Browser Manufacturer's certification for the green address bar mainly contains two ways:
1. Use browser manufacturers customized by white list
for example Browser, 360 browser, etc., will add domestic and foreign well-known websites and companies with better reputation or business cooperation to the white list. When the client accesses these whitelists, the green address bar is activated.
2. The server certificate issued by the third party certification body
International mainstream browser manufacturers use this approach. The website organizer obtains a server certificate product that supports the green address bar by applying for a third-party digital certificate certification agency. After configuring the certificate that supports the green address bar to the server, the green address bar can be activated only when the client uses HTTPS secure mode to access the site. At the same time, the data between the website and the client will be transmitted after encryption.
Compare the function of the green address bar implemented in two ways:
A green address bar that activates the use of browser vendors customized white lists can only be opened to well-known sites, and Multi-only for site page contains a site of dealing or payment classes. The well-known sites of some information classes are not here. IT staff in SMEs often get the authentication function of the green address bar through reasonable ways.
Because the white list is just the alignment of the domain name input by the address bar and the white list, the green address bar will also display the Green Address Bar when the client is at the DNS attack. This white listing mechanism still has defects to some extent.
Use a third party authentication of a server certificate to activate the green address bar, which is an internationally passing method. Through the third party certification body, verify the server certificate application unit, ensuring that the server certificate is the accountability unit of the website. If the loyalty is to implement the illegal criminal activity on the website page that activates the green address bar, trace the customer's truthful holder of the server certificate by issuing a third-party certification information acquired when the server certificate is issued. Through the legal proceedings, you can pursue criminal responsibility for the website hosted accountability unit.
The green address bar is actually a display form of the EV SSL certificate to fight the fraudulent fishing website. Extended Validation SSL CERTIFICATE (referred to as: EV SSL certificate). The generation of EV SSL certificates is to deal with increasingly rampant online fraud, intended to recover and enhance people's confidence in online online transactions. The certificate is a member of the SSL certificate family, and its issuance process strictly follows the rigorous identity verification criteria for global unity. If your website deploys the EV SSL certificate, the user's address bar will become green and display a security lock flag and the unit name of this website and the issuing authority of this certificate will be clearly indicated by the address bar. The identity of this website has been strictly verified by this certificate authority, and the website is safe and reliable. According to the statistics of the website of EVSSL, its trading volume increased by 27%. VeriSign is the most leading EVSSL technology provider in the world, successfully deployed more than 10,000, with unique anti-fish fraud technology EV certificates with extremely high customer knows. The VeriSign Evssl certificate has been distributed in some well-known websites in China. Its domestic official partner Tian Wei Congcheng Digital Certification Center (ITRUSCHINA) has completed the technical upgrade of anti-fishing website in successful China Merchants Bank, Industrial and Commercial Bank, CITIC Bank, and believe Domestic fraud phishing website events have been alleviated. The most typical network fishing attack process is as follows: First, the user is in a very similar fishing website that is very similar to the website of the target organization, and then obtain personal sensitive information entered on the phishing website, such as bank account, bank password Wait. Usually this attack process will not let the victim alert. These personal information have a very attractive attraction of the phishing website holders. Through the use of stealing personal information, they can fake victims to fraudulent financial transactions, gain great economic benefits, and the victims have suffered To huge economic losses, non-so, those who are stolen may also be used for other illegal activities.