Description
The Universal Subscriber Identity Module Application Toolkit (USAT) is a comprehensive framework, standardized by 3GPP and ETSI, that turns a traditional SIM card into a secure, programmable platform capable of hosting and executing applications. It is essentially the application layer that runs on top of the underlying UICC (Universal Integrated Circuit Card) hardware and USIM (Universal Subscriber Identity Module) logical structure. USAT defines a set of commands, procedures, and an execution environment that allows applets—small applications written in Java Card or Native code—to interact with the mobile device (the Terminal Equipment or ME) and, through it, with the mobile network and external services. The architecture is based on a proactive model: the USAT application on the UICC can send "Proactive Commands" to the ME. These commands instruct the ME to perform actions such as displaying text menus, playing tones, setting up calls, sending Short Message Service (SMS) messages, or providing location information. The ME executes the command and sends a "Terminal Response" back to the UICC with the result. This interaction is managed through the ETSI-defined "AT" command interface. Key components include the USAT Interpreter for processing commands, the File System for storing applets and data, and the Security Domain for managing cryptographic keys and secure channel protocols like OTA (Over-The-Air) for remote application management. USAT enables services like SIM Toolkit (STK) menus for banking or info services, OTA provisioning of device settings (e.g., internet access points), and is the foundation for more advanced secure elements used in mobile financial services (e.g., NFC payments via SIM). It provides a trusted, tamper-resistant environment isolated from the phone's main operating system, which is crucial for security-sensitive operations.
Purpose & Motivation
USAT was developed to unlock the potential of the SIM card beyond its original purpose of subscriber authentication and storage of network parameters. In the early days of GSM, the SIM was a relatively static component. USAT, evolving from the earlier SIM Application Toolkit (SAT), was created to provide a standardized, vendor-independent platform for mobile network operators to deploy and manage value-added services directly from the secure SIM card. This solved several problems: it gave operators control over service delivery independent of handset manufacturers, provided a ubiquitous secure execution environment across all compliant phones, and enabled services that required a high level of trust, such as mobile banking. Before USAT, introducing new features often required handset firmware updates or proprietary solutions, which were slow and fragmented. USAT established a universal ecosystem where operators could write an application once and deploy it OTA to millions of subscribers' SIMs, knowing it would work on any compliant device. This motivated the creation of a wide range of services, from simple info menus to complex payment and identity applications, establishing the SIM as a key platform for mobile commerce and secure services in the 2G/3G/4G eras, a role that continues to evolve with embedded SIM (eSIM) and IoT applications.
Classification
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (51 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.
In Release 15, the USAT (USIM Application Toolkit) function was enhanced to support 5G System (5GS) operations, including updates for 5G call control and PDU session support. Key introductions were new AT-commands for application-level measurement reporting and the ability for the USIM to configure 5G-specific parameters like the UAC Access Identities. Furthermore, the release updated several UICC Toolkit events and objects, such as the Bearer object and Location Information, to accommodate NG-RAN cell identities and 5GS data connection statuses.
- AT-commands for application level measurement reporting TS 27.007CR0524
- Applicability for Session start and stop for MMTEL and SMSoverIP applications, +CSCM, for 5G TS 27.007CR0553
- Applicability for Application Start and Stop indication for applications other than MMTEL and SMSoverIP, +CACDC, for 5G TS 27.007CR0554
- Completion of AT-commands for application level measurement reporting TS 27.007CR0589
- Introduce an EF that contains 5G UAC Access Identity Information TS 31.102CR0780
- USIM Service Table update for PDU session call control support TS 31.102CR0786
+ 15 more changes
In Release 16, the USAT function was enhanced to allow the USIM to store and configure several new network policy lists, including the URSP rules, a PS Data Off list for home and roaming, and lists for Trusted non-3GPP access networks and RLOS PLMN configurations. It also introduced support for a dedicated AID for USIM applications using non-IMSI based SUPI types and specified storage for a separate KSEAF key for non-3GPP access. Furthermore, the release included clarifications and corrections to existing USIM file reading procedures and data formatting.
