Description
The IMS Subscriber Identity Module (ISIM) is a specialized software application residing on a Universal Integrated Circuit Card (UICC), commonly known as a SIM card. It is distinct from the classic SIM application used for cellular network access (CS domain) and the USIM application for 3G/4G packet access (PS domain). The ISIM application is dedicated exclusively to the IP Multimedia Subsystem (IMS), which provides multimedia services like Voice over LTE (VoLTE), video calls, and instant messaging over the mobile packet core.
Architecturally, the ISIM contains a set of securely stored files and parameters essential for IMS registration and service invocation. The most critical data is the IMS Private User Identity (IMPI), a unique global identifier for the subscriber in the IMS realm (often formatted like a NAI, e.g., [email protected]). It also stores the corresponding IMS Public User Identity (IMPU), which is the address used for communication (e.g., a SIP URI). Furthermore, the ISIM holds long-term authentication credentials: a shared secret key and the associated authentication algorithm parameters. These credentials are used in the IMS Authentication and Key Agreement (IMS AKA) procedure.
When a user wishes to access IMS services, the mobile device's IMS client reads the necessary identities from the ISIM. During registration, the device and the network perform the IMS AKA protocol. The device uses the secret key from the ISIM to compute a response to a challenge from the network. This process authenticates the subscriber to the IMS network and establishes secure session keys for protecting SIP signaling. The ISIM thus acts as the root-of-trust for IMS access, analogous to how USIM authenticates the user to the packet core network.
The ISIM application interoperates with other applications on the same UICC. A device may use the USIM for accessing the LTE/5G network (for bearer connectivity) and the ISIM simultaneously for accessing IMS services over that bearer. This separation allows for independent management of credentials and services. The ISIM's role is foundational for IMS security and service portability, as the subscriber's IMS identity and credentials are physically stored on a portable, tamper-resistant card.
Purpose & Motivation
The ISIM was created to provide a secure, portable, and standardized identity module specifically for the IMS, which is a service architecture separate from the traditional cellular access networks. Before ISIM, early IMS implementations often used soft credentials (username/password stored in the device) or attempted to derive IMS identities from cellular identities (like IMSI). These approaches had security weaknesses (soft credentials are vulnerable) or limitations in flexibility (tight coupling to cellular subscription).
A dedicated module was necessary because IMS authentication (IMS AKA) is different from the cellular network authentication (used by SIM/USIM). IMS uses SIP-based protocols and requires identities formatted as URIs or NAIs, not MSISDN or IMSI. The ISIM provides a secure hardware container for these new identity formats and the associated cryptographic keys, ensuring a high level of security equivalent to that of cellular access. It also enables service portability; a user can move their UICC to a new device and immediately have their IMS identity and services available.
Its introduction in Release 5 coincided with the initial standardization of IMS. It solved the problem of how to securely and manageably provision IMS subscriptions to end-users. By leveraging the existing UICC platform, it allowed operators to offer IMS services using a familiar, secure distribution mechanism (the SIM card). The ISIM established a clear separation of credentials, allowing a user to have independent subscriptions for cellular access and IMS services, even if provided by the same operator.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (12 CRs across 4 releases). Complements the general historical overview above with the evidence-based evolution of this function.
Studied in Rel-5, normative work from Rel-15.
In Release 15, the ISIM application was enhanced to support identity attestation and verification procedures. Furthermore, the release introduced updates to allow the ISIM to store and manage configuration data specifically for Mission Critical Services. These additions expanded the administrative and security functions of the ISIM beyond its core role of providing access to IP Multimedia Services.
In Release 16, a new capability was introduced for the ISIM function to support a UDR service for mapping an IMS Public Identity to an HSS Group ID. This mapping facilitates HSS selection within the network architecture. The enhancement provides a mechanism for administration purposes, utilizing an End-User Identity such as an IMPU to determine the appropriate HSS group.
- UDR service for mapping IMS Public Identity to HSS Group ID for HSS selection TS 23.228CR1226
In Release 18, the ISIM function was enhanced with the introduction of a new Elementary File (EF) for IMS Data Channel configuration, which did not exist in the previous release. This addition was accompanied by a subsequent update to the specification of that same EF. Furthermore, a new Elementary File for Access Control to GBA_U_APIs was also added to the ISIM application.
In Release 19, the ISIM function was enhanced to support third-party user identity information in IMS, including the procedures for its support and the mechanisms for signing and verifying this identity information. This introduced new capabilities for handling external identities within IMS authentication and signaling processes. The release also included updates to the referenced IETF standards for these signing and verification procedures.
- Support of third party user identity information in IMS TS 23.228CR1478
- Procedure for supporting of third party user identity information in IMS TS 23.228CR1524
- Signing and verification of third party user identity information in IMS TS 33.203CR0285
- Update the IETF reference to the process of signing and verifying third party user identity information TS 23.228CR1652
- KI#1: Cancel procedure for subscriber specific IMS Events TS 23.228CR1655
- Clarify the calling and called identity notified to the DCSF TS 24.186CR0045
Explore further
Broader topics and technologies where ISIM plays a role.
Defining Specifications
3GPP specifications that define or reference ISIM, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TR 21.905 vj00 | 3GPP Technical Terms and Definitions | Rel-19 |
| TR 22.944 vj00 | UE Functionality Split Scenarios and Requirements | Rel-19 |
| TR 22.980 vj00 | Network Composition Feasibility Study | Rel-19 |
| TS 23.228 vj50 | IMS Stage-2 Service Description | Rel-19 |
| TS 23.700 vk00 | XR Services Application Enablement Layer | Rel-20 |
| TS 24.167 vj00 | 3GPP IMS Management Object Specification | Rel-19 |
| TS 24.186 vj60 | IMS Data Channel applications | Rel-19 |
| TS 24.229 vj50 | IMS call control protocol based on SIP and SDP | Rel-19 |
| TS 31.103 vj00 | ISIM Application Specification | Rel-19 |
| TS 31.829 vd00 | ISIM Conformance Requirements Technical Report | Rel-13 |
| TR 31.901 ve00 | USIM/ISIM/USAT Feature Review Study | Rel-14 |
| TS 32.181 vj00 | User Data Convergence Management Framework | Rel-19 |
| TS 32.182 vj00 | UDC Common Baseline Information Model (CBIM) | Rel-19 |
| TS 32.808 v1800 | Common User Profile Storage Framework | Rel-8 |
| TS 33.141 vj00 | Security for Presence Service (Ut reference point) | Rel-19 |
| TS 33.203 vj10 | IMS Security Specification | Rel-19 |
| TS 33.812 v920 | M2M Remote Subscription Management Security | Rel-9 |
| TR 33.978 v1800 | Interim Security for Early IMS | Rel-8 |