** Know More About Secure Sockets Layer (SSL). by ROCKY13 2010/02/27 12:08
** Know More About Secure Sockets Layer (SSL).
** Know More About Secure Sockets Layer (SSL).
ROCKY13 2010/02/27 12:09
Secure Sockets Layer
(SSL) is the most widely
used technology for
providing a secure
communication between
the web client and the
web server. Most of us are
familiar with many sites
such as Gmail, Yahoo
etc. using https protocol
in their login pages. When
we see this, we may
wonder what s the
difference between http
and https. In simple
words HTTP protocol is
used for standard
communication between
the Web server and the
client. HTTPS is used for a
SECURE communication.
Secure Sockets Layer
(SSL) is the most widely
used technology for
providing a secure
communication between
the web client and the
web server. Most of us are
familiar with many sites
such as Gmail, Yahoo
etc. using https protocol
in their login pages. When
we see this, we may
wonder what s the
difference between http
and https. In simple
words HTTP protocol is
used for standard
communication between
the Web server and the
client. HTTPS is used for a
SECURE communication.
ROCKY13 2010/02/27 12:09
What exactly is
Secure
Communication ?
Suppose there exists two
communication parties A
(client) and B (server).
What exactly is
Secure
Communication ?
Suppose there exists two
communication parties A
(client) and B (server).
ROCKY13 2010/02/27 12:10
Working of HTTP
When A sends a message
to B, the message is sent
as a plain text in an
unencrypted manner. This
is acceptable in normal
situations where the
messages exchanged are
not confidential. But
imagine a situation where
A sends a PASSWORD to
B. In this case, the
password is also sent as a
plain text. This has a
serious security problem
because, if an intruder
(hacker) can gain
unauthorised access to
the ongoing
communication
between A and B , he
can see the PASSWORDS
since they remain
unencrypted.
Working of HTTP
When A sends a message
to B, the message is sent
as a plain text in an
unencrypted manner. This
is acceptable in normal
situations where the
messages exchanged are
not confidential. But
imagine a situation where
A sends a PASSWORD to
B. In this case, the
password is also sent as a
plain text. This has a
serious security problem
because, if an intruder
(hacker) can gain
unauthorised access to
the ongoing
communication
between A and B , he
can see the PASSWORDS
since they remain
unencrypted.
ROCKY13 2010/02/27 12:10
Now lets see the
working of HTTPS
When A sends
a PASSWORD (say
mypass) to B, the
message is sent in an
encrypted format. The
encrypted message is
decrypted on Bs side. So
even if the Hacker gains
an unauthorised access to
the ongoing
communication between
A and B he gets only the
encrypted
password (xz54p6kd)
and not the original
password.
Now lets see the
working of HTTPS
When A sends
a PASSWORD (say
mypass) to B, the
message is sent in an
encrypted format. The
encrypted message is
decrypted on Bs side. So
even if the Hacker gains
an unauthorised access to
the ongoing
communication between
A and B he gets only the
encrypted
password (xz54p6kd)
and not the original
password.
ROCKY13 2010/02/27 12:12
How is HTTPS
implemented ?
HTTPS is implemented
using Secure Sockets
Layer (SSL).A website can
implement HTTPS by
purchasing an SSL
Certificate. Secure
Sockets Layer (SSL)
technology protects a
Web site and makes it
easy for the Web site
visitors to trust it. It has
the following uses
How is HTTPS
implemented ?
HTTPS is implemented
using Secure Sockets
Layer (SSL).A website can
implement HTTPS by
purchasing an SSL
Certificate. Secure
Sockets Layer (SSL)
technology protects a
Web site and makes it
easy for the Web site
visitors to trust it. It has
the following uses
ROCKY13 2010/02/27 12:13
1. An SSL Certificate enables
encryption of sensitive
information during online
transactions.
2. Each SSL Certificate
contains unique,
authenticated
information about the
certificate owner.
3. A Certificate Authority
verifies the identity of the
certificate owner when it
is issued.
1. An SSL Certificate enables
encryption of sensitive
information during online
transactions.
2. Each SSL Certificate
contains unique,
authenticated
information about the
certificate owner.
3. A Certificate Authority
verifies the identity of the
certificate owner when it
is issued.
ROCKY13 2010/02/27 12:14
How Encryption Works ?
Each SSL Certificate
consists of a Public key
and a Private key. The
public key is used to
encrypt the information
and the private key is
used to decrypt it. When
your browser connects to
a secure domain, the
server sends a Public key
to the browser to perform
the encryption. The public
key is made available to
every one but the private
key(used for decryption) is
kept secret. So during a
secure communication,
the browser encrypts the
message using the public
key and sends it to the
server. The message is
decrypted on the server
side using the Private key
(Secret key).
How Encryption Works ?
Each SSL Certificate
consists of a Public key
and a Private key. The
public key is used to
encrypt the information
and the private key is
used to decrypt it. When
your browser connects to
a secure domain, the
server sends a Public key
to the browser to perform
the encryption. The public
key is made available to
every one but the private
key(used for decryption) is
kept secret. So during a
secure communication,
the browser encrypts the
message using the public
key and sends it to the
server. The message is
decrypted on the server
side using the Private key
(Secret key).
ROCKY13 2010/02/27 12:14
How to identify a
Secure Connection ?
In Internet Explorer, you
will see a lock icon in
the Security Status bar.
The Security Status bar is
located on the right side
of the Address bar.You
can click the lock to view
the identity of the
website.
How to identify a
Secure Connection ?
In Internet Explorer, you
will see a lock icon in
the Security Status bar.
The Security Status bar is
located on the right side
of the Address bar.You
can click the lock to view
the identity of the
website.
ROCKY13 2010/02/27 12:15
In high-security browsers,
the authenticated
organization name is
prominently displayed and
the address bar
turns GREEN when an
Extended Validation SSL
Certificate is detected. If
the information does not
match or the certificate
has expired, the browser
displays an error message
or warning and the status
bar may turn RED.
In high-security browsers,
the authenticated
organization name is
prominently displayed and
the address bar
turns GREEN when an
Extended Validation SSL
Certificate is detected. If
the information does not
match or the certificate
has expired, the browser
displays an error message
or warning and the status
bar may turn RED.
ROCKY13 2010/02/27 12:15
So the bottom line is,
whenever you perform an
online transaction such as
Credit card payment,
Bank login or Email
login always ensure that
you have a secure
communication. A secure
communication is a must
in these
situations.Otherwise there
are chances of Phishing
using a Fake login Page.
I Hope this helps.Please
pass your comments.
So the bottom line is,
whenever you perform an
online transaction such as
Credit card payment,
Bank login or Email
login always ensure that
you have a secure
communication. A secure
communication is a must
in these
situations.Otherwise there
are chances of Phishing
using a Fake login Page.
I Hope this helps.Please
pass your comments.
#69 Phones/PCs/Apps
For phones, computing, consoles, gadgets, & internet talk, plus share apps & other files.