How Digital Certificates Help Ensure the Security of EDI Data

When you exchange EDI documents via the Internet, the security of your data is of vital importance. It is critical that only the intended recipient…

OpenText profile picture

OpenText

November 6, 20134 minutes read

Descriptive text explaining the contents of the image.

When you exchange EDI documents via the Internet, the security of your data is of vital importance. It is critical that only the intended recipient can read the sensitive data being transmitted, such as purchase orders, invoices, or remittance advices. While encryption technologies have long been used to achieve the level of security needed for this sensitive data, their usage can be hampered by the difficulty of exchanging the “keys” upon which they depend. Digital certificates resolve the key exchange and management issues.

There are two basic kinds of cryptography.

The first is called “symmetric key encryption,” which involves the use of an encryption/decryption key, often called a “shared secret.” The key can be a code of any length, for example, 768 bytes or more. The longer and more random the key is, the greater the security achieved. To use this approach for B2B, that long key would need to be exchanged with all companies with which a business would be exchanging documents.

There are several issues with the symmetric key approach. First, how do you exchange the key in a secure fashion? Just as you shouldn’t exchange passwords or credit card numbers via email, email is not a good vehicle for the shared secret – it’s not secure! Also, if you exchange documents with multiple partners, you probably want each partner to have a different key. That way, if one partner inadvertently gets documents intended for another partner, he cannot decrypt it because his key works only on documents intended for him. Managing all these keys can become a logistics nightmare.

A better approach is to use “asymmetric encryption,” which uses a set of two keys – a “public key” that is used to encrypt and a “private key” that is used to decrypt – combined with a “digital certificate,” which makes the key exchange and management process very easy.

  • The public key is called “public” because everyone who sends you documents can use the same key. There are no security worries about the public key falling into unauthorized hands, since this key cannot be used to decrypt or read your messages. It can only be used to encrypt messages being sent to you.
  • You have a second key, called a “private” key, which is not shared with anyone else. This key is accessed by your communications software and is used to decrypt documents sent to you by partners that have encrypted documents using your public key.
  • The digital certificate is actually an electronic “container” for the public key and other important information such as organization name, email address, and server identification. The certificate is formatted in a standard way, thus enabling software to immediately read the certificate and “know” where to find the specific pieces of data needed. The certificate can be exchanged via email because the information in it is all public, so there’s no security concern. In addition, the digital certificate enables you to keep track of which public key belongs to which company – this is extremely helpful when you need to manage hundreds or even thousands of keys for all the business partners to whom you are sending documents, each with its own public key.

You can obtain a digital certificate for your company from an authorized certificate authority – such as VeriSign or Thawte – that acts as a trusted third party who vouches for the validity of the keys. Or, you can use special software to create your own digital certificate.

In the B2B world, the asymmetric encryption approach combined with the digital certificate is the better approach. The public and private keys help ensure that (1) the data is encrypted during transmission over the Internet and (2) only the intended recipient is capable of decrypting the data. The digital certificate makes the process easy and manageable.

To learn more about the best options for B2B Communications, watch this webinar: How to Determine the Best Communications Protocol for B2B Integration.

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText avatar image

OpenText

OpenText, The Information Company, enables organizations to gain insight through market-leading information management solutions, powered by OpenText Cloud Editions.

See all posts

More from the author

Manutan combines digital services with the human touch to delight customers

Manutan combines digital services with the human touch to delight customers

At Manutan, we equip businesses and communities with the products and services they require to succeed. Headquartered in France, our company has three divisions, serving…

January 31, 2024 4 minutes read
Reaching new markets in Europe and beyond

Reaching new markets in Europe and beyond

How information management specialists at One Fox slashed time to market for innovative products with OpenText Cloud Platform Services At One Fox, we’ve driven some…

January 18, 2024 4 minutes read
SoluSoft helps government agencies tackle fraud faster

SoluSoft helps government agencies tackle fraud faster

Fraud, in all its forms, is a pervasive problem, spanning industries and preying on vulnerabilities in federal and state government systems. Each year in the…

November 21, 2023 3 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.