The Internet can be used for electronic communication. Those who use the Internet for this purpose, on occasion, have the need for that communication to be secure. Secure communication can be ensured by the use of a secure channel. A secure channel will provide three things for the user: authentication of those involved in the communication, confidentiality of the information exchanged in communication, and integrity of the information exchanged in the communication.
Internetworking concepts necessary for e-commerce Clients and Servers
The World Wide Web (WWW or Web) is implemented by means of the interconnection of networks of computer systems. This interconnection provides information and services to users of the Web. Computer systems in this interconnection of networks that provide services and information to users of computer systems are called Web servers. Computer systems that request services and information using software called Web browsers. The communication channel between the Web browser (client) and Web server (server) may be provided by an Internet service provider (ISP) that allows access to the communication channel for both the server and client. The communication of the client with a server follows a request/response paradigm. The client, via the communication channel, makes a request to a server and the server responds to that request via a communication channel.
The OSI Model and TCP/IP
The open system interconnection model defined by the International Standards Organization (ISO) is a seven-layer model that specifies how a message is to be constructed in order for it to be delivered through a computer network communication channel. This model is idealized. In practice, few communication protocols follow this design. General description of each layer of the model. The sender of the message, either a request or a response message, provides input to the application layer
Cryptographic concepts used in SSL and TLS
Encryption is the process of converting plaintext (readable text) into ciphertext (unreadable text). Decryption is the process of converting ciphertext into plaintext. Usually, this is done by means of a publicly known algorithm and a shared key. Encryption is vital in providing message confidentiality, client/server authentication, and message integrity. There are two methods of encryption: symmetric or private-key and asymmetric or public-key. Each method of encryption has its particular use. Symmetric encryption is used for the encryption of the messages exchanged between a client and a server, whereas asymmetric encryption will be used to exchange the common keys used by clients and servers in their symmetric encryption process. Asymmetric encryption may also be used for the encryption of messages.
There are two means to carry out key sharing. One is “key exchange” where one side of the message exchange pair generates a symmetric key and encrypts it with the public key of the private/public key pair of the other side. The other technique of key sharing is “key agreement.” In this technique, each side of the message exchange pair cooperates to generate the same key that will be used for symmetric encryption. The RSA public key algorithm can be used for the key exchange technique. The Daffier Hellman public algorithm can be used for the key agreement technique. The details of these algorithms are discussed elsewhere in this text
To establish an SSL connection, the client (browser) opens a connection to a server port. The browser sends a “client hello” message—Step 1. A client hello message contains the version number of SSL the browser uses, the ciphers and data compression methods it supports, and a random number to be used as input to the key generation process.