The Internet is a notoriously insecure network. Anything you send across it can be easily snooped upon. This is of particular concern when highly confidential information, such as corporate data and credit card numbers, is transmitted across the Internet. Unless there is some way to protect that type of information, the Internet will never be a secure place to do business or send private, personal correspondence.
Another related concern is that it can be difficult to know whether the person sending the information across the Internet, such as credit card information, is really who he says he is. There are ways for people to forge identities and steal credit card numbers, and financial institutions and other businesses require ways to verify the identity of the person sending the information.
Several ways have been developed to solve these problems. At the heart of them is encryptiona way of altering information so to anyone other than the intended recipient it will look like meaningless garble. When the recipient gets the information, it needs to be decryptedthat is, turned back into the original message by the recipient, and only by the recipient. Many complex cryptosystems have been created to enable this type of encryption and decryption.
Cryptosystems use what are called keyssecret values computers use in concert with complex mathematical formulas called algorithms to encrypt and decrypt messages. If someone encrypts a message with a key, only someone else with a matching key can decrypt the message.
There are two kinds of common encryption systems: secret-key cryptography and public-key cryptography, also called asymmetric cryptography. Public key cryptography is what is commonly used on the Internet.
In public-key cryptography, two keys are involved: a public key and a private key. Each person must have both a public key and a private key. The public key is made freely available, whereas the private key is kept secret on the person's computer. The public key can encrypt messages, but only the private key can decrypt messages the public key has encrypted. If someone wants to send a message to you, for example, she would encrypt it with your public key. But only you, with your private key, would be able to decrypt the message and read it. Your public key could not decrypt it.
Digital certificates use encryption to verify that the person sending informationsuch as a credit card number, a message, or anything else over the Internetreally is who she says she is. The certificates place information on a person's hard disk and use encryption technology to create a unique digital certificate for each person. When someone with a digital certificate goes to a site or sends email, that certificate is presented to the site or attached to the email, and it verifies that the user is who she claims to be.
Digital certificates are issued by certificate authorities. These certificate authorities are private companies that charge either users or companies for the issuance of the certificates. You might be familiar with one such certificate authority, called VeriSign. Digital certificates contain information such as your name, the name of the certificate authority, the certificate's serial number, and similar information. The information has been encrypted in a way that makes it unique to you.