How to turn a SIM card into a Web server

Interaction of the SIM card with the outside world

Not so long ago, I began to understand GSM - firstly, the topic itself is very interesting, and secondly, it is useful for me on duty. =)

In the course of the next search on the Internet, I came across an interesting article describing the communication interfaces of a mobile phone and a SIM card. I will not retell the article in its entirety, just note that based on it, the evolution of these interfaces includes the following main stages: GSM Phase 1 , GSM Phase 2 and the JavaCard specification for special SIM cards capable of performing heavily cropped Java Virtual Machine. At the end of the article was the following text:

PS And for the final expansion of the horizons of consciousness, look in Google for the words "How to turn SIM card into Web Server" :)
')
What I actually did. As a result, I received an amusing English-language text , the free translation of which (according to my strength and capabilities) I am going to cite below.

Technology description

Today, much of the worry about wireless Internet comes from the benefits of accessing the World Wide Web using mobile networks. Mini and WAP browsers tend to turn a mobile phone into a full-fledged portable computer (while the latter starts to retreat modestly under the onslaught of mobile platforms). At the same time, there are relatively few “reverse” thoughts - what can the mobile network offer the Web?
For secure, reliable authentication, which is a basic prerequisite for large-scale client billing, there is still no generally accepted solution. Various attempts have been made to provide the necessary technology of security on the Internet, but none of them became widespread - all approaches in practice were recognized either too unsafe or too difficult for the end user. Due to the strong similarity with a credit card, a smart card is a suitable option, but the necessary infrastructure for smart card-based solutions is too complicated and expensive to install and configure.
GSM, in turn, provides a widely used security infrastructure in the form of symmetric keys distributed to the SIM. More than 250 million subscribers ( I think the data is more than outdated ) do not part with these portable smart cards, storing them in their mobile phones. Thus, a mobile phone can be considered as such a “wireless card reader” with an additional “feature” in the form of an input / output channel for user access to applications inside the SIM.

The theme of this paper is that while the Web delivers its content to mobile phones, mobile phones can bring their reliability to the Web. The idea is to provide Web applications with GSM SIM authentication and authorization in a simple and friendly manner, such as a Web server. Servers like WebSIM, like any other, use the TCP / IP protocol and are accessible from Internet hosts via HTTP. Specific services provided by a SIM-based server, such as authentication, can be implemented on SIM using CGI scripts.

Technically, this is achieved by implementing a web server in GSM SIM and resolving HTTP requests to the SIM and HTTP responses from it. From the GSM point of view, this HTTP server provides certain parts of the existing GSM SIM application programming interface (ETSI GSM 11.11 and GSM 11.14) to the Internet. This makes communication with a SIM on a mobile phone identical to communication with any other web server on the Internet, providing transparent access to the SIM (for example, for authentication).

Having a HTTP server in the SIM, we need to connect it to the Internet. An elegant approach would be to use a mobile phone as a SIM router. And if we do not want to assign a separate IP address of the SIM, we can configure in the SIM applet to listen on port 80 on a mobile phone.
This approach, although easily integrated with technologies such as GPRS, imposes additional requirements on the mobile phone model and the creation of a new ETSI standard. Even if such a standard is agreed on time, it will take at least 2-3 years to enter the market. Therefore, a different approach was invented that can be implemented using the protocols and equipment already available today.

The difficulties listed above can be circumvented with a solution that is very often found on the Internet - a proxy server. By installing a SIM proxy on the Web, we made it possible to deliver packages using SMS directly to the SIM. Thus, we do not depend on the phone and use existing and widely used protocols and standards.

The process of communicating with a SIM through a proxy and SMS is as follows:

1. The Internet host sends an HTTP request to the SIM proxy.
2. Proxy packs the request in a specially tagged SMS and sends it to the SIM.
3. The SIM sends the incoming SMS to the corresponding handler (based on the tag).
4. The HTTP packet is retrieved and processed by the web server in the SIM.
5. The HTTP response is again packaged in SMS and sent back to the proxy.
6. The proxy extracts the HTTP response from the SMS and sends it back to the host that sent the request.

As a result, the SIM can be available to any Internet host and in addition there are additional features:

• implementation of firewall between the Internet and GSM
• protection against denial of service attacks
• NAT between the SIM Internet address and the GSM address of the mobile phone in which this SIM is located
• providing billing for WebSIM services
• eliminating the need to implement the TCP / IP stack in the SIM.

So...

This is where the general descriptions end. The article also discusses the implementation of the basic web server according to the described scheme and examples of its work. I won’t describe them (I’m just not sure how interesting this article is to anyone, because I don’t want to try in vain), I’ll just note that the applet is written in Java and is about 7 kb in size (with additional tricks it can be reduced to 5 kb) and implements the basic functionality of HTTP 1.0, which allows, if desired, to extend its functionality without a sharp increase in the size of the application.

Thanks for attention!

Question: To what extent, in your opinion, is this idea relevant today (after all, the article itself dates from the year 2000)? And personally, I don’t really understand why SMS delivery speed is not taken into account, which can be sooo small (and indeed delivery is not guaranteed) ...

PS: This article went through the sandbox, so thanks to the unknown mikeSP for an invite and be indulgent :)

PPS: Yes, and I am ready to listen to comments / suggestions!