Secure WWW Transactions Using Standard HTTP and Java Applets

Can users access information on the Web securely with their unchanged, normal broswers, and yet without relying on the cryptographic software contained in those browsers? In this paper we show that this is possible, with a communication architecture based on Java applets. This is important, because cryptographic functions need be separated from both the user interface and the communications routines. It must be possible to acquire the source code for the relevant modules and alternative software vendors must be available, in order to avoid hidden trapdoors and undetected implementation problems. Our approach is alternative to solutions at the protocol level (e.g., SSL), because the unchanged HTTP/TCP/IP stack is maintained. Moreover, it does not require the installation of proxies.