TWI224455B - End-to-end encryption procedure and module of M-commerce WAP data transport layer - Google Patents

Abstract

The invention relates to an end-to-end encryption procedure and module of M-commerce WAP data transport layer, which are characterized by using wireless application protocol (WAP) as the technical platform to add an information password security system in compliance with a public key infrastructure at the current mobile information WML server end in the wireless content provider (WCP). The system comprises handset software encryption/decryption module, the cipher server of the WML server and key management subsystem. The added cipher server can go through the HTTP service of the WML server to dynamically download the public key generated by the handset software encryption/decryption module and the key management subsystem to customer premise equipment such as mobile phone or PDA through WAN and the WAP gateway of GSM/GPRS/CDMA digital mobile system. When user intends to proceed personal commerce, input commerce information based on the WML sent out by WML server and proceed encryption procedure through the handset encryption/decryption module and then upload it. After the information gets to the WML server, then proceed the reverse decryption with the corresponding private key from the cipher server. Further forward the plain text to WML server to execute the subsequent function test. By means of the added mechanism capable of realizing the end-to-end security of WAP M-commerce information exchange, simply improve the loophole of the 2-phase security of current WAP structure overnight.

Description

1224455 Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7_ V. Description of the Invention (1) Field of the Invention The present invention is an end-to-end real-time encryption program and module for mobile commerce (M-Commerce) WAP data transmission segments. In order to use the Wireless Application Protocol as a technology platform, an existing information security system that complies with the Public Key Infrastructure is added to the existing mobile information server WML Server of the Wireless Content Service Provider (WCP). The additional mechanism can realize end-to-end security of WAP mobile business information exchange. Known technical description WAP The Wireless Application Protocol (WAP) specifies the specifications for wireless data transmission on wireless devices such as mobile phones and PDAs. WAP is mainly developed for the characteristics of wireless devices, and its operating environment is different from other devices, so it needs a specially developed software agreement to support it. The good design of WAP makes it compatible with most existing communication networks, including communication networks such as GSM, GPRS, PDC, CDPD, CDMA, TDMA, PHS, DECT, and the third generation mobile phone (3G) standards. Under the GSM system, WAP can be implemented by short message service (SMS) or Circuit Switched Data (CSD), but the bandwidth upgrade space of CSD makes commercial application possible. There are two modes of operation of WAP on the wireless network. One is to act as the WAP gateway between the client and the web server; the other is to be embedded directly into the client. Connected WAP Application Server (WAP Application Server). In this client, the paper size is applicable to China National Fresh (CNS) A4 specification (210 X 297 public love) " -------------------- Order ---- ----- line (Please read the notes on the back before filling this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 1224455 ί f Α7 Β7 V. Description of Invention (>) (Client) refers to the support of WAP 'Wireless communication equipment' and Web server refers to a web server installed on the Internet. WAP gateway is an intermediary software installed on GSM network and WAN wide area network. It is responsible for converting WAP and WTLS encryption protocols to HTTP and SSL / TLS encryption protocols to help WML format documents be obtained from the existing Internet world. It Contains WML Encoder, WML Script Compiler, Protocol Adapters and other components (see Figure 1). The WAP Application Server has a built-in WAP Gateway function to provide content directly to the client. However, due to the structural loophole of the 2-Phase Security mechanism, mobile business information transmission is faced with a great threat when it is converted to plain text by WAP gateway. Covering the current two-stage mechanism, it is divided into (l) WTLS encryption from the Handset to the WAP Gateway transmission section and (2) SSL / TLS encryption from the WAP Gateway to the WML Server transmission section. Because the WTLS and TLS interface specifications are different, the WAP Gateway must WTLS ciphertext is restored to plaintext and then encrypted with TLS. This is a security vulnerability that causes data to be restored to plaintext at the mobile phone system operator. For this reason, the present invention is committed to completing the end-to-end (END TO END) data encryption technology to make up for the shortcomings of the existing structure and apply it to business transactions on the WAP platform (such as bank wealth management, stock trading, enterprise internal information circulation and business Transactions, etc.), which is the main objective of this invention. SUMMARY OF THE INVENTION The paper size is applicable to Chinese National Standard (CNS) A4 (210 X 297 mm) -------------------- Order -------- -Line (Please read the precautions on the back before filling this page) 1224455 Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Invention Description (4) This invention is a mobile business (M-C⑽merce) WAP data transmission section The end-to-end real-time encryption program and module is characterized by using the Wireless Application Protocol as the technology platform and adding a public funding in the existing mobile information server WML Server of the wireless content service provider (WCP) Public Key Infrastructure information password security system, this system contains the mobile phone (Handset) software encryption and decryption module 'mobile information temple server encryption and decryption server (Cipher Server) and key management subsystem (Key Management) Three. The added encryption and decryption service program can pass the existing WML Server HTTP protocol service, through the wide area network (WAN) and wireless protocol gateway (WAP Gateway) of digital mobile systems such as GSM / GPRS / CDMA, Dynamically download the public key generated by the Handset software encryption and decryption module and the key management subsystem (PublicKey) to client devices such as mobile phones or digital assistants. When users want to conduct personal business, they can input business information according to the wireless markup file (WML) instructions sent by WML Server, and upload the encrypted information through the Handset encryption and decryption module. After the information is transmitted to the WML Server, the encryption and decryption server (Cipher Server) performs the reverse decryption operation with the corresponding Private Key, and then the plaintext is sent to the WML Server for subsequent functional procedures. The added mechanism can realize the end-to-end security of WAP mobile business information exchange, and improve the loopholes of the 2-Phase Security mechanism that regulates the WAP (version 1.1) architecture in one fell swoop. The WAP communication protocol layer formulated according to the WAP Forum can be divided into six layers (as shown in Figure 2). In order to achieve the maximum security of the security mechanism of the present invention and compatibility with subsequent upgrades, the present invention adopts Wireless application This paper size applies to China National Standard (CNS) A4 specification (210 X 297 mm) -------------------- Order -------- -Line (please read the notes on the back before filling this page) 1224455 A7 B7 V. Description of the invention (4 *) (please read the notes on the back before filling this page) The top layer of the (WAE) is the development platform and implementation Environment, which is different from the existing WTLS mechanism built on the third layer of security. Since the WAE layer is based on the security layer, the present invention can enjoy the dual effects of WTLS mechanism protection in addition to the security provided by itself, which is one of the features of the present invention. Therefore, the present invention provides an end-to-end encryption module for the mobile business WAP data transmission segment, which uses the top layer of the wireless application layer (WAE) as the development platform and execution environment; the module is used for wireless content service providers (WCP) ) The existing mobile information temple server WML Server adds an information password security system, which includes a mobile phone (Handset) software encryption and decryption module, a mobile information server encryption and decryption server (Cipher Server) and a key management subsystem (Key Management Subsystem). ) 〇 The present invention also provides an end-to-end encryption program for the mobile business WAP data transmission segment, which uses the top layer of the wireless application layer (WAE) as the development platform and execution environment; the program includes steps: a wireless content service provider ( The existing mobile information server WML Server has added an information password security system, including a mobile phone (Handset) software encryption and decryption process, a mobile information server encryption and decryption server (Cipher Server), and a key management subsystem ( Key Management).

