Цитирую Smart Card Handbook: Fourth Edition Wolfgang Rankl and Wolfgang Effing... http://www.spooch.dk/Ebooks/IT%20Various/Smart%20Card%20Handbook,%204th%20Edition.pdf
[ZX]
19.7 MICROBROWSERS The World Wide Web undoubtedly owes a significant portion of its success to the web browsers. They made it possible to view content in the form of hypertext documents stored on remote servers, navigate among these documents, and run program code embedded in these hypertext documents without undesirable side effects in the client computer, all without requiring the installation of computer-specific software. Browsers with simple structures that need only a small amount of memory and processing power are often called microbrowsers. Generally speaking, these browsers cannot run program code embedded in hypertext documents, and they are adapted to a specific target system with regard to memory usage and the necessary processing power. A microbrowser is an extension of the associated smart card operating system. SIM-based microbrowsers were first announced for the GSM environment in 1998 by Across Wireless, which is now called Smarttrust [Smarttrust]. These microbrowsers can interpret a WML dialect optimized for SIMs and USIMs, and they support the addition of supplementary functions, such as generating digital signatures using the RSA algorithm, by means of downloadable plug-ins. The program code size of a typical microbrowser lies in the range of 30 to 50 KB. although plug-ins for various supplementary functions can easily add another 20 KB of program code. The size of the working buffer in RAM is typically 1 to 2 KB. Table 19.16 shows an example of a simple WML application. Table 19.16 An example of a simple WML application. The WML document, which is located on a server, is converted into a 20-byte WML bytecode that is packaged in a text message and sent to the microbrowser in the SIM or USIM. The microbrowser interprets the WML bytecode and uses the SIM Application Toolkit DISPLAY TEXT command to show the message ‘Hello World’ on the display of the mobile equipment<?xml version="1.0" WML version and character encoding specification encoding="ISO-8859-1"?> <wml> Start of the WML document <card> Start of a new card Hello World Message to be displayed </card> End of the card </wml> End of the WML document ’00 12 02 0C 48 65 6C 6C 6F 20’ WML bytecode equivalent of the WML document ’57 6F 72 6C 64 20 06 00 06 00’In 1999, Gemplus, Giesecke & Devrient, ORGA and Schlumberger founded the SIM Alliance [SIM Alliance] consortium with the objective of enabling mobile telephones without WAP capability to also use the services developed for WAP. At that time, this was a very attractive option because the market penetration of WAP-enabled mobile telephones was low. To provide the capability, the SIM or USIM must have a microbrowser called the S@T browser that supports the SIM Alliance specification, while the mobile telephone only needs to support GSM Phase 2+. This gives the SIM or USIM enough control over the mobile equipment via the SIM Application Toolkit to allow part of the WML content and certain WML functions to be reproduced. Security is an important consideration with microbrowsers, and it involves various parts of the overall system as depicted in Figure 19.26. Compared with microbrowsers that run directly in the mobile equipment, microbrowsers that run in a SIM or USIM have the major advantage of operating in a secure environment. It is entirely conceivable that many of the functions of a browser that runs in the mobile equipment could be manipulated in a manner that would make both the processor and the memory accessible for manipulation. By contrast, a microbrowser that runs in a SIM or USIM is fully integrated into the smart card and can take advantage of all protective mechanisms available to the smart card. This makes it possible to establish a fully secure end-to-end link at the application level between an application on the application server and the SIM or USIM. This is not possible with a browser that runs in the mobile equipment. The WIB browser and the S@T browser are both proprietary browsers that do not originate from a standardization body. They are also mutually incompatible. ETSI published the first version of the specification for the USIM Application Toolkit Interpreter (USAT Interpreter) at the end of 2000. However, the USAT Interpreter was unable to establish a market presence with network operators in competition with the WIB and S@T browsers because it did not offer any significant new functionality and the other two browsers had already achieved a high level of market penetration. It is generally necessary to have an online system available, such as GSM or UMTS, in order to use a microbrowser in a smart card. The contents to be displayed or executed are located on an application server belonging to the content provider. This server is linked to a gateway server by the usual Internet protocols and cryptographic mechanisms for secure communication, such as SSL and TSL, which ensure suitable communication security for accessing the application server. In case of communication with the SIM or USIM via the SMS channel, the gateway server is linked to a short message service center (SMSC). The data to be sent to the SIM or USIM is reformatted into suitable TS 43.048-data packets, and the necessary cryptographic features for secure communication are added to the data. The data packets are then sent transparently to the SIM or USIM via the GSM system in the form of text messages. The SIM or USIM recognizes that these messages contain TS 43.048 data packets, and it decodes the data accordingly and reconstructs the original message from several text messages as necessary. If no errors occur in this process, the result is sent to the microbrowser in the SIM or USIM, which interprets the message and executes the corresponding SIM Application Toolkit commands. After this, a response may optionally be generated and returned to the application server using the reverse sequence. In some cases the microbrowser does not receive its messages in the form of online content from an application server connected via the network, but instead in the form of XML bytecode stored in a file in the SIM or USIM. This offline content provides an elegant means to store frequently used applications locally for rapid access, while at the same time reducing the network load. However, a drawback of this approach is that these locally stored applications must be explicitly updated by the background system. As illustrated in Figure 19.27, the main advantage of applications located on a central server is that it is not necessary to update applications on individual cards.