Cyber Safety Glossary
Also Known As:
Public-key digital signature, Message Authentication Codes.
It is routine to be asked to show photo ID when paying with a check. Very few people think twice when a sales clerk verifies a signature before handing back a credit card. The photo and the signature are used to verify that the person making the purchase is who he says he is.
Because there is no physical way to verify the identity of a person making an online purchase, businesses rely on what is called a digital signature. A digital signature ties a person to a specific address, in this case an email address and possibly a street address, and a unique identifier — a password. The two pieces of unique information, address and password, identify the person. Once a digital signature is established, the online business or organization can convey special privileges, such as creating personal shopping lists or identifying and receiving news stories on specific topics. To buy something online, one more step is required — linking credit card and billing information to the digital signature.
Trust Goes Both Ways:
Digital signatures are good for the online business, but what is the business doing to assure the consumer that it is a legitimate enterprise? Reputable businesses verify their identity by obtaining and displaying certification from trusted third parties. These third parties can be the Internet service provider that hosts the Web site or certification companies.
The certification process involves a thorough review of the business. After a successful review the certification company issues a digital certificate authenticating the Web site. Digital signatures and digital certificates create the foundation of trust on the Internet.
Keeping Financial And Identity Information Secure:
One of the reasons why you should never send sensitive information — credit card or bank account information — via email is because it can be viewed by anyone with a measure of technical ability. Email, in effect, is sent over the Internet in plain text. Credit card and other sensitive information on a certified website, however, are not transmitted in plain text. The data is encrypted — locked away and effectively hidden — from prying eyes.
Companies with valid digital certificates use a form of encryption called public-key cryptography. When a purchase is made and credit card information is transmitted, a “public key” locks the transmission — encrypting it and effectively hiding key information in the transmission. Only the certified business has the “private key” that can open it.
Recognizing Sites That Are Secure:
When determining whether a Web site is secure, the first thing to look for is a logo of a certification company on pages that are asking for sensitive information. That indicates the page is likely certified. However, don’t rely on certification logos alone. Online thieves have shown the capability to highjack browsers and mimic or spoof legitimate looking websites. A more reliable check is to look at the URL in the browser window to see if it displays “https:” at the beginning, instead of “http:” The “s” means the Web page resides on a secure server. Https should appear on any page where sensitive information is requested.
Internet Explorer users can determine a Web site’s encryption level and certificate information through the following:
On a page that asks for a digital signature or credit card information, right-click on the page. Then select Properties. A box will appear and will give information on the level of encryption — 40-bit or 128-bit. 128-bit is the highest level. Click the Certificates button to find out which organization issued the digital certificate.
Netscape users should follow these steps to see what level of encryption is protecting their transactions:
On the secure page, click the Security button in the Navigator’s toolbar. The Security Info dialog box indicates whether the Web site uses encryption. If it does, click the Open Page Info button to display more information about the site’s security features, including the type of encryption used.
Taking these steps helps ensure secure transmission of sensitive financial and identity information.