Tuesday, November 5, 2024

Electronic currency using SIM Access Profile

You might remember an ad campaign in which a woman approaches a soft drink vending machine alongside a young male executive. The executive rummages through his pants pocket to find, to his dismay, that he has no change to purchase a cool drink on a hot afternoon. The woman then pulls out her cell phone, presses a few buttons, and a soda can drops down from the vending machine. The ad was meant to show a future of a seamless, interactive world. The SIM Access Profile, released by the Bluetooth Special Interest Group (SIG), makes such transactions a reality, allowing a consumer to use a cellular device to obtain, for example, a 50-cent soft drink without spending 25 cents on a cell phone airtime charge.

SIM Access Profile basics

The SIM Access Profile functions in two modes, client and server, and can work in two types of scenarios. Both of these scenarios involve Bluetooth-enabled server and client devices that together have an established Bluetooth connection. In the first scenario, only the server has a SIM card and the client establishes a connection with the server. In the second scenario, the client has a proactive SIM card and the server has the additional SIM card; both the server and client initiate a connection. Figure 1 shows a general description of the Profile’s workings.

Figure 1. The SIM Access Profile using server and client mechanisms

Figure 2 illustrates a standard SIM Access Profile configuration with respect to the Bluetooth stack.

Figure 2. The SIM Access Profile using Bluetooth

The client can initiate the following operations to the server (with the SIM card):

  • Manage connection. Establish and terminate a SIM Access Profile connection.
  • Transfer APDUs (Application Protocol Data Units). The application sends command APDUs, while the SIM sends response APDUs. Command and response APDUs only occur as pairs, in which each command APDU is followed by a response APDU.
  • Transfer ATRs (Answer to Reset). Sends the ATR content (which says that the receiving side has accepted the APDU) from the server to the client over the Bluetooth link.
    Control the SIM. Turn the SIM card on or off.
  • Control the SIM. Turn the SIM card on or off.

The server initiates the following operations to the client:

  • Report status. Server informs the client about their connection status.
  • Transfer card reader status. Sends the card reader status to the client over the Bluetooth link.

Security
SIG proposes four levels of system security: bonding, baseband-level encryption, server-initiated authentication, and link keys. You can find more details about these levels in the SIM Access Profile specification (see the Resources section later in this article for a link).

The intelligent telephone booth scenario

Imagine a scenario in which a telephone booth has a Bluetooth-enabled SIM card and a user has a mobile device unconnected to the cellular network, but running a SIM Profile client.

Upon approaching a mobile device cell booth, the user would simply establish a connection, using his mobile device, and make a regular call. (The cost for airtime and local call charges for using a cellular phone is much higher than the cost of a call made using such intelligent booths.) The amount would then automatically deduct from the user’s SIM card by transferring APDUs that modify the card’s ACM (Accumulated Call Meter, which accounts for the amount transacted during each call). Figure 3 illustrates this process.

Figure 3. A telephone booth that uses the SIM Access Profile

There are a couple of reasons for using the intelligent telephone booth:

  • Each telephone booth could cater to multiple users provided there are multiple connections, thereby saving a lot of space.
  • As of today there is a huge disparity between the land line costs and cell phone costs. This mechanism combines the cost of using a land line, providing the user a flexibility of using Wireless communication within a particular radius from the booth.

The intelligent vending machine scenario

To enable a mobile customer to purchase a vending machine item with her cell phone or PDA, the device would need to:

  • Contain a SIM card and subscribe to a telephone network
  • Be Bluetooth-enabled
  • Support the Personal Area Network (PAN) or LAN Access Profile
  • Support the SIM Access Profile

The PAN Profile establishes a simple connection between the vending machine and the user’s mobile device. An application runs over the PAN Profile and asks the cell phone vendor for various user authentication inputs. For example, it could ask what type of soft drink the user wants, and then how many of that type.

The payment gateway machine, namely the vending machine, then establishes a SIM Access connection (as a client) with the SIM Access Profile’s server residing on the mobile device.

Authentication is provided if the payment gateway connects to a cellular network in the same way described in the GSM 11.11 Specification, Section 7.1 (see Resources). Figure 4 illustrates the architecture of such a system.

Figure 4. Architecture of the Bluetooth-enabled vending machine

Transaction using a Bluetooth module

Alternatively, you could configure the SIM Access Profile client to send the APDUs, which disable and enable the card holder verification (CHV), to the SIM Access Profile server. The Bluetooth module on the vending machine would act as that server.

