Running Secure Applet Model The running secure applet model we are presenting is a demo of a front-end to a B2C or a B2B application. It consists of the following code:         1. HTML Web page code         2. JavaScript code         3. Applet code. The HTML page has JavaScript code that creates a new window. Inside the new window, another HTML page with an applet is being called. The applet reads the user name and password. It returns the name as string to JavaScript code with the “Name:” string preceding it. It also returns the password as a string with the “Password:” string preceding it, but the string characters are in the reverse order. This demonstrates how applets are used to get user information, changes/masks it and returns to the HTML code through the embedded JavaScript code. The demo has two buttons for calling and closing the applet and a text area to show the client name and password passed back from the applet. It also has a text field to show user’s input as it is entered. Run Secure Applet Model What is security? Security on the Web is the ability to transfer data from a client side to a server without being accessed by another server. The problem with data being transferred on the Web is that data is packaged and transferred to the intended server, but it may go through a number of other servers to get to the intended server. For example, if you transfer data from ATT to Sun Corporation, the data may go through an IBM server and other servers to get from ATT server to Sun server. Every server that is helping with the routing of the transfer can have a copy of that data. This means that other people can process your important information as well. What is the answer to the security problem and what is available? There are a number of methods used to provide security and the most popular is secure HTTP server. Using Applets to secure data Applets are user-side Java programs, which means that the browser runs the applets and almost all the browsers support applets. Applets are byte-code (executable Java code) running on the user side and there are no HTTP values passed when applets are running or called. To create a secure link using applets is to have the HTML web page calls an applet, and then the applet reads the secure client information and masks it and/or changes it. The applet passes it to the HTML web page, which submits it to a server-side program. The submitted information is masked and received by the server-side program, which unmasks it and put it to good use. For example, if a HTML web page wants to read the social security number of a client (SS#). It cannot read it into a field and submits SS# to a server-side program waiting for it. The submission is not secure. The answer is to have the HTML web page call an applet. The applet would be running on the client-side and the browser will be interpreting or running the applet. The applet is a byte-code and secure. The applet prompts the client for SS#, masks it and hands it to the HTML web page, which would submit to the server-side program. The server-side program would unmask the submitted information and use it. The submission of the masked SS# is not secure, the masked SS# is not of any value unless it is unmasked. The masking process can be implement in many different ways and uses different schemes and the sky is the limit when it comes to masking.