SSL Secured Sockets Layer Lori Fitterling LI843 What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption and enabled by a server's SSL Certificate. An SSL Certificate contains a public key and a private key. A public key is used to encrypt information and a private key is used to decipher it. When a browser points to a secured domain, an SSL handshake authenticates the server and the client and establishes an encryption method and a unique session key. They can begin a secure session that protects message privacy and message integrity. SSL Does These Two Things Authenticates the server and the client using public- key signatures. Provides an encrypted connection for the client and server to exchange messages. SSL & E-Commerce Developed by Netscape in 1994 for transmitting private documents Has become the standard for e-commerce transaction security SSL encrypts data, like credit cards numbers and personal information Uses either 40-bit or 128-bit encryption I found that 40-bit encryption has been hacked Reasons Why You Would Use SSL If you have an online store or accept online orders and credit cards If you offer a login or sign in on your site If you process sensitive data such as address, birth date, license, or ID numbers If you need to comply with privacy and security requirements How to get an SSL Certificate Buy one from vendor – Can run about $400.00 per year. Or “self-sign” your own certificate using proprietary software. Self-Signed certificates will trigger a warning window in most browser configurations that will indicate that the certificate was not recognized. Example of a SSL security alert Libraries Using SSL White Library -- My Library Account To comply with license agreements that only allow access to authenticated users -- databases and electronic journals Websites About SSL Media Lab: http://medialab.di.unipi.it/doc/JNetSec/jns_ch11.htm SSL.com Knowledgebase: http://info.ssl.com/article.aspx?id=10241 WiseGeek: http://www.wisegeek.com/what-is-ssl.htm Ourshop.com: http://www.ourshop.com/resources/ssl.html