DATE

Device Application Tag

Security
Introduced in Rel-8
The Device Application Tag (DATE) is a security identifier used in 3GPP UICC/USIM applications to uniquely tag and manage specific applications on a secure element. It is crucial for enabling secure application management, authentication, and lifecycle operations for services like Over-The-Air (OTA) provisioning. Its standardized format ensures interoperability and secure identification across different network operators and device manufacturers.

Description

The Device Application Tag (DATE) is a fundamental component within the 3GPP security architecture, specifically defined for UICC (Universal Integrated Circuit Card) and USIM (Universal Subscriber Identity Module) applications. It serves as a unique identifier for an application instance residing on the secure element. The DATE is a structured data element, typically an octet string, defined within the specifications for USIM and Toolkit application management (TS 31.111). Its primary role is to be referenced in secure commands, such as those used for OTA (Over-The-Air) platform management, to precisely target a specific application for operations like installation, personalization, activation, or deletion.

Architecturally, the DATE operates within the secure environment of the UICC, which hosts the USIM application and other optional applications (like an ISIM for IMS). When a network operator or service provider needs to manage an application remotely, the management command (e.g., a REFRESH, DELETE, or ACTIVATE command) includes the DATE of the target application. The UICC's operating system uses this tag to locate the correct application data and execute the commanded operation. This mechanism is integral to the Secure Channel protocols used in OTA management, ensuring that commands are authenticated and authorized for the specific application.

Key components involved include the OTA platform on the network side, which generates and sends secure commands, and the UICC's Card Manager or Security Domain, which receives and interprets these commands. The DATE is a critical parameter within the command structure. Its value is assigned during the application's installation or personalization phase, often derived from the Application Identifier (AID) or assigned by the application provider. The uniqueness of the DATE within a given UICC context is essential to prevent command ambiguity and ensure secure, reliable application lifecycle management.

The DATE's role extends beyond simple identification; it is a cornerstone for secure service provisioning. In modern mobile networks, especially with the proliferation of eSIM and IoT, the ability to remotely manage multiple applications on a single secure element is paramount. The DATE enables this by providing a handle for the network to interact with individual applications without compromising the security of others on the same UICC. It supports features like profile management for eSIM (where each operator profile is a distinct application) and secure IoT service enablement.

Purpose & Motivation

The Device Application Tag was created to address the growing need for secure, remote management of multiple applications on a UICC. Prior to its standardization, application management was less structured, often relying on proprietary identifiers or physical card replacement. As mobile networks evolved to offer value-added services (like mobile banking, authentication apps) directly on the SIM, a standardized, secure method to identify and manage these individual software entities over the air became critical. The DATE solves the problem of unambiguous targeting in OTA commands, which is essential for security—ensuring a DELETE command, for instance, only affects the intended application and not the core USIM.

Historically, early SIM cards primarily hosted a single application: the subscriber authentication module. With the introduction of the SIM Application Toolkit (SAT/USAT), the possibility for network-provisioned applications emerged. However, managing these applications required a robust identification scheme. The DATE, introduced in 3GPP Release 99 and refined in later releases, provided this. It addressed limitations of previous ad-hoc approaches by defining a standardized tag within the 3GPP command set, ensuring interoperability between different card vendors, network operators, and OTA platforms.

The motivation was driven by commercial and technical needs: operators wanted to deploy and update services without requiring users to change physical SIMs, and application providers needed a secure lifecycle management channel. The DATE enables this by being a key parameter in the standardized Remote Application Management (RAM) and OTA protocols. Its creation was fundamental to enabling the modern eSIM ecosystem and secure element-based services, forming a bedrock for trusted application management in GSM, UMTS, LTE, and 5G networks.

Key Features

  • Unique identifier for UICC/USIM applications
  • Critical parameter in OTA management commands (e.g., DELETE, ACTIVATE)
  • Enables secure targeting of specific applications without affecting others
  • Standardized format defined in 3GPP TS 31.111 and related specs
  • Supports application lifecycle management (install, personalize, delete)
  • Essential for eSIM profile management and IoT service enablement

Evolution Across Releases

Rel-4 Initial

Enhanced the definition and usage of the DATE within the broader OTA security framework. Clarified its integration with the CAT (Card Application Toolkit) and the security mechanisms for command protection. Strengthened its role in ensuring command authenticity and application integrity during remote operations.

TS 31.122TS 31.213
Rel-5

Further refined the DATE's context with the introduction of IMS and the ISIM application. Ensured compatibility and clear identification between USIM and ISIM applications on the same UICC, supporting the convergence of circuit-switched and packet-switched service identities.

TS 31.122TS 31.213
Rel-7

Aligned DATE usage with evolving OTA platform standards and the increasing complexity of UICC applications. Supported more sophisticated application management scenarios required for early mobile commerce and authentication services.

TS 31.122TS 31.213
Rel-8

Maintained and referenced the DATE within the updated USIM and UICC specifications (TS 31.102, TS 31.111). Ensured its continued relevance for LTE network deployments and the management of applications in the new EPS (Evolved Packet System) security context.

TS 31.122TS 31.213
Rel-13

The DATE concept became critically important with the standardization of the eUICC (embedded UICC) architecture. While the eUICC introduced new identifiers like the Profile Identifier (Profile ID), the DATE remained relevant for application-level management within a profile, especially for non-telecom applications co-residing on the secure element.

TS 31.122TS 31.213
Rel-99

Introduced the Device Application Tag concept within the USIM Application Toolkit framework. Defined its role as a reference for managing applications via OTA commands. Established the foundational architecture for secure remote application management, enabling operators to install and manage value-added services on the UICC.

TS 31.122TS 31.213

Defining Specifications

SpecificationTitle
TS 31.122 3GPP TR 31.122
TS 31.213 3GPP TR 31.213