 | It has been suggested thatdata (computer science) bemerged into this article. (Discuss) Proposed since November 2025. |
Digital data, ininformation theory andinformation systems, is information represented as a string ofdiscrete symbols, each of which can take on one of only a finite number of values from somealphabet, such as letters or digits. An example is atext document, which consists of a string ofalphanumeric characters. The most common form of digital data in modern information systems isbinary data, which is represented by a string ofbinary digits (bits) each of which can have one of two values, either 0 or 1.
Digital data can be contrasted withanalog data, which is represented by a value from acontinuous range ofreal numbers. Analog data is transmitted by ananalog signal, which not only takes on continuous values but can vary continuously with time, a continuousreal-valued function of time. An example is the air pressure variation in asound wave.
The worddigital comes from the same source as the wordsdigit anddigitus (theLatin word forfinger), as fingers are often used for counting. MathematicianGeorge Stibitz ofBell Telephone Laboratories used the worddigital in reference to the fast electric pulses emitted by a device designed to aim and fire anti-aircraft guns in 1942.[1] The term is most commonly used incomputing andelectronics, especially where real-world information is converted tobinary numeric form as indigital audio anddigital photography.
 | This sectionpossibly containsoriginal research. Pleaseimprove it byverifying the claims made and addinginline citations. Statements consisting only of original research should be removed.(August 2016) (Learn how and when to remove this message) |
Since symbols (for example,alphanumericcharacters) are not continuous, representing symbols digitally is rather simpler than conversion of continuous or analog information to digital. Instead ofsampling andquantization as inanalog-to-digital conversion, such techniques aspolling andencoding are used.
A symbol input device usually consists of a group of switches that are polled at regular intervals to see which switches are switched. Data will be lost if, within a single polling interval, two switches are pressed, or a switch is pressed, released, and pressed again. This polling can be done by a specialized processor in the device to prevent burdening the mainCPU.[2] When a new symbol has been entered, the device typically sends aninterrupt, in a specialized format, so that the CPU can read it.
For devices with only a few switches (such as the buttons on ajoystick), the status of each can be encoded as bits (usually 0 for released and 1 for pressed) in a single word. This is useful when combinations of key presses are meaningful, and is sometimes used for passing the status of modifier keys on a keyboard (such as shift and control). But it does not scale to support more keys than the number of bits in a single byte or word.
Devices with many switches (such as acomputer keyboard) usually arrange these switches in a scan matrix, with the individual switches on the intersections of x and y lines. When a switch is pressed, it connects the corresponding x and y lines together. Polling (often called scanning in this case) is done by activating each x line in sequence and detecting which y lines then have asignal, thus which keys are pressed. When the keyboard processor detects that a key has changed state, it sends a signal to the CPU indicating the scan code of the key and its new state. The symbol is thenencoded or converted into a number based on the status of modifier keys and the desiredcharacter encoding.
A customencoding can be used for a specific application with no loss of data. However, using a standard encoding such asASCII is problematic if a symbol such as 'ß' needs to be converted but is not in the standard.
It is estimated that in the year 1986, less than 1% of the world's technological capacity to store information was digital and in 2007 it was already 94%.[3] The year 2002 is assumed to be the year when humankind was able to store more information in digital than in analog format (the "beginning of thedigital age").[4][5]
Digital data come in these three states:data at rest,data in transit, anddata in use.[6][7] Theconfidentiality, integrity, and availability have to be managed during the entire lifecycle from 'birth' to the destruction of the data.[8]
Data at rest ininformation technology means data that is housed physically oncomputer data storage in any digital form (e.g.cloud storage,file hosting services,databases,data warehouses,spreadsheets, archives, tapes, off-site or cloud backups,mobile devices etc.). Data at rest includes both structured andunstructured data.[9] This type of data is subject to threats from hackers and other malicious threats to gain access to the data digitally or physical theft of the data storage media. To prevent this data from being accessed, modified or stolen, organizations will often employ security protection measures such as password protection, data encryption, or a combination of both. The security options used for this type of data are broadly referred to asdata-at-rest protection (DARP).[10]
Definitions include:
"...all data in computer storage while excluding data that is traversing a network or temporarily residing in computer memory to be read or updated."[11]
"...all data in storage but excludes any data that frequently traverses the network or that which resides in temporary memory. Data at rest includes but is not limited to archived data, data which is not accessed or changed frequently, files stored on hard drives, USB thumb drives, files stored on backup tape and disks, and also files stored off-site or on astorage area network (SAN)."[12]
While it is generally accepted that archive data (i.e. which never changes), regardless of its storage medium, is data at rest and active data subject to constant or frequent change is data in use. “Inactive data” could be taken to mean data which may change, but infrequently. The imprecise nature of terms such as “constant” and “frequent” means that some stored data cannot be comprehensively defined as either data at rest or in use. These definitions could be taken to assume that Data at Rest is a superset of data in use; however, data in use, subject to frequent change, has distinct processing requirements from data at rest, whether completely static or subject to occasional change.
Because of its nature data at rest is of increasing concern to businesses, government agencies and other institutions.[11] Mobile devices are often subject to specific security protocols to protect data at rest from unauthorized access when lost or stolen[13] and there is an increasing recognition that database management systems and file servers should also be considered as at risk;[14] the longer data is left unused in storage, the more likely it might be retrieved by unauthorized individuals outside the network.
