Ever noticed the “https:” in the URL on your address bar and the small padlock which docks itself nicely at the bottom of your window? Well, if the answer is “Yes”, you were checking a website which has the SSL transmission protocol implemented.

Earlier, we were all apprehensive in making an online payment because we all knew that there are people who call themselves “hackers” who like to live with our money. Then came in a period where in which the whole Internet community constituting all the good people researched on numerous ways to keep those “hackers” at bay. After a lot of painstaking and less fruitful attempts by Netscape as well as a handful of consortiums came the Secure Sockets Layer in the January of 1999.

SSL is a data security protocol and is implemented on websites dealing with sensitive information like an online bank account or an online payment system. The protocol helps millions of users of Internet each day send sensitive information safe and secure from the hands of those prying hackers who hack your bank account number or credit card information and their respective passwords or PINs.

SSL uses certificate authorities to send information over the Internet. When a user requests for a secure website, the browser requests for the secure page and adds the “s” onto the “http”. After that, the browser sends the public key and the certificate checking the following:

1. Whether the certificate is from a trusted party.
2. Whether the certificate is valid.
3. Whether the certificate is related with the site from which it comes.

The browser then uses the public key to encrypt a randomly selected symmetric key. Most systems use a combination of public-key and symmetric key encryption. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated.