| Expression |
Definition |
| ABA Guidelines |
The American Bar Association
— ABA, Digital Signature Guidelines are a structure of legal codes for using encrypted SSL certificates, digital ids and digital signatures in e-commerce. |
| Acceptable Use Policy —
AUP |
An acceptable use policy
— AUP, is a written policy that a user must agree to follow before they are allowed to use a product or service. |
| Access Level |
A hierarchical level of security that is used in order to detect the sensitivity of data, and the clearance or authorization of users. Similar to how digital certificates and SSL digital certificates help provide secure authentication for intranet and internet security. |
| Adversary |
A unit which attacks, or becomes a threat to, a system. |
| Algorithm |
A specific procedure or formula for solving a problem. In security an algorithm typically refers to cryptographic algorithms used in encryption or decryption of data files and/or messages. |
| Anomaly Detection |
Identifying intrusions by looking for unusual activity. A system would have a model of 'expected' or 'normal'
behavior, and would flag any activity that deviated from this model. |
| Apache |
Apache is a
freely available Unix based web server. It is currently the most
commonly used server on Internet connected sites. Its genesis was in
early 1995 when developers of some high visibility websites decided to pool their patches and enhancements to the
NCSA/1.3
server to create A patchy server. The project has since gained
considerable momentum. |
| Application Level Gateway |
A firewall system where service is given by processes which keep total TCP connection state and sequencing. Application level firewalls provide protection, Internet security and online security by re-addressing traffic. |
| Asymmetric Cryptography
|
A synonym for public key
cryptography. |
| Asymmetric Key Encryption |
Asymmetric Key Encryption, or public key encryption, employs two keys. One of these is publicly known and the other held privately. To derive a public key from a private key, any would be hacker would need to factor a very large number, and this is computationally infeasible for such derivation. |
| Attack |
An attack is the action of attempting to bypass system security controls. The event of an attack does not necessarily mean that a systems security has been breached, but merely that an attempt to breach it has been made. |
| Audit |
The gathering of records to check their conformity with an SSL security policy. |
| Audit Trail |
A time-sequential record of system actions that is sufficient to reconstruct, review and examine an operation or transaction from start to finish. Also known as a security audit trail. |
| Authenticate |
To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a
system. Also to confirm data's reliability. Data that has been stored or transmitted in a way that is likely to expose it to possible unauthorized
modification. |
| Authentication |
The act of determining that a message has not been changed since leaving its point of origin. Authentication, secure authentication or secure SSL authentication. |
| Authentication Header |
An Internet IPsec
protocol; a field that immediately follows the IP header in an IP datagram and provides authentication and integrity checking for the datagram. |
| Authentication Token |
A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords. |
| Authenticator |
A record containing information that can be shown to have been recently generated using the session key known only by the client and server. |
| Authenticity |
SSL Certificate security must be genuine and verifiable. In SSL Internet security and network security, it is imperative that authenticity is not assumed. |
| Authenticode |
A technology that makes it possible to identify who published a piece of software and to verify that it has not been tampered with. It also confirms that the digital certificate used to sign the code was issued by the certificate authority originally. |
| Authorization |
Giving access or other rights to a user, process or program that has been authorized. |
| Backup |
A replicated copy of data this is made for archiving purposes and protecting against the loss of data in case of loss or damage. A backup must be stored away from the original in order to be considered secure. |
| Bastion Host |
A bastion host is a gateway between an inside network and an outside network. Used as a security measure, the bastion host is designed to defend against attacks aimed at the inside network. Depending on a network's complexity and configuration, a single bastion host may stand guard by itself, or be part of a larger security system with different layers of protection. |
| Biometric |
A unique and measurable characteristic of a human being used to identify an individual. A key characteristic of a biometric access system is that it must operate in real-time. An example could be a fingerprint scanner, which scans the fingerprint and compares the results instantly to a stored database of acceptable fingerprints. Other characteristics include retina scans and voice recognition. Biometrics can be used with a smart card to authenticate the user. The user's biometric information is stored on a smart card, the card is placed in a reader, and a biometric scanner reads the information to match it against that on the card. This is a fast, accurate, and highly-secure form of user authentication. |
| Block Cipher
|
An encryption scheme in which the data is divided into fixed-size
blocks — often 64-bit, each of which is encrypted independently of
the others. Complete independence of blocks is cryptographically
undesirable, so usually a block cipher will be used in a chaining or
feedback mode in which the output from one block affects the way the
next is encrypted. |
| Brute Force |
An attack where all possible options are used at one time, often in a programmed sequence that attempts to use all possible passwords or decryption keys. |
| Bug |
A problem that causes a program to crash or produce invalid output. An unpredictable outcome that can cause actions that are not planned by the programmer or the user. |
| C2Net
|
C2Net
is the vendor of the Stronghold
web
server. Stronghold is based on Apache and
includes Eric Young's SSL implementation.
Crucially, the vendors have obtained a commercial RSAREF
license, to enable use of the server in North America without patent
infringement, and have had the server accredited by Verisign.
The Stronghold server is able to provide strong encryption,
including Triple
DES and 128-bit key RC4, to companies
worldwide because the relevant code was not developed in the US and
is not constrained by US export regulations.
