Our web based store and payment processing system is secured with the latest SSL certifcates and is regularily scanned for malicious and third party intrusion attempts.
The traditional Hypertext Transfer Protocol (HTTP) provides no security mechanism; it transmits data in plain text, does not support identity authentication, and cannot prevent data from being tampered with during transmission. This is where the Secure Sockets Layer (SSL) comes in.
SSL was first proposed by Netscape. Integrated with data encryption, identity authentication, and message integrity authentication mechanisms, it can ensure the security of data transmitted on the network. SSL can provide security connection service for HTTP, improving the security of the World Wide Web (WWW) dramatically.
SSL features these benefits:
·Higher security. Integrated with data encryption, identity authentication, and message integrity authentication mechanisms, it can ensure the security of data transmitted on the network.
·Support for various application layer protocols. SSL was originally designed to solve the security problem on the Web. However, as it resides between the transport layer and the application layer, it can provide security service for any application layer protocol that employs TCP connections.
·Simple to deploy. Currently, SSL has become a global standard for identity authentication between the browser and server. It has been integrated into most browsers, such as IE, Netscape, and Firefox. This means that almost every computer with a browser supports SSL connections, without requiring any extra client software.
SSL provides these security mechanisms:
·Confidentiality: SSL uses a symmetric encryption algorithm to encrypt data to be transmitted.
·Identity authentication: SSL supports certificate-based identity authentication of the server and client by using the digital signatures, with the authentication of the client being optional.
·Message integrity verification: SSL uses Message Authentication Code (MAC) algorithms to verify message integrity.
Data being transmitted on the network may be intercepted and stolen easily. SSL can ensure the confidentiality of data in transit by establishing an encrypted channel between the communication peers.
With this encrypted channel, the data sender encrypts the data to be transferred by using an encryption algorithm and an encryption key before sending the data, while the receiver uses the corresponding decryption algorithm and decryption key to retrieve the data. No one else can get the key and retrieve the data. This ensures the confidentiality of the data.
Encryption/decryption algorithms fall into two categories:
·Symmetric algorithm: The encryption and decryption processes use the same key.
·Asymmetric algorithm: The encryption and decryption processes use different keys of a key pair. A key pair consists of two keys, one is the public key, and the other is the private key, which is kept secret by the user. Data encrypted with the public key or private key of a key pair can only be decrypted by using the private key or public key or the key pair.
Compared with asymmetric algorithms, symmetric algorithms feature high speed and usually apply to scenarios where large amounts of data need to be encrypted, for example, when all packets need to be encrypted. Asymmetric algorithms are usually used for digital signature and encryption of a little information.
An SSL encrypted channel uses a symmetric encryption algorithm to encrypt data. Currently, SSL supports these algorithms: Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), and Advanced Encryption Standard (AES). These algorithms can effectively prevent data from being eavesdropped.