SSL Encryption

128-bit SSL (Secure Sockets Layer) gives you the highest level of protection possible whenever you use credit cards or make other financial or confidential transactions over the Internet.

Encryption levels come in two types: 40-Bit, 56-Bit and 128-Bit. The primary difference between the types is the strength of the SSL session that each enables, with 128-Bit being virtually unbreakable.

The process of communicating over a secure connection is begun by establishing an SSL 'handshake'. This allows the server to authenticate itself to the browser user, and then permits the server and browser to cooperate in the creation of the symmetric keys used for encryption, decryption and tamper detection. The process which occurs between visiting browser and web server is as follows :-

  • A visitor contacts a site and accesses a secured URL - a page secured by a Server ID (indicated by a URL that begins with 'https:' instead of just 'http:', or by a message from the browser). This might typically be an online order form collecting private information from the customer, such as address, phone number and credit card number or other payment information.
  • The customer's browser automatically sends the server the browser's SSL version number, cipher settings, randomly generated data and other information the server needs to communicate with the client using SSL.
  • The server responds, automatically sending the customer's browser the site's digital certificate, along with the server's SSL version number, cipher settings, etc.
  • The customer's browser examines the information contained in the server's certificate and verifies that :-
    • The server certificate is valid and has a valid date
    • The issuing CA's (Certificate Authority) public key, built into the browser, validates the issuer's digital signature
    • The domain name specified by the server certificate matches the server's actual domain name
  • If the server cannot be authenticated, the user is warned that an encrypted, authenticated connection cannot be established.
  • If the server can be successfully authenticated, the customer's Web browser generates a unique 'session key' to encrypt all communications with the site using asymmetric encryption.
  • The user's browser encrypts the session key itself with the site's public key, so that only the site can read the session key, and sends it to the server.
  • The server decrypts the session key using its own private key.
  • The browser sends a message to the server informing it that future messages from the client will be encrypted with the session key.
  • The server then sends a message to the client informing it that future messages from the server will be encrypted with the session key.
  • An SSL-secured session is now established. SSL then uses symmetric encryption, which is much faster than asymmetric PKI (Public Key Infrastructure) encryption, to encrypt and decrypt messages within the SSL-secured 'pipeline.'
  • Once the session is complete, the session key is eliminated. It all takes only seconds and requires no action by the user.

 

 

Influential Computers is a family run IT Consultancy, situated on the Oxfordshire Berkshire border near Reading, England.

Page updated 03/08/2014 20:42:10
    Copyright © 1999-2024 Influential Computers All Rights Reserved