WAP (Wireless Application Protocol) servers, offering WAP-based services, are already known. Especially, WAP-based services in the field of e-commerce and of financial institutes are available.
Such services demand a secured transmission of the packets between the end-user and the server of the service provider. The usual solution recommended by the WAP forum makes use of the WTLS (Wireless Transport Layer Security) protocol layer; this method can, however, only be used to secure the packet transmission between the terminal and the gateway (possibly administered by a mobile network operator). In this gateway, a conversion of the protocol to the security protocol SSL 3.1 or to the TLS 1.0 is effected.
The principle of a data transmission secured by this method is shown schematically in FIG. 2. Reference number 1 shows a WAP-enabled terminal, for example a WAP-enabled GSM (Global System for Mobile Communication) mobile phone, that can connect over a digital mobile communication network 2 to a gateway administrated by the operator of this network. The terminal 1 contains a browser. Number 5 shows a server of a service provider, for example a financial institute or a provider in the field of e-commerce. This server can access a database 51 where WEB and/or WAP pages are stored. The WEB or WAP pages can contain for example HTML, WML, JAVA-script, WML-script, etc. documents.
In order to access a WEB and/or WAP page in database 51, a user of terminal 1 has to send a request secured by WTLS services through the gateway 3 to server 5. This request is decrypted in gateway 3 through all the protocol layers of a converter module, then it is converted into a TLS or SSL-secured request that is sent over a TCP/IP network 4 to the server 5. In server 5, another converter module may be provided for converting this request into its own format that can be understood by the database administration system 51. The answer of server 5, for example the contents of a WEB and/or WAP page, is conveyed in the other direction through gateway 3, where it is converted, to the terminal 1.
This method does not allow for real end-to-end encryption; data and packets need to be decrypted and re-encrypted in gateway 3 to effect is the protocol conversion. For many applications, such a security breach is however not acceptable.
One aim of the present invention is to propose a newer, more secure means of data transfer between a terminal and a WEB or WAP server.
Another aim is to propose a new method that allows end-to-end secured connection between a WAP-enabled terminal and a WEB or WAP server.
Another aim is to provide a new method that can be used with any WAP-enabled terminal using WTLS, specifically with terminals employing an authenticating of service based on a RSA key, on X.509v3 certificates, on RC5 or other security protocols according to WAP or WTLS or further digital certificates, respectively.