The migration of EDI toward the Internet was the hot subject at DISA's EC/EDI Conference in New Orleans this Spring. For many, this raises the utility and lowers the cost of doing business electronically. Perhaps the biggest stumbling block to EDI on the Internet has been concerns about security. These concerns are being mitigated by substantially improved security schemes. Most of these schemes revolve around the public key, or asymmetric, encryption process.
This process requires two keys to encrypt and decrypt a document. One of these keys is your public key. This key can be widely distributed to all those with whom you want to communicate. The second key is your private key. This key is kept confidential and not shared. Thus, if you want to send information to one or more of your trading partners, you can encrypt it with your private key. When the recipient receives the message they use your public key to decrypt the document. If the document decrypts with your public key, they can be assured that the document came from you and has not been altered. This is because only you have the private key, which could have created a document capable of decryption by your public key.
Conversely, if a trading partner wished to send you a document and wanted to make sure only you would be able to read it, they could simply encrypt it with your public key. Now only you can decrypt the document via your private key. Carrying the process one step further, you could encrypt a message first with your private key and then with the intended recipient's public key. Now the document can only be decrypted by the intended recipient, who is the only one who has both their private key and your public key. In this case you can be assured that only they could read the document and they can be assured that only you could have sent the document.