C2Net also markets Safe Passage to
provide unencumbered 128-bit cryptographic capability for the
Netscape and Microsoft browsers and were sponsors of the 1995 Hack
Netscape competition, which, amongst other things, helped flesh out
the misgivings people had about encryption using 40-bit key lengths. |
| CAST
|
CAST is a symmetric key block
cipher. |
| CERT |
Computer Emergency Response Team
— network, Internet, security. The CERT was formed by ARPA in November 1988 in response to the needs exhibited during the Internet worm incident. The CERT charter is to work with the Internet community to facilitate its response to computer security events involving Internet hosts, to take proactive steps to raise the community's awareness of computer security issues, and to conduct research targeted at improving the security of existing systems. CERT products and services include 24-hour technical assistance for responding to computer security incidents, product vulnerability assistance, technical documents, and tutorials. In addition, the team maintains a number of mailing lists
— including one for CERT Advisories, and provides an anonymous FTP
server, where security-related documents and tools are archived. |
| Certificate |
A file that attests to the identity of an organization or web browser user and is used to verify that data being exchanged over a network is from the intended source. The certificate is digitally signed either by a Certificate Authority or is self-signed. There are CA certificates, client CA certificates, client certificates, and server certificates.
A token which underpins the principle of trust in SSL-encrypted transactions. The information within a certificate includes the issuer
— the Certificate Authority that issued the certificate, the organization
that owns the certificate, public
key, the validity period — usually one year, of the certificate,
and the hostname that the certificate was issued in respect of. It is digitally
signed by the certification
authority so that none of the details can be changed without
invalidating the signature. |
| Certificate Revocation List
— CRL |
A list maintained by the Certificate Authority of all certificates that are revoked, but not expired. A certificate may be revoked because the user's private key is assumed to be compromised, the user is no longer certified by this Certificate Authority, or the Certificate Authorities private key is assumed to be compromised. |
| Certificate Signing Request
— CSR |
A Certificate Signing Request
— CSR, is a text file generated by a web server that contains information about your organization
— name, address..., as well as your server's
public key. |
| Certification |
The complete assessment of the technical and
non-technical security functions of a system and other safeguards that are made for the accreditation process, which establishes the degree to which a particular plan and implementation meet a certain set of security conditions. |
| Certification Authority
|
Certification Authority
— CA,
is a third party organization which is used to confirm the relationship
between a party to the https transaction and that party's public key.
Certification authorities may be widely known and trusted institutions
for internet based transactions, though where https
is used on companies internal networks, an internal department within
the company may fulfill this role. |
| Challenge-Handshake Authentication Protocol
— CHAP |
An authentication method that can be used when connecting to an Internet Service Provider. CHAP allows you to login to your provider automatically, without the need for a terminal screen. It is more secure than the Password Authentication Protocol
— another widely used authentication method, since it does not send passwords in text format. |
| Challenge/Response |
A method for SSL Server Security. A security procedure in which one communicator requests authentication of another communicator, and the latter replies with a pre-established appropriate reply. |
| Checksum |
A checksum is a value that is used to check the integrity of data. Checksums are generated by a function that is dependent upon the data in question. For security purposes, checksums are generated by one-way hash functions. Once a checksum has been generated, it is either stored with or transmitted with the data in question. The integrity of the data can be checked by generating a new checksum. If the two checksums are identical, then the file has not changed. If the two checksums are different, then the data
— or file, in question has been altered. |
| Chosen cipher text attack |
An attack where the cryptanalyst may choose the
cipher text to be decrypted. |
| Chosen plaintext attack |
A form of cryptanalysis where the cryptanalyst may choose the plaintext to be encrypted. |
| Cipher /Cipher text |
Any encryption-decryption algorithm. Ciphers can be classified according to
whether they are symmetric or public
key algorithms, and by whether they operate on their data as a stream
or divided into blocks. Where Cipher text is Encrypted data |
| Cipher text-only attack |
A form of cryptanalysis where the cryptanalyst has some
cipher text but nothing else. |
| Classification |
An assembly of classified information to which a hierarchical, restrictive security label is attached in order to heighten the protection of the data, which provides network security and online security.
Also the level of protection required in order to apply certain information. |
| Classified |
Information officially mandated by a security policy that is to be given data confidentiality service and is to be denoted with a special security label in order to signify the status of its protection. |
| Client-side certificate
|
SSL has an optional feature which allows the
client — for example the browser and its user, to authenticate itself
to the server by means of a certificate.
