the applications

ii) Secure data storage for the application data and application cryptographic keys
iii) Secure Crypto operation support.

However, Application security depends on the application design and smartcard only provides a secure platform for
developing secure applications. The security of smart card is similar to the security offered by HSM(Hardware
security module).
Security of Subscriber Identity Module(SIM application)
The Presence of Cryptographic algorithm and secret key in SIM card makes the SIM card secure.
The most sensitive information of SIM card is the cryptographic algorithm A3, A8, secret Ki, PIN, PUK and Kc.
A3, A8 algorithm were written into the SIM card in the producing process, and most people could not read A3, A8
algorithm. HN code could be settled by the phone owners. PUK code is held by the operator. Kc was derived in the
process of encryption from Ki.
The other factors which make the SIM secure are….

PIN and PUK:

PIN –Personal Identification Number
2 PINs exist (PIN 1 and PIN2)
Limited attempts on PIN access
PUK –PIN Unblocking Code
Resetting PUK, resets PIN and the attempt counter
Too many attempts on PUK blocks use permanently

Two ways of Storing Data in SIM

1. As GSM Files
The data used for Telco and GSM operation are all stored over the files. Telco/operator can change the
Data this file through RFM in a secure channel.
Only upon successful verification of file access condition a file can be read.
All files are protected by access conditions.
2. As application data within an STK application as instance data.
mChek stores all its secured encrypted information within application data. All the information stored is in
persistent objects. Only mChek Server can access these data through mChek OTA platform.

Further, data on the SIM is protected by Administrative keys which are in hexadecimal and it is proven, that to
compromise the security of a SIM one requires physical access to the SIM, enormous supercomputing ability and
lots of time to crack one single card.
Till date there are no instances of COMP128V3 (GSM), CAVE (CDMA) or Milenage (3G) being compromised.
The few reported cases in the media are of COMP128V1, which is phased out and it is acknowledged that this
version has been hacked and with physical access it is possible to clone these cards.
The applications on the SIM(for GSMA)/RUIM(for CDMA) cards are protected by the same set of administrative
keys and are hence subject the same levels of security.
In addition, the messages transmitted from the SIM can be encrypted with DES/TDES which are well accepted in
banking industry as a secure encryption standard.
Additional security can be enforced by implementing more complex algorithms and digital certificates (issued by
CA).
M-banking applications have been implemented across the world from Latin America to Europe to Asia.
What are the current SIM card capabilities in the Market Place ?
From the Year 2003, the SIM cards which were provided in the Market Place were Java 2.0, however, because there
was no need of porting the application and due to commercial implications this was discontinued for about 2 years
and has again started to be issued.
However, the market would have about 50% of the cards OTAC enabled
(Source: GemAlto).
Though this is the position in the market place, getting all the SIM cards which are OTAC enabled application
portable compliant there is a lot of work that needs to be done with the customer’s SIM card and each individual
SIM vendor.
Operationally this is absolutely not feasible.
However, in the past we have seen with the 8K to 32K migration keeping in mind the kind of churn rate that we see
in the Industry it will take about 3 years for all old SIM cards to move to a new Portable SIM card which can house
secure banking applications.
Also Telecom Operators (Bharti Airtel has already started the exercise) can provide new secure applications in all
new activations and also ensure that they are application portable compliant.
What needs to be done to ensure that the SIM cards in the Market Place can house safe banking
based applications?

SIM(smartcard) provides the secure platform for developing a highly secure applications. The banking application
should be designed with out any security loop holes by utilizing the secure storage and secure cryptographic
operation provided by smartcard.
The Cryptographic keys used by the banking application can be loaded in to banking application data storage on the
smartcard.
The Global Platform standards can be adopted for the design and development of Banking applications.
The SIM/RUIM is a device which is easy to distribute and cuts across the entire subscriber base of a mobile service
provider. Secure applications on a SIM/RUIM address the entire base of a mobile service provider.

Conclusion
1. The current market scenario does not allow the SIM cards available in the market place to be ported with
applications over the air.

2. New SIM card seeding would be required for this activity which some Telco’s have already started working
on.

3. SIM card is extremely secure as a mode and is ideal for Banking Applications to be ported on.