See Also   Introduction   Encryption   SSL   SET   Smart Cards   Links   FAQ

The Secure Sockets Layer (SSL) protocol provides several features that make it particularly suitable for use in e-commerce transactions.

Privacy is guaranteed through encryption. Although information can still be intercepted by a third party they will be unable to read them as they have no access to the encryption key.

Integrity is also ensured through encryption. If information is received that will not decrypt properly then the recipient knows that the information has been tampered with during transmission.

The encryption process
Essentially, SSL is secret-key encryption nested within public-key encryption, authenticated through the use of certificates.

The reason that both secret-key and public-key encryption methods are used is because of the relatively slow speed of public-key encryption compared to secret-key encryption. Initially, the client and server exchange public keys, and then the client generates a private encryption key that is used only for this transaction. This is referred to as a session key. The client then encrypts the session key with the server's public key and sends it to the server. Then, for the rest of the transaction, the client and the server can use the session key for private-key encryption.