Why Is Authenticated SSL Necessary?


Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade.

In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between parties involved in online transactions over digital networks. Regardless of whether commerce takes place in the digital world or in the physical world, the parties involved must be able to answer these questions:

  • Who are you? (Requirement of identity)

  • To what community do you belong? Are you a trusted member? (Trust by association)

  • How can you prove your identity? (Validation of identity)[1]

Customers must be assured that the Web storefront with which they are communicating is genuine and that the information they send via Web browsers stays private and confidential.

Encryption

The Web presents a unique set of trust issues, which businesses must address at the outset to minimize risk. Customers submit information and purchase goods or services via the Web, only when they are confident that their personal information, such as credit card numbers and financial data, is secure. The solution for businesses that are serious about e-commerce is to implement a complete e-commerce trust infrastructure based on encryption technology. Encryption, the process of transforming information to make it unintelligible to all but the intended recipient, forms the basis of data integrity and privacy necessary for e-commerce.

Authentication

Encryption is not enough; it is imperative that your Web storefront is also authenticated, which will improve Web storefront visitors’ trust in you and your Web storefront. Authentication means that a trusted authority can prove that you are who you say you are. To prove that your business is authentic, your Web storefront needs to be secured by best-of-breed encryption technology and authentication practices.

Digital Certificates

As previously discussed in Chapter 18, a digital certificate is an electronic file that uniquely identifies individuals and Web storefronts on the Internet and enables secure, confidential communications. Digital certificates serve as a kind of digital passport or credential.

Typically, the “signer” of a digital certificate is a CA. Some digital certificates are authenticated trusted authorities, but unfortunately there are CAs that provide unauthenticated SSL certificates. This practice exposes online users to the risks of false online storefronts operating on the Internet. Authenticated SSL certificates enable a Web storefront visitor to securely communicate with the Web storefront, such that information provided by the Web storefront visitor cannot be intercepted in transit (confidentiality) or altered without detection (integrity), and to verify that the site the user is actually visiting is the company’s Web site and not an imposter’s site (authentication).

Finally, a CA assures trust by coupling its authentication service with state-of-the-art encryption technology in its digital certificate solutions. Your online storefront will only be issued an authenticated SSL certificate after:

  • Verifying your identity and confirming that your organization is a legal entity

  • Confirming that you have the right to use the domain name included in the certificate

  • Verifying that the individual who requested the SSL certificate on behalf of the organization was authorized to do so[1]




Electronic Commerce (Networking Serie 2003)
Electronic Commerce (Charles River Media Networking/Security)
ISBN: 1584500646
EAN: 2147483647
Year: 2004
Pages: 260
Authors: Pete Loshin

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net