Strong authentication and privacy with standard browsers

A framework for secure WWW client/server communication is proposed. Strong end-to-end encryption and authentication is achieved by means of public key techniques. A particular certification infrastructure is developed that helps assign responsibilities in case of disputes. Such issues are increasingly important in WWW applications and are not dealt with in a satisfactory way by current certification schemes. Actual communication is done with the HTTP protocol unchanged and by using standard commercial browsers, because widespread usability is a goal. Encryption and authentication is done separately based on the execution of applets running on the client machine.