STK (SIM Application Toolkit)

A good overall slide-show of how a toolkit can be applied is here.

http://www.slideshare.net/Murali007/sim-application-toolkit-11121878

And Wikipedia:

http://en.wikipedia.org/wiki/SIM_Application_Toolkit

So first of all "STK" and "SIM Application Toolkit" mean the same thing. So we can assume that STK stands for S(IM) T(ool)K(it).

So in a nutshell, it is a SIM card with extra functionality, in particular for our purposes, the ability to support mobile banking, particularly through robust authentication and security features.

Definiton of SIM (card) (only) From Wikipedia:

http://en.wikipedia.org/wiki/Subscriber_identity_module

A subscriber identity module or subscriber identification module (SIM) is an integrated circuit hat is intended to securely store the international mobile subscriber identity (IMSI) and the related key used to identify and authenticate subscribers on mobile telephony devices (such as mobile phones and computers).

You likely just think of your SIM card as being the way you switch back and forth between different smart phone phone numbers. But it can contain a lot more features.

The basic things all SIM cards usually hold are:

User identity
Location and phone number
Network authorization data (what allows you to use O2 for example, and it authenticates that it is indeed you)
Personal security keys
Contact lists (so your contacts can switch from one phone to another by switching your SIM card)
Text messages (so smss for example can "travel" with your SIM card from one physical phone to another)

Here are some examples of the extra features a hypothetical STK SIM Application Toolkit might offer, depending on the telecoms provider, or in our case banking provider:

Example 1: Telecommunications provider Vodaphone, Austira's menu from the STK looks like this:

STK iPhone so it must do general "value added" things as seen above, but nothing particularly special; indeed nothing that access to the internet would not provide; never-the-less, the SIM itself supplies these things.

Example 2 - An actual SIM card supplier "Tele-pak", who wholesale sells custom made SIM toolkits to service providers such as Vodaphone etc., so listed here are more technically specific possible capabilities of the SIMs they can supply Vodaphone, O2, T-Mobile etc.:

http://www.tele-pak.com/plastic-cards/stkcards.html
The STK (SIM Toolkit) card is a SIM (Subscriber Identity Module) card for GSM networks. Aside from supporting all standard functions of a Phase2+ STK card, this product has a variety of exciting features and capabilities. These features and capabilities include support for all versions of the COMP-128 authentication algorithm on both GSM900/1800 networks, data security, speed enhancement, anti-cloning mechanisms.
Being feature-rich, the STK (SIM Toolkit) card can be used any GSM operator to deploy a host of applications and value-added services for their subscribers via the SIM card.

Functional Description:
STK card complies with the following international standards and requirements:
ISO/IEC 7816-1:1987,7816-2:1988,7816-3:1989
GSM 11.11 version 8.3.0 (Release 1999)
GSM 11.12 version 4.3.1 (Release 1998)
GSM 11.14 version 8.3.0 (Release 1999)
GSM 03.48 version 8.5.0 (Release 1999)

STK card can be customized to meet our customer's requirements and also supports the following:
All GSM Phase 2+ STK card functions and RFM (Remote File Management). Also capable of a variety of IOD (Information On Demand) and common STK VAS (Value Added Services)
Special applications like Super Phonebook, Group SMS sending, Multi-IMSI, Enhanced ADN, Personalized STK Menu, Mobile-banking etc.
Authentication algorithms like COMP128-V1, V2, V3, V0 (see note) and XOR. Proprietary algorithms defined by the operator can also be provisioned into the card 's unique cardACS (see note) security technology, authentication counter, anti-cloning and cloning detection features.
These features cause extreme difficulty for hacking by cloning tools.
Various popular encryption algorithms and data integrity mechanisms like DES, 3DES, PBOC and MAC etc.
Widespread compatibility with various with handsets of different brand

Main JSR Points:

There are two main purposes of the STK toolkit, then, for mobile banking. One is increased security and authentication. (See examples of specific protocols and abilities in the grey "Tele-pak" SIM offering above.

The second main purposes of the STK for mobile banking is to allow the SIM to interact with the mobile phone. It - specifically designed for a banking application - will have to use functionality of the phone to do it's job of making financial transactions. The SIM itself, issued by the bank, cannot do things such as send messages, for example, rather the Android or iOS operating system in conjunction with the phone do this. But the STK toolkit informs the phone and phone OS what it needs done and when to effect the banking transaction.

And Case Study Direction to take this:

But, anyway, the idea with the Case Study angle on this, is that our job, as "Michael, Head of IT for the bank" is to develop a specific toolkit for mobile banking in the developing country. So ours should include the ability to do what? (that's Challenge # 2 - and focused on the user interface):

So

sadfsdf

asdfsadf

asdfasdf

asdfasdfasdf

and

asdsadffads