Encryption - SSL

SSL, or Secure Socket Layer encryption, is one of the most widely used methods of encoding used today. Developed originally by Netscape, this is what all e commerce sites use to encrypt financial information and other personal or private information a it is transferred over the Internet, in emails or other transmissions in which data could be stolen. In fact, any merchant who wishes to sell anything on the Internet or accept any personal or financial information must be PCI compliant, which requires an SSL certificate.

The SSL certificate is a version of the Public key encryption technique. This “certificate” is the base of the TLS, or Transport Layer Security method. There are different ways to tell if a website uses SSL encryption. For example, the easiest is by looking tat the address bar. If the URL begins with “https:” then it is encrypted and secure, which is what the extra “s” stands for. In addition, on any form on which you need to enter personal information, such as your social security number or your financial information, there should be a padlock symbol above the information field and at the bottom of the browser window as well. Another way is by looking for the seal of a trusted certificate authority prominently displayed on the website, at the bottom of the pages.

A user’s web browser uses a public key to check the certificate for authenticity. It does this by using its key to match the information to the private key, or SSL certificate held by the site. The browser uses three criteria to tell if the SSL is valid including whether the SSL certificate is expired or revoked, whether the SSL certificate came from a valid and trusted Certificate Authority and whether the certificate actually belongs to the website in which the browser is checking on. If any of these items are not present or are matched incorrectly, the browser may not allow the user to enter the site and displays a message stating the certificate may not be valid or trusted.

A trusted certificate authority issues the SSL certificate. The CA is the company that tells the website visitors the web site owner is who he claims to be. For example, when someone is web browsing and they visit a website, before they give any personal, private or financial information, they want to know the site and its owner can be trusted with the information. If the seal on the page states they have a valid SSL certificate, then the web site visitor can go to the CA and find the information about the website. The CA essentially vouches for the website and web master and lets people know they can be trusted to do business with.

If any of these signs are missing from a web page, then it cannot be trusted. While the SSL certificate is not the only way to encrypt the information, it is required by law to do business on the Internet. Anyone doing business and accepting financial information without it is not PCI compliant, meaning they have no legal right to accept payment for anything. Always check for the proper credentials before giving your information to avoid a scam.

British and young? Check here for young drivers car insurance or look at churchill car insurance.

Copyright Devon Institute 2006 All Rights Reserved