**2. Three states of information**

This section identifies three fundamental states that information can be in at a time. It is essential to distinctively identify each state, as corresponding security measures vary for each of these states. To address each separately, the information residing in either of three states at a time in a computational environment are identified. These three states are listed as information in transit, information in process, and information in storage. Information in transit refers to the status where an underlying network (wired or wireless) facilitates the transmission of data from one place (source) to another (destination). Information in process refers to the case when data is processed so that it transforms from source format to destination format. And information in storage refers to the mostly stagnant form of data that resides on a storage media for future reference. As these brief descriptions imply, information in each state has different properties than information in other states. As an example, information in transit is different from information in process and information in storage.

It should also be noted that these states may overlap to form many variations. As an example, states can form variations in pairs, such as information could be processed first and then transferred, or processed first and then stored, or stored information is retrieved for further processing, etc. Or, in a more complex format, each of the three states of information may combine in any order to form a sequence of operations, such as stored information is retrieved from database and is processed to yield new information and this new information is transferred to a remote destination.

The following subsections address each state of information in detail by describing them first and then providing examples for each state. This, later, serves as a basis for explaining security and privacy measures with respect to each state of information that is explained later in Section 3.

### **2.1 Information in transit**

The first state of information is information in transit. This state refers to the situation when information handled is transferred from one place (source) to another place (destination). As depicted in **Figure 1**, in the context of information in transit state, the information residing in source side is transmitted to destination via an underlying network. The underlying network infrastructure could be of various types, such as cable network, wireless network, etc., and does not differentiate

**67**

**Figure 2.**

*Information in process.*

*Security and Privacy in Three States of Information DOI: http://dx.doi.org/10.5772/intechopen.91610*

such as plaintext, still image, movie, voice, etc.

property of communication in most of the times.

2.2 and is depicted later in **Figure 2**.

destination (the branch office).

section that follows.

**2.2 Information in process**

from combined effects of the two.

information on each side was expected to be the same.

the type of data being transferred, as each data piece is processed in the bit level of granularity. This enables the transfer of information in various possible formats,

Though **Figure 1** illustrates information being transmitted from source to destination, more than usual, the roles change and the source becomes destination and the destination becomes source. This is because of the inherently full duplex

It should also be noted that if information in transit is considered only in isolation, then it should not change the format of data being transferred. This explains why in **Figure 1** both sender and destination sides label information exactly the same way. And to guarantee this unchanging property of data, integrity mechanisms are inherently built in network systems that facilitate information in transit. If a more complex system is designed and implemented by combining information in transit and information in process states, then labeling of each information entity will have to be modified accordingly. In particular, these entities will label information as Information1 and Information2 on each side so as to indicate the changing content of the information itself. This phenomenon is explained further in Section

Sending a memo that has text, pictures, and videos in it as part of a business operation from company headquarters to a branch office is an example of the case where information is transmitted from source (the company headquarters) to

While improvements in technology are facilitating the way information can be transferred, this brings along the issue of providing the security and privacy of information transferred. These issues are addressed in the security and privacy

This state focuses on how one operates on data to change its form. It is very common in computational operations today to process data such that it no longer possesses its original format. As an example, one may compress data so that it occupies less space, another may encrypt it so that it becomes unintelligible to unintended third parties, yet another combines compression and encryption so as to benefit

Information in process is represented graphically in **Figure 2**, where a series of operations are applied to input data to yield the output data. The expectation in the end of the process in this figure is that the output (Information2) will be different from input (Information1). This is a fundamental difference from **Figure 1**, where

In the context of information in process, take, for example, the process of encrypting text. The input data will be a legible text, such as a sentence, a document, etc., whereas the output generated will be an unintelligible sequence of characters, as is deliberately meant to be by the process. The process itself could be one single operation as simple as circularly shifting characters a certain amount to

**Figure 1.** *Information in transit.*

### *Security and Privacy in Three States of Information DOI: http://dx.doi.org/10.5772/intechopen.91610*

*Security and Privacy From a Legal, Ethical, and Technical Perspective*

concluded in Section 4.

information in storage.

**2.1 Information in transit**

information that is explained later in Section 3.

destination.

**2. Three states of information**

The rest of the chapter is organized as follows: In Section 2, three states of information are defined together with examples for each. In Section 3, security mechanisms, i.e., privacy and security algorithms that apply to each state of information, are discussed in detail, and examples are provided. Finally, the chapter is

This section identifies three fundamental states that information can be in at a time. It is essential to distinctively identify each state, as corresponding security measures vary for each of these states. To address each separately, the information residing in either of three states at a time in a computational environment are identified. These three states are listed as information in transit, information in process, and information in storage. Information in transit refers to the status where an underlying network (wired or wireless) facilitates the transmission of data from one place (source) to another (destination). Information in process refers to the case when data is processed so that it transforms from source format to destination format. And information in storage refers to the mostly stagnant form of data that resides on a storage media for future reference. As these brief descriptions imply, information in each state has different properties than information in other states. As an example, information in transit is different from information in process and

It should also be noted that these states may overlap to form many variations. As an example, states can form variations in pairs, such as information could be processed first and then transferred, or processed first and then stored, or stored information is retrieved for further processing, etc. Or, in a more complex format, each of the three states of information may combine in any order to form a sequence of operations, such as stored information is retrieved from database and is processed to yield new information and this new information is transferred to a remote

The following subsections address each state of information in detail by describing them first and then providing examples for each state. This, later, serves as a basis for explaining security and privacy measures with respect to each state of

The first state of information is information in transit. This state refers to the situation when information handled is transferred from one place (source) to another place (destination). As depicted in **Figure 1**, in the context of information in transit state, the information residing in source side is transmitted to destination via an underlying network. The underlying network infrastructure could be of various types, such as cable network, wireless network, etc., and does not differentiate

**66**

**Figure 1.**

*Information in transit.*

the type of data being transferred, as each data piece is processed in the bit level of granularity. This enables the transfer of information in various possible formats, such as plaintext, still image, movie, voice, etc.

Though **Figure 1** illustrates information being transmitted from source to destination, more than usual, the roles change and the source becomes destination and the destination becomes source. This is because of the inherently full duplex property of communication in most of the times.

It should also be noted that if information in transit is considered only in isolation, then it should not change the format of data being transferred. This explains why in **Figure 1** both sender and destination sides label information exactly the same way. And to guarantee this unchanging property of data, integrity mechanisms are inherently built in network systems that facilitate information in transit. If a more complex system is designed and implemented by combining information in transit and information in process states, then labeling of each information entity will have to be modified accordingly. In particular, these entities will label information as Information1 and Information2 on each side so as to indicate the changing content of the information itself. This phenomenon is explained further in Section 2.2 and is depicted later in **Figure 2**.

Sending a memo that has text, pictures, and videos in it as part of a business operation from company headquarters to a branch office is an example of the case where information is transmitted from source (the company headquarters) to destination (the branch office).

While improvements in technology are facilitating the way information can be transferred, this brings along the issue of providing the security and privacy of information transferred. These issues are addressed in the security and privacy section that follows.
