Fact-checked by Grok 2 weeks ago

Universal integrated circuit card

The Universal Integrated Circuit Card (UICC) is a that serves as the hardware platform in mobile devices for securely storing a subscriber's (IMSI) and associated cryptographic keys, enabling authentication and secure access to cellular networks such as , , and . It functions as a standardized, tamper-resistant that hosts various applications, including the (SIM) for networks, the Universal Subscriber Identity Module (USIM) for and beyond, and others like the CDMA Subscriber Identity Module (CSIM) or Removable User Identity Module (RUIM). The UICC typically measures 25 mm × 15 mm in its common mini-SIM form factor (ISO/IEC 7816 compliant), though it has evolved through larger full-size and smaller micro- and nano-SIM variants to accommodate device miniaturization. Introduced in the early 1990s alongside the rollout of networks, the UICC originated as the physical carrier for the application, with the first commercial deployments occurring in to support global mobile roaming and subscriber portability. Its development was driven by the need for a secure, interchangeable module that could authenticate users without relying on device-specific hardware, building on earlier concepts from the 1980s in banking and . By the late 1990s, as networks emerged, the UICC was enhanced to support multiple applications on a single card, formalized in specifications like TS 31.101, which defines its physical and logical interface with the mobile terminal. This evolution allowed the UICC to handle increased security requirements, such as between the device and network, while maintaining with earlier generations. The UICC's technical specifications are governed by international standards from the and the , ensuring interoperability across global operators and devices. Key among these is ETSI TS 102 221, which outlines the physical, electrical, and command interface between the UICC and the host terminal, including half-duplex communication at up to 10 Mbit/s and support for secure messaging protocols. The card's internal architecture includes a , ROM for operating system and fixed data, for user files like the IMSI and algorithms (e.g., A3/A8 for or Milenage for ), and RAM for temporary operations, all protected by features against cloning or tampering. In addition to , the UICC supports value-added services like phonebook storage, management, and via the UICC Application Toolkit (USAT), as specified in 3GPP TS 31.111. Over time, the UICC has adapted to , transitioning from removable cards to embedded forms to meet the demands of and . The embedded UICC (), standardized by in 2016, integrates the card directly onto the device's motherboard, allowing remote over-the-air provisioning of multiple operator profiles without physical swapping. Further advancements include the integrated SIM (), which embeds UICC functionality into the device's system-on-chip for even smaller form factors and lower power consumption in machine-to-machine applications. Recent specifications, such as those in 3GPP Release 18, introduce Slice SIM (SSIM) to support network slicing on the UICC. These developments ensure the UICC remains central to secure connectivity, with ongoing updates in 3GPP Releases 19 and 20 addressing features such as enhanced and non-terrestrial network integration.

History and Development

Origins in GSM

The Subscriber Identity Module (SIM), serving as the inaugural application of the Universal Integrated Circuit Card (UICC), emerged from the standardization efforts of the in the late 1980s. Initiated by the Conference of European Posts and Telecommunications (CEPT) in 1982 to harmonize incompatible national analog systems, the GSM project sought a standard for pan-European mobile services. The GSM Memorandum of Understanding (MoU), signed in 1987 by representatives from 13 countries, committed operators to deploy this unified system by 1991, including the innovative SIM concept to decouple subscriber credentials from the handset for enhanced portability and security. This development was driven by the need for a tamper-resistant module to manage user amid growing concerns over in early mobile networks. The SIM's core specifications were outlined in the initial GSM technical documents completed in 1988 under the CEPT's Group Spécial Mobile (), prior to the transfer of responsibilities to the in 1989. Key functional requirements centered on secure storage and processing of critical data: the for unique global subscriber identification; the 128-bit individual subscriber authentication key () for generating response values in the network's challenge-response protocol; and the Temporary Mobile Subscriber Identity (TMSI), a pseudonymous temporary identifier assigned by the network to mask the IMSI and protect location privacy during active sessions. These elements enabled robust between the and the network, preventing unauthorized access while supporting across operators. The SIM-ME (Mobile Equipment) , detailed in ETSI specification GSM 11.11 (first released in Phase 1, 1990), defined the physical and logical interactions using Application Protocol Data Units (APDUs) for command-response exchanges. Commercial introduction of the SIM coincided with the rollout of networks in 1991, beginning with Finland's Radiolinja operator on July 1, followed rapidly by launches in , , and other European countries. Produced initially by companies like , the early cards enabled the first instances of subscriber number portability, transforming from device-bound services to user-centric models. The SIM's architecture drew directly from established smart card technologies prevalent in banking and pay-TV sectors during the 1980s, where microprocessor-based cards had proven effective for secure key storage and encrypted transactions. Banking applications, such as EMV-compliant debit cards, demonstrated the viability of contact interfaces for financial , while pay-TV systems like Videocrypt used similar cards for control. By basing the SIM on the ISO/IEC 7816 standard for identification cards—(s) with contacts, first published in 1987—GSM engineers ensured compatibility with existing manufacturing ecosystems and inherent resistance to physical attacks, such as side-channel exploits. This integration of mature principles into marked a pivotal cross-industry transfer of secure hardware design. The SIM's foundational design in provided the blueprint for UICC evolution in later mobile standards, including systems.

Standardization by and

The European Telecommunications Standards Institute () initially specified the Subscriber Identity Module () for Global System for Mobile communications () in Technical Specification (TS) 11.11, first published in 1991, which outlined the physical and logical interface between the SIM and mobile equipment. This specification evolved to accommodate the shift toward third-generation () mobile networks and the introduction of the Universal Subscriber Identity Module (USIM), culminating in ETSI TS 102 221, which defines the comprehensive UICC-terminal interface, including physical, electrical, and logical characteristics for multi-application support. The assumed a central role in UICC standardization beginning with Release 99 in 2000, where it defined the UICC as a versatile card platform capable of hosting multiple applications to support both and services on a single card. This foundational work established the UICC's role in enabling seamless interworking between and networks, with mandatory procedures for mobile equipment to interface with the UICC. Core 3GPP specifications for the UICC include TS 31.101, which details the physical and logical characteristics of the UICC-terminal interface, such as card dimensions, electrical signaling, and initial communication protocols. Complementing this, TS 31.102 specifies the logical characteristics of applications on the UICC, including file structures, security attributes, and application identifiers for the USIM. These standards have undergone continuous refinement across 3GPP releases to incorporate advancements in mobile technologies, with updates in Release 18 (finalized in and effective as of 2025) enhancing support for integrations, such as improved power management and interface efficiencies. A significant milestone occurred in 3GPP Release 5 (2002), which introduced the Java Card platform as the runtime environment for the UICC, enabling secure multi-application execution through applet-based development and dynamic loading mechanisms. This innovation allowed the UICC to host diverse applets for , data services, and future extensions while maintaining . The physical characteristics of the UICC, including form factors like ID-1 and variants, align with ISO/IEC 7816 standards for cards with contacts.

Technical Design

Physical Characteristics

The Universal Integrated Circuit Card (UICC) adheres to the physical specifications outlined in ISO/IEC 7816-1 for cards with contacts, defining the ID-1 card type dimensions and overall form, and ISO/IEC 7816-2 for the location and assignment of contacts. The interface also complies with ISO/IEC 7816-3, which governs the electrical signals and protocol for contact-based communication between the UICC and the terminal. These standards ensure interoperability across devices, with the UICC featuring eight standardized contact pads (C1 through C8) arranged in two rows of four. Mandatory contacts include C1 for supply voltage (), C2 for (RST), C3 for clock (CLK), C5 for ground (GND), and C7 for (I/O); optional contacts such as C4, C6, and C8 support auxiliary functions like auxiliary I/O or interfaces. Over time, UICC form factors have evolved to accommodate smaller mobile devices while maintaining compatibility with the same . The original full-size (1FF) UICC measures 85.6 mm × 53.98 mm × 0.76 mm, introduced in 1991 as the ID-1 format for early handsets. The mini-UICC (2FF), or plug-in UICC, reduced to 25 mm × 15 mm × 0.76 mm and was introduced in 1996 to fit compact phones. Subsequent miniaturization led to the micro-UICC (3FF) at 15 mm × 12 mm × 0.76 mm in 2010, followed by the nano-UICC (4FF) at 12.3 mm × 8.8 mm × 0.67 mm in 2012, enabling slimmer device designs without sacrificing functionality. UICC cards are typically constructed from (PVC) or composite plastics for durability and flexibility, embedding the and contact pads within the . The contacts are gold-plated to ensure low-resistance electrical connections resistant to and wear during repeated insertions. Electrically, the UICC supports multiple voltage classes as defined in ETSI TS 102 221: Class A (4.5 V to 5.5 V), Class B (2.7 V to 3.3 V), Class C (1.62 V to 1.98 V), and Class D (1.1 V to 1.3 V), allowing operation across a range of 1.1 V to 5.5 V depending on capabilities. Power consumption varies by class and mode; during active sessions, the maximum current draw is 60 mA across classes, while in idle state it does not exceed 200 μA at 1 MHz and 25 °C, resulting in low overall power usage typically under 100 mW in standby for most applications.

Logical Architecture

The logical architecture of the Universal Integrated Circuit Card (UICC) is organized in a multi-layered structure that separates , operating system, and application components to enable secure and flexible operation. At the base level, the layer provides the foundational platform for execution, interfacing with the terminal via defined protocols. The operating system layer, commonly implemented using platforms such as Java Card or MULTOS under GlobalPlatform specifications, manages , , and interactions between layers. This OS handles command processing, file system navigation, and applet lifecycle management, ensuring isolation and protection of applications. The data organization follows a defined in ISO/IEC 7816-4, with the Master File (MF) serving as the , identified by file identifier (FID) '3F00'. Dedicated Files (DFs) act as subdirectories under the MF, grouping related Elementary Files (EFs) and further DFs, such as DF TELECOM ('7F10') for telecommunication applications; each DF includes access conditions for security. EFs represent the leaf nodes for data storage, supporting formats like transparent, linear fixed, cyclic, or BER-TLV structures, and store application-specific data such as identifiers or profiles. This structure allows efficient navigation and access control through commands like SELECT and READ BINARY. Applications on the UICC are implemented as applets, such as those for or USIM functionalities, hosted within Application Dedicated Files (ADFs) and uniquely identified by Application Identifiers (AIDs). These applets execute in a secure environment managed by the OS, supporting multiple concurrent profiles through GlobalPlatform standards, which enable logical channels (up to 19 in addition to the basic channel 0) for simultaneous access without interference. This multi-profile capability facilitates diverse services like authentication and on a single card. Memory in the UICC comprises for persistent, non-volatile storage of files, applets, and user data, with capacities typically ranging from several kilobytes to up to 1 MB in modern implementations, and for volatile runtime operations like temporary variables and command buffering. The ensures data retention across power cycles, while supports efficient execution but requires reinitialization on reset.

Generations and Applications

2G SIM Card

The 2G SIM card, formally known as the Subscriber Identity Module (SIM) application within the Universal Integrated Circuit Card (UICC), serves as the foundational security and identification component for Global System for Mobile Communications (GSM) networks. It enables subscriber authentication, network access, and basic service management through a standardized interface between the SIM and mobile equipment (ME). Defined in ETSI TS 151 011, the SIM operates in a circuit-switched environment, storing essential subscriber data and executing cryptographic functions to ensure secure communication. Core functions of the 2G SIM include the storage of the (IMSI), which uniquely identifies the subscriber and is held in the mandatory EF_IMSI elementary file as a 9-byte coded value per TS 24.008. This IMSI facilitates initial network attachment and routing. Location updates are managed via the EF_LOCI file, an 11-byte mandatory structure that records the Temporary Mobile Subscriber Identity (TMSI), (LAI), and update status to track the subscriber's position within the network without over-the-air (OTA) modifications. Circuit-switched services, such as voice calls, are supported through files like EF_MSISDN for the subscriber's own number (optional Service No. 9), enabling the ME to handle call setup and management in GSM's voice-centric architecture. Authentication in the 2G SIM relies on the A3 and A8 algorithms, implemented using a 128-bit individual subscriber key (Ki) stored securely on the card. The common COMP128 challenge-response mechanism combines A3 for and A8 for : upon receiving a 128-bit random (RAND) from the network, the SIM computes a 32-bit signed response (SRES) via A3 and a 64-bit ciphering (Kc) via A8, enabling mutual verification and session . This process, detailed in Sections 7.1, 7.2, and Annex H of TS 151 011, ensures only authorized subscribers access the network while protecting against . The SIM also supports phonebook storage through the optional EF_ADN file (Abbreviated Dialling Numbers), which holds up to 241 bytes per record including alpha-tags for contacts, allowing updates and integration with the ME's dialing functions (Service No. 2). capabilities are provided via the optional EF_SMS file, storing up to 176 bytes per message record to enable transmission, reception, and storage of short messages, with support for data download procedures (Cases 2-7). These features enhance user convenience in basic operations. A key limitation of the SIM is its minimal support for packet-switched data services, extending only to basic (GPRS) elements like optional EF_KcGPRS for GPRS ciphering keys and EF_LOCIGPRS for location data (Service No. 38), without advanced packet handling or updates for these files, reflecting its primary focus on circuit-switched . This paved the way for evolution to the Universal Subscriber Identity Module (USIM) in later generations.

3G and Beyond: USIM, ISIM, CSIM

The Universal Subscriber Identity Module (USIM) was developed as the primary UICC application for Universal Mobile Telecommunications System () networks, enabling enhanced capabilities beyond systems, including support for higher data rates through packet-switched services and integration with IP multimedia services via the (IMS). USIM facilitates these advancements by storing subscriber profiles, network parameters, and security credentials that allow mobile equipment to access UMTS core network functions, such as circuit-switched voice and data bearer establishment. In particular, USIM supports UMTS authentication using the Authentication and Key Agreement () procedure, which employs the Milenage algorithm set to generate authentication challenges, verify network authenticity, and derive session keys for confidentiality and protection. The Milenage suite, comprising functions f1/f1* for authentication, f2 for pseudorandom generation, f3/f5 for key derivation, f4 for key derivation, and f5* for anonymity keys, ensures robust between the USIM and the home network while accommodating higher throughput demands of 3G services. Building on USIM, the IP Multimedia Services Identity Module (ISIM) serves as a specialized UICC application tailored for IMS access, providing dedicated support for SIP-based multimedia sessions in and later networks. ISIM stores the private user identity (), a unique, network-assigned identifier used exclusively for and registration with the IMS , ensuring subscriber without exposure in signaling. Complementing the , ISIM maintains one or more public user identities (IMPU), which function as URIs or tel URIs for routing calls and messages, allowing multiple IMPUs to be associated with a single for flexible service provisioning. For , ISIM employs the and Key Agreement ( ) mechanism, an extension of , where the ISIM computes response values and keys based on IMS-specific challenges received over REGISTER messages, enabling secure end-to-end IMS participation. In parallel with developments, the CDMA Subscriber Identity Module (CSIM) emerged as the UICC counterpart for 3GPP2 networks, ensuring with legacy CDMA systems while leveraging UICC's multi-application framework for operations. CSIM incorporates CDMA-specific parameters, such as system IDs () and network IDs (NID), to support preferred roaming lists (PRL) and seamless handovers within 3GPP2 ecosystems. A critical feature is the storage of the (MEID), a 56-bit value uniquely identifying the device, housed in elementary files like EF_ESN_MEID_ME for administrative updates and read access during network attachment procedures. This enables CSIM to perform device alongside subscriber , distinguishing it from /UMTS-focused applications by prioritizing CDMA air interface protocols. For systems introduced in Release 15, USIM receives significant enhancements to accommodate increased security demands, including the adoption of 256-bit keys for root and derived credentials, which provide greater resistance to brute-force attacks compared to 128-bit predecessors in earlier generations. protections are bolstered by the Subscription Concealed Identifier (SUCI), a privacy-preserving encoding of the Subscription Permanent Identifier (SUPI, typically an IMSI), generated by the USIM using public keys or schemes to obscure permanent identifiers from passive observers during registration. Furthermore, USIM supports AKA extensions for non- accesses, such as untrusted WLAN via the non-3GPP interworking function (N3IWF), where it derives access-specific keys (e.g., KN3IWF) to secure tunnels and maintain equivalent protection levels across 3GPP and non-3GPP paths.

Embedded and Integrated Variants

eUICC for eSIM

The embedded Universal Integrated Circuit Card (), also known as , represents an advancement over traditional removable UICCs by integrating the SIM functionality directly into the device's as a soldered chip. As defined in the GSMA's SGP.22 technical specification, the serves as a that supports the storage and management of multiple operator profiles, enabling users to switch mobile network operators without physically swapping cards. This design facilitates greater flexibility for consumers in devices such as smartphones and wearables. Remote provisioning of eUICC profiles occurs through the Subscription Manager Data Preparation Plus (SM-DP+) server, which securely delivers profile packages to the device. The ES9+ interface provides the secure transport mechanism between the SM-DP+ and the eUICC's Issuer Proxy Agent (IPA), ensuring encrypted communication for profile downloads, installations, and updates via over-the-air methods. This process adheres to the GSMA eUICC Architecture outlined in SGP.21 version 2.3 (as of 2021, with ongoing updates through 2025), which specifies the overall framework for remote SIM provisioning across consumer devices. Key features of the include support for up to 10 profiles, allowing for multiple active subscriptions within the same device while maintaining secure isolation between them. The architecture in SGP.21 v2.3 emphasizes , , and scalability, with provisions for profile enabling, disabling, and deletion to optimize device performance. Adoption began with Apple's in 2018, which introduced dual-SIM support via , followed by broader integration in devices thereafter. For , widespread eSIM support emerged from 2020, notably with Samsung's Galaxy series models. By the end of 2025, Intelligence forecasts over 2.4 billion smartphone connections globally, driven by increasing device compatibility and operator deployments.

iUICC Developments

The integrated Universal Integrated Circuit Card (iUICC), also known as iSIM, represents the evolution of embedded UICC technology by fully incorporating UICC functions directly into the device's , thereby eliminating the need for discrete chip components. This -level integration, as defined in the GSMA SGP.32 specification for remote provisioning (updated to v1.1 in 2024, with the first fully certified end-to-end solutions available in 2025), enables seamless cellular in ultra-constrained environments while maintaining and compliance with traditional UICC standards. Building on the as its predecessor, the iUICC optimizes hardware design for low-power applications by embedding secure elements like tamper-resistant enclaves within the processor core. Key benefits of iUICC include a drastically reduced physical , often under 1 mm², which supports in devices such as sensors and wearables. It enhances power efficiency, enabling operation in battery-less or energy-harvesting scenarios by minimizing overhead and lowering overall by up to 70% compared to discrete solutions. These advantages, including simplified manufacturing and supply chains, make iUICC particularly suited for massive deployments requiring long-term reliability without physical handling. Standardization efforts for iUICC are advanced through SGP.32, complemented by Release 18 enhancements to UICC interfaces for improved support, including NB-IoT optimizations. Commercial iUICC deployments began in 2023, with the first SGP.32-compliant modules available in 2024, targeting NB-IoT applications in smart metering and , with partnerships like G+D, Murata, and delivering GSMA-compliant solutions for global rollout. These modules integrate iUICC with low-power wide-area networks to facilitate remote profile management under SGP.32. Despite these advancements, iUICC deployment faces challenges in heat management, as SoC integration can exacerbate thermal dissipation in densely packed designs, requiring advanced cooling strategies to prevent performance degradation in high-density environments. Certification for cellular compliance remains complex, involving rigorous eUICC Security Assurance (eSA) processes to verify , , and adherence to protocols, which can extend timelines for manufacturers. Ongoing refinements in standards aim to address these hurdles for broader .

Security and Functionality

Authentication Mechanisms

The Universal Integrated Circuit Card (UICC) employs cryptographic challenge-response protocols for subscriber , enabling secure access to mobile networks by verifying the user's identity and establishing session keys. In () systems, the network initiates authentication by sending a 128-bit random challenge () to the , which forwards it to the application on the UICC. The UICC then computes a 32-bit signed response (SRES) as SRES = A3(Ki, RAND), where Ki is the 128-bit subscriber stored securely on the UICC, and A3 is a one-way . Simultaneously, the UICC derives a 64-bit cipher key Kc = A8(Ki, RAND), with A8 typically implemented using the COMP128 in early deployments, though later versions like COMP128-2 and COMP128-3 addressed vulnerabilities. This process provides unidirectional authentication of the subscriber to the network, with the network comparing the received SRES against its expected value (XRES) computed similarly using Ki and RAND. From 3G onward, the protocols evolved to UMTS Authentication and Key Agreement (AKA) in 3G, Evolved Packet System AKA (EPS-AKA) in 4G, and 5G AKA in 5G, introducing and longer keys for enhanced . In these mechanisms, the network sends both and an Authentication Token (AUTN) to the , which relays them to the USIM or equivalent application on the UICC; the UICC verifies the network's authenticity by checking the AUTN's (MAC) and sequence number (SQN) against to prevent replay attacks, then computes a response RES = f2(Ki, RAND) and returns it for network verification against XRES. If valid, the UICC derives 128-bit cipher key CK = f3(Ki, RAND) and integrity key IK = f4(Ki, RAND) using standardized functions like MILENAGE, where an operator variant OPc is precomputed as OPc = OP ⊕ E_K(OP) to customize the algorithm per operator while protecting the secret OP. In EPS-AKA and 5G AKA, these keys are further processed to generate higher-level keys like K_ASME (128 bits in 4G) or K_AUSF and K_SEAF (128 or 256 bits in 5G), supporting integrity protection and encryption across and AS layers. Recent developments as of 2025 include mechanisms for over-the-air updating of the long-term root key K on the UICC, enhancing key lifecycle management in alignment with Release 18 and beyond. Key lengths have progressively increased to bolster resistance against brute-force attacks and support advanced privacy features, such as Subscription Permanent Identifier (SUPI) concealment via Subscription Concealed Identifier (SUCI) in . While limited the effective key to 64-bit Kc, and standardized 128-bit CK and IK for core operations, and AKA mandates support for 256-bit root keys (K) and derived keys like K_AMF to protect SUPI during signaling, ensuring with higher security demands. The UICC's tamper-resistant environment stores Ki (or K) and performs all computations, maintaining with the network's Home Environment via SQN management.

Data Storage and Protection

The UICC employs a to organize subscriber data, with security enforced through access conditions defined for each elementary file (EF) and dedicated file (DF). These conditions, specified in TS 31.102, include ALW (always allowed, permitting unrestricted read access without verification), PIN1 (requiring user verification via the primary for read and update operations on files like the IMSI EF), and ADM (administrative access, limited to authorized entities for sensitive updates, deactivations, or activations on files such as the CNL EF). Access rules are stored in Access Rule Reference (ARR) files, ensuring that operations on protected data, such as reading the IMSI or updating network parameters, comply with these qualifiers to prevent unauthorized exposure. User verification relies on PIN and PUK mechanisms to safeguard access to the . The PIN1 and PIN2 are 4- to 8-digit numeric codes, with PIN1 enabling general access to the USIM application and PIN2 restricting updates to specific files like the fixed dialing numbers (FDN) EF. If PIN1 is entered incorrectly three times, it becomes blocked, requiring the 8-digit PUK1 for unblocking; similarly, PIN2 uses PUK2. The PUK itself has a limit of 10 incorrect attempts before permanent blocking of the associated PIN and potential card lockout, enforcing progressive security to deter brute-force attacks. Sensitive data within EFs, such as the IMSI in EF_IMSI ('6F07'), is protected through access conditions and the tamper-resistant of the UICC. Cryptographic algorithms such as 3DES or are employed in secure messaging protocols to ensure confidentiality and integrity during data transmission and command exchanges between the UICC and the host device. Tamper resistance is integral to UICC design, achieved through modules (HSM) and certification under standards. UICC chips incorporate physical protections like active shielding and countermeasures, complying with HSM requirements for secure key storage and operations. Certification to EAL5+ ( 5 augmented) verifies resistance to sophisticated physical and logical attacks, as mandated by guidelines for secure elements in mobile and applications.

Usage and Deployment

In Mobile Telephony

The Universal Integrated Circuit Card (UICC) serves as the cornerstone for subscriber identification in networks, securely storing the (IMSI), a unique 15-digit number that identifies the user and links all voice calls, data sessions, and messaging to the appropriate account. This IMSI is transmitted to the network during registration, enabling the Home Location Register (HLR) or its 5G equivalent, the Unified Data Management (UDM), to retrieve subscriber profile details, including service entitlements and billing information, while the Visitor Location Register (VLR) temporarily stores this data for ongoing session management in the serving network. Through this mechanism, mobile operators can accurately track usage for billing purposes, ensuring charges are attributed correctly to the subscriber's account based on real-time activity logs tied to the IMSI. In supporting international , the UICC enables seamless connectivity across networks by facilitating in a Visited Public Land Mobile Network (VPLMN), where the device presents its IMSI to initiate a location update that queries the subscriber's HPLMN for verification and temporary profile provisioning. This process involves the VPLMN's Mobility Management Entity () or Access and Mobility Management Function (AMF) communicating with the HLR/UDM to the user and download updated subscriber data, such as allowed services and agreements, allowing uninterrupted access to calls and data without manual intervention. Profile updates occur dynamically during handovers or periodic registrations, ensuring the VPLMN applies the latest HPLMN policies for and billing reconciliation post-session. The rise of multi-SIM configurations in mobile devices, particularly dual-UICC setups, reflects growing consumer demand for flexibility in managing separate lines for voice and data, common in regions with distinct pricing for calls versus . These Dual SIM Dual Standby (DSDS) devices allow two UICCs to coexist, with one handling voice-centric services on a traditional plan while the other manages high-data needs, enabling users to optimize costs and coverage without carrying multiple phones—a trend projected to drive the dual-SIM market to over $55 billion in 2025. Briefly, UICC (eUICC) variants extend this by permitting over-the-air operator switches, further enhancing multi-profile management in consumer handsets. Globally, UICCs underpin the massive scale of , with over 8 billion active connections reported in 2025, reflecting the proliferation of multi-SIM usage and integration alongside traditional consumer devices. Among smartphones, which account for the majority of these deployments, the nano-SIM dominates due to its compact 12.3 mm × 8.8 mm size, fitting seamlessly into modern slim designs while maintaining full UICC functionality for / networks.

In IoT and Other Applications

The Universal Integrated Circuit Card (UICC), particularly in its embedded form as , plays a pivotal role in machine-to-machine (M2M) and (IoT) ecosystems by enabling remote provisioning and management of connectivity profiles for large-scale deployments. This capability allows operators to download, switch, or update SIM profiles over-the-air () without physical intervention, which is essential for devices that are sealed, remotely located, or have extended lifecycles. For instance, in connected vehicles, eUICC facilitates seamless network switching for , , and emergency services across global regions, while in smart metering applications, it supports automated utility data transmission in hard-to-access installations. These features simplify global manufacturing by allowing local operator provisioning post-deployment, reducing logistical complexities for fleets. In non-telephony applications, the UICC serves as a for (NFC)-based s through host card emulation (HCE). As a tamper-resistant component, the UICC hosts payment applications and domains, managing cryptographic keys and transaction data via protocols like the Single Wire Protocol (SWP) and Host Controller Interface (HCI). This contrasts with pure software-based HCE, which relies on the device's host processor and offers lower inherent ; the UICC provides a dedicated, physically protected environment certified under standards such as EMVCo and GlobalPlatform, ensuring compliance for contactless transactions at point-of-sale terminals. Within private networks, UICC-based supports enterprise network slicing and by enabling customized and seamless mobility. In standalone non-public networks (SNPNs) and public network-integrated non-public networks (PNI-NPNs), the UICC or provisions credentials for slice-specific , allowing enterprises to allocate dedicated virtual network segments for low-latency applications like industrial automation or at the edge. This integration ensures secure, isolated traffic flows, with SIM-based subscriptions facilitating transitions between private and public coverage while maintaining quality-of-service guarantees. The adoption of UICC in IoT is underscored by market growth, with low-power wide-area (LPWA) connections—primarily driven by NB-IoT and technologies—having reached approximately 2.1 billion globally as of mid-2025.

