Fundamentals of Data Security (Web Services Application and Security, Part 3), Page 2
Benefits of Public Key encryption:
- It guarantees the confidentiality of data transfer across untrusted networks.
- Public key encryption is best suited for an organization that has a huge number of customers and many applications are deployed to support secure transactions.
- Public Key cryptography is a proven approach for commercial applications/e-commerce sites that are using credit card transactions over the Internet.
Limitations of Public Key encryption:
- Public key encryption is relatively expensive, and is not suited to encrypting large volumes of data.
- Though Web Services needs encryption data that is exchanged among services, traditional Public Key cryptography is not an exact fit to the Web Services model.
- In the Web service model, we need only a set of service parameters to be encrypted. The encryption of whole XML documents causes parsing problems when it is decrypted. So, we have to apply the encryption strategies that are designed for XML.
In this article, we have seen various key-based approaches that are involved in the encryption and decryption of data. Key cryptography does not fulfill all the requirements of a secure application. It does not address the trustworthiness or digital signature of documents.
Key cryptography is the one of the main entities in the Public Key Infrastructure (PKI) and it is the backbone for other two entities (authentication & authorization) and (Digital Signature & Certificate Authority). In the coming article, we will discuss more about authentication & authorization of data and their role in Web Services model.
About the Author
Sridhar Ravuthula is a senior software engineer with Hewlett-Packard, India. He has a master's degree in computer applications. Sridhar has been involved in designing and developing J2EE-based solutions on various platforms. He has worked in flagship product development, e-speak, and HP Bluestone (HPAS).
He has good knowledge and hands-on experience in Web Services technologies. You can reach him at email@example.com or firstname.lastname@example.org.