Secure transmission with Digital ID's
Bodyworkmall.com ensures the security of all protected data transmitted to and from our site through the use of Digital ID's, in combination with a server-based encryption technology called Secure Sockets Layer (SSL). To verify that the information you are sending to and receiving from Bodyworkmall.com is actually from our web site, Bodyworkmall.com utilizes a well-known method of electronic identification called a Digital ID. A Digital ID is the electronic equivalent of a driver license, passport, or business license. It is issued by a trusted third party called a Certification Authority (or "CA" for short). The CA acts somewhat like a Passport Office. It takes steps to establish the identity of the people or organizations to whom it issues Digital ID's. Once the CA has established an organization's identity, it issues an electronic "certificate" to the organization, which is then used to enable secure transmission of information.
The CA used by Bodyworkmall.com is VeriSign Inc. VeriSign's Digital ID and encryption technologies are widely used throughout the online retailing industry. Most Fortune 500 companies with a web presence also use VeriSign security, including Microsoft, IBM, Amazon.com, and many others.
VeriSign's Secure Server Digital ID's allow any web server to implement the Secure Sockets Layer (SSL) protocol, which is the standard technology for secure, web-based communications. SSL capability is built into server hardware, but it requires a Digital ID in order to be functional.
Using our Digital ID and SSL technology, Bodyworkmall.com ensures secure data transmission over the Internet, enabling:
- Mutual authentication. The identity of both Bodyworkmall and the customer can be verified so that both parties know exactly who is on the other end of the transaction.
- Message Privacy. All traffic between Bodyworkmall.com and the customer is encrypted using a unique "session key." Each session key is only used with one customer during one connection, and that key is itself encrypted with the server's public key. These layers of privacy protection guarantee that information cannot be intercepted or viewed by unauthorized parties.
- Message Integrity. The contents of all communications between Bodyworkmall.com and the customer are protected from being altered en route. All those involved in the transaction know that what they're seeing is exactly what was sent out from the other side.
How you know when you are using a secure channel:
Both Netscape Navigator and the Microsoft Internet Explorer have built-in security mechanisms to prevent users from unwittingly submitting sensitive information over insecure channels. If a user tries to submit information to an unsecured site, these browsers will, by default, show a warning. By contrast, if a user attempts to submit information to a site without a valid Digital ID and SSL connection, no such warning is sent. Furthermore, both the Microsoft and Netscape browsers provide users with a positive visual clue that they are at a secure site. In Netscape Navigator 3.0 and earlier, the key icon in the lower left hand corner of the browser--which is normally broken--is made whole. In the 4.0 versions of Netscape Navigator and Microsoft Internet Explorer, the normally open padlock icon becomes shut, as shown below:
This is the secure connection indicator for Microsoft Internet Explorer 6.0. It is visible on the bottom of the right hand side of the browser window. Netscape Navigator uses a similar visual cue to indicate a secure web site.
These positive visual cues only occur if a web site has a valid Digital Certificate, issued by a Certificate Authority, which is trusted by the browser. Special care is recommended even when visiting sites that seem to be enabled for secure transmissions. If the web site's Digital ID is stolen, (e.g. if www.hacker.com tries to use a certificate for www.bookstore.com), the user's browser will display a pop-up warning saying something such as, "The certificate you are viewing does not match the name of the site you are trying to view." Users will be able to click "Yes" to proceed, "No" to stop (a smart decision), "View Certificate" to view the certificate, and possibly a button leading to more information.
To view the criteria by which VeriSign certifies a given web site, see its Certification Practices Statement (CPS) (PDF format, 574.7KB).