RES300 – 01/04/08 – Internet data encryption
An interesting article:
‘Controlling data access
The prime feature of any violation of security for an e-business is where some unauthorised party reads, and maybe changes, data. One natural way of preventing this happening is to make the transmission medium as secure as possible. Another way is to make the data useless, because it makes no sense to the reader. This is the concept behind encryption, the transformation of data via code or key so that only authorised people can read it.
Box 4.2 Internet data encryption
There are two prime methods of data encryption used with the internet:
Private key (or symmetrical): This is where each party has access to the same key, so that the sender uses this key to codify data before transmission, and the receiver uses the same key to reverse the codification; it is relatively quick but amongst its drawbacks are (a) the potential for one or other party to lose their copy of the key or allow it to be accessed by unauthroised individuals, and (b) the need for e-businesses with large numbers of users and clients to hold vast numbers of such keys.
Public key (or asymmetrical): More popular nowadays (though generally a slower process) involves two different keys; one is a public key that can be used to encrypt the data of a wide range of users, the other is a private key, held only by the e-business, which enables the data to be decrypted. This approach is only possible because certain mathematical functions are non-reversible, but can be further transformed by other functions to yield the original data again; in principle, a hacker with an enormous amount of computing power might be able to retrieve the private key, but as these system often use keys tat are 256 or even 512 bits in length, we are talking years at current computing rates, which clearly makes such an exercise redundant for the purposes of getting quick access to the underbelly of an organisation’s data sets.’
This interesting article was from:
Groucutt, J & Griseri, P. (2004). Controlling data access. Mastering e-business. P 84, 85. Published by Palgrave Macmillan : N.Y.
