The Ssl Protocol Analysis On The Mobile Terminal

Nowadays, cell phone replaces the traditional way of payment with credit card gradually, which means the beginning of a great improvement in mobile ecommerce from off-line to on-line. Therefore, security becomes playing an important role in mobile ecommerce. At present, the IT, with the assistant of financial field, has proposed many effective standards of securitized transaction. Among of them, the SSL protocol, known by its high compatibility with the various encrypted algorithms, widely market occupancy and easily implementation, has been widely used in the electronic business filed. It has become an effective method to solve the problems of communication and the security issue of transaction. Furthermore, with the tremendous development of information-handling and network technology, most of devices have been equipped with TCP/IP which makes SSL implemented easily.Through careful analysis about the present SSL products, there are many limitations with them if they would be implemented in various types of mobile terminal. This paper provides a complete prototype about SSL implementation, which is specific for the application environment with limited resource and great variety. Additionally, we optimized this model from different aspects including time, space and cross-platform compatibility so that such design can be fit for the well performance and satisfied executable size. We make use of the modularization and hierarchical design to make the resource accessing system more flexible and expansible and the resource accessing more efficient. In the hierarchical model, the upper layer provides the user-friendly programming interface by hiding internal implementation, the lowest layer provides abstract interface in order to shield OS differences, and the middle layer includes algorithm module, certificate module and state machine-driven protocol module which is the key point of this paper. We introduce the implementation of state machine, record protocol, handshake protocol and handling-process of alarm & error messages in the protool module. In addition, we propose solutions to the difficulties of the implementation based on the embedded device.At the final pages of this paper, we provide a test case for our application. Through these strict test cases, the capability of this software can be guaranteed greately. Currently, this software has been used to several secure transactions because of its portability, high-performance and multifunction. Finally, we provide a demo application which is implemented by this SSL toolkit in order to describe the details about the process of transplantation.