What is HTTP & why HTTPS:

The meaning of HTTP is Hyper Text Transfer protocol.This protocol had been used to share the information throughout the internet. When we visit any URL we can see www which means world wide web http defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.

For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested.

HTTPS:

HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.



SSL (Secure Sockets Layer):

SSL is the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information).

It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.

TLS (Transport Layer Security) :

It is an updated, more secure, version of SSL. Website administrator can buy TLS certificates with the option of ECC, RSA or DSA encryption depending on their criteria. Presently most of the secured website use TLS certificate.

Example-

To see how website are secure with ssl's visit any URL and see the corner icon of the URL. If it is green color with a lock symbol it is secured. Click the symbol and you will see the connection type and in firefox browser if you click more information button it will show you detail certificates ( e.x figures)







 

Public-Key Encryption Algorithms:

Public-key cryptography (asymmetric) uses encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) to create the public and private keys. These algorithms are based on the intractability of certain mathematical problems. For example in TLS certificate their is option of ECC, RSA or DSA encryption depending on their criteria.

RSA

RSA is based on the presumed difficulty of factoring large integers (integer factorization). Full decryption of an RSA ciphertext is thought to be infeasible on the assumption that no efficient algorithm exists for integer factorization.

ECC

Elliptic curve cryptography (ECC) relies on the algebraic structure of elliptic curves over finite fields. It is assumed that discovering the discrete logarithm of a random elliptic curve element in connection to a publicly known base point is impractical.