HTTPS

HTTPS (Hypertext Transfer Protocol Secure), the secure update of HTTP, uses an authentication process to encrypt the connection between web browsers (or clients) and servers. This process overlays Transport Layer Security (TLS), or what used to be SSL, onto HTTP.

How does HTTPS work?

TLS uses symmetric cryptography to transfer data between a browser and a website. This involves a handshake process that verifies the server’s digital certificate, which provides evidence it can provide a reliable public key. A certificate authority verifies that the server is trustworthy by signing their digital certificate. Once the server has been authenticated, it generates a random session key that encrypts the data transfer between server and browser for the duration of the connection, or session.

HTTPS can also include mutual authentication, where the client or user is required to verify their identity as well. This is important when accessing business accounts or files that should only be viewed by specific users. HTTPS has become so important that some browsers, notably Google Chrome, notify users directly if a browser only uses HTTP. Even so, not all websites (even ones that would benefit from extra security) have adopted HTTPS. The protocol is gaining popularity, even among websites that don’t process transactions or sensitive information.

What is forward secrecy?

Forward secrecy is a feature of HTTPS that further increases security. In the past, an encryption key would be used for multiple browser sessions. If a hacker finally managed to crack the encryption key, which though difficult is possible, they’d have access to all of the web sessions or transactions that used that key. But forward secrecy ensures that every session has its own key. Perfect forward secrecy generates a new encryption key for every new online transaction, even if that’s only a page refresh or a new message within an app.

Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for Webopedia.com, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Related Articles

Multi-factor Authentication (MFA)

Multi-factor authentication (MFA) is an electronic authentication process that provides extra layers of security to an application or service against various cyber attacks. Also...

RSA SecurID

RSA SecurID is multi-factor authentication (MFA) technology used to protect network resources, such as applications and websites. Its purpose is to mitigate risk and...

WPA2-PSK

wirelessThe term WPA2-PSK refers to Wi-Fi Protected Access 2—Pre-Shared-Key or WPA2-Personal, which is used to protect network access and data transmission by using an...

SSL Certificate

A SSL (Secure Socket Layer) Certificate is a digital license that ensures an encrypted data connection between a website or server and users. The...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...