In simple terms, knowing the identity of the person who is trying to do some business with you. Passwords are the most primitive method of doing that. However, passwords can be stolen and misused. Often, stricter authentication like digital certificates, smart cards, etc., are required.

Confidentiality

The Internet is open to all. It is difficult to know the identity of people who use the Net. Keeping information out of the reach of people who are not authorised to have it, is what confidentiality seeks to achieve. Encryption is the most popular method to do that.

Information Integrity

Once a document is created, it needs to be kept intact. Alterations could mean serious financial and legal implications.

Non-repudiation

Making sure that a deal is a deal. Non-repudiation means that a party cannot deny having agreed to or sent a document. Just imagine a situation wherein a person buys 1000 shares of a high premium stock and the next day, when the share price crashes, denies having bought that. The loss to the broker could run to lakhs.

Trust Infrastructure: Public Key Cryptography

The TINA factor of e-business is increasing day by day. There is no other option but to make this business as hassle-free and secure as possible. One way of building a high-trust e-business infrastructure that is increasingly getting popular, is what is called the public key cryptography.

Cryptography uses mathematical algorithms to encrypt and decrypt data. Public key cryptography is a method where a pair of large numbers is used as keys to encrypt and decrypt data. One key, with the owner (sender), is called the private key, this is known only to himself; and the other, called public key is distributed to others. This pair of keys is such that a document that has been locked by one can only be unlocked by the other.

A sender uses his private key to encrypt the message and appends this encrypted data to the message. This is called digital signature. The receiver uses the public key of the sender to decrypt the message as well as to verify the identity of the sender. This solves the problem of authentication, message integrity and non-repudiation.

Though this solves a lot of problems, there still remains a major gap. That is, even after being sure about the electronic identity of a person, how do we make sure that the electronic identity of the sender is the same as what he claims to be? This problem is addressed by digital certificates. Based on a popular standard called X.509, digital certificates are issued by a trusted third party called the Certification Authority (CA), and bind the actual identity of a person/company to their/its electronic identity.

The process of digital certificates establishing secure transactions is called public key infrastructure (PKI). Today, PKI is becoming the most preferred security mechanism.