How Netscape Invented SSL — and Why the Patent Expired When You Needed It

Every time you see a padlock icon in your browser, you're looking at the legacy of a 1995 Netscape patent. US Patent 5,657,390 — "System and Method for Providing Protocol Translation Between Different Protocols" — was one of the foundational patents for SSL, the technology that made secure e-commerce possible.

Here's how it worked, why it mattered, and what happened when it expired.

---

The problem SSL solved

By 1994, the web was growing fast. Mosaic and then Netscape's browser made it accessible to millions. But there was a fundamental problem: everything sent over the web traveled in plaintext. Your credit card number, your password, your personal information — anyone who could intercept the packets between your browser and a web server could read them.

E-commerce was impossible without a solution.

---

What Netscape built

Netscape's engineers created the Secure Sockets Layer protocol. The core idea: before your browser sends any sensitive data, it first negotiates an encrypted channel with the server. They exchange cryptographic keys, verify each other's identities, and agree on an encryption method — all in a fraction of a second, invisible to the user.

The 1995 patent described the protocol translation layer that made this work transparently across different systems. Your browser speaks one protocol. The server speaks another. SSL sits in the middle and makes them understand each other securely.

---

The patent's life cycle

Filed: 1995 Granted: 1997 Expired: ~2012-2014

By the time the patent expired, SSL had evolved into TLS (Transport Layer Security), and HTTPS had become the standard for the entire web. The patent's expiration didn't change anything visible — but it freed every software developer from licensing concerns and accelerated the global push toward HTTPS-everywhere.

---

What it covers

The patent describes a system for providing protocol translation services between different network protocols, allowing secure communication without requiring both endpoints to speak the same protocol natively. It covers the handshake process, the session key exchange, and the translation layer.

---

The irony

SSL's patent expired just as "HTTPS everywhere" became a real movement — promoted by Google (who started penalizing non-HTTPS sites in 2014), Mozilla, and the Electronic Frontier Foundation. The patent's absence made free SSL certificates (like Let's Encrypt, launched in 2015) possible without licensing complications.

The patent protected the invention long enough for Netscape to commercialize it. Then it expired exactly when the world needed the idea to be free.

Read the full SSL patent breakdown →