References

  1. [1]
    Universal Integrated Circuit Card - Glossary | CSRC
    Definitions: An integrated circuit card that securely stores the international mobile subscriber identity (IMSI) and the related cryptographic key used to ...Missing: history | Show results with:history
  2. [2]
    What is UICC (Universal Integrated Circuit Card)? - Kigen
    A Universal Integrated Circuit Card (UICC) is a physical smart card used in mobile devices to securely store a subscriber's identity and enable network ...
  3. [3]
    [PDF] ETSI TS 102 221 V15.0.0 (2018-07) - UICC-Terminal interface
    ETSI TS 102 221 V15.0.0 is a technical specification for smart cards, specifically the UICC-Terminal interface, covering physical and logical characteristics.
  4. [4]
    What is eUICC? Embedded UICC and IoT eSIMs - Wireless Logic
    UICC (Universal Integrated Circuit Card) describes the SIM card which has been used since 1991 in mobile phones and latterly in IoT devices. Embedded UICC ...Missing: history | Show results with:history
  5. [5]
    https://esimcard.com/blog/info/sim-card-history/
  6. [6]
    Specification # 31.101 - 3GPP
    Mar 1, 2017 · Specification 31.101 is a technical specification (TS) about UICC-terminal interface, physical and logical characteristics, and is under change ...
  7. [7]
    Our history - About Us - GSMA
    The 'MoU' is drawn up and signed in Copenhagen in September, by 15 members from 13 countries that commit to deploying GSM. 1988. Completion of the first set of ...Missing: Module | Show results with:Module
  8. [8]
    Specification # 11.11 - 3GPP
    Mar 1, 2017 · Technical specification (TS). Initial planned Release: Phase 1. Internal: Common IMS Specification: Radio technology: 2G, 3G, LTE, 5G, 6G. Click ...Missing: first | Show results with:first
  9. [9]
    [PDF] The Global System for Mobile Communications 1 History of GSM
    Mar 13, 1996 · During the early 1980s, analog cellular telephone systems experienced rapid growth in Europe, ... the Subscriber Identity Module (SIM). The SIM ...
  10. [10]
    SIM card development: from its inception until now | G+D Spotlight
    Nov 16, 2021 · Thirty years ago in Munich, Germany, G+D delivered the world's first commercial SIM card to a telecommunications customer in Finland. Back then, ...
  11. [11]
    Secure Elements (Smart Cards) - ETSI
    They are used as credit cards, banking cards in general, ID cards and especially as SIMs in mobile telecommunications.Our Role & Activities · The Etsi Smart Card Platform... · The Etsi Smart Secure...<|control11|><|separator|>
  12. [12]
    [EPUB] The Creation of Standards for Global Mobile Communication - ETSI
    Similarly, GSM's Subscriber Identity Module (SIM) concept with a unique subscriber identity and the subscription credentials was expanded for UMTS; while ...
  13. [13]
    [PDF] ETSI TS 102 221 V18.1.0 (2023-09)
    Jan 11, 2024 · UICC. If an application specification does not specify particular specific UICC environmental conditions then the UICC supports the standard ...
  14. [14]
    [PDF] Overview of 3GPP Release 99 Summary of all Release 99 Features
    This work item covers the definition of the interface between the Universal ICC (UICC) and the Mobile. Equipment (ME), and mandatory ME procedures ...
  15. [15]
    [DOC] 3GPP Release 99 Features
    This work item covers the definition of the interface between the Universal ICC (UICC) and the Mobile Equipment (ME), and mandatory ME procedures ...
  16. [16]
    [PDF] ETSI TS 131 101 V18.0.0 (2024-05)
    3GPP TS 31.101 version 18.0.0 Release 18. Reference. RTS ... The present document specifies: - the requirements for the physical characteristics of the UICC;.
  17. [17]
    [PDF] ETSI TS 131 102 V18.6.2 (2024-11)
    The present document may refer to technical specifications or reports using their 3GPP identities. These shall be interpreted as being references to the ...
  18. [18]
    Release 18 - 3GPP
    Release 18 specifies further improvements of the 5G-Avanced system. These improvements consist both in enhancements of concepts/Features introduced in the ...Missing: UICC 2025
  19. [19]
    [PDF] 3GPP TS 31.048 V5.1.0 (2005-10)
    This Specification is provided for future development work within 3GPP only. The Organizational Partners accept no liability for any use of this Specification.
  20. [20]
    ISO/IEC 7816-1:2011 - Identification cards — Integrated circuit cards
    ISO/IEC 7816-1:2011 specifies the physical characteristics of integrated circuit cards with contacts. It applies to identification cards of the ID-1 card type.
  21. [21]
    https://www.arib.or.jp/english/html/overview/doc/STD-T63V9_21/5_Appendix/Rel5/31/31048-510.pdf
  22. [22]
    https://www.iso.org/standard/54089.html
  23. [23]
    SIM card format for slimmer, smaller phones - 3GPP
    Jun 1, 2012 · ETSI has standardized a new form factor (4FF) for the SIM card, 40% smaller than the current smallest design. The SIM is the most successful ...
  24. [24]
    Subscriber Identity Module | Encyclopedia MDPI
    Oct 25, 2022 · The first SIM card was developed in 1991 by Munich smart-card maker Giesecke & Devrient, who sold the first 300 SIM cards to the Finnish ...Missing: 1988 | Show results with:1988
  25. [25]
    Smart card - Wikipedia
    Smart cards serve as credit or ATM cards, fuel cards, mobile phone SIMs, authorization cards for pay television, household utility pre-payment cards, high ...List of public transport smart... · Contactless · Application Protocol Data Unit
