When visiting a website, students are often told to “look for the padlock.” In IB Computer Science, that padlock represents HTTPS, the protocol that allows websites to communicate securely. Students are expected to understand what HTTPS is, why it is used, and how it protects data during transmission.
IB examiners focus on conceptual understanding, not low-level protocol details.
What Is HTTPS?
HTTPS (HyperText Transfer Protocol Secure) is a secure version of HTTP.
HTTPS:
- Encrypts data sent between a browser and a web server
- Protects data from interception
- Verifies website identity
In IB terms, HTTPS provides:
- Confidentiality
- Integrity
- Authentication
Why HTTP Alone Is Not Secure
Standard HTTP:
- Sends data in plaintext
- Can be intercepted by attackers
- Does not verify website identity
This means:
- Passwords can be stolen
- Data can be modified
- Users can be redirected to fake websites
HTTPS exists to solve these problems.
How HTTPS Works (Conceptually)
HTTPS combines:
- Encryption
- Digital certificates
- Public Key Infrastructure (PKI)
The process works conceptually as follows:
- The browser connects to a website
- The website presents a digital certificate
- The browser verifies the certificate
- A secure encryption method is agreed
- Encrypted communication begins
IB students should describe the sequence, not protocol names.
The Role of Digital Certificates
Digital certificates are essential to HTTPS.
They:
- Confirm the identity of the website
- Prevent impersonation
- Allow secure key exchange
Certificates are issued by:
- Trusted Certificate Authorities (CAs)
If a certificate cannot be verified:
- Browsers display warnings
This protects users from fake or malicious sites.
Encryption in HTTPS
HTTPS uses encryption to protect data.
Conceptually:
- Asymmetric encryption establishes trust
- Symmetric encryption is used for data transfer
This approach:
- Keeps data confidential
- Is efficient for large data transfers
IB students should understand that encryption ensures privacy, not anonymity.
Data Integrity and HTTPS
HTTPS also ensures data integrity.
This means:
- Data cannot be modified in transit
- Changes would be detected
Integrity protection prevents:
- Injection attacks
- Data tampering
IB examiners often expect students to mention integrity alongside confidentiality.
Authentication and Trust
HTTPS authenticates websites by:
- Verifying certificates
- Linking domains to public keys
This ensures:
- Users are communicating with the intended site
- Not an impostor
Authentication builds trust in online systems.
Why HTTPS Is Important in Real Systems
HTTPS is essential for:
- Online banking
- Login systems
- E-commerce
- Secure communication
Modern browsers increasingly block or warn against HTTP-only sites.
Common Student Mistakes
Students often:
- Say HTTPS only encrypts passwords
- Ignore authentication
- Confuse HTTPS with VPNs
- Describe HTTPS too vaguely
Clear explanations of why HTTPS exists score higher.
How This Appears in IB Exams
IB questions may ask students to:
- Explain what HTTPS does
- Describe how secure websites work
- Identify benefits of HTTPS
- Apply HTTPS to a scenario
Explanation and justification matter more than technical detail.
Final Thoughts
HTTPS secures web communication by combining encryption, digital certificates, and trusted verification. It protects data from interception, ensures website authenticity, and maintains data integrity.
Understanding how HTTPS works allows IB Computer Science students to explain secure online communication clearly and confidently — exactly what examiners expect.
