The Internet is notoriously insecure. Whatever you send out across it can be potentially readcorporate information, your credit card numbers, and more.
There is a related problem as well. How can a site know whether the person sending the information across the Internet, such as credit card information, is really who she says she is? There are ways for people to forge identities and steal credit card numbers, and websites, financial institutions, and other businesses require ways to verify people's identities.
Several ways have been developed to solve these problems. At the heart of them is encryptiona way of altering information so that to anyone other than the intended recipient it looks like meaningless garble. When the recipient gets the information, it needs to be decryptedthat is, turned back into the original message by the recipient, and only by the recipient. Many complex cryptosystems have been created to enable this type of encryption and decryption.
Cryptosystems use what are called keyssecret values computers use in concert with complex mathematical formulas called algorithms to encrypt and decrypt messages. If someone encrypts a message with a key, only someone else with a matching key can decrypt the message.
There are two kinds of common encryption systems:secret-key cryptography and public-key cryptography, also called asymmetric cryptography. Public key cryptography is commonly used on the Internet.
In public-key cryptography, two keys are involved: a public key and a private key. Every person has both a public key and a private key. The public key is made freely available, whereas the private key is kept secret on the person's computer. The public key can encrypt messages, but only the private key can decrypt messages the public key has encrypted. If someone wants to send a message to you, for example, she would encrypt it with your public key. But only you, with your private key, would be able to decrypt the message and read it. Your public key could not decrypt it.
Digital certificates use encryption to verify that the person sending information, such as a credit card number, a message, or anything else over the Internet, really is who she says she is. The certificates place information on a person's hard disk and use encryption technology to create a unique digital certificate for each person. When someone with a digital certificate goes to a site, that certificate is presented to the site and it verifies that the user is who she claims to be.
Digital certificates are issued by certificate authorities. These certificate authorities are private companies who charge either users or companies for the issuance of the certificates. You might be familiar with one such certificate authority, called VeriSign. Digital certificates contain information such as your name, the name of the certificate authority, the certificate's serial number, and similar information. The information has been encrypted in a way that makes it unique to you.
Also important for security are virtual private networks (VPNs), which let company employees connect securely to a company network no matter where they areat home, on the road, or anywhere else. They use a kind of tunneling technology to let people use the public Internet to connect to the company intranet, while keeping all communications secure and encrypted.