SIM-based identity platform

Identity that lives in the SIM, not the session.

Sonimis turns the SIM already inside every subscriber's device into a tamper-resistant identity vault and a continuously verifying MFA endpoint - one that keeps working even while the handset sits idle.

01 · Why now

Session-based MFA stops the moment attention wanders.

  • GAP
    An OTP proves who unlocked the app - not who's holding the phone five minutes later. Verification is a single event, not a standing guarantee.
  • GAP
    Push-based authenticators live in the OS, and go dark the moment the device sleeps. Idle is exactly when a cloned SIM or stolen handset does its work.
  • GAP
    Operators already hold a hardware root of trust in every subscriber's pocket. The SIM is provisioned, personalised, and KYC'd - and mostly unused for this.

Sonimis doesn't add another app to trust. It activates the secure element that's already there, using the Applet layer and OTA channel operators already control - so identity assurance runs on the SIM's own clock, not the handset's attention span.

02 - The platform

One Applet, three jobs.

Secrets repository

An identity vault the OS never touches

Credentials, keys, and identity attestations are provisioned into the SIM's tamper-resistant secure element under GlobalPlatform lifecycle management. They're issued, rotated, and revoked over the air - and never exposed to the handset's operating system or app layer.

Communicative MFA

A SIM that answers back

The Applet speaks over SIM Toolkit and the OTA or built-in secured channel - independent of whatever app has focus, or whether the screen is even on. It can challenge, respond, and attest to presence on a schedule the network sets, not the user.

Continuous verification

Apps trusted at carrier level

Through the Access Rule Applet-Master (ARA-M), Sonimis extends carrier-level privileges to specific handset applications - access to telephony functions and device identity normally reserved for system software - without needing physical access to the SIM.

03 - How it works

Verification that doesn't wait for a login.

1

Network prompts

The identity server initiates a challenge over the secured channel, on its own cadence.

2

Applet wakes

The challenge rouses the Applet directly - no host app, no user interaction required.

3

Applet attests

The vaulted key signs a response, binding subscriber identity to that specific secure element.

4

Confidence updates

The network refreshes a live presence score - continuously, whether the device is active or idle.

The difference: because the loop runs at the SIM layer, it holds even when the UE is asleep and the subscriber hasn't touched the screen. Identity stops being a snapshot and becomes a signal.
04 - Who it's for

Built to license, not just to demo.

Mobile network operators

A new assurance product, on infrastructure you own

  • Deploys using commonplace methods already in use across every mobile network
  • Opens a licensable identity-assurance line for banks, enterprises, and public sector
  • Runs Applet-to-ID Provider, making it carrier-differentiated, not OS-dependent
Governments

A digital identity anchored to hardware already in the field

  • Builds on SIMs already issued and KYC'd through the carrier relationship
  • Functions offline and in low-connectivity conditions, unlike app-based ID wallets
  • Credentials are securely revocable and updatable over the air, without a physical reissue
05 - Foundation

Standards-native, not standards-adjacent.

GlobalPlatform Applet lifecycle
ETSI TS 102 223 (CAT)
3GPP TS 31.111 (USAT)
OTA / RFM / RAM secured messaging
Hardware-isolated secure element

Put identity back on hardware you already trust.

Sonimis licenses the Applet and the identity platform behind it to operators and government programmes. Get in touch to talk about your deployment.

hello@sonimis.com