Some servers will disallow connections unless they are authenticated
in this way. |
| Code |
The machine-readable form of a computer program, produced by conversion of the human-written program
— source code, into binary code by a compiler or interpreter. |
| Communications Security
— COMSEC |
Communications security. The protection resulting from all measures designed to deny authorized persons information of value which might be derived from the possession and study of telecommunications, or to mislead unauthorized persons in their interpretation of the results of such possession and study. |
| Common Name
|
A field of an X.509 certificate used for
matching against the domain name when validating the certificate. |
| Concealment System |
A technique of gaining confidentiality by concealing vulnerable information by embedding it in irrelevant data. |
| Confidentiality |
The idea of possessing sensitive data in confidence, restricted to a precise set of individuals or organizations. |
| Cookie |
A small piece of data, originally intended to keep state between web browser accesses to a server. Now used in many SSL Secured servers. |
| Cryptanalysis |
The art of decoding text. Cryptanalysis is a complex process, involving statistical analysis, analytical reasoning, math tools and pattern-finding. It is a way to figure out how to break down Internet Security. |
| Crypto |
Widely used as an abbreviation for cryptography, cryptographic, cryptology or even encryption. |
| Cryptographic Algorithm |
A process or sequence of rules or steps that is well-define and is used to convert a key stream or ciphertext from plaintext and vice versa. Crypto-algorithm is an older usage. |
| Cryptographic Checksum |
A one-way function attached to a file in order to construct a unique
'fingerprint' of the file for reference at a later time. Recurrently part of the development of generating a digital signature. |
| Cryptographic key |
See key Cryptography the process,
principles, means and methods, for making information unintelligible or for restoring encrypted information back to intelligible form. |
| Cryptology |
Cryptology incorporates cryptanalysis, or code breaking, as well as code making; it is a slightly more general subject area than cryptography. |
| Crypto period |
The time span necessary for a particular key to be authorized and to be used in a cryptographic system, which is a characteristic of PKI key management. |
| Crypto security |
The validation and security protection coming from the appropriate application of technically solid cryptosystems such as encrypted SSL certificates. |
| Cryptosystem |
An absolute and completely functional system for cryptography. It includes a solid Crypto-algorithm, necessities for the system's required functions and proper key choice and administration. |
| Data Encryption Algorithm |
An ANSI Standard that describes a cryptographic algorithm for encrypting data. The algorithm is private key driven. Also referred to as the Data Encryption Standard
— DES. |
| DES — Data Encryption
Standard
|
A symmetric key block
cipher algorithm developed by IBM and adopted as a standard in the
US in 1975. |
| Data Integrity |
The formal definition of comprehensive rules and the consistent application of those rules to assure high integrity data. It consists of techniques to determine how well data are maintained in the data resource and to ensure that the data resource contains data that have high integrity. Data integrity includes techniques for data value integrity, data structure integrity, data retention integrity, and data derivation integrity. |
| Deception |
Giving fake or forged identity or authentication to break the security policy. |
| Decryption |
Decryption is the process of transforming ciphertext back into plaintext. It is the reverse of encryption. |
| Designated Approving Authority
— DAA |
An example would be the secure server administrator having the authority to make a decision on accepting the security safeguards that are prescribed for the administrator who might be responsible for issuing an accreditation statement which records the pronouncement to accept those safeguards. |
| Digest |
A data piece of specific length, measured from a file or message. More often that not digest is a part of a digital signature and is known as hash or message digest. |
| Digital Signature |
A digital signature —
not to be confused with a digital certificate, is an electronic rather than a written signature. It can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real. Additional benefits to the use of a digital signature are that it is easily transportable, cannot be easily repudiated, cannot be imitated by someone else, and can be automatically time-stamped.
A use of public key cryptography
to authenticate a message. The private key
is used, showing that the signature must have been made by the owner
of that key. A secure hash of the entire
document is signed, so that any change to the document will invalidate
the signature. |
| Digital Signature Algorithm
— DSA |
An algorithm for producing digital signatures, developed by NIST and the
NSA. To sign a message, Alice uses the DSA Sign Algorithm to encode a digest of the message using her private key. For all practical purposes, there is no way to decrypt this information. However, anyone who receives the message and accompanying digital signature can verify the signature by using the DSA Verify Algorithm to process the following information: the received signature; a digest of the received message; and Alices public key. If the output of this algorithm matches a certain part of the digital signature, the signature is valid and the message has not changed. In contrast to RSA and other encryption-based signature algorithms, DSA has no ability to encrypt or decrypt information.
