| What validation processes do you use? |
|
|
|
|
Trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL certificates are in the business of establishing that entities on the web are, in fact, who they claim to be. The potential for criminal activity on the web (in relevance to SSL anyway), is in online ‘hijacking’ of sites or connections to siphon encrypted data. Persons so inclined can easily "copy" web site interfaces and pose as well known vendors, simply to collect these data.
SSL certificates work to prevent this through ensuring that www.abc.com is, in fact, ABC Co. In the “real world”, we use identification procedures like photo ids, telephone calls and papers of incorporation to know with whom we’re dealing. If products or services are defective, buyers can seek recourse. In the “online world”, companies wishing to use SSL certificates must prove to the certificate authority that they have the right to present themselves online as ABC Co. This is done through a variety of means in different SSL products. For simplicity’s sake, consider the method started and championed by Verisign, as the ‘traditional’ model. The process involves certificate petitioners faxing in their articles of incorporation, and then waiting several days to be granted a certificate to do business online under that name. There is a fair amount of overhead related to this task, as these credentials are examined and reviewed, and full-service products in this arena can cost hundreds of dollars. There are newer, lower-cost alternatives in which certificates are issued more quickly. These certificates verify that the certificate holder is the owner of that domain, ensuring customers that URL “owners” are who they claim to be. There are also other validation options, like two-way, real-time telephony. Certificate applicants are required to provide telephone numbers, and certificate authorities call to verify basic information, yet another way to seek recourse in the event of problems. As part of the provisioning process with RapidSSL, RapidSSL Wildcard and FreeSSL, your business will be assigned a Unique Business Identifier — equivalent to a DUNS number. The Unique Business Identifier provides a corporate profile to your Internet users through information imbedded in your certificate. The business registration profile initially contains the basic self-reported information from your CSR — your Domain, Company Name, Division, Country, State and City. Your Unique Business Identifier will allow relying parties to view and purchase additional data about your company. With the Unique Business Identifier, industry-recognized domain control authentication, and two-factor telephony authentication, both of these products add further validation to forge the strongest real-time authentication process on the market today. |
| < Prev | Next > |
|---|
