SSL (Secure Sockets Layer), and its successor TLS (Transport Layer Security) is for network communication provides the Security and data integrity of a Security agreement. TLS in the transport layer with SSL to network connection for encryption.
Secure Socket Layer (SSL)
For the development, to safeguard Netscape in Internet on the security of data transmission, using data Encryption (Encryption) technology, ensure data on the network of transmission process will not be intercepted and eavesdropping. At present the specification of generic for 40 bit of safety standards, the United States launched 128 bit of myriads higher safety standards, but limit exit. As long as 3.0 version above I.E. or Netscape browser can support SSL.
The current version for 3.0. It has been widely used in Web browser and server between the identity authentication and encrypted data transmission.
SSL protocol is located in the TCP/IP protocol and various application layer protocol for data communications between, provide safety support. SSL Protocol can be divided into two layers: the SSL Record Protocol (SSL Protocol) Record that it is based on reliable transfer Protocol (such as TCP) above, for high-rise protocols that provide the data package, compression, encryption and other basic function of support. SSL handshaking protocols (SSL Protocol Handshake) : it is based on above, used to record the SSL Protocol in actual data transmission, communication on both sides before the start of the identity authentication, negotiate encryption algorithm and exchange encryption key etc.
SSL protocols that provide service mainly include:
1) authentication user and server to ensure data sent to the right and the client server.
2) encrypted data to prevent data midway stolen,
3) maintain integrity of data to ensure data during transmission will not be changed.
SSL protocol workflow:
Server authentication stage: 1) the client to the server sends a message "Hello" to start began a new session connection; 2) server according to customer information to determine whether to need to generate new master key, if need is in response to customer "server" Hello message will include the information needed to generate main key, 3) customers according to receive the server response information, produce a primary key, and server's public key encryption to the server. 4) server resume the Lord keys, and returned to the customer a with the main key authentication information, to let the customer the authentication server.
User authentication stage: previously, server has passed the authentication, this one phase customer finish on customer's main authentication. After the authentication server to send a question to the customer, customer return (number) after signed the questions and its public key, thus to provide the authentication server.
From SSL protocol to provide the services and working flow can be seen, the SSL protocol operation is the foundation of the business to consumer information confidential promises, it is beneficial to merchants and unfavorable to consumers. In the electronic commerce preliminary stage, because run e-commerce enterprises are mostly credibility higher big company, so this problem has not been fully exposed. But with the development of e-commerce, the small and medium-sized companies are also involved in electronic payment process, so that the single authentication problem is more and more outstanding. Although in SSL3.0 through digital signatures and digital certificate can realize the browser and the Web server both identity authentication, but SSL protocol still has some problems, for example, only can provide customers with server trading between both parties involved authentication, in many electronic transactions, coordinates the SSL protocol cannot between safety transmission and trust relationship. In this case, Visa and MasterCard two major credit card male organization established SET agreement for online credit card offers global standards. HTTPS introduction
HTTPS Protocol) Hypertext Secure ('
It is by the Netscape development and placed inside the browser, used for data compression and decompression operation, and returns network upload the returned result. HTTPS actually used Netscape completely socket layer (SSL) as HTTP application-layer son layer. (HTTPS use port 443 and not, as HTTP that use port 80 to communicate with TCP/IP). SSL use 40 keyword as RC4 flow for the encryption algorithm, business information encryption is appropriate. HTTPS and SSL support using x.509 digital authentication, if needed users can confirm the sender is who.
Safety is the goal is HTTPS HTTP channel, simple speak is HTTP safety edition. Namely HTTP joined SSL layer, HTTPS safe foundation is SSL encryption, therefore the detailed content see SSL.
It is a URI scheme (abstract identifier system), syntactic similar HTTP: system. For security HTTP data transmission. HTTPS: URL that it USES the HTTP, but different from the existing HTTPS default port and an HTTP encryption/identity authentication layer (in HTTP and TCP between). This system initially r&d by netscape, provides the identity authentication and encryption communication method, now it is widely used in the world wide web security communication, such as trade sensitive pay.
limit
It's safe protection rely on the browser's correct implementation and server software, actual encryption algorithm support.
A common misconception is "bank users online use HTTPS: can fully thoroughly safeguard their bank card is not theft." In fact, the encrypted connection with the server can protect bank card number of parts, only the connection between the user to the server and server itself. And we can't really ensure server she is safe, it has even by an attacker using, common example is imitation Banks domain fishing attack. A few rare attack in the website transmission occurs when the customer data, the attacker try eavesdropping on the transmission of data.
Commercial web sites are expected to rapidly introduce new special processing program as soon as possible to the financial gateway and retain only transmission yards. But they often storage bank card number in the same data bank. The database server and a few cases may be unauthorized users attack and damage.