Printed by the Consumers ’Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs! M Description of the invention The invention is an end-to-end real-time encryption program and module for mobile business (M-C⑽merce) WAP data transmission segments, which is characterized by the Wireless Application Protocol ) Is a technology platform, and this paper standard is applicable to China National Standard (CNS) A4 specification (210 X 297 mm) 1224455 A7 B7 __ V. Description of the invention (<) (Please read the notes on the back before filling in this Page) The existing mobile information server WML Server of the Content Service Provider (WCP) adds an information password security system (see Figure 3) that complies with the Public Key Infrastructure, and the added mobile set (Handset) Software encryption / decryption module, mobile information server-side encryption / decryption server (Cipher Server) and key management subsystem (Key Management) can realize the end-to-end security of WAP mobile commerce and improve the current Vulnerabilities in WAP Two-Phase Security. Furthermore, the present invention uses the encryption and decryption principle of the public key mechanism, and the public key and private input generated by the key management subsystem are used not only for encryption purposes, but also to achieve the non-repudiation function of identity authentication (CA). It is the possibility of making M-Commerce a step forward. In addition, in order to solve the shortcomings of low encryption and decryption efficiency of the public key, the present invention also adds a Pre-Compressor to the Handset software encryption and decryption module to approach 1/3. The high compression ratio and zero distortion rate are used to process the original plaintext data, thereby greatly improving the execution efficiency of the mobile phone (Handset), and increasing the practical value of the invention applied to mobile commerce.开发 The development level and operating platform of the present invention are based on the consumption of employees of the Intellectual Property Bureau of the Ministry of Economic Affairs. The company prints the WAP communication protocol layers formulated according to the WAP Forum, which can be divided into six layers (see Figure 2). The brief description is as follows: 1. WAE (Wireless Application Environment): WAE defines the communication protocol of the Application Layer (ApplicationLayer), which is a wireless application environment that integrates WWW technology and is developed for the characteristics of wireless communication. WAE enables network systems and content providers to provide application content and services through the Micro Browser. This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) Printed by the Consumers 'Bureau of Intellectual Property Bureau of the Ministry of Economic Affairs 1224455 A7 B7 V. Invention Description (A) 2. WSP (Wireless Session Protocol)' WSP It is the communication protocol of the Session Layer. It provides two types of services, including a continuous connection service based on WTP and a discontinuous connection service based on WDP. 3. WTP (Wireless Transaction Protocol): WTP is a communication protocol built on top of WDP for the Transaction Layer. It is designed for small client interfaces (such as mobile phones). 4. WTLS (Wireless Transport Layer Security) · WTLS is a security protocol based on the industry standard TLS Protocol (ie, Secure Sockets Layer, SSL). WTLS is a security layer designed to be used on top of the Transport Layer, and is modified for smaller bandwidth communication environments. 5. WDP (Wireless Datagram Protocol) · WDP is a transport layer (Transport Layer) protocol. It is suitable for setting up monthly data services of different communication technologies. It can provide a common communication interface for WAP upper layer protocols. The communication protocols including the application layer, conference layer, and security layer can all operate directly on WDP. 6. Bearer (bottom data service): WAP is designed to be a communication protocol that can be supported by different communication technologies in the world, so it can be set up on different data month services, including short message service (SMS, Short Message Service) ), Packet Data, Circuit-switched Data, etc. ΐ This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm) --------------------- Order -------- -Line (please read the notes on the back before filling this page) 1224455 Printed by the staff of the Intellectual Property Bureau of the Ministry of Economic Affairs ^ A7 B7 by the cooperative Fifth, the description of the invention (9) In order to achieve the maximum implementation of the security mechanism of the present invention Capacitive and subsequent upgrades are easy to consider 'the invention uses the top layer of the wireless application layer (ME) as the development platform and execution environment', which is different from the existing WTls mechanism and is built on the fourth layer of security layer. Since the WAE layer is based on the security layer, the present invention can enjoy the dual effects of WTLS mechanism protection in addition to the security provided by itself, which is one of the features of the present invention. The WAE application layer execution environment can interpret WML tag language (Wireless Markup Language) and WMLScript description language (Wireless Markup Script Language), and is used in the security mechanism of the present invention to implement a mobile phone (Handset) software encryption and decryption module. The WMLScr i pt language interpreter architecture of the mobile phone can directly access the data variables of the WML format file through the stack (see Figure 4). The data entered by the user in the WML file can be added by (Handset) The decryption module processes the calculation and uploads it to the remote mobile information server WML Server, so that the transmission process is protected by encryption. The data compression mechanism of the present invention is called to be complicated and time-consuming due to the calculation process of the open gold algorithm. In order to promote the environmental efficiency of mobile phone WAE execution and improve user convenience, the present invention adds a new one to the (Handset) software encryption and decryption module. The Pre-Compressor handles the data variables of WML files with a high compression ratio approaching 1/3 and a distortion rate of 0, thereby greatly improving the execution efficiency of the encryption program with Handset, and also improving the application of the present invention. 