The Digital Signature Algorithm mandated by the Federal Information
Processing Standard FIPS 186. This is a public
key system, but unlike RSA it can only
be used for making signatures. |
| Digital Signature Standard
— DSS |
A National Institute of Standards and Technology
— NIST, standard for digital signatures, used to authenticate both a message and the signer. DSS has a security level comparable to RSA
— Rivest-Shamir-Adleman, cryptography, having 1,024-bit keys. |
| E-Commerce |
Quite simply, the act of selling over the internet. This can either be Business to Business
— B2B, or Business to Consumer — B2C. Also known as E-business or E-tailing. |
| El Gamal Algorithm |
An algorithm for asymmetric cryptography that was invented by
Taher el Gamal, founded on the challenge of calculating discrete logarithms and can be used for both encryption, like 128-bit encryption and SSL encryption, and digital signatures, used in digital certificates like SSL digital certificates and 128-bit certificates for internet security and network security with secure authentication and secure SSL authentication. |
| Electronic codebook —
ECB |
Block cipher mode that consists of simply applying the cipher to blocks of data in sequence, one block at a time. It does not use feedback, and is also considered the weakest form of block cipher. |
| Elliptic Curve Cryptography
— ECC |
It represents a different way to do public-key cryptography - an alternative to the older RSA system - and also offers certain advantages. ECC devices will require less storage, less power, less memory and less bandwidth - ultimately a more efficient cryptosystem. This allows the implementation of cryptography in platforms that are constrained, such as wireless devices, handheld computers, smart cards and thin-clients. It also provides a big win in situations where efficiency is extremely important, such as on a bottlenecked web server supporting e-commerce. |
| Encryption |
Encryption is the process of changing data into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key. In traditional encryption schemes, the sender and the receiver use the same key to encrypt and decrypt data. Public-key encryption schemes use two keys: a public key, which anyone may use, and a corresponding private key, which is possessed only by the person who created it. With this method, anyone may send a message encrypted with the owner's public key, but only the owner has the private key necessary to decrypt it. |
| End-to-End Encryption |
Encryption at the point of origin in a network, followed by decryption at the destination. |
| Eric Young
|
The original developer of SSLeay. Eric is
Australian and his work is not encumbered by US export regulations. |
| Fail Safe |
Secure Servers use automatic protection of programs and/or processing systems in order to keep safety when a hardware or software failure is discovered in an online payment system to accept credit cards. |
| File Protection |
The summative of all methods, processes and procedures in a system that is designed to hinder unauthorized file access, contamination, or elimination. |
| File Security |
Secure SSL servers restrict access to computer files only to authorized, validated users.
Filtering Router an internetwork router preventing selectively the transferring of data packets according to a security policy. It can be used as a firewall or at least as part of a firewall. |
| Firewall |
A secured system passing and inspecting traffic via an internal trusted secure server network and an external secure server network that is
untrusted, like the Internet. Firewalls can be used to discover, prevent, or mitigate certain kinds of secure server network attack. This provides Internet security and online security. See also application level gateway, proxy server. |
| Hacker |
The term used to refer to someone skilled in the use of computer systems, especially if that skill was obtained in an exploratory way. The term evolved to be applied to individuals, with or without skill, who break into security systems. |
| Handshaking |
Procedure a dialogue between two entities, such as a user and an
SSL secure server, a computer and another computer, or a program and another program, utilized for identification and authentication of the entities to one another in order to provide secure SSL authentication for online security or online payment transactions. 128-bit Digital certificates, also provide identification and secure authentication. |
| Hash Function |
An algorithm which calculates a value based on a data object, mapping the data object to a smaller data object, which is the hash result. The value is more often than not a fixed-size value. A very simplistic hash function is a checksum. The kind of hash function necessary for SSL security applications is called a cryptographic hash function. |
| Hash Result |
The output of a hash function, which is also known as a hash value. The output given by a hash function after processing a file or message. |
| Host-Based Security |
The method of securing an individual system from attack, often by encryption with 128-Bit SSL secure sockets layer. |
| http
|
The Hyper Text Transfer Protocol is the protocol
used between a Web browser and a server to request a document and
transfer its contents. The specification is maintained and developed
by the World Wide Web
Consortium. |
| https |
Hypertext Transfer Protocol Secure.
A type of server software which provides the ability for 'secure' transactions to take place on the World Wide Web. If a
website is running off a HTTPS server you can type in HTTPS instead of HTTP in the URL section of your browser to enter into the
'secured mode', 'providing' you have logged in your password, username or ID to access the secured area. There are a number of server software products that support this protocol as well as contacting your ISP.
https is ordinary http exchanged over an SSL
encrypted session. |
| Hybrid Encryption |
An application of cryptography which merges two or more encryption algorithms, especially a combination of symmetric and asymmetric encryption. Asymmetric encryption is not usually used for data secrecy except in dispersing symmetric keys in applications where the key data is more often than not short compared to the data it is protecting. Other kinds of encryption are
SSL encryption, ssh secure shell, and ssh2 secure shell, or sftp for secure server file transfer with 128-bit encryption. |
| International Data Encryption
Algorithm IDEA
|
A symmetric key block
cipher algorithm developed by Xuejia Lai and James Massey in 1991.
A symmetric block cipher which uses a 128-bit key and operates on 64-bit blocks, like 128-bit encryption. |
| Identification |
The procedure allowing recognition of an entity by a system, by and large by utilizing a unique machine-readable user name, with a
'Digital ID', such as a secure server using SSL validation.
Integrity one of security's cornerstones, integrity is unimpaired or perfect condition. |
| Integrity Checking |
This is the same as 'change
detection'. |
| Internet Protocol security
— IPsec |
(a) the IETF working society which is specifying a security architecture
— RFC 2401, and protocols in order to provide services of security for Internet Protocol traffic.
