Server-GatedCryptographyPROVIDINGBETTERSECURITYFORMOREUSERS2Server-GatedCryptographyForwardThinking.
.
.
Withthewidespreadglobaladoptionofwirelesstechnologies,hundredsofmillionsofpeoplelivingdevelopingcountriesareloggingontotheinternetforthefirsttime.
Whilemanywillbedoingsowithnewcomputers,stillmanymorewillnodoubtberelyingonoutdatedsoftwaretosurftheWWW.
Manyofthemwillbenaveaboutthedangersthatlieandwaitincyberspace.
Astheenablersofsecureandglobalelectroniccommerceitisourdutytohelpcompaniesempowerandprotectthesenewcitizensoftheinternet.
Ifourtechnology,trustedservicesandproductscanhelpyoutoprotectevenoneuser,letalonethetensofmillionswhorequiresuchassistance,thenwehavedoneourduty.
ThisiswhatSGC-enabledSSLcertificatesareintendedtodo.
OverviewThisguidewillhelpyoutounderstandhowSGC-enabledSSLcertificatesworkandwhytheyaredifferentfromothercertificates,whythetechnologywasfirstintroducedinthelate90s,andwhythistechnologyremainsasrelevanttodayasitwasbackthen.
E-commercebusinessesusingServer-GatedCryptography-enabledSSLcertificatescanhelpassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
Thisisnotoneperson'sororganization'sopinion.
Thisisafact-provenbytheYankeeGroupwhoconductedexhaustiveindependenttests(368tobeexact!
)toarriveatthisconclusion(1).
SGCtechnologymayhaveoriginatedinthelate90sbutitremainsasrelevanttodayasitdidwhenitwasfirstintroducedmorethansixyearsago.
Thewidespreadgrowthofbroadbandglobally(2)willnecessitatetheuseoftechnologiesthatareforwardthinkingandproactive.
SGCissuchatechnologybecause,unlikeotherSSLcertificatesthatrelyontheuser'sbrowserbeingabletomatchaserver'sciphersuite,SGChelpsusersattainmoresecureconnectionbyactuallysteppingupsomeusers'browsersinspecificsituations.
TheYankeeGroup'sstudyveryboldlyconcluded,"SGC-enabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thisdifferencemeanstensofmillionsmoreinternetusersworldwidewouldget128-bitencryptionorhigherifalle-commercevendorsusedSGC-enabledcertificates.
"(1)Thefactthat75%ofUSbusinesses(3)believethatathreatfromunprotectedsystemsindevelopingcountriesposeagrowingthreattotheirdigitalsecurity,strengthenstheargumentsupportingusingproactivetechnologieslikeSGC-enabledSSLcertificates.
Theinternethasgivencompaniesacost-effectiveandextremelypowerfulmediumtoconnectwithcustomersanywhereintheworld.
Broadbandismakingitpossibleformorepeoplefromeverycorneroftheglobetogoshoppingincybermalls,unrestrictedbytimeandgeography.
Thesegreatnewopportunitiesthatawaite-businesseswhowanttoexpandgloballywilldemandproactivesecuritytoprotectboththee-businessresourcesanddatabases,aswellasprovideprotectionfornewcustomerswhomayberelyingonoutdatedsoftwaretoexploretheinternet.
1.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptography-TheYankeeGroup,September20052.
WorldBroadbandStatistics:Q32005-PointTopicLtd.
20053.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March20063AnArgumentforProactiveSecurityTheinternetistheembodimentofglobalization–itsgrowthfueledbythewidespreadglobaladoptionoffaster,always-onbroadbandADSLandwirelessservice,theglobalexpansionofmultinationalsandtheirmobilizedarmyofworkerswhotradeinformationanywhereandanytime.
Withtheinternet'sgrowthcomesanewopportunityformanysmallandlargebusinessesthatarenowabletotradefromalocationinonecorneroftheglobe,withanyonewhoisabletoaccesstheirwebsiteandmakecreditcardpayments.
Internetandelectronictradingknowsnotimeandhasnoborders.
But,asmanycompaniesreadythemselvesfortheonslaughtofnewcustomerscomingfromthefourcornersoftheglobe,securityexpertsareexpressingcaution.