  26. [26]
    [PDF] Card Specification v2.3.1 - GlobalPlatform
    Interface (UICC API) for Java Card™, European ... The GlobalPlatform API specifications (Java Card™ and MULTOS™) have been removed from this document.
  27. [27]
    https://globalplatform.org/wp-content/uploads/2018/05/GPC_CardSpecification_v2.3.1_PublicRelease_CC.pdf
  28. [28]
    GlobalPlatform Card Specification v2.3.1 | GPC_SPE_034
    The GlobalPlatform API Specifications (Java Card™ and MULTOS™) have been removed from this document and are now published separately on the GlobalPlatform ...
  29. [29]
    [PDF] SIM cards for cellular networks - DiVA portal
    Jun 12, 2010 · The group also collaborates with ETSI/3GPP for creating SIM card specifications. ... The UICC standard is governed by the ETSI. UMTS. (GSM ...<|control11|><|separator|>
  30. [30]
    [PDF] ETSI TS 151 011 V4.14.0 (2005-03)
    This document specifies the Subscriber Identity Module (SIM) interface for mobile equipment in a digital cellular telecommunications system (Phase 2+).Missing: COMP128 | Show results with:COMP128
  31. [31]
    Security algorithms - GSMA
    The 3GPP specification TS 55.205 contains an example set of algorithms which may be used as the GSM authentication and key generation functions A3 and A8.Missing: ETSI Ki
  32. [32]
    Specification # 31.102 - 3GPP
    Jun 24, 2016 · UICC/(U)SIM enhancements and interworking. T3. See details, False. 60173. UICC. UICC / Terminal interface; Physical and logical characteristics.
  33. [33]
    [PDF] TSGS#18(02)0698 - 3GPP
    3G Security; Specification of the MILENAGE Algorithm Set: An example algorithm set for the 3GPP authentication and key generation functions f1, f1*, f2, f3 ...
  34. [34]
    https://www.3gpp.org/ftp/TSG_SA/TSG_SA/TSGS_18/Docs/pdf/SP-020698.pdf
  35. [35]
    https://www.3gpp.org/ftp/Specs/html-info/35205.htm
  36. [36]
    Specification # 33.103
    **Summary of ISIM Characteristics from 3GPP TS 33.103:**
  37. [37]
    [PDF] S3-010402(LS on impi-impu) - 3GPP
    IMPI is a private user identity, and IMPU is a public user identity. The network validates IMPU during registration to ensure it relates to IMPI.
  38. [38]
    [PDF] 3GPP2 C.S0065-B - cdma2000 Application on UICC for Spread ...
    Jan 7, 2011 · 7.3.14 Multimedia Message Storage. 22. If the ME supports Multimedia Message Storage on the CSIM, then the following procedures apply. 23. As ...
  39. [39]
    SGP.22 Technical Specification v2.2.2 - eSIM - GSMA
    Jun 5, 2020 · This document provides a technical description of the GSMA's 'Remote Sim Provisioning(RSP) Architecture for consumer Devices'. SGP.22 v2.2.2.Missing: eUICC definition
  40. [40]
    [DOC] Download - GSMA
    The ES9+ interface is used to provide a secure transport for the delivery of the Bound Profile Package between the SM-DP+ and the IPA. This interface is defined ...
  41. [41]
    SGP.21 Architecture Specification v2.3 - eSIM - GSMA
    Jul 1, 2021 · This document describes the architecture and technical requirements for Remote SIM Provisioning of all device types across all consumer markets.Missing: eUICC | Show results with:eUICC
  42. [42]
    [PDF] sysmoEUICC1 User Manual - sysmocom
    4.2.1 GSMA Specification Compliance. • GSMA SGP.22 V2.3.0. • Maximum number of profiles: 10. Copyright © 2016-2024 sysmocom - systems for mobile communications ...
  43. [43]
    Blog from ARM: eSIM is on the rise, but what does this mean ... - GSMA
    Aug 13, 2025 · With its highest profile launch to date in the Apple iPhone XS, the global eSIM market is estimated to grow from $253.8 million in 2018 to $978 ...Missing: 2020 | Show results with:2020
  44. [44]
    How eSIM Adoption Is Reshaping the Android Ecosystem in 2025
    Mar 19, 2025 · Not far behind, Samsung integrated eSIM technology into its smartphones starting in 2020 ... Compliance with GSMA standards for security ...
  45. [45]
    How the rise of eSIM can grow MNO and OEM business - GSMA
    Sep 2, 2021 · GSMA Intelligence forecast that by the end of 2025, there will be 2.4 billion eSIM smartphone connections globally. ... billion eSIM smartphone ...
  46. [46]
    eSIM Consumer and IoT Specifications - GSMA
    The below content provides the status of the eSIM specifications that have been published by GSMA and a comprehensive way to link the core specifications.
  47. [47]
    G+D and Murata launch world's first SGP.32 iSIM module
    Nov 7, 2024 · Murata's compact Type 2GD Cat.M1/NB-IoT connectivity module incorporates an Integrated Universal Integrated Circuit Card (iUICC) enabling it to ...
  48. [48]
    iSIM – the Integrated SIM is the future of connectivity | G+D
    iUICC is the latest phase of the SIM card evolution. Offering more efficiency and security, it promises to make a lasting impact on the IoT industry.
  49. [49]
    What is iSIM (integrated SIM) and how does it benefit IoT devices?
    Sep 26, 2024 · iSIM technology enables optimized yet differentiated IoT chipsets for broader use cases, enabled by smaller device sizes, lower power, and ...
  50. [50]
    iSIM: The latest innovation in SIM technology, explained - u-blox
    Jun 15, 2023 · UICC: Short for universal integrated circuit card, the UICC is simply the name for SIMs used in 3G and 4G devices. eSIM: eSIM stands for ...
  51. [51]
    eUICC Security Assurance (eSA) - Industry Services - GSMA
    Oct 29, 2025 · What is eSA? The embedded UICC (eUICC) is an evolution of SIM technology and key to consumer and IoT-driven digital transformation.Missing: integrated | Show results with:integrated
