A number of protocols are disclosed for providing simplified security for a series of low-cost transactions carried out between a client and a server within an on-going client-server relationship. A key establishment protocol is used to generate a shared key which will be used by the client and server for the series of transactions. The client generates the shared key as a function of a client identifier, a server identifier and secret client information, encrypts the shared key using a public key of the server, and sends the encrypted shared key to the server. The server responds by incorporating server information into a response which is encrypted using the shared key and sent to the client. The client decrypts the response, verifies that the server has accepted the shared key, and then sends additional client information, such as a credit card number, to the server, using the shared key for encryption. The client may then use the shared key in a series of subsequent transactions with the server. The subsequent transactions may be in accordance with a data delivery protocol in which the client requests information, and the server supplies the information encrypted using the shared key. The server may require that the client demonstrate possession of the shared key before responding to a data delivery request. The generation and use of the shared key may be made substantially transparent to the client through the use of a client-side web proxy.