|
Glossary —
|
|
|
|
|
|
- AICPA
- American Institute of Certified Public Accountants, Inc.
- Algorithm
- A process for completing a task. An encryption algorithm
is a mathematical process to encrypt and decrypt messages.
- ANSI
- The American National Standards Institute.
- APNIC
- Asia Pacific Network Information Centre.
APNIC is a Regional Internet Registry (RIR), and is a non-profit
membership organization responsible for the administration and
registration of Internet Protocol (IP) addresses in the Asia-Pacific
region, including Japan, Korea, China, and Australia.
- ARIN
- American Registry for Internet Numbers.
ARIN is a Regional Internet Registry (RIR), and is a non-profit
membership organization established for the purpose of the administration
and registration of Internet Protocol (IP) addresses in North America,
parts of the Caribbean, and sub-Saharan Africa.
- Authentication
- Authentication is the process of identifying a user (or entity).
Usernames and passwords are the most common method of authentication.
- CA
- See Certification Authority.
- Certificate
- Digital Certificate, X509 Certificate, SSL Certificate.
Information issued by a trusted third party. Used to identify an individual or
entity, and often published in a directory with public access. At a minimum it:
i) identifies the CA issuing it; ii) names or otherwise identifies its Subscriber;
iii) contains a Public Key that corresponds to a Private Key under the control
of the Subscriber; iv) identifies its Operational Period; v) contains a Certificate
serial number; and vi) is digitally signed by the CA.
- Certificate Policy
- Rules that a certificate request must comply with in order for the RA to
approve the request or a CA to issue the certificate.
- Certificate Revocation List
- A time-stamped list of Certificates that have been declared revoked (invalid)
that has been digitally signed by the CA. This list is issued by the CA at a regular
interval and is used by applications to verify if a certificate is to be trusted.
- Certification Authority
- Certificate Authority, "Identity Verification Vendor".
An entity that issues Certificates and performs all of the functions associated
with issuing such Certificates.
- Certification Practice Statement
- Document that regulates rights and responsibilities of all the parties
involved (such as CA, RA, subscriber, relying party) within the context of
a CA's PKI.
- CICA
- Canadian Institute of Chartered Accountants.
- Compromise
- Suspected or actual unauthorized disclosure, loss, loss of
control over, or use of a Private Key associated with Certificate.
- CP
- See Certificate Policy.
- CPS
- See Certification Practice Statement.
- CRL
- See Certificate Revocation List.
- CSR
- See Certificate Signing Request.
- Decryption
- The process of transforming cipher text into readable text.
- DES
- Data Encryption Standard. A cipher developed by the United States government
in the 1970s to be the official encryption algorithm of the U.S.
- Digital Signature
- A system allowing people and organizations to electronically certify such
features as their identity or the authenticity of an electronic document.
- Distinguished Name (DN)
- See Subject.
- DNS
- Domain Name System. The Internet system of maintaining a distributed
registry of entity names and corresponding globally unique network address.
The DNS helps users to find their way around the Internet. Every computer on
the Internet has a unique address - just like a telephone number - which is
a rather complicated string of numbers. It is called its "IP address" (IP
stands for "Internet Protocol"). IP Addresses are hard to remember. The DNS
makes using the Internet easier by allowing a familiar string of letters (the
"domain name") to be used instead of the arcane IP address. So instead of
typing 207.151.159.3, you can type www.internic.net. It is a "mnemonic"
device that makes addresses easier to remember.
- Encryption
- Encryption is the process of using a mathematical formula (algorithm) to
translate/scramble plain text (or message, file, document, or other communication)
into an incomprehensible cipher text form to prevent unauthorized viewing of the
information. A very good, detailed description of cryptography, encryption, and
related topics can be found on
WikiPedia.
- Extension
- Means to place additional information about a Certificate within a Certificate.
The X.509 standard defines a set of Extensions that may be used in Certificates.
- FQDN
- Fully Qualified Domain Name.
- HTTP
- Hyper-Text Transfer Protocol used by the Internet. HTTP defines how data is
fetched or transmitted on the Internet and what actions should be taken by web
servers and browsers.
- HTTPS
- Secure Hyper-Text Transfer Protocol using SSL.
- IANA
- Internet Assigned Numbers Authority.
The IANA is the authority originally responsible for the oversight of
IP address allocation, the coordination of the assignment of protocol
parameters provided for in Internet technical standards, and the management
of the DNS and oversight of the root name server system. Originally, the IANA
and other entities performed these services under U.S. Government contract.
- ICANN
- The Internet Corporation for Assigned Names and Numbers.
ICANN is an internationally organized, non-profit corporation that has
responsibility for Internet Protocol (IP) address space allocation, protocol
identifier assignment, generic (gTLD) and country code (ccTLD) Top-Level
Domain name system management, and root server system management functions.
- IDNs
- Internationalized Domain Names.
