Encryption

Encryption is the process of converting data into a secret code. Encryption is most often used to protect data as they are transferred from point to point over a network and also [Page 181]to scramble sensitive information residing in a database. The process of encoding data is called encryption, and the process of decoding data is called decryption. Unencrypted data are called plain text, and encrypted data are called cipher text.

In business, two major types of encryption are commonly used. Both methods employ “keys” or secret codes to “lock” or scramble data. Once a key is selected, a mathematical formula is applied to lock the data with the key. An easy way to visualize the role of the key, the data, and the formula is to compare encryption to home protection where the data represent the home contents and the mathematical algorithm is the type of lock used, which the key unlocks. One conceptual difference is that with encryption, the data being transferred often play a role in the actual locking process.

The first primary method of encryption uses just one key to both encode and decode data and is called private key or symmetric key encryption. Anyone with access to the key can read the message, so the intended recipient and the sender must ensure the security of the key to maintain message privacy. Commonly used symmetric keys include DES, IDEA, Skipjack, Triple DES, and Rijndael.

The second primary type of encryption employs a pair of keys to encode and decode data and is called public key or asymmetric encryption. Public key encryption requires each individual involved in a transaction to use a unique key pair. The algorithm employed is called a one-way function, meaning it is easy to perform in one direction, but very difficult and time-consuming to reverse. Commonly used asymmetric keys include RSA, Diffie-Hellman, El Gamal, and Elliptic Curve.

Asymmetric key encryption is inherently more secure, but symmetric key encryption is much faster than asymmetric—100 to 1,000 times faster. Symmetric keys should be used when a secure channel is available for key delivery, when encrypting large amounts of data, and when processing speed is important. Asymmetric keys are used when channels are insecure and when data being transferred are highly sensitive. Asymmetric keys are also used to create virtual private networks, or protected channels through untrusted networks such as the Internet, and to create digital signatures, which are used for authenticating individual parties involved in an electronic transaction.

In an effort to balance efficiency and security, companies often apply symmetric encryption to a plain text message but encrypt the symmetric key with an asymmetric key. Because the key is usually far smaller than the text message, this saves a great deal of processing time.

The level of secrecy achieved with encryption is a function of the strength of the algorithm, the length of the key, and the type of key management policies employed.

Encryption can play a vital role in protecting confidential information, including data, voice, and video, that is commonly exchanged among hospitals, physicians' offices, insurance companies, pharmaceutical companies, and other health care organizations.

...