CAT

Card Application Toolkit Runtime Environment

Other →
Introduced in Rel-8 Also in: Core Network, Testing, Security

CAT is a standardized execution environment on a UICC or USIM card that provides a secure platform for running applications like SIM ToolKit services, enabling mobile operators to deploy value-added services directly on the SIM.

Category
Other
Introduced
Rel-8
Where
Services › Codecs
Also touches
3 segments
Specifications
22 specs
CAT Description Purpose Related Classification Detected Changes Specifications

Description

The Card Application Toolkit (CAT) Runtime Environment is a standardized framework defined by 3GPP that provides an execution environment for applications residing on the UICC (Universal Integrated Circuit Card), which includes the USIM (Universal Subscriber Identity Module). This environment is essentially a virtual machine or interpreter that runs on the UICC's limited-resource microcontroller, enabling the card to host and execute secure, portable applications independent of the mobile equipment (ME). The architecture is based on a command-response model where the ME acts as a terminal that displays information and captures user input, while the UICC hosts the application logic and manages secure data.

At its core, CAT defines a set of proactive commands that allow applications on the UICC to initiate actions on the ME, such as displaying menus, sending SMS, setting up calls, or providing local information like cell ID. The ME, in turn, sends terminal responses and events (like menu selection or call disconnection) back to the UICC application. This communication occurs over the standardized interface between the UICC and ME, typically using APDU (Application Protocol Data Unit) commands. Key components include the CAT interpreter on the UICC, the proactive UICC handler in the ME, and a set of standardized profiles and procedures for different service types.

The runtime environment manages application lifecycle, resource allocation, and security domains. Applications are typically implemented as applets (e.g., using Java Card technology) that are securely loaded onto the UICC. CAT provides mechanisms for application selection, activation, and inter-application communication where supported. It includes features for managing volatile and non-volatile memory, handling timers, and processing user interface events. Security is fundamental: applications run in isolated security domains, cryptographic operations are performed within the secure element of the UICC, and sensitive data never leaves the card's protected environment.

CAT's role in the network extends beyond basic subscriber authentication. It enables operator-controlled services like SIM-based menus for balance checking, top-up, and service activation. It is crucial for machine-to-machine (M2M) applications where remote management and provisioning of devices are required. In later releases, it forms the basis for more advanced secure services like NFC mobile payments (through contactless interfaces), device management, and authentication for network applications. The environment ensures these services are portable across different handset models and operating systems, as long as the ME supports the required CAT capabilities.

Purpose & Motivation

CAT was created to address the limitation of earlier SIM cards being purely passive components used only for network authentication and subscriber identification. As mobile networks evolved, operators needed a way to deploy value-added services directly controlled from the network side, without depending on handset manufacturers or requiring users to install software. The traditional SIM had no standardized way to run applications or interact proactively with the handset. CAT provided a standardized, secure execution environment on the SIM card itself, turning it from a simple authentication module into a service delivery platform.

Historically, before CAT, any SIM-based service was proprietary and non-portable, locking operators into specific card vendors and limiting service innovation. The creation of CAT in 3GPP Release 8 (building upon earlier ETSI/3GPP specifications for SIM Application Toolkit) established a unified framework that ensured interoperability across different UICC vendors and mobile equipment. This allowed operators to develop and deploy services like SIM menus, over-the-air (OTA) updating, and secure transaction applications that would work consistently on any compliant device. It solved the problem of service portability and created a trusted execution environment within the already secure SIM card.

Furthermore, CAT addressed the growing need for secure services beyond voice and SMS. As mobile devices began to be used for banking, payments, and identity, the SIM card's secure element provided an ideal hardware-rooted trust anchor. CAT enabled this by providing a runtime where sensitive applications could execute in isolation, perform cryptographic operations, and manage secure storage. This purpose expanded significantly with the advent of NFC and mobile wallets, where CAT-based applications became the secure element for contactless transactions. It also enabled remote management of M2M devices, where the UICC could host applications for device configuration, diagnostics, and service provisioning without physical access.

Classification

Part ofUSIM
Related approachesAPDU

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (19 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-8, normative work from Rel-15.

Rel-15 6 changes

In Release 15, the Card Application Toolkit (CAT) function was enhanced to introduce support for video CAT services, including within an audio call, and for a forking model. The release also provided operators with a choice of CAT media type and included corrections to the handling of counters for "SIM/USIM considered invalid" events.

  • Video CAT for forking model TS 24.182CR0105
  • Incrementing of counter for "SIM/USIM considered invalid for non-GPRS services" in Iu mode TS 24.008CR3136
  • Correction of the handling of counters for "SIM/USIM considered invalid" events TS 24.008CR3088
  • Support for video CAT service within audio call in TS 24.182 TS 24.182CR0096
  • Correction of message examples for the CAT gateway model TS 24.182CR0104
  • Operator choice of CAT media type TS 29.165CR0957
Rel-16 5 changes

In Release 16, the CAT function was enhanced to support the continuous playback of video CAT media without interrupting an ongoing audio conversation. The release also introduced clarifications for UE actions within the CAT gateway model and defined CAT interactions with MuD (Modification of User Data) and MiD (Modification of Initial Data) services. Furthermore, it specified the use of preconditions for CAT when the originating UE supports them, ensuring proper media establishment.

  • Support to continue to play video CAT without voice during audio conversation TS 24.182CR0108
  • Corrections on AS actions for playing CAT media continuely during conversationy TS 24.182CR0111
  • CAT interactions with MuD and MiD services TS 24.182CR0118
  • Use preconditions for CAT when originating UE supports precondition TS 24.182CR0119
  • UE actions clarification of CAT for gateway model TS 24.182CR0109
Rel-17 1 change

In Release 17, the primary update for the CAT function involved corrections to its support of DTMF (Dual-Tone Multi-Frequency) signaling. This maintenance change addressed specific technical interactions within the Customized Alerting Tone service framework. The release did not introduce new major CAT capabilities or service interactions, focusing instead on refining existing functionality.

  • CAT Corrections on the support of DTMF TS 24.182CR0122
Rel-18 1 change

In Release 18, the specific update for the CAT function was the introduction of corrected test cases and sources related to the coverage of the GBAUCipher class from the `uicc.usim.gba_u` specification. This work focused on ensuring proper validation of the underlying security mechanisms used by the CAT runtime environment. No new service requirements or interactions with supplementary services for CAT were defined in this release, as those aspects remained unchanged from the previous specifications.

  • Test cases and sources correction related to coverage of GBAUCipher class from uicc.usim.gba_u TS 31.213CR0053
Rel-19 6 changes

In Release 19, the CAT function was enhanced to support the standalone Data Channel (DC) and new network-initiated procedures. Key additions include updated session control for the standalone DC, procedures for network-initiated peer-to-peer application data channel establishment, and mechanisms for application data channel interworking via the DC Application Server for the originating UE. The release also introduced requirements for the UE's DC application and handling for application data channel multiplexing.

  • Update session control and DC application related requirement to support the standalone DC TS 24.186CR0039
  • Procedure of network initiated P2P application data channel establishment TS 24.186CR0062
  • Procedure of application data channel interworking via DC AS for originating UE TS 24.186CR0065
  • The requirement of the UE related to DC application in 8.1 TS 24.186CR0087
  • Update on IMS data channel application for standalone data channel TS 24.186CR0094
  • Handling of application data channel multiplexing TS 24.186CR0096

Explore further

Broader topics and technologies where CAT plays a role.

Topics
Authentication (5G-AKA, EAP)Encryption & IntegrityMEC (Edge Computing)Lawful InterceptSMS & MessagingServices & Applications

Defining Specifications

3GPP specifications that define or reference CAT, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 22.173 vk00 IMS Multimedia Telephony Service Definition Rel-20
TS 22.182 vj00 Customized Alerting Tone (CAT) Service Requirements Rel-19
TS 22.810 vd00 Enhanced Calling Information Presentation Requirements Rel-13
TR 22.878 vi20 Technical Report on 5G Timing Resiliency Rel-18
TR 22.982 vj00 Customized Alerting Tone Service Requirements Rel-19
TS 24.008 vj50 3GPP TS 24008: Core Network Protocols Rel-19
TS 24.182 vj00 Customized Alerting Tones (CAT) Protocol Rel-19
TS 24.186 vj60 IMS Data Channel applications Rel-19
TS 24.615 vj00 Communication Waiting (CW) Service Protocol Rel-19
TR 26.917 vj00 TV Service Enhancements over 3GPP Rel-19
TS 29.163 vj00 Interworking between 3GPP IM CN and CS networks Rel-19
TS 29.165 vj10 Inter-IMS Network to Network Interface (NNI) Rel-19
TS 29.364 vj10 IMS AS Service Data Descriptions Rel-19
TS 29.827 vg00 Policy and Charging for Volume Based Charging Rel-16
TS 29.864 v801 Application Server Service Data Definition for IMS Telephony Rel-8
TS 31.131 vj00 C Language Binding for (U)SIM API Rel-19
TS 31.213 vi30 Test specification for (U)SIM Rel-18
TS 32.275 vj00 MMTel Charging Specification Rel-19
TS 32.850 ve00 IMS Charging Correlation Methods Study Rel-14
TS 33.106 vj00 Lawful Interception Requirements (Pre-Rel-15) Rel-19
TS 33.126 vj30 Lawful Interception Requirements Rel-19
TS 34.131 vj00 SIM API C Language Test Specification Rel-19