  52. [52]
    [DOC] https://www.gsma.com/esim/resources/sgp-18-v1-0-1/
    Feb 6, 2024 · This document covers the security certification framework for the Integrated eUICC and the process that SHALL be followed to perform the ...
  53. [53]
    [PDF] GSM 03.20 - Version 3.3.2 - ETSI
    The authentication procedure will be also used to perform the cipher key-setting (see Section 4) on dedicated signalling channels. Therefore, it is performed ...
  54. [54]
    [PDF] ETSI TS 133 102 V18.0.0 (2024-04)
    Quintet, UMTS authentication vector: temporary authentication and key agreement data that enables an VLR/SGSN to engage in UMTS AKA with a particular user. A ...
  55. [55]
    [PDF] ETSI TS 133 401 V15.7.0 (2019-05)
    User authentication request (RAND, AUTN, KSIASME). User authentication response (RES). Figure 6.1.1-1: Successful EPS AKA authentication. 6.1.2 Distribution of ...
  56. [56]
    [PDF] ETSI TS 135 206 V9.0.0 (2010-02)
    A 128-bit value OPC is derived from OP and K as follows: OPC = OP ⊕ E[OP]K. An intermediate 128-bit value TEMP is computed as follows: TEMP = E[RAND ⊕ OPC]K.Missing: UICC | Show results with:UICC
  57. [57]
    [PDF] ETSI TS 133 501 V18.6.0 (2024-07)
    TS 133 501 is a technical specification for 5G security architecture and procedures, produced by ETSI 3GPP.
  58. [58]
    [PDF] ETSI TS 131 102 V18.4.0 (2024-05)
    This document is a technical specification for the Universal Subscriber Identity Module (USIM) application for UMTS, LTE, and 5G, produced by ETSI 3GPP.Missing: PIN1 | Show results with:PIN1
  59. [59]
    [PDF] ETSI TS 131 102 V11.6.0 (2013-10)
    The present document may refer to technical specifications or reports using their 3GPP identities, UMTS identities or. GSM identities. These should be ...Missing: PUK | Show results with:PUK
  60. [60]
    [PDF] ETSI TS 133 401 V18.3.0 (2025-04)
    The secure environment shall support secure storage of sensitive data, e.g. long term cryptographic secrets and ... For encryption, AES-CBC as specified in ...
  61. [61]
    [PDF] CSCIP Module 2 - Secure Technology Alliance
    a Common Criteria (CC) EAL5+ certification. The IC manufacturer prepares a specification instructing their customers on how to make use of the IC's security ...
  62. [62]
    Securing the Connected Future: Common Criteria's Rising Role in ...
    Jun 3, 2025 · By achieving EAL4+ certification, the GSMA guarantees that eUICCs following this Protection Profile specification meet the rigorous standards ...
  63. [63]
    UICC - Glossary | CSRC - NIST Computer Security Resource Center
    An integrated circuit card that securely stores the international mobile subscriber identity (IMSI) and the related cryptographic key used to identify and ...<|separator|>
  64. [64]
    [PDF] TS 123 003 - V13.4.0 - ETSI
    In order to speed up the search for subscriber data in the VLR a supplementary Local Mobile Station Identity (LMSI) is defined. The LMSI may be allocated by the ...
  65. [65]
    What is IMSI and How to Use It - Yesim
    Tracks subscriber activity: The IMSI helps track the subscriber's activity, such as location and usage patterns. This information is used by mobile operators ...
  66. [66]
    [PDF] ETSI TS 123 122 V15.7.0 (2019-04)
    the update status is "ROAMING NOT ALLOWED", and the LAI, TAI or PLMN identity is not contained in any of the lists of "forbidden location areas for roaming ...<|separator|>
  67. [67]
    The best dual-SIM phones of 2025: Tested and compared!
    Oct 25, 2025 · Look no further if you're in the market for a dual-SIM Android phone. Samsung Galaxy S25 Ultra: The best overall dual-SIM Android phone.
  68. [68]
    Dual SIM Smartphone Market Size & Share [2033]
    Oct 20, 2025 · The global Dual SIM Smartphone Market size was approximately USD 51.37 billion in 2024, is expected to rise to USD 55.11 billion in 2025, ...Missing: UICC | Show results with:UICC
  69. [69]
    What is eUICC, how it works, and 8 amazing use cases - floLIVE
    Improved efficiency: Reduces power consumption and manufacturing complexity. ... Suited for constrained devices: Ideal for small IoT devices, such as sensors and ...
  70. [70]
    https://yesim.tech/blog/what-is-imsi/
  71. [71]
    SIM Card Sizes Explained: Standard, Micro, Nano & eSIM Compared
    Jun 23, 2025 · The Nano SIM, measuring just 12.3 x 8.8 mm, is the current standard for physical SIM cards. Introduced in 2012, it's used in almost all modern ...Missing: dominance | Show results with:dominance
  72. [72]
    Remote SIM Provisioning for Machine to Machine | Internet of Things
    GSMA Embedded SIM allows remote provisioning and management of M2M connections, enabling initial operator subscriptions and changes, and local provisioning in ...
  73. [73]
    [PDF] UICC Configuration for Mobile NFC Payments
    This paper defines SIMalliance's recommendations for UICC configuration and feature requirements in mobile near field communication (NFC) payments.
  74. [74]
    [PDF] 5G Technologies for Private Networks
    Oct 27, 2020 · The combination of 5G and edge computing brings an unprecedented potential access to enterprise infrastructure. 5G is continuing to evolve ...
  75. [75]
    GSMA Mobile IoT Initiatives | Licensed Low Power Wide Area ...
    Analyst firm Machina Research anticipate there will be 3 billion LPWA connections by 2025. By 2022, already 56% of active LPWA connections will be in licensed ...