Posts
I will like to share with you some technologies used for secure transactions online. I will like to explain this terms with also a life scenario.
Secure Sockets Layer (SSL) (Secure Sockets Layer (SSL): A proposed open standard that was developed by Netscape Communications for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers.)
Get information about Secure Sockets Layer (SSL) certificates
When you connect to a commerce website, such as a bank or bookseller, Internet Explorer uses a secure connection that uses Secure Sockets Layer (SSL) technology to encrypt the transaction. The encryption (A way to enhance the security of a message or file by scrambling the contents so that it can be read only by someone who has the appropriate key to unscramble it. ) is based on a certificate that provides Internet Explorer with the information it needs to communicate securely with the website. Certificates (A digital document that verifies the identity of a person or indicates the security of a website. Certificates are issued by trusted companies known as Certification Authorities. ) also identify the website and owner or company.
You can view a certificate to validate the identity of a website before providing personal or financial information to an online business.
Most Webmasters are aware that Netscape Communications Corporation offers secure Web servers, the FastTrack server and the Enterprise server. The security in these products is based on Netscape's low-level encryption scheme, Secure Sockets Layer (SSL). Recall from the section in this chapter entitled "How Do Users Access Your Server?" that the Web is based on TCP/IP. TCP/IP consists of several software "layers"-you can replace the software implementing a layer with a new software component, with out changing the rest of the protocols. SSL is a Network layer encryption scheme. When a client makes a request for secure communications to a secure server, the server opens an encrypted port. The port is managed by software called the SSL Record Layer, which sits on top of TCP. Higher-level software, the SSL Handshake Protocol, uses the SSL Record Layer and its port to contact the client.
The SSL Handshake Protocol on the server arranges authentication and encryption details with the client using public-key encryption. Public-key encryption schemes are based on mathematical "one-way" functions. In a few seconds, anyone can determine that 7 X 19 equals 133. On the other hand, determining that 133 can be factored by 7 and 19 takes quite a bit more work. A user who already has these factors (the "secret key") can decrypt the message easily. Some commercial public-key encryption schemes are based on keys of 1024 bits or more, which should require years of computation to crack. Using public-key encryption, the client and server exchange information about which cipher methods each understands. They agree on a one-time key to be used for the current transmission. The server might also send a certificate (called an X.509.v3 certificate) to prove its own identity.
Mathematically strong encryption schemes are classified by the U.S. Government as "munitions." In general, encryption software and algorithms developed in the U.S. cannot be exported. The U.S. government takes this issue very seriously. Some other nations have policies prohibiting the transmission of encrypted data through their telephone lines. These policies have been the topic of much debate on the Internet and elsewhere.
In many cases, software that is compatible with the strong encryption schemes available in the U.S. has been developed outside the United States, and is available as an "International" version. Be sure to read the license agreement that comes with your software. Users in the U.S. should use the U.S. version, and are restricted from taking (or sending) the product overseas. Users outside the U.S. may be able to use the international version, subject to the laws in their country.
But currently Nigeria has no legal structure for e-commerce activities, I hope our legislators will take note.
In other cases, vendors have weakened the algorithm by reducing the key size from 1024 bits to 128 or even 40 bits, in order to avoid certain government restrictions.
In all cases, check the documentation that came with your browser or server, or get legal advice, to see what you can and cannot do with your software.
In the Netscape browser, a "key" icon in the lower-left corner of the window shows whether a session is encrypted or not. A broken key indicates a non-secure session. A key with one tooth shows that the session is running on a 40-bit key. A key with two teeth shows that a 128-bit key is in use.
End users should not assume that seeing an unbroken key guarantees that their transmission is secure. They also should check the certificate. In Netscape Navigator, you can access this information by choosing View, Document Info. If the certificate is not owned by the organization the users think they're doing business with, they should verify the certificate by calling the vendor.
SSL was developed by Netscape Communications, and is supported by their browsers and servers. Open Market has announced that they will support SSL in their HTTP server. A free implementation of SSL, named SSLeay, serves as the basis for security in Apache and NCSA httpd, as well as in Secure Mosaic.
Hypertext Transfer Protocol Secure (HTTPS)
A protocol that allows Web browsers to retrieve Web pages and information more securely from servers on the World Wide Web. HTTPS provides for the encryption and transmission of information through a special port.
No comments:
Post a Comment