'Practical value in mobile commerce' This is also one of the important features of the invention. Compression front module This paper size applies to China National Standard (CNS) A4 specification (210 X 297 mm) -------------------- Order ----- ---- Line (Please read the notes on the back before filling in this card) Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs 1224455 A7 _B7_ V. The basic principle of the Pre-Compressor is through The digital-to-code conversion principle is combined with the decimal place selection technique to make WML text variables a highly efficient and exquisite conversion to pray for the highest compression ratio. (As shown in Figure 5), this is an example of the compression process of the Pre-Compressor. The figure uses mobile bank transfer transactions as an example, and the personal account information with a total length of 24 characters is simplified. The process is compressed to an 8-character ANSI (American National Standard Character Set) character set, so the goal of high compression ratio can be achieved at a high compression rate. The compression program of the Pre-C⑽pressor is as follows: 1) The original data length is grouped into unit strings (UnitBuf) in units of 8/9 2) Each unit string is converted to The decimal value indicated (UnitVal) 3) Convert each unit value to a hexadecimal unit string (oxUni tBuf) 4) Group the characters of each hexadecimal unit string (oxUni tBuf) into unit words Group (oxCharBuf) 5) Convert each unit block (oxCharBuf) to decimal word code values between 0 and 255 6) Convert each word code value directly to the corresponding ANSI character set The length of the original data in step 1) above is 8/9 is a unit group, which is based on the maximum data type length supported by the mobile phone WAE execution environment I 〇 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ----- --- I--I --------— — — — — — — (Please read the notes on the back before filling out this page) 1224455 A7 B7 5 ___ Employees ’Consumption of Intellectual Property, Ministry of Economic Affairs Cooperative cooperative printed invention description (?) Is 64-bit, converted to decimal value is -2147483647 ~ 2147483647 (please read first Note on the back, please fill in this page again). If the decimal data is expressed in decimal data, the length must be 10. Therefore, in order to avoid the time-consuming Over Flow calculation when grouping the original data, 8/9 is taken as the unit word. String length. Call for the theoretical basis of the encryption mechanism of the present invention. As mentioned above, the present invention adds an information password security in accordance with the Public Key Infrastructure to the existing mobile information server WML Server of the wireless content service provider (WCP). The system includes a mobile phone (Handset) software encryption and decryption module, a mobile information server encryption and decryption server (Cipher Server), and a key management subsystem (Key Management). Considering the current cryptographic technology, there are two main types of cryptographic systems. The first type is a symmetric golden key (Symmetric Key) cryptosystem, and the second type is an asymmetric key (Public Key) cryptosystem. The symmetric key cryptosystem has the advantages of fast encryption and decryption speeds, but because its encryption key and decryption key are the same key, how can the sender of the information send the encrypted key in a secure manner after encryption? To the receiver, how to enable the two parties to share the secret gold record for decryption is a major problem of this cryptosystem (see Figure 6), so the symmetric key cryptosystem is not suitable for multi-person login action information. The server WML Server, which is not applicable to the framework of the master-slave (cl ient-Server) mobile commerce. The public key cryptosystem improves the shortcomings of the symmetric key cryptosystem. Its encryption balance is not the same as the decryption gold loss. Each pair of key pairs (Key Pair) contains two corresponding gold losses—public encryption金 录 （Pub 1 ic (ί This paper size applies to the Chinese National Standard (CNS) A4 specification (210 x 297 mm) ^ 4455 A7 V. Description of the invention (the secret decryption key must be kept secret (ρ_), reserved for anyone) … 'F Lets people who may communicate with it know: 所 所 公公 二 :: ==' 'can use the message after T, only the intended recipient owns it, and: Never exchange the key beforehand The characteristics of animal confidential communication. On the contrary, when & 卩 ^ is secret, anyone who owns the "secret;";;;: == secret encryption will decrypt it, but because of "secret"!: = :: Public key "can be ... if it is owned by the transmitting party and kept confidential / dagger, the message encrypted by the secret can be regarded as the signature of the transmission of m. 14 #public golden gun password system and digital signature Zhang Yanzeng

