RSS RSS feed
November 21, 2009
Hot Topics:

E-commerce Security: VeriSign

  • September 19, 2000
  • By Joe Burns
  • Send Email »
  • More Articles »

OK. I see the padlock, now what?

You can be darn sure that your information is being encrypted. That means that even if someone did intercept it (which is very unlikely), he or she couldn't decipher the numbers. It is statistically impossible to decipher encrypted information with today's encryption rates.

But be warned: SSLs and encrypted directories are very easy to set up. Do not simply take the fact that the padlock is closed as proof you are dealing with the site you think you're dealing with. Click on the padlock. You should get a small box that opens, displaying what's known as a server certificate. That certificate is a document provided by a third party that guarantees the site you're dealing with.

You mean, I'm somewhere else?

It's not often that it happens, but it does. A bad person sets up a site with a name similar to a university, business, or organization and starts to collect money from people who think they are dealing with the real deal. The bad guy set up the site and the SSL so that it all looks legit. This is a process known as "spoofing."

If the users click on the padlock, they would see the site is not what they think it is. So, even if you're sure, check it out. Click on the padlock and read the certificate.

Where do businesses get the certificate?

There are different places, but the most common is a from a company named VeriSign Inc. VeriSign is what's known as a certificate authority (CA).

VeriSign makes its living by issuing these certificates to companies that can prove they are what they say they are. The bad man who wants to set up a spoof site would have a very difficult time providing the information required to get a certificate.

When my wife and I applied for a VeriSign certificate, we were checked at multiple levels:

  • We had to provide proof that we own the domain name.
  • We had to provide a business license in the town where the domain is registered.
  • We had to list and prove our identity with Dunn and Bradstreet. They then gave us what's known as a DUNS number. It's equal to a business social security number.
You may be wondering about the employees of VeriSign. Well, the company site is at a single location, employees undergo background checks, and the company uses five levels of security.

 

So, I start to buy something...

I log in, check for the "s" and the padlock, click the padlock, and verifiy I am dealing with my party. Now, how am I sure my information is secure?

Once you've entered into the SSL, the server sends out a digital ID. That's a huge, long number, encrypted at either a 40- or 128-bit level. That's how your browser knows this is a secure area. You see, all of this happened before you even were allowed to click on the little padlock.

Your browser responds to the ID by verifying that ID against the certificate. If they match, then the server sends a "session key." That key is another long encrypted number that will be used for this, and only this, transaction. If you leave the SSL and come back, the entire process is done once again.

Each browser that connects to the SSL uses the same client ID to verify the server. Past that, each browser receives a different session key. That way, each session is encoded differently from every other one. That makes it near to impossible to crack the code--and even if you do, you've only cracked one. Each session is encrypted separately. It's just not at all profitable to attempt to crack individual transactions.

 

1 2 3




Networking Solutions





Partners

  • Partner With Us














More for Developers

Local Guides
 >Architecture & Design
 >Database
 >Java
 >Languages & Tools
 >Microsoft & .NET
 >Open Source
 >Project Management
 >Security
 >Techniques
 >Wireless

internet.commediabistro.comJusttechjobs.comGraphics.com

Search:

WebMediaBrands Corporate Info

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

Solutions

Whitepapers and eBooks

Microsoft Articles: Visual Studio 2010
Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications
Microsoft Whitepaper: How Windows Server 2008 R2 Helps Optimize IT and Save You Money
Adobe Article: Java Developers Finding a Home at Adobe Flex
IBM Articles: A Smarter Business Needs Smarter Technology
Intel Xeon Processor Increases Server Efficiency and Capabilities
Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise
Oracle Whitepapers - Innovation for IT Leaders
Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT
 Internet.com eBook: IT Manager's Guide to Social Networking
Internet.com eBook: Get Ready for Windows 7
Microsoft Article: Expression Web 3--New Features for PHP Developers
Whitepapers: Manage Your Business Infrastracture with IBM
Whitepaper: Maximize Your Storage Investment with HP
Internet.com eBook: Becoming a Better Project Manager
Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Microsoft Partner Program Benefits
Video: Windows Azure Debugging Tips
SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports
 IBM Webcast: Speed Business Innovation with Reduced Cost and Risk
Video: Deploy Applications on Windows Azure
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Download: Microsoft Visual Studio 2010 Beta 2
Downloads & Free Trials: Microsoft's New Efficiency Resource Center
Get the Windows 7 SDK
 Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
All About Botnets
 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES