SlideShare a Scribd company logo

Thawte EV SSL: A New Revolution for Trust

RapidSSLOnline.com
RapidSSLOnline.com

Thawte EV SSL or Extended Validation SSL Certificate from Platinum Partner Company RapidSSLOnline is new revolution for Trust & Confidence on the internet.

Technology
1 of 8
Download to read offline
Thawte EV SSL: A New Revolution for Trust RAPIDSSLONLINE IS A LEADING PLATINUM PARTNER COMPANY OF THAWTE Jim Armstrong
Thawte Extended Validation SSL Certificates: A New Revolution for Trust & Confidence Many consumers have reservations about trusting web sites, which impacts their willingness to complete e-commerce transactions, financial transactions with their banks, and other tasks involving transmission of sensitive information. The growing frequency of web site scams – such as phishing and pharming – creates an atmosphere of fear and uncertainty. In a 2006 report, Gartner estimates that more than 41% of U.S. adults received phishing emails, 46% changed their purchasing and online behaviors as a direct result of security concerns, and 10% reduced their online spending by at least 50%. As a result, nearly $2 billion may have been lost in sales – all due to consumer concerns over security. When SSL was originally conceived, the Internet was a simpler place; a web site either did or did not need the encryption and authentication that an SSL digital certificate provided. Today’s security needs are more granular. For example, some web sites simply need basic encryption to protect site user names and password; other sites need to handle extremely sensitive personal information and need stronger encryption as well as in-depth web site owner identity verification. Certification Authorities (CAs), such as Thawte, have refined their product offerings to meet these differing objectives. For example, web sites requiring only basic encryption and minimal identity verification can opt for a less
expensive, rapidly issued Thawte® SSL123 Certificate domain validation certificate. At the other end of the spectrum, Thawte offers the highly-trusted Extended Validation (EV) SSL certificate for web sites that handle extremely personal and sensitive data. The EV certificate standard was developed by the CA/Browser Forum, an independent industry group, which also developed auditing guidelines to define and control the procedures used to validate and issue these certificates. When an EV certificate is in use, web browsers provide enhanced visual cues, making it clearer for consumers to determine with whom they are dealing, and whether the connection is secure. The latest version of every major web browser supports EV certificates, and most top e-commerce and banking web sites rely on EV certificates to more effectively achieve a higher level of trust from their customers. Who Do You Trust? The two primary purposes of an SSL certificate are to: • Authenticate that a company’s web site is valid • Encrypt communications between the web server and the customer’s web browser Any digital certificate – with its public and private key pair – could conceivably be used to achieve encryption. The trust aspect of an SSL certificate comes from the identity verification procedures used by the CA that issues the certificate. It is the CA’s responsibility to determine who actually owns the domain for which the SSL certificate will be used, and to ensure that the site owner is a legitimate business
entity worthy of trust. An SSL connection should, then, help consumers develop trust: When on a phishing web site (a malicious site that masquerades as a legitimate site), consumers would not be able to establish an SSL connection, or would be able to examine the SSL certificate and see that the business they were dealing with is not the one they expected. However, traditional SSL certificates have, over time, fallen short of meeting these requirements in certain situations. The Problems with Traditional SSL It has always been relatively easy to counterfeit an online business. In 1995, when SSL certificates were created, web scams were few and far between. A traditional SSL certificate provided the security and reassurance people needed. There were few, if any, web sites attempting to deliberately counterfeit legitimate business web sites. Simply having the lock icon appear in your web browser – a sign that an SSL connection had been created – was enough reassurance for most consumers. Times have changed. Web scams are more sophisticated, and scammers often obtain SSL certificates that include only validation of the web site domain name – not the identity of the scammers or their business. As a result, counterfeit web sites can offer consumers an SSL connection, limited as it might be. Consumers see the lock icon, believe the site is legitimate, and proceed in using the counterfeit site. Consumers could examine the certificate from within their browser, but few users are technically sophisticated enough to realize that they should do so. Some scammers even obtain full SSL certificates from less stringent CAs, meaning the scammers can obtain digital certificates attesting to an incorrect identity. In these instances, even a knowledgeable consumer who examines the SSL certificate presented by the site might well be fooled. EV certificates seek to address and resolve this problem.
EV SSL Because EV is a joint effort between CAs and browser vendors, it offers two distinct advantages over traditional SSL certificates: • The EV browser does a better job of raising certificate visibility within the browser’s user interface (UI) • The CAs permitted to issue EV certificates conduct more thorough identity verification of certificate requestors The CA/Browser Forum consists of more than 20 browser manufacturers, CAs, and WebTrust authors along with the American Bar Association’s Information Security Committee (ABA-ISC). The standard is under continual development to help combat evolving forms of online fraud. The EV certificate issuance guidelines define a set of best practices and standards that must be followed by CAs who issue EV certificates, and CAs must pass regular, independent audits of their processes to prove that they follow those guidelines and are worthy of issuing EV SSL certificates. Technologically, an EV certificate functions like a traditional SSL certificate, even in older browsers that do not explicitly support the EV standard. Newer browsers, however, recognize key elements of the EV certificate, which permits those browsers to display extended UI cues that bring critical security and trust information to the forefront of the user experience. User Experience Improvements A key aspect of the EV standard is enabling web browsers to do a better job of communicating identity and trust-related information to the end user. The EV standard details a number of best practices to help improve the user experience.
GREEN MEANS TRUSTED Chief amongst the user experience improvements is the guideline that EV certificates visually change the browser’s address bar in some way, utilizing the color green – globally recognized as a “safe” or “proceed” color – to indicate the presence of a valid EV certificate. Different browsers implement this guideline in different ways, but all utilize the color green. All display the business name, not the web site domain name, of the entity to which the EV certificate was issued (see Figure 1). Browsers may also toggle the business name with the name of the CA who issued the EV certificate, clearly communicating to web users the company who is attesting to the business’ identity. Figure 1: Visual cues enable users to recognize an EV certificate is in use. Counterfeit web sites cannot display the green address bar when using a traditional SSL certificate and a counterfeit web site would be unable to obtain a valid EV certificate for the spoofed business due to the extended identity verification procedures required to obtain such a certificate. Although a scammer could try to deceive users by obtaining an EV certificate for their own business, the green address bar would display that business name, creating a visual mismatch between the address bar and the counterfeit web site that would tip off users to the scam.
REAL-TIME VALIDITY CHECKING Nearly all web browsers support the use of the Online Certificate Status Protocol (OCSP) to enable real-time checks of EV certificate validity. OCSP allows a browser to check directly with the EV certificate’s issuing CA to confirm the validity of the EV certificate. This is done entirely online and almost instantly when the browser is first presented with the EV certificate. Real-time checking ensures that the EV certificate has not been revoked since its issuance, and provides an extra level of security. Browsers will not display the green address bar elements unless the certificate passes this real-time validity check. Most modern web browsers enable this functionality automatically when their anti-phishing features are enabled (see Figure 2). Figure 2: Enable OCSP to ensure real-time checks of EV certificate validity EV UPGRADER™ FOR WINDOWS XP An enormous number of computers continue to run Microsoft Windows XP with Internet Explorer 7 (IE7). Users of these computers may need to upgrade their computers’ root digital certificate store in order to obtain the benefits of EV certificates and enable IE7 and later to display the appropriate EV visual cues. Thawte helps users with this by providing the free EV Upgrader™, a method for automatically updating IE7 on Windows XP clients. The EV Upgrader can be installed as part of your web site, along with your EV certificate. The Upgrader triggers built-in Windows XP functions, and should normally be invisible to end users. After users have visited a site that includes the EV Upgrader, their IE7 web browser will automatically display the EV interface conventions when visiting a site protected with a Thawte EV SSL certificate.
Thawte makes it easy to include the EV Upgrader in your web site; it is integrated with the Thawte® Trusted Site Seal. Simply include the seal on your web page, and every Windows XP client running IE7 will automatically upgrade to EV capabilities when they visit your site. EV SSL Solutions from Thawte EV SSL certificates from Thawte include 256-bit, 128-bit, 56-bit, and 40-bit encryption, supporting a wide range of web browsers. Browsers automatically select the highest level of encryption they are capable of using. Thawte EV certificates are fully compliant with the CA/Browser Forum’s guidelines and requirements and Thawte passes regular audits to ensure this compliance. Useful Links You may find the following URLs to be useful: Learn more about Thawte EV SSL certificates: https://www.thawte.com/ssl-digital-certificates/extendedvalidation-ssl- ev/index.html Initiate Steps of Your e-Business with Thawte EV purchase at: https://www.rapidsslonline.com/ssl-webserver-ev.aspx If looking for deal on Thawte EV or Extended Validation SSL purchase, visit: https://www.rapidsslonline.com/sslcoupons/thawte-ssl-promotion.aspx

Recommended

Extended Validation SSL Certificates, A new standard to inspire trust, improv...
Extended Validation SSL Certificates, A new standard to inspire trust, improv...Extended Validation SSL Certificates, A new standard to inspire trust, improv...
Extended Validation SSL Certificates, A new standard to inspire trust, improv...
CheapSSLsecurity
 
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
CheapSSLsecurity
 
Identity, Security and XML Web Services
Identity, Security and XML Web ServicesIdentity, Security and XML Web Services
Identity, Security and XML Web Services
Jorgen Thelin
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
Claims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudClaims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
ijtsrd
 
Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange Labs
Melissa Miller
 

Recommended

Extended Validation SSL Certificates, A new standard to inspire trust, improv...
Extended Validation SSL Certificates, A new standard to inspire trust, improv...Extended Validation SSL Certificates, A new standard to inspire trust, improv...
Extended Validation SSL Certificates, A new standard to inspire trust, improv...
CheapSSLsecurity
 
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
Hidden Dangers Lurking in E-Commerce and Reducing Fraud with the Right SSL Ce...
CheapSSLsecurity
 
Identity, Security and XML Web Services
Identity, Security and XML Web ServicesIdentity, Security and XML Web Services
Identity, Security and XML Web Services
Jorgen Thelin
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
Claims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the CloudClaims-Based Identity, Facebook, and the Cloud
Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
Authentication through Claims-Based Authentication
Authentication through Claims-Based AuthenticationAuthentication through Claims-Based Authentication
Authentication through Claims-Based Authentication
ijtsrd
 
Luminis Iv To Exchange Labs
Luminis Iv To Exchange LabsLuminis Iv To Exchange Labs
Luminis Iv To Exchange Labs
Melissa Miller
 
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
IJCSEA Journal
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
Mobiliya
 
To Increase Downloads, Instill Trust First WP
To Increase Downloads, Instill Trust First WPTo Increase Downloads, Instill Trust First WP
To Increase Downloads, Instill Trust First WP
Sachi Sawamura
 
Info On All Certificates
Info On All CertificatesInfo On All Certificates
Info On All Certificates
Pedro Santos
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
Danny Jessee
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
Danny Jessee
 
Payment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASPayment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAAS
Wayne Akey
 
El blog en tiempos del colera: Taller de blogs basico
El blog en tiempos del colera: Taller de blogs basicoEl blog en tiempos del colera: Taller de blogs basico
El blog en tiempos del colera: Taller de blogs basico
hiperkarma
 
Taller De Blogs
Taller De BlogsTaller De Blogs
Taller De Blogs
Fernando Salinas Altemir
 
Taller de blogger
Taller de bloggerTaller de blogger
Taller de blogger
Bernabe Soto
 
Taller básico de cómo crear un Blog
Taller básico de cómo crear un BlogTaller básico de cómo crear un Blog
Taller básico de cómo crear un Blog
Evelyn Perez
 
Resumen bae bloque 3
Resumen bae bloque 3Resumen bae bloque 3
Resumen bae bloque 3
SEDIC
 
Gabriel García Márquez.Trayectoria y análisis de El amor en los tiempos del c...
Gabriel García Márquez.Trayectoria y análisis de El amor en los tiempos del c...Gabriel García Márquez.Trayectoria y análisis de El amor en los tiempos del c...
Gabriel García Márquez.Trayectoria y análisis de El amor en los tiempos del c...
Educomunicación Curso Medios como recurso didáctico
 
Taller y recursos para Blogs
Taller y recursos para BlogsTaller y recursos para Blogs
Taller y recursos para Blogs
Carlos Guadián
 
Resumen bae bloque 1
Resumen bae bloque 1Resumen bae bloque 1
Resumen bae bloque 1
SEDIC
 
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
RapidSSLOnline.com
 
All About SSL/TLS
All About SSL/TLSAll About SSL/TLS
All About SSL/TLS
RapidSSLOnline.com
 
SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web Security
HTS Hosting
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
Keynectis
 

More Related Content

What's hot

COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
IJCSEA Journal
 
To Increase Downloads, Instill Trust First WP
To Increase Downloads, Instill Trust First WPTo Increase Downloads, Instill Trust First WP
To Increase Downloads, Instill Trust First WP
Sachi Sawamura
 
Info On All Certificates
Info On All CertificatesInfo On All Certificates
Info On All Certificates
Pedro Santos
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
Hai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
Hai Nguyen
 

What's hot (10)

COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
COUNTER CHALLENGE AUTHENTICATION METHOD: A DEFEATING SOLUTION TO PHISHING ATT...
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
To Increase Downloads, Instill Trust First WP
To Increase Downloads, Instill Trust First WPTo Increase Downloads, Instill Trust First WP
To Increase Downloads, Instill Trust First WP
 
Info On All Certificates
Info On All CertificatesInfo On All Certificates
Info On All Certificates
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Payment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASPayment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAAS
 

Viewers also liked

Taller básico de cómo crear un Blog
Taller básico de cómo crear un BlogTaller básico de cómo crear un Blog
Taller básico de cómo crear un Blog
Evelyn Perez
 

Viewers also liked (8)

El blog en tiempos del colera: Taller de blogs basico
El blog en tiempos del colera: Taller de blogs basicoEl blog en tiempos del colera: Taller de blogs basico
El blog en tiempos del colera: Taller de blogs basico
 
Taller De Blogs
Taller De BlogsTaller De Blogs
Taller De Blogs
 
Taller de blogger
Taller de bloggerTaller de blogger
Taller de blogger
 
Taller básico de cómo crear un Blog
Taller básico de cómo crear un BlogTaller básico de cómo crear un Blog
Taller básico de cómo crear un Blog
 
Resumen bae bloque 3
Resumen bae bloque 3Resumen bae bloque 3
Resumen bae bloque 3
 
Gabriel García Márquez.Trayectoria y análisis de El amor en los tiempos del c...
Gabriel García Márquez.Trayectoria y análisis de El amor en los tiempos del c...Gabriel García Márquez.Trayectoria y análisis de El amor en los tiempos del c...
Gabriel García Márquez.Trayectoria y análisis de El amor en los tiempos del c...
 
Taller y recursos para Blogs
Taller y recursos para BlogsTaller y recursos para Blogs
Taller y recursos para Blogs
 
Resumen bae bloque 1
Resumen bae bloque 1Resumen bae bloque 1
Resumen bae bloque 1
 

Similar to Thawte EV SSL: A New Revolution for Trust

Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
Keynectis
 

Similar to Thawte EV SSL: A New Revolution for Trust (20)

A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
 
All About SSL/TLS
All About SSL/TLSAll About SSL/TLS
All About SSL/TLS
 
SSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web SecuritySSL Certificate: Stamp of Web Security
SSL Certificate: Stamp of Web Security
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?
 
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
Geoff Huston's presentation on DANE (Keys in the DNS) at the New Zealand Inte...
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
The Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptxThe Importance of Monitoring SSL Certificates _ Awakish.pptx
The Importance of Monitoring SSL Certificates _ Awakish.pptx
 
Reducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-CommerceReducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-Commerce
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerceWhy Green Address Bar EV SSL Certificates are Critical to E-commerce
Why Green Address Bar EV SSL Certificates are Critical to E-commerce
 
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurityComodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
Comodo: The Benefits of EV SSL Certificates - CheapSSLsecurity
 
Paid vs Free SSL Certificates: Which One Should You Pick in 2021?
Paid vs Free SSL Certificates: Which One Should You Pick in 2021?Paid vs Free SSL Certificates: Which One Should You Pick in 2021?
Paid vs Free SSL Certificates: Which One Should You Pick in 2021?
 
