3. • Web now widely used by business, government, individuals.
• but Internet & Web are vulnerable.
• have a variety of threats.
• need added security mechanisms.
SSL for E-Commerce3
4. • It is introduced in 1995 by as a components of its popular
Navigator browser and as a means of providing privacy with
respect to information being transmitted between a user’s browser
and the target server, typically that of a merchant.
• A channel is the two way-way communication stream established
between the browser and the server, and the definition of a
channel security indicates three basic requirements:
SSL for E-Commerce4
9. • Change Cipher Spec Protocol layer in SSL.
• one of 3 SSL specific protocols which use the SSL Record protocol.
• The change cipher spec message is sent by both the client and
server.
• The message consists of a single byte of value 1.
• The change cipher spec message is normally sent at the end of the
SSL handshake.
SSL for E-Commerce9
10. • Each message in this protocol consists of two bytes (Figure). The first byte takes
the value warning(1) or fatal(2) to convey the severity of the message.
SSL for E-Commerce10
11. • Allows server & client to:
• comprises a series of messages in phases
SSL for E-Commerce11
14. • SSL is Everywhere!
• And much more!!
SSL for E-Commerce14
15. • Alexa Top 1M Sites
SSL for E-Commerce15
12%
88%
Info Graphic
ssl
no sll
16. • In Ecommerce whether with SSL or SET, usually uses payment credit
and debit card infrastructure.
• The three major players in this infrastructure: customers, merchants
and financial institutions.
• We will see that SSL provides security for communication between
the first two players (the customer and the merchant), while SET
provides security for communication among all three players.
SSL for E-Commerce16
17. • Amazon
• ebay
• Paypal
• payoneer
• And more ..
SSL for E-Commerce17