Tuesday, October 25, 2005

Metaphors in Security

Domain Specific Metaphors can help users to understand security especially when there is no physical example of it such as in the case of public key encryption. A metaphor to explain public key encryption would consist of a public lock and a private key. Open locks for an email address will be widely distributed so everybody shares the same key and can close the lock (secure) the message for everybody else. When a message is secured with a lock (encrypted with a public key) it would then in the closed state and therefore impossible to open without the private key held by the recipient. Every recipient could only unlock the message with the use of their private key. This is all perfectly natural and well understood from the use of padlocks and keys in the physical world. The sender's copy of the message would be associated with his or her own lock as the security mechanism, allowing users to understand the role played by their own keys.

No comments: