Biomedical Engineering Reference
In-Depth Information
their password to gain access to the system. Biometric security systems use personal biological
characteristics, such as a fingerprint, voice, or the pattern of capillaries on the retinae to verify the
identity of a user. Dongles are hardware keys that applications look for on either the serial or USB
port of a workstation before users can access their data and applications. Dongles can be considered
as a form of hardware-based encryption. Dedicated, high-speed hardware capable of high-speed
encryption and decryption are available options as well.
Encryption is the use of a key or code to scramble a message so that it can only be deciphered by
someone with knowledge of the key and the algorithm used to encrypt the original message. From a
practical perspective, encryption is the processing of data so that it's at least challenging for casual
eavesdroppers to read, even if the data are intercepted.
For Web-based databases, Secure Socket Layer (SSL) is the dominant security protocol. Information
transmitted over the Web using SSL is automatically encrypted, and only when the user's Web
browser and the computer serving content have the same key can they communicate. Both Netscape
and Internet Explorer support the optional use of SSL.
One of the limitations of SSL is that it's wedded to the client/server architecture, where a secure
session is established, through which any amount of data may be securely transmitted for the
duration of the session. A complementary communications protocol that makes use of encryption is
Secure Hypertext Transfer Protocol (S-HTTP), a protocol that is designed to transmit individual
messages securely over the Web. That is, SSL provides a secure communications channel for the
length of the connection between the client and the server, regardless of whether or not data is
flowing from one to the other. In contrast, S-HTTP is more appropriate for short communications that
only uses the channel when data are moving from sender to receiver.
Regardless of whether SSL or S-HTTP is used, at the core of communications over the Internet is an
encryption technology called Public Key Encryption (PKE), which is based on a pair of keys or data
strings. One key is public, known or at least knowable to everyone, and one key is private, known
only to the sender. The private key, which is not shared with anyone, is used to decrypt information
that's been encrypted by someone using the public key. In other words, encoding uses a generally
available public key and decoding is performed using a private key available only to the intended
recipient. PKE is like a physical padlock, where one key is used to lock a padlock and another key to
open it.
