Wireless Transport Layer Security: WTLS provides security services between the mobile device (client) and the WAP gateway. WTLS is based on the industry-standard Transport Layer Security (TLS) Protocol, which is a refinement of the secure sockets layer (SSL). TLS is the standard security protocol used between Web browsers and Web servers.

WTLS is more efficient that TLS, requiring fewer message exchanges. To provide end-to-end security. WTLS is used between the client and the gateway, and TLS is used between the gateway and the target server. WAP systems translate between WTLS and TLS within the WAP gateway. Thus, the gateway is a point of vulnerability and must be given a high level of security from external attacks. WTLS is not a single protocol but rather two layers of protocols.

WTLS provides features such as:

• Data integrity: Ensures that data sent between the client and the gateway are not modified, using message authentication.

• Privacy: Ensures that the data cannot be read by a third party, using encryption.

• Authentication: Establishes the authentication of the two parties, using digital certificates.

• Denial-of-service protection: Detects and rejects messages that are replayed or not successfully verified.