Secure Sockets Layer (SSL) is the World Standard for Web Security. SSL technology confronts the potential problems of unauthorized viewing of confidential information, data manipulation, data hijacking, phishing, and other insidious Web site scams by encrypting sensitive data so that only authorized recipients can read it. In addition to preventing tampering with sensitive information, SSL helps provide your Web site’s users with the assurance of having accessed a valid Web site.
W H I T E PA P E R
The Latest Advancements
in SSL TechnologyW H I T E PA P E R
C O N T E N T S + Introduction 3
+ SSL Overview 3
+ Server Gated Cryptography: 4Enabling Strong Encryption for the Most Site Visitors
+ Extended Validation SSL 5(EV SSL): The Gold Standard for Authentication
+ Browser Support for EV SSL 6
+ Third Party Trust Marks: 6Inspiring Consumer Confidence
+ Summary 7W H I T E PA P E R
The Latest Advancements
in SSL Technology
+ IntroductionSecureSocketsLayer(SSL)istheWorldStandardforWebSecurity.SSL technologyconfronts the potential problems of unauthorized viewing of con?dential information,data manipulation, data hijacking, phishing, and other insidious Web site scams byencrypting sensitive data so that only authorized recipients can read it. In addition topreventing tampering with sensitive information, SSL helps provide your Web site's userswith the assurance of having accessed a valid Web site. Support for SSL is built into allmajor operating systems, Web applications, and server hardware-meaning that SSL'spowerful encryption technology helps provide your business with a system-wide, liabilitylimiting security blanket for fortifying consumer con?dence, boosting the percentage ofcompleted transactions, and enriching the "bottom line." Due to recent advances in SSLtechnology, there is a variety of different kinds of SSL. In this paper, we will discuss someof these advances to help you decide which would be best for your organization.
+ SSL OverviewSSL became the standard over a decade ago to ensure the privacy of onlinecommunications. A special data ?le called an SSL Certi?cate is created for a speci?c serverin a speci?c domain for a speci?c entity. Similar to a passport or driver's license, SSLCerti?cates are issued by trusted authorities such as VeriSign. Every entity that receives anSSL Certi?cate must pass some form of authentication that veri?es it is who it says it is.With the explosion of phishing and other fraudulent Web activity aimed at stealingpeople's personal information, identity authentication is more important now than everbefore. The level of identity authentication veri?ed by an SSL Certi?cate differs from oneSSL Certi?cate to another, and from one Certi?cation Authority (CA) to another. With SSL, a private and public key system encrypts the connection between two parties,such as a consumer and a Web site bearing an SSL Certi?cate. When the consumer'sbrowser points to a Web site secured with SSL, a secure handshake between the twosystems authenticates both parties. Each session uses a unique session key for encryption(the longer the key, the stronger the encryption). Once this connection is established thetwo parties can begin a secure session guaranteeing the privacy and integrity of theircommunications. This security is particularly important when people are sharing sensitive,con?dential information over the Internet, an extranet, or even within an intranet. In thecase of e-commerce, a secure SSL connection is critical to doing business, as most Internetusers are afraid to share information with a Web site that doesn't offer SSL protection.A small purchase here, a smaller purchase there, and a reluctance to change age-old buyinghabits or reveal personally identifying information characterizes an enormous segment ofthe world's viable online consumer population. The question remains: Will potentialcustomers feel secure enough in their Internet dealings with your Web site to take ameaningful plunge into the world of transacting online?
3W H I T E PA P E R
+ Server Gated Cryptography: Enabling Strong Encryption for the Most Site VisitorsIf your reputation in the online community depends upon the stringent safeguarding of information processed through your Web site, then your Internet security solutionshould include the strongest encryption available to each Web site visitor. Encryption, as mentioned above, is the process whereby data is transformed into a code that will be indecipherable to an unauthorized viewer. The stronger the encryption, the moredif?cult it is for someone to eavesdrop on your online communications. This is especiallyimportant if you accept any kind of online payments, connect to a bank or brokerageaccount, transmit health records, must meet a governmental or other regulatoryorganization's privacy and security standards, or process any kind of... [download for more]
