Data Encryption

How SSL protects personal information through encrypted connections

When a web browser visits a website, the browser (or client) is connecting with the web server that hosts the site. In the past, most websites have traditionally been served over HTTP (hypertext transfer protocol). With HTTP, the connection is unsecured and any data that is sent back and forth between the browser and the server is out in the open.

What this means is that any interested third party can intercept and even manipulate the data being sent. For obvious reasons this can create all kinds of problems. Encryption prevents this from happening by encoding the data being sent in such a way that only someone with a corresponding key can read it.

Data Encryption

Encryption encodes communication in such a way that only someone with a corresponding key can read it.

Who needs encryption?

Now, before we get into how Encryption occurs, let's discuss who needs Encryption. In the past, up until just a year or two ago, it was believed that if a website didn't collect personal information from its visitors that encryption was unnecessary. Lately, however, thanks in large part to a heavy push from the browser community, that thinking has changed. Now, regardless of whether your site is collecting personal information or not, everyone needs at least basic encryption.

And if your site does collect personal information – if you're in the healthcare, insurance, financial or e-commerce industries – you'll also need Business Authentication. But that's another discussion all together, let's get back to how Encryption works.

Learn More About Authentication


How do SSL/TLS Certificates Encrypt?

After an SSL/TLS certificate is purchased and installed on a web server, the certificate enables the SSL/TLS protocol—this is what facilitates encryption.

Purchase Certificates

SSL/TLS Certificates Encrypt

When a client reaches a website with an SSL/TLS Certificate installed the client's web browser and the web server perform what is referred to as the "SSL handshake." This is the process where the client checks the validity of the SSL Certificate, and then negotiates the details of the encrypted connection with the server. Afterwards, the client and server exchange session keys so that they can begin encrypted communication with one another.

After the client and server perform the SSL Handshake, all communication will then be encrypted. Which means that if a cybercriminal were to try and intercept or manipulate communication between the client and the server, any attempt would be unsuccessful unless they had the correct key. And fortunately, the cybercriminal cannot access that key.

Session keys are randomly generated and only made available to the client and the server. In addition, they may only be used for a single visit. As soon as you leave the site, the session keys are discarded. Then, on your next visit, a new SSL handshake will occur and a new set of session keys will be generated.

Shop for Business Authentication Certificates

Shop EV