(b) a collective name for that architecture and set of protocols, specifying
security protocols — AH and ESP, the Authentication Header and Encapsulating Security Payload), security associations, PKI key management, and algorithms for authentication and encryption. Besides SSL encryption and also 128-bit encryption and SSL digital certificates or 128-bit certificates, the set of security services include access control service, connectionless data integrity, data origin authentication for secure authentication or secure SSL authentication, protection against replays, data confidentiality service and limited traffic flow confidentiality. |
| Internet Security Association and Key Management Protocol
— ISAKMP |
An Internet IPsec protocol
— RFC 2408, used to negotiate, institute or start, modify, and delete security associations. It is also used in the exchange of key generation and authentication data, key establishment protocol, encryption algorithm, or authentication mechanism of secure authentication and validation of online transactions with SSL Certificates. |
| Kerberos |
A single sign-on type system utilizing symmetric key encryption through a ticket-oriented mechanism for network security. |
| Key |
Data used in cryptosystems in order to execute encryption, which comes in different forms like
SSL encryption and also 128-bit encryption which provides internet security and online security. |
| Key Length |
Because many modern encryption algorithms are mathematically founded, the length of keys is a crucial determining factor in the strength of an algorithm and in the work factor involved in breaking a cryptographic system. |
| Key Management |
The process of handling and controlling cryptographic keys and associated material during their life cycle in a cryptographic system. This includes ordering, generating, distributing, storing, loading, escrowing, archiving, auditing, and destroying the different types of material. |
| Key Pair |
A private, or secret, key and its related public key in an asymmetric encryption system, as a
'Key Pair'. See also encryption,
PKI, private key, and public key. |
| Key Space |
The scope and extent of possible values of a cryptographic key, or the number of totally different transformations that are supported by a certain cryptographic algorithm. |
| Keyed Hash |
A cryptographic hash or digest in which the mapping to a hash result is assorted by a second input parameter which is a cryptographic key. The secret key protects the hash result in order for it to be used as a checksum. |
| Latency |
The time between the act of a secure system being penetrated, and any activity taking place. For example a virus that remains inactive until a certain date. |
| Managed PKI for SSL Certificates
— Multiple Server IDs |
PKI Manager; Web-Based Managed PKI for SSL allows the secure server administrator, usually Certified
— VCA, with Certification to manage PKI services for many different server IDs
— 128-bit SSL IDs. This makes the job of securing multiple web
servers and control an entire network, with efficient ID management of Public Key Infrastructure
— PKI, Services. Meet In The MiddleA explicit kind of cryptanalytic attack in which the attacker uses known-plaintext and the consequent ciphertext to do both encryption and decryption in order to determine a multi-part key for secure authentication and secure SSL authentication online. |
| MD2
|
A secure hash, or message digest,
algorithm developed by Ron Rivest. |
| MD5
|
A secure hash, or message digest,
algorithm developed by Ron Rivest. |
| Microsoft
|
See www.microsoft.com. |
| Multilevel Device |
A device that allows the simultaneous processing of data of two or more security levels without any risk of compromise. In order to accomplish this, sensitivity labels are
usually stored on a physical medium and form that are the same as the data that is being sorted out. It could help provide an
SSL secure server. |
| Netscape
|
See www.netscape.com. |
| Non-repudiation |
Ensures that information cannot be disowned. |
| Object |
A passive unit containing or receiving information. Access to an object implies ability to get to the information that it contains. Some examples of objects are: records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, fields, processors, and secure server SSL network nodes. |
| One-Time Pad |
An encryption system operating on a series of keys, each of which is used only one time; they are considered unbreakable. The encryption can be performed with 128-bit
SSL encryption for online security. |
| One-Time Password |
An authentication token intended to be discarded after a single use. |
| One Way Encryption |
Transformation of plaintext to ciphertext that is irreversible, where the plaintext cannot be brought back from the ciphertext by anything other than exhaustive processes even if the cryptographic key is known. One-way encryption has legitimate uses internet security and online security, such as password storage. |
| OpenSSL
|
OpenSSL is the
name now used for the SSL library originally known as SSLeay. |
| Password |
A protected/private character string which is applied to authenticate an identity, which gives secure authentication and secure
SSL authentication, sometimes with digital signatures and digital certificates like 128-bit
SSL digital certificates. Passwords are for a user's online security or authorization security. Working together are certs and secure email with
SSL certificates, all terms related to online security. |
| Private Key
|
The part of the key in a
public
key system which is kept secret and is used only by its owner.
This is the key used for decrypting messages, and for making digital
signatures. |
| Protocol |
Similar to 'protocol' in human communication which involves a previously agreed upon set of rules for communicating in diplomatic settings. On the Internet, a protocol is an agreed upon method for sending and receiving information.
A protocol is an algorithm, or or step by step procedure, carried
out by more than one party. Examples are network protocols, in which
the steps are intended to ensure reliable transmission of information,
or cryptographic protocols, in which the aim is to maintain some form
of security relationship between the parties. |
| Private key |
The key that a user keeps secret in asymmetric encryption. It can encrypt or decrypt data for a single transaction but cannot do both. |
| Public key |
The key that a user allows the world to know in asymmetric encryption. It can encrypt or decrypt data for a single transaction but cannot do both.
The part of the key in a public
key system which is distributed widely, and is not kept secure.
This is the key used for encryption — as opposed to decryption, or for
verifying signatures. Compare private key. |
| Public Key Cryptography
|
A public key cipher is one in which the key
used for encryption is different from the one used for decryption.
