WAP Security (WTLS)
The Wireless Application Protocol (WAP) is the most popular wireless data technology in use today. As you might expect, it has its own security mechanism, named Wireless Transport Layer Security (WTLS). WTLS is a wireless relative of the more common SSL mechanism used by all major web browsers. WTLS resembles SSL in that both rely on certificates on the client and server to verify the identity of the participants involved. While SSL implementations generally rely on RSA encryption, WTLS supports RSA, Diffie-Hellman, and Elliptic Curve encryption. WTLS also doesn't provide for end-to-end security due to WAP's current architecture and limitations of server-side Transport Layer Security (another name for SSL). While WAP clients can securely exchange data with a WAP gateway using WTLS, the gateway must open an SSL session with a back-end server in order to complete the transaction. Due to this requirement, WAP 1.x suffered a serious security setback after it was revealed that data could be accessed, unencrypted, for a brief moment at the point where the WAP gateway passed data off to the back-end server ( http://news.zdnet.co.uk/story/0,,t298-s2092470,00.html). The WAP Forum has addressed this issue in WAP 2.0, offering end-to-end security for the first time to WAP developers.