When you use an encryption method, information submitted using Web fill-in forms, including user names, passwords,adress, phone and other confidential information, can be transmitted securely to and from the Web server.
A wide range of proposed and/or partially implemented encrypt solutions for the Web exist, but most are not ready for prime time. Of the several methods, only the Secure HTTP (S-HTTP) and Secure Socket Layer (SSL) protocols have emerged in anything like full-blown form. Unfortunately, the two are implemented mutually exclusively, though compatibility is possible. Worse, Web browsers and servers that support oneof this method don't support the other, so you can reliably use one or the other only if you carefully match your Web server and customers' browsers.
S-HTTP
Secure HTTP was developed by Enterprise Integration Technologies and RSA Data Security, and the public S-HTTP standards are now managed by CommerceNet, a not-for-profit consortium that is conducting the first large-scale market trial of technologies and business processes to support electronic commerce over the Internet. S-HTTP is a modified version of the current HTTP protocol. It supports the following:
-User and Web server authentication using digital signatures, and signature keys using both the RSA and MD5 algorithms
-Privacy of transactions, using several different key-based encryption methods
-Generation of key certificates for server authentication
-As with SSL, you must have a compatible Web server and browser that both support S-HTTP transactions in order to use this technology. IIS 1.0 supports only SSL.
SSL
S-HTTP seems to have been engulfed in the 1995 Netscape tidal wave. Unwilling to wait for widely accepted HTTP security standards to evolve (as it was with HTML as well), Netscape Communications Corporation developed its own Secure Sockets Layer encryption mechanism. SSL occupies a spot on the ISO seven-layer network reference below that of the HTTP protocol, which operates at the application layer. (See Table 10.1.) Rather than developing a completely new protocol to replace HTTP, SSL sits between HTTP and the underlying TCP/IP network protocols and can intervene to create secure transactions. Netscape makes the technical details of SSL publicly available. In addition, C-language source code for a reference implementation of SSL is freely available for non-commercial use. Microsoft includes SSL support in both IIS and Internet Explorer.
Home
Contact Us