- Support for USIM configuration of RLOS PLMN list TS 31.102CR0847
- URSP storage in USIM TS 31.102CR0861
- Specify storage for a potentially separate KSEAF for non-3gpp access on the USIM TS 31.102CR0864
- USIM configuration of RLOS allowed MCC list TS 31.102CR0881
- Support for Trusted non-3GPP access networks list by USIM TS 31.102CR0891
- Dedicated AID for USIM Applications with non-IMSI based SUPI Types TS 31.102CR0897
+ 4 more changes
In Release 17, the USAT function was enhanced with new USIM files to store pre-configured Closed Access Group (CAG) information and parameters for disaster roaming, including wait ranges and applicability indicators. It also introduced support for storing 5G Non-Seamless WLAN Offload (NSWO) configuration, eDRX parameters for NG-RAN, and the capability to indicate whether disaster roaming is enabled in the UE. Furthermore, the release added a procedure for updating 5G NSWO configuration in the USIM and provided toolkit support for CAG cell selection.
- Introduce a USIM file to store pre-configured CAG information list TS 31.102CR0904
- SOR-CMCI storage in USIM TS 31.102CR0917
- Addition of USIM files for the indication of whether disaster roaming is enabled in the UE, disaster roaming wait range, disaster return wait range and applicability indicator for disaster roaming PLMNs list provided by VPLMN. TS 31.102CR0938
- Adding eDRX parameters in the USIM for NG-RAN TS 31.102CR0943
- 5G NSWO (Non-Seamless WLAN Offload) configuration support in the USIM compromised proposal. TS 31.102CR0946
- Support of 'No E-UTRA Disabling In 5GS' in USIM TS 31.102CR0947
+ 5 more changes
In Release 18, the USAT function was enhanced with new storage capabilities on the USIM, including the addition of an Elementary File (EF) for Access Control to GBA_U_APIs and an EF for IMS Data Channel configuration. The release also introduced corrections and clarifications for toolkit commands related to Closed Subscriber Group (CSG) and CAG operations, such as the GET IDENTITY procedure and CAG-ID handling.
- 5G Security Parameters extended storage on USIM (Mandating Service n°133 to be enabled when Service n°123 is enabled) Rel18. TS 31.102CR1014
- Add EF of Access Control to GBA_U_APIs to the USIM TS 31.102CR1007
- Add EF of IMS Data Channel configuration to the USIM TS 31.102CR1006
- Correction of GET IDENTITY in case of incorrect configuration TS 31.102CR1030
- Clarification of NID coding in the response data of GET IDENTITY TS 31.102CR1040
- CAG-ID corrections essential to support CAG toolkit Rel 18 (preferred Solution 1) TS 31.111CR0796
+ 2 more changes
In Release 19, a key enhancement for USAT was the introduction of backward compatibility handling for the USIM when it lacks extended security parameter storage, specifically within the EF_5GAuthKeys file. This update ensures that USIM applications without this enhanced storage capability can still function correctly within the system. The change addresses interoperability by defining procedures for scenarios where the necessary security parameters are not present on the card.
- Backward compatibility handling of USIM without extended security parameter storage in EF_5GAuthKeys - Rel19 TS 31.102CR1074
Explore further
Broader topics and technologies where USAT plays a role.
Defining Specifications
3GPP specifications that define or reference USAT, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TR 21.905 vj00 | 3GPP Technical Terms and Definitions | Rel-19 |
| TS 22.038 vj00 | USIM Application Toolkit (USAT) Stage 1 | Rel-19 |
| TS 22.112 v1800 | USAT Gateway System Specification | Rel-8 |
| TS 22.121 v1400 | Virtual Home Environment Requirements | Rel-5 |
| TS 23.127 v1600 | Virtual Home Environment Stage 2 Specification | Rel-6 |
| TS 24.229 vj50 | IMS call control protocol based on SIP and SDP | Rel-19 |
| TS 27.007 vj40 | AT Command Set for UE | Rel-19 |
| TS 31.102 vj40 | USIM Application Specification | Rel-19 |
| TS 31.111 vj30 | USIM Application Toolkit (USAT) Specification | Rel-19 |
| TS 31.112 v1800 | USAT Interpreter System Architecture | Rel-8 |
| TS 31.113 v1800 | USAT Interpreter Byte Code Specification | Rel-8 |
| TS 31.114 v1800 | USAT Interpreter Transmission Protocol | Rel-8 |
| TS 31.117 vj10 | USIM Application Toolkit Test for Non-Removable UICC | Rel-19 |
| TR 31.901 ve00 | USIM/ISIM/USAT Feature Review Study | Rel-14 |
| TS 32.102 vj00 | Telecom Management Physical Architecture Framework | Rel-19 |