Extended Validation Builds Trust
Extended Validation Builds TrustExtended Validation Builds Trust
Extended Validation Builds Trust
 
Understanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdfUnderstanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdf
 
All You Need to Know About EV SSL Security
All You Need to Know About EV SSL SecurityAll You Need to Know About EV SSL Security
All You Need to Know About EV SSL Security
 
Mistakes to Avoid while Installing an SSL Certificate
Mistakes to Avoid while Installing an SSL CertificateMistakes to Avoid while Installing an SSL Certificate
Mistakes to Avoid while Installing an SSL Certificate
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Types of SSL Certificates for Every Business Need
Types of SSL Certificates for Every Business NeedTypes of SSL Certificates for Every Business Need
Types of SSL Certificates for Every Business Need
 

More from RapidSSLOnline.com

More from RapidSSLOnline.com (20)

Tackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
Tackle ERR_SSL_PROTOCOL_ERROR in Google ChromeTackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
Tackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
 
Viewing SSL Certificate in Chrome | RapidSSLonline
Viewing SSL Certificate in Chrome | RapidSSLonlineViewing SSL Certificate in Chrome | RapidSSLonline
Viewing SSL Certificate in Chrome | RapidSSLonline
 
Compare GeoTrust True BusinessID SSL Data Sheet
Compare GeoTrust True BusinessID SSL Data SheetCompare GeoTrust True BusinessID SSL Data Sheet
Compare GeoTrust True BusinessID SSL Data Sheet
 
Introducing TLS 1.3 – The future of Encryption
Introducing TLS 1.3 – The future of EncryptionIntroducing TLS 1.3 – The future of Encryption
Introducing TLS 1.3 – The future of Encryption
 
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVERGUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
 
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - SymantecCybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL Guide
 
How to Move SSL Certificate from Windows Server to Another Windows Server
How to Move SSL Certificate from Windows Server to Another Windows ServerHow to Move SSL Certificate from Windows Server to Another Windows Server
How to Move SSL Certificate from Windows Server to Another Windows Server
 
Symmetric and Asymmetric Encryption
Symmetric and Asymmetric EncryptionSymmetric and Asymmetric Encryption
Symmetric and Asymmetric Encryption
 
SSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonlineSSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonline
 
Geek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL AuthenticationGeek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL Authentication
 
Google Chrome 56 What You Need to Know?
Google Chrome 56 What You Need to Know?Google Chrome 56 What You Need to Know?
Google Chrome 56 What You Need to Know?
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates
 
5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report
 
How Does The Wildcard SSL Work?
How Does The Wildcard SSL Work?How Does The Wildcard SSL Work?
How Does The Wildcard SSL Work?
 
Uncover threats and protect your organization
Uncover threats and protect your organizationUncover threats and protect your organization
Uncover threats and protect your organization
 
A New Zero-Day Vulnerability Discovered Every Week in 2015
A New Zero-Day Vulnerability Discovered Every Week in 2015A New Zero-Day Vulnerability Discovered Every Week in 2015
A New Zero-Day Vulnerability Discovered Every Week in 2015
 
Symantec 2016 Security Predictions - Looking ahead
Symantec 2016 Security Predictions - Looking aheadSymantec 2016 Security Predictions - Looking ahead
Symantec 2016 Security Predictions - Looking ahead
 
STRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDSSTRONG AUTHENTICATION ... NO PASSWORDS
STRONG AUTHENTICATION ... NO PASSWORDS
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Thawte EV SSL: A New Revolution for Trust

