SSL protocol
Typing in your credit card information into any Web site can be intimidating, knowing that malicious users are lurking around the Internet.
SSL protocol, originally developed by Netscape, remedies this security issue by encrypting, authenticating, and messaging the codes exchanged between the client and server. These codes prevent outside parties from obtaining confidential user information (i.e., credit card numbers).
To ensure a secure shopping session, use a browser that supports SSL, such as Netscape or Internet Explorer. If connected to a secure site, its URL should begin with "https." In newer browsers, you should see a locked key or solid key symbol at the bottom of the page.
SSL Session
What happens during an SSL session? When a user visits a secure Web site, an SSL session begins with a "handshake": The server authenticates its identity to the client. To do so, the Web site's server sends a digital certificate from a trusted third-party organisation to verify its identity. It also sends over cipher settings to communicate privately with the client during the session for added security.
After receiving the digital certificate and cipher settings, the client can authenticate the serverââ,¬"if authentication fails, the user is notified that the connection is insecure. If authentication is successful, the client sends an encrypted message back to the server using information from the server's digital certificate. Only the server can decipher this message and generate a master secret, which will be used by both parties to encrypt and decrypt messages during the session.
The handshake is complete once both the client and server use the master secret to create session keys, which will monitor closely the date, time, and connection between both parties. Monitoring these activities helps validate the identities of the two parties throughout the duration of the session.
