SSL - Secure Sockets Layers from Verisign

What is the difference between a VeriSign 40-bit SSL Secure Server ID and a 128-bit SSL Global Server ID?

The primary difference between the two types of VeriSign Server IDs is the strength of the SSL session that each enable. Secure Sockets Layer (SSL) technology is the industry-standard method for protecting Web communications developed by Netscape Communications Corporation. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate turns on their SSL capabilities.

SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Most browsers support

40-bit SSL sessions, and the latest browsers enable users to encrypt transactions in 128-bit sessions - trillions of times stronger than 40-bit sessions.

But when you try to move this approach to the wireless world, you immediately encounter problems, starting with cellular phones with Wireless Application Protocol (WAP) capabilities. Unlike desktop and laptop computers or even personal digital assistants (PDA), WAP phones are pretty limited when it comes to security and lack the CPU power and memory necessary for RSA encryption, a key element of SSL. Encryption ensures confidentiality by preventing eavesdropping, and WAP devices include their own security protocol, Wireless Transport Layer Security (WTLS). This is equivalent to SSL but uses less-resource-intensive encryption algorithms, such as elliptic-curve cryptography (ECC). Encryption addresses part of the wireless security challenge. But it doesn't provide the solid authentication required for nonrepudiation, which is a mechanism that validates the information sender's identity to the receiver so that the receiver can be sure the user is who he says he is. "For authentication and nonrepudiation, PKI, where certificates and keys are bound to the user, is the way to go. Everything is initiated through those keys," explains Paul Mansz, vice president of architecture at Toronto-based 724 Solutions Inc., a provider of wireless e-commerce applications. Several public-key infrastructure (PKI) products for wireless are starting to emerge, such as San Jose-based Certicom Corp.'s MobileTrust.
Information On VeriSign corporation
Information On VeriSign corporation
Information On VeriSign Digital Id's
Information On VeriSign Digital Certificates
Information On VeriSign Digital Certificate
Information On VeriSign Digital Certificate Authority
Information On VeriSign 40-bit encryption
Information On VeriSign 128-bit encryption
Information On VeriSign E-commerce solutions
Information On VeriSign Digital Encryption
Information On VeriSign java encryption solutions
Information On VeriSign Payment Gateways
Information On VeriSign PKI - Public Key Infrastructure
Information On VeriSign computer and data security products
Information On VeriSign SSL - Secure Sockets Layers
Information On VeriSign Internet Trust Services