GS Logo
The Green Sheet, Inc

Please Log in

A Thing

Links Related
to this Story:


Send an Email to:


Understanding Web Site Security

By Joel Rydbeck

Have you ever wondered what makes a Web site secure? What does the lock in the bottom corner of the screen mean? Why does Web site security matter?

When surfing the Internet, we occasionally receive messages delivered in "popup windows" that tell us whether Web sites are secure. The terms used to relay this information are usually pretty technical, and they don't mean much to most people.

For example, do you know what "HTTPS," "SSL," "Secure HTML" and "128-bit encryption" really mean?

To translate, all of the terms I listed convey roughly the same thing: Data are being encrypted for security purposes. For simplicity, I'll use the term "Secure HTML" as I describe what actually happens in this process.

The idea behind secure HTML is to ensure that the data passing between your computer and a Web site are completely secure. Secure HTML ensures that only the company with which you intend to communicate receives and views the data you send. This technology also ensures that the information you view comes from the company and not some imposter or hacker. How does secure HTML work? Basically two technologies are at play: digital certificates and encryption.

Digital Certificates

Companies obtain digital certificates to demonstrate that they really are who they say they are. Digital signing authorities, such as VeriSign Inc., an Internet and telecommunications service provider, issue and digitally sign certificates for online businesses.

The certificates are then tied to a company's domain name. For example, Bank of America Corp. (BofA) has a certificate that validates the bank on the Internet as https://www.bankofamerica.com .

Encryption

When you send information to a secure Web site, the data are encrypted. Wikipedia.com, a free online encyclopedia, defines encryption as "the process of obscuring information to make it unreadable without special knowledge." For example, when the sentence "Your bank account balance is $434.56" is encrypted, it's turned into something illegible like "D*#$D^KtRU(*#JKE(EDJS&#SJS8za83."

The data encryption process makes it very difficult for hackers to see your account balance if they intercept the data en route to or from a bank's Web site. On the flip side, anything that is encrypted must also be "decrypted"; encryption allows both parties to decrypt the information sent and received.

Combining encryption with security certificates creates secure Web sites that not only secure data, but also certify that the data have come from the company you think they have come from. When I go to BofA's Web site to access my bank account, several things happen. First, my computer checks to make sure that the BofA Web site that I see is the bank's real site. It reviews the certificate received from the bank and sees that VeriSign has signed it.

The bank then sends my computer a digital signature to use when sending information. Both parties will encrypt all exchanges during the session with digital signatures.

How do you know this security is in place? Remember the lock I mentioned that appears in the bottom of your Web browser? This lock indicates that the communication between your browser and the site with which you exchange information is secure.

Certificates do expire, and the registering company (in this case BofA) needs to renew its certificate. If the company misses its renewal date, you'll occasionally see a popup that says "The certificate for this Web site is expired."

You might also see a popup that indicates a certificate doesn't match the Web site you have visited. Take note of these messages, and inform the Web sites. The information you send might not be going to the company to which you think it's going. When in doubt, remember that a Web site that displays the lock graphic in the bottom corner of your Web browser is providing a secure and safe exchange.

Joel Rydbeck, Chief Executive Officer of Nubrek Inc., brings his strong background in e-commerce and business process automation to the merchant services industry. Nubrek offers eISO, a software application that tracks clients and provides automated commission and residual calculations. For more information visit Rydbeck's blog: www.merchanttechnology.org, e-mail him at joel@nubrek.com or call 877-390-1887.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Back Next Index © 2005, The Green Sheet, Inc.