SCWS

Smart Card Web Server

Services
Introduced in Rel-8
A web server running on a UICC (SIM card) that enables secure over-the-air (OTA) provisioning and management of applications and data. It allows network operators and service providers to interact directly with the UICC via HTTP/HTTPS, facilitating dynamic service delivery.

Description

The Smart Card Web Server (SCWS) is a functional component embedded within a UICC (Universal Integrated Circuit Card), such as a SIM, USIM, or ISIM. It implements a lightweight HTTP/HTTPS server stack, allowing the UICC to host web pages and applications. External entities, like a mobile handset's browser (acting as an HTTP client) or a remote OTA (Over-The-Air) platform, can establish a secure connection to the SCWS using standard web protocols. Communication typically occurs via the Bearer Independent Protocol (BIP), which provides a data channel between the terminal and the UICC. The SCWS manages a local file system on the UICC containing web resources (HTML, images, scripts) and can execute server-side logic (e.g., via S@T, Javacard). This enables interactive user interfaces served directly from the SIM card, accessible from the mobile device's browser. For remote OTA management, a dedicated OTA platform can connect to the SCWS using HTTPS to install, update, or delete applications and files on the UICC securely. The SCWS acts as a gateway, interpreting HTTP requests, accessing the UICC's file system or applets, and returning appropriate HTTP responses, thus bridging web technology with the secure, tamper-resistant environment of the smart card.

Purpose & Motivation

The SCWS was developed to modernize and simplify the management of applications and services on UICCs. Prior to SCWS, OTA provisioning often relied on proprietary, binary SMS-based protocols which were complex and limited in functionality. The growth of mobile data services and the need for dynamic service provisioning required a more flexible, standardized approach. By embedding a web server in the UICC, SCWS leverages ubiquitous web standards (HTTP/HTTPS) to create a universal interface for service management. This allows operators to deploy and update value-added services (like mobile banking, loyalty programs, or secure storage) remotely without requiring physical card replacement. It also enables the creation of rich, browser-accessible interfaces hosted directly on the secure element, enhancing user experience and security for SIM-based applications. Its introduction in 3GPP Release 8 was a key step in transforming the UICC from a static authentication module into a dynamic service delivery platform.

Key Features

  • HTTP/HTTPS server embedded within a UICC (SIM/USIM/ISIM)
  • Enables remote OTA management of UICC applications and files via web protocols
  • Hosts web pages and applications locally on the smart card
  • Uses Bearer Independent Protocol (BIP) for data transport between terminal and UICC
  • Provides a secure, standardized interface for service provisioning
  • Facilitates user interaction via a handset browser accessing card-hosted content

Evolution Across Releases

Rel-8 Initial

SCWS was initially introduced, defining the core architecture of a web server on the UICC. It specified the HTTP/HTTPS server functionality, the use of BIP for transport, and the framework for OTA management and local service access, establishing the foundation for web-based UICC interaction.

TS 31.220

Defining Specifications

SpecificationTitle
TS 31.220 3GPP TR 31.220