Finding technology systems to beat the hackers can be a challenging job. Every time you secure your systems, they find another loophole to crack your processes and procedures.
A significant advance in encryption is at hand, however - one that mixes traditional defence methods with sophisticated quantum cryptography techniques. Such developments are being made possible by German physicist Werner Heisenberg's uncertainty principle, which states it is impossible to make a perfectly accurate measurement of the position and velocity of an object because the act of measurement will to some extent distort what you are calculating.
In nuclear physics and quantum mechanics - both of which deal with sub-atomic particles - the uncertainty principle is crucial, as the uncertainties it implies are large in relation to the things being measured. But where large objects are concerned, the uncertainty principle is not generally significant because the things that are being calculated are too big for the uncertainties to matter.
For example, it is easy to measure the position and speed of a car because the uncertainties are so small in relation to the size of the car that they are negligible. But the days when Heisenberg's uncertainty principle had no useful applications in everyday life are now coming to an end.
At a time when information technology security is more vitally important than it has ever been, a new IT security technique is rising to prominence that could stack the odds against the eavesdropper: quantum cryptography, which uses quantum mechanics to help make communications secure. Using the technique, communications information is encoded into individual photons of light that then become subject to the uncertainty principle. Messages are encoded by giving each photon a different polarisation, rather like passing it through a different pair of Polaroid sunglasses - depending on the state you want it to have.
Quantum cryptography will be adopted alongside many other powerful encryption methods that are available to guard errant computer communications, most of which rely on a key being passed between sender and recipient. But the problem with passing a key is that they can be read or changed illicitly - making keys the main vulnerable point in strong encryption techniques. But the problem of vulnerability does not apply if keys are sent from the provider of the encryption system to the authorised recipient using quantum cryptography. Traditional cryptography relies on the computational complexity of certain mathematical techniques - such as extracting the factors of very large numbers - to restrict the likelihood of eavesdroppers learning the contents of encrypted messages.
Quantum cryptography, on the other hand, relies on the fact that any unauthorised attempt to read the key - and its photons - will be detectable. The technology is configured so that the receiving party will instantly see the disturbance and will consequently know it cannot rely upon that portion of the key because it is no longer secure. The recipient will then alert the sender to change the key. In practice, the change happens automatically - indeed, the detection and key change process itself takes place almost instantaneously, meaning the eavesdropper's possession of it is pointless. For the authorised participants in the message exchange, a combination of quantum and classical techniques is used to produce a key that can be proven to be secure. And because the message has been sent using quantum cryptography, the participants can be confident that the hidden key cannot have been read by anyone other than the intended participants. Such techniques mean quantum cryptography represents a significant advance in terms of security compared with conventional encryption techniques.
Indeed, the advance is so massive that the day may come, and sooner rather than later, when not using quantum cryptography for sending encryption keys may be unthinkable.
Why, if Heisenberg's uncertainty principle and his related quantum theory are not new, has quantum cryptography only now become viable? For the first time, we have the ability to measure the state of individual photons using equipment that will fit into a normal office, rather than requiring the facilities of a nuclear physics laboratory. The benefits of quantum cryptography are still only available across fibre optic cables that are no longer than approximately 100km. And while the technology is already potentially available for use across networks within big cities, inter-city and international applications are limited by the 100km rule.
There is, however, every indication that the technological barrier will soon be overcome. And with quantum cryptography at the point where it might soon achieve breakout into the mass market, IT managers might want to consider exploring the potential for business communications.
This article appeared in Computing in August 2007.
1. INTRODUCTION
Application Integration is the biggest cost driver of corporate IT. While it has been popular to
emphasise the business process integration aspects of EAI, it remains true that data integration is a
huge part of the problem, responsible for much of the cost of EAI. You cannot begin to do process
integration without some data integration.
Data integration is an N-squared problem. If you have N different systems or sources of data to
integrate, you may need to build as many as N(N -1) different data exchange interfaces between them –
near enough to N2. For large companies, where N may run into the hundreds, and N2 may be more
than 100,000, this looks an impossible problem.
In practice, the figures are not quite that huge. In our experience, a typical system may interface to
between 5 and 30 other systems – so the total number of interfaces is between 5N and 30N. Even this
makes a prohibitive number of data interfaces to build and maintain. Many IT managers quietly admit
that they just cannot maintain the necessary number of data interfaces, because the cost would be
prohibitive. Then business users are forced to live with un-integrated, inconsistent data and fragmented
processes, at great cost to the business.
The bad news is that N just got bigger. New commercial imperatives, the rise of e-commerce, XML
and web services require companies of all sizes to integrate data and processes with their business
partners’ data and processes. If you make an unsolved problem bigger, it generally remains unsolved.
Users and software vendors have devoted huge efforts to tackling the N2 data integration problem.