First, you would send the Disable CHV (Card Holder Verification) APDU, described in Tables 1 and 2, to the server’s corresponding SIM card. This could require that the user enter a PIN into the application screen and then the application on the server would disable the CHV (in order to modify the ACM entity file, which is described later).

Table 1. Command for disabling CHV

Table 2. Description of the data field for disabling CHV

You could also use biometric identification mechanisms on mobile devices to disable the CHV. This allows the SIM Access client to access and modify various entity files:

  • ACMmax Value. The Accumulated Call Meter Maximum Value could be the maximum value the SIM permits at any time; for example, in situations where pre-paid cards are used.
  • ACM. The Accumulated Call Meter tracks the amount of money transacted for each call.
  • SPN. The Service Provider Name entity file stores the name of the service provider. At regular intervals, the vending machine would also need to send this data to the back-end service provider to inform it of transactions performed.
  • PPUCT. The Price Per Unit and Currency Table is useful as a currency conversion table to deduct the appropriate amount of money when traveling in another country.

A simple SIM Access Profile transaction would be to increase the amount of money from the ACM entity file; for example, to make the corresponding transaction equal to the number of calls of the same value. Say I order two soft drinks and each costs one dollar. If each call I make on my cell phone costs me 50 cents per minute, the APDU would deduct the amount equivalent to four calls for having ordered two beverages. Once the value is deducted from the SIM, it is displayed on the Mobile Equipment User interface using the PAN Profile. As soon as the user accepts the transaction, the transaction happens; for example, the vending machine dispenses two soft drinks.

Once the operation completes, the Enable CHV APDU command, shown in Table 3, is sent to the network. This enables the CHV and prevents any unauthorized modifications to the ACM.

Table 3. Commands to enable CHV

To reflect the billed amount, you could use one of the following mechanisms:

  • Wireless transaction. Each transaction is immediately pushed from the vending machine to the back-end cellular network. The vending machine, however, must provide the cost for the airtime used to communicate with the back-end network.
  • Wired transaction. Because the transaction happens over a wired network, you would need additional network infrastructure support. However, this could be a cheaper method.
  • Delayed transaction. The vending machine or monetary service provider initially holds all the details in back-end storage and flushes the locally stored data at a later time, say at the end of the day. Because vending machines are of a limited capacity (each vending machine can hold only a maximum number of soft drink bottles), the software could provide sufficient memory to store all transaction details. This would eliminate the need for any new immediate transactions.

Summary of a typical SIM Access Profile transaction

Here are the steps you might take in enabling a user to use a mobile device (that has a SIM card) to pay for the cost of a vending machine item:

  1. A user approaches the vending machine with his Bluetooth-enabled PDA.
  2. The vending machine, which has a Bluetooth module and associated software, initializes a connection to the PDA’s SIM Access server using the PAN Profile. (The PDA is given a link local IP address so its packets can be sent to and from the vending machine.)
  3. The user’s application screen requests for a password/biometric verification to enable transactions. The verification sends a CHV Disable to the SIM card.
  4. The applications on the PDA and the Bluetooth-enabled vending machine start to communicate over PAN Profile; for example, the user selects a particular item.
  5. The vending machine’s SIM client sends the corresponding APDU to access and increment the appropriate entity files to make the necessary deductions.
  6. Upon receiving an acknowledgment APDU, the SIM Access Profile indicates to the application that the transaction is complete.
  7. The vending machine dispenses the selected item.
  8. The network records the transaction from the user’s SIM card by reading the entity file.
  9. Finally, the vending machine sends confirmation of the transaction to the PDA’s Network Service Provider.

Note: The company that provides the Bluetooth-enabled machine can determine how to deploy the application that sits on the mobile device; for example, the application that sits on top of the SIM Access Profile and the PAN Profile could be downloaded onto the device from the Internet.

Conclusion
Combining the Bluetooth and GSM specifications enables users to perform monetary transactions using their Bluetooth-enabled devices. As a result, you reduce the time and cost of a transaction and eliminate the need for carrying cumbersome change. Because these transactions are secure, with multi-level security protection, they can help usher in electronic currency or the SIM. From use in ATMs to parking lot meters to automatic bill payment and beyond, this mechanism offers endless use possibilities as well as a glimpse into an exciting future.

Resources

First published by IBM developerWorks at http://www.ibm.com/developerWorks/.

Hemang C Subramanian holds a B.S. degree in computer engineering from the Karnataka Regional Engineering College, Surathkal (now known as the National Institute of Technology, Karnataka). Since 1999, he has been employed with IBM India, where he works on various networking and wireless networking technologies. He has one US patent pending and writes articles for various international publications and IBM developerWorks. He can be reached at shemang@in.ibm.com

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles