Strong Authentication and Privacy
with Standard Browsers

F. Bergadano¹, B. Crispo¹,² and M. Lomas²

¹ Università di Torino, Italy

² University of Cambridge, UK

Abstract

A framework for secure WWW client/server communication is proposed. Strong end-to-end encryption and authentication is achieved by means of public key techniques. A particular certification infra structure is developed that helps assign responsibilities in case of disputes. Such issues are increasingly important in WWW applications and are not dealt with in a satisfactory way by current certification schemes. Actual communication is done with the HTTP protocol unchanged and by using standard commercial browsers, as widespread usability is a goal. Encryption and authentication is done a latere based on the execution of applets running on the client machine.

[Full version of the paper]