ssl网络数据传输加密协议(SSL network data transmission encryption protocol)
ssl ssl (secure socket layer)
为netscape所研发, 用以保障在internet上数据传输之安全, 利用数据加密 (encryption) 技术, 可确保数据在网络
上之传输过程中不会被截取及窃听.目前一般通用之规格为40 bit之安全标准, 美国则已推出128 bit之更高安全
标准, 但限制出境.只要3.0版本以上之i.e.或netscape浏览器即可支持ssl.
当前版本为3.0.它已被广泛地用于web浏览器与服务器之间的身份认证和加密数据传输. ssl协议位于tcp / ip协议与各种应用层协议之间, 为数据通讯提供安全支持.ssl协议可分为两层: ssl记录协议 (ssl record protocol): 它建立在可靠的传输协议 (如tcp) 之上, 为高层协议提供数据封装、压缩、加密等基本功能的支持. ssl握手协议 (ssl handshake protocol): 它建立在ssl记录协议之上, 用于在实际的数据传输开始前, 通讯双方进行身份认证、协商加密算法、交换加密密钥等.
ssl协议提供的服务主要有:
1) 认证用户和服务器, 确保数据发送到正确的客户机和服务器; 2) 加密数据以防止数据中途被窃取;
漫画廊
3) 维护数据的完整性, 确保数据在传输过程中不被改变.
ssl协议的工作流程:
服务器认证阶段: 1) 客户端向服务器发送一个开始信息 "hello"
以便开始一个新的会话连接; 2) 服务器根据客户的信息确定是否需要生成新的主密钥, 如需要则服务器在响应客户的 "hello" 信息时
将包含生成主密钥所需的信息; 3) 客户根据收到的服务器响应信息, 产生一个主密钥, 并用服务器的公开密钥加密后传给服务器; 4) 服
企业家宣言务器恢复该主密钥, 并返回给客户一个用主密钥认证的信息, 以此
让客户认证服务器.
cielab用户认证阶段: 在此之前, 服务器已经通过了客户认证, 这一阶段
主要完成对客户的认证.经认证的服务器发送一个提问给客户, 客户
魁蒿
则返回 (数字) 签名后的提问和其公开密钥, 从而向服务器提供认证.
从ssl 协议所提供的服务及其工作流程可以看出, ssl协议运行的基础是商家对消费者信息保密的承诺, 这就有利于商家而不利于消费者.在电子商务初级阶段, 由于运作电子商务的企业大多是信誉较高的大公司, 因此这问题还没有充分暴露出来.但随着电子商务的发展, 各中小型公司也参与进来, 这样在电子支付过程中的单一认证问题
就越来越突出.虽然在ssl3.0中通过数字签名和数字证书可实现浏
览器和web服务器双方的身份验证, 但是ssl协议仍存在一些问题, 比如, 只能提供交易中客户与服务器间的双方认证, 在涉及多方的
电子交易中, ssl协议并不能协调各方间的安全传输和信任关系.在这种情况下, visa和 mastercard两大信用卡公组织制定了set协议, 为网上信用卡支付提供了全球性的标准.
https介绍
https (secure hypertext transfer protocol) 安全超文本传输协议
它是由netscape开发并内置于其浏览器中, 用于对数据进行压缩和解压操作, 并返回网络上传送回的结果.https实际上应用了netscape的完全套接字层 (ssl) 作为http应用层的子层. (https 使用端口443, 而不是象http那样使用端口80来和tcp / ip进行通信.
SSL uses the 40 bit keyword as the RC4 stream encryption algorithm, which is suitable for business information encryption. HTTPS and SSL support the use of X.509 digital authentication, and if necessary, the user can confirm who the sender is..
HTTPS is a HTTP channel with security as its goal. It's a safe version of HTTP. That is, adding SSL layer under HTTP, HTTPS security is based on SSL, so the details of encryption, please see SSL.
It is a URI scheme (Abstract identifier system), syntax similar to http: system. HTTP data transmission for security. Https:URL shows that it uses HTTP, but HTTPS has a default port different from HTTP and an encryption / authentication layer (between HTTP and TCP). The initial development of this system was carried out by Netscape Co, providing authentication and encryption communication methods, and now it is widely used in secure and sensitive communications on the world wide web, such as transaction payment.
思梦论坛limit
Its security protection depends on the correct implementation of the browser, and server software, the actual encryption algorithm support
加特纳菌One common misconception is that bank users can fully protect their bank card numbers from theft by using https: online." In fact, in the encrypted connection with the server, only part of the bank card number can be protected, only the connection between the user and the server and the server itself. It's not absolutely sure that the server itself is secure, and this has even been exploited by attackers, and the common example is phishing attacks that mimic the domain names of the attackers.
A few rare attacks occur when the website transfers customer data, and the attacker attempts to eavesdrop on data transmission.
Commercial websites are expected to introduce new special processing programs to the financial gateway as soon as possible and only retain transaction number. But they often store bank card numbers in the same database. A few of those databases and servers may be attacked and damaged by unauthorized users.
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议