It is desirable when sending sensitive information over a network to keep the information secret. For example, a user may be required to send his/her credit card information over the Internet in order to effect an online purchase. In order to ensure that such sensitive information is kept secret from potential eavesdroppers, the transmission control protocol (TCP/IP) suite on which the World Wide Web (WWW) is based includes secure protocols. For example, the Transport Layer in the TCP/IP suite includes the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocols which have been designed specifically to achieve true end-to-end security. Briefly, the way these protocols work is to establish an encryption key which is shared between a user device and a remote secure server on the network. The process of establishing the shared encryption key is known as handshaking. All subsequent data transfer between the user device and the remote secure server are encrypted, both the user device and the secure server being able to decrypt the communications using the shared encryption key.
A special case occurs when a proxy server resides between the user device and the remote secure server. In this case, in order to achieve true end-to-end security, the proxy server must connect the user device to the remote secure server in order for handshaking to take place, at the end of which a shared encryption key is established between the user device and the remote secure server. This encryption key must remain unknown to the proxy server to maintain true end-to-end security.
In order to handle this special case, HyperText Transfer Protocol (HTTP), which is the primary protocol of the WWW, has a special method known as CONNECT. This method is used by a user device to instruct a proxy server to establish a connection with a remote server so that handshaking between the user device and the remote server can take place. At the end of the handshaking a shared encryption key is established between the user device and the remote secure server. Thereafter, all subsequent communications between the user device and the remote secure server are encrypted and sent to the proxy server which then acts only as a data relay between the user device and the remote secure server. This is known as tunneling through the proxy. As the proxy server does not know the encryption key, it cannot examine the data in the communications.
Many wireless devices make use of the Wireless Application Protocol (WAP) instead of the TCP/IP Protocol. The WAP protocol supports the Wireless Session Protocol (WSP) which does not have a method equivalent to the CONNECT method described above. Thus, tunneling through a proxy server in order to achieve true end-to-end secure communication between a wireless device, for example, mobile telephones, personal digital assistants (PDA's), personal information managers (PIM's), and pagers to reach a remote secure server remains a problem.