Encryption is a procedure that changes a message to disguise it. A process called decryption is used to convert the disguised message back to its original form. Encryption has long been used in secret communication, such as in the sending of messages in code (see Codes and ciphers ). This article discusses the use of encryption in modern communications to protect privacy.
Encryption is used to protect transactions made over an ATM (automated teller machine) network or over the Internet. It prevents wrongdoers from intercepting bank account numbers, credit card numbers, or other personal data during transactions. In the United States, the government approves encryption standards. The standards used in electronic transactions are the Data Encryption Standard and the newer Advanced Encryption Standard. The protocol (set of procedures) used for the encryption and transfer of information over the Internet is called the Secure Sockets Layer (SSL).
Encryption is also used in cryptographic authentication, a process used to identify a person sending or receiving information and to verify certain messages. This process is used in both Internet and cellular telephone communications. For example, an Internet user who has paid to use a subscription site on the World Wide Web must prove his or her identity to gain access to the site. When a cellular phone call is made, the caller must be identified so that the phone center can bill the correct person for the call. Many cryptographic authentication systems use challenge-response passwords to authenticate identity. Such systems include many that enable secure transactions over the Internet. They also include the CAVE (Cellular Authentication and Voice Encryption) algorithm (mathematical process) used in cellular communications
Challenge-response systems require both parties in the communication to share a secret key to encrypt text. In these systems, a challenging party, such as a subscription website or phone center, sends a different random number to the recipient for each transaction. The recipient’s computer or phone uses the stored key to encrypt a response, then sends the response to the challenger. If the recipient’s response matches the response encrypted by the challenger’s own key, the challenger accepts the other party as legitimate
Prior to the introduction of cryptographic authentication, a type of fraud called cloning was a common problem for cell phone users. An eavesdropper who was tuned to a radio frequency on which cellular calls were made could intercept identity information and program another phone to send the same information. This “cloned” phone would act like the original, and calls made from it would be billed to the owner of the original phone. Today, the CAVE algorithm prevents such eavesdropping.
