Cryptography - Secure HTTP

Introduction to S-HTTP

S-HTTP (Secure HTTP) is a process that protects HTTP transactions and is based on an improvement to the HTTP protocol that was made in 1994 by EIT (Enterprise Integration Technologies). It makes it possible to establish a secure connection for e-commerce transactions by encrypting messages to guarantee customers that their bank card numbers and other personal information will remain confidential. One implementation of S-HTTP was developed by the company Terisa Systems to include a secure connection on web servers and browsers.

How S-HTTP works

Unlike SSL, which works on transport layers, S-HTTP guarantees message-based security using the HTTP protocol, by individually marking HTML documents with certificates. Whereas SSL is independent of the application used and encrypts all of the communication, S-HTTP is closely related to the HTTP protocol and individually encrypts each message.

S-HTTP messages are based on three components:

  • The HTTP message
  • The sender's cryptographic preferences
  • The recipient's preferences

As such, to decrypt an S-HTTP message, the message's recipient analyzes the message's headers to determine the type of method that was used to encrypt the message. Then, based on his current and past cryptographic preferences and on the sender's past cryptographic preferences, he is able to decrypt the message.

The complementary nature of S-HTTP and SSL

When SSL and S-HTTP were competitors, many people realized that the two security protocols were complementary, given that they do not work at the same level. SSL guarantees a secure internet connection whereas S-HTTP guarantees secure HTTP exchanges.

As a result, the company Terisa Systems, specialized in network protection, made of RSA Data Security and EIT, developed a development kit making it possible for developers to develop Web servers implementing SSL and S-HTTP (SecureWeb Server Toolkit), as well as Web clients using these protocols (SecureWeb Client Toolkit).

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
Related
This document, titled « Cryptography - Secure HTTP », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).

Subscribe To Our Newsletter!

The Best of CCM in Your Inbox

Subscribe To Our Newsletter!