Security enhancement on mobile commerce

Abstract

Mobile commerce is more than a mobile and wireless extension of the Web-based e-commerce. It is being spurred by the mobile phone industry's widespread support of the Wireless Application Protocol. WTLS (Wireless Transport Layer Security) is based on the industry-standard TLS protocol, is optimised for use over narrow-band communication channels and is used with the WAP transport protocols. Since mobile commerce differs to "fixed" commerce in instantaneous delivery, micro payment and mobile context, a user-friendly payment scheme and user authentication is required. But poor power and memory of mobile terminals must be taken into account when cryptographic algorithms are chosen. Through mobile application survey, we found that the security levels of request and response data are different and request data is more important. In order to upgrade both total security level and performance, we proposed a security enhancement mechanism, in which security parameters of request and response data are processed separately. We made algorithms code value changed with meaningful most left two bits in WTLS handshake.