| With the rapid development of Internet technologies and mobile communication technologies,the field of web services has expanded to include the mobile computing paradigm in constructing information systems.Handheld mobile devices participate in web services transactions through mobile web services.Mobile web services are typically mobile applications that consume traditional web services.With the arrival of 3-G era,it's being a more and more important way to access web services using mobile devices.But,because of the characteristics of mobile devices,security is always a key factor affecting development of mobile web services.First,this paper analyzes and studies mobile web services security technologies, such as security theory,Java ME security architecture,XML signature,XML encryption,WS-Security and SOAP security structure.Then we analyse the related encryption and digital signature algorithms for Java ME in theory,and these algorithms were implemented in Java ME on mobile device emulator,with various VM speeds simulated and different key sizes set.Experimental comparison results of thees algorithms were presented and analyzed.The experiment results of symmetric encryption algorithm show that the efficiency of triple DES,AES and IDEA on mobile device emulator are all very high,the costs of time are all less than 1 second.The experiment results of three signature algorithms show that ECDSA is more suitable to generate the key pair,RSA is more suitable to generate or verify the signature on mobile devices.And a recommended solution to the digital signature in mobile web services is derived that it's to use the 1024-bit RSA scheme when the mobile client is required to generate or verify signature,and switch to adopt the 160-bit ECDSA scheme when the mobile client is required to generate the key pair.On the basis of the experiment conclusion,we design and implement a Mobile Book System of Air Ticket in accordance with the end-to-end security requirement.In the system,we supply four modules:Weather Forecast Module,Flights Inquirement Module,Air Ticket Book Module,Booked Air Ticket Module,which basically achieved information confidentiality,integrity,authenticity and non-repudiation the system required. |
PDF Full Text Request