Français | Contact Us | Help | Search | Canada Site | ||||||
Home | Site Map | What's New | About Us | Registration |
SME Direct Technology and Operations Security Security Solutions | ||||||||||||||
|
Security Solutions: Encryption
Encryption is part of a larger process of encoding and decoding messages to keep information secure. This process, though commonly called encryption, is more correctly called cryptography, is the use of mathematical transformations to protect data. Cryptography is primarily a software-based solution and, in most cases, should not include significant hardware costs. It is a key tool in protecting privacy as it allows only authorized parties to view the data. Encryption is also used to ensure data integrity, as it protects data from being modified or corrupted. Key Elements in CryptographyThere are the four essential elements in cryptography:
Private and Public Key EncryptionIn traditional cryptography, the same key is used to both encrypt and decrypt a communication. This is known as "private key" encryption. It is a symmetrical system because both encoding and decoding parties have the same key. The challenge is in giving the recipient the key to decode the message safely. To meet this challenge, public key systems were developed. They use two separate keys, one public and one private. This has proven to be well suited to Internet use, as it avoids the difficulty of transmitting the symmetrical key securely. The public key can be published and distributed widely with no need to expose the private key. Public Key EncryptionIn public key or asymmetrical cryptography, one key is made public, and the other is held in private. Data encrypted with a public key can only be decrypted using the private key. The standard procedure for this type of encryption is:
The public key can be publicly distributed at will, often by posting it to Web sites, placing it in a central network directory or emailing it to potential users. The private key is held in confidence and protected by its owner. For practical purposes, if the encrypted document is intercepted, the code can't be cracked. While, in theory, the code could be cracked, in reality the hardware and time required to crack a 512-bit encrypted code is so great that it is not feasible. The level of encryption should be proportional to the sensitivity of the data. Implementing EncryptionCompanies wishing to use public key encryption systems can purchase key generation software and certificate management servers, or outsource these functions to a vendor. Outsourcing may be the fastest to set up and the most cost-effective solution for smaller organizations. Purchasing a server may be most appealing for large Intranet applications because it avoids per-certificate charges and may provide more flexibility in managing directory-based access for employees. Certificate AuthorityThe use of the public key encryption ensures privacy and data integrity. No one can read or tamper with the message en route or in storage until it is decrypted. But there is one other important step in the use of public key encryption: authentication. The person using a public key wants to be certain that the person with whom they want to communicate is holding the private key. Authentication is done by having public/private key pairs registered with a Certificate Authority who, like a notary public in the paper world, bears the responsibility for verifying that a certain public key belongs to a specific individual, and issues a digital certificate to that effect. Web users wishing to use public key encryption can obtain key pairs for general use and register them by visiting the Web site of a certificate authority then following their online procedure. Generally, there is no cost for personal use, but there is a fee for the administration of certificates for commercial purposes. Users may require several certificates, for example, one issued in association with a credit card for secure purchases on the Internet, one for a Web browser, one for signing and securing email, and another for logging in to a company network. There is software, such as digital wallets and browser plug-ins, for managing digital certificates and key pairs. |
Created: 2006-10-16 Updated: 2007-08-10 |
Top of Page |
Important Notices |