In the last column we introduced the scenario whereby Jane’s company C.R.I.M.E Inc. has secured a lucrative contract to perform covert work on behalf of the authorities in Cayanna and needs to obtain some equipment from John’s company Cell2AllComers based in the UK. We saw that Jane needed to send a confidential message to John containing a purchase order for the equipment and an authorisation from the Minister of Transport and Telecommunications in her country. We assume that both Jane and John have an asymmetric key pair as does Joe, the Minister. The public key of each person is known to all of the others.
The first step in this process is for Jane to obtain the authorisation. With his private key Joe the minister, encrypts the electronic document containing the authorisation that he issues thereby “signing” it digitally. It is considered to originate from him, given that the only key capable of decrypting it is his own public key. Joe therefore not only assures the world that the authorisation indeed originated with him, he is also barred from repudiating it for unlike a paper signature which can be forged, according to the rules of the game, he is responsible for anything “signed” with his key. Keeping this key secret is then of paramount importance to avoid being impersonated with the concomitant financial consequences. Note that while Joe can be held liable for documents signed with his digital signature in the area of commerce, and we are after all dealing with e-commerce, subject to correction from legal experts I think it is unlikely that a digital signature in and of itself, can form the basis of criminal prosecution which has an extremely high standard of proof.
Jane now has her authorisation which is a digitally signed electronic document. She then sends a message to John that contains (1) the purchase order for the equipment, and (2) the authorisation issued by the Minister of Transport and Telecommunications in Cayanna. Jane will “sign” the entire message by encrypting it with her public key. She will then encrypt it a second time, this time using John’s public key. This second encryption ensures that only John can read the message thus ensuring confidentiality. Remember that with the asymmetric key pair, either key can be used to encode and the corresponding key must then be used to decode. This makes the public key useful for ensuring confidentiality by ensuring that only a particular recipient is able to decode a message. So John receives the message containing the two items. The first operation John does is to decrypt the entire message which was meant for his eyes only, with his private key. Remember that the last thing Jane did was to encrypt with John’s public key. John then performs a second decryption with Jane’s public key which results in the original cleartext message containing the order and the authorisation. At this point he is sure that the message he has originated with Jane and that she can’t repudiate the purchase order. He will do a third decryption (of the authorisation), with the public key of Joe, the Minister for Telecommunications which similarly assures him of the authenticity (and non-repudation) of the authorisation. John is now almost at the stage where he feels comfortable providing the equipment with the exception that he has to ensure that no-one tampered with the message while it was in transit. That is he has to ensure its integrity.
Integrity relies on an additional device outside of the cryptology field and this is the routine data communications device of a checksum. A checksum is a unique number that is generated from the contents of a message. If this entire article were to be sent over a network, a checksum that is unique to the contents of this document would be calculated. The checksum is then a function of the message. If I were to change even as much as a period, comma or even a space in this document, the checksum would change. The checksum therefore provides a convenient basis for assuring integrity. John can calculate the checksum of the message he received and compare to the checksum he received with the message. If these are identical then he knows that the message was not altered during transmission.
Despite the complex nature of underlying theory, it should be clear by now that the asymmetric key technology provides a feasible basis for ensuring that digital
documents can adequately serve as valid records of binding agreements or contracts entered into amongst parties. In actuality, certain limitations of public key encryption render it impractical to implement wholesale. In particular, public key encryption is very slow computationally thus the time it takes to encrypt large messages (think of a 200 plus page contract) makes it unwieldy. Symmetric key methods perform much faster thus in practice, both methods are used in combination to achieve the essential requirements of secure communication. In particular, asymmetric key methods are used to exchange symmetric keys (which are relatively short) between parties. The symmetric keys thus exchanged are then used to encrypt the ensuing communications session for confidentiality. The asymmetric private key is also used to “sign” a message by encrypting the checksum only (which is typically only a couple of bytes long compared with thousands, millions or more bytes for the entire message). Remember that the checksum is a number that is a function of the message. Altering the message in any way alters the checksum. Thus once the checksum is encrypted with the public key, it cannot be altered without detection.
So far we have taken certain things as given. Just as in the issue of non e-commerce transactions we assumed that John had already acquired by some reasonably secure means, specimen signatures for Jane, in the case of e-commerce transactions we have similarly glossed over some very important antecedents to this discussion. How did Jane and John get each other’s public keys and how did they get the public key of the Minister for Telecommunication? Did these people meet in person and exchange IDs such as passports, ID cards etc? How did they trust in the first place that the public keys they received were associated with the purported persons? The answers to these questions lie in the public key infrastructure, which is a technical/legal/administrative framework that has to be in place to support electronic commerce which we shall examine next week.