S-HTTP (Secure HTTP)

S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files and data on the World Wide Web. Not all Web browsers and servers support S-HTTP.

Another more prevalent technology for transmitting secure communications over the World Wide Web is Secure Sockets Layer (SSL). S-HTTP is easily confused with HTTPS (HTTP over SSL). However, S-HTTP and SSL have very different designs and goals so it is possible to use the two protocols together. Both security protocols can be used by a browser user, but only one can be used with a given document.

A major difference is that S-HTTP allows the client to send a certificate to authenticate the user whereas, using SSL, only the server can be authenticated. S-HTTP is more likely to be used in situations where the server represents a bank and requires authentication from the user that is more secure than a user ID and password. SSL works at a program layer slightly higher than the Transmission Control Protocol (TCP) level. S-HTTP works at the even higher level of the HTTP application. S-HTTP was developed by Enterprise Integration Technologies (EIT), which was acquired by Verifone, Inc. in 1995.