The Wireless Transport Layer Security Protocol (WTLS) in the Wireless
Application Protocol (WAP) stack provides for security:

A.
Between the Internet and the content server

B.
Between the WAP content server and the WAP client

C.
Between the WAP gateway and the content server

D.
Between the WAP client and the gateway

Explanation:
Transport Layer Security (TLS) provides for security between the
content server on the Internet and the WAP gateway. (Answer “Between the WAP gateway and
the content server” is,
thus, incorrect.) Similarly, WTLS provides security between the WAP
mobile device (client software) and the WAP gateway. Since WAP
cannot interface directly with the Internet, all WAP information has
to be converted to HTTP in the WAP gateway to enable it to exchange
information with the Internet content servers. The simple block diagram illustrates these concepts.
Exhibit:

A vulnerability occurs since data encrypted with wireless protocols
has to be decrypted in the WAP gateway and then re-encrypted
with the Internet protocols. This process is reversed when data flows
from the Internet content servers to the WAP client. Thus, the information
is vulnerable while it is in the decrypted state on the WAP
gateway. This condition is known as the WAP Gap. In order to
address this issue, the WAP Forum has put forth specifications that

will reduce this vulnerability and, thus, support e-commerce applications.
These specifications are defined in WAP 1.2 as WMLScript
Crypto Library and the WAP Identity Module (WIM). The
WMLScript Crypto Library supports end-to-end security by providing
for cryptographic functions to be initiated on the WAP client from
the Internet content server. These functions include digital signatures
originating with the WAP client and encryption and decryption of
data. The WIM is a tamper-resistant device, such as a smart card, that
cooperates with WTLS and provides cryptographic operations during
the handshake phase.
The WAP Forum is also considering another alternative to providing
the end-to-end encryption for WAP. This alternative, described in
WAP specification 1.3, is the use of a client proxy server that communicates
authentication and authorization information to the wireless
network server.
*Answer “Between the Internet and the content server” is incorrect since the content server is on
the Internet side of the communication and answer “Between the WAP content server and the
WAP client” assumes a direct interface between the content server and the client without going
through the necessary Internet and wireless protocols.