PageType: -About- | PageSubType: -Policies- | 

TLS/SSL Online Data Security

The Secure Sockets Layer (SSL) protocol, originally developed by Netscape, became the universal standard on the Web for authenticating Web sites to Web browser users, and for encrypting communications between browser users and Web servers. To remove the risk of Netscape's intellectual rights causing problems in the future, versions of the protocol after version 3 were renamed Transport Layer Security (TLS) with versions starting with 1.0. TLS has developed into higher versions and has become much more secure than SSL. With the discover of the "POODLE" venerability of SSLv3, no SSL protocol is considered sufficiently secure anymore. This website has all versions of SSL disabled so early web brousers like, IE version 6, can not use that protocol.

This special secure protocol layer is built into all major Web browsers and Web servers used today. To enable its use with a Web site, a Digital Certificate, or Server ID, must be installed on a secure Web server. When the Web page URL starts with "https:", the secure Web server and your Web browser process the page using the TLS or SSL protocol which incorporates secure encryption to protect your personal information.

We have obtained our own Digital Certificate which is the digital credential that enables you to verify our site's authenticity and to communicate with it securely via TLS encryption. When on a secure page, you can view our Digital Certificate by clicking on your browser's key or padlock icon which indicates that the page is secure. You can also verify our Digital Certificate information by clicking on the VeriSign Secure Site Icon in the left margin of most of our Web pages. For your protection, all our pages which contain forms for personal data entry are secured with TLS using our own Digital Certificate obtained from VeriSign, Inc.

TLS/SSL Authentication and Encryption

TLS/SSL server authentication enables you to confirm our Web server's identity. TLS/SSL-enabled client software, such as your Web browser, can automatically check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) - such as VeriSign, Inc. - listed in the client software's list of trusted certificate authorities. TLS/SSL server authentication is vital for secure e-commerce transactions in which customers, like you, are sending charge card numbers over the Web and first want to verify the receiving server's identity. This enables you to determine that we are who we claim to be, not a bogus online store front running on an unauthorized server.

An encrypted TLS/SSL connection requires all information sent between a client (your Web browser) and our site's server to be encrypted by the sending software and decrypted by the receiving software, protecting your private information from interception over the Internet. In addition, all data sent over an encrypted TLS connection is protected with a mechanism for detecting tampering - that is, for automatically determining whether the data has been altered in transit. This means that you can confidently send private data, such as charge card numbers, to our Web site, trusting that TLS keeps it private and confidential.

How the TLS/SSL Protocols Work

  1. As a customer your Web browser (client) contacts our Web site's server and accesses a secure Web page: a page secured by our Digital Certificate or Server ID (indicated by a URL that begins with "https:" instead of just "http:" or by a special message from your browser).

  2. Our site's server responds, automatically sending our Digital Certificate (Server ID) to your Web browser. This authenticates our site and provides our public key.

  3. Your Web browser verifies our Digital ID then generates its own unique "session key" to encrypt all communications with our site.

  4. Your Web browser encrypts the session key itself with our site's public key so only our site can read the session key. The encrypted session key is automatically sent to our server.

  5. A secure session is now established. It all takes only seconds and requires no action on your part. Depending on the browser you're using, the you may see a key icon becoming whole (unbroken) or a padlock closing, indicating that the session is secure.

  6. You can click on the key or padlock icon to view our Digital Certificate information which includes its valid date range, the Digital ID issuing company (VeriSign, Inc.), our company's name and URL to which the certificate was issued, etc.

Your Personal Privacy is Important to Us

Ristenbatt Vacuum Cleaner Service is committed to maintaining your confidence and trust. It is our policy that personal information, such as your name, postal and e-mail address, telephone number or charge card information, is private and confidential. Therefore, we continue to invested significant resources to maintain mechanisms to ensure that your personal information remains confidential. These include, but are not limited to, obtaining our own Digital Certificate, Processing Charge Cards via a Secure Gateway and establishing and implementing our Personal Information Privacy Policy. It is our hope that you will feel comfortable, secure and confident when purchasing items from our Online Store for Vacuum Cleaner Products.

Next Policy: Processing Charge Cards via a Secure Gateway

Index of Related Articles:

Ristenbatt Vacuum
Accepts Credit Cards



ABOUT SSL CERTIFICATES


McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Honored Member of the Vacuum Dealers Trade Association
VDTA Member