Deffi-Hellman ^ RSA ^ SA ^ ElGa.al ^ M-H Knaple ^ R a b 111 and so on. Based on the "public key cryptosystem", the advantage of "secret communication" can be achieved without exchanging the balance in advance. The invention adopts the concept of "public key cryptosystem" to design end-to-end for WAp transmission architecture. Two-time encryption program and module (see Figure 7). Call for the encryption system mechanism of the present invention1. Handset encryption and decryption module and server encryption and decryption server Cipher Server 丨 This is the invention of wireless content service providers (WCP, such as bank securities industry) The information paper added on the existing mobile information server WML Server is based on the Chinese paper standard (CNS) A4 (210 X 297 mm) 1224455 Economy_Ministry 1—Printed by the Consumer Property Cooperative of Italy Property Bureau A7 B7_ V. Description of the invention (丨 丨) The security system includes a mobile phone (Handset) software encryption and decryption module, a mobile information server encryption and decryption service server (Cipher Server) and a key management subsystem (Key Management). When a user logs in to WCP WML Server through the WAP network, WML Server can use this mobile information server-side encryption and decryption server program (Cipher Server) to provide inter-process communication interfaces for different computer operating systems (Inter-Process Communication Interface) , Such as TCP / UDP communication protocol, COM object model interface, C0RBA object model interface, DDE dynamic data exchange and rpc remote program call, etc., inform the encryption and decryption server (Cipher Server) responsible for opening the Handset software encryption and decryption module and gold The key management subsystem maintains the user's public key ('Public Key') through WML Server's existing HTTP service, through the wide area network (WAN) and wireless of digital mobile systems such as GSM / GPRS / CDMA Protocol gateway (· ρ Gateway), which is downloaded to client devices such as mobile phones or digital assistants. Value When users want to send personal business information, they can first input business information according to the instructions of the wireless markup file (WML), and upload it after the downloaded Handset encryption and decryption module and the user's public key are used for encryption calculation. After the information is transmitted to the WML Server, the encryption and decryption server (Cipher Server) performs the reverse decryption operation with the corresponding Private Key, and then the plain text is sent to the WML Server for subsequent functional procedures (see Figure 8). Conversely, if it is necessary to actively download personal business information (such as querying bank account balance) from WML Server ', the user must first enter the Private Key to be stored in the stack memory of the mobile phone WAE execution environment for backup, and WML Server will pass the personal business data to be transmitted to the encryption and decryption server I; This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm)------------—— —Order --------- line (please read the notes on the back before filling this page) 1224455 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of Invention () >), Program ( (Cipher Server) 'and notify it to open the Handset software encryption and decryption module and the key management subsystem to maintain the user's public key (Public Key) to perform encryption calculations on the Server side in advance. Then, the Handset software encryption / decryption module and cipher text are transmitted to the client device through the transmission service beyond the agreement in this article. At this time, the private key (Private Key) stored in the WAE execution environment is used to decrypt the ciphertext, and the decrypted plain text is passed to the WML format file to display its original result. 2. Key Management System All the tasks of assisting the use and application services of the public gold coin cipher system can be regarded as part of the operating structure of the public gold base, Key Management of the present invention. Responsible for the work are a) generation and construction of gold surplus and b) co-management of keys. a) Key generation and construction The ideal key in terms of metal correction must have randomness, that is, its generation process is extremely confidential, and the result is unpredictable, and for gold with a large demand and which needs to be updated frequently I usually use the method of generating a random (pseudorandom) program. In addition to being unpredictable, the Key Management subsystem of the present invention also meets certain algorithm requirements. For example, the keys in the offline system must have enhanced Prime Number and other properties. b) Key co-management In terms of key co-management, computer systems apply cryptography to broadcast or database security. In addition to providing its confidentiality, it is also necessary to ensure encrypted data ------------ -------- Order --------- line (please read the notes on the back before filling this page)

