Hi, I am building a WAP portal using a mix of WML+JSP+SQL. Since the access to the portal uses a login & password, is there anyway that it can be encrypted from the client side (phone) and decrypted at the server side?
I found some documentation about XML encryptions, but not WML. I was just wondering if XML encrytion methods can be applied in WML as WML is actually a subset of XML?
RE: Does WML support encryption?
In WAP versions earlier than WAP 2.0, WAP security is based on Wireless Transport Layer Security (WTLS), which is closely related, but not identical, to Secure Sockets Layer (SSL), as used extensively on the Internet. In WAP 2.0, the WAP stack is replaced with the wireless profiled TCP/IP stack, which enables the usage of Transport Layer Security (TLS).
WTLS is used to ensure privacy, integrity, and, optionally, authentication on the communication channel between the terminal and the WAP protocol gateway. WTLS is rich in features, making it possible, for example, to:
Transparently encrypt and decrypt information sent between a WAP client and a WAP gateway so that a third party cannot understand communication between the two.
Authenticate the communicating parties so that both parties can be sure the other party is who it claims to be.
Ensure the integrity of communication so that the recipient of secure information can verify that the content of the data has not been changed since it was sent.
For more information about WTLS, see Nokia WAP Phones Security document at the Forum Nokia web site (www.forum.nokia.com -> Technologies -> Browsing/WAP -> Documents) and WTLS specification at www.openmobilealliance.org -> Documents -> WAP Specifications.