Protect Your Identity
Firewalls and Filtering Routers
Trusted Operating Systems

What's cryptography?

All cryptography involves encrypting the bits, or zeros and ones, that make up messages, with very large numbers called "keys." Until recently, the most common way to send secure messages was with a symmetric key. The same key would be used to both encrypt and decrypt the message. Because both the sender and receiver needed to know the same key, it had to be sent too and could end up stolen. On the other hand, asymmetric, or public-key, cryptography uses separate keys to encrypt and decrypt secure messages. Nothing except the encrypted message has to be sent for the transaction to be secure.

How does public-key cryptography work?

To use public-key cryptography, you need a "key pair," made up of a "public key"; and a "private key." The public key should be made publicly available, but only you ever need to know your private key. The two keys in this key pair are related so if one key encrypts a message, only the other key from that unique key pair can decrypt it. This means that a message encrypted with your public key can't be decrypted with that same public key. It's also next to impossible to use your public key to figure out your private key. It would take a supercomputer decades to compute a private key from a public key. Private keys can be kept on a computer's hard drive, encrypted with a password or stored on cards used with a special reader connected to a computer.

What information should be encrypted?

Many messages crossing the Internet don't need to be encrypted. For example, L.L Bean and one of its customers wouldn't need to conceal from "snoopers" the number and size of socks you're ordering, but they would want to conceal your credit card number and make sure that your order isn't altered while it's being sent.

How can businesses use cryptography?

Businesses can use cryptography to protect you three different ways. They can positively identify you, so that only you can make any transactions affecting your accounts. Businesses can also protect the security of your confidential information. Lastly, they can make sure information isn't altered while being sent across the Internet.

To be sure who you are, a business can use digital signatures. A digital signature is a message that you send to the business encrypted with your private key. When the business decrypts the message with your public key, it knows that only you could have sent the message.

Businesses can also use cryptography to protect the security of your confidential information. When you send an order to L.L. Bean, the parts of the order that are confidential are encrypted using L.L. Bean's public key. After the order is received, L.L. Bean uses its private key to decrypt the parts that are confidential. Because L.L. Bean's private key is the only one that can decrypt your confidential information, you can be sure that nobody else can see it. At the same time, L.L. Bean can send you information encrypted with your public key and only you would be able to decrypt it, using your private key. When speed is important, symmetric cryptography can be used along with public-key cryptography. Long messages encrypted with public and private keys can end up being very large and slow down the data transmission process. To speed things up, you and the business can exchange a symmetric "session key" using public and private keys and then carry on the rest of your transaction using symmetric key cryptography, which is much faster.

Finally, a business can make sure information isn't altered by anyone else as it gets sent across the Internet. This is done by using cryptographic hashes. Cryptographic hashes are numbers assigned to a message based on its length and the way it looks to the computer. They are encrypted and sent along with the message. When the message is received, the receiver makes another cryptographic hash of the message that arrived and compares it to the hash attached to it. If the two numbers are different, the message was tampered with and needs to be sent again.