Online communication has developed dramatically over the last few decades, along with the transactions which are carried out daily over the internet. These range from simple searches for information to complex financial transactions between organizations. The way this data is transmitted and secured has been standardized over time, and the cryptographic method using a secure protocol called the Secure Sockets Layer (SSL) has made an impact in the world of online business and communication by securing data and helping to prevent unauthorized access.
The protocol is designed in a way that encrypts all the information which is exchanged between two points, using both a public and a private key system. This key system has become the industry standard when protecting data transmission in both private networks and on public networks such as the internet. The system can work across a variety of communication media, including web browsers, electronic mail systems, instant messaging software and voice over internet protocol (VOIP).
The main component of the SSL system is an SSL certificate, which serves as an information verification intermediary between two unknown partners which want to communicate. This key public and private key architecture is fundamentally the main reason why SSL is used for secure web transmissions, because of the way it uses the concept of trust. The concept of trust only works when all parties agree to be open and honest, whilst using a standard set of rules for the operation of the trust system.
The introduction of a trust system to deal with verification of identity had been created by Netscape initially to deal with the complex nature of sending documents from a web server to a web browser, and the SSL architecture was born. It was implemented first internally to the company and subsequently version two was released to the public during 1995. SSL version 3 was released after major security holes were discovered in version 2, and this happened only a year later in 1996.
This is still the version used today although the concept and some of the fundamentals have been incorporated into a newer and more secure version called transport layer security (TLS). TLS is now the most current version of the cryptographic encryption system used as standard by the certificate authorities which are used to verify identity on the internet. When connections are made over the internet the two ends, usually a client and a server negotiate the terms of their connection, usually using a cipher to encrypt the traffic between the two points.
The client initiates the verification session by requesting a certificate from the server. This is sent to the client which then cross checks the certificate to determine if the server is expected or not. These algorithms provide a secure way of verifying the server end of the connection using codes called client hello and server hello. The passing of these codes to a third party which verifies the identity of both ends of the connection means that the connection itself tries to ensure that they are both who they say they are, and that the connection has not been compromised by some unauthorized means.
Usually this connection cipher works on top of whichever protocol is being used, so for example if a hypertext transfer protocol (HTTP) connection is being used, then SSL works on top and encapsulates all of the HTTP data into the SSL session. Usually though, a specific secure HTTP connection would use the HTTPS protocol instead as it carries TLS security encryption by default. There are also other specific protocols used for data transmission in certain applications, such as the simple mail transfer protocol (SMTP) which uses TLS to protect data, and to verify the identity of all endpoints.
The verification of the endpoint of the connection is one of the most important aspects of creating a secure data transmission session, and basic security setups and other security tasks must be implemented in order to give maximum protection to any data transmitted. The socket part of the protocol name is given because it is the term used for secure transactions between computers, servers and clients which operate on the same network. Even though the two computers may reside on different physical networks, they are still seen as being connected securely and are therefore names as such.