SSL- Secure Socket Layer
SSL is a cryptographic protocol, usually associated with financial transactions between a client and a server.¬† It is recognized by seeing https rather than http in the beginning of the URL.¬† It was developed by the Netscape Corporation in 1995, but not really considered reliable until 1996 when version 3.0 was released, closing some security loopholes that were found in version 2.0.¬† Cryptographic means that it is information that has been mathmatically scrambled in order to avoid theft or interruption of the information.¬† A protocol is a collection of procedures or layers that are used in the process of communicating any kind of information electronically.¬† So, to put it simply, a cryptographic protocol is a digital secret message.¬† SSL is a way to code this information so that it cannot be stolen.¬† However, since we cannot see the people we are working with via the internet, we don’t know for sure that we are dealing with someone trustworthy.¬† Without SSL, the only way to ensure security would be to actually meet with the person, make sure they are legitimate and then place your order.¬† Obviously, this isn’t feasible when you are considering online purchases.¬† This is where SSL comes into play.¬† It is both very simple, but also very complicated.
First, let’s try to approach this from the more technical side.¬† SSL uses both public and private encryption to handle the confidential information.¬† A web browser uses a Certificate Authority (CA) to prove that a web server is who they say they are by them sending their certificate to the browser.¬† After it is received, the browser make a new encrypted “session key” using a public key for that site.¬† This allows the information to only be used by one person, the person with both the public and private key.¬† Even just thinking about it confuses me a little.
The simplicity in it lies in its ability to provide quality encryption in just a few short seconds.¬† By using a public key, everyone has 1/2 of the information at all times.¬† However the private key is held by only one person, so only they can open the information.¬† There is a short video on youtube, released by Discovery Science, that explains this much better than I can.¬† Click HERE to be redirected to it.
Essentially what it explains is that the client in a transaction must send their information securely, so they need to have the server encrypt the information for them, so that only the server can process the information.¬† The third party Certificate Authority provides a service to make sure that each person is who they say they are throughout the process.¬† The public key information enables it to be an openly used form of information transfer over a somewhat unsecure internet, but the private key allows it to only be opened by the person who needs the information and provided the encryption information.¬† According to some sources, using¬† today’s technology, most SSL private key encryptions could not be deciphered in less than a trillion-trillion years.¬† That is quite a statement about how robust this form of encryption is.¬† Plus, since the only party that can access the information is the party that built the private encryption, there is very little room for error, but nothing is completely 100% perfect.