Device Application Tag

Description

The Device Application Tag (DATE) is a fundamental component within the 3GPP security architecture, specifically defined for UICC (Universal Integrated Circuit Card) and USIM (Universal Subscriber Identity Module) applications. It serves as a unique identifier for an application instance residing on the secure element. The DATE is a structured data element, typically an octet string, defined within the specifications for USIM and Toolkit application management (TS 31.111). Its primary role is to be referenced in secure commands, such as those used for OTA (Over-The-Air) platform management, to precisely target a specific application for operations like installation, personalization, activation, or deletion.

Architecturally, the DATE operates within the secure environment of the UICC, which hosts the USIM application and other optional applications (like an ISIM for IMS). When a network operator or service provider needs to manage an application remotely, the management command (e.g., a REFRESH, DELETE, or ACTIVATE command) includes the DATE of the target application. The UICC's operating system uses this tag to locate the correct application data and execute the commanded operation. This mechanism is integral to the Secure Channel protocols used in OTA management, ensuring that commands are authenticated and authorized for the specific application.

Key components involved include the OTA platform on the network side, which generates and sends secure commands, and the UICC's Card Manager or Security Domain, which receives and interprets these commands. The DATE is a critical parameter within the command structure. Its value is assigned during the application's installation or personalization phase, often derived from the Application Identifier (AID) or assigned by the application provider. The uniqueness of the DATE within a given UICC context is essential to prevent command ambiguity and ensure secure, reliable application lifecycle management.

The DATE's role extends beyond simple identification; it is a cornerstone for secure service provisioning. In modern mobile networks, especially with the proliferation of eSIM and IoT, the ability to remotely manage multiple applications on a single secure element is paramount. The DATE enables this by providing a handle for the network to interact with individual applications without compromising the security of others on the same UICC. It supports features like profile management for eSIM (where each operator profile is a distinct application) and secure IoT service enablement.

Purpose & Motivation

The Device Application Tag was created to address the growing need for secure, remote management of multiple applications on a UICC. Prior to its standardization, application management was less structured, often relying on proprietary identifiers or physical card replacement. As mobile networks evolved to offer value-added services (like mobile banking, authentication apps) directly on the SIM, a standardized, secure method to identify and manage these individual software entities over the air became critical. The DATE solves the problem of unambiguous targeting in OTA commands, which is essential for security—ensuring a DELETE command, for instance, only affects the intended application and not the core USIM.

Historically, early SIM cards primarily hosted a single application: the subscriber authentication module. With the introduction of the SIM Application Toolkit (SAT/USAT), the possibility for network-provisioned applications emerged. However, managing these applications required a robust identification scheme. The DATE, introduced in 3GPP Release 99 and refined in later releases, provided this. It addressed limitations of previous ad-hoc approaches by defining a standardized tag within the 3GPP command set, ensuring interoperability between different card vendors, network operators, and OTA platforms.

The motivation was driven by commercial and technical needs: operators wanted to deploy and update services without requiring users to change physical SIMs, and application providers needed a secure lifecycle management channel. The DATE enables this by being a key parameter in the standardized Remote Application Management (RAM) and OTA protocols. Its creation was fundamental to enabling the modern eSIM ecosystem and secure element-based services, forming a bedrock for trusted application management in GSM, UMTS, LTE, and 5G networks.