layer

What is SSL?

A Secure Sockets Layer, or SSL, is a protocol for transmitting data securely over the web. SSL uses two keys, a public key, to encrypt outgoing information, and a private key, for decoding the information on the receiving end, to ensure end-to-end encryption so that information is not compromised or stolen during transfer. The information is unreadable while in transmit.

There are a few ways to distinguish a SSL protected page. It is protocol for the URL to begin with “https” instead of the common “http,” where the “s” stands for “secure.” There is also a padlock icon at the bottom of the page. These signs signify that all incoming and outgoing information to the webpage is secure.

How is SSL connection established?

Most SSL communications occur between a web browser and a server. To establish a secure connection, a process called an SSL handshake takes place between the two network applications. The client (most often a web browser) sends information from its SSL certificate, including the client’s SSL version number, location of issue, and information about the certificate holder. The server responds by sending information from its own SSL certificate, including the server’s public key, which the client uses to authenticate the server. If the server’s SSL certificate is invalid or expired, a warning message will appear. The client creates a unique pre-master key based on the server’s public key, which it then sends to the server along with the clients own authentication information. The server authenticates the client and generates the master key based on the pre-master key created by the client. Using information from the master key, both the client and the server generate symmetric keys, which they will use to encrypt and decode information between each other during this session. The client sends information alerting the server that all following information will be encrypted using the session key, and the server sends a similar message back to confirm. The handshake is now complete.

Why is SSL important for E-commerce?

In order for a website to set up a secure connection for e-commerce, a site needs an SSL certificate. SSL is an important foundation tool for e-commerce. Credit card fraud and identity theft are becoming more of a problem than ever with the rapid advancement of internet and media technologies. These dangers create customers wary of giving their personal information to a site where they believe that their name and credit card number could be stolen. Customers want to know that their information isn’t going to be accessed by third party sites before they are willing to consider giving their information.

An important factor in making successful online sales is building customer trust in your site. Letting customers know that an e-commerce site offers SSL protection gives the site credibility and encourages customer trust.

- By Kristin Ige of Atak Interactive, Inc.