Personal Identification Number

Description

The Personal Identification Number (PIN) is a core security concept in 3GPP systems, serving as a secret numeric code used for authentication and access control. Primarily, it is associated with the Subscriber Identity Module (SIM) or Universal SIM (USIM) card inserted into a mobile device. The PIN locks the SIM/USIM itself; if enabled, the user must enter the correct PIN to unlock the card and allow the mobile equipment to access the network services stored on it. This prevents unauthorized use of the SIM if the device is lost or stolen. There are typically two PINs: PIN1 (the standard PIN) and PIN2 (used for certain advanced functions like fixed dialing numbers). The PIN is stored securely on the SIM/USIM and is verified locally by the card; it is not transmitted over the network, enhancing security. Beyond SIM locking, PIN concepts extend to service access, such as PIN authentication for value-added services or as part of two-factor authentication schemes. The management of PINs includes capabilities to enable/disable PIN checking, change the PIN, and handle PIN unblocking using a PUK (PIN Unblocking Key) if the PIN is entered incorrectly too many times. Architecturally, the PIN verification is handled between the Mobile Equipment (ME) and the SIM/USIM via standardized commands (e.g., ENTER PIN). The network operator can set initial PIN values and PUKs. PINs are a critical element in the 3GPP security framework, protecting subscriber identity and subscription data at the physical card level.

Purpose & Motivation

The PIN was introduced from the earliest GSM releases (Rel-2) to address the fundamental security problem of protecting the physical SIM card and the subscriber's identity. Without a PIN, a SIM card could be used freely in any device, leading to fraud and unauthorized access to network services. The PIN provides a simple, user-managed layer of protection for the subscription. It solves the issue of device theft or loss by ensuring the SIM itself is locked. Over releases, the PIN concept evolved to support more complex services and management capabilities, reflecting its role as a basic but vital authentication element. Its persistence across all releases underscores its enduring importance in mobile security, even as more advanced authentication like biometrics emerge. The extensive list of specifications referencing PIN highlights its integration into subscription management, service access, device management, and security procedures.

Key Features

• Authentication for SIM/USIM card unlocking
• Local verification on the SIM without network transmission
• Two types: PIN1 for general access, PIN2 for specific functions
• Associated PIN Unblocking Key (PUK) for recovery after lockout
• User-configurable enable/disable and change procedures
• Integration into broader subscription and service security frameworks

Evolution Across Releases

Defining Specifications