encryption_ssl

toc

=**__Encryption and how it works__**=

Encryption is a method of coding data or message so that if a third party intercepts or [|hacks] into it as it travels over the network, the third party user will not be able to read it as the person(s) intended only have access to the data and have the key to break the code. A common form of encryption is [|cryptography]. Here numbers are used to define each data and the corresponding data represented by the number is available with the receiver so only the receiver knows exactly what the data is. So to a hacker the data sent is nothing but a set of numbers and is meaningless. The primary goal of cryptography is to conceal data to protect it against unauthorized third-party access by applying encryption. The more theoretical or mathematical effort is required for an unauthorized third party to recover data, the stronger is the encryption. Encryption is used while sending emails where the data is encrypted as units. It is also used in [|electronic cash transfer] where the data is encrypted using cryptography to create unforgeable electronic cash tokens. These tokens include a serial number that can be decrypted and saved by the bank accepting the token. Reuse (illegitimate) of the token allows the user to be identified because the serial number will have already been seen in a previous transaction. A schematic diagram of how encryption works is shown below:



= = = = = = = = = = = = = = = = = = = = = = = =

[|Image source] = = = = =__**Secure Sockets Layer and how it works:**__=

SSL is the short for Secure Sockets Layer, a protocol developed by [|Netscape] for transmitting private documents via the Internet. SSL works by using a [|private key] to encrypt data that's transferred over the SSL connection. Both [|Netscape Navigator] and [|Internet Explorer] support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, [|URL] s that require an SSL connection start with https: instead of [|http]. The main features of the SSL is that it enables encryption of sensitive data while transaction over the Internet. Each SSL Certificate contains unique, authenticated information about the certificate owner. Every SSL Certificate is issued by a [|Certificate Authority] that verifies the identity of the certificate owner.

An SSL certificate consists of a public key and a private key. With the help of the public key the confidential information is encrypted and the private key is used to decrypt the information sent. For example when a Web browser points to a secured domain by typing in the address for a website, a Secure Sockets Layer [|handshake] authenticates the server (Web site) and the client (Web browser). When the SSL [|handshake] occurs, the browser requires authentication from the server.An encryption method is established with a unique session key. They can begin a secure session that guarantees message privacy and message integrity while the browser/client is browsing through the site.

SSL technology is mainly used for the following purposes:
 * An online store which takes online orders and credit cards for payment. For example: [|eBay] and [|Walmart]
 * Organization that share confidential information over an [|intranet]. For example multinational companies such as [|Microsoft]
 * Organization that process sensitive data such as address, birth date, license, or ID numbers. For example hospitals,schools.
 * People/organizations comply with privacy and security requirements.

A diagram is given below to show how SSL works.



[|Image source]