Tuesday, 16 February 2016

SSL (Secure Socket Layer)



UNDERSTANDING SSL


In the fast approaching technological environment, privacy and online security is a major threat. Whether you are an individual, a business man, a shopkeeper, a bank or a corporate, you always pay extra attention towards physical security as it is a major concern for everybody. The same approach is necessary for online security which will give one a sense of security while sharing private and sensitive information over internet.

In recent years Internet users has crossed the 100 million mark in India. Internet has been used not only accessing information, but also for buying goods and services and paying utilities bills. We have witnessed many instances of credit card frauds and hackers hacking the banking sites. After seeing the instances, many Internet users hesitate sharing their credit card information over internet when they get the offer online. 

In order to provide safer experience over online security, most of the e-commerce sites and banks have integrated SSL (Secure Socket layer) which establishes encrypted connection between two sites, ensuring complete security of your valuable data. 
What is SSL (Secure Socket Layer)-SSL stands for Secure Socket Layer which establishes a secure encrypted connection between visitor’s website with your webpage, so that whatever information is being transmitted is secure between two nodes. SSL has been integrated by most of the sites including Facebook, Gmail, Billdesk, Citibank, eBay and all the financial institutions for providing secured distribution of information such as payment details, emails and other form of information. SSL creates a private and safe channel for you to communicate.
What is SSL Certificate?
SSL Certificate is a digital computer file or computer code that ensures authenticity and integrity of information distributed between two parties over internet. Two parties could be a buyer and seller or a client and a bank.
Authenticity and Verification:-The SSL certificate has the information about the authentic details regarding the identity of the person, nature of the business or website which will display to visitors on your website. This technique will give the visitors a sense of security that they are in the right site where they wish to log on. 

Data Encryption:-The SSL certificate also enables encryption, which means any data exchanged via website cannot be intercepted and read by anyone other than the authentic recipient. 


The popular SSL certificate providers are VeriSign, GoDaddy, Comodo and Digicert. The most popular SSL certificate provider is VeriSign. VeriSign has started issuing SSL certificate in 1995. This is now being acquired by Symantec in August 2010. Any sites who wish to provide secured transaction, they need to buy SSL certificate from them. 
All Symantec SSL Certificates include the Norton Secured Seal, the most trusted mark on the Internet, Symantec Seal-in-Search, and daily website malware scanning so that you can offer customer peace of mind at all points of their online experience. 

SSL certificate protects the identity and verifies the visitor’s sites thus ensuring safer transaction and trust between the buyer and seller. 
How SSL Works?
Encryption: - Information is “scrambled” or transformed in some coded text before sending the data over internet by website, so that it cannot be understood by anyone other than the intended person.
Decryption: - “Un-scrambling”, that means transforming the encrypted/coded text information in its original format.
Keys: - A mathematical formula, or algorithm that is used to encrypt and decrypt information before sending over internet. Each session consist of two keys, that are public and private keys. 
      The public key is used to encrypt the information
      The private key is used to decrypt the information
Browser: - The SSL certificate must be integrated with your browser, such as Internet Explorer, Mozilla Firefox, Apple Safari and Google Chrome. SSL certificate is capable of supporting 128 bit or 256 bit encryption, but certain older browser cannot connect at this level of security. It is advisable that you must upgrade your browser to the latest one for more security and safety. 
How to know that a site is running a valid SSL Certificate?
1.  The address of the website without SSL security will display on browser as “Http”//” in the browser address bar. For example if one wish to do shopping online through ebay site, the address of website will display as “http://www.ebay.in/.

2. That means SSL security for browsing is not enabled and is open for anyone.

3. The moment one wishes to buy anything and select the option, “Buy this”, and the address of website must be converted to “Https://”, which means that website has the validated SSL Certificate. Also it ensures that your information is secured with the vendor’s server. 
For example, on eBay site, if one has selected any product to buy, the address should be converted to “https://signin.ebay.in/” and address bar of browser will turn green.
4. Apart from this, you will also notice the trust mark on the website, which ensures the authenticity of the website.