X 297 mm) 1224455 A7 B7__ 5. Reducibility of the description of the invention (1¾) (please read the precautions on the back before filling this page). The key management subsystem of the present invention embodies the mechanism of secret sharing, which can divide the golden lose into several shadows, and can be restored to the original key only under a certain number of afterimage combinations , In case the key is lost or destroyed, all data encrypted with this key cannot be restored. Comparison of Luben's encryption mechanism and STK (SIM Toolkit) encryption mechanism The Intellectual Property Bureau Employee Consumer Cooperative of the Ministry of Economic Affairs prints a "public key cryptosystem", and can achieve "secret communication" without exchanging the key in advance. Advantages, the present invention uses the "public key cryptosystem" concept to design end-to-end real-time encryption procedures and modules suitable for WAP transmission architecture, which is very different from the encryption mechanism of traditional mobile phone STK (SIM Tool kit) transmission. It uses a symmetric key (Symmetric Key) cryptosystem (such as PINNI, PIN3, 3DES) ° The full name of SIMToolkit is "Subscriber Identity Module Application Toolkit" (user identification application development tool), and its application is through mobile phone companies and SIM cards Manufacturers cooperate to program or add value-added service programs to the microprocessor of the user identification card, so that consumers can click on the value-added services directly in the mobile phone directory. Since S TK sends short message (SMS) messages through a GSM Phase 2 + -compliant mobile phone, basically data exchange is limited to exchanges within the telecommunications company's intranet. Therefore, STK is traditionally used for e-commerce security than WA P architecture. Is high. However, its closed architecture is not suitable for Internet-based mobile business applications, and the symmetric key mechanism is good for data confidentiality.

