The Secure Sockets Layer (SSL) protocol has become the universal standard on the Web for authenticating sites and for encrypting communications between users and Web servers. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate or Server ID enables SSL capabilities.

SSL server authentication allows users to confirm a Web server's identity. SSL-enabled client software, such as a Web browser, can automatically check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) — such as VeriSign — listed in the client software's list of trusted CAs. SSL server authentication is vital for secure e-commerce transactions in which users, for example, are sending credit card numbers over the Web and first want to verify the receiving server's identity.

An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, protecting private information from interception over the Internet. In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering — that is, for automatically determining whether the data has been altered in transit. This means that users can confidently send private data, such as credit card numbers, to a Web site, trusting that SSL keeps it private and confidential.

The difference between 128-bit and 40-bit SSL:

VeriSign Server IDs enable visitors to verify your site's authenticity and to communicate with it securely via state-of-the-art SSL encryption, which protects confidential information from interception and hacking. SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Microsoft and Netscape both offer browsers that enable different levels of encryption depending on the type of Server ID with which the browser is communicating.

VeriSign Server IDs let visitors know that they are really doing business with you (not an impostor's "spoof " site) and that the information they send through your site (such as credit card numbers, online forms, and financial data) is protected from interception or alteration over the Web.

• Peace of Mind—VeriSign Server IDs include up to $250,000 of NetSure warranty protection against economic loss due to theft, impersonation, corruption, or loss of use.
• Standards—VeriSign is the only Certificate Authority to undergo KPMG's annual audit to certify trusted practices (SAS 70 Type II Audit).
• Experience—VeriSign has secured over 400,000 Web sites, including the top 40 e-commerce sites and virtually all of the Fortune 500 businesses with a Web presence.
• The Leading Trust Brand—The VeriSign brand—represented by the widely recognized Secure Site Seal—gives your e-commerce customers the confidence to trust your site and shop securely.
• Value-Added Features—VeriSign's services include a variety of additional services, such as site performance and security auditing, Dun & Bradstreet Business Credentials, training discounts, and more.
• Interoperability—The VeriSign Trust Network provides a globally interoperable digital certificate infrastructure through a trusted network of worldwide Certification Authorities.

• A customer contacts your site and accesses a secured URL: a page secured by a Server ID (indicated by a URL that begins with "https:" instead of just "http:" or by a message from the browser).
• Your server responds, automatically sending the customer your site's digital certificate, which authenticates your site.
• Your customer's Web browser generates a unique "session key" (like a code) to encrypt all communications with the site.
• The user's browser encrypts the session key with your site's public key so only your site can read the session key. Depending on the browser, the user may see a key icon becoming whole or a padlock closing, indicating that the session is secure.
• A secure session is now established--all communications will be encrypted and can only be decrypted by the two parties in the session. It all takes only seconds and requires no action by the user