Online Security

eCommerce is a reality. Businesses have developed applications for the Internet selling everything from expensive homes to individual CDs, from vacation trips to retirement investments. Almost any product or service available in the "face to face" market is now, or will soon be, available on the Internet. Payment for these goods and services has added a complexity to business. The credit card industry, already under siege by fraudulent use of stolen credit cards, has an even more difficult challenge since the retailer cannot physically verify the user of the card. One of the key requirements of these new business applications is the ability to establish trusted relationships between those who operate within the eCommerce arena. [Top]

How can e-business achieve a high confidence level among the participants: the buyer and the seller? The latest technology to attempt solve the trust- relationship need is digital certificates. The system that enables managing this digital certificate is known as public key infrastructure (PKI). [Top]

Digital Security

What is a digital certificate?
A digital certificate holds vital identification information about the bearer. Typically this includes unique name of the owner, the name of the issuing certificate authority, unique serial number, period of validity and digital key. The digital key is used to encrypt and decrypt information and digitally sign e-mail or electronic forms. [Top]

What is PKI all about?
Public key infrastructure (PKI) is a system that provides the means to manage the digital certificates throughout their life cycle. The PKI operates within a secure environment to allow for the issuance, maintenance and revocation of digital certificates. The figure below outlines the current use of the Digital Certificate. What is clearly shown is the method of how the client (or user) logs onto the server and obtains the Certificate. Once obtained, and the connection verified, the client (buyer) and server (seller) are able to conduct business. There is one major deficiency in the current certificate architecture. What is not shown in this figure, is the process that first provides the certificate. The critical element missing in all certificate systems is knowing that the client (buyer) and the server (seller) are both credible people or business entities and the identity that they profess to own is indeed their own. [Top]

What is a Certification Authority?
Today, certification authorities (CAs) are used to vouch for identities of the individuals and organization using digital certificates. The idea behind having CAs is to allow two or more people who do not know each other to be able to trust each other's asserted identities. Individuals or organizations initially submit to a CA for a digital certificate. Once a digital certificate is issued, the CA is used to verify the identity of parties involved in a business transaction who do not know each other. [Top]

How does authentication work?
The process of being authenticated and obtaining a digital certificate is similar to the process of obtaining a driver's license. The driver's license is a certificate of identity widely recognized in the United States. The state's seal is an endorsement by the state that the identity and other personal information listed on the license are undeniably bound to your photograph. When the license is presented to a party who does not know you, the party need only match the photograph to your physical presence to verify the associated information. Following the public key and private key pairs used in digital certificates, the photograph and signature are the public key. When the photograph is matched to the person's face, the party will conclude that the other identification information on the license is correct because it has been vouched for by the state of issue. [Top]

SSL (Secure Socket Layer)

What is SSL?
Secure Sockets Layer, SSL, is the standard security technology for creating an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. In order to be able to generate an SSL link, a web server requires an SSL Certificate. InstantSSL is such a Certificate, and when installed, can be used to create secure links to protect transactions, passwords, personal details, etc.[Top]

Why does Global Virtual Payments require SSL?
Global Virtual Payments' solutions require that our clients’ Web sites ensure the security and integrity of customer transactions. Although our software does encrypt credit card information when we send the information for verification, we still receive that information via your Web site. So customers need assurances that the information they enter on your Web site is safely protected. Also the banks that you have established Internet merchant accounts with require that SSL protocol be in place. Digital certificates, such as SSL help verify the authenticity of your business and Web site. [Top]