Online Security and Certification

by Shaleen S
One wouldn’t be surprised if every once in a while, one hears people concerning themselves about online safety whenever there is a transaction. As per the data compiled in 2005 by the “Forrester Research”, 84% of the population though that the online retailers were not providing enough security, and 24% of the people did not at all perform online transactions because of the same reason.

But it’s not the same anymore. Another research suggests that a large amount of population did not knew what the lock symbol meant whenever it appeared. The lock symbol signifies that the website is secured and the information is sent only to the intended party. And for that reason each symbol is associated with two things. A PKI(public-Key Infrastructure) and CAs(Certificate Authorities) that gives out the digital certificates and owner’s identity. And in this way SSL(Secured Sockets Layer) connection is established between the parties. An SSL connection encrypts the data, so it is virtually impossible to retrieve any information by keylogging or any such method. SSL has many application and it is used more than one can imagine in places like email addresses, simple web browsing, instant messaging etc. One of the easiest way to recognize this by looking at the URL, or the web address. While most of the websites start with “HTTP”, a secured website will start with “HTTPS” where the extra ‘s’ indicates that it is a secured connection. The successor to the SSL is called TLS(Transport Security Layer). TLS is an upgrade to SSL that provides more security. There have been several version of it, and upgrades keep on happening with the changing need of security and increasing online transactions.

Just like most of the things expire, the certificates expire also, and hence have to be renewed.The certificates can expire in several ways, but mainly because their issuance is over, the company itself revoked it, or the CAs revoked it. Therefore, one has to be careful about the fine line. One can always verify the authenticity of the website by looking at the digital certificate. Again, there are two ways two check the certification. Either by CRL(Certificate Revocation List) or by OCSP(Online Certificate Status Protocol). CRL is a very tiresome process because say for instance there were 200,000 certificates revoked, then the browser will slow down because it has to verify a list of 200,000.  OCSP is a newer approach. It checks the live status of a certificate and gives out real-time information. Most of the browsers come pre-installed with OCSP.

With all these facts in mind, online transactions have become much safer and secure and easy to use. But repeatedly, one always has a slight concern in the back of the mind.

 

Reference:

Winkle, William V. “Processor Editorial Article.” Object Moved. 24 Apr. 2009. Web. 07 Apr. 2012. <http://www.processor.com/editorial/article.asp?article=articles/p3113/48p13/48p13.asp>.

6 thoughts on “Online Security and Certification”

  1. I agree with this article; many users do not know the security methods that are being implemented in the back end of online transactions. I know people who hesitate to shop online because they are concern about identity theft or about their credit cards being out there in the internet. Even I, who knows about the security of the web, sometimes hesitate to shop online because I do not trust some websites even when they have Verisign or HTTPS on the address bar. It is true that many people are skeptical of e-business but we, as CIS students, need to educate them and promote online shopping.

  2. I just learned about SSL from reading this article. The article also points out that it could be problematic to use the CRL especially if the user has a slow internet connection. It says that if the Certificate Revocation List is too big, it can slow down the browser and cause other problems.

  3. I agree with this article in the term that many people don’t know how to identity if a website their using is secure or not. Websites that have SSL or HTTPS are the most secure site, however people don’t know what these term mean or how it looks like. I have never heard of CRL until this blog post and have to wonder have affect CRL is to SSL or HTTPS.

  4. Thank you for sharing a very insightful article, it is true that a lot of us don’t know about the securities and certifications about the websites but now as the world is submerging into online activities such as social interactions and online banking its more important for everybody to secure their identity by learning more about it. The age of getting robbed at the bank is highly unlikely at this point in time crime has become more sophisticated, without having good security and certification there is nothing stopping the common individual from getting robbed.

  5. I’m surprised at the number of people who thought online providers weren’t providing security. Yet I can understand those who are reluctant to conduct online transactions for that very reason. I always look for the lock or https when considering a purchase from a vendor. I especially like the section of your article about how digital certificate. Although I know what it means when my browser warns me a website’s digital certificate has expired, I am willing to bet many people ignore the message because they have no idea what that means.

  6. Your article makes me wonder what people think about online security now (since your poll was taken in 2005). I remember learning about the SSL and the HTTPS in CIS 310, and am starting to realize how important it is to always to be aware of whether a website has this or not. This article helps keep people educated on something as important as their finances, and is something i would share with my parents who are not as knowledgeable about internet security.

Comments are closed.