Newsletter sign-up

View all newsletters

Sign up for our technology specific newsletters.

Enterprise Java

Email Address:

Signed and delivered: An introduction to security and authentication

Find out how the Java Security API can help you secure your code

By Todd Sundsted, JavaWorld.com, 12/01/98

The Declaration of Independence hangs in the National Archive in Washington, D.C. At the bottom of the document appears John Hancock's flamboyant signature.

John Hancock did not pen his signature merely for artistic effect, however. Rather, he added it to certify to all who might read the declaration that he endorsed the document and its contents.

In a sense, John Hancock's signature welded his name, his reputation, and his person to the words in this momentous document. Whatever the future might have brought for the nascent state, his signature on the document ensured that his fortunes, good or bad, would follow suit. Had the American Revolution gone less favorably for the Americans, his signature might have cost him his life.

The simple act of placing our signature on a document is so much a part of modern life that its significance is often overlooked. Every day we routinely write our name on a variety of documents -- we write checks, we sign credit card receipts, we sign our children out of school -- in much the same manner as John Hancock did over 200 years ago with pen, paper, and ink.

But how do you sign something that doesn't exist in tangible form -- the stream of bytes making up a piece of e-mail, or an electronic credit card transaction? The receiver can ultimately trust the integrity of the information only to the extent that he can trust every hand the information has come in contact with. It seems the advent of the Information Age brought with it some thorny problems: High technology may make it easy to copy and distribute digital information, but it also makes it easy to modify or forge that same information. The solution to this problem lies in a branch of mathematics and computer science known as cryptography.

Cryptography

Most of us know that cryptography is associated with privacy. If I asked you to describe how cryptography is used, most of you would offer an explanation something like this: If a message's creator wants to ensure that the information contained in the message is kept private (that is, read by no one but the intended recipient), she encrypts her message and sends it across a (possibly) insecure channel to the recipient. The recipient then decrypts and reads the message.

While important, privacy is only one side of the cryptography coin. Less well known is cryptography's association with authentication. In case you aren't familiar with how authentication works, it goes something like this: The creator of a message wants to give the recipient a guarantee that the information within the message hasn't been tampered with. So the creator signs the message in such a way that any change to the information invalidates the signature. The recipient checks the signature against the information to verify the message.

These two areas of cryptography are orthogonal: Encryption can be used by itself, authentication can be used by itself, and both can be used together.

Even though the techniques used to encrypt information are interesting and well worth study, this month I'll focus on authentication.

 

About Us | Advertise | Contact Us | Terms of Service/Privacy

Copyright, 2006-2008 Network World, Inc. All rights reserved.