Infact,manyUSbusinessesarealsoexpressingcautionandconcern.
InarecentsurveyconductedbyIBM(1)asmanyas75%oftheparticipatingcompaniesexpressedconcernforthegrowingcybercrimethreatthatwillcomefrommanyunprotectedcomputersinthedevelopingworld.
OutdatedsoftwareandunprotectedsystemsarearealthreatastheadoptionrateofbroadbandservicesstabilizesintheUSanddeclinesinAsia,whiletheMiddleEastandAfricaareshowingthehighestnewconnectionratesintheworldfortheseservices.
Whilemanycompaniesarerushingtocapitalizeonrapidglobalgrowthofbroadbandconnection,companiesmustheedthewarningsofmanyexpertswhoarecallingforproactivesecuritythatservestonotonlyprotectthevendor,butalso"thinks"fortheuserhelpingthemtoattainthebestpossiblesecurity.
Proactivesecuritywillnotonlycreateamoresecuredigitalenvironmentforeveryone,butitwillalsohelptobuildtrustamongstthemanynewusersoftheinternet.
Trustwillbuildconfidenceandconfidenceisgoodforbusiness.
Server-GatedCryptography:MakingtheDigitalWorldaMoreSecureSpace(1)Inthe1990s,theUSgovernmentimposedrestrictionsonexportingstrongcryptographytoothercountries.
TherestrictionmeantthatsoftwarethatimplementSSL,suchaswebbrowsers,operatingsystemsandwebservershadtolimitencryptiontoweakalgorithmsandshorterkeylengthsifitwasexportedoutsidetheUnitedStates.
Lawmakersincludedanexceptionforfinancialtransactionstoensurethatcustomersworldwidecouldsafelytransactonlineusingstrongencryption.
SGCwascreatedasanextensiontoSSLforconsumerswithexportversionsofwebbrowsersoftwaretousestrongcryptographyforfinancialtransactions.
USexportlawswereupheldbyissuingSGCcertificatesonlytoeligiblefinancialinstitutions,creatinganenforcementpointattheserverwithoutanyimpacttotheclient.
Therestrictionsonexportofstrongencryptionhavesincebeenrelaxed,andnowSGCcertificatesmaybeissuedtoanyinstitution.
RestrictionsonencryptionareevidentinolderversionsofWindows2000runningInternetExplorerthatarestillinuse.
Consumersande-commercevendors,particularlythoseoutsidetheUnitedStates,arestillusingweakencryption,despitethefactthatsafer,strongeralternativesareavailable.
AlthoughnewerversionsofWindows2000providethesefeatures,millionsstilluseoldversions.
Userswhoarestillusingcertainolderbrowserversionsthatonlyprovideweak40-bitor56-bitencryptioncangainfull-strength128-bitencryptionwhenconductingbusinesswithSGC-enabledwebsites.
WithSGC,browserandoperatingsystemversions-whetherexportsordomestic-thatwouldotherwiseconnectwithweakencryptionareaffordedmuchstrongersecurity.
Untilolderversionsofbrowserandoperatingsystemsdisappearcompletely,SGCcertificatescanprotectthisportionoftheuserpopulation.
1.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March2006Alsosee:Stronggetsstronger-256-bitencryption(Appendix2)1.
AnextractfromTheYankeeGrouppaperentitledBuildingBlocksofTransparentWebSecurity:Server-GatedCryptography,September2005)4HowanSGC-EnabledSSLCertificateWorksTounderstandhowanSGC-enabledSSLsessiondiffersfromotherSSLsessions,wefirstneedtoexplainhowanormalSSLsessionworks.
AsimplifiedSSLsessionlookslikethis:1.
theclient/browsersendstheserveralistofsupportedciphers2.
theserverchoosesacipherandsendsthatcipheralongwithitscertificatebacktotheclient/browser3.
theclient/browserverifiestheserver'scertificateandextractstheserver'spublickey4.
theclient/browserencryptsasecretusingtheserver'spublickeyandsendsittotheserver5.
theserverdecryptsthesecretusingitsprivatekey.
Atthispointtheclient/browserandserverbothsharethesecretandcanbeconfidentthatnooneelseknowsit.
