Concept of security protocol and Authentication Service security protocol for information security HTTPS concept
- The HTTPS full name hypertext Transfer Protocol over Secure Socket layer is an SSL/TLS-based HTTP protocol located at the application layer. The HTTP protocol for the application layer? The SSL/TLS protocol for the Transport layer.
SSL/TLS Concepts
- is itself a transport layer protocol with encrypted information.
- SSL: Security protocols that provide security and data integrity for network traffic
- TLS: A generic protocol based on SSL, a JI successor for the SSL protocol
The transmission process is encrypted.
Contents of the TLS protocol
- Levels of the TLS protocol
-
- TLS recording Protocol (TLS record Protocol): Responsible for message compression, encryption, and data authentication. (The original message is divided into a number of smaller fragments to compress the fragments, respectively, the compressed message fragments with the message verification code, compressed fragments and message verification code will be encrypted together by symmetric password, encryption using the symmetric cipher algorithm and shared secret key is in the communication between the two parties before the communication through the Handshake protocol generated)
TLS Handshake Protocol (TLS handshake Protocol): Other operations except encryption
-
- Handshake Protocol: Responsible for generating shared secret keys and exchanging certificates
-
- Password Specification Change protocol: Responsible for password switching synchronization
-
- Warning Protocol: Notifies the communication object when an error occurs
-
- Application Data protocol: Used to transfer application data between and between communication objects (hosting the data in the HTTP protocol)
TSL Communication Model
- First Step negotiation algorithm
The algorithms supported by both sides are selected through 2 and 4.
- Second Step verification Certificate
-
- Client Authentication server-side certificate
-
- Server verifies client certificate (only required if two-way authentication is needed) (e-commerce must be secure with two-way authentication)
- The third step is to build the master key Master Sector
PMS (Prepare Master Sector master key), the server's public key is brought to the client through a certificate at the time of the handshake.
- Step Fourth Build session key
Fourth step after terminating the handshake protocol, formally entering the session
- Fifth Step formal encryption interaction
- In the above process, there is an error at either end, it will be re-entered into the negotiation algorithm phase, to ensure security.
Security protocols and authentication services for information security