Secure-Path.NET

The Secure Sockets Layer (SSL) protocol

The Secure Sockets Layer (SSL) protocol has become the universal standard on the Web for authenticating sites and for encrypting communications between users and Web servers. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate or Server ID enables SSL capabilities.

SSL server authentication allows users to confirm a Web server's identity. SSL-enabled client software, such as a Web browser, can automatically check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) — such as VeriSign — listed in the client software's list of trusted CAs. SSL server authentication is vital for secure e-commerce transactions in which users, for example, are sending credit card numbers over the Web and first want to verify the receiving server's identity.

An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, protecting private information from interception over the Internet. In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering — that is, for automatically determining whether the data has been altered in transit. This means that users can confidently send private data, such as credit card numbers, to a Web site, trusting that SSL keeps it private and confidential.

$sub The difference between 128-bit and 40-bit SSL: $subX VeriSign Server IDs enable visitors to verify your site's authenticity and to communicate with it securely via state-of-the-art SSL encryption, which protects confidential information from interception and hacking. SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the %22session key%22 generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Microsoft and Netscape both offer browsers that enable different levels of encryption depending on the type of Server ID with which the browser is communicating.