SSL Secure Socket Layer
A quick review of the encryption technologies that secret key encryption and public key encryption are the basic methods of encryption while digital signatures and digital certificates help in authenticating the public key used in public key encryption.
Public Key Encryption
The secret key encryption methodology is strongly recommended for encrypting large messages as it provides fast and easy encryption and decryption. It comes with its shortcoming of the secret key having to be passed across the receiver. To work around this problem is to encrypt the secret key using public key encryption. The public key used is authenticated using digital certificates.
Security Design
A pragmatic security design consists of a secret-key encryption nested within a public key encryption, authenticated through the use of certificates. Secure Socket Layer (SSL) is an implementation of this security design as a protocol.
Secure Transaction
Secure Socket Layer was developed by Netscape and has become a standard. Most web servers and web browsers support it. It has been found to be particularly useful for e-Commerce and is currently the most widely used method for performing secure transaction on the web. This protocol uses the RSA public key encryption.
How Does SSL Work ?
Here are the steps followed by SSL Protocol.
- The client (essentially the browser) sends a request for a document to be transmitted using the https protocol. This is done implicitly through a link, a form or any other such means that requests for a document URL that being with https:// instead of http://. This sets SSL at the client and server ends into action.
- The server sends its digital certificate to the client. The digital certificate is an encryption of its public-key and the signature of the certificate authority.
- The client receives the digital certificate of the server and verifies its credentials.
- The client informs the server which cryptographic algorithms it can use for communication.
- The server matches this list with its own list of algorithms and choose the strongest one and informs the client about it.
- The Client generates a secret-key and encrypts it with the public-key of the server and sends it to the server. This key is also called the session-key as it is used for encryption and decryption of the message until it is completely communicated or the communication is terminated.
- The server receives the encrypted session-key and decrypts it with its private key.
- All other communication goes on as usual except that it is encrypted using the session key.
TCP / IP
The SSL is an intermediate layer between the TCP / IP and application programmes (mostly the browser). It is generally an integral part of the browser and the server software. It should not be thought that SSL could only be used over Internet or exclusively with browsers. It is widely used in a large number of application and private networks. This it not bound to web pages and is only used when preparing to send sensitive information.
SSL provides a mechanism for handling security automatically inspite of using complex encryption technologies.
The responsibility fulfilled by SSL is limited. It ensures that the transmission of data between the server and the client is private, integrated and authentic. Once the data arrives at its destination, it is no longer secure.
Credit Card and SSL
For example, when you send credit card information over the net through SSL., it is secure till it is delivered at the merchant’s server. It is now the merchant’s responsibility to handle it safely and securely.
