The U.S. Census BureauGo to U.S. Census Bureau Home Page
The U.S. Census BureauGo to U.S. Census Bureau Home Page

skip to Main Content
  Resources
  Home
  General FAQs
  Industry Information
  Electronic Reporting
  Online Services
  2007 Econ. Census Forms
  Form Archive
 
  General
  About the Econ. Census
  Contact Us
  Key Dates
  Changes for 2007
  Census Program
  What's Asked
  How Data Are Used
  Glossary
 
  Classification Info.
  Classification FAQs
  Classification Forms
 
  Miscellaneous
  Legal
  Confidentiality
  Website Feedback Form
  Site Map
 
  Related Sites
  SBO and BES Surveys
  Other Economic Surveys
  NAICS
  2002 Econ. Census Help
  business.census.gov
 
business.census.gov
Search For: 
 You are here: BHS Home

 Security Information

The statements on this page apply to our Online Services (Electronic Reporting and Online Requests) only; not to sending e-mail. Go to our contact us page for further explanation about sending e-mail.

The information that is sent between your computer and our server is encrypted. We are using 128 bit encryption for Netscape Communicator 4.0 and Internet Explorer 4.0 and above. If you are running an older browser version, you may want to download a newer version from Netscape or Microsoft.

 Understanding Encryption

Information going from one computer to another passes through numerous other computers before it reaches its destination. This information is not normally monitored, but someone can intercept and eavesdrop on your private conversations or credit card exchanges. Worse still, eavesdroppers might replace your information with their own and send it back on its way. Because of the architecture of the Internet and Intranets, there will always be ways for unscrupulous people to intercept and replace data in transit.

Fortunately there are ways to safeguard privacy over the Internet. You encrypt, or disguise, your information before you send it over the Internet. That way, if someone intercepts it, the data is meaningless. And, if the intercepted data is changed, the intended recipient will know it was altered.

 Taking precautions

We use the Secure Sockets Layer (SSL) protocol to safeguard against the threats listed previously.

Confidentiality is ensured through encryption, the process of disguising information so that it can't be deciphered (or decrypted) by anyone but the intended recipient. If the information is intercepted, it will be unreadable by a third party. The only information that can be discovered is that the two parties are communicating. Integrity is also ensured through encryption. If someone attempts to alter an encrypted message, it will not decrypt correctly, alerting the recipient to the fact that someone has tampered with the message.

 What is encryption?

Encryption is the process of transforming information so it can't be decrypted or read by anyone but the intended recipient. This disguised information is called ciphertext. It is the ciphertext that you send across the Internet. For example, suppose you have a financial report stored at your web site. If SSL is enabled on your web server, your server encrypts the report and sends the ciphertext to a client, who turns the ciphertext back into the financial report.

Decryption reverses the process, turning the ciphertext back into the original message. Only the recipient can decrypt the text because only the recipient has a key. Only someone with the correct key can "unlock" a message.

 How servers use encryption

Public-key encryption takes longer than symmetric encryption. However, client-server communication with SSL uses both types of encryption together to maximize their strengths. Here's how these processes are leveraged: A client and server exchange public keys (public-key encryption), and then the client generates a symmetric encryption key that is used only for a single transaction (symmetric encryption). This key is called a session key. The client encrypts the session key with the server's public key and sends it to the server. When the server receives the session key, it uses its private key to decrypt it. For the rest of that transaction, the client and the server can use the quicker symmetric encryption.

During an SSL connection, the client and the server agree to use the strongest cipher with which they both can communicate.

 How safe is encryption?

Technically, it's not impossible to "crack" ciphertext and determine the content of the original message--it just takes a lot of time and money. For example, it would take a single Pentium-based computer more than a billion years to crack the 128-bit encryption.

Of course, you could use several computers in conjunction. For example, if you dedicated ten computers to cracking that same encryption, it would take you one-tenth the time. Even then, only the single message in question would be deciphered because SSL generates a new encryption key for every exchange. However, it is conceivable that someone could use 100 dedicated computers working together to crack it more quickly. Of course, the cost of making such powerful machines unavailable for other tasks for that amount of time would be very high indeed--probably millions of dollars.

The precise level of security a key offers is measured by the size of certain numbers used in creating the key. These numbers are measured in bits. The greater the number of bits, the more secure the key. The key used in the previous example is a 128-bit key, which is so strong that the United States government doesn't allow products containing it to be exported. International versions of Netscape products are limited to 40-bit encryption keys. This is still strong enough to stop most hackers.



Last revised: May 15 2007 08:12:16
This symbol Symbol indicating that file is external to this site. indicates a link to a non-government web site. Our linking to these sites does not constitute an endorsement of any products, services or the information found on them. Once you link to another site you are subject to the policies of the new site.