Operating principle of SSL using public key encryption -
Orders a mobile phone from an online store
The operating principle of SSL using public key encryption could be easily understood with the following scenario “kumar orders a mobile phone from an online store (abc. com).”
1. Kumar connects to abc.com website through a secure connection, from his computer browser.
2. The abc.com website sends Kumar an digital certificate and a public key (P). This digital certificate issued by a certification authority (CA) proves the identity of abc.com.
3. Kumar’s browser checks the certificate. It (browser) then agrees with the remote server on a symmetric cryptographic system to use. Then it randomly choose a key for this algorithm (session key K).
4. Kumar’s browser sends P (K) to abc.com. Using its secret key S, the abc.com server calculates S (P (K)) = K. Thus, Kumar’s browser and abc.com server are in possession of the same key.
5. Kumar enters his credit card number and other data. They constitute the “information”. The browser sends these “information” to abc.com, encrypted using the key K. It also sends a summary of this “information”, using a mathematical function called hash function.
6. With the K key, the abc.com server can dencrypt the “information”. It also calculates the summary of information, and compares with the summary sent by Kumar’s browser. If they coincide, it is assumed that the data has been correctly transmitted.