Although the keys are related, it is not possible to calculate the
decryption key from only the encryption key in any reasonable amount
of computation time. In most practical systems, the public key system
is used for encoding a session key which is
used with a symmetric system to
encode the actual data. RSA is an example of a
public key algorithm. |
| RC2
|
A symmetric key block
cipher, developed by RSA Data Security Inc, and now widely available. |
| RC4
|
A symmetric key stream
cipher, developed by RSA Data Security Inc., and now widely available. |
| Remote Authentication Dial-In User Service
— RADIUS |
A standard for authenticating the identity of remote dial-in users. |
| Realm |
A unique name given to each protected area on a server, whether it be a single document or an entire server. |
| Rights |
The privileges a user or role has on a system. |
| Roles |
A working description of a user. Roles are assigned rights. |
| Root Certificate |
A self signed certificate issued from a genuine Certificate Authority
— CA. |
| RSA
|
RSA is a public key cipher
which can be used both for encrypting messages and making digital
signatures The letters stand for the names of the inventors: Rivest, Shamir
and Adleman. The company RSA Data Security Inc. takes its name from
this algorithm, and has acquired the rights to the patents which cover
it.
A popular encryption and authentication standard that uses asymmetric keys. Based on a public key system, every user has 2 digital keys, one to encrypt information, and the other to decrypt. Authentication of both sender and recipient is achieved with this method. |
| RSAREF |
RSAREF is an implementation of the
RSA public key
system, and associated utilities, produced by RSA Data Security Inc.
It is licensed without fee for non-commercial use. |
|
Safe Passage
|
A recently announced solution to the problem that 'export'
versions of the Microsoft and Netscape browsers are only capable of
using 40-bit keys, and so cannot negotiate full strength sessions when
connecting to servers capable of strong encryption. c2.net
have made this functionality available
as an http proxy.
|
| Secure Server |
A web server that utilizes security protocols like SSL to encrypt and decrypt data, messages, and online payment gateways to accept credit cards, to protect them against fraud, false identification, or third party tampering. Purchasing from a secure
web server ensures that a user's credit card information, or personal information can be encrypted with a secret code that is difficult to break. Popular security protocols include SSL,
SHTTP, SSH2, SFTP, PCT, and IPsec. |
| Secure Sockets Layer —
SSL |
An Internet protocol which uses encryption and SSL secure sockets layer in order to supply data confidentially for service and data integrity amid a client and a server transaction with Internet security and privacy. Secure sockets layer
— SSL, can also, as an option, provide peer entity authentication amid the client and the server with secure SSL validation of digital certificates. SSL is layered below HTTP and above a transport protocol
— TCP. SSL is independent of the application it summarizes and any other higher level protocol can layer on top of SSL transparently. SSL has two layers:
(a) SSL's lower layer, the SSL Record Protocol, is coated on top of the transport protocol and encapsulates higher level protocols.
(b) SSL's upper layer supplies asymmetric cryptography for server authentication, which is verifying the secure server's digital identity to the client with digital ID signatures or certs with client authentication
— the process of verifying the client's identity to the server.
It also allows them to negotiate a symmetric encryption algorithm and secret session key, used for data confidentiality, prior to the transmission or receiving of data by the application protocol. A keyed hash offers data integrity service for data that is encapsulated. |
| Secure State |
A state in which no subject can get access into any object in a manner that is illicit. SSL Certificates provide a Secure State. |
| Security Association |
(a) A relationship established among two or more entities to allow them to guard data they swap. The relationship negotiates characteristics of defense mechanisms but does not involve the mechanisms.
(b) Used in IPsec as a simplex — uni-directional, logical connection generated for purposes of security and put in with either ah or esp, but never both. The security association offers security services that depend on the protocol chosen, the
IPsec mode transport or VPN tunnel, the endpoints and the choice of optional services in the SSL protocol.
