iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
iTP Secure WebServer System Administrator’s Guide—523346-002
D-1
D Security Concepts
This appendix describes basic concepts relevant to setting up and administering the
iTP Secure WebServer:
•
Open Network Security on page D-1
•
Cryptographic Techniques on page D-3
•
Managing Key Certificates on page D-5
•
Secure Sockets Layer (SSL) on page D-7
•
Private Communications Technology (PCT) on page D-9
•
Comparing SSL and PCT on page D-9
Open Network Security
This section discusses the following security topics as they relate to security systems
on open networks:
•
Encryption on page D-1
•
Authentication on page D-2
Encryption
Encryption is the transformation of data into a form that only persons who have access
to the proper decryption key can read. Encryption ensures privacy by keeping
information hidden from anyone for whom it is not intended. For example, to keep
competitive bidding data from falling into the hands of your rivals, you may wish to
encrypt your data before transmitting it to a prospective client across a public
communications link. Or, to keep your secret recipes hidden from the bistro across the
street, you may wish to encrypt these records before storing them on hard disk.
In general, encryption works as described below and as shown in Figure D-1 on
page D-2: Romeo wishes to send a private message to Juliet over a public
communications link. Romeo encrypts his message (called the plaintext) with an
encryption key, then sends the encrypted message (called the ciphertext) to Juliet.
Using a decryption key associated with the encryption key used by Romeo, Juliet
decrypts Romeo’s ciphertext back into human-readable form.