Security Policy

What Is SSL?

The Secure Sockets Layer (SSL) protocol, originally developed by Netscape, has become the universal standard on the Web for authenticating Web sites to Web browser users, and for encrypting communications between browser users and Web servers.

What Is A Server ID?

Installed on our Web server, a Server ID is a digital credential that enables you, using your Web browser, to verify our site's authenticity and to communicate with it securely via SSL encryption.

What Are Authentication And Encryption?

SSL server authentication allows you to confirm a Web server's identity. SSL-enabled client software, such as a Web browser, can automatically check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) - such as VeriSign or Thawte - listed in the client software's list of trusted CAs. SSL server authentication is vital for secure e-commerce transactions in which users, for example, are sending credit card numbers over the Web and first want to verify the receiving server's identity.

An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, protecting private information from interception over the Internet. In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering - that is, for automatically determining whether the data has been altered in transit. This means that users can confidently send private data, such as credit card numbers, to a Web site, trusting that SSL keeps it private and confidential.

How Do Server IDs Work?

A customer contacts our site and accesses a secured URL: a page secured by a Server ID (indicated by a URL that begins with "https:" instead of just "http:" or by a message from the browser).

Our server responds, automatically sending our site's digital certificate, which authenticates our site.

Your Web browser generates a unique "session key" to encrypt all communications with the site.

Your browser encrypts the session key itself with the site's public key so only the site can read the session key.

A secure session is now established. It all takes only seconds and requires no action by you. Depending on the browser, you may see a key icon becoming whole or a padlock closing, indicating that the session is secure.