Page 351 -
P. 351
350 Part Two Information Technology Infrastructure
A more secure form of encryption called public key encryption uses two
keys: one shared (or public) and one totally private as shown in Figure 8.6.
The keys are mathematically related so that data encrypted with one key
can be decrypted using only the other key. To send and receive messages,
communicators first create separate pairs of private and public keys. The public
key is kept in a directory and the private key must be kept secret. The sender
encrypts a message with the recipient’s public key. On receiving the message,
the recipient uses his or her private key to decrypt it.
Digital certificates are data files used to establish the identity of users and
electronic assets for protection of online transactions (see Figure 8.7). A digital
certificate system uses a trusted third party, known as a certificate authority
(CA, or certification authority), to validate a user’s identity. There are many
CAs in the United States and around the world, including Symantec, GoDaddy,
and Comodo.
The CA verifies a digital certificate user’s identity offline. This information is
put into a CA server, which generates an encrypted digital certificate containing
owner identification information and a copy of the owner’s public key. The
certificate authenticates that the public key belongs to the designated owner.
The CA makes its own public key available either in print or perhaps on the
Internet. The recipient of an encrypted message uses the CA’s public key to
decode the digital certificate attached to the message, verifies it was issued by
the CA, and then obtains the sender’s public key and identification information
contained in the certificate. Using this information, the recipient can send an
encrypted reply. The digital certificate system would enable, for example, a
credit card user and a merchant to validate that their digital certificates were
issued by an authorized and trusted third party before they exchange data.
Public key infrastructure (PKI), the use of public key cryptography working
with a CA, is now widely used in e-commerce.
ENSURING SYSTEM AVAILABILITY
As companies increasingly rely on digital networks for revenue and operations,
they need to take additional steps to ensure that their systems and applications
are always available. Firms such as those in the airline and financial services
industries with critical applications requiring online transaction processing have
traditionally used fault-tolerant computer systems for many years to ensure 100
FIGURE 8.6 PUBLIC KEY ENCRYPTION
A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock
the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message
is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private
key to decrypt the data and read the message.
MIS_13_Ch_08 Global.indd 350 1/17/2013 3:10:23 PM
