|
Security
Policy
Johnson Advertising, Incorporated has taken extensive steps to ensure
that any data transmitted by our users cannot be intercepted, viewed,
or blocked by unauthorized parties. We also have established policies
telling our users how we use and store their information, such as
addressing information, credit cards, and other preferences that Johnson
Advertising, Incorporated remembers.
Secure transmission with Digital ID's
Johnson Advertising, Incorporated ensures the security of all protected data transmitted to and from
our site through the use of Digital ID's, in combination with a server-based
encryption technology called Secure Sockets Layer (SSL). To verify that the
information you are sending to and receiving from Johnson Advertising, Incorporated is actually from
our web site, Johnson Advertising, Incorporated utilizes a well-known method of electronic identification
called a Digital I.D. digital ID is the electronic equivalent of a driver license,
passport, or business license. It is issued by a trusted third party called
a Certification Authority (or "CA" for short). The CA acts somewhat like a Passport
Office. It takes steps to establish the identity of the people or organizations
to whom it issues Digital ID's. Once the CA has established an organization's
identity, it issues an electronic "certificate" to the organization, which is
then used to enable secure transmission of information.
The CA used by Johnson Advertising, Incorporated is VeriSign Inc., located in Mountain View, California.
VeriSign's Digital ID and encryption technologies are widely used throughout
the online retailing industry. Examples of companies using VeriSign are eToys,
Microsoft, IBM, Amazon.com, and many others.
VeriSign's Secure Server Digital ID's allow any web server to implement the
Secure Sockets Layer (SSL) protocol, which is the standard technology for secure,
web-based communications. SSL capability is built into server hardware, but
it requires a Digital ID in order to be functional.
Using our Digital ID and SSL technology, Johnson Advertising, Incorporated ensures secure data transmission
over the Internet, enabling:
- Mutual authentication. The identity of both Eckerd and the customer
can be verified so that both parties know exactly who is on the other end
of the transaction.
- Message Privacy. All traffic between Johnson Advertising, Incorporated and the customer
is encrypted using a unique "session key." Each session key is only used
with one customer during one connection, and that key is itself encrypted
with the server's public key. These layers of privacy protection guarantee
that information cannot be intercepted or viewed by unauthorized parties.
- Message Integrity. The contents of all communications between Johnson Advertising, Incorporated
and the customer are protected from being altered en route. All those involved
in the transaction know that what they're seeing is exactly what was sent
out from the other side.
How you know when you are using a secure channel:
Both the Netscape Navigator and the Microsoft Internet Explorer browsers have
built-in security mechanisms to prevent users from unwittingly submitting sensitive
information over insecure channels. If a user tries to submit information to
an unsecured site, these browsers will, by default, show a warning such as the
following:
By contrast, if a user attempts to submit information to a site without a valid
Digital ID and SSL connection, no such warning is sent. Furthermore,
both the Microsoft and Netscape browsers provide users with a positive
visual clue that they are at a secure site. In Netscape Navigator
3.0 and earlier, the key icon in the lower left hand corner of the
browser--which is normally broken--is made whole. In the 4.0 versions
of Netscape Navigator and Microsoft Internet Explorer, the normally
open padlock icon becomes shut, as shown below:
|
|
