Current location - Quotes Website - Signature design - Explain the difference between set protocol and ssl protocol with examples
Explain the difference between set protocol and ssl protocol with examples

Both are used in e-commerce

Network

security protocols. All can ensure the security, confidentiality and integrity of transaction data.

SSL is called the Secure Sockets Layer protocol. It is the earliest used in the world and has become an industrial standard. However, its basis is the merchant's commitment to keeping customer information confidential, so it is beneficial to the merchant but not to the customer.

SET, called Secure Electronic Transaction Protocol, is an open specification established to ensure the security of credit card payments during online transactions on the Internet. Because its objects include consumers, merchants, card-issuing banks, acquiring banks, payment gateways, and authentication centers, it is equally beneficial to consumers and merchants. It is increasingly recognized by everyone and will become the standard for future e-commerce.

In recent years, the IT industry and the financial industry have jointly launched many more effective security transaction standards. The main ones are:

(1) Secure Hypertext Transfer Protocol (S-HTTP): Relying on the encryption of key pairs to ensure the security of transaction information transmission between Web sites.

(2) Secure Socket Layer (SSL: Secure Socket Layer) is a secure communication protocol launched by Netscape. It is a protocol that encrypts the entire session between computers. Provides encryption, authentication services and message integrity. It can provide strong protection for credit card and personal information. SSL is used in Netscape Communicator and Microsoft IE browsers to complete required secure transaction operations. In SSL, two encryption methods, public key and private key, are used.

(3) Secure Transaction Technology (STT): Proposed by Microsoft, STT separates authentication and decryption in the browser to improve security control capabilities. Microsoft will adopt this technology in Internet Explorer.

(4) Secure Electronic Transaction Protocol (SET: Secure Electronic Transaction): The SET protocol is a specification jointly launched by VISA and MasterCard in May 1997. SET is mainly designed to solve credit card payment transactions between users, merchants and banks to ensure the confidentiality of payment information, the integrity of the payment process, the legal identity of merchants and cardholders, and operability. The core technologies in SET mainly include public key encryption, electronic digital signatures, electronic envelopes, electronic security certificates, etc.

The currently announced official text of SET covers credit card transaction agreements, information confidentiality, data integrity, digital authentication, digital signatures, etc. in e-commerce transactions. This standard is recognized as the standard of the global Internet, and its transaction form will become the norm for "e-commerce" in the future.

The payment system is the key to e-commerce, but the future direction of the key technologies supporting the payment system has not yet been determined. Secure Sockets Layer (SSL) and Secure Electronic Transactions (SET) are two important communication protocols, each providing a means of making payments over the Internet. But which of the two will lead the future? Will SET replace SSL immediately? Will SET die due to its complexity? Can SSL really fully meet the needs of e-commerce? We can get a glimpse from the comparison of the following points:

SSL provides a secure connection between two machines. Payment systems are often built by transmitting credit card numbers over SSL connections, and online banking and other financial systems are often built on top of SSL. Although SSL-based credit card payment methods have promoted the development of e-commerce, more advanced payment systems must be adopted if e-commerce is to be successfully carried out widely. The reason why SSL is widely used is that it is built into most web browsers and web servers and is relatively easy to apply.

Except for both using the RSA public key algorithm, SET and SSL have no similarities in other technical aspects. RSA is also used to achieve different security goals in both.

SET is a protocol based on message flow. It is mainly designed and released by MasterCard, Visa and other mainstream manufacturers in the industry to ensure the security of bank card payment transactions on public networks. SET has been widely used experimentally and tested internationally, but most consumers who shop on the Internet do not actually use SET.

SET is a very complex agreement because it reflects the various relationships that exist between the parties in a card transaction in great detail and accuracy. SET also defines the format of encrypted information and the rules for transmitting information between parties during the completion of a card payment transaction. In fact, SET is far more than a technical agreement. It also explains the legal meaning of the digital certificate held by each party, the actions that parties who want to obtain the digital certificate and the response information should take, and it is closely related to a transaction. related shared responsibilities.

. SSL security protocol

The SSL security protocol was originally designed and developed by Netscape Communication Company. It is also called the "Secure Sockets Layer (Secure Sockets Layer) protocol" and is mainly used to improve applications. Security factor for data between programs. The entire concept of the SSL protocol can be summarized as: a protocol that guarantees the security of transactions between any client and server that has a secure socket installed, and it involves all TC/IP applications.

The SSL security protocol mainly provides three services:

Legitimacy authentication of users and servers

Authentication of the legitimacy of users and servers so that they can be convinced Data will be sent to the correct client and server. Both the client and the server have their own identification numbers, which are numbered by public keys. In order to verify whether the user is legitimate, the Secure Sockets Layer protocol requires digital authentication of data exchanged during the handshake to ensure the legitimacy of the user.

Encrypt data to hide the transmitted data

The encryption technology used by the Secure Socket Layer protocol includes both symmetric key technology and public key technology. Before the client and server exchange data, they exchange SSL initial handshake information. Various encryption technologies are used to encrypt the SSL handshake information to ensure its confidentiality and data integrity, and use digital certificates for authentication. This prevents illegal users from deciphering.

Protecting data integrity

The Secure Socket Layer protocol uses Hash functions and secret sharing methods to provide information integrity services and establish a connection between the client and the server. The secure channel enables all services processed by the Secure Socket Layer protocol to reach their destination completely and accurately during the transmission process.