Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol to
provide encrypted communication and secure identification of a network web server. HTTPS connections are often used on the
World Wide Web and for sensitive transactions in health information systems.
All our systems are encrypted using HTTPS protocol
Most browsers display a warning if they receive an invalid certificate. Older browsers, when connecting to a site with an invalid
certificate, would present the user with a dialog box asking if they wanted to continue. Newer browsers display a warning across
the entire window. Newer browsers also prominently display the site’s security information in the address bar. Extended validation
certificates turn the address bar green in newer browsers. Most browsers also display a warning to the user when visiting a site
that contains a mixture of encrypted and non encrypted content.
Therefore an HTTPS connection to a website can be trusted if and only if all of the following are true:
1.The user trusts that their browser software correctly implements HTTPS with correctly pre-installed certificate authorities.
2.The user trusts the certificate authority to vouch only for legitimate websites without misleading names.
3.The website provides a valid certificate, which means it was signed by a trusted authority.
4.The certificate correctly identifies the website (e.g., when the browser visits “https://example.com”, the received certificate is
properly for “Example Inc.” and not some other entity).
5.Either the intervening hops on the Internet are trustworthy, or the user trusts that the protocol’s encryption layer (TLS/SSL) is
sufficiently secure against eavesdroppers.
|
