Is "SIM Toolkit" possible to support on the freerunner?

Helge Hafting helge.hafting at hist.no
Wed Mar 25 14:04:25 CET 2009


Joerg Reisenweber wrote:
> Am Di  24. März 2009 schrieb Michael 'Mickey' Lauer:
>> Technically, SIM toolkit support is possible with the Calypso.
>>
>> I have commented previously about this, so please look my older posts
>> up; In a nutshell, STK is a heavy cross-layer spec, so adding it would
>> need quit some thought.
>>
>> FSO will not work on it, but appreciate patches.
>>
> 
> My vote: don't implement STK, or at least disable it by default.
> I don't like my SIM to do any "program execution"

I don't believe the choice is yours to make.
The SIM card contains a (small) microprocessor, and the telco is able to 
update its software at will.

You have full control over the ARM processor that runs Linux, and full 
control over how it interacts with the SIM card. But not what goes on in 
the SIM card itself.

The "SIM card part" of STK is in that card already.
The part I would like to have is mostly a communication layer. To be 
useful, a STK app (like that banking stuff) need to:
* alert you, possibly with a ringtone
* display text/icons stored in the program or receiced from the bank
* collect input (in this case, a PIN code) to send back to the bank.

The SIM card processor have only two channels of communication - it can 
deal with the telco, and it can communicate with the ARM processor 
through the gsm modem. It can't access the display on its own.

The part of STK that I'd like to see is just a communication layer. 
Probably a part of the framework that listen to requests from STK, and 
spawns a "STK app" when needed. Very similiar to how it already listens 
for SMS messages, and launch the message reader when something comes in.
This only need to display stuff and play sound, present input fields and 
send the input back to the SIM card program.

I don't see such a STK app "taking control of the phone" or "lock it 
down". If I have to write it myself it'll be open source, so you can see 
what it do. And all it will be is a GUI+soundplayer for software already 
running on the SIM card.  It'll be able to open a window asking for 
input - that's it! In particular, it won't need to access the filesystem 
so there is very little potential for "damage". And of course - you 
won't have to use an STK app - similiar to how you can choose to not use 
the phone's sms capability. (You can delete the SMS app if you hate 
messaging, the same will be possible with a STK app.)

This sort of thing can only lock down proprietary phones _because_ you 
don't control the host processor software. On the freerunner you do. A 
proprietary phone can have a music player that won't start unless it 
receives a paid activation code from the telco. On the freerunner, you 
install whatever music player you like. Most likely one without 
artifical limitations. And so on for everything else this device can do.

The way I see it, STK is optional stuff. I didn't have to use this 
banking app, but I'll make things easier for me if I do. I'd be able to 
do internet banking from any computer, without having to install 
one-time certificates.

Of course the telco _can_ install a hostile program in the SIM card, but 
they can do that anyway - they just don't get a GUI for it right now. If 
STK pops up something you don't like, you'll be able to close the window 
on a freerunner :-)



Helge Hafting




More information about the community mailing list