Coding or encryption techniques, as old as writing, have been used for thousands of years to maintain confidentiality. Although encryption is primarily used for protecting the integrity of messages, it can also be used to complement data access controls. There is always some chance that people will circumvent authentication controls and gain unauthorized access. To counteract this possibility, encryption can be used to obscure the meaning of data. The intruder cannot read the data without knowing the method of encryption and the key.
Societies have always needed secure methods of transmitting highly sensitive information and confirming the identity of the sender. In an earlier time, messages were sealed with the sender's personal signet ring–a simple, but easily forged, method of authentication. We still rely on personal signatures for checks and legal contracts, but how do you sign an e-mail message? In the information age, we need electronic encryption and signing for the orderly conduct of business, government, and personal correspondence.
Internet messages can pass through many computers on their way from sender to receiver, and there is always the danger that a sniffer program on an intermediate computer briefly intercepts and reads a message. In most cases, this will not cause you great concern, but what happens if your message contains your name, credit card number, and expiration date? The sniffer program, looking for a typical credit card number format of four blocks of four digits (e.g., 1234 5678 9012 3456), copies your message before letting it continue its normal progress. Now, the owner of the rogue program can use your credit card details to purchase products in your name and charge them to your account.
Without a secure means of transmitting payment information, customers and merchants will be very reluctant to place and receive orders, respectively. When the customer places an order, the Web browser should automatically encrypt the order prior to transmission–this is not the customer's task.
Credit card numbers are not the only sensitive information transmitted on the Internet. Because it is a general transport system for electronic information, the Internet can carry a wide range of confidential information (financial reports, sales figures, marketing strategies, technology reports, and so on). If senders and receivers cannot be sure that their communication is strictly private, they will not use the Internet. Secure transmission of information is necessary for electronic commerce to thrive.
- 1515 reads
