Encryption Applications and Protocols

Secure Web Browser Transmission

The most popular protocol for securing transmissions between Web browsers and servers is the Secure Sockets Layer (SSL), developed by Netscape. It is included in browser software such as Netscape and Internet Explorer and is widely supported by web server owners (i.e. e-commerce vendors such as Amazon.com). It does not require the client (i.e. the on-line consumer) to have a certificate, and therefore does not provide for authentication of the client. It does, however, authenticate the server owner, which buys a certificate from a CA. Most importantly, it utilizes a hybrid public/symmetric key encryption scheme to encrypt data sent from the client to the server, such as credit card information.
Secure Electronic Transactions (SET) is a standard developed by MasterCard and Visa to provide for full confidentiality, message integrity, and authentication for credit card transactions. The standard utilizes hybrid public/symmetric key encryption based on the DES and RSA algorithms to provide for confidentiality. Both the client (online customer) and server (online merchant) are issued certificates for mutual authentication. The client's certificate is also known as a digital wallet. It is issued by the credit card bank which performs payment authorization and informs the online merchant that the payment is authorized. SET has not been widely adopted by online merchants, because it requires that they turn away customers lacking digital wallets.

Secure Email

Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME) are two popular and similar protocols for secure email. Both provide for authentication, message integrity, and confidentiality using certificates and hybrid public/symmetric encryption schemes.
However, PGP is both a standard and a freeware email application, originally developed by Phil Zimmerman. It bypasses the issue of Certification Authorities by supporting a �web of trust�, in which users generate and distribute their own certificates. S/MIME is a standard developed by several software vendors. Email application vendors support the protocol, enabling interoperability as well as security � the two sides need not use the same email application. Users obtain their certificates from a X.509-compliant CA.

Secure Remote Network Access

Organizations wishing to provide remote network access typically deploy Virtual Private Networks (VPNs). A VPN uses the public Internet as the network backbone, while providing the security, traffic control, and policy-based management of a private network. VPNs are provided by system integrators and software vendors who integrate various protocols and products.
The security aspect of VPNs is governed by the Internet Protocol Security (IPSec) and Internet Key Exchange (IKE) standards, developed by the Internet Engineering Task Force (IETF). IPSec and IKE ensure confidentiality, integrity, and authenticity of private data communications across the public Internet. Once again, a hybrid public/symmetric key scheme is used, typically with DES and RSA algorithms.