Skip to main content

Online security – what does https://.... actually mean?

Online banking and many other forms of secure Internet application rely upon secure communication. Since the Internet is a public network, sensitive information such as credit card numbers and banking information must be protected from prying eyes.

We are all familiar with the ‘https’ prefix to a secure web address, and many people are aware that the “s” has a special meaning when it comes to security. But how does it actually work?

The “s” means that when accessing that particular web site, all web traffic between your web browser and the web site uses the Secure Sockets Layer (SSL) – in other words it is encrypted. Now, if anyone manages to intercept the message, all they will see is gibberish.

Encryption has of course been around for a very long time – probably as long as written communication itself. However, many simple methods of encryption have a flaw which makes them unsuitable for Internet use. The problem is key distribution. Alice and Bob may wish to send coded messages to each other using a key they agree on, but what if a third party managed to intercept the key as it was passed between them? Alice and Bob’s communications are no longer secure.

SSL solves this key distribution problem by splitting the encryption key into two parts – a “private” key and a “public” key. The two parts of the key work as a pair. Any message encrypted with a private key can only be decrypted with its public counterpart, and vice versa. A secure web site distributes its public key to anyone who visits the site.

The private key is not distributed and is kept safely locked away. A site visitor (sending bank account details for example) encrypts this information using the site’s public key and sends it to the site. Only the site holding the private half of the key can decrypt the information.

A further important feature of this scheme is that the site’s identity can be bound to the public key, allowing users to check that the site is genuine.

Because of its elegant key distribution solution and high level of security, SSL has become the web standard for encryption, used by online banking, credit card processing and even web service applications such as Unified Software’s BankVal UK and BankVal International.

Unified Software Ltd (opens in new tab) is the UK's leading financial web services provider. Our pioneering BankVal family of services have been helping business run smoothly since 2003.