Search: 

Machine translation:
MBBSoftware
Creating software for businesses, professionals, and the home
our sites: MBBSoftware - Custom Image Presenter - Authenticate Testimonial
Safe Online Communication Hi guest
Sign up
Login
Learning Home Safe Online Communication Make Your Website Trusted How to Store Private Keys  

Learn how to use Authentication and Encryption for Safe Online Communication

Online communication is not intrinsically safe. Indeed, there are certain aspects of it that can be very dangerous, and in many cases bring about severe damages, such as being infected with viruses, system crashes, data loss, identity theft and others. In this article we will examine two common problems faced when communicating online, before offering a set of simple guidelines that can help prevent any possible danger or losses due to these problems.
Email (communication) Problem One. Who is talking to me?
Presently, most people go about sending information via email in a very unsecure manner. For example, they look at the signature beneath the text of an email, and if the sender address matches what they expect to see and the message is not too strange, they will assume that the email is genuine. This is unsafe to say the least.

The problem is that the sender address is not reliable information. An email is built by two or three parts. The first part has an administrative function and is called a header. Among the different fields in the header are the email address of the recipient, and also "From", "Reply-To", "Sender" and others. Since the internet has been designed to be a decentralized system there is no "central authority" to ensure the truthfulness of the content of all these fields. Thus, the software on the sender server can place whatever information it likes into these two data fields. To put this into perspective, this information is about as authentic as the name of the sender and the return address written on the back of a physical envelope, i.e. NOT AT ALL.
Email (communication) Problem Two. Who is reading and copying my private data?
Another issue with emails and online communication in general is that a person’s message can be read by many (artificial) intelligence services (computers) and people. Furthermore, it is possible for an unauthorized party to store messages for future reference without the person’s knowledge or consent.

When an email or data travels on the internet, it passes through a number of servers, which retransmit it to the next server. While being retransmitted, information can be parsed, read, interpreted and stored (unless it is encrypted). In addition to that, it is also fully accessible to the administrators and software running on the servers from where it was sent and where it is finally received (again, unless it is encrypted).
Exact Steps to Exchange Emails Safely
Provided that the parties communicating online maintain appropriate level of security and keep their private keys secret, then they can be certain that:
  • the other side on the communication line is the side that is expected, i.e. each side authenticates the identity of the other side;
  • the integrity of the exchanged information is in tact, i.e. the information has not been tampered with, or altered by errors;
  • the exchanged information is private and cannot be read and understood by unauthorized entities in foreseeable future;
by following the protocol below.
Suppose company A and person B both have websites, and both of them use Act On File or similarly capable software. Both A and B have public-private key pairs. They keep the private keys safe and secure, while publishing their public key on their websites. Suppose also that the person B wants to contact company A with some very important private information.
  1. Person B goes to the company A website and downloads their (public) Encryption Key.
  2. Person B uses the downloaded encryption key of company A to encrypt the document he wants to send. (Only company A can decrypt it.)
  3. Person B uses his/her own private Signature Key to generate signatures for the documents which are to be sent.
  4. Person B sends the encrypted documents and their signatures.
Company A receives documents from person B. They proceed in the following manner:
  1. Company A goes to the person B website and downloads their (public) Authentication Key.
  2. Company A uses the downloaded authentication key to verify the signatures. (This confirms or denies the origin the integrity of the documents.)
  3. Company A uses their own private Decryption Key to decrypt the documents.
  4. Company A is ready to use the documents confident in their origin and integrity.
This simple protocol ensures that information is safely transmitted over the internet and removes the possibility of phishing scams and other abuses. You can use Act On File or similar software to generate the required Public-Private key pairs, and also for the authentication and encryption steps in the above protocol.

Go Back to Learning
Community Content
(To enter your comments you must be signed in. Log in or create FREE account.)
MemberComments
Be the first to comment.
Products
Act On File
Audio Control
Custom Image Presenter
Photo Window
EMCOS
Vat # Validator
Custom Image Presenter
Homepage
for Galleries and Museums
for Hotels, Resorts and Cruises
for Parks of any kind
for Any Business
Learning
Encryption and Authentication
Safe Online Communication
Authenticable Website Testimonials
Learn how to store private keys
Make The Most From Your Files
Convenient Volume Control
Photo Window - an Awesome Gift
Support
My Account
FAQ - Forum
 
Community
Blog
Email this page
Newsletter
MBBSoftware
About
Contact
Buy Now
Download
Public Authentication Key
Public Encryption Key

Sitemap
Disclaimer
Privacy
Antispam
© Copyright 2017 MBBSoftware. All Rights Reserved.

Email this page
To:
use semicolon to separate emails eg: joe@abc.com; lea@abc.com
Subject:
Message:
a link to this page will be automatically added to your message
From:
Please type the anti-bot text below.
Type text:
Thank you for subscribing to the MBBSoftware newsletter.
Enter your email address:
Please type the anti-bot text below.
Type text: