Encryption


Many people are too frightened to do business on the Web. Customers are worried that the wrong people may get hold of their credit card details and take money out of their accounts. Vendors are worried that customers will not honour the contracts they have made electronically. These problems can be solved using modern encryption techniques.[Schneir,1998].

Cryptography is the science of ciphers. A cipher is a set of rules that produces a message that is unreadable except to someone who knows the rules. In a typical exchange, the sender encrypts a message using the recipients' public key, which is broadly available, and then sends the encrypted message. The recipient decrypts the message using a responding private key, which always remains private.

But there is a problem. How does the sender know that the public key used to encrypt the message belongs to the intendend recipient? Certificate authorities are the solution, and they are third party organizations that authenticates on line entities. These certificate authorities have been in general technology companies that specialize in information security.

Recently, banks are entering the certificate authority market. They investigate, validate and authenticate on line entities, and then publish certificate bound to the public keys of those they authenticate. Their seal of authenticity enhances the level of trust between parties; therefore, reducing the level of risk when those parties do business again.[2].

Useful links of information on Encryption

Pang, Albert(1998, Nov.23) Security Briefing. Zdnet [On line]
http://www.zdnet.com/icom/e-business/1998/10/981023security/index.html[back to text]

Rodger, Bill (1998, July 17) Group cracks DES code, changes enctypto debate. Znet [On line]
http://www.zdnet.com/zdnn/stories/zdnn_smgraph_display/0,3441,2120610,00.html[back to text]

Private company website report. Organization for economic co-operation & development. Cryptography Policy: Guidelines & issues. [On line] updated: March, 1998.
http://www.oecd.org/dsti/sti/it/ec/act/ec-activ.htm#Security[back to text]

Private company webite. Where can I learn more about cryptography standards? RSA Laboratories.
(no date). http://www.rsa.com/rsalabs/faq/html/8-5.html[back to text]

References

Schneir, Bruce. Why cryptography is harder than it looks? Private company website. Counterpane Systems, Inc. Computer security and cryptography consultant.[last revised 11/8/98] [On line] http://www.counterpane.com/whycrypto.html[back to text]

[2] Douglas, John and Crocker, Thomas. A decision letting bank subsidiaries act as certification authorities for verification. The National Law Journal, Feb.16,1998. v20. col1 [74 col][back to text]