03.483GPPRelease 1999Security mechanisms for SIM application toolkitStage 2TS
Remote Applet Management on a SIM card includes the ability to load, install, and remove applets. This management is under the responsibility of the Network Operator or Service Provider owning the SIM. The described procedure is mandatory for TS 03.19 compliant cards. Other technologies may either use this procedure or use their own mechanisms. The concept of embedding APDUs in a short message is as defined in clause 7 "Remote File management" in the present document.
9.1 Remote Applet Management Application behaviour
9.1.1 Package Loading
The Package Loading process allows the Network Operator or Service Provider to load new packages onto the SIM card. The Network Operator or Service Provider manages the loading of a package through a loading session with the card.
A loading session consists of the sequence of commands as described in Figure 5.
Figure 5: Loading session sequence of commands
Depending on the applet size, several SMS might be use for the package loading.
The commands are defined in Annex A.
9.1.2 Applet Installation
The Applet Installation process allows the Network Operator or Service Provider to install a new application onto the SIM card. The installation may only be performed if the corresponding package has already been loaded onto the card. The Applet Installation is performed using the INSTALL(install) command, as defined in Annex A.
9.1.3 Package Removal
The Package Removal process is performed using the DELETE command, as defined in Annex A. The Package removal procedure shall be performed by the SIM card as defined below:
1. If non removed applications installed from this package remain, the card shall reject the removal with the corresponding status error code.
2. If the package is referred by other package(s), the card shall reject the removal with the corresponding status error code.
9.1.4 Applet Removal
The Applet Removal process shall be performed using the DELETE command, as defined in Annex A. The SIM card shall remove the components that make up the applet.
9.1.5 Applet Locking / Unlocking
The Applet locking (and unlocking) procedure allows the Network Operator or Service Provider to disable (and enable) an applet using the SET STATUS command as defined in Annex A. When an applet is locked, it shall not be possible to be triggered or selected, and all of its menu entries will be disabled (i.e. removed from the SET UP MENU command).
9.1.6 Applet Parameters Retrieval
The Applet Parameters Retrieval procedure allows the Network Operator or Service Provider to remotely request the parameters of an applet. This procedure is performed using the GET DATA command as defined in Annex A.
9.2 Commands coding
Commands are coded as for the Remote File Management procedure, each command is coded as an APDU.
The messages for the Card Manager shall have a TAR value set to ‘000000’ in hexadecimal.
9.2.1 Input Commands
The following table extends table 10 defined in sub-clause 8.2.1.
Table 14: Applet Management input commands
9.2.2 Output Commands
The following table extends table 11 defined in sub-clause 8.2.2.
Table 15: Applet Management output commands
9.3 Response Packets
The behaviour of the SIM’s RE/RA with regard to PoR is the same as the one defined for Remote File Management (see subclause 8.3).
Annex A (normative):
Applet Management Commands for TS 03.19 compliant cards
This annex describes the commands for Applet Management.
A complying card shall support at least the DES CBC algorithm for cryptographic computations.
Command status words placed in the Additional Response Data element of the Response Packet shall be coded according to the Open Platform specification .