1. Field of the Invention
The present invention relates to a Wireless Application Protocol (WAP), and more particularly, to a security protocol structure for providing an effective security function in an application layer.
2. Background of the Related Art
A Wireless Application Protocol (WAP) is a communication protocol for effectively using contents, such as the internet, from a wireless terminal, such as a mobile telephone. The WAP is a standard protocol for executing value-added communication services by using a mobile communication network by a mobile communication service provider, information provider, and terminal manufacturer, and was established by Erickson, Motorola, Nokia, Unwire Planet, etc. in June, 1997.
The security for data transmitted using the WAP standard is, as illustrated in FIG. 1, provided only in a Wireless Transport Layer Security (WTLS) 23. The WTLS is the next layer up from a Wireless Datagram Protocol (WDP) 22, which is a transport layer 12.
The WTLS protocol is a security protocol based on a Transport Layer Security (TLS) Protocol that is the industry standard. The TLS is called as a Secured Socket Layer (SSL), which is optimized for a low bandwidth network having a relatively long time delay. The WTLS 23 provides the following functions.
First, the WTLS 23 has a data integrity function of verifying that data transmitted between a client (terminal) and a server has not been changed or corrupted.
Second, the WTLS 23 has a data security function of not allowing the contents of data transmitted between a client and a server to be interpreted even if the data is intercepted.
Third, the WTLS 23 provides an authentication function between a client and a server.
FIG. 2 illustrates a handshake process in the WTLS protocol 23. As illustrated in FIG. 2, a client and a server agree upon algorithms and exchange random values by exchanging hello messages, and then exchange cryptographic parameters necessary to agree upon a pre-master secret. Then, the client and server generate a master secret from the random values exchanged using the pre-master secret, and thereafter provide security parameters to a record layer in a1 and b1. Thus, the client and server verify that they have computed the same security parameters, and the handshake is achieved without intervention of an intruder in c1 and d1.
The related art WTLS has various problems. For example, since the WTLS 23 provides data security at a layer right above the transport layer 12, it does not provide any data security in an application layer 16. Specifically, the current WAP standard does not define the functions of data integrity, data security, and user authentication at all. Hence, a specific unit must be defined in order to provide data security in the application layer.
In addition, the memory capacity and/or a CPU processing power of the current terminal is inappropriate to deal with user authentication using a certificate or public/private key generation operation that the WTLS deals with, and the protocol format proposed by the WTLS is complicated. Thus, the overload in data generation and decryption can never be ignored.
The above references are incorporated by reference herein where appropriate for appropriate teachings of additional or alternative details, features and/or technical background.