Case & Management Information
- Claims
- Business/Commercial
- Commercial Disputes
- Debt Recovery
- Employment
- Family/Divorce
- Lender Services
- Property Commercial
- Property Residential
- Tax Returns/Planning
- Wills/Trusts/Estates
- The risk that documents or messages may be intercepted en-route and therefore read by someone other than the intended recipient.
- That a message may be forged and sent under a false name.
- That a genuine message is tampered with en-route to the recipient.
Encryption
Sending a message over the Internet is rather like sending a postcard through postal system anyone that handles the postcard during its journey can read the message written on it. The nature of the Internet is such that messages or documents sent electronically can be intercepted. However it is possible to stop people reading the message or document. This is done by means of encryption i.e. before the message is sent the sender scrambles the contents. Anyone intercepting the message will only see a random collection of letters and symbols. Upon receipt, the recipient will have to unscramble the content before being able to read the message. The main method of encryption is known as public key encryption.
Lock and Keys
The encoding and decoding of messages is performed using two keys (1) a Public key which is publicly known and (2) a Private key which is kept secret to the sender of the message. The easiest way to think about the dual key concept is to image a lock for which I have two keys made. The keys are related that the lock closed with one key can only be opened using the other key and vice versa. I keep one key (my private key) and place the other in a library with my name on it (my public key). To communicate with me securely you need only to obtain my public key from the library and lock/scramble the document using the key before sending it to me. The message can only be unlocked/unscrambled using my private key to which only I have access. Therefore only I can read the message. To reply to the message I would obtain your public key from the library and lock/scramble my response using your public key. Only you can unlock the document using your private key to which only you have access
Forged Messages
Whose Key?
There is a weak link in the above scenario. The authentication procedure is based on the presumption that the Public Key belongs to the signer. However, there must be a risk that somebody creates a key pair, places the public key in a public directory under somebody else's name and forges electronic documents or messages in that person's name. Therefore there must be an assurance that the public key really belongs to the person named.
Certification Authorities
The answer is to reply on digital certificates. In the same way that we use passports to prove identity digital certificates can be used to prove identity on the Internet. Before obtaining a Passport we have to prove our identity to the Passport office. Once we have satisfied them that we are who we say we are they issue a passport. In the same way third parties known as Certification Authorities can provide the same service for secure Internet Communications.
Your Certificate
In practice your computer can be used to generate a public and private key. It will send the public key to the Certification Authority who will carry out identity checks to prove your identity. Once they are happy that you are who you say you are they will issue you with your digital Certificate.
Tampering
Check Digits
To overcome the problem of tampering, after the sender produces a message they run the message through an algorithm, which produces a message code which is mathematically related to the message in some way. The principle is similar to the check digit used on credit cards - one or more of the digits in the credit card number is the answer achieved when a secret formulae is applied to the other numbers. This makes it much more difficult for someone to make up a credit card number since almost certainly the check digit will be wrong.
Digital Signatures
Once the sender has calculated the message code he encrypts it using his private key and sends this with the message. The encrypted code is known as a digital Signature. When the message is received the recipient decrypts the Digital Signature using the senders public key. If the message code is accurate the recipient knows that the message has not been altered in transit.
If you would like more information please contact an experienced member of our team profiled on the right of this web page, telephone 0800 052 1541 or email business@wilson-nesbitt.com.
