摘要： 现有的无线传输层安全(WTLS)握手协议通信量大，且不能对服务器证书的有效性进行在线验证。针对上述问题，提出一种改进的WTLS协议。在无线通信客户端预存服务器证书，握手过程中以证书的唯一标识检索证书，以降低握手协议的通信载荷。引入可信证书验证代理负责服务器证书的在线验证，并生成证书状态凭据。客户端通过验证该凭据的真实性，实现对服务器证书有效性的在线验证，从而提高协议的安全性。

关键词: 无线传输层安全握手协议, 可信证书验证代理, 身份认证, 无线网络, 在线验证

Abstract: The existing Wireless Transport Layer Security(WTLS) handshake protocol requires to exchange certificates between the client and the server, thus causes considerable communication load. And it allows client to avoid verifying the revocation state of the server certificate, which is a security flaw. In order to solve these problems, this paper proposes an improved WTLS handshake protocol based on Trusted Certificate Verification Proxy(TCVP). It only exchanges certificate identifier between the client and the server, which reduces the message payload. Moreover, TCVP is introduced to verify the online status of server certificate and seals it in a security ticket. By checking the ticket, the client is able to determine if the server certificate is valid without verifying it by itself.

Key words: Wireless Transport Layer Security(WTLS) handshake protocol, Trusted Certificate Verification Proxy(TCVP), identity authentication, wireless network, online verification

中图分类号: 

• TP309.2