Information may be secured in a number of ways. Information that is confidential in nature may comprise financial, medical, corporate, political or personal information, for example.
Confidential information may be stored in secure premises, preventing accidental or malicious access to the information by placing it in a locked place, such as for example in a safe in an office. Corporate locations may be further, or alternatively, provided with alarm systems, guards, fences and/or other access control functions.
Confidential information may be stored in computers that are not connected to any unsecure networks, to prevent unauthorized network intrusion therein to obtain the information. Such computers may be referred to as “air walled” computers as they have no connection to unsecure networks.
One way to prevent unauthorized access to confidential information is encryption, wherein a plaintext, for example a text in a natural language, such as French, is converted to a ciphertext using an encryption algorithm and a key. Encryption algorithms are designed to render it very difficult to obtain the plaintext from the ciphertext without the key. In general, ciphertext may be known as encrypted information.
An attacker can obtain access to the plaintext of a ciphertext if he succeeds in obtaining both the ciphertext and the key, however. Managing encryption keys needs therefore to be done with care in order to obtain the benefits of encryption. One solution to key management is distributing encryption keys by hand using trusted persons. Once both ends of an unsecure connection then have secure copies of the keys, they can communicate ciphertexts over an unsecure channel to exchange information. For data encrypted at rest, such as on magnetic tapes, keys can be stored, for example, in a safe deposit box in a bank.
Another solution to key management lies in public-key cryptography, wherein encryption keys come in pairs comprising a public key and a private key. The public key, which may be distributed over unsecured channels, is usable for encrypting and verifying signatures, while only the private key, which is closely held, can decrypt information encrypted with the public key, and sign.