Encryption is commonly used for more than just data at rest. It can be used to keep data secure as they are transferred from one place to another. You have already seen how BitLocker To Go can encrypt data on removable media. This is a combination of data at rest and data in transit. BitLocker To Go encryption is technically just encryption of data at rest. A common use of removable media is to transport data from one computer to another. Encryption protects the data by making the data unreadable by anyone who does not possess a valid decryption key. If the removable device is lost or stolen, the contents are unreadable without a decryption key.

Communication data encryption is similar to the concept of BitLocker To Go. Data are encrypted as it is placed on the transmission media. Data are transmitted from the sending process to the receiving process. Here, they are decrypted and used as normal data. FIGURE 4-11 shows the encryption process when used for data transmission.

There are many methods available to secure data transfer. You can encrypt individual messages or create an encrypted connection, or tunnel, to encrypt all data between a sender and a receiver. Regardless of the method or protocols you choose, the goal of communication encryption is to make it very difficult for unauthorized users to access the contents of a message.

The most common perception of encryption is to ensure confidentiality. Encryption provides the ability to “hide” data from unauthorized users. It also provides integrity and nonrepudiation. Integrity is provided by ensuring data has not been modified since it was encrypted. This is often accomplished by calculating hash or checksum values. These values are then sent along with the data. Nonrepudiation means that a receiver can verify the source of a message. Additionally, the sender cannot deny sending the message. Windows supports the use of digital signatures to provide nonrepudiation. You’ll learn about several ways Windows uses encryption in the following sections.