EIT and its partners have defined a standard called Secure Hypertext
Transfer Protocol, or Secure HTTP, for use in tools like Secure NCSA
Mosaic. The standard calls for extensions to the Web's basic HTTP
protocol to support needed security features Secure HTTP relies on
public-key encryption technology patented by RSA Data Security (see
Section 3.3).
How can users expect to cope with the encryption and authentication
process, which at first glance seems to be enormously complicated? In
theory, most of the details of the process are hidden to the end user.
A customer buys some sort of secure Mosaic package from a seller of
Internet products -- perhaps from his or her Internet service provider.
The package is preconfigured to work with a given public-key encryption
certifying authority (which verifies that the alleged owner of a public
key is genuine). The user installs the package on his or her computer,
and begins using it to browse the Web. When the user encounters a
product catalog, and begins taking advantage of the security features,
most of the details are handled by software.
By analogy, consider how you use an automated teller machine. A
complicated protocol has been defined by the banking industry to handle
transactions, but the mechanics of that protocol are hidden from you.
All you need to know is how to insert your card, type your personal
identification number, and request transactions. Ideally, a Secure
Mosaic tool will offer the same level of simplicity.
The Terisa Systems approach is by no means the only mechanism for securing Mosaic or for conducting commerce on the Internet. A number of firms have announced plans for Internet secure-transaction schemes.