|
When
using the Focus Education Secure Portal you may receive a warning
similar to this. The reason for this is not that the Portal is not
secure, it is because our security certificate differs slightly
from what your browser expects.
| The
reason the top warning is given is because you have not elected
to trust the mindwebs portal yet. Some commercially available
certificates come "pre-trusted" but the group of companies
using this portal have elected to create their own. |
|
| A number of
companies share the web server that this secure portal
is hosted on. The way the certificate checks to see that
the company, in this case, MindWebs is the company calling
the portal is that it does a "reverse lookup".
Unfortunately the results of that lookup may be one of
the other companies so this test fails. |
| To check the
creator of the certificate and see other information click
here. You can install the certificate on your machine
if you choose to trust MindWebs in the future. |
|
Is
this Site really secure?
The simple answer is "Yes" - as
secure as all other encrypted (or SSL) sites, including most banks.
How
does this site make itself secure?
The way this site becomes secure is that the
server, that's the hardware that physically has these websites on
it, negotiates an encrypted protocol with your browser - in other
words, they agree on a special secret language. The way both come
up with this language is by using these certificates. Certificates
can be purchased from special "authorised" dealers or
they can be created manually. The only problem with creating your
own is that its level of trust only extends as far as the creator.
Commercial certificates have a hierarchy of trust extending all
the way to the browser creator. These certificates do not cause
the first error on the warning page. In other words, the certificate
is only trustworthy if you ultimately trust the creator. If you
cannot, don't use the certificate or the secure site. All the sites
on this server are owned by Australian registered companies and
are bound by australian corporate law.
The protocol
uses 128 bit encryption and means that your browser and the server
speak their own unique language which cannot be interpreted by anyone
eves dropping on the conversation. This means that the server can
obtain information, like your credit card number, without the information
being available to anyone intercepting the transmission. Once the
Server has the information it must, by Australian Law, deal with
the information in a secure way. Your details are not stored on
the server - this would be too much of a security risk. Your details
are once again encrypted, this time using a 256 bit encryption and
are sent to the person responsible for the finances of the specific
site. Each of the sites that use the secure portal has a different
person responsible and only gets the records for that site. This
encryption is accomplished using the person reponsible's own private
certificate (or Key). They are the only person able to decrypt the
details. Even the administrative staff of this server have no access
to this information. The details are deleted as soon as the credit
cards are processed and are stored in their encrypted format until
deleted.
Who
really owns the secure certificate for Focus Education?
The certificate is owned
by John Squires B. IT (Software Engineering) Hons., system administrator
of the Web Server, IT Manager and product development manager for
the Focus Group of Companies. You can verify this by clicking "view
certificate" when in the above window.
For enquiries please email
john.squires@focuseducation.com.au
The
Other Companies Using this Server are:
MindWebs.com.au
LearningBrainExpo.com.au
UltimateGaming.com.au
| 