A security association is recognized by (a) a destination IP address, (b) a protocol identifier or (c) a security parameter index. |
| Security Audit |
A self-assessing review and investigation of a system's policy, records, and actions to determine the capability of system controls, guarantee compliance with conventional security policy and processes, discover breach in security services, and recommend any alterations which imply a need for countermeasures. The objective of the basic audit is to establish accountability for systems which initiate or participate in security-relevant occurrences and actions. Means are needed to create and record security audit information and are also need in order to review and analyze the audit trail in order to detect and exam attacks and compromises of security. |
| Security by Obscurity |
A term used, more often than not negatively, in reference to the procedure of attempting to secure a system for Internet security and online security by failing to publish any information about it. This is done in the hope that no one will figure out how it works. |
| Security Critical Mechanisms |
The security mechanisms where proper functioning is required in order to make sure that the security policy is actually enforced. |
| Security Evaluation |
An evaluation that is done in order to assess the level of trust or assurance which can be placed in systems for the secure management of information that is sensitive. One sort, a product evaluation, is an assessment done on the hardware and software features and promises of a computer product from a standpoint which leaves out the application atmosphere. A different kind, a system evaluation, is performed to gauge a system's security safeguards with respect to a explicit operational mission and is an important step in the certification and accreditation process for secure authentication and secure SSL authentication that supplies Internet security and online security with digital certificates or
'certs'. |
| Security Fault Analysis |
A security analysis, more often than not performed on hardware at the gate level, to determine the security properties of an apparatus when a hardware fault is come upon. |
| Security Features |
The security-relevant operations, mechanisms, and features of system hardware and software. Security features are a compartment of system security safeguards used for online security
— SSL, digital certificates are one example. |
| Security Filter
|
A dependable subsystem enforcing a security policy on the data that passes through it. |
| Security Flaw
|
An error of commission or omission in a system which may falsely permit security mechanisms or safeguards to be bypassed, weakening internet security. |
| Security Kernel
|
The hardware, firmware, and software components of a tcb which use the concept of reference monitor. Security kernels have to mediate each and every access, be guarded from modification, and be provable to be effective. |
| Security Level
|
The Amalgamation Of A Hierarchical Classification And A Group Of Nonhierarchical Categories Representing Information's Sensitivity. |
| Self-signed Certificate
|
It is possible for the owner of a
certificate
to sign it themselves instead of having a recognized certification
authority do so. This is unlikely to be trusted by anyone wishing
to use the certificate as proof of ownership of the corresponding public
key. However, a signature by the owner is still useful, especially
when the owner is a certification
authority which must be trusted for independent reasons, as it
restricts the possibilities for malicious or accidental changes to the
details contained in the certificate. |
| Security Measures
|
Constituents of software, firmware, hardware or processes which are included in a system for the approval of security
exploitations or security policy. They are used for Internet security to prevent unauthorized intrusion with 128-bit digital certificates with secure SSL authentication. |
| Secret Key
|
Confusingly sometimes used to mean the
private
key of a public key system,
and also sometimes used — in contrast to 'public key', to
refer to a symmetric key system. |
| Secure Hash
|
A process which reduces a message of arbitrary length to a fixed
length fingerprint which is very unlikely to be the same for any other
message. The word 'secure' indicates that the algorithm has
been chosen so that it is not possible to forge a message which to
have given hash value, nor to create two similar messages with the
same hash value. |
| Session Key
|
A key used for just one message or set of messages. In a typical
system, a random session key is generated for use with a symmetric
algorithm to encode the bulk of the data, and only the session key
itself is communicated using public
key encryption. |
| Server Signature
|
The string usually returned as part of servicing each http request
that gives the name and version of the web server software being used. |
| SET
|
SET is a secure
protocol
designed by MasterCard and Visa to facilitate financial transactions
over the Internet. Compared with SSL, it places
more emphasis on validating both parties to the transaction,
and uses trusted servers so that a merchant holds only transaction
identifiers, not actual credit card numbers. |
| Secure Hash
Algorithm — SHA |
A secure hash, or message digest
algorithm adopted as a Federal
Information Processing Standard. |
| SHTTP |
Secure Hypertext Transfer Protocol, provides security at the
document level rather than the connection level as provided by SSL.
This protocol is not widely used. |
| S/MIME
|
S/MIME is a standard for end-to-end encryption of email messages.
The current version — version 3, is defined in RFC2632,
RFC2633 and
RFC2634. |
| Signature |
A unique and distinct pattern that is used to detect a virus infection or system penetration
— see intrusion detection system, or as a 'Digital ID' for SSL secure systems. The digital signature can be a permanently set string of bytes, or it can also be more complex and algorithmically based, as with a secure socket layer. ID Signatures for secure server system penetration are by and large much more complex and can even include the comparison of many different types of data in a security audit with logging. |
| Single sign-on |
A system, process or procedure in which a user is authenticated on one occasion, giving them access to a lot of disparate systems from that time on. It is like secure authentication or secure
SSL authentication that only has to be done a single time. Super-User a user with full, unlimited and unrestricted access to each and every portion and resource of the system, such as the PKI Manager who administers and manages SSL Certificate duties on a large network. |
| SSL — Secure Socket
Layer
|
A protocol developed by
Netscape
for encrypted transmission over TCP/IP networks. It sets up a secure
end-to-end link over which http or any other application protocol can
operate. The most common application of SSL is https
for SSL-encrypted http.
The Secure Sockets Layer — SSL, is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security
— TLS, which is based on SSL. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol
— HTTP, and Transport Control Protocol — TCP, layers. SSL is included as part of both the Microsoft and Netscape browsers and most
web server products. Developed by Netscape, SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The
'sockets' part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from
RSA, which also includes the use of a digital certificate. TLS and SSL are an integral part of most Web browsers
— clients, and web servers. If a website is on a server that supports SSL, SSL can be enabled and specific Web pages can be identified as requiring SSL access. Any
web server can be enabled by using Netscape's SSLREF program library which can be downloaded for
non-commercial use or licensed for commercial use. TLS and SSL are not interoperable. However, a message sent with TLS can be handled by a client that handles SSL but not TLS. |
| SSLeay
|
A freely available implementation
of the SSL protocol and the cryptographic
algorithms used by SSL, developed by Eric Young in Australia. It is
naturally available worldwide without breaching United States export
legislation, and has become a cornerstone for cryptography application
developers wishing to avoid the implications of US export regulations.
Usage within the United States has not been legally tested but is
likely to be controversial because of the US patent on RSA.
