Hypertext Transfer Protocol (http) is a system for transmitting and receiving

information across the Internet. Http serves as a request and response procedure
that all agents on the Internet follow so that information can be rapidly, easily,
and accurately disseminated between servers, which hold information, and clients,
who are trying to access it. Http is commonly used to access html pages, but other
resources can be utilized as well through http. In many cases, clients may be
exchanging confidential information with a server, which needs to be secured in
order to prevent unauthorized access. For this reason, https, or secure http, was
developed by Netscape corporation to allow authorization and secured transactions.

In many ways, https is identical to http, because it follows the same basic
protocols. The http or https client, such as a Web browser, establishes a
connection to a server on a standard port. When a server receives a request, it
returns a status and a message, which may contain the requested information or
indicate an error if part of the process malfunctioned. Both systems use the same
Uniform Resource Identifier (URI) scheme, so that resources can be universally
identified. Use of https in a URI scheme rather than http indicates that an
encrypted connection is desired.

There are some primary differences between http and https, however, beginning with
the default port, which is 80 for http and 443 for https. Https works by
transmitting normal http interactions through an encrypted system, so that in
theory, the information cannot be accessed by any party other than the client and
end server. There are two common types of encryption layers: Transport Layer
Security (TLS) and Secure Sockets Layer (SSL), both of which encode the data
records being exchanged.

When using an https connection, the server responds to the initial connection by
offering a list of encryption methods it supports. In response, the client selects
a connection method, and the client and server exchange certificates to
authenticate their identities. After this is done, both parties exchange the
encrypted information after ensuring that both are using the same key, and the
connection is closed. In order to host https connections, a server must have a
public key certificate, which embeds key information with a verification of the key
owner's identity. Most certificates are verified by a third party so that clients
are assured that the key is secure.

Https is used in many situations, such as log-in pages for banking, forms,
corporate log ons, and other applications in which data needs to be secure.
However, if not implemented properly, https is not infallible, and therefore it is
extremely important for end users to be wary about accepting questionable
certificates and cautious with their personal information while using the Internet.