The HTTPS protocol is a more secure method of data transmission than the HTTP Protocol. The data packets that transfer back and forth between your browser and the websites server are not encrypted with the standard HTTP Protocol. This means they are in plain text and if they were intercepted by an intruder, all the information would be readily visible. With HTTPS all the data packets are encrypted using SSL (Secure Socket Layer) or TLS (Transport Layer Security). This means that the information contained within the data packets are coded and can only interpreted if certain conditions are met. The actual encryption and decryption process is quite technical and beyond the scope of this course.
An SSL layer can be created by installing a security certificate on the web server that host's the website. A security certificate can be purchased from a reputable vendor that will verify information about the domain and registrant. If the registrant of the domain name is a business, then additional validation documents may also be required. The verification process differs from each vendor and more reputable vendors will likely require more information. There are also different types of certificates. A high level security certificate is known as the Extended Validation Certificate (EV). It generally takes the most time to acquire and requires very detailed validation prior to issuance.
This diagram offers an illustration of how the encryption process works: