Processing secure transactions online is made possible by SSL, a security protocol developed by Netscape. Read on for more.
|What is SSL or Secure Sockets Layer?
"SSL" stands for Secure Sockets Layer. It is a security protocol that encrypts all of your connections with a web server. SSL thwarts eavesdroppers who could "sniff" your internet packets for sensitive information such as passwords and credit card numbers. Thus, SSL has made on-line commerce viable for all web users.
SSL was designed by Netscape and was originally incorporated into the company's web server and web browser software. Since then, SSL has been included in products from every major developer of web software.
Netscape defines its product as follows:
Netscape Communications has designed and specified a protocol for providing data security layered between application protocols (such as HTTP, Telnet, NNTP, or FTP) and TCP/IP. This security protocol, called Secure Sockets Layer (SSL), provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection.
SSL will enable a Web site visitor's browser to connect and transparently negotiate a secure communication channel. Once this connection has been made, information can be exchanged with theoretically no chance of any unauthorized third party interpreting the data.
How does SSL work?
Quoting from the technical specifications of Netscape Data Security:
SSL provides a security "handshake" that is used to initiate the TCP/IP connection. This handshake results in the client and server agreeing on the level of security they will use, and fulfills any authentication requirements for the connection. Thereafter, SSL's only role is to encrypt and decrypt the bytestream of the application protocol being used (for example, HTTP, NNTP, or Telnet). This means that all the information in both the HTTP request and the HTTP response are fully encrypted, including the URL the client is requesting, any submitted form contents (including things like credit card numbers), any HTTP access authorization information (usernames and passwords), and all the data returned from the server to the client.
Netscape has created a server software package called the Netscape Directory for Secure E-Commerce. The Netscape Directory for Secure E-Commerce implements server-side support for HTTP over SSL including support for acquiring a server certificate and communicating securely with SSL-enabled browsers like Netscape Navigator. There are also other, similar products from companies besides Netscape; these products include Stronghold, Zeus, and Apache SSL.
Even after the server software is installed and operating on a particular system, the site is still not in secure mode. There remains one essential step necessary to insure that the server has the proper security verification: the registration of that site's encrypted key pair, generated by an encryption authority (such a VeriSign). Without having an installed verified encrypted key pair, the site is no more secure than any other Web server.
The restriction for utilizing SSL or a SSL-enabled product is a propriety one... i.e. it requires specific browser software to fully integrate all of the encryption schemes necessary to maintain security.
The following browsers are security enabled:
Netscape Navigator (UNIX/Mac version 1.12 and later or Windows version 1.22 and later)
IBM Internet Connection Secure WebExplorer (version 1.1) for OS/2
Delrina Cyberjack Web (version 7.00)
Prodigy Web Browser (version 1.4b)
InternetMCI (version 1.0)
Microsoft's Internet Explorer
and Hot Java