The solutions available today can be grouped into four main levels of increasing sophistication and
power:
1. Hand coding of data interfaces
2. Source-to-target mapping and translation tools
3. Integration hubs and brokers
4. Full model-based integration
This article discusses the costs and benefits you can expect at each level.
1. INTRODUCTION
Application Integration is the biggest cost driver of corporate IT. While it has been popular to
emphasise the business process integration aspects of EAI, it remains true that data integration is a
huge part of the problem, responsible for much of the cost of EAI. You cannot begin to do process
integration without some data integration.
Data integration is an N-squared problem. If you have N different systems or sources of data to
integrate, you may need to build as many as N(N -1) different data exchange interfaces between them –
near enough to N2. For large companies, where N may run into the hundreds, and N2 may be more
than 100,000, this looks an impossible problem.
In practice, the figures are not quite that huge. In our experience, a typical system may interface to
between 5 and 30 other systems – so the total number of interfaces is between 5N and 30N. Even this
makes a prohibitive number of data interfaces to build and maintain. Many IT managers quietly admit
that they just cannot maintain the necessary number of data interfaces, because the cost would be
prohibitive. Then business users are forced to live with un-integrated, inconsistent data and fragmented
processes, at great cost to the business.
The bad news is that N just got bigger. New commercial imperatives, the rise of e-commerce, XML
and web services require companies of all sizes to integrate data and processes with their business
partners’ data and processes. If you make an unsolved problem bigger, it generally remains unsolved.
Users and software vendors have devoted huge efforts to tackling the N2 data integration problem.
The solutions available today can be grouped into four main levels of increasing sophistication and
power:
1. Hand coding of data interfaces
2. Source-to-target mapping and translation tools
3. Integration hubs and brokers
4. Full model-based integration
This article discusses the costs and benefits you can expect at each level.
1. INTRODUCTION
Application Integration is the biggest cost driver of corporate IT. While it has been popular to
emphasise the business process integration aspects of EAI, it remains true that data integration is a
huge part of the problem, responsible for much of the cost of EAI. You cannot begin to do process
integration without some data integration.
Data integration is an N-squared problem. If you have N different systems or sources of data to
integrate, you may need to build as many as N(N -1) different data exchange interfaces between them –
near enough to N2. For large companies, where N may run into the hundreds, and N2 may be more
than 100,000, this looks an impossible problem.
In practice, the figures are not quite that huge. In our experience, a typical system may interface to
between 5 and 30 other systems – so the total number of interfaces is between 5N and 30N. Even this
makes a prohibitive number of data interfaces to build and maintain. Many IT managers quietly admit
that they just cannot maintain the necessary number of data interfaces, because the cost would be
prohibitive. Then business users are forced to live with un-integrated, inconsistent data and fragmented
processes, at great cost to the business.
The bad news is that N just got bigger. New commercial imperatives, the rise of e-commerce, XML
and web services require companies of all sizes to integrate data and processes with their business
partners’ data and processes. If you make an unsolved problem bigger, it generally remains unsolved.
Users and software vendors have devoted huge efforts to tackling the N2 data integration problem.
The solutions available today can be grouped into four main levels of increasing sophistication and
power:
1. Hand coding of data interfaces
2. Source-to-target mapping and translation tools
3. Integration hubs and brokers
4. Full model-based integration
This article discusses the costs and benefits you can expect at each level
1. INTRODUCTION
Application Integration is the biggest cost driver of corporate IT. While it has been popular to
emphasise the business process integration aspects of EAI, it remains true that data integration is a
huge part of the problem, responsible for much of the cost of EAI. You cannot begin to do process
integration without some data integration.
Data integration is an N-squared problem. If you have N different systems or sources of data to
integrate, you may need to build as many as N(N -1) different data exchange interfaces between them –
near enough to N2. For large companies, where N may run into the hundreds, and N2 may be more
than 100,000, this looks an impossible problem.
In practice, the figures are not quite that huge. In our experience, a typical system may interface to
between 5 and 30 other systems – so the total number of interfaces is between 5N and 30N. Even this
makes a prohibitive number of data interfaces to build and maintain. Many IT managers quietly admit
that they just cannot maintain the necessary number of data interfaces, because the cost would be
prohibitive. Then business users are forced to live with un-integrated, inconsistent data and fragmented
processes, at great cost to the business.
The bad news is that N just got bigger. New commercial imperatives, the rise of e-commerce, XML
and web services require companies of all sizes to integrate data and processes with their business
partners’ data and processes. If you make an unsolved problem bigger, it generally remains unsolved.
Users and software vendors have devoted huge efforts to tackling the N2 data integration problem.
The solutions available today can be grouped into four main levels of increasing sophistication and
power:
1. Hand coding of data interfaces
2. Source-to-target mapping and translation tools
3. Integration hubs and brokers
4. Full model-based integration
This article discusses the costs and benefits you can expect at each level.
