SlideShare a Scribd company logo

SSL Communication and Mutual Authentication

Download as PPT, PDF
Cleo
Cleo

SSL Communication and Mutual Authentication

Education
1 of 13
SSL Communication and Mutual Authentication Educational Presentation
What is SSL? • SSL, or Secure Sockets Layer, is a means of securing communications over a network so that only the sender and receiver have access to the sensitive data that is contained within. • This is done with the use of Certificates and Keys.
• A Certificate contains basic information and a digital signature that properly identifies the client or server that it is associated with. • Keys - public, private, and session - work together to establish an encrypted connection. Certificates and Keys
If you’ve ever bought something from Amazon, you’ve used SSL. During checkout you may have noticed the little padlock icon ( ) in the status bar of your web browser, or that the URL field of your browser begins with “https.” This is indicating that you’re communicating with the website’s server via SSL to secure your personal information, your credit card number, etc. This type of SSL between a web browser and a website server includes what is commonly referred to as Server Authentication. Example of SSL with
Server Authentication • Server Authentication is a means of authenticating and identifying the sever to the client using a Server Certificate. • A Server Certificate is a required part of any SSL communication. The server certificate contains basic information and a digital signature that properly identifies the server it is associated with.
Steps for SSL Communication 1) Client connects to a web server (website) secured with SSL (https). Client requests that the server identify itself. 2) Server sends a copy of its SSL Certificate, including the server’s public key. 3) Client checks that the certificate is trusted: unexpired, unrevoked, and valid for the website that it is connecting to. If the client trusts the certificate, it creates, encrypts, and sends back a session key using the server’s public key. 4) Server decrypts the symmetric session key using its private key and begins an encrypted session with the client. The server and client now encrypt all transmitted data with the session key.
SSL Communication Diagram
Mutual or “Two-Way” Authentication • Mutual Authentication, also commonly referred to as Two-Way Authentication, refers to the combination of both Server and Client Authentication. • The authentication is mutual, or two-way, because the server is authenticating itself to the client, and the client is authenticating itself to the server.
Client Authentication • Client Authentication, similar to server authentication, is a means of authenticating and identifying the client to the server using a Client Certificate. • A Client Certificate contains basic information about the client’s identity, and the digital signature on this certificate verifies that this information is authentic.
Client Authentication (Continued) • One thing to note is that whether client authentication is required or not is something that is specified by the server. A server can be configured to allow connections from any client, or it can be configured to require any clients that attempt to connect to it to be authenticated. • The use of client authentication is appropriate for a scenario where the server should only accept connections from a specific group of authorized clients. An example of such a scenario would be where a company wants to limit connections to its server to only be coming from the company’s legitimate business partners.
Steps for Mutual Authentication SSL 1) Client connects to a web server (website) secured with SSL (https). Client requests that the server identify itself. 2) Server sends a copy of its SSL Certificate, including the server’s public key. Client responds by sending a copy of its own SSL Certificate for the server to verify (This is the Mutual or Two- Way Authentication). 3) Client checks that the certificate it received is trusted: unexpired, unrevoked, and valid for the website that it is connecting to. If the client trusts the certificate, it creates, encrypts, and sends back a session key using the server’s public key. 4) Server decrypts the symmetric session key using its private key and begins an encrypted session with the client. The server and client now encrypt all transmitted data with the session key.
Mutual Authentication Diagram
Need to do SSL communications? www.extol.com/secure

Recommended

Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshellFrank Kelly
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 

Recommended

Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshellFrank Kelly
 
SSL intro
SSL introSSL intro
SSL introThree Lee
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
Self-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL CertificateSelf-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL CertificateCheapSSLsecurity
 
OAuth 2
OAuth 2OAuth 2
OAuth 2ChrisWood262
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basicssanjoysanyal
 
Ssl https
Ssl httpsSsl https
Ssl httpsAndrada Boldis
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSLRitaThakkar1
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS HandshakeArpit Agarwal
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
LDAP
LDAPLDAP
LDAPKhemnath Chauhan
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
JSON WEB TOKEN
JSON WEB TOKENJSON WEB TOKEN
JSON WEB TOKENKnoldus Inc.
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfGumanSingh10
 
The last picks
The last picksThe last picks
The last picksNafiur Rahman Tuhin
 

More Related Content

What's hot

SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Self-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL CertificateSelf-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL CertificateCheapSSLsecurity
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorizationAlexandru Pasaila
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 

What's hot (20)

SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Self-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL CertificateSelf-Signed SSL Versus Trusted CA Signed SSL Certificate
Self-Signed SSL Versus Trusted CA Signed SSL Certificate
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
 
Ssl https
Ssl httpsSsl https
Ssl https
 
Web authentication & authorization
Web authentication & authorizationWeb authentication & authorization
Web authentication & authorization
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSL
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
LDAP
LDAPLDAP
LDAP
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
Pgp
PgpPgp
Pgp
 
Email security
Email securityEmail security
Email security
 
JSON WEB TOKEN
JSON WEB TOKENJSON WEB TOKEN
JSON WEB TOKEN
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 

Similar to SSL Communication and Mutual Authentication

presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfGumanSingh10
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02G Prachi
 
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docxDescribe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docxearleanp
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Understanding transport-layer_security__ssl
Understanding transport-layer_security__sslUnderstanding transport-layer_security__ssl
Understanding transport-layer_security__sslMainak Goswami
 
The Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptxThe Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptxawakish
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonDavid Johansson
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
Certification authority
Certification authorityCertification authority
Certification authorityproser tech
 
Apple SSL Vulnerability Explained
Apple SSL Vulnerability ExplainedApple SSL Vulnerability Explained
Apple SSL Vulnerability ExplainedMike Chapple
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular jsBixlabs
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteKeynectis
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?Keynectis
 

Similar to SSL Communication and Mutual Authentication (20)

presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdf
 
The last picks
The last picksThe last picks
The last picks
 
Https
HttpsHttps
Https
 
Ssl Https Server
Ssl Https ServerSsl Https Server
Ssl Https Server
 
Web application security part 02
Web application security part 02Web application security part 02
Web application security part 02
 
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docxDescribe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
 
The world of encryption
The world of encryptionThe world of encryption
The world of encryption
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Understanding transport-layer_security__ssl
Understanding transport-layer_security__sslUnderstanding transport-layer_security__ssl
Understanding transport-layer_security__ssl
 
How does ssl work
How does ssl workHow does ssl work
How does ssl work
 
The Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptxThe Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptx
 
CERTIFYING AUTHORITY
CERTIFYING AUTHORITYCERTIFYING AUTHORITY
CERTIFYING AUTHORITY
 
Web security
Web securityWeb security
Web security
 
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David JohanssonInfoSecurity Europe 2015 - Identities Exposed by David Johansson
InfoSecurity Europe 2015 - Identities Exposed by David Johansson
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
 
Certification authority
Certification authorityCertification authority
Certification authority
 
Apple SSL Vulnerability Explained
Apple SSL Vulnerability ExplainedApple SSL Vulnerability Explained
Apple SSL Vulnerability Explained
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?
 

More from Cleo

Trading Partner SLAs: Managing Ten Compliance Risks
Trading Partner SLAs: Managing Ten Compliance RisksTrading Partner SLAs: Managing Ten Compliance Risks
Trading Partner SLAs: Managing Ten Compliance RisksCleo
 
Considering EDI-as-a-Service? 10 Best Practices to Guide Your Decision
Considering EDI-as-a-Service? 10 Best Practices to Guide Your DecisionConsidering EDI-as-a-Service? 10 Best Practices to Guide Your Decision
Considering EDI-as-a-Service? 10 Best Practices to Guide Your DecisionCleo
 
Drivers and Outcomes to Modernizing Your Integration
Drivers and Outcomes to Modernizing Your IntegrationDrivers and Outcomes to Modernizing Your Integration
Drivers and Outcomes to Modernizing Your IntegrationCleo
 
