Filter
Top Products
289
Dialogic Corporation
4.24.1 Overview of TLS
Internet Protocol security in general and Transport Layer Security in specific are very complex
subjects, and a comprehensive discussion is well beyond the scope of this document. But anyone
attempting to use TLS must have at least a basic understanding of the concepts and entities
involved, and this brief introduction is intended to provide that foundation.
First we present definitions of a few key concepts:
Certificate
A digital certificate is an electronic document which links a public key to a person or company
in a public key infrastructure, enabling the user to send encrypted and digitally signed
electronic messages. The certificate identifies the user and is required to verify his digital
signature. The certificate contains information about the identity and public key of the
person/company as well as the certificate’s expiration date. Furthermore, the certificate may
contain information about the usage of the certificate.
Certificate Authority (CA)
A certificate Authority authorizes certificates by signing the contents using its private key.
Certificate authorities are well known authorities, whose signatures are known and trusted. By
signing other certificates, they act as a digital notary. Examples of CAs are VeriSign and
DigiCert.
Diffie-Hellman (D-H) key exchange
A cryptographic protocol that allows two parties who have no prior knowledge of each other to
jointly establish a shared secret key over an insecure communications channel. This key can
then be used to encrypt subsequent communications using a symmetric key cipher.
Digital Signature Algorithm (DSA)
DSA is used for creating and verifying digital signatures. It provides authentication, but cannot
be used for encryption or secrecy.
Digital Signature Standard (DSS)
DSS specifies Digital Signature Algorithm (DSA) appropriate for applications requiring
digital signature.
PEM
PEM specifies a base64-encoded certificate format.
Public Key Infrastructure
The Public Key Infrastructure is the network security architecture of an organization. It
includes software, encryption technologies, and services that enable secure transactions on the
Internet, intranets, and extranets.
RSA
RSA is public-key encryption technology developed by RSA Data Security, Inc. The acronym
stands for Rivest, Shamir, and Adelman, the inventors of the technology.
Secure Socket Layer (SSL))
SSL is a sophisticated encryption scheme that does not require the client and the server to
arrange for a secret key to be exchanged between the client and server BEFORE the
transaction is started. SSL uses public/private keys to provide a flexible encryption scheme
that can be set up at the time of the secure transaction. A short tutorial on SSL is available at
http://www.eventhelix.com/RealtimeMantra/Networking/SSL.pdf.