How SSL Encryption Works
Unittus and subsidiaries (hereinafter referred to as 'Unittus' or the 'Company')
use the industry standard security protocol Secure Sockets Layer (SSL) to encode
sensitive information—like your credit card number—that passes between you and our
company. SSL works by creating a temporary, shared 'key' (sort of a digital code
book) that lets only the computers on either end of a transmission scramble and
unscramble information. To anyone between the sender and the receiver—including
all the servers that may relay the message—the SSL transmission is indecipherable
gibberish.
We feel SSL makes ordering online just as secure as using your credit cards anywhere
else. In fact, after thousands of online transactions worth millions of dollars,
none of our clients have ever reported misappropriation of a credit card number
protected by SSL technology.
Exchanging 'Hellos'
When your browser lands on a secure web page, the server hosting the secure site
sends a 'hello request' to the browser. The browser replies with a 'client hello.'
In networked environments (and the Web is the granddaddy of all networked environments),
individual PCs are often called 'clients.' The server, ever the polite one, responds
with a 'server hello.'
Exchanging all these 'hellos' lets your browser and the Web page determine the encryption
and compression standards they both support. They also exchange a 'session ID,'
a unique identifier for that specific interaction. Once they have greeted each other,
the browser asks for the server's 'digital certificate.' It's the online commerce
version of saying 'Can I see some ID, please?'
A Digital Certificate
Online companies get digital certificates from a Certificate Authority, like RSA
Data Security Inc. or VerSign Inc. A Certificate Authority verifies a company's
identification and then issues a unique certificate as proof of identity.
Sharing the Key
After your browser and our server have shaken hands and your browser has checked
our digital certificate, your browser uses information in our digital certificate
to encrypt a message back to us that only our server can understand. Using that
information, the browser and the server create a 'master key.' This master key is
like a codebook that both sides can use to encode and decode transmissions. Only
your browser and our server share that master key and it's good only for that session.
Using the unique, shared key, your browser and our server can exchange sensitive
information—like your credit card number—in a way third parties cannot understand.
When you surf off of a secure site, the master keys you once held in common become
useless, since they are good for one session only. When you go back to the secure
site again, your computer and the server will go through the whole process again
and create another master key.
Is it Safe?
The legal department goes crazy when we speak in absolutes, but SSL makes your online
purchases extremely safe. The way to break an SSL encryption is with brute force
by intercepting the encrypted message containing your credit card number, recording
it and then using a computer to try every possible combination until the master
key is cracked. To combat even that approach, most keys range from 40 to 1,024 digits
long (each digit is either a 1 or a 0). As the number of digits in the key gets
longer, the number of possible combinations grows into the trillions.
Therefore, the longer the key is, the more secure it is.
We believe strongly in the safety of SSL. Encryption technology continues to evolve,
however, so we will continuously review ways to improve security, including new,
even more bulletproof encryption methods.
This website is owned and operated, or operated under agreement, by:
Unittus, Inc. 7353 International Place, Unit 309, Sarasota, FL 34240
Last Revision September 1, 2011