Eric Young has now withdrawn from the project and further development
is continued under the name OpenSSL by a team
of developers. |
| Stream Cipher
|
A stream cipher encrypts in small units, often
a bit or a byte at a time, but unlike a basic block
cipher the output corresponding to a given input will depend on
where in the message it occurs. The simplest type of stream cipher
uses a complicated function, which retains state, to generate a
pseudo-random sequence which is then combined with the input using a
simple operation such as byte wise addition. |
| Symmetric Key Encryption |
Private key encryption, or
'symmetric key encryption' uses the exact same, private key for both encryption and decryption. The key is shored amid the both parties as the factor for the communication. Symmetric key systems do not have to have a public key infrastructure
— PKI, the way that asymmetric key encryption has to, but it does have to have a key to exchange through a channel that is secure, unlike other kinds of 128-bit encryption with SSL. |
| Symmetric Cryptography
|
A symmetric cipher is one in which the same
key is used for encryption and decryption. Therefore a secure method
has to be found by which the sender and recipient can agree on the
key. CAST, DES, IDEA, RC2 and RC4 are symmetric
ciphers. |
| System Integrity |
The condition an SSL secure server is in when it executes its intended operation in an unimpaired manner, free from advertent or inadvertent unauthorized manipulation of the system. |
| TLS
|
TLS, standing for Transport Layer Security, is the latest version of
SSL. It is an enhancement of SSL version 3.0, and
is a proposed Internet Standard. Please refer to RFC2246
for further information. |
| Thawte
|
Thawte is a South African company which acts as a
certificate
authority. On December 20, 1999, it was acquired by Verisign. |
| Triple DES
|
Each block is encrypted three times using
DES,
using at least two different keys. There are variants which differ in
whether two or three keys are used, and whether some of the steps are
in decryption mode. In SSL, three separate keys are used, and the
middle step is a decryption. |
| Token |
An authentication tool, an apparatus utilized for holding key or authentication values, or to calculate, and possibly even to send and receive replies to challenges during the user authentication procedure. Secure authentication with SSL validation is needed. Tokens can be small, hand-held hardware apparatus very much like pocket calculators or credit cards. |
| Trusted Computer System |
A system using ample hardware and software assurance measures to permits its use for simultaneous processing of a span of sensitive or classified information. |
| Trusted Computing Base —
TCB |
The sum of defense mechanisms in a secured computer system, including hardware, firmware and software, the combination of which is supposed to enforce an SSL security policy. A tcb is made up of one or more elements which together enforce a unified security policy. The ability of a tcb to enforce aptly a unified security policy depends completely on the mechanisms in the tcb and on the proper input by system administrative personnel of parameters that are related to the security policy. |
| Trusted Path |
A device by which an individual at a terminal can communicate straight to the
tcb. This instrument can activated by only the individual or the tcb and cannot be mimicked by untrusted software. |
| Trusted Process |
A procedure whose false or
malevolent performance is able to violate a System's Security Policy. |
| Tunneling |
Practices tracing of the disruption of a system in the final programming. Utilized by both viral and antiviral programs to discover and/or disable rival programs. |
| Tunneling Router |
A router or system able to rout traffic by ciphering or encrypting it and summarizing it for transmission via an untrusted secure server network, which later puts it through de-encapsulation and decryption. Encryption such as 128-bit encryption and SSL encryption help ensure Internet security and online security. Two-Factor
Authentication founded on at least two of the three types: something a user knows, is or has. To gain access into a system the user must be able to exhibit both factors. |
| Untrusted Process |
A process which has not been evaluated or examined for adherence to the
security policy. It may include incorrect or malicious code which attempts to circumvent the SSL security mechanisms. |
| Verification |
The procedure that contrasts two levels of system
exploitation for appropriate correspondence. |
| Vulnerability analysis |
The regular and organized evaluation of systems in order to determine the capability of security measures, identify security shortages and impart data from which to predict the efficacy of the projected security measures. It is a procedure for maintaining Internet security and online security through making sure everything is secure on the server. |
| Vulnerability Assessment |
A calculation of vulnerability including the vulnerability of a certain system to a explicit attack and the prospects accessible to a threat agent to mount that attack
Web of TrustA PKI method utilized in PGP for creating a file of legitimate public keys by way of making personal judgments about whether or not to trust a particular person who is possessing properly certified keys of other people. |
| X.509
|
An International Telecommunication Union recommendation for the format of certificates.
British Standard 7799 — BS7799, is the British standard for Information Security Management. It has now become an International Standard, ISO 17799. It is in two parts - Part 1 sets out approximately 40 objectives for Information Security, and Part 2 has about 130 controls which can be implemented to achieve those objectives. |
![sslONE™ [ Making security affordable ]](../../../seal/images/en/logos/33.gif)
![sslONE™ [ Making security affordable ]](../../../seal/images/en/logos/34.gif)
![Solutions Network [ Technology Solutions Provider ]](../../../images/partners/solutionsnetwork.jpg)
![SupraLink Solutions [ Internet Solutions Provider ]](../../../images/partners/supralinksolutions.jpg)
