Home >Common Problem >What protocols are mainly used for encryption mechanisms
What protocol is mainly used for encryption mechanism?
The SSL protocol is mainly used for encryption mechanism. SSL (Secure Sockets Layer) and its successor Transport Layer Security (TLS) are a security protocol that provides security and data integrity for network communications. TLS and SSL encrypt network connections between the transport layer and the application layer.
Workflow
Server authentication phase:
1) The client sends a start message "Hello" to the server to start a new session connection ;
2) The server determines whether it needs to generate a new master key based on the client's information. If necessary, the server will include the information required to generate the master key when responding to the client's "Hello" message;
3) The client generates a master key based on the server response information received, encrypts it with the server's public key and sends it to the server;
4) The server replies with the master key and returns Give the client a message authenticated with the master key, allowing the client to authenticate to the server.
User authentication phase: Before this, the server has passed the client authentication. This phase mainly completes the authentication of the client. The authenticated server sends a question to the client, and the client returns the (digitally) signed question and its public key, thereby providing authentication to the server.
The secure channel provided by the SSL protocol has the following three characteristics:
Confidentiality: The SSL protocol uses a key to encrypt communication data.
Reliability: Both the server and the client will be authenticated, client authentication is optional.
Integrity: The SSL protocol will check the integrity of the transmitted data.
It can be seen from the services and workflow provided by the SSL protocol that the basis for the operation of the SSL protocol is the merchant's commitment to keeping consumer information confidential, which is beneficial to the merchant and not conducive to consumers.
In the initial stage of e-commerce, since most of the companies operating e-commerce are large companies with high reputations, this problem has not yet been fully exposed. However, with the development of e-commerce, various small and medium-sized companies have also participated, so the problem of single authentication in the electronic payment process has become more and more prominent.
Although in SSL3.0, digital signatures and digital certificates can achieve identity authentication between the browser and the Web server, the SSL protocol still has some problems. For example, it can only provide authentication between the client and the server in the transaction. Two-party authentication. In electronic transactions involving multiple parties, the SSL protocol cannot coordinate the secure transmission and trust relationship between the parties.
In this case, the two major credit card companies, Visa and MasterCard, developed the SET protocol to provide a global standard for online credit card payment.
The above is the detailed content of What protocols are mainly used for encryption mechanisms. For more information, please follow other related articles on the PHP Chinese website!