Java Secure Communication terminology
There is several terms that is used when working with secure communications. These include the following:
Authentication: This is the process of verifying a user or system
Authorization: The the process of allowing access to protected resources
Encryption: This is the process of encoding and subsequently decoding informationTo protect it from unauthorized individuals
Hashing Algorithms: These provide a by producing a unique value for a document, and they is used in supp ORT of other security techniques
Digital Signatures: These provide a by digitally authenticating a document
Certificates: These is normally used as a chain, and they support the confirmation of the identity of Princi Pals and other actors
Authentication and authorization are related. Authentication is the process of determining whether a person or system is who they claim to be. This is the commonly achieved using an ID and a password. However, there is other authentication techniques, such as smart cards, and biometric signatures, such as fingerprint, or Iris scans.
Authorization is the process of determining, what resources an individual or system have access to. It's one thing to verify a individual is the who they say they is. It's another thing to ensure, the user can only access authorized resources.
Encryption has evolved and would continue to improve. Java supports symmetric and asymmetric encryption techniques. The process starts with the generation of keys, which is normally stored in a keystore. Applications that need to encrypt or decrypt data would access a KeyStore to retrieve the appropriate keys. The keystore itself needs to being protected so it cannot is tampered with or otherwise compromised.
Hashing is the process of taking data and returning a number, that represents the data. A Hash algorithm performs this operation, and it must is fast. However, it is extremely difficult, if not impossible, to derive the original data when given only the hash value. This is called a one-way hash function.
The advantage of this technique is, the data can be sent along with the hash value to a Receiver.
The data is not encrypted, and the hash value is encrypted using a set of asymmetric keys . The receiver can then use the original hash algorithm to compute a hash value for the received data. If This new hash value matches the hash value is sent,
then the receiver can be assured the data have not bee n modified or corrupted in the transmission. This provides a more reliable means of transferring data The does not need to is encrypted, but where some assurance That it had not been modified can be given.
A certificate is part of the previous process and it uses a hash function and asymmetric keys. A
certificate chain provides a means of verifying that a certificate was valid, assuming that the root of the chai n can be trusted.
Reading notes:< Span style= "Background-color:inherit" >learning Network programming with java
copyright? Packt Publishing
First Published:december 2015
Production reference:1141215
Published by Packt Publishing Ltd.
Livery Place
Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78588-547-1
www.packtpub.com
Java Secure Communication terminology