Cryptography - Secure HTTP

December 2016

Introduction to S-HTTP

S-HTTP (Secure HTTP) is a process that protects HTTP transactions and is based on an improvement to the HTTP protocol that was made in 1994 by EIT (Enterprise Integration Technologies). It makes it possible to establish a secure connection for e-commerce transactions by encrypting messages to guarantee customers that their bank card numbers and other personal information will remain confidential. One implementation of S-HTTP was developed by the company Terisa Systems to include a secure connection on web servers and browsers.

How S-HTTP works

Unlike SSL, which works on transport layers, S-HTTP guarantees message-based security using the HTTP protocol, by individually marking HTML documents with certificates. Whereas SSL is independent of the application used and encrypts all of the communication, S-HTTP is closely related to the HTTP protocol and individually encrypts each message.

S-HTTP messages are based on three components:

  • The HTTP message
  • The sender's cryptographic preferences
  • The recipient's preferences

As such, to decrypt an S-HTTP message, the message's recipient analyzes the message's headers to determine the type of method that was used to encrypt the message. Then, based on his current and past cryptographic preferences and on the sender's past cryptographic preferences, he is able to decrypt the message.

The complementary nature of S-HTTP and SSL

When SSL and S-HTTP were competitors, many people realized that the two security protocols were complementary, given that they do not work at the same level. SSL guarantees a secure internet connection whereas S-HTTP guarantees secure HTTP exchanges.

As a result, the company Terisa Systems, specialized in network protection, made of RSA Data Security and EIT, developed a development kit making it possible for developers to develop Web servers implementing SSL and S-HTTP (SecureWeb Server Toolkit), as well as Web clients using these protocols (SecureWeb Client Toolkit).


Related :


Criptografía - HTTP Seguro
Criptografía - HTTP Seguro
Cryptographie - Secure HTTP
Cryptographie - Secure HTTP
Crittografia - Secure HTTP (S-HTTP)
Crittografia - Secure HTTP (S-HTTP)
Criptografia - Secure HTTP
Criptografia - Secure HTTP
This document entitled « Cryptography - Secure HTTP » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.