In this article we will discuss about security of your data on Internet. We will discuss about the technology, which is used for secure transaction on the Internet, a technology that ensures the cardholders that their information is safe during ordering process.
This secure technology that I am talking about is known as SSL stands for Secure Socket Layer. It is designed to create a secure connection to the server for transmission of confidential data through Internet, this standard security technology establishes an encrypted link between a web server and browser. This encrypted link ensures that all data passed between the web server and browser remains private and integral. As defined as industry standards SSL is used by millions of websites in the protection of their online transactions with their customers.
Now the question arises how can you make your web server to make SSL connection with costumer browser?
In order to create an SSL connection a web server requires an SSL certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys-a Private Key and a Public Key.
At this point I will give brief introduction of cryptographic system.
In simple words we can say cryptography is the theory of secret writing. It is an art of protecting information by transferring it into an unreadable format that is known as encryption. Data, which is encrypted, is known as cyber text.
In order to convert cyber text into plain text (readable format) or in other words if anybody wants to decrypt the message, has to posses a secret key. Encrypted message can sometimes be broken by cryptanalysis, also called code breaking.
Public key is known to everyone its not secret it is placed into a Certificate Signing Request (CSR). A certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the web. When Internet user sends confidential information to a web server, the user’s browser will access the server’s digital certificate and establishes a secure connection. In computer language certificate is a data file containing your details like your name, certificate serial number and expiration date, copy of certificate holder’s public key and the digital signature of the certificate-issuing authority.
After providing all the information you have to submit your CSR to a trusted Certificate Authority such as Starfield Technologies. Now concern certification authority will verify your identity, existence and domain registration ownership during SSL certificate application process. Once all the details are verified you are allowed to use SSL with your web server.
Public key, which is there in the CSR, is used to encrypt messages to certificate holder’s server, and the private key is stored in your local computer and it “decrypts” the secure messages so they can be read by your server. Data that is encrypted with the public key can be decrypted only with the private key. Conversely, data encrypted with the private key can be decrypted only with the public key
How SSL works?
Suppose you are a customer and you want to send confidential information to a secure site. Then how everything will work As the customer you won’t see all the process which take place behind the scenes so that you will experience uninterrupted shopping experience, you will only see a “padlock” icon in the browser’s status bar and the “https://” prefix in the URL.
- A customer contacts a site and accesses a secured URL.
- Server responds, automatically it sends its digital certificate to the customer. This digital certificate authenticates the site.
- Customer’s web browser verifies that the server’s certificate is valid that is its been issued by a certificate authority that browser trusts.
- Customer browser then generates a unique one time “session key” which is like a code to encrypt all communication with the site.
- Now customer’s browser encrypts the session key with the site’s public key that was sent with site’s digital certificate, so that only the concern site can read the session key.
- From here onwards a secure session gets established and all communications will be encrypted and decrypted by the two parties in the session.
This process is known as “handshake” process.
Now suppose if a customer attempts to submit personal information to an unsecured Web Site, the browser’s security mechanism will show a warning telling the customer that this site is not a secure site, accordingly customer can switch over to some other secure sites.
For all online merchants a secure SSL certificate provides a convenient and reliable means. With secure SSL certificate customers can rely on the business they can safely handover their credit card information and all other personal information to SSL secured sites.