SecuritySecurity
Secure Electronic Transactions, (SET), is an open standard detailing the use of payment cards over open networks such as the Internet. SET uses digital certificates to authenticate parties involved in a transaction. Introduced by Visa and Master Card, with assistance from technology partners IBM, Terisa Systems, GTE, VeriSign, RSA, Netscape, Microsoft and SAIC. The specification was completed in May 1997.
What is SSL?
"SSL" stands for Secure Sockets Layer. It is a security protocol and emerging standard like HTTP (Hyper Text Transfer Protocol) to transfer information across the Internet. The main difference between the two, is that SSL, developed by Netscape, has made special provisions (via various key encryption schemes) to transfer information securely across the Internet.
Netscape defines its product as "a protocol for providing data security layered between application protocols (such as HTTP, Telnet, NNTP, or FTP) and TCP/IP. This security protocol, called Secure Sockets Layer (SSL), provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection".
SSL will enable a web site visitor's browser to connect and transparently negotiate a secure communication channel. Once this connection has been made, information can be exchanged with theoretically no chance of any unauthorized third party interpreting the data.
How does it work?
Quoting from the technical specifications on Netscape's Data Security page on Secure Socket Layers:
SSL provides a security "handshake" that is used to initiate the TCP/IP connection. This handshake results in the client and server agreeing on the level of security they will use, and fulfils any authentication requirements for the connection. Thereafter, SSL's only role is to encrypt and decrypt the Bytestream of the application protocol being used (for example, HTTP, NNTP, or Telnet). This means that all the information in both the HTTP request and the HTTP response are fully encrypted, including the URL the client is requesting, any submitted form contents (including things like credit card numbers), any HTTP access authorization information (user names and passwords), and all the data returned from the server to the client.
Even after the server software is installed and operating on a particular system, the site is still not in secure mode. There remains one essential step necessary to insure that the server has the proper security verification: the registration of that site's encrypted key pair, generated by an encryption authority (such as Verisign). Without having an installed and verified encrypted key pair, the site is no more secure than any other Web server.
Restrictions:
The restriction for utilizing SSL or a SSL-enabled product is a propriety one... i.e. it requires specific browser software to fully integrate all of the encryption schemes necessary to maintain security.
The following browser's are security enabled: Netscape Navigator, (UNIX/Mac version 1.12 and later or Windows version 1.22 and later), IBM Internet Connection Secure WebExplorer (version 1.1) for OS/2, Delrina Cyberjack Web (version 7.00), Prodigy Web Browser (version 1.4b), Internet MCI (version 1.0), and Microsoft's Internet Explorer.
For any other questions or
concerns regarding the security of Global Health Mall.com, please feel free to
contact us at:
Toll Free: 1(800)617-7407
Local: 1(780)424-3224
Facsimile: 1(780)425-9252
Mail:
Global Health Mall
2703, Toronto Dominion Tower
10088-102 Avenue
Edmonton, Alberta, Canada.
T5J 2Z1