28.1. General Principles

Cryptography focuses on four general principles to secure information that will be transferred between two parties. A secure application must apply a combination of these principles to protect any sensitive data:

• Authentication: Before information received from a foreign party can be trusted, the source of that information must be authenticated to prove the legitimacy of the foreign party's identity.

• Non-Repudiation: Once the identity of the information sender has been proven, there must be a mechanism to ensure that the sender did, in fact, send the information, and that the receiver received it.

• Data Integrity: Once the authentication of the sender and the legitimacy of the correspondence have been confirmed, the data must be verified to ensure that it has not been modified.

• Confidentiality: Protecting the information from anyone who may intercept the transmission is the last principle of cryptography.