Computer Big Lab

The Internet has become a vast marketplace for global goods and services. For e-commerce to prosper, you must feel safe when transmitting credit card and other financial information. Because data traveling over the network actually passes through many computers along the way, the opportunity exists for someone to intercept confidential information. Hackers also break into computers to steal stored data. No one really how often this actually happens.

How might this affect you? Let's say you want to buy some merchandise from an online store. If you provide your credit card number, how do you know it will travel safely from your computer to its final destination? With the tremendous potential for doing business online, there's a lot of time and money being spent trying to make Internet transactions secure.

It's done with a technology called encryption. Encryption software scrambles the data with a secret code so that no one can make sense of it while it's being transmitted. When the data reaches its destination, the same software unscrambles the information. When you see a small lock icon at the bottom of your browser, it indicates that your data will be encrypted during transmission.

Hackers thrive on outsmarting computer security systems. Many regard breaking into computers as a harmless hobby. Should you worry about this? If you access the Internet through a dial-up account, the chances of someone breaking into your computer are slim. The real targets of most hackers are corporate and government computers systems. They protect their systems by erecting a firewall, an extra layer of security placed between their internal computers and the Internet.

When dealing with online merchants, the best security is common sense. Anyone can establish a professional-looking online store these days, so make sure you deal with reputable companies. How can you tell?

The answers to these questions will give you clues:

• Is this the website of an established retailer?
• Does the site have a street address, not just a post office box?
• Is a return and refund policy posted?

All online financial transactions should be secure. Many online stores have what's known as a secure page. There may be a notice to that effect posted on the site. Alternately, you will see a lock icon, indicating that the site uses security technology.

If you are uncomfortable sending sensitive information, many sites provide a phone number you can call to give your credit card number, although there is no guarantee that's secure either. According to the National Consumers League, most Internet fraud involves sending checks or money orders to merchants. The organization recommends paying by credit card, because charges can be disputed with your bank.

The risks involved in transacting business on the Internet are no greater than those in any other arena in which we do business. While it is relatively safe to conduct business on the Internet right now, there are many companies continually working to develop and improve the technology required to make the Web secure.

Public-Key Cryptography

Until recently, people used a technique called symmetric key cryptography to secure information being transmitted across public networks. This method involves encrypting and decrypting a message using the same key, which must be known to both parties in order to keep it private. The key is passed from one party to the other in a separate transmission, making it vulnerable to being stolen as it is passed along.

With public-key cryptography, separate keys are used to encrypt and decrypt a message, so that nothing but the encrypted message needs to be passed along. Each party in a transaction has a "key pair" which consists of two keys with a particular relationship that allows one to encrypt a message that the other can decrypt. One of these keys is made publicly available and the other is a private key. A message encrypted with a person's public key can't be decrypted with that same key, but can be decrypted with the private key that corresponds to it. If you sign a transaction with your bank using your private key, the bank can read it with your corresponding public key and know that only you could have sent it. This is the equivalent of a digital signature.

Public-key cryptography lessens the risk of private information being intercepted, allowing parties to positively identify each other through digital signatures.

Secure Servers

Netscape Corporation has created the best known secure server technologies. It uses a security protocol called Secure Sockets Layer (SSL) that provides data encryption, server authentication, message integrity and optional client authentication for a TCP/IP connection. When a client program connects with a secure server, they exchange a "handshake" which initiates a secure session. With this protocol, the same server system can run both secure and unsecured web servers simultaneously. This means an organization or company can provide some information to all users using no security, and other information that is secured. For example, a business that sells products online can have its storefront (merchandise catalog) unsecured, but ordering and payment forms can be secure.

Why are these developments important? As the Internet becomes a way to buy and sell products and services, financial transactions become essential. Right now, most transactions involve the exchange of credit card information, either directly over the network, or by phone, to complete a transaction initiated online. Eventually, you will be able to use cash as well as credit, directly over the network.

There are two basic kinds of digital cash, anonymous cash and identified cash. Anonymous cash is just like paying for something with paper cash -- it carries no information about the person making the transaction, and leaves no transaction trail. You create it by using numbered bank accounts and blind signatures. Identified cash, on the other hand, contains information revealing the identity of the person who withdrew it from the bank. Like credit card transactions, identified cash can be tracked as it moves through the system and involves fully identified accounts and non-blind signatures.