  • 1. Thawte EV SSL: A New Revolution for Trust RAPIDSSLONLINE IS A LEADING PLATINUM PARTNER COMPANY OF THAWTE Jim Armstrong
  • 2. Thawte Extended Validation SSL Certificates: A New Revolution for Trust & Confidence Many consumers have reservations about trusting web sites, which impacts their willingness to complete e-commerce transactions, financial transactions with their banks, and other tasks involving transmission of sensitive information. The growing frequency of web site scams – such as phishing and pharming – creates an atmosphere of fear and uncertainty. In a 2006 report, Gartner estimates that more than 41% of U.S. adults received phishing emails, 46% changed their purchasing and online behaviors as a direct result of security concerns, and 10% reduced their online spending by at least 50%. As a result, nearly $2 billion may have been lost in sales – all due to consumer concerns over security. When SSL was originally conceived, the Internet was a simpler place; a web site either did or did not need the encryption and authentication that an SSL digital certificate provided. Today’s security needs are more granular. For example, some web sites simply need basic encryption to protect site user names and password; other sites need to handle extremely sensitive personal information and need stronger encryption as well as in-depth web site owner identity verification. Certification Authorities (CAs), such as Thawte, have refined their product offerings to meet these differing objectives. For example, web sites requiring only basic encryption and minimal identity verification can opt for a less
  • 3. expensive, rapidly issued Thawte® SSL123 Certificate domain validation certificate. At the other end of the spectrum, Thawte offers the highly-trusted Extended Validation (EV) SSL certificate for web sites that handle extremely personal and sensitive data. The EV certificate standard was developed by the CA/Browser Forum, an independent industry group, which also developed auditing guidelines to define and control the procedures used to validate and issue these certificates. When an EV certificate is in use, web browsers provide enhanced visual cues, making it clearer for consumers to determine with whom they are dealing, and whether the connection is secure. The latest version of every major web browser supports EV certificates, and most top e-commerce and banking web sites rely on EV certificates to more effectively achieve a higher level of trust from their customers. Who Do You Trust? The two primary purposes of an SSL certificate are to: • Authenticate that a company’s web site is valid • Encrypt communications between the web server and the customer’s web browser Any digital certificate – with its public and private key pair – could conceivably be used to achieve encryption. The trust aspect of an SSL certificate comes from the identity verification procedures used by the CA that issues the certificate. It is the CA’s responsibility to determine who actually owns the domain for which the SSL certificate will be used, and to ensure that the site owner is a legitimate business
  • 4. entity worthy of trust. An SSL connection should, then, help consumers develop trust: When on a phishing web site (a malicious site that masquerades as a legitimate site), consumers would not be able to establish an SSL connection, or would be able to examine the SSL certificate and see that the business they were dealing with is not the one they expected. However, traditional SSL certificates have, over time, fallen short of meeting these requirements in certain situations. The Problems with Traditional SSL It has always been relatively easy to counterfeit an online business. In 1995, when SSL certificates were created, web scams were few and far between. A traditional SSL certificate provided the security and reassurance people needed. There were few, if any, web sites attempting to deliberately counterfeit legitimate business web sites. Simply having the lock icon appear in your web browser – a sign that an SSL connection had been created – was enough reassurance for most consumers. Times have changed. Web scams are more sophisticated, and scammers often obtain SSL certificates that include only validation of the web site domain name – not the identity of the scammers or their business. As a result, counterfeit web sites can offer consumers an SSL connection, limited as it might be. Consumers see the lock icon, believe the site is legitimate, and proceed in using the counterfeit site. Consumers could examine the certificate from within their browser, but few users are technically sophisticated enough to realize that they should do so. Some scammers even obtain full SSL certificates from less stringent CAs, meaning the scammers can obtain digital certificates attesting to an incorrect identity. In these instances, even a knowledgeable consumer who examines the SSL certificate presented by the site might well be fooled. EV certificates seek to address and resolve this problem.
