Provide Security with Public Keys to Keep Your Online Business Safe

By Greg Holden

Computers use encoding and decoding to protect your online business information exchanged on the Internet. The schemes used online are far more complex, so the more help protecting your info, the better.

The keys to public-key/private-key encryption

Terms like SSL and encryption might make you want to reach for the remote. But don’t be too quick to switch channels. SSL is making it safer to do business online and boosting the trust of potential customers. And anything that makes shoppers more likely to spend money online is something you need to know about.

The term encryption is the process of encoding data, especially sensitive data, such as credit card numbers. Information is encrypted by means of complex mathematical formulas — algorithms. Such a formula may transform a simple-looking bit of information into a huge block of seemingly incomprehensible numbers, letters, and characters. Only someone who has the right formula, called a key (which is a complex mass of encoded data), can decode the gobbledygook.

Here’s a very simple example. Suppose that your credit card number is 12345, and you encode it by using an encryption formula into something like the following: 1aFgHx203gX4gLu5cy.

In practice, the encoded numbers that are generated by encryption routines and transmitted on the Internet are very large. They vary in size depending on the relative strength (or uncrackability) of the security method used. Some methods generate keys that consist of 128 bits of data; a data bit is a single unit of digital information. These formulas are 128-bit keys.

Encryption is the cornerstone of security on the Internet. The most widely used security schemes, such as the Secure Sockets Layer (SSL) protocol, the Secure Electronic Transactions (SET) protocol, and Pretty Good Privacy (PGP), all use some form of encryption.

How to get a certificate

On the Internet, how do you know people are who they say they are? The solution in the online world is to obtain a personal certificate that you can send to website visitors or append to your e-mail messages.

How certificates work

A certificate, which is also sometimes dubbed a Digital ID, is an electronic document issued by a certification authority (CA). The certificate contains the owner’s personal information as well as a public key that can be exchanged with others online. The public key is generated by the owner’s private key, which the owner obtains during the process of applying for the certificate.

In issuing the certificate, the CA takes responsibility for saying that the owner of the document is the same as the person actually identified on the certificate. Although the public key helps establish the owner’s identity, certificates do require you to put a level of trust in the agency that issues it.

A certificate assures your customers that you’re the person you say you are, plus it protects your e-mail communications by enabling you to encrypt them.

How to obtain a certificate from VeriSign

Considering how important a role certificates play in online security, obtaining one is remarkably easy. You do so by applying and paying a licensing fee to a CA. One of the most popular CAs is VeriSign, Inc., now part of Symantec, which lets you apply for a certificate called a Class 1 Digital ID.

A Class 1 Digital ID is only useful for securing personal communications. As an e-commerce website owner, you may want a business-class certificate called a 128-bit SSL Global Server ID. This form of Digital ID works only if your e-commerce site is hosted on a server that runs secure server software — software that encrypts transactions — such as Apache Stronghold.

A VeriSign personal certificate, which you can use to authenticate yourself in e-mail, news, and other interactions on the Internet, costs $22.95 per year, and you can try out a free certificate for 60 days. Follow these steps to obtain your Digital ID:

  1. Go to the VeriSign, Inc. Digital IDs for Secure E-Mail page.

  2. Click Buy Online.

    The Step 1: Certificate Data page appears.

  3. Type your e-mail address and choose a validity period (25 days or one year); then click Next.

    If you pick the one-year option, you will be prompted to enter your billing information. Otherwise, the Confirmation page appears.

  4. Read the terms and conditions, click Yes to accept the terms, and then click Submit.

    The Completion page appears with instructions on how to pick up your Digital ID.

  5. Check the e-mail address you entered in Step 3.

    You’ll receive two e-mails. Click the link in the first one to go to the Verisign self-service page. Log in to the page with the password that was sent in the second e-mail.

  6. The Digital ID for Secure Email login page appears after you click the link in the first e-mail you received. Type the password you received and click Log in.

    A page appears reviewing your request status for generating a key pair.

  7. Review the key information and then click Generate Key and Install.

    Allow a few minutes for the key to generate. When your key is generated, you see the message Successfully generated the private key and installed the certificate to your key store at the top of the window.

  8. Click the Install Certificate button.

  9. When a dialog box appears saying the certificate has been installed, click OK.

  10. To view your certificate, in Microsoft Internet Explorer, choose Tools→Internet Options, click Content, and then click Certificates.

    The Certificate dialog box appears.

  11. Double-click the name of the certificate listed in the Personal tab.

    The certificate appears.

    image0.jpg

After you have your Digital ID, what do you do with it? For one thing, you can use it to verify your identity to sites that accept certificate submissions. You can also attach your Digital ID to your e-mail messages to prove that your message is indeed coming from you. See your e-mail program’s Help files for more specific instructions.