Security Information
Skip to navigation
Navigation
- Home
- Theatre News
- London Shows A-Z
- Buy Tickets
- Kids & Family Theatre
- Olivier Awards
- tkts
- Theatreland at 100
- Access
- You are in:
- > Buy Tickets
- > Security Information
- You are in:
- > Buy Tickets
- > Security Information
The London Theatre Guide online ticketing service is powered by Ticketmaster (UK) Ltd on behalf of the Society of London Theatre. Any financial transactions will occur on a designated server of Ticketmaster (UK) Ltd. Please read the following Security Information provided by Ticketmaster (UK) Ltd.
Ticketmaster Security Information
Every credit card purchase you make on the London Theatre Guide Ticketing Service is done through Ticketmaster's Secure Server Technology. Our secure server software encrypts information, ensuring that Internet transaction stay private and protected. TicketWeb uses SSL3. If SSL is disabled on your Browser, please check the help facility on your Browser for instructions on how to enable it.
What is SSL?
Recent developments in browser/server technology have made it easy for people to use Web services without worrying about electronic fraud. Two examples are Secure Sockets Layer (SSL) developed by Netscape, and Secure Hypertext Transfer Protocol (S-HTTP) developed by Terisa Systems, Inc. Both of these security protocols have been submitted to the Internet Engineering Task Force (IETF) as an Internet-Drafts. Basically, these protocols allow the browser and server ends of a Web session to authenticate one another and secure information which subsequently flows between them. Through the use of cryptographic techniques such as encryption and digital signature, these protocols:
- Allow Web browsers and servers to authenticate each other;
- Permit Web site owners to control access to particular servers, directories, files or services;
- Allow sensitive information (e.g., credit card numbers) to be shared between browser and server, yet remain inaccessible to third parties;
- Ensure that data exchanged between browser and server cannot be corrupted - accidentally or deliberately - without detection.
- A key component in the establishment of secure Web sessions via the SSL or S-HTTP protocols is the public key certificate. Without authentic and trustworthy certificates, protocols like SSL and S-HTTP offer no security at all.
Public key certificates
The credentials used to authenticate Web servers and their clients via protocols such as SSL and S-HTTP are called X.509 public key certificates. A public key certificate is analogous to a passport, in that it proves your identity and is authorised by a trusted third party known in the security world as a Certification Authority or CA (see below). In the passport analogy, the CA is similar to the Passport Office, which verifies your identification, creates a recognised and trusted document which certifies who you are, and issues the document to you.
CAs and third-party trust
A Certification Authority (CA) is a trusted authority responsible for issuing certificates used to identify a community of individuals, systems or other entities which make use of a computer network. TicketWeb uses a certificate issued by the Thawte CA. By digitally signing the certificates it issues the CA binds the identity of the certificate owner to the public key within the certificate, and thereby vouches for the trustworthiness of the certificate. Network users possess the CA's own public key certificate (sometimes referred to as the "root key"), and use it to verify others' certificates. In doing so, they have assurance that the public keys in those certificates are the authentic keys of the named subjects, and know that the CA (whom they recognise and trust) vouches for this binding.
The CA plays a crucial role in Web security, since the CA makes a third-party trust relationship possible. In a large, distributed and complex network such as the Web, the third-party trust model is necessary since there are many permutations of dynamic, client-server relationships. Servers and clients may not have an established mutual trust; yet both parties want to have secure sessions, which demands a foundation of trust.
The CA is the missing link which makes trusted Web sessions a reality. Because each party in the session trusts the CA, and because the CA has vouched for each party's identification and trustworthiness by signing their certificates, each party recognises and has implicit trust in the other, so the secure session can proceed without the risk of masquerading. Further, since the two authenticated parties exchange public key certificates, they can encrypt and digitally sign session data, removing the possibility that others may eavesdrop on the session or tamper with data.
Are you experiencing problems?
If you are using an 'old' Browser it is possible that the public key certificate integrated with the Browser could have expired. This could cause messages such as 'The site you are trying to connect to has an invalid security certificate'. If this is the case, it will be necessary to upgrade your Browser:
Bookmark with: