A Look at a Secure Business Solution
How do we enforce Security
SSL (Secure Sockets Layer)
SSL (Secure Sockets Layer) is a program layer created by Netscape for managing the security of message transmissions in a network. Netscape's idea is that the programming for keeping your messages confidential ought to be contained in a program layer between an application (such as your Web browser or HTTP) and the Internet's TCP/IP layers. The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. Netscape's SSL uses the public-and-private key encryption system
from RSA, which also includes the use of a digital certificate.
SSL is an integral part of each Netscape browser. If a Web site is on a Netscape server, SSL can be enabled and specific Web pages can be identified as requiring SSL access. Other servers can be enabled by using Netscape's SSLRef program library which can be downloaded for noncommercial use or licensed for commercial use.
Netscape has offered SSL as a proposed standard protocol to the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) as a standard security approach for Web browsers and servers.
RSA (Rivest-Shamir-Adleman)
RSA is an Internet encryption and authentication system that uses an
algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard
Adleman. The RSA algorithm is the most commonly used encryption and
authentication algorithm and is included as part of the Web browsers from
Netscape and Microsoft. It's also part of Lotus Notes, Intuit's Quicken, and
many other products. The encryption system is owned by RSA Data Security, now a subsidiary of Security Dynamics. The company licenses the algorithm technologies and also sells development kits. The technologies are part of existing or proposed Web, Internet, and computing standards.
How the RSA System Works
The mathematical details of the algorithm used in obtaining the public and private keys are available at the RSA Web site. Briefly, the algorithm involves multiplying two large prime numbers (a prime number is a number divisible only by that number and 1) and through additional operations deriving a set of two numbers that constitutes the public key and another set that is the private key. Once the keys have been developed, the original prime numbers are no longer important and can be discarded. Both the public and the private keys are needed for encryption /decryption but only the
owner of a private key ever needs to know it. Using the RSA system, the private key never needs to be sent across the Internet.
The private key is used to decrypt text that has been encrypted with the public key. Thus, if I send you a message, I can find out your public key (but not your private key) from a central administrator and encrypt a message to you using your public key. When you receive it, you decrypt it with your private key. In addition to encrypting messages (which ensures privacy), you
can authenticate yourself to me (so I know that it is really you who sent the message) by using your private key to encrypt a digital certificate. When I receive it, I can use your public key to decrypt it.
A table might be help us remember this:-
| To Do This |
Use Whose |
Kind of Key |
| Send an encrypted Message |
receivers |
Public Key |
| Send an encrypted Signature |
senders |
Private Key |
| Dencryt an encrypted Message |
receivers |
Private Key |
| Dencryt an encrypted Signature |
senders |
Public Key and authenticate the sender |
HyperText Transmission Protocol, Secure
HTTPS is a variant of HTTP protocol used by Netscape for handling secure transactions.
The Netscape Navigator supports a URL access method, "https", for connecting to HTTP servers using SSL. "https" is a unique protocol that is simply SSL underneath HTTP. You need to use "https://" for HTTP URLs with SSL, whereas you continue to use "http://" for HTTP URLs without SSL. The default "https" port number is 443, as assigned by the Internet Assigned Numbers Authority.
(SSL) A protocol designed by Netscape Communications Corporation to provide encrypted communications on the Internet. SSL is layered beneath application protocols such as HTTP, SMTP, Telnet, FTP and is layered above the connection protocol TCP/IP. It is used by the HTTPS access method.
SET (Secure Electronic Transaction)
Is a system for ensuring the security of
financial transactions on the Internet. With SET, a user is
given an electronic wallet (digital certificate) and a transaction is conducted
and verified using a combination of digital certificates and digital signatures
among the purchaser, a merchant, and the purchaser's bank in a way that
ensures privacy and confidentiality. SET makes use of Netscape's Secure
Sockets Layer (SSL), Microsoft's Secure Transaction Technology (STT), and Terisa System's
Secure Hypertext Transfer Protocol (S-HTTP). SET uses some but not all aspects of a public
key infrastructure (PKI).