SSL stands for Secure Sockets Layer and SSL is a network security protocol that enables secure server communication of data. Originally developed by Netscape, SSL encryption was developed to make sure that transmission of personal data, like credit card information, could be undertaken with certain knowledge of online identities. SSL encrypts data it transmits with the purpose being to prevent any message that might be intercepted from being decoded.
SSL was developed up to version 3.0, and then the Internet Engineering Task Force (IETF) continued development into a variation called Transport Layer Security or TLS. The most recent version, TLS 1.2, is also referred to as SSL 3.3.The aim of the TLS project was to bypass some security issues that were identified in earlier SSL versions.
The type of encryption used in SSL is called Public-Key Encryption or Public Key Cryptography (PKC) or Asymmetric Encryption. Asymmetric encryption employs two keys in the process. One key is used for encryption, while the other is used for decryption. In this important point, it differs from another network cryptography system called Symmetric Key Encryption or Secret Key Cryptography (SKC), which uses only a single key for encryption and decryption.
The Asymmetric encryption system used in SSL is linked to the use of digital certificates, which carry the public key for the website that is certified. Certification authorities, such as VeriSign and Thawte, carry out the fact-checking that precedes the issuance of such a certificate. Certificates can be based on more or less extensive research leading to greater or lesser indications that the holder should be trusted.
How SSL Encryption Works
Let’s use the example of a customer wanting to make an online purchase with a credit card, one of the chief uses of SSL encryption. When the customer begins the check out process, the customer’s browser contacts the web server from which the online merchant’s site is served, and asks for identification of the website. The server supplies a copy of the site’s SSL certificate to the browser. Using listings provided by the Certification Authorities, the browser checks to see if the SSL certificate is trustworthy. If the SSL certificate checks out, the browser returns a message to the server that includes a session key that is encrypted using the public key in the SSL certificate. If it does not check out, the browser supplies a message to the customer indicating that the digital certificate has a problem and asking the customer whether he or she wishes to continue.
The private key of the online merchant’s website is used by the server to decrypt the communication, and a secure communication is now established in both directions between the customer’s browser and the server of the online merchant and between the server and the browser. As a sign of this, the customer will now see a webpage with https (rather that http) in the URL, and, if the online merchant has a digital certificate with the most demanding form of certification – Extended Validation – the customer will see a green bar.