Can SIM card be locked to the specific equipment?

Question

I'm curious if SIM card can be "personalized" to operate only in the specified mobile equipment in addition to usual PIN security. So the SIM extracted from "legitimate" phone and placed into arbitrary one won't reveal it's data.

I realize what SIM is JavaCard-based smartcard, so in theory this kind of mutual authentication might be possible.

Answer 1

Not sure if anyone has done this in practice, but you can encrypt the SIM contents with a very long (= hard to break) key, and make the SIM card will ask the equipment for a decryption key to be able to see its contents.

Assuming the SIM card is inserted into an arbitrary device, if they figure out the obscurity layer (i.e. having to pass some cryptographic key), they will then have to break the encryption, which if is only possible through bruteforce AND is cryptographically secure (i.e., known hard-to-break algorithm, long key = exponentially more work), would take them centuries to break.

Edit: While outside the scope of the question, bear in mind that you may be securing the wrong thing here. Perhaps instead of securing the SIM card contents (and consequentially, putting the phone equipment at the higher risk), you really want to implement some sort of the corporate server to which its clients would call and, given they have the necessary permission, they get forwarded to an appropriate contact without finding out their number)

Answer 2

1. Store the IMEI of the equipment in the SIM card applet.
2. On start of the mobile equipment, just check if the IMEI of the equipment is the same as that of the one stored in the SIM card applet. By comparing both, you can take a decision to update a memory byte in SIM card, which will eventually make it disable for the operation. Refer ETSI 11.14 Standard.