In an e-commerce application having a high security requirement, two types of methods are generally used to ensure that a password entered by a user is not acquired by another person. One is to use a SSL (i.e., Security Socket Layer) encryption channel, and another is to install encryption control in a user client.
SSL is a security protocol that constructs a secure channel between a browser and a web server for conducting data transmission. Operating on top of a TCP/IP layer but beneath an application layer, SSL provides a data encryption channel for an application program. By employing encryption algorithms such as RC4, MD5, and RSA, and using 40-bit encryption key, SSL is made suitable for encryption of business information.
However, if a user client is a mobile device such as a mobile phone, certain limitations exist in the above two methods. For example, various types of smart operating systems exist in existing mobile phones. Whether it is an SSL encryption channel or an encryption control that is installed, it needs to be designed according to different operating systems of the mobile phones, unavoidably resulting in increased cost. Moreover, many existing non-smart mobile phones do not have the capabilities to support operations of an SSL encryption channel or a security control. Therefore, many mobile handheld devices either fail to implement common encryption algorithms, or fail to install security control on browsers.
For foregoing reasons, existing technologies that transmit information using mobile phones that cannot install proper security controls or cannot implement encryption algorithms have poor security. As a result, e-commerce applications that involve transmitting security information such as user password may find that the security requirement is not satisfied when using mobile devices. This hinders e-commerce applications in fields of mobile handheld devices such as mobile phones.