Data encryption, which prevents data visibility in the event of its unauthorized access or theft, is commonly used to protect data in motion and increasingly promoted for protecting data at rest.[15] The encryption of data at rest should only include strong encryption methods such asAES orRSA. Encrypted data should remain encrypted when access controls such as usernames and password fail. Increasing encryption on multiple levels is recommended.Cryptography can be implemented on the database housing the data and on the physical storage where the databases are stored. Data encryption keys should be updated on a regular basis. Encryption keys should be stored separately from the data. Encryption also enablescrypto-shredding at the end of the data or hardware lifecycle. Periodic auditing of sensitive data should be part of policy and should occur on scheduled occurrences. Finally, only store the minimum possible amount of sensitive data.[16]
Tokenization is a non-mathematical approach to protecting data at rest that replaces sensitive data with non-sensitive substitutes, referred to as tokens, which have no extrinsic or exploitable meaning or value. This process does not alter the type or length of data, which means it can be processed by legacy systems such as databases that may be sensitive to data length and type. Tokens require significantly less computational resources to process and less storage space in databases than traditionally encrypted data. This is achieved by keeping specific data fully or partially visible for processing and analytics while sensitive information is kept hidden. Lower processing and storage requirements makes tokenization an ideal method of securing data at rest in systems that manage large volumes of data.
A further method of preventing unwanted access to data at rest is the use of data federation[17] especially when data is distributed globally (e.g. in off-shore archives). An example of this would be a European organisation which stores its archived data off-site in the US. Under the terms of theUSA PATRIOT Act[18] the American authorities can demand access to all data physically stored within its boundaries, even if it includes personal information on European citizens with no connections to the US. Data encryption alone cannot be used to prevent this as the authorities have the right to demand decrypted information. A data federation policy which retains personal citizen information with no foreign connections within its country of origin (separate from information which is either not personal or is relevant to off-shore authorities) is one option to address this concern. However, data stored in foreign countries can be accessed using legislation in theCLOUD Act.
Data in use is aninformation technology term referring to activedata which is stored in a non-persistent digital state orvolatile memory, typically in computerrandom-access memory (RAM),CPU caches, orCPU registers.[19]
Data in use has also been taken to mean “active data” in the context of being in a database or being manipulated by an application. For example, someenterprise encryption gateway solutions for the cloud claim to encrypt data at rest,data in transit anddata in use.[20]
Some cloudsoftware as a service (SaaS) providers refer to data in use as any data currently being processed by applications, as the CPU and memory are utilized.[21]
Because of its nature, data in use is of increasing concern to businesses, government agencies and other institutions. Data in use, or memory, can contain sensitive data including digital certificates, encryption keys, intellectual property (software algorithms, design data), andpersonally identifiable information. Compromising data in use enables access to encrypted data at rest and data in motion. For example, someone with access to random access memory can parse that memory to locate the encryption key for data at rest. Once they have obtained that encryption key, they can decrypt encrypted data at rest. Threats to data in use can come in the form ofcold boot attacks, malicious hardware devices,rootkits and bootkits.
Encryption, which prevents data visibility in the event of its unauthorized access or theft, is commonly used to protect Data in Motion and Data at Rest and increasingly recognized as an optimal method for protecting Data in Use. There have been multiple projects to encrypt memory. MicrosoftXbox systems are designed to provide memory encryption and the companyPrivateCore presently has a commercial software product vCage to provide attestation along with full memory encryption for x86 servers.[22] Several papers have been published highlighting the availability of security-enhanced x86 and ARM commodity processors.[19][23] In that work, anARM Cortex-A8 processor is used as the substrate on which a full memory encryption solution is built. Process segments (for example, stack, code or heap) can be encrypted individually or in composition. This work marks the first full memory encryption implementation on a mobile general-purpose commodity processor. The system provides both confidentiality and integrity protections of code and data which are encrypted everywhere outside the CPU boundary.
For x86 systems, AMD has a Secure Memory Encryption (SME) feature introduced in 2017 withEpyc.[24] Intel has promised to deliver its Total Memory Encryption (TME) feature in an upcoming CPU.[25][26]
Operating system kernel patches such asTRESOR and Loop-Amnesia modify the operating system so that CPU registers can be used to store encryption keys and avoid holding encryption keys in RAM. While this approach is not general purpose and does not protect all data in use, it does protect against cold boot attacks. Encryption keys are held inside the CPU rather than in RAM so that data at rest encryption keys are protected against attacks that might compromise encryption keys in memory.
Enclaves enable an “enclave” to be secured with encryption in RAM so that enclave data is encrypted while in RAM but available as clear text inside the CPU and CPU cache. Intel Corporation has introduced the concept of “enclaves” as part of itsSoftware Guard Extensions. Intel revealed an architecture combining software and CPU hardware in technical papers published in 2013.[27]
Several cryptographic tools, includingsecure multi-party computation andhomomorphic encryption, allow for the private computation of data on untrusted systems. Data in use could be operated upon while encrypted and never exposed to the system doing the processing.
Data in transit, also referred to asdata in motion[28] anddata in flight,[29] is data en route between source and destination, typically on acomputer network.
Data in transit can be separated into two categories: information that flows over the public or untrusted network such as the Internet and data that flows in the confines of a private network such as a corporate or enterpriselocal area network (LAN).[30]
All digital information possesses common properties that distinguish it from analog data with respect to communications:
Even though digital signals are generally associated with the binary electronic digital systems used in modern electronics and computing, digital systems are actually ancient, and need not be binary or electronic.
