Introduction to Secure
Internet Commerce & E-mail
|
S/MIME
(Secure/ Multipurpose Internet Mail Extensions) is a protocol that allows
digital signatures to be added to and encryption of Internet electronic mail.
S/MIME makes it possible for people to send secure e-mail messages to each other
even if they may be using different e-mail applications. All
of today's most common e-mail applications support the S/MIME protocol. SSL
(Secure Sockets Layer) is a protocol developed by Netscape Communications
Corporation to provide security and privacy for transmissions over the Internet
by using both data encryption and authentication of the server and, optionally,
the client. You
can identify a web page that is secured through SSL in two ways: your browser
will display a lock icon, indicating that SSL has been enabled; and the web
site's address or URL generally starts with "https://" rather than the
usual "http://".
What
is the difference between a 40-bit SSL connection and a 128-bit SSL connection? 40 bit or 128 bit is the size of a symmetric key used for the encrypted communication in SSL between the client and the server. 128-bits
is considerably more secure than 40, in fact, 128-bits is over 309 septillion
times larger than 40-bits! It
is estimated that it would take even a supercomputer billions of years to crack
a message encrypted using 128-bit encryption. Many
financial institutions require 256-bit encryption for online banking because
40-bit encryption is considered to be relatively weak.
What
can users do to assure themselves of a web site's identity? A
Server certificate, when installed on a web server, serves two
main purposes. It enables a secure SSL connection between a client and a
server, and it ensures the server's identity. If
a Web site has been secured, viewers of the site can verify the server identity
by clicking on the lock icon that will appear at the bottom of the browser. In
addition, information about a site's digital certificate can be viewed through
the Security icon in Netscape or by accessing the View > Internet Options
> Content > Authorities
section in Internet
Explorer 4.x or Tools > Internet Options > Content > Certificates
in Internet Explorer 5.0.
What
does it mean when a lock appears on my browser? A
lock icon indicates that your browser has connected to a web page that has
enabled a Secure Sockets Layer (SSL) connection. Think of this as a secure
pipeline that prevents anyone from intercepting any sensitive or confidential
data (such as credit card numbers) that is transmitted between you and the web
server. Most
web servers, including Microsoft IIS, Apache, Java Web Server, and Netscape
Enterprise support SSL connections. If
you run a web site and wish to establish secure SSL connections between yourself
and your customers or business partners, installation of a Server certificate will provide you with that functionality.
What
kind of web sites should use SSL? Any
web site that relies on sensitive or confidential data being sent over the
Internet should be using SSL to provide the greatest amount of security possible
during transmission. Anytime on-line purchases of goods with credit cards are
made or monetary transactions are carried out, the security of SSL is required
so that only the client and the merchant or services at the web site have access
to the private information.
Who
should set up a secure web site? Any
web site that requires the transmission of sensitive data (credit card numbers,
personal information, financial information) between the client and the web
site, and vice versa, should have a Server certificate to
enable a secure SSL connection. As
well, a Class 3 Server certificate purchased through IDRBT CA assures existing
and potential customers of the validity of a web site owner's identity.
Is
SSL always enabled on a web site? Rather
than being enabled on the entire web site, SSL is typically only enabled on
those specific web pages that require secure connections. With an SSL
connection, the information going back and forth between the client and server
is subjected to an encryption process that slows down that particular
connection�you can't really detect the reduced speed difference when
connecting to a single page, but if all of a web site's pages were encrypted,
the reduced performance would be quite noticeable.
IDRBT
CA's web site has everything you need to know about getting a certificate
(Server certificate) that will allow your web server to establish an SSL
connection, or enable you to send S/MIME encrypted e-mail.
|
