data encryption

Also found in: Dictionary, Thesaurus, Medical, Wikipedia.

data encryption,

the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign governments. It is also now used increasingly by the financial industry to protect money transfers, by merchants to protect credit-card information in electronic commerce, and by corporations to secure sensitive communications of proprietary information.

All modern cryptographycryptography
[Gr.,=hidden writing], science of secret writing. There are many devices by which a message can be concealed from the casual reader, e.g., invisible writing, but the term cryptography strictly applies to translating messages into cipher or code.
..... Click the link for more information.
 is based on the use of algorithms to scramble (encrypt) the original message, called plaintext, into unintelligible babble, called ciphertext. The operation of the algorithm requires the use of a key. Until 1976 the algorithms were symmetric, that is, the key used to encrypt the plaintext was the same as the key used to decrypt the ciphertext. In 1977 the asymmetric or public key algorithm was introduced by the American mathematicians W. Diffie and M. E. Hellman. This algorithm requires two keys, an unguarded public key used to encrypt the plaintext and a guarded private key used for decryption of the ciphertext; the two keys are mathematically related but cannot be deduced from one another. The advantages of asymmetric algorithms are that compromising one of the keys is not sufficient for breaking the cipher and fewer unique keys must be generated.

In 1977 the Data Encryption Standard (DES), a symmetric algorithm, was adopted in the United States as a federal standard. DES and the International Data Encryption Algorithm (IDEA) are the two most commonly used symmetric techniques. The most common asymmetric technique is the RSA algorithm, named after Ronald Rivest, Adi Shami, and Len Adleman, who invented it while at the Massachusetts Institute of Technology in 1977. Other commonly used encryption algorithms include Pretty Good Privacy (PGP), Secure Sockets Layer (SSL), and Secure Hypertext Transfer Protocol (S-HTTP). The National Institute of Standards and TechnologyNational Institute of Standards and Technology,
governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. It was established by act of Congress on Mar.
..... Click the link for more information.
 (NIST) is working with industry and the cryptographic community to develop the Advanced Encryption Standard (AES), a mutually acceptable algorithm that will protect sensitive government information and will be used by industry on a voluntary basis.

Data encryption is regarded by the U.S. government as a national-security issue because it can interfere with intelligence gathering—therefore, it is subject to export controls, which in turn make it difficult for U.S. companies to function competitively in the international marketplace. To resolve this dilemma, the federal government in 1993 proposed key escrow encryption, an approach, embodied in an electronic device called a "Clipper chip," that makes broadly available a purportedly unbreakable encryption technique (although the code was broken by researchers in 1995) with keys to unlock the information held in escrow for national security and law-enforcement purposes by the federal government. This approach, however, has been unacceptable to civil libertarians and to the international community. In 1994 the Clipper algorithm (called Skipjack) was specified in the Escrow Encryption Standard (EES), a voluntary federal standard for encryption of voice, facsimile (fax), and data communications over ordinary telephone lines. A subsequent compromise escrow scheme intended to create a standard for data encryption that balanced the needs of national security, law enforcement, and personal freedom was rejected in 1995; a compromise proposed in 1999 was also controversial.


The conversion of data into a secret code for transmission over a public network. Today, most cryptography is digital, and the original text ("plaintext") is turned into a coded equivalent called "ciphertext" via an encryption algorithm. The ciphertext is decrypted at the receiving end and turned back into plaintext.

Keys Are the Key
The encryption algorithm uses a "key," which is a binary number that is typically from 40 to 256 bits in length. The greater the number of bits in the key (cipher strength), the more possible key combinations and the longer it would take to break the code. The data are encrypted, or "locked," by combining the bits in the key mathematically with the data bits. At the receiving end, the key is used to "unlock" the code and restore the original data.

Secret vs. Public Key

Secret-key cryptography and public key cryptography are the two major cryptographic architectures.

Secret Keys - Symmetric System
The first method uses a secret key, such as the DES and AES algorithms. Both sender and receiver use the same key to encrypt and decrypt. This is the fastest computation method, but getting the secret key to the recipient in the first place is a problem that is often handled by the second method.

Public Keys - Asymmetric System
The second method uses a two-part key, such as RSA and El Gamal. Each recipient has a private key that is kept secret and a public key that is published for everyone. The sender looks up or is sent the recipient's public key and uses it to encrypt the message. The recipient uses the private key to decrypt the message and never publishes or transmits the private key to anyone. Thus, the private key is never in transit and remains invulnerable.

Both Are Used Together
Secret key and public key systems are often used together, such as the AES secret key and the RSA public key. The secret key method provides the fastest decryption, and the public key method provides a convenient way to transmit the secret key. This is called a "digital envelope." For example, the PGP email encryption program uses one of several public key methods to send the secret key along with the message that has been encrypted with that secret key (see PGP).

Get Faster - Get Stronger
It has been said that any encryption code can be broken given enough time to compute all permutations. However, if it takes months to break a code, the war could already be lost, or the thief could have long absconded with the money from the forged financial transaction. As computers get faster, to stay ahead of the game, encryption algorithms have to become stronger by using longer keys and more clever techniques. See XOR, AES, DES, RSA, plaintext, digital signature, digital certificate, quantum cryptography, steganography and chaff and winnow.

Secret Key vs. Public Key
The secret method uses the same key to encrypt and decrypt. The problem is transmitting the key to the recipient in order to use it. The public key method uses two keys: one kept private and never transmitted, while the other is made public. Very often, the public key method is used to safely send the secret key to the recipient so that the message can be encrypted using the faster secret key algorithm.

Some Public History About Secret Methods

The following is reprinted with permission from RSA Security, Inc.

In 1518, a Benedictine monk named Johannes Trithemius wrote "Polygraphiae," the first published treatise on cryptography. Later, his text "Steganographia" described a cipher in which each letter is represented by words in successive columns of text, designed to hide inconspicuously inside a seemingly pious book of prayer.

Polygraphiae and Steganographia attracted a considerable amount of attention not only for their meticulous analysis of ciphers but more notable for the unexpected thesis of Steganographia's third and final section, which claimed that messages communicated secretly were aided in their transmission by a host of summoned spirits.

As might be expected, Trithemius' works were widely renounced as having magical content - by no means an unfamiliar theme in cryptographic history - and a century later fell victim to the zealous flames of the Inquisition during which they were banned as heretical sorcery.
References in periodicals archive ?
Achieving confidentiality, integrity and availability of data is simply not enough anymore- IT teams need to ensure convenience for users, administrators and managers when implementing any kind of security control, and especially so when implementing data encryption.
Gemalto's SafeNet data encryption solutions make it easy to work across multiple clouds by centralizing encryption and key management allowing organizations to:
Gemalto's SafeNet data encryption and key management solutions help organisations protect their data in the cloud, applications, data centers, networks and virtual environments.
From all indications, Google holds the key to the problem - by allowing Nexus 6, 9 and other devices on Lollipop users to opt out of the data encryption feature.
Secusmart specialises in high-security voice and data encryption and anti-eavesdropping solutions for government organisations, enterprises and telecommunications service providers in Germany and internationally.
Data encryption requires a separate step for Android-powered devices, he says.
The Bangko Sentral ng Pilipinas (BSP) has directed all BSP supervised financial institutions to adopt higher data encryption standards for ATMs in the country, as per a newly approved regulation.
Simple steps to data encryption; a practical guide to secure computing.
WORLDWIDE COMPUTER PRODUCTS NEWS-October 26, 2011-Adeya announces voice and data encryption solutions for BlackBerry OS 7(C)1995-2011 M2 COMMUNICATIONS
This wireless system provides admission/transfer/discharge feeds of patient name, ID, date of birth, gender, and bed location to the meter for bedside confirmation of multiple patient identifiers and positive patient ID with data encryption.
According to Phil Lieberman, President and CEO of Lieberman Software, pioneers in privileged identity management, whilst the economic imperative of migrating data to a cloud resource is clear to see, organisations also need to revisit their data encryption resources before making the leap.

Full browser ?