I_ K This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 1224455 A7 B7_ V. Description of the invention (丨 ox) Good performance, but not for individuals The "non-repudiation" function of identity also limits its application space in mobile commerce (see Figure 9). Therefore, this information security system directly adopts the "public key" mechanism in the WAP architecture, which not only makes up for the concerns of insufficient encryption in the traditional WAP architecture, but also has the "non-repudiation" feature of "digital signature", which is actually the invention One of the great features. (As shown in FIG. 10) In summary, the present invention is an end-to-end real-time encryption program and module for mobile data (M-Co-erce) WAP data transmission segment, which is characterized by wireless communication protocol (Wireless Appl i The cat ion protocol is a technology platform. An existing information security system that complies with the Public Key Infrastructure is added to the existing mobile information server WML Server of the wireless content service provider (WCP). The added mechanism can realize the end-to-end security of WAP mobile business information exchange and improve the loophole of 2-Phase Security of the existing WAP (version 1.1) architecture in one fell swoop. Furthermore, the present invention uses the encryption and decryption mechanism of the public key mechanism, which is not only used for encryption purposes, but also can achieve the non-repudiation function of identity authentication (CA), which greatly implements the possibility of mobile commerce. In addition, in order to solve the shortcomings of low efficiency of public key encryption and decryption operations, the present invention also adds a compression pre-module (Pre-Compressor) to process the original plaintext data with a high compression ratio close to 1/3 and a distortion rate of 0. This greatly improves the encryption efficiency and the practical value of the present invention in mobile commerce (see Figure 11). Because the present invention fully complies with the patent application requirements, it is proposed that this standard is applicable to the Chinese National Standard (CNS) A4 according to the patent law. Specifications (210 X 297 mm) --- I -------- i 丨 丨!丨 —Order ----- I-- (Please read the notes on the back before filling this page) A7

Jade and invention description (丨 <) For the application, please check and approve the case in detail to protect 1224455 丨 early ~ Ming dynasty. If there is any suspicion on the part of the review committee, please write to us. According to the above, it is only the best of the present invention. Specific examples, but the features of the end-to-end encryption program and module of the mobile business WAP data transmission section of the present invention are not limited to this. In the field of the present invention, changes or modifications that can be easily considered can be covered by the patent scope of this case. 0 — I — Iin--II --------— ^ WWW (Please read the note on the back first Please fill in this page for further information) Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Cooperatives The paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm) 1224455 A7 B7_ V. Description of Invention (β) Attachment (M-Η The original description of the algorithm and the Handset encryption and decryption module Μ- 实例 calculation example 2. The Handset encryption and decryption module MH-Η calculation example of the present invention (please read the precautions on the back before filling this page) extern function Cipher (szTime, szURL , PublicK,