Secure Socket Layer (SSL)
For the development, to safeguard Netscape in Internet on the security of data transmission, using data Encryption (Encryption) technology, ensure data on the network of transmission process will not be intercepted and eavesdropping. At present the specification of generic for 40 bit of safety standards, the United States launched 128 bit of myriads higher safety standards, but limit exit. As long as 3.0 version above I.E. or Netscape browser can support SSL.
The current version for 3.0. It has been widely used in Web browser and server between the identity authentication and encrypted data transmission.
SSL protocol is located in the TCP/IP protocol and various application layer protocol for data communications between, provide safety support. SSL Protocol can be divided into two layers: the SSL Record Protocol (SSL Protocol) Record that it is based on reliable transfer Protocol (such as TCP) above, for high-rise protocols that provide the data package, compression, encryption and other basic function of support. SSL handshaking protocols (SSL Protocol Handshake) : it is based on above, used to record the SSL Protocol in actual data transmission, communication on both sides before the start of the identity authentication, negotiate encryption algorithm and exchange encryption key etc.
SSL protocols that provide service mainly include:
1) authentication user and server to ensure data sent to the right and the client server.
2) encrypted data to prevent data midway stolen,
3) maintain integrity of data to ensure data during transmission will not be changed.
SSL protocol workflow:
Server authentication stage: 1) the client to the server sends a message "Hello" to start began a new session connection; 2) server according to customer information to determine whether to need to generate new master key, if need is in response to customer "server" Hello message will include the information needed to generate main key, 3) customers according to receive the server response information, produce a primary key, and server's public key encryption to the server. 4) server resume the Lord keys, and returned to the customer a with the main key authentication information, to let the customer the authentication server.
User authentication stage: previously, server has passed the authentication, this one phase customer finish on customer's main authentication. After the authentication server to send a question to the customer, customer return (number) after signed the questions and its public key, thus to provide the authentication server.
From SSL protocol to provide the services and working flow can be seen, the SSL protocol operation is the foundation of the business to consumer information confidential promises, it is beneficial to merchants and unfavorable to consumers. In the electronic commerce preliminary stage, because run e-commerce enterprises are mostly credibility higher big company, so this problem has not been fully exposed. But with the development of e-commerce, the small and medium-sized companies are also involved in electronic payment process, so that the single authentication problem is more and more outstanding. Although in SSL3.0 through digital signatures and digital certificate can realize the browser and the Web server both identity authentication, but SSL protocol still has some problems, for example, only can provide customers with server trading between both parties involved authentication, in many electronic transactions, coordinates the SSL protocol cannot between safety transmission and trust relationship. In this case, Visa and MasterCard two major credit card male organization established SET agreement for online credit card offers global standards. HTTPS introduction
HTTPS Protocol) Hypertext Secure ('
It is by the Netscape development and placed inside the browser, used for data compression and decompression operation, and returns network upload the returned result. HTTPS actually used Netscape completely socket layer (SSL) as HTTP application-layer son layer. (HTTPS use port 443 and not, as HTTP that use port 80 to communicate with TCP/IP). SSL use 40 keyword as RC4 flow for the encryption algorithm, business information encryption is appropriate. HTTPS and SSL support using x.509 digital authentication, if needed users can confirm the sender is who.
Safety is the goal is HTTPS HTTP channel, simple speak is HTTP safety edition. Namely HTTP joined SSL layer, HTTPS safe foundation is SSL encryption, therefore the detailed content see SSL.
It is a URI scheme (abstract identifier system), syntactic similar HTTP: system. For security HTTP data transmission. HTTPS: URL that it USES the HTTP, but different from the existing HTTPS default port and an HTTP encryption/identity authentication layer (in HTTP and TCP between). This system initially r&d by netscape, provides the identity authentication and encryption communication method, now it is widely used in the world wide web security communication, such as trade sensitive pay.
limit
It's safe protection rely on the browser's correct implementation and server software, actual encryption algorithm support.
A common misconception is "bank users online use HTTPS: can fully thoroughly safeguard their bank card is not theft." In fact, the encrypted connection with the server can protect bank card number of parts, only the connection between the user to the server and server itself. And we can't really ensure server she is safe, it has even by an attacker using, common example is imitation Banks domain fishing attack. A few rare attack in the website transmission occurs when the customer data, the attacker try eavesdropping on the transmission of data.
Commercial web sites are expected to rapidly introduce new special processing program as soon as possible to the financial gateway and retain only transmission yards. But they often storage bank card number in the same data bank. The database server and a few cases may be unauthorized users attack and damage.
No comments:
Post a Comment