  • 5. EV SSL Because EV is a joint effort between CAs and browser vendors, it offers two distinct advantages over traditional SSL certificates: • The EV browser does a better job of raising certificate visibility within the browser’s user interface (UI) • The CAs permitted to issue EV certificates conduct more thorough identity verification of certificate requestors The CA/Browser Forum consists of more than 20 browser manufacturers, CAs, and WebTrust authors along with the American Bar Association’s Information Security Committee (ABA-ISC). The standard is under continual development to help combat evolving forms of online fraud. The EV certificate issuance guidelines define a set of best practices and standards that must be followed by CAs who issue EV certificates, and CAs must pass regular, independent audits of their processes to prove that they follow those guidelines and are worthy of issuing EV SSL certificates. Technologically, an EV certificate functions like a traditional SSL certificate, even in older browsers that do not explicitly support the EV standard. Newer browsers, however, recognize key elements of the EV certificate, which permits those browsers to display extended UI cues that bring critical security and trust information to the forefront of the user experience. User Experience Improvements A key aspect of the EV standard is enabling web browsers to do a better job of communicating identity and trust-related information to the end user. The EV standard details a number of best practices to help improve the user experience.
  • 6. GREEN MEANS TRUSTED Chief amongst the user experience improvements is the guideline that EV certificates visually change the browser’s address bar in some way, utilizing the color green – globally recognized as a “safe” or “proceed” color – to indicate the presence of a valid EV certificate. Different browsers implement this guideline in different ways, but all utilize the color green. All display the business name, not the web site domain name, of the entity to which the EV certificate was issued (see Figure 1). Browsers may also toggle the business name with the name of the CA who issued the EV certificate, clearly communicating to web users the company who is attesting to the business’ identity. Figure 1: Visual cues enable users to recognize an EV certificate is in use. Counterfeit web sites cannot display the green address bar when using a traditional SSL certificate and a counterfeit web site would be unable to obtain a valid EV certificate for the spoofed business due to the extended identity verification procedures required to obtain such a certificate. Although a scammer could try to deceive users by obtaining an EV certificate for their own business, the green address bar would display that business name, creating a visual mismatch between the address bar and the counterfeit web site that would tip off users to the scam.
  • 7. REAL-TIME VALIDITY CHECKING Nearly all web browsers support the use of the Online Certificate Status Protocol (OCSP) to enable real-time checks of EV certificate validity. OCSP allows a browser to check directly with the EV certificate’s issuing CA to confirm the validity of the EV certificate. This is done entirely online and almost instantly when the browser is first presented with the EV certificate. Real-time checking ensures that the EV certificate has not been revoked since its issuance, and provides an extra level of security. Browsers will not display the green address bar elements unless the certificate passes this real-time validity check. Most modern web browsers enable this functionality automatically when their anti-phishing features are enabled (see Figure 2). Figure 2: Enable OCSP to ensure real-time checks of EV certificate validity EV UPGRADER™ FOR WINDOWS XP An enormous number of computers continue to run Microsoft Windows XP with Internet Explorer 7 (IE7). Users of these computers may need to upgrade their computers’ root digital certificate store in order to obtain the benefits of EV certificates and enable IE7 and later to display the appropriate EV visual cues. Thawte helps users with this by providing the free EV Upgrader™, a method for automatically updating IE7 on Windows XP clients. The EV Upgrader can be installed as part of your web site, along with your EV certificate. The Upgrader triggers built-in Windows XP functions, and should normally be invisible to end users. After users have visited a site that includes the EV Upgrader, their IE7 web browser will automatically display the EV interface conventions when visiting a site protected with a Thawte EV SSL certificate.
  • 8. Thawte makes it easy to include the EV Upgrader in your web site; it is integrated with the Thawte® Trusted Site Seal. Simply include the seal on your web page, and every Windows XP client running IE7 will automatically upgrade to EV capabilities when they visit your site. EV SSL Solutions from Thawte EV SSL certificates from Thawte include 256-bit, 128-bit, 56-bit, and 40-bit encryption, supporting a wide range of web browsers. Browsers automatically select the highest level of encryption they are capable of using. Thawte EV certificates are fully compliant with the CA/Browser Forum’s guidelines and requirements and Thawte passes regular audits to ensure this compliance. Useful Links You may find the following URLs to be useful: Learn more about Thawte EV SSL certificates: https://www.thawte.com/ssl-digital-certificates/extendedvalidation-ssl- ev/index.html Initiate Steps of Your e-Business with Thawte EV purchase at: https://www.rapidsslonline.com/ssl-webserver-ev.aspx If looking for deal on Thawte EV or Extended Validation SSL purchase, visit: https://www.rapidsslonline.com/sslcoupons/thawte-ssl-promotion.aspx