SECURE SOCKETS LAYERSSECURE TRANSACTIONS ON THE INTERNETIMOS 1998 |
The advent of the Internet is more than a revolution in the field of communications.
Its social and economic consequences are parts of the 1990's business landscape.The rise of electronic commerce
and the changing consumer processes brought about through electronic
communities are likely to lead to a new wave of reengineering, mergers
and acquisitions. Moreover, organisations may expand into new business areas, taking on roles
unforeseen prior to the rise of the Web.
For example: a well known american magazine publisher, Conde Naste, has moved into the travel business; Bill Gates is now an electronic real estate agent; and a recruitment advertising agency, Bernard Hodes, has now become an electronic recruitment company.Over recent years information
technology has experienced an unprecedented degree of change, enabling
the transformation of the basic mechanisms of business. This transformation
is accelerating, and is supported by new computer based
applications to facilitate business processes, new systems to capture
customers information and new methods of communication, within and between organisations and
their customers or suppliers.Within the coming years we will see the emergence of secure, cost-effective
electronic payment systems to augment these technologies. In future years
this combination will be seen as the starting point for Electronic
Commerce, the most fundamental change in trade since paper money was
invented.The rise of the Internet Ecommerce, since the advent of the World Wide Web, has provided an easy to use communication channel for businesses to contact current and potential customers. The emergence of the Internet as a general communication channel has also given rise to the possibility of widespread electronic commerce. Even though there is still much debate relating to electronic payment for commercial activities, this is clearly an area of growth.It is difficult to say how large the
Internet is. Janet Komblum, Staff Writer for CNET NEWS, mentions in a study
that - "By the end of 1997, 18 percent of all households will be hooked up to the Net,
up from 13 percent last year. And by the year 2001, that number will rise to 38 percent.In an article in USA TODAY, April 16, 1998, it is reported on a
first major study of the economic impact of the Internet, that Net traffic
is doubling every hundred days and electronic commerce should reach
$300 billion by 2002.
More than 100 million people are now on line, according to the wide-ranging
report. The "digital economy" is growing at double the rate of the overall
economy and represents more than 8% of the gross american domestic product.
In 1996, the latest figures available, the auto industry represented 3.1% of
GDP; information technology represented more than 6%. An other interesting comparison shows that while radio took 30 years to reach
an audience of 50 million, and TV took 13, the Internet took just four years.
Ten million people in the USA and Canada had bought something on line by
the end of 1997, an increase from 4.7 million six months before. Business and financial transactions made on the web cannot be ignored. Therefore, the security issue had to be addressed.Companies may want to send encrypted messages and authenticate received messages to protect
their corporate information. Still, many users are reluctant to give personal and important information such as bank account number
or credit cards numbers when purchasing over the Internet.Web security is a complex topic, encompassing computer
system security, network security, authentication services, message validation, personal
privacy issues, and cryptography.There are many security-enabled
products available on the market. The topic of this document will be
about SSL or Secure Socket Layer, software developed by Netscape Communications Corporation to provide security and privacy over the Internet.What is SSL?SSL is an open, nonproprietary protocol. It has been submitted to the W3 Consortium working group on security for consideration as a standard security approach for World Wide Web browsers and servers on the Internet.The SSL Handshake Protocol
is the technology that allows companies and individuals to accept information
securely from the internet.The SSL Protocol is able to negotiate
encryption keys as well as authenticate the server before data is exchanged
by the higher-level application. The SSL protocol maintains the security
and integrity of the transmission channel by using encryption,
authentication and message authentication codes.
Using SSL keeps other people from stealing important information such as
passwords, credit card numbers, and social security numbers.SSL is a protocol allowing protocols like HTTP, FTP, and Telnet to be layered
on top of it transparently.
SSL protocol consists of two phases, server authentication and client authentication,
with the second phase being optional.In the first phase, the server, in response to a client's request,
sends its certificate and its cipher preferences. The client then generates
a master key, which it encrypts with the server's public key, and transmits
the encrypted master key to the server. The server recovers the master key
and authenticates itself to the client by returning a message encrypted with
the master key. Subsequent data is encrypted with keys derived from this
master key.In the optional second phase, the server sends a challenge
to the client. The client authenticates itself to the server by returning
the client's digital signature on the challenge, as well as its public-key
certificate.What is Encryption?Encryption is the transformation of data into some unreadable
form. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended,
even those who can see the encrypted data.What is Decryption?Decryption is the reverse of encryption; it is the transformation of
encrypted data back into some intelligible form.What is Cryptography?Cryptography is a process that provides mechanisms for procedures such as encrytion et decryption, digital signature, etc...
Juliet wishes to send a secret message to Romeo. She looks up Romeo's public
key in a directory, uses it to encrypt the message and sends it off. Romeo then uses his private key to decrypt the message and read it. No one listening in can decrypt the message.
Anyone can send an encrypted message to Romeo but only Romeo can read it.Netscape has formed strategic partnerships with developers and corporations that are leaders in the web-based security industry. The following companies offer products that support Netscape's security strategy.|
|
Authority Services |
Products |
|
| Axent Technologies | Single sign on | ||
| BelSign | |||
| Bull | Smart cards | ||
| Certisign | |||
| Chrysalis-ITS | Smart cards | ||
| Consensus Development Corp. | SSL | ||
| Datakey | Smart cards | ||
| Entrust Technologies | |||
| Gemplus | Smart cards | ||
| Gradient Technologies | Single sign on | ||
| GTE | |||
| Intel | CDSA | ||
| Internet Publishing Services (IPS) | |||
| JavaSoft | Java | ||
| Litronic | Smart cards | ||
| RSA Data Security | PKCS #11 | ||
| Schlumberger | Smart cards | ||
| Security Dynamics | Single sign on | ||
| Thawte Consulting | |||
| Vasco Data Security | Smart cards | ||
| VeriSign | |||
| Zoomit | Single sign on |
Netscape Communicator includes a comprehensive Security Advisor, available from the Communicator toolbar. Simply click the Security button to view security information on digital certificates, Java applet privileges, secure email, private key password, SSL browsing, and much more. The Security Advisor provides you with detailed information on each component of Communicator's security capabilities.http//www.worldorder.com/html/demo_ssl.htmlTo be part of the survey go to:
http://detel.com/secdemo.html
http://www.hermes.bus.umich.edu/cgi-bin/spsurvey/questi.plOnline Security and Privacy Survey (a research project at the University of Michigan Business School): this survey collects the concerns of Web users about the security of their online financial transactions.
http://home.netscape.com/eng/US-current/
There is a revolution about to happen. Adapting to the challenges which will arise requires new strategies, the strategies of revolution.In the Web, the customer will almost know more about supplier than the supplier about the customer. The Web will provide an environment where individual actors will co-ordinate their activities - evolving and adapting their processes and information systems.Virtual communities have emerged on the Internet within which rules are enforced. In these areas companies are performing the functions that governments are not yet fulfilling. For a fee or by contract, they can protect the rights of on-line property, just as the 11th Century merchants did with gold.Security is a baseline requirement for network computing. Privacy, authentication, authorization,
and integrity are all important elements of any security strategy and work to defend against the
threats of eavesdropping, manipulation, and impersonation.