Information Technology Reference
if the communication channel is secure, the authentication procedure can be
5.3.5 WAP/UMTS communication as a system of authentication
Wireless Application Protocol (WAP) consists of a set of protocols that allow
you to interface programs usually available on cable networks, with relatively
limited capabilities that a mobile phone or PDA has compared with those of a
The first standardization of the protocol was made with the WAP 1.0,
born in April 1998. Being WAP an open standard, it is imperative that
devices, services and applications have at least four requirements:
Interoperability : the terminals of different manufacturers should be
compatible with any network.
Scalability : The network operators need to integrate services and
applications with maximum flexibility.
Efficiency : the quality of service provided should be adequate to the
Safety : when required is necessary to ensure the integrity and protection
of sensitive data that can be captured by third parties.
The WAP architecture is unfortunately not completely adapted to the
security model offered by secure connections via SSL for the following two
The SSL protocol was designed for wired communications type (broad
band and a low latency time) involving the personal computer (PC) with
high computational and storage capabilities: an SSL transaction with a WAP
terminal entail considerable delays in the communication, greatly affecting
performance and cost of communications.
The WAP does not provide direct communication between the client and
the web server: between them there is always the WAP gateway that acts as a
bridge between the terminal and the mobile web server.
To solve the performance problem, a new protocol (named WTLS) has
been designed. It is suited especially for mobile terminals and takes into
account their physical limitations. This protocol ensures a good level of
security greatly reducing the overhead of SSL.
The WAP Wireless Transport Layer Security (WTLS) [Wapf] Protocol deals
with the security of the WAP architecture. This protocol is derived from
the TLS (which is based on the specifications of SSL 3.0), however, it
incorporates some new features and is also implemented to run on networks
with limited bandwidth and high latency. The WTLS is an optional protocol.