Data encryption refers to the process of transforming electronic information into a scrambled form that can only be read by someone who knows how to translate the code. Encryption is important in the business world because it is the easiest and most practical method of protecting data that is stored, processed, or transmitted electronically. It is vital to electronic commerce, for example, because it allows merchants to protect customers' credit card numbers and personal information from computer hackers or competitors. It is also commonly used to protect legal contracts, sensitive documents, and personal messages that are sent over the Internet. Without encryption, this information could be intercepted and altered or misused by outsiders. In addition, encryption is used to scramble sensitive information that is stored on business computer networks, and to create digital signatures to authenticate e-mail and other types of messages sent between businesses.
Encryption comes from the science of cryptography, which involves the coding and decoding of messages in order to protect their contents. Modern computer technology has vastly increased the complexity of encryption—which is usually accomplished using complicated mathematical principles—as well as the ability of people to break codes. A wide variety of data encryption programs are available on the Internet. In fact, encryption programs are already incorporated in many Web browsers, e-mail systems, and operating systems. Computer security experts stress that small businesses should take advantage of the availability of encryption programs to protect their data, particularly when it is transmitted over the Internet. Some business owners make the mistake of believing that their information will be lost in the huge sea of data flowing through the Internet, or of assuming that no one would be interested in their messages. But it is very easy for outsiders to gain access to unprotected data, and it only takes one unscrupulous individual to create tremendous problems for a company.
The most popular use of encryption is in electronic commerce. The majority of retailers who do business online use data encryption programs to protect their customers' private financial data. Despite the occasional story of hackers stealing credit card numbers, online retailers claim that making purchases over the Internet is as safe as handing a credit card to a waiter at a restaurant. "The types of encryption methods in place today are practically unbreakable by any reasonable means," said John Browne of Microsoft in Chain Store Age Executive. "Retailers need to understand that consumers will want to shop on the Internet and that it is an excellent place for merchandising." When a customer makes a purchase online, their financial data is automatically encrypted by a program built into their Web browser. Then the encrypted data is transmitted safely to the merchant, who is able to decrypt it using a key. In general, this entire process is accomplished with the click of a mouse button and is transparent to both the consumer and the merchant.
TYPES OF ENCRYPTION PROGRAMS
There are two main types of data encryption systems. In the first—which is variously known as private key, single key, secret key, or symmetric encryption—both the sender and the recipient of the data hold the same key for translation. This single key is used both to code and decode information that is exchanged between the two parties. Since the same key is used to encrypt and decrypt messages, the parties involved must exchange the key secretly and keep it secure from outsiders. Private key encryption systems are usually faster than other types, but they can be cumbersome when more than two parties need to exchange information.
The second, and more commonly used, type of data encryption system is known as a public key system. This type of system involves two separate keys: a public key for encoding information; and a private key for decoding information. The public key can be held and used by any number of individuals and businesses, whereas only one party holds the private key. This system is particularly useful in electronic commerce, where the merchant holds the private key and all customers have access to the public key. The public key can be posted on a Web page or stored in an easily accessible key repository. Public key encryption systems are widely available on the Internet and are heavily utilized by large companies like Lotus and Microsoft.
The best-known data encryption program is called RSA. It was developed in the late 1970s by three graduates of the Massachusetts Institute of Technology—Ronald Rivest, Adi Shamir, and Leonard Adleman. As of 2000, there were 300 million copies of the RSA encryption program installed on computer systems worldwide. RSA scrambles data based on the product of two prime numbers, each of which are 100 digits long. RSA is as a public key encryption system, meaning that many people can use it to encode information, but only the person who holds the key (or knows the value of the two prime numbers) can decode it again. RSA is embedded in hundreds of popular software products, including Windows, Netscape Navigator, Quicken, and Lotus Notes. It is also available as a free download from the World Wide Web.
A number of other data encryption programs enjoy wide use as well. Examples include Pretty Good Privacy (PGP), which is considered easy to use; Secure Sockets Layer (SSL), which is used by many companies that accept online credit card orders; Secure Electronic Transactions (SET), another popular method of handling credit card purchases that is backed by Visa, Mastercard, Microsoft, IBM, and other major players in electronic commerce; and Data Encryption Standard (DES), which was invented by IBM in the 1970s and became the U.S. government standard.