Theclient/browserandservercannowusethissecretandthechosenciphertohaveasecureconversation.
ThisisaverysimplifiedexplanationofaSSLhandshake.
WithSGCbasicallywhathappensiswhentheclient/browserreceivestheserver'scertificate(step3),theclientdiscoversthattheserverhasaSGC-enabledSSLcertificatetheclient/browserwillperformanewhandshake(oncethecurrenthandshakeisfinished)usingacompletelistofalltheciphersbeingsupportedincludingthestrong128-bitencryption,thusupgradingthecurrentsessiontostrongcryptography.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptographybytheYankeeGroup,September2005SecureSocketsLayer(SSL)isthedefactostandardforsecuringe-commercetransactions.
SSLencryptspersonalinformationsuchascreditcardnumbers,socialsecuritynumbers,passwords,namesandaddressessenttoane-commercevendorviaitswebsite.
Therefore,SSLisacriticalcomponentintheprotectionofconsumerprivacyandanecessitytoreducetherisksoffraudandidentitytheft.
YankeeGroupresearchshowsthatbetween1%and2%ofe-commercetransactionsarerelatedtofraud.
Lossestotaling$2billionin2004aregrowingatthesameratease-commercerevenueanderodingconsumerconfidence.
SSLencryptionisakeycomponentinprotectingconsumers'onlinetransactions.
Itstransparencytouserswillbeacriticalfactorinreducingfraud.
SSLlackstransparencyinakeyarea:thestrengthofencryptionusedforagivensession.
Browsers,webserversandoperatingsystemsallplayaroleindeterminingthelevelofencryptionused:40bit,56bitor128bit.
SomePCsystemscan'ttakeadvantageoffull128-bitSSLencryption.
Server-gatedcryptography(SGC)-enabledcertificatesaddressthisissue.
E-commercewebsitesusingSGCcanassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
AspecialstudydonebyTheYankeeGrouptestedbothSGC–andnon-SGC-enabledcertificatesin92commonenvironmentstodetermineunderwhatconditionsusersbenefitfromstrongencryption.
TheYankeeGroup'sconclusion–"ThenumberofpeoplestillsubjecttoweakencryptionbecausetheyareusingolderversionsofWindowsandInternetExplorerisinthetensofmillions.
UsersrunningtheWindows2000operatingsystemwithoutServicePack4orthehigh-encryptionpackaremostlikelytobeaffected.
5"TestedbrowsersreleasedearlierthanMarch2000alsoreturnhigherratesofconnectionatlowencryptionlevels.
OurtestingresultsshowthatwhenusingSGCcertificates,virtuallyallcombinationsofWindowsoperatingsystem,InternetExplorerandserverareabletostepupto128-bitencryption.
Wide-scaledeploymentofSGC-enabledSSLcertificateswouldreducetheactualnumberofusersexposedbyweakerencryptiondramaticallyandmakeitpossibleforvirtuallyeveryinternetusertoenjoytheprotectionof128bitorstrongerencryption.
"IsThawte'sSGCSuperCertCertificateRightforMyBusinessWiththewidespreadglobaladoptionofbroadbandinternet,manye-commercebusinessesareconsideringexpandingtheirservicesintonewterritories.
However,beforeyourushintoopeningyourcyberdoorstothesenewrevenueopportunities,considerthemanynewchallengesthesenewcustomerscouldposetoyourbusiness.
Manyofthesenewcustomerscouldposeasecurityrisktoyourbusiness.
ManymillionsofPCusersstillrelyonoldersoftwarelikeWindows2000systemsthathavenotbeenupdatedwiththelatestservicepacks.
Theseusersmayonlybeabletoconnecttoyoursecuree-commercewebsiteusingweak40and56-bitencryption,exposingnotonlythemselvesbutalsoyourbusinesstounnecessarysecurityrisks.
Toprotectinternetfinancialtransactions,expertsrecommendthataminimumof128-bitencryptionbeused.
SGC-enabledSSLcertificates,likeourSGCSuperCerts,aretheonlySSLcertificatesthathavetheuniqueabilitytostepupencryptionstrengthfromtheweakencryptiontothemuchstronger128-bitencryption.
InanindependentstudyconductedbytheYankeeGroupinSeptember2005itwasshownthatSGCenabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thedifferencemeanstensofmillionsmoreusersworldwidewouldget128-bitencryption,ifalle-commercebusinessesusedSGC.
256-bitencryptioncanbeachievediftheuser'sbrowsercapabilityandtheciphersuiteinstalledonthewebserverareboth256-bitcompatible.
ThawteSGCSuperCertsprovide:Ahigherstrengthofencryptionforcertainolderversionsofexportbrowsers.
Confidenceintheintegrityandsecurityofyouronlinebusinessandnetworkinfrastructure.
CustomersarebecomingincreasinglyawareoftheadvantagesofSSLsecurityandwilloftennotpurchaseonlinefromnon-securestores.
AllmajorwebmerchantsuseSSLsecuritybackedbystrongwarrantiestoencouragecustomerstobuyonline.
Interoperabilityandsupportforstandardapplicationsandbrowsers,suchasMicrosoftInternetExplorerandNetscapeCommunicator.
Non-forgeableproofofyourwebsiteidentity.
Easeofuse.
ASGCSuperCertisastand-alonesolutionthatrequiresnoinstallationofextrasoftwareontheserverorthebrowser.
Peace-of-mindforthoseconductinginternationalonlinebusiness,knowingthatyourbusinessisforwardthinkingandproactiveinitsattitudeconcerningthesecurityofitscustomers.
TheValueofAuthenticationInformationisacriticalassettoyourbusiness.
Toensuretheintegrityandsafetyofyourinformation,itisimportanttoidentifywithwhomyouaredealing,andthedatayouarereceivingistrustworthy.
Authenticationcanhelpestablishtrustbetweenpartiesinvolvedinalltypesoftransactionsbyaddressingauniquesetofsecurityissuesincluding:SPOOFING:Thelowcostofwebsitedesignandtheeasewithwhichexistingpagescanbecopiedmakesitalltooeasytocreateillegitimatewebsitesthatappeartobepublishedbyestablishedorganizations.
Infact,conartistshaveillegallyobtainedcreditcardnumbersbysettingupprofessionallookingstorefrontsthatmimiclegitimatebusinesses.
6UNAUTHORIZEDACTION:Acompetitorordisgruntledcustomercanalteryourwebsitesothatitmalfunctionsorrefusestoservicepotentialclients.
UNAUTHORIZEDDISCLOSURE:Whentransactioninformationistransmitted"intheclear",hackerscaninterceptthetransmissionstoobtainsensitiveinformationfromyourcustomers.
DATAALTERATION:Thecontentofatransactioncanbeinterceptedandalteredenroute,eithermaliciouslyoraccidentally.
Usernames,creditcardnumbersandcurrencyamountssent"intheclear"areallvulnerabletoalteration.
UsefulURL'sFormoredetailonthawte'sSGCSuperCerts,pleasevisit:http://www.
thawte.
com/sgc/index.
htmlLearnmoreaboutSGCSuperCerts:http://www.
thawte.
com/ssl/sgc-supercerts-ssl-certificates/21-DayFreeTrialSSLCertificatehttps://www.
thawte.
com/ucgi/gothawte.
cgia=w62240062237049007BuySGCSuperCerts:http://www.
thawte.
com/buyAppendix:Why128-BitisStrongerthan40and56-BitEncryptionUnderstandingCryptographicStrengthCryptographicstrengthisexpressedinkeylengthorbitlength.
Keyscomeinavarietyoflengths(e.
g.
40-bit,56-bitand128-bit).
Assuminganinherentstrengthintheencryptionalgorithm,alongerkey/bitlengthwillmakeithardertocrackanencryptedmessage.
Werefertobitlengthasthisspecifiesthenumberofbitsrequiredtowritethenumberofpossiblekeysinbinary.
Keylengthshaveincreaseovertimetocounteractadvancesincomputingpowerwhichmakethecrackingofencryptedmessageseasier.
KeyLengthApproximateNumberofKeys40-bit1,099,511,627,77656-bit72,057,594,037,927,900128-bit340,282,366,920,938,000,000,000,000,000,000,000,000Consumersande-commercevendorsoftenviewencryptionastoocomplexfortheaveragehackertoexploit.
Surelyanysortofencryptionprovidesenoughsecuritytodoonlinebankingandshopping,rightUnfortunately,theanswerisno.
Low-levelencryption,using56bitsorless,isuniversallydeemedtooweakforsafefinancialtransactions.
Withthecomputingpoweravailabletoday,it'snotcostprohibitiveforhackerstoattack56-bitencryptionusingbruteforce,whichinvolvestryingeverypossiblekeycombinationuntiltheyfindtheonethatconvertsciphertextintoplaintext.
Thedifferenceinsecuritybetween40bit,56bitand128bitissignificant.
Theprogressmadeincomputingtechnologymeansthatweakerencryptionusing40-bitor56-bitkeyscanbeattackedbybruteforceandbrokeninamatterofhoursusinganaverage-speedPC.
Asrecentlyas1997,thesameexercisewouldhavetakendaysandrequiredtheeffortofmultiplecomputersandpeople.
Atcurrentcomputingspeeds,128-bitencryptionwilltakemorethanatrillionyearstoattackusingbruteforce,anobstaclethatwoulddeteranyfinanciallymotivatedattacker.
Bycontrast,breakingshorter40-bitor56-bitencryptedsessionsisarelativelysmallinvestmentforattackersharvestingpersonalinformation.
ThereisacommonmisconceptionthatdigitalcertificatesdeterminethestrengthofencryptionandthisisreinforcedbymanyCertificationAuthoritiesthatreferto40-bitor128-bitcertificates.
Itisimportanttounderstandthatencryptionstrengthisnormallydeterminedbynegotiationbetweenthebrowser,operatingsystemandawebserverbeforeasecuresessionisestablished.
72013Thawte,Inc.
Allrightsreserved.
Thawte,thethawtelogo,andothertrademarks,servicemarks,anddesignsareregisteredorunregisteredtrademarksofThawte,Inc.
anditssubsidiariesandafliatesintheUnitedStatesandinforeigncountries.
Allothertrademarksarepropertyoftheirrespectiveowners.
OnlydigitalcertificatesenabledwithSGCtechnologyarecapableofinfluencingtheencryptionstrengthofasessionbeyondwhatisagreedbetweenthebrowser,operatingsystemandserver(morethislater).
StrongGetsStronger-256-BitEncryptionAlthoughencryptionstrengthisdependentonthenatureofthebrowseraswellasthesoftwareonthewebservertowhichthebrowserisconnecting,256-bitencryptionisthehighestlevelofencryptioncurrentlypossible.
Whilesomebrowserssupportthislevelofencryption,thisdoesnotguaranteethatasecureinternetsessionwilloccuratthislevel.
Thelevelofencryptionusedtosecureaninternetconnectiondependsontwofactors-firstlythecapacityoftheciphersuiteinstalledonthewebserverbeingaccessed,andsecondlythecapabilityofthewebbrowserbeingusedtoestablishtheconnection.
Aciphersuiteisessentiallyanencryptionalgorithm,whichawebserverwillusetonegotiateanencryptedinternetsession.
Toestablisha256-bitencryptionsessiontheciphersuitemustbecapableofdeliveringthislevelofencryption.
Theencryptionlevelthatwillbeusedtoestablishasecureinternetconnectionisdeterminedthroughanegotiationthatoccurswhentheinternetbrowserandwebserverperformtheirhandshake.
Duringthishandshakesessiontheinternetbrowsersendsitslistofciphersuitestothewebserver,whichtheserverusestodeterminethehighestorstrongestencryptionthatcanbeusedfortheencryptedsession.
Differentbrowseranddifferentbrowserversionwillofferdifferentlevelsofencryption.
Some(olderversionsofNetscapeandInternetExplorer)willevenberestrictedtoofferingonlyweakencryption,unlesstheyareconnectingtoserversusingServer-GatedCryptographyenabledSSLcertificate.
So,dependingonthebrowser'svendorandversion,somewillonlybecapableofencryptingat40or56-bitencryption,whilemorerecentbrowserversionsarecapableof128andeven256-bitencryption.
