Are my details secure?
The answer is, yes! TicketWeb uses the SSL (Secure Sockets Layer) protocol to encrypt the information entered on your secure order form prior to transmission over the Internet.
SSL is the industry standard for secure server commerce transactions. You can place your order online without fear of interception provided you are using an SSL compliant browser, such as Internet Explorer, Mozilla Firefox, Netscape Navigator or Opera.
More about public key certificates, Certification Authority's (CA's) and Third-Party Trust.
The credentials used to authenticate Web servers and their clients via protocols such as SSL and S-HTTP are called X.509 public key certificates. A public key certificate is analogous to a passport, in that it proves your identity and is authorised by a trusted third party known in the security world as a Certification Authority or CA (see below). In the passport analogy, the CA is similar to the Passport Office, which verifies your identification, creates a recognised and trusted document which certifies who you are, and issues the document to you.
A Certification Authority (CA) is a trusted authority responsible for issuing certificates used to identify a community of individuals, systems or other entities which make use of a computer network.
TicketWeb uses a certificate issued by the Thawte CA. By digitally signing the certificates it issues, the CA binds the identity of the certificate owner to the public key within the certificate and thereby vouches for the trustworthiness of the certificate.
Network users possess the CA's own public key certificate (sometimes referred to as the "root key") and use it to verify others' certificates. In doing so, they have the assurance that the public keys in those certificates are the authentic keys of the named subjects, and know that the CA (whom they recognise and trust) vouches for this binding.
The CA plays a crucial role in Web security since the CA makes a third-party trust relationship possible. In a large, distributed and complex network such as the Web, the third-party trust model is necessary since there are many permutations of dynamic, client-server relationships. Servers and clients may not have an established mutual trust; yet both parties want to have secure sessions, which demands a foundation of trust. The CA is the missing link which makes trusted Web sessions a reality. Because each party in the session trusts the CA, and because the CA has vouched for each party's identification and trustworthiness by signing their certificates, each party recognises and has implicit trust in the other, so the secure session can proceed without the risk of masquerading.
Further, since the two authenticated parties exchange public key certificates, they can encrypt and digitally sign session data, removing the possibility that others may eavesdrop on the session or tamper with data.