java之Secure communication terminology
There are several terms that are used when working with secure communications. These include the following:
Authentication: This is the process of verifying a user or system
Authorization: This is the process of allowing access to protected resources
Encryption: This is the process of encoding and subsequently decoding information to protect it from unauthorized individuals
Hashing algorithms: These provide a way of producing a unique value for a document, and they are used in support of other security techniques
Digital signatures: These provide a way of digitally authenticating a document
Certificates: These are normally used as a chain, and they support the confirmation of the identity of principals and other actors
Authentication and authorization are related. Authentication is the process of determining whether a person or system is
who they claim to be. This is commonly achieved using an ID and a password. However, there are other authentication techniques, such as smart cards, and biometric signatures, such as fingerprint, or iris scans.
Authorization is the process of determining what resources an individual or system has access to. It is one thing to verify that an individual is who they say they are. It is another thing to ensure that the user can only
access authorized resources.
Encryption has evolved and will continue to improve. Java supports symmetric and asymmetric encryption techniques. The process starts with the generation of keys, which are normally stored in a keystore. Applications that
need to encrypt or decrypt data will access a keystore to retrieve the appropriate keys. The keystore itself needs to be protected so that it cannot be tampered with or otherwise compromised.
Hashing is the process of taking data and returning a number that represents the data. A hash algorithm performs this operation,
and it must be fast. However, it is extremely difficult, if not impossible, to derive the original data when given only the hash value. This is called a one-way hash function.
The advantage of this technique is that the data can be sent along with the hash value to a receiver.
The data is not encrypted, but the hash value is encrypted using a set of asymmetric keys. The receiver can then use the original hash algorithm to compute a hash value for the received data. If this new hash value matches the hash value that
was sent,
then the receiver can be assured that the data has not been modified or corrupted in the transmission. This provides a more reliable means of transferring data that does not need to be encrypted, but where some assurance that it has not been modified can be
given.
A certificate is part of the previous process and it uses a hash function and asymmetric keys. A
certificate chain provides a means of verifying that a certificate is valid, assuming that the root of the chain can be trusted.
读书笔记:
Learning
Network Programming with Java
Copyright ? 2015 Packt Publishing
First published: December 2015
Production reference: 1141215
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78588-547-1
www.packtpub.com