Web commerce transactions, by necessity, involve sensitive information which, if compromised, can result in serious identity theft consequences such as financial losses, damage to reputation, unauthorized access to sensitive information, compliance issues, and mitigation costs. Credit card or checking account information along with personally identifiable information that is hijacked can be sold on the Internet or used by unscrupulous individuals for large illegal purchases. Cryptography is a tool that can be used to protect a person's private information.
The purpose of cryptography is to protect transmitted and stored information from being read and understood by anyone except the intended recipient. In the ideal sense, unauthorized individuals can never decrypt an enciphered message. In practice, reading an enciphered communication can be a function of time; however, the effort and corresponding time that is required for an unauthorized individual to decipher an encrypted message may be so large that it can be impractical. By the time the message is decrypted, the information within the message may be of minimal value.
Cryptography can be used to implement confidentiality, integrity, authentication, and non-repudiation. In non-repudiation, a sender cannot deny sending or signing a document with a digital signature. Non-repudiation deals with the ability to prove that someone sent something or signed something digitally.
The two principal ...