CompressParam, BIO) {if (String.compare (WMLBrowser. GetVar (M Compress Input "), nlM)! = 0) WMLBrowser. Go (Mhttp: // M + szURL + n? RtnCode = NoCompress & Time :::: : M iszTirae); var Encode ^ "M; var CharPlainBit two, '丨'; var nCipher ^ O; var i = 0, j = 0; var nLen two 0; var nValue = 0; nLen two String.length ( BlO); nLen = nLen div 3; for (i = 0; i <nLen; i ++) {Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs nValue = Lang.parselnt (String.subString (Bl0, i * 3, 3) ); CharPlainBi t = GenerateCharPlainBi t (nValue); nCipher = GenerateCharcipher (CharPlainBit, PublicK); if (j 2 2 0 M i 2: 0)

Encode = Encode + nCipher; __if_ This paper size applies to China National Standard (CNS) A4 (210 x 297 mm) 1224455 A7 _B7_ V. Description of the Invention (I "]) else Encode Two Encode + 丨 丨-" + nCipher ;} Encode = Encode + 丨 丨-丨 丨 + CompressParam; WMLBrowser. SetVar (n Compress Input ", 丨 '0 丨'); WMLBrowser · go (”http: // '' + szURL + n? Cipher: + 丨 丨& RtnCode = Success & Time = ”+ szTime);} function GenerateCharPlainBit (Plain) + Encode (Please read the precautions on the back before filling out this page) Intellectual Property Bureau Employee Consumption Cooperative of the Ministry of Economic Affairs 丨 Print: var nLen II 1 ; var modi 2 0; var mod 2 2 0; var bit = 0; var nChar = 0; var cChar = nn; var PlainBi t = nn; var i = 0; var nRate = 2; nChar 2 Plain; for (i 2 0; i <8; i + +) {modi two nChar% nRate; if (nRate two 2) This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm) Employees of the Intellectual Property Bureau of the Ministry of Economic Affairs Cooperatives_Qiu 丨 made! 1224455 A7 B7_ 5. Description of the invention (丨 mod2 = 0; else mod2 = nChar% (nRate div 2); bit = modl-mod2; if (bit two = 0)

PlainBi t: 丨 丨 0n + PlainBi t; else

PlainBit-nlM + PlainBit; nRate two nRate * 2;} return PlainBit;} function GenerateCharcipher (CharPlainBit, PublicK) {var cChar: 丨 丨 丨 丨; var nChar = 0; var nCipher = 0; var i: 0; var Publ icChar two 丨, 丨 '; for (i 二 0; i <8; i ++) {cChar ^ String.charAt (CharPlainBi t, i); if (String.compare (cChar, n 0 丨') = = 0) nChar ^ O; This paper size applies to China National Standard (CNS) A4 (210 x 297 mm) -------------------- Order ------- -Line (please read the precautions on the back before filling this page) 1224455 A7 _B7_ V. Description of the invention (丨 |) else nChar II 1;

PublicChar = String.elementAt (PublicK, i, n); nCipher = nCipher + nChar * Lang.parseInt (PublicChar);}

II return nCipher; (Please read the precautions on the back before filling out this page) Employees' Cooperatives and Social Organizations of the Intellectual Property Office of the Ministry of Economic Affairs—Institute! F vf. This paper size applies to China National Standard (CNS) A4 (210 X 297) %)

1224455 V. Description of the invention (> ϋ) Legends In order to allow the review committee to better understand the features and technical contents of the present invention, please refer to the following drawings for this description, but the attached drawings are for reference only. Is not intended to limit the invention. The first figure is a wireless application protocol architecture diagram. The first figure is a WAP communication protocol hierarchy diagram. The second figure is a structure diagram of a WAP end-to-end information encryption system of the present invention. This book describes the calculation process of the pre-compression module (pre-C0fflpress〇r) (Take bank transfer as an example) Figure 6 Symmetric encryption mechanism operation Figure 7 Public key (PKI) encryption mechanism operation diagram ( Take RSA as an example) Figure 8 The procedure of the WAP end-to-end encryption mechanism of the present invention The ninth figure WAP and STK architecture comparison chart The tenth figure WAP and STK feature comparison table The eleventh figure The WAP end-to-end encryption system of the present invention is applied Financial market structure diagram This paper size applies Chinese National Standard (CNS) A4 specification (210 X 297 mm) -------- ^ ------- (Please read the notes on the back before filling (This page) Employee Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs

Claims (1)

1224455 Printed A8 B8 C8 D8, patent application scope end-to-end encryption module by the Consumer Cooperative of Intellectual Property Bureau of the Ministry of Economics, where users want to send personal business information, first enter business information according to WML instructions, The Handset encryption / decryption module and the user's public key are used to perform encryption calculations and moxibustion. After the information is transmitted to the WML Server, the encryption and decryption feed program (^ here Server) is used to reverse the corresponding private input (Private Key). Send the plaintext to the decryption action and then follow-up with the WML Server to execute the subsequent functional procedures. 5. If the end-to-end encryption module of the mobile business WAP data transmission section of the scope of patent application, the end-to-end encryption module, if it is necessary to actively download the personal For business information, the user must first enter the Private Key to store the stack memory in the WAE execution environment of the mobile phone for backup. WML Server will pass the personal business data to be transmitted to the Cipher Server. And notify it to open the Handset software encryption and decryption module and the key management subsystem to maintain the user's public key (PublicKey) in order to advance in Serve The r side performs encryption calculations; the Handset software encryption / decryption module and ciphertext are transmitted to the client device through the transmission service agreed on in this document; at this time, the private key stored in the WAE execution environment is used to decrypt the ciphertext Action 'and pass the decrypted plaintext to a WML format file to display its original result. 6. If the end-to-end encryption module of the mobile business WAP data transmission section of the first patent application scope, the key management subsystem is responsible for the creation and construction of the magic gold record and b) co-management of the gold record; I generate and build: The key is random in terms of key generation, that is, the process of generating the key is extremely confidential, and the result is unpredictable, and the national paper standard (CNS) A4 is required for 24 paper standards. (210X297mm) f Please read the notes on the back before filling in this page) 1224455 ABCD Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs VI. Large-scale applications for patent applications that require frequent updates usually use pseudo random program generation methods; Key co-management: in terms of key co-management The computer system applies password technology to the security of files or databases. In addition to providing its confidentiality, it is also necessary to ensure the recoverability of encrypted data. The Key Management subsystem reflects the mechanism of secret sharing. , The key can be divided into several shadows (shadows), only under a certain number of combinations of shadows can be restored to the original key, in case the key is lost or destroyed, all the data encrypted with this key Unable to restore. 7 · If the end-to-end encryption module of the mobile business WAP data transmission section of the scope of patent application No. 1 contains a compression pre-module (Pre-Compressor) to decompress the transmission data, the compression procedure is as follows : | A) group the original data length into 8 or 9 as a unit string; b) convert each unit string to the decimal value it represents; c) convert each unit value to sixteen Carry unit string; d) Group the characters of each hexadecimal unit string into unit blocks; e) Convert each unit block (oxCharBuf) to a C, decimal word code between 0 and 255 F) Convert each code value directly into the corresponding ANSI character set; 25 (Please read the precautions on the back before filling this page) This paper size applies to China National Standard (CNS) A4 specification (210X297 mm) 1224455 A8 B8 C8 D8 6. Scope of patent application Where the length of the original data in the above step 1) is grouped in units of 8 or 9, it is based on the maximum data type length supported by the mobile phone WAE execution environment is 64 bits, so the original To avoid the waste of data when grouping data The overflow (Over Flow) so that the operational units of 8 or 9 taken long string. 8 · If the end-to-end encryption module of the mobile business WAP data transmission section of the first patent application scope, the security mechanism uses the WAE application layer to implement the mobile phone (Handset) software encryption and decryption module; therefore WML can be interpreted Label Language (Wireless Markup Language) and WMLScript Description Language (Wireless Markup Script Language). (Please read the notes on the back before filling out this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 26 This paper size applies to China National Standard (CNS) A4 (210 X 297 mm)