BSPlink and Security




 

To protect your information and the integrity of ours, we use an industry-standard security protocol called Secure Sockets Layer (SSL). Use of this technology encrypts any and all sensitive information communicated between you and BSPlink web site.

This security protocol is widely used in such areas as Internet banking and when Credit Card details are provided over the Internet.

When Netscape introduced SSL (secure-sockets layer) in 1995, it paved the way for online information security. SSL is essentially an encryption technology that scrambles a message so that only the intended recipient can read it. Web addresses that begin with "https://" are using SSL to protect information (think of the "s" as meaning "secure").

To anyone without the "key", any intercepted information would only read as useless gibberish.

The digital ID (aka an authentication certificate) is like an online passport or driver's license. It's essentially a form of identification that confirms that you are who you say you are, and that we are who we say we are.

Encryption is essentially a secret code that prevents others from reading your messages. The elements of an encryption system are the plaintext, the cryptographic algorithm, the key, and the ciphertext.

The plaintext is the actual message or data that is to be encrypted. The cryptographic algorithm is a mathematical set of rules that defines how the plaintext is to be combined with a key. The key is a string of digits, and the ciphertext is the resulting encrypted message.

These terms are probably best illustrated with a very simple example. If you take the phrase "Computer" and add 3 characters to each letter, the phrase becomes "frpsxwhu".

In this situation:

"Computer" is the plaintext
"add 3 characters to each letter" is the cryptographic algorithm, "3" is the key
"frpsxwhu" is the ciphertext.

Here in detail are the steps taken during an SSL transaction:

You send our server a request for documents to be transmitted using the "https://" protocol.
Our server sends its certificate to your computer.
Your computer then checks to see if the certificate is verified by a trusted source.
Your computer compares the information in the certificate with the information it received (the domain name and key). If this information is a match, your computer accepts our site as authenticated.
Your computer tells our server what ciphers (encryption algorithms) it can communicate with.
Our server chooses the strongest common cipher and informs your computer of its choice.
Your computer generates a key using the agreed upon cipher.
Your computer then encrypts the key and sends it back to our server.
Our server receives the encrypted key and decrypts it.
Your computer and our server then use the key for the life of the transaction.

As you can probably tell from the above example, securing information through SSL takes time. Therefore, you may notice that pages don't load as quickly as they would without the security.