A closed lock on a keyboard

As a responsible website owner, your site should have an SSL certificate to help protect the privacy of your customers. An SSL certificate is your mark of authority, proving that data is encrypted and unrecoverable should a cyber attacker manage to intercept and capture information as it flows between your site and the customer’s computer.

But how does SSL actually work?

Internet protocol and web connections

The connection between a visitor’s computer and your website can be thought of as a pipe. Information flows along that pipe in both directions – requests for pages from their computer, and the relevant information sent back by return.

The information travelling along these pipes is split into packets by a networking technology called Internet Protocol. The packets are small, quick to transfer, and help ensure that messages are not corrupted in transit.

Unfortunately, standard IP traffic can be intercepted and read relatively easily. So if a hacker can capture your customer’s unsecured IP traffic, they can also grab any sensitive information contained in the traffic.

SSL sits on top of IP

Secure Socket Layer, SSL, sits on top of the IP layer inside our imaginary internet pipe. The technology is designed to detect spoofing attempts, preventing criminals from pretending to be you – without the correct certificate they cannot modify IP packets for instance. They also cannot send faked packets to look like they are coming from your site.

As suggested at the top of the page, SSL also plays a vital role in ensuring your customer’s privacy. With an SSL certificate installed on your site, data passing down the Internet pipe should not be readable by anyone other than the customer – eavesdropping is prevented.

Invoking SSL

When a customer lands on your website, their computer “talks” to your website to set up the encrypted connection. The initial exchange of data – known as a “handshake” – helps to establish the parameters of the browsing session that will follow.

Your customer’s web browser will “see” the SSL certificate installed on your website and, as part of the initial handshake, request that the rest of their browsing session to be encrypted. The website then responds by sending the necessary decryption key for the client’s computer to make sense of the encrypted IP packets that are sent to it. The customer’s computer will be able to make use of the same keys to encrypt any data – like credit card numbers – that is sent by them to your site.

Incredibly, the handshake and encryption set-up takes a fraction of second, allowing your customers to surf securely without any delay.

Complex yet fast

This is obviously a grossly simplified explanation of how SSL works. There are many more minute details that govern SSL, such as the “strength” of the encryption and the size of the IP packets, but all is of little importance to the average web shopper – they just want to know that their data is secure. And if your online store is protected by a properly installed SSL certificate, their data will be secure.

To learn more about SSL, or to purchase protection for your website, please get in touch.

Leave a Reply