 Hello and welcome to the session in which we would look at electronic transmission security, where we discuss encryption, among other topics such as digital certificates, public and private key as well. When we conduct e-commerce or electronic commerce online, we share a lot of sensitive information, such as password, credit card information, personal data, banking data, financial information, confidential messages, so on and so forth. So it's very important that we have to understand this security procedures. Now, this is from a personal perspective, but if you are studying for the CPA exam, this topic is covered on the BEC section of the exam. So whether you are an accounting students or CPA candidate, I strongly suggest you take a look at my website, farhatlectures.com. I don't replace your CPA review course. If you have a review course, which you should do, we should have one. Keep it. I am a useful addition. I explain this topic differently than your CPA review course, which will help you understand your CPA review course, which will help you get a better grade on the CPA exam. I can add 10 to 15 points to your CPA exam by providing you alternative explanation and alternative resources. And this is my offer. Here's your risk if you want to try me out. One month of subscription. Give me a try. If you like it, you keep it. If you feel it's helping you, you keep it. Guess what? You lost one month of subscription. You canceled. That's your risk. Your potential gain is passing the exam. If not for anything, take a look at my website to find out how well or not well your university doing on the CPA exam. I do have resources for other college and CPA sections as well. If you haven't connected with me on LinkedIn, please do so. And take a look at my LinkedIn recommendation. Like this lecture. Subscribe to my YouTube channel. Connect with me on Instagram, Facebook, Twitter. And especially Reddit. So as I mentioned earlier, encryption is a vital to encryption is vital to electronic commerce because we share sensitive information. What is encryption? Okay. Encryption is to provide security for transaction carried over the internet because we're going to be sending this information. I'm going to be purchasing something from Amazon. You might be purchasing my subscription online. So you are transacting online and transferring information. So encryption is important. What is encryption? Encryption is converting plain text into a secret code that hides the information through meaning. Now I'm going to give you a simple example, but please don't ever think this is how it works. Okay. But just to kind of tell you the idea of encryption. Let's assume your credit card information one right here. One, two, three, four, five, six, seven, eight, nine, then 11, you know, nine, eight, seven, six, five, four, three, two. So here's what happened when you send your credit card information. What happened is it gets encrypted and there's a secret formula. Okay. For example, the secret formula, let's call it algorithm. What it does is rather than showing your number one, two, three, four for every number, it will add five. So the one becomes six, the two becomes seven. The three becomes eight. So on and so forth. So it will add five to the formula or it will have some secret formula. Subtract one from the last digit at five to the first digit, multiply by 100, the middle digit. So it will have some sort of a formula that in case that message was intercepted, it can only be solved through that formula. And obviously that the formula will be the secret. This is what the secret code is. And this is basically an old way of transmitting messages back in the old days. You know, when one king or one military commander sends a message to another person, they wanted that message to be a secret message. They would write the message. But once they receive the other message, for example, if they want them to attack, okay. So rather than the word attack, for example, A, they will have the A is number one. The T is number seven, seven. A is one. C is number five and K is six. So that will be, you know, for every time there's an A, replace it with one. Every time there's a T, replace it with seven. Seven means go ahead and attack or retreat or whatever the secret messages. It's the same concept. So the reason I'm simplifying this because for you as a CPA user, that's all you need to know what it is. You don't have to know how it works technically in the background. Although I encourage you, strongly encourage you to get into this field as a future CPA. Okay. That's technology. Technology is the future, whether you are an accountant or anything else or a construction worker. Okay. So you want to get into this. The term cryptography is a term for encrypting and decrypting information. That's the field of encrypting, making the something secret and decrypting, reading that secret message. When you decrypt it, you read that secret message. The plain text is called uncrypted. So this is what you're seeing in front of you is a plain text. When the text is encrypted, it's cipher text. It's called cipher text. Those are technical terms. So the sender encrypt the information and the recipient decode it. Now, how would they do that? We're going to see how we do that these days. But this is the idea of encryption, and especially when you are sending this information over a public network, like the internet, and we always do that on a daily basis. So if a sniffer, a sniffer is the person in between, you have you and me. This is Farhat Lectures, and this is you. When you send information to me, there might be some person in between, a bad guy here, a bad guy, and they may sniff this information, intercept this information. So the key of this individual intercept this information, they cannot make sense, any sense out of it. If they intercept your credit card, it's encrypted. They can see it, but it doesn't make any sense for them because the numbers are weird. They're encrypted. An encryption created by a hardware is more secure than encryption created by just a software. So simply