G.2 SIM, STK, SMS, and WAP

The Subscriber Identity Module (SIM) [1] is a small- sized chip card plugged in the mobile phone. The main task of a SIM is to grant access to the GSM network services only to authorized persons. This is absolutely essential to operators for ensuring reliable billing. Apart from this primary function, the SIM also stores some additional data in connection with telecom services, such as abbreviated dialing numbers , the last dialed number, etc. To support mobile applications, the SIM must also implement the SIM Application Toolkit standard (STK) [2]. Unlike the SIM, which is regarded by the mobile phone as a server application that offers data storage and cryptographic functionality, the STK is an active element. Using it, the GSM operator can actually control the user interface of the mobile phone according to its own purposes. It becomes possible to change or add menus , send and receive short text messages with application data, display service information, and ask the user to select or enter data. Therefore, the STK is a powerful instrument when designing mobile applications. The code of the mobile application resides in the SIM.

The Point-to-Point Short Message Service (PP-SMS) [3] allows the subscriber to send short text messages or to receive short text messages from another subscriber or an SMS center, through a point-to-point channel. The subscriber selects the telephone number of the recipient, enters the short message via the keypad of the mobile phone, and sends it. Each mobile phone is also able to receive short messages. Mobile applications running in the SIM can also use the same mechanism of sending and receiving short messages to implement a protocol with a peer application. In this case the short messages are not edited by the subscriber but prepared by the application and sent to the SMS center. The information that is returned from the SMS center in a short message is not read as text but it is handled by the mobile application. Short messages are very well suited for supporting transaction type services (e.g., mobile banking, mobile fund transfer, and mobile payments for m-commerce). The mobile application server runs on a computer that is connected to the GSM network via an SMS center.

Another possibility of implementing mobile applications uses the WAP [4], which is an open , global standard for mobile solutions and for connecting mobile terminals to the Internet. WAP-based technology permits the design of interactive, real-time mobile services for mobile handsets, whether they are phones, PDAs, or other types of mobile access devices. The advantage of the WAP technology when compared to the STK/SMS is that it makes receiving and reacting to information on the mobile phone easy and user friendly. Some differences when compared to STK/SMS-based mobile applications are as follows :

The mobile phone handset must be WAP enabled, (i.e., must implement the WAP protocol). At the moment the ratio of WAP enabled handsets is still small, while the penetration on the market increases below the initial expectations.
The WAP server controls the interface of the mobile application provided to the subscriber. Correspondingly, the quality of this interface strongly depends on the display possibilities of the mobile handset (e.g., only if the display of the handset supports graphics, will the bitmaps and images be displayed).
WAP applications are slower than the STK/SMS-based applications, since the user interface needs to be downloaded from a remote server.

Beginning with WAP 1.2, end-to-end security is supported. The Wireless Identity Module (WIM) is used for storing cryptographic parameters and executing cryptographic algorithms. The WIM can be plugged into a second socket in the mobile phone handset, different than the one reserved for the SIM, or the SIM can also accommodate the functionality of the WIM, in which case the SIM is referred to as the SWIM.