Commerce on the Internet is attracting enormous financial interest from businesses large and small. The Internet is attractive to businesses because it enables them to reach a large audience and generate an impressive presence regardless of the size of the business. For many businesses, Internet commerce involves a business running a server system that takes credit card orders from a customer running a client system over the Internet. Sending and receiving sensitive information over the Internet raises many security issues. Some of these security issues include maintaining privacy by insuring that the information is inaccessible to anyone but the sender and receiver, and guaranteeing non-fabrication by insuring that the receiver is genuine.
Several software programs made available for client and server communication provide a Secure Socket Layer (SSL) protocol that employs a variety of standard encryption algorithms including the government and banking standard of Data Encryption Standard (DES) and several Rivest, Shamir, and Adleman (RSA) algorithms including RC4. SSL enables a client and server to exchange a secret number known as a Master_Key. After the Master_Key is shared, the client and server use the Master_Key to create a different set of keys called Session Keys. These keys are used with a specified cryptographic algorithm to encrypt and decrypt the contents of the communication session.
Even with the security measures provided through the SSL protocol in client and server software, communications between clients and servers are not unbreakable. Furthermore, regardless of how labor intensive the SSL protocol makes for an intruder to break an encrypted message between a client and server, the SSL protocol fails to provide a mechanism for insuring that the receiver is a genuine business.