Encrypt web pages against unauthorized access and use
What is web page encryption?
Web page encryption is a technique for encrypting (making secret) information carried on a web page. See also HTML encryption.
Of course, web page encryption, on its own, is not very interesting. That is because encryption, on its own, does not provide all the answers. You can encrypt a web page so that only the person or people you have determined can have access to it, but that does not allow the sender to impose any controls on the use of the content after it has been decrypted.
Web page encryption and rights management
Controlling web content access, preventing sharing & misuse
Control (or lack of) after a web page has been decrypted is an interesting aspect of web page encryption that differentiates it from rights management. Classical cryptography is utterly brilliant at creating secrets. It is used by government and the banks to ensure that information remains secret from those who are not entitled to see it. The thing is that encryption does not control how information is used after it is decrypted. What it does do is protect it from being used at all by anyone who is not authorized.
So web page encryption may suit some purposes, but may not be suitable in all instances. Whilst banks may have staff who can be trusted (although if we read the security reviews the major threat is the people inside rather than the people outside) it is not always clear that all the recipients of web page encryption can be ‘trusted’ to obey the rules that the web page provider wishes to have followed.
Web page encryption allows a publisher to ensure that only the people who have been authorized are able to make use of the information that is protected. And that can be extremely important. Web page encryption is one of the most important security techniques available and least used today for the protection of information. Although it has the potential to be able to allow companies to make ‘publicly’ available information that only the approved people can see nobody actually uses that kind of service.
Web page encryption and SSL
Web page encryption allows absolute control over who is able to receive and use information on a web page. It must NOT be confused with SSL, which does not control anything at all, except the transfer of information. It does not prove where information came from, or who it is for. It is no real security at all compared to real web page encryption, and is a most unfortunate service because it has been misrepresented by some sections of the IT security industry as providing security when it is delivering a mere illusion to both the sender and the recipient.
There are plenty of warnings delivered by security experts about ‘security by obscurity’. Well, SSL is the ultimate in delivering a con. You should not blame the people who developed the standard. They made it utterly clear what their standard did and did not do. But do feel free to blame industry PR hype that has claimed that SSL provides a security that it does not, and has glossed over what it does not do. If it was real security we would not have identity theft of credit card transactions. But the fact of the matter is that as soon as SSL protected information arrives at a web site it is available for anyone to see (especially the hacker) and is stored on the web server in the unprotected form in which it arrives. In fact, it is actually impossible for the web site owner to use the SSL protection to continue to protect the content they receive. So web page encryption requires significantly more than SSL.
And even if you are using web page encryption, you can be absolutely certain that your information is not being protected at all if you are not using digital rights management controls in addition to web page encryption because you have no way of ensuring, even if you are using web page encryption, that your rules for the use of the information you are protecting must actually be followed.