Anothergroupofbrowserswillonlybecapableof40or56-bitencryptionuntilithasbeenestablishedthattheserverinvolvedhasanSGC-enabledSSLcertificateinstalled.
Thesebrowserswillthenbecapable,withhelpfromtheserver,of128-bitencryption.
Notallciphersuitesarethesameeither.
OnlynewerciphersuitessuchasAdvancedEncryptionStandardarecapableofmanaging256-bitencryptionrates.
HowCanyouEstablishWhen256-BitEncryptionWillbeUsedWhenConnectingtoaSecureServerFirstly,ensurethatthebrowseryouareusingis256-bitencryptioncapable.
Secondly,checkwiththeserveradministratoriftheserveronwhichthewebsiteishostedhasa256-bitciphersuiteinstalled.
Whenbothcriteriahavebeenmetyoushouldbeestablishinga256-bitencryptionsecureconnectionwiththatwebsite.
Thiscaneasilybeverifiedbyhoveringyourmousecursorovertheinternetbrowser'sclosedpadlock.
Viaphone––UStoll-free:+18884842983––UK:+442034505486––SouthAfrica:+27218192800––Germany:+4969380789081––France:+33157324268Emailsales@thawte.
comVisitourwebsiteathttps://www.
thawte.
com/log-inTolearnmore,contactoursalesadvisors:Protectyourbusinessandtranslatetrusttoyourcustomerswithhigh-assurancedigitalcertificatesfromThawte,theworld'sfirstinternationalspecialistinonlinesecurity.
Backedbya17-yeartrackrecordofstabilityandreliability,aproveninfrastructure,andworld-classcustomersupport,Thawteistheinternationalpartnerofchoiceforbusinessesworldwide.
博鳌云是一家以海外互联网基础业务为主的高新技术企业,运营全球高品质数据中心业务。自2008年开始为用户提供服务,距今11年,在国人商家中来说非常老牌。致力于为中国用户提供域名注册(国外接口)、免费虚拟主机、香港虚拟主机、VPS云主机和香港、台湾、马来西亚等地服务器租用服务,各类网络应用解決方案等领域的专业网络数据服务。商家支持支付宝、微信、银行转账等付款方式。目前香港有一款特价独立服务器正在促销,...
Digital-VM商家的暑期活动促销,这个商家提供有多个数据中心独立服务器、VPS主机产品。最低配置月付80美元,支持带宽、流量和IP的自定义配置。Digital-VM,是2019年新成立的商家,主要从事日本东京、新加坡、美国洛杉矶、荷兰阿姆斯特丹、西班牙马德里、挪威奥斯陆、丹麦哥本哈根数据中心的KVM架构VPS产品销售,分为大硬盘型(1Gbps带宽端口、分配较大的硬盘)和大带宽型(10Gbps...
舍利云怎么样?舍利云推出了6核16G超大带宽316G高性能SSD和CPU,支持全球范围,原价516,折后价200元一月。原价80美元,现价30美元,支持地区:日本,新加坡,荷兰,法国,英国,澳大利亚,加拿大,韩国,美国纽约,美国硅谷,美国洛杉矶,美国亚特兰大,美国迈阿密州,美国西雅图,美国芝加哥,美国达拉斯。舍利云是vps云服务器的销售商家,其产品主要的特色是适合seo和建站,性价比方面非常不错,...
500InternalServerError为你推荐
支付apple支持ipadphotoshop技术ps是一种什么技术??????勒索病毒win7补丁怎么删除 防勒索病毒 打的补丁127.0.0.1传奇服务器非法网关连接: 127.0.0.1tcpip上的netbiostcpip上的netbios是什么用的,有安全隐患吗?开启还是关上win7telnet怎样在win7下打开telnet 命令用itunes备份如何用iTunes备份iPhone数据iphonewifi苹果手机怎么wi-fi共享kb4012598win7怎么查看电脑是否安装了 ms17 010
域名申请 enzu 分销主机 网络星期一 免费cdn加速 表格样式 iis安装教程 万网优惠券 服务器怎么绑定域名 免费网络电视 新天域互联 百兆独享 183是联通还是移动 域名评估 lol台服官网 最好的qq空间 metalink 免费dns解析 网站在线扫描 国外视频网站有哪些 更多