put, there are many ways to encrypt things. If you're using hardware and the encryption, again, this is technical. You just need to know this for the exam. It's harder to crack this encryption. Obviously, encryption uses computing power. It means it's going to cost money. There are two types of encryption schemes that you need to be familiar with. One is called symmetric, and one is called asymmetric. And hopefully you know what the meaning of the word symmetric. So for example, if you have two things that are exactly like each other, for example, I'm just going to do this. I'm bad at drawing, but assuming those two triangles are of the same size, which they are not, but assuming they are, we say that they are symmetric. They look exactly the same. Asymmetric, they don't look the same. They're not the same thing. So we're going to look at symmetric encryption and asymmetric encryption. Symmetric encryption uses one key for both encryption and decryption. What does that mean? It means when I send you the message, okay, so we have you and me. When we exchange messages, we have a private key. For example, to read this message, enter one, two, three, four. Well, that's not really a good code. And the same thing, you have the private code, one, two, three, four. So we're using the same code to encrypt and decrypt. So when you encrypt it, you'd use one, two, three, four. For me to decrypt, I'll use one, two, three, four. We both know it. So we both have to know it. It's the same one. The key is shared by both. This is symmetric. It's less complex and faster to execute. Again, the same key is used by the receiving and descending party. The host and the communication process would have received the key through the external means. So you have to understand, for example, if we're sharing this code, we don't want to share it within the message. Okay, maybe I want to call you say, you know, use one, two, three, four, the code. So we don't want to let anybody knows about this over the internet. This is used when you have large chunks of data. Sometime I might have to use my wife's social security. We always agree if that's the case, if she's going to text it to me, add one or subtract one from the numbers. So this way in case that the message was connected, the intercepted, you know, it will not be, I'm not paranoid, but the point is I'm just trying to make a point. Okay. This is an old technique, symmetric encryption in the length of the key. When you create that key is 128 or 256 bytes, we're going to see that the asymmetric you can have, you can have larger key. Larger key means you have more options to create those encryption codes. That's all what's to it. Okay. The length of the key asymmetric encryption is relatively new, relatively new to symmetric encryption. The private key is not shared here. Here you have a public key and you have a private key. Now you're going to have, you're going to have to simplify this. So you would use your imagination, but we'll see how it works in a moment. Hopefully I can, I'll be able to explain it. You have a private and you have public key. So public key, everyone knows because it's by the term public. So the private key is not shared, but the public key is shared by anyone. It's more secure than symmetric encryption as it uses two keys for the process. And the two keys are the private key and the public key. And you might be saying, how can it be more secure if you're using a private and a public? You will see how it works in a moment. So the public fee, the public key obviously is available for everyone. The private is not disclosed. Okay. So common, this is the common method that use on the internet today. If encrypted using the private key. So if you encrypted a message using a private key, the person that's receiving it would use the, if you use, if you use a private key to decrypt, then the person receiving it will decrypt it using the public key. If you use the public to encrypt, the public to encrypt, then the person receiving it will have to use the private key to decrypt if that's the case. So notice, they might trick you on the exam. They might notice, just know that when you use the private, for one thing you would use, you would need to use the public for the other and vice versa. Okay. And we'll see how it works in a moment when we use that, when we look at the digital certificate. Again, you have longer to execute, longer time to execute because it uses complex logic. The length of the key could be up to 2,446 bytes. So notice it's larger than the symmetric. It's usually used for smaller transaction to authenticate in order to establish secure communication. And we're going to see how it works in a moment. So asymmetric again uses a public and a private. Notice asymmetric, you know, private and public will be different. Okay. Symmetric will be the same. So symmetric is private for the sender, private for the receiver, but those are the same. They are symmetric keys. Asymmetric encryption, the private and the public are different and the private is indeed private. Let's talk about the digital certificate and how does it fit into this private public key? Like it's an execution of it. But before we look at digital certificate, I want you to think of a passport. What is the purpose of the passport? The purpose of the passport is to tell the users who you are. This is why when you travel, you just show them the passport. Now, why is the passport legitimate? Because the person that's looking at the passport will trust the U.S. government or will trust the issuer of that passport. So there's the trust factor here. So the digital certificate that we're going to be discussing works like a passport, like a passport issuer, not like a passport. It tells the users, look, this person is who this person claiming to be. I take my word for it. This is what the digital certificate is doing. Basically, it's data files created by trusted third parties called certificate authorities. So there are some party out there that will do so. So e-commerce, far hat lectures like myself, establish a relationship with a certificate