Integrate to Innovate Your Supply Chain
Integrate to Innovate Your Supply ChainIntegrate to Innovate Your Supply Chain
Integrate to Innovate Your Supply ChainCleo
 
EDI Modernization for JD Edwards: Anatomy of an Integration Project
EDI Modernization for JD Edwards: Anatomy of an Integration ProjectEDI Modernization for JD Edwards: Anatomy of an Integration Project
EDI Modernization for JD Edwards: Anatomy of an Integration ProjectCleo
 
Wise Foods
Wise FoodsWise Foods
Wise FoodsCleo
 
Business Success Story: The Apparel Group
Business Success Story: The Apparel GroupBusiness Success Story: The Apparel Group
Business Success Story: The Apparel GroupCleo
 
Business Success Story: USA Truck
Business Success Story: USA TruckBusiness Success Story: USA Truck
Business Success Story: USA TruckCleo
 
Business Success Story: Krispy Kreme Donuts
Business Success Story: Krispy Kreme DonutsBusiness Success Story: Krispy Kreme Donuts
Business Success Story: Krispy Kreme DonutsCleo
 
Business Success Story: John Wiley
Business Success Story: John WileyBusiness Success Story: John Wiley
Business Success Story: John WileyCleo
 
Business Success Story: Delta Dental
Business Success Story: Delta DentalBusiness Success Story: Delta Dental
Business Success Story: Delta DentalCleo
 
Business Success Story: Citizen Watch
Business Success Story: Citizen WatchBusiness Success Story: Citizen Watch
Business Success Story: Citizen WatchCleo
 
Business Success Story: Covenant Transport
Business Success Story: Covenant TransportBusiness Success Story: Covenant Transport
Business Success Story: Covenant TransportCleo
 
Business Success Story: Burris Logistics
Business Success Story: Burris LogisticsBusiness Success Story: Burris Logistics
Business Success Story: Burris LogisticsCleo
 

More from Cleo (14)

Trading Partner SLAs: Managing Ten Compliance Risks
Trading Partner SLAs: Managing Ten Compliance RisksTrading Partner SLAs: Managing Ten Compliance Risks
Trading Partner SLAs: Managing Ten Compliance Risks
 
Considering EDI-as-a-Service? 10 Best Practices to Guide Your Decision
Considering EDI-as-a-Service? 10 Best Practices to Guide Your DecisionConsidering EDI-as-a-Service? 10 Best Practices to Guide Your Decision
Considering EDI-as-a-Service? 10 Best Practices to Guide Your Decision
 
Drivers and Outcomes to Modernizing Your Integration
Drivers and Outcomes to Modernizing Your IntegrationDrivers and Outcomes to Modernizing Your Integration
Drivers and Outcomes to Modernizing Your Integration
 
Integrate to Innovate Your Supply Chain
Integrate to Innovate Your Supply ChainIntegrate to Innovate Your Supply Chain
Integrate to Innovate Your Supply Chain
 
EDI Modernization for JD Edwards: Anatomy of an Integration Project
EDI Modernization for JD Edwards: Anatomy of an Integration ProjectEDI Modernization for JD Edwards: Anatomy of an Integration Project
EDI Modernization for JD Edwards: Anatomy of an Integration Project
 
Wise Foods
Wise FoodsWise Foods
Wise Foods
 
Business Success Story: The Apparel Group
Business Success Story: The Apparel GroupBusiness Success Story: The Apparel Group
Business Success Story: The Apparel Group
 
Business Success Story: USA Truck
Business Success Story: USA TruckBusiness Success Story: USA Truck
Business Success Story: USA Truck
 
Business Success Story: Krispy Kreme Donuts
Business Success Story: Krispy Kreme DonutsBusiness Success Story: Krispy Kreme Donuts
Business Success Story: Krispy Kreme Donuts
 
Business Success Story: John Wiley
Business Success Story: John WileyBusiness Success Story: John Wiley
Business Success Story: John Wiley
 
Business Success Story: Delta Dental
Business Success Story: Delta DentalBusiness Success Story: Delta Dental
Business Success Story: Delta Dental
 
Business Success Story: Citizen Watch
Business Success Story: Citizen WatchBusiness Success Story: Citizen Watch
Business Success Story: Citizen Watch
 
Business Success Story: Covenant Transport
Business Success Story: Covenant TransportBusiness Success Story: Covenant Transport
Business Success Story: Covenant Transport
 
Business Success Story: Burris Logistics
Business Success Story: Burris LogisticsBusiness Success Story: Burris Logistics
Business Success Story: Burris Logistics
 

Recently uploaded

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 

Recently uploaded (20)

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 

SSL Communication and Mutual Authentication

  • 1. SSL Communication and Mutual Authentication Educational Presentation
  • 2. What is SSL? • SSL, or Secure Sockets Layer, is a means of securing communications over a network so that only the sender and receiver have access to the sensitive data that is contained within. • This is done with the use of Certificates and Keys.
  • 3. • A Certificate contains basic information and a digital signature that properly identifies the client or server that it is associated with. • Keys - public, private, and session - work together to establish an encrypted connection. Certificates and Keys
  • 4. If you’ve ever bought something from Amazon, you’ve used SSL. During checkout you may have noticed the little padlock icon ( ) in the status bar of your web browser, or that the URL field of your browser begins with “https.” This is indicating that you’re communicating with the website’s server via SSL to secure your personal information, your credit card number, etc. This type of SSL between a web browser and a website server includes what is commonly referred to as Server Authentication. Example of SSL with
  • 5. Server Authentication • Server Authentication is a means of authenticating and identifying the sever to the client using a Server Certificate. • A Server Certificate is a required part of any SSL communication. The server certificate contains basic information and a digital signature that properly identifies the server it is associated with.
  • 6. Steps for SSL Communication 1) Client connects to a web server (website) secured with SSL (https). Client requests that the server identify itself. 2) Server sends a copy of its SSL Certificate, including the server’s public key. 3) Client checks that the certificate is trusted: unexpired, unrevoked, and valid for the website that it is connecting to. If the client trusts the certificate, it creates, encrypts, and sends back a session key using the server’s public key. 4) Server decrypts the symmetric session key using its private key and begins an encrypted session with the client. The server and client now encrypt all transmitted data with the session key.
  • 8. Mutual or “Two-Way” Authentication • Mutual Authentication, also commonly referred to as Two-Way Authentication, refers to the combination of both Server and Client Authentication. • The authentication is mutual, or two-way, because the server is authenticating itself to the client, and the client is authenticating itself to the server.
  • 9. Client Authentication • Client Authentication, similar to server authentication, is a means of authenticating and identifying the client to the server using a Client Certificate. • A Client Certificate contains basic information about the client’s identity, and the digital signature on this certificate verifies that this information is authentic.
  • 10. Client Authentication (Continued) • One thing to note is that whether client authentication is required or not is something that is specified by the server. A server can be configured to allow connections from any client, or it can be configured to require any clients that attempt to connect to it to be authenticated. • The use of client authentication is appropriate for a scenario where the server should only accept connections from a specific group of authorized clients. An example of such a scenario would be where a company wants to limit connections to its server to only be coming from the company’s legitimate business partners.
  • 11. Steps for Mutual Authentication SSL 1) Client connects to a web server (website) secured with SSL (https). Client requests that the server identify itself. 2) Server sends a copy of its SSL Certificate, including the server’s public key. Client responds by sending a copy of its own SSL Certificate for the server to verify (This is the Mutual or Two- Way Authentication). 3) Client checks that the certificate it received is trusted: unexpired, unrevoked, and valid for the website that it is connecting to. If the client trusts the certificate, it creates, encrypts, and sends back a session key using the server’s public key. 4) Server decrypts the symmetric session key using its private key and begins an encrypted session with the client. The server and client now encrypt all transmitted data with the session key.
  • 13. Need to do SSL communications? www.extol.com/secure