918博天堂·(中国区)首页

    Blog
    Topic
    All
    AIoT
    SMB Solutions
    Products and technologies
    Industries
    All
    Traffic
    Education
    Logistics
    Banking
    Building
    Energy
    Sports
    Sustainability
    Business trends
    Cybersecurity
    Thermal
    Video Intercom
    Security Operations
    Imaging
    Trends
    Solution
    LED
    Resources and events
    Search blog
    Blog
    Filter
    Cancel
    Topic
    All
    AIoT
    SMB Solutions
    Products and technologies
    Industries
    All
    Traffic
    Education
    Logistics
    Banking
    Building
    Energy
    Sports
    Sustainability
    Business trends
    Cybersecurity
    Thermal
    Video Intercom
    Security Operations
    Imaging
    Trends
    Solution
    LED
    Resources and events
    RESETARE
    TRANSMITERE

    How does HTTPS protect the security of data transmission?

     

    “The rapid growth in the size and complexity of networks and Internet of Things (IoT) connected devices presents new opportunities – namely interaction between people and devices on a global scale. But at the same time, it also amplifies the risks of security breaches and other malicious attacks, especially in the process of data transmission.”

     

    The question is how to ensure that the data transmission process is not compromised by malicious attacks, and the answer comes with HTTPS.
    HyperText Transfer Protocol Secure (HTTPS) is the secure version of HTTP for the World Wide Web, over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted.

     

    What kind of security does HTTPS provide for you?
    Simply put, HTTPS protects all the information (even parts of the URL) you send and receive from the site, from opening the webpage to closing it.  

    How specifically does HTTPS protect the security of data transmission? We will address some common concerns by answering the following questions.

     

    1. How can users be sure that the website is legitimate? 
    A legitimate website will have a certificate, issued by a certificate authority (CA). For each link, the site will send this certificate to the client to prove its legitimacy.

     

    2. How can users ensure confidentiality of the data transmitted between the website and users?
    After verification, the website will negotiate the encryption with the user. And this process is automatically conducted between the site and the browser, which will together determine the cipher suite (including the encryption algorithm and the message authentication code algorithm, etc.) and the SSL/TLS protocol version. After that, the data transmitted between the site and users will be encrypted based on the concerted algorithm.

     

    3. How can users ensure the integrity of the data transmitted between the website and the users?

    A cryptographic “Message Authentication Code Algorithm” can be applied to make sure that your data has not been tampered with. This algorithm can transform data of arbitrary size to data of fixed size, and even when there is a one bit of change to the input data, the transformed data is completely different. These characteristics go far to ensure the integrity of the data.

     

    If an organization wants to have a secure website that uses HTTPS, it needs to obtain a site, or host certificate.

     

    What are legitimate certificates? 

    To put it simply, anyone who needs this certificate is required to apply for it from legitimate certificate authorities, and the process involves distribution of private keys.

     

    If the website you visit doesn’t have a legitimate certificate, the browser will display a prompt with a message such as:

     

     

    This suggests that the server you visit has not yet had a legitimate certificate. However, this does not necessarily suggest that the server is unsecure. To fix this, the owner of the server needs to apply for the certificate from a CA organization. GlobalSign, Verisign, Thawte, and Geotrust, are some of the leading server certification brands.

     

    Who should apply for the certificate?
    Generally, to ensure the availability of HTTPS on the server side (VMS platform or front-end and back-end device), the manufacturer needs to generate a temporary certificate for the server side before the delivery. The certificate installed by default on the camera is called a "self-signed" certificate - it is not issued by a certificate authority, and in fact it cannot be.

    Unfortunately, Hikvision cannot provide CA certificates for users, who need to acquire it by themselves (proving that they own the domain name), based on their decision on which domain name they will use.

    Currently, most of Hikvision’s products, including front-end and back-end device or VMS platforms, support HTTPS. Users can also check the “Enable HTTPS Browsing” checkbox, which will automatically switch to HTTPS when they try to access a web page over HTTP.

     

    Find out more about boosting your cybersecurity with Hikvision
    For more information about how Hikvision can help you optimize cybersecurity in the IoT era, read our product security white paper or contact us.  

    Cybersecurity

    Subscribe to newsletter

    Subscribe to our email newsletter to get the latest, trending content from Hikvision

    Contactați-ne
    Hik-Partner Pro close
    Hik-Partner Pro
    Hik-Partner Pro
    Scan and download the app
    Download
    Hik-Partner Pro
    Hik-Partner Pro

    Get a better browsing experience

    You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.