authority who verifies that party's identity. For example, I use a service called GoDaddy. And GoDaddy will identify, will give me a digital certificate. And how do you know if a website has a digital certificate or not? Maybe you can see this, maybe you cannot. Notice here, it's HTTP and there's S. HTTPS in my address. When you see the S in the address, it means this HTTP, this website is secured and there's a lock here. There's the lock. So this tells the users, you are dealing with a trusted website. Now, what does it mean trusted? Who gave me this digital certificate? For me, it's GoDaddy. There's Verizine and there's other ones. I use GoDaddy because I use GoDaddy. It's not an ad for them or anything. And I have to pay for this every year. So just like you renew your password, you have to renew that certificate. So GoDaddy created a code electronic certificate that contains my name, my public key, my serial number and my expiration. So notice what it does, it has my public key. So my public key is available for everyone. It tells everyone, look, this guy is who that guy is. Farhat Lectures is Farhat Lectures. And GoDaddy will certify this. Now, the assumption is everybody will trust GoDaddy. That's the whole point of the digital certificate. So the certificate authority makes its public key widely available, widely available to anyone who log into Farhat Lectures. It tells them, yes, this is Farhat Lectures. You are in good hands. So customer wanted to conduct e-commerce over the internet, verify the holder certificate, server by using public key to decrypt. So when you log into my website on the server, it will tell you, the user, your IP, that this website is legitimate. It's certified by digital certificate. So the customer uses the public key to encrypt the message, then send it. The e-commerce site used the private key to decrypt the message. So simply put, when you exchange information with me, simply put, you will send the message using the public key. I have a private key to decrypt the message. Now, again, you don't have to know about the details of what happens. I don't do this. Like it's automatically done. It's like done within seconds. When I read your message, the system process everything and it will decrypt the message. Assuming it's encrypted, but you're usually sending plain text anyway when somebody sends me a message. This way, Farhat Lectures and the customer don't have to have their own private key. So if you want to exchange sensitive data, if I have 5,000 customers and every time I have to exchange data with them, we have to have our own private key. You'll have to have a private key. You have to have a private key. So for us to communicate securely, we'll have to have our own private key, which will be like a lot of work for everyone. So what happened is the public key, you'll put that message in my public key and I'll be able to decrypt this message using a private key. So it makes it easier for everyone. And that's why now we use asymmetric. When you're dealing with a bank, for example, I deal with Wells Fargo because I handle some businesses, some large account for some businesses. And sometimes what they do is they will send me a document and through the phone, they will send me a code to open that document. So that because it's very secure. They wanted the person that received this document, really the person that's supposed to receive it. All I have to put a secret number to encode this document. So this way, when you're using your credit card to purchase information, you know that the transaction is secured. That's the purpose of a digital certificate. Again, you'll have to have the S and usually there's a code. And by the way, Google, what's Google is going to be doing? Any website that does not have those HTTPS and any this code, it's not going to appear under searches. Why? Because they assume that the site is not secure. So you have to get a digital certificate, which is if you're a legitimate business, you should always get a digital certificate. Digital signature kind of works similar to digital digital certificate, but it's less secure than the digital certificate. It works like an actual signature, but anyone can forge your signature, right? But with the digital certificate, a third part is authenticating this information. There are three purposes for a digital signature. It identify it, authenticate, receive a trust that the message was sent from the sender. That's who you are. It has non-repudiation. It gives you non-repudiation simply put. If you send it, you cannot say you cannot send it, cannot deny that they send the message. Again, it can be intercepted. It can be manipulated with, but the point is that's the purpose of a digital signature. Ensure the message was not altered. That's the purpose of digital signature. And again, it's used in email users when they send documents, contract. They want to make sure that the information that they sent is received by the receiver and they'll be able to view it. The receiver will be able to know this is exactly what they wanted to say. This is the contract and the message was not altered in between. Again, we may be talking about things that we don't deal with on a daily basis unless you are dealing with a very important document. But those are the things that you will need to know for the CPA exam. Terms, terminology. So make sure you are familiar with those terminology and how it works. Just basically how it works. What is symmetric versus asymmetric keys? You need to know what they are. What's a public key versus a private key? You need to know what encryption is and what's a digital certificate. At the end of this recording, I'm going to invite you again to visit my website, farhatlectures.com. Usually on the CPA exam, they ask you, I would say, basic questions about these terms. But you need to be familiar with them. And your CPA review course will provide you practices. Make sure to practice. Study hard. Good luck. Don't shortchange yourself on the CPA exam. Give me a chance. Try me out. Good luck. Study hard. And of course, stay safe.