Transmission of electronic documents – The electronic documents move in a network from the originating computer to the destination computer. The greatest risk involved in the movement of data over the network is the possibility of confidentiality of the document being lost or that the document could have been tampered with. The science of “Cryptography” deals with the encryption of data i.e. the process of making information unintelligible to the unauthorized reader. Encryption translates the data into a secret code.
Decryption– the process of making the information readable once again completes the cryptography process. The sending of documents in an encrypted from is the basic of the ‘digital signature’ system.
There are two types of Cryptography system – symmetric and symmetric. The symmetric Crypto system (single key system) being a simpler system, consists of both the sender and the receiver having access and sharing a common ‘key’ to encrypt or decrypt a message.
The attendant drawback of this system is the security of the ‘key’ itself and the inability of an intermediary to verify the creation of an electronic document. The Asymmetric Crypto system (Public key system) is a more secure system and by the asymmetric Crypto system.
The originator of the documents who creates the key pair keeps one key which is known as the ‘Private Key’ and the other key is send to the person who is a recipient of a secured message from the originator. When the recipient uses the public key to decrypt the send message he is said to have affixed his digital signature. Thus the combination of public key and private key provide both confidentiality and authentication which are key enablers for secure electronic transmission.
The intermediary plays an important role of identifying the originator of the document and to check if the public key matches with the private key. The intermediary would also have to certify that the recipient of the public key is the person authorized to use the public key. The intermediary tends to assign the public key to a particular entity and thus becomes a certifying authority.