Many large internet product developers agreed to use encryption protocol known as Secure Sockets Layer (SSL) developed by Netscape for transmitting private documents over the internet. SSL works by using a private key to encrypt data that is transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use this protocol to obtain confidential user information, such as credit card numbers. The protocol, layered between application-level protocols such as HTTP and TCP/IP transport-level protocol, is designed to prevent eavesdropping, tampering, and message forgery. Since SSL is layered under application-level protocols, it may be used for other application-level protocol such as FTP and NNTP.
Another protocol for transmitting data securely over the Web is Secure HTTP(S-HTTP), as modified version of the standard HTTP protocol. S-HTTP was developed by Enterprise Integration Technologies (EIT), which was acquired by Verifone, Inc. in 1995. Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been submitted to the Internet Engineering Task Force (IETF) for approval as standards. By conventions, Web pages that require an SSL connection starts with https: instead of http:. Not all Web browsers and servers support SSL/S-HTTP.
Basically, these protocols allow the browser and server to authenticate one another and secure information that subsequently flows between them. Through the use of cryptographic techniques such as encryption, and digital signatures, these protocols :
• Allow Web browsers and servers to authenticate each other;
• Permit Web site owners to control access to particular servers, directories, files, or services;
• Allow sensitive information (for example, credit card numbers) to be shared between browser and server, yet remain inaccessible to third parties
• Ensured that data exchanged between browser and server is reliable, that is, cannot be corrupted either accidentally or deliberately, without detection.

A key component in the establishment of secure Web sessions using SSL or S-HTTP protocols is the digital certificate, discussed above. Without authentic and trustworthy certificates, protocols like SSL and S-HTTP offer no security at all.