IIR Wireless eBusiness Security Forum Barcelona. January, 2002

1. Identifying How WAP Can Be Used For Secure M-Business 3rd Wireless eBusiness Security Forum Barcelona. January 29-30, 2002

5. WAP Generation 1 and 2 Stacks Bearer WDP WTLS WTP WSP Subnet IP TCP HTTP WSP WTP WTLS WDP Bearer Mobile device WAP gateway Web server TLS IP Subnet Mobile device WAP proxy Subnet TCP* TLS Subnet IP TCP* Subnet IP TCP Web server Generation 1: own protocol stack and presentation language Generation 2: alignment with Internet and WWW standards HTTP* IP TCP TLS HTTP Subnet IP TCP TLS HTTP HTTP* HTTP Remark: WAP 2.0 also supports transport proxies and IP routers as intermediate entities. WML over HTTP WBXML over WSP

8. Timeline of WAP Security Specifications WAP 1.2 WAP 1.1 WAP 1.0 Dec. 99 Jun. 99 Apr. 98 WTLS (April, 98) WTLS (Feb., 99) Approved specification releases: WMLSCrypt (Nov., 99) WIM (Nov., 99) WTLS (Nov., 99) WAP 1.2.1 WTLS (Feb., 00) Jun. 00 Jul. 01 WMLSCrypt (Nov., 99) WIM (Feb., 00) WTLS (Apr., 01) WMLSCrypt (Jun., 01) WIM (Jul., 01) WAP 2.0 WPKI (Apr., 01) TLS (Apr., 01) E2ESec (Jun., 01) WAPCert (May, 01)

25. Abbreviations 3GPP Third-Generation Partner Project AID Application ID ASN Abstract Syntax Notation CDMA Code Division Multiple Access cHTML compact HTML CMS Cryptographic Message Syntax DF Dedicated File DMZ De-Militarized Zone E2E End-to-End EF Elementary File GPRS General Packet Radio Service GSM Global System for Mobile Communications HTML HyperText Markup Language HTTP HyperText Transfer Protocol HTTP* Wireless profiled HTTP(interoperable with HTTP) https HTTP over SSL/TLS ICC Integrated Circuits Card ID Identifier IETF Internet Engineering Task Force IP Internet Protocol ISO International Standards Organization IT Information Technology MeT Mobile electronic Transactions MF Master File NTT Nippon Telegraph and Telephone OCSP Online Certificate Status Protocol PDA Personal Digital Assistant PKCS Public Key Cryptography Standards PKI Public Key Infrastructure PKIX PKI-X.509 PSTN Public Switched Telephone Network PTD Personal Trusted Device RFC Request For Comment SCONT Signed Content SCP Smart Card Platform SIM Subscriber Identity Module SSL Secure Sockets Layer TCP Transmission Control Protocol TCP* Wireless profiled TCP(interoperable with TCP) TDMA Time Division Multiple Access TLS Transport Layer Security UMTS Universal Mobile Telecommunications System USIM Universal SIM W3C World Wide Web Consortium WAP Wireless Application Protocol WAP-NG WAP Next Generation WBXML Wireless Binary XML WDP Wireless Datagram Protocol WIM Wireless Identity Module WML Wireless Markup Language WMLScript WML Script WPKI Wireless PKI WSP Wireless Session Protocol WTLS Wireless TLS WTP Wireless Transaction Protocol WWW World Wide Web XHTML eXtensible HTML XKMS XML Key Management Specification XML eXtensible Markup Language XMLDSig XML Digital Signatures XMLEnc XML Encryption

27. Author Information Dr. Oliver Pfaff Siemens AG Information and Communication Networks Charles-De-Gaulle-Str. 2 D-81730 Munich E-Mail: oliver.pfaff@icn.siemens.de Telephone: +49.89.722.53227 Mobile: +49.172.8250805