UICC configuration

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The GlobalPlatform UICC configuration is a configuration of the GlobalPlatform Card specification v2.2 aiming at standardizing a minimum interoperability for SIM/USIM products for supporting remote application management via OTA. The GlobalPlatform UICC Configuration outlines a common and neutral environment to facilitate the secure delivery and management over-the-air (OTA) of new and creative mobile services to consumers.

GlobalPlatform Card specification V2.2 [1] has been published in March 2006. It provides dynamic post-issuance card management, including dynamic addition & modification of applications.This specification defines card components, command sets, transaction sequences and interfaces. The specification is completely neutral in relation to hardware, operating system, vendor and application, making it applicable to any type of application and industry. It provides dynamic post-issuance card management, including dynamic addition & modification of applications.

A key feature of the UICC Configuration is its flexibility, which enables the issuer to select the services to be offered to third parties by personalization and ensures the technology can support a diverse range of business models in various ecosystems. Providing both security of mobile network operator and financial sector, this configuration also allows the actors involved in the delivery of a mobile implementation to use their current application deployment scheme.

This technical document is of significant interest to mobile network operator, application service providers such as bank, mobile payment, mobile TV, and trusted service managers.

Content of this standard[edit]

Three types of Security Domains exist for this configuration:

  • The Issuer Security Domain; that is present and active
  • Application Provider Security Domain
  • A Controlling Authority Security Domain; that is optionally present and offers a confidential personalization service to authenticated application providers

Application Provider Security Domains are only instantiated from pre-loaded executable load files.

GlobalPlatform cross-market reach[edit]

EMVCo, the European Telecommunications Standards Institute (ETSI), GSM Association, the Mobey Forum, mobile network operators, payment systems and public transport operators, have all provided valuable input into GlobalPlatform’s UICC Configuration. This cross market contribution has been vital in achieving the security requirements of all stakeholders operating within this progressive industry, and ensuring the universal acceptance and use of this document.

GlobalPlatform and ETSI specifications[edit]

This document specifies configuration requirements for implementing GlobalPlatform specifications on the UICC platform specified in ETSI specifications TS 102 221, TS 102 223, TS 102 225 and TS 102 226.

Adoption in standards and adoption of standards or specs by other standards is one of the most important things in the smart card or Java Card world.

—Sebastian Hans[1]

GlobalPlatform and NFC[edit]

In order to host third party services such as credit and debit contactless or mobile TV applications, a UICC should support the UICC configuration. Further information on NFC is available at near field communication (NFC).


  • UICC configuration has been referenced by ETSI in the release of the TS 102 225 Rel-7
  • Pegasus Project AEPM will rely on the UICC configuration
  • StoLPaN StoLPaN : The StoLPaN consortium (26 companies) is co-funded by the European Commission’s Information Society Technology (IST) program (EU 6FP) . StoLPaN will examine the as yet untapped potential for bringing together the new kind of local wireless interface, NFC and mobile communication. A recent press release confirms the usage of GlobalPlatform infrastructure for StoLPaN service deployment
  • First qualified card are available now at Compliance


UICC configuration is available at Card specification