News

The latest news from Comodo

Businesses, Websites Protect Confidential Information with EV SSL Certificates

Jersey City, NJ, September 01, 2009 - In order to make the business of exchanging information on the Internet as clear as possible, even among different platforms and languages, software developers have designed a clear standard of communication. That standard is called the Hyper Text Transfer Protocol (HTTP).

The disadvantage of such a clear protocol is that anyone who intercepts an online transaction can easily read it unless it has been altered. The computers exchanging the information can agree upon a method to disguise it. The text can be changed using a process called encryption. When computers exchange encrypted text, the protocol is called HyperText Transfer Protocol Secure (HTTPS).

The two computers agree to transpose the message into an unintelligible "hash" of characters. For example, instead of plain characters, encrypted text looks like this:

D91172E6C30776967C3714A0F1B34BC58922540DD0DBA0AEE5A1AB73EE19 F1B5039E4EFE102FFABDE6FEB9D712C22270250A7A57710D6E5B0C9696B9 8A7CB217ED7BCAD1C56A43FC52B9E793337ED789668F7BECF9B3BDE2D37E 972BE099432C1F1BC76B24550E1932765FABA9EA86BD54CB28D65690BE61 5C8EC2E60D4E7182EE112E086AFD9D497ECB006C3213B8C94AC8844FE83F 783C1511D1A0C0630DB8B2267F83F0318438FC3CC5D2FE9AE221D73ADEFB DC571A505F032FD488580982441AC1814AFD5C45F95CBF4E6989C9A23840 A953363D75B9E35A4A688B010DFAC96E23321E1B3A2BC7AF3BBEF3ACF110 E0C15AFC702353956D9C7CECE4DF447BB38BE8E559239D21AE904E080090 2A360E3CAB162787218422B9F0E6869CD7712A34099FE2718083EAE8C413 E468E0E8CC98AE26E9432B0E7252858930D94296

HTTPS uses a document called a "digital certificate" to create the hash file. Only the owner of the private key associated with the digital certificate can read or understand the encrypted communication.

Most popular Internet browsers acknowledge SSL communications by displaying a small yellow padlock appears in their bottom right-hand corners.

Recently hackers have discovered that they could buy SSL certificates online, without their trustworthiness being checked. The only verification is a series of email challenges that determine whether the applicant has some access to the domain name listed in the purchased certificate. If a hacker passes the email test (even if he or she is not the legitimate owner of the domain), he or she receives a "domain-validated" SSL certificate, enabling the browser to display the golden padlock.

Many Internet users believe that the padlock signals that their online communications are safe. Although the hacker is using encryption, these low level certificates do not give any guarantee that a user is communicating with the right company. Their information may be securely transferred straight into the hands of a thief.

Checking a website's certificate is a good practice that helps netizens avoid spoof websites, sometimes called "phishing" sites. To check the certificate, click on the padlock. The browser will display the name of the owner of the certificate. This name should match the name of the website operator.

Companies requiring digital certificates have a better alternative for online communications: Extended Validation (EV) SSL certificates. To receive EV SSL certificates, online businesses must be verified as to their business identity and their existence. A business must be verified by a certificate authority, both that it is an existing business and that it has exclusive control over the domain.

When Internet users access a website using an EV SSL Certificate, they receive a special confirmation. All popular browsers turn their address bars bright green as an indicator that the business has passed the more complex validation process, adding a visual reassurance that this online transaction is with a confirmed entity.

Seeing a site with an EV SSL Certificate confirms two essential factors:

  • That the user has a secure SSL (encrypted) link with this website
  • That this website represents a real organization

To learn more about the protection provided by EV SSL certificates, visit cabforum.org/certificates.html or enterprisessl.com/.

About Comodo

The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL, Code Signing, Content Verification and Email Certificate; award winning PC Security software;  Vulnerability Scanning services for PCI Compliance; secure e-mail and fax services.   

Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and 3,000,000 users of our desktop security products. 

For additional information on Comodo - Creating Trust Online® visit Comodo.com

For more information, reporters and analysts may contact:

Comodo
Email: media-relations@comodo.com
Office: +1 (888) 266-6361