How a SIM browser works

A SIM browser is basically a lightweight browser loaded onto a mobile phones SIM card. It basically renders a form of xml on the phone and allows for communication to a SIM browser gateway. There are to leading suppliers of SIM browser platforms. Gemalto with their S@T Platform and Smarttrust with their WIG platform. Both of these platforms working in a similar way although the format of the xml differs.

The xml is either loaded onto and stored on the SIM card or it can be dynamically downloaded on request. The nice thing about the way the xml is rendered is that it is rendered at the SIM level so it communicates to the mobile phone itself through the same protocol that is used for the other phone specific features. What this means is that the menus and prompts are consistent which the other menus and prompts on the phone.

Communication to the gateway is via SMS, but the SIM browser controls the communication. In the xml an http url is configured and the SIM browser packs this request up into SMS messages and sends them to the gateway. The gateway then unpacks the SMS messages and forwards it onto the application server. The application server would then respond with some xml, which is converted to byte code and packed into SMS messages on the gateway. These SMS messages and then sent to the phone where the SIM browser unpacks the SMS messages and renders the response to the user.

Since the SIM browser runs on the SIM card it has access to the 3DES security plugins on the SIM card and can encrypt data such as passwords or perform generate MAC values to check message integrity. A Security server can also be used on the gateway to perform password translations before passing the password into another security zone.