Secure E-Commerce: Understanding the Public Key Cryptography Jigsaw Puzzle

oday almost all organizations use the Internet extensively for both intraand inter-organizational communications. The Internet is also the exclusive vehicle for E-commerce transactions involving customers and other business partners. This eliminates the significant infrastructure costs of private data communications networks and enables even small companies to participate in E-commerce. However, extensive use of public media for transferring sensitive data poses serious security challenges. One of the main weapons in overcoming these challenges is public key cryptography. Although public key cryptography is extensively used today, relatively few people (managerial and technical) understand its essence, preferring to leave that to the specialists. Although the intricate technical details are best left to the specialists, a solid understanding of the broad picture is necessary and well within the reach of everyone. This article sets out to convey just such an understanding. BASICS OF SECRET COMMUNICATIONS Perfectly secure communication is impossible in theory. It is always a possibility for any message to fall into the wrong hands. The practical approach is to reduce the likelihood of this happening to acceptably small levels. Nowadays encryption is the main approach to keeping communications secret. A message being communicated ( plaintext ) is encrypted in such a way that the encrypted message ( ciphertext ) can be understood only if it is decrypted. Clearly, the message is secret only to the extent that decrypting the ciphertext is difficult. A message can be encrypted in several ways. A procedure to encrypt a message is called a cipher . A trivial (and not very secure) example of a cipher is one that reverses the characters in a message. The recipient of the message, if aware of how the message has been encrypted, can decrypt it by reversing the characters in the ciphertext to recreate the plaintext. Another example is a substitution cipher, which works by substituting each character T CR YPTOGRAPHY