IDNs are web addresses in your own language. Many efforts are underway in the
Internet community to make domain names available in character sets other than
ASCII. These IDN efforts were the subject of a 25 September 2000 resolution
by the ICANN Board of Directors.
- IETF
- Internet Engineering Task Force.
The IETF is a large open international community of network designers,
operators, vendors, and researchers concerned with the evolution of the
Internet architecture and the smooth operation of the Internet. It is open
to any interested individual.
- IP
- Internet Protocol.
The communications protocol underlying the Internet, IP allows large,
geographically diverse networks of computers to communicate with each other
quickly and economically over a variety of physical links. An Internet Protocol
Address is the numerical address by which a location in the Internet is
identified. Computers on the Internet use IP addresses to route traffic
and establish connections among themselves; people generally use the
human-friendly names made possible by the Domain Name System.
- ISOC
- The Internet Society.
The Internet Society is the international organization for global cooperation
and coordination for the Internet and its internetworking technologies and
applications. ISOC membership is open to any interested person.
- ISP
- Internet Service Provider.
An ISP is a company, which provides access to the Internet to organizations
and/or individuals. Access services provided by ISPs may include web hosting,
email, VoIP (voice over IP), and support for many other applications.
- Key Pair
- Two mathematically related keys, having the following properties: i) one
key can be used to encrypt a message that can only be decrypted using the
other key, and ii) even knowing one key, it is computationally impractical to
discover the other key.
- Key Size
- Length of private and public key. Normal key sizes are 512, 768, 1024,
2048, and 4096 bits. Current projections suggest 1024 bit key lengths
should remain secure through to the year 2015, and many recommendations
suggest 2048 bits should be adopted as a minimal secure key size.
- LACNIC
- Latin American and Caribbean Internet Addresses Registry.
LACNIC is a Regional Internet Registry (RIR) for Latin America and the Caribbean.
- LDAP
- Directory access protocol, used to retieve data from a public directory.
- Mail Transfer Agent
- Email client application - e.g. Mozilla, Outlook (Express), Eudora, etc.
>/a>
- OCSP
- Online Certificate Status Protocol, a method to verify in real-time if a
certificate is valid.
- Operational Period
- A Certificate's period of validity. It typically begins on the date the
Certificate is issued (or such later date as specified in the Certificate),
and ends on the date and time it expires as noted in the Certificate unless
the Certificate is revoked before its expiration.
- Organization
- The entity named or identified in a Certificate in the Organizational Name
field that has purchased a Certificate.
- PKCS
- Public-Key Cryptography Standard.
PKC Standards are developed by RSA Security.
- PKCS#10
- defines the ASN.1 structure of a certificate signing request
- PKI
- see Public Key Infrastructure.
- Private Key
- The key of a Key Pair used to create a digital signature. This key must
be kept a secret.
- Public Key
- The key of a Key Pair used to verify a digital signature. The Public Key
is made freely available to anyone who will receive digitally signed messages
from the holder of the Key Pair. The Public Key is usually provided via a
Certificate issued by CryptGuard CA. A Public Key is used to verify the digital
signature of a message purportedly sent by the holder of the corresponding Private Key.
- Public Key Infrastructure
- Processes and technologies used to issue and manage digital identities
for the use of third parties to authenticate individuals (entities).
Abbreviated PKI.
- RA
- See Registration Authority.
- Relying Party
- A recipient of a digitally signed message who relies on a Certificate to
verify the digital signature on the message. Also, a recipient of a Certificate
who relies on the information contained in the Certificate.
- Relying Party Agreement
- An agreement between a certification authority and relying party that typically
establishes the rights and obligations between those parties regarding the verification
of digital signatures or other uses of certificates.
- Revocation
- Invalidation of a certificate. Every CA regularly issues a list of revoked
certificates called CRL. This list should be verified by all applications that
use certificates from that CA before trusting a certificate.
- RFC
- Request for Comment.
- RIPE NCC
- Regional Internet Registry Provider for Europe.
RIPE is an open and voluntary organization, which consists of European
Internet service providers. The RIPE NCC acts as the Regional Internet Registry
(RIR) for Europe and surrounding areas, performs coordination activities for
the organizations participating in RIPE, and allocates blocks of IP address
space to its Local Internet Registries (LIRs), which then assign the addresses
to end-users.
- RSA
- Public key encryption algorithm.
- S/MIME
- Secure Multipurpose Internet Mail Extensions.
- SMTP
- Simple Mail Transfer Protocol is used by mailservers to exchange/send/route emails
between machines, whether for transfering mail from client MTAs like Eudora or Outlook
to servers like sendmail or exchange, or for transfers from server to server.
- SPKAC
- Signed Public Key And Challenge is a standard for CSRs from Netscape.
- SSL
- Secure Sockets Layer. An industry standard protocol developed by Netscape that
enables secure transactions using public key cryptography via the Internet. URLs
that require an SSL connection start with https: instead of http:.
- Subject
- Field in the Certificate that identifies the owner of the certificate. Also
referred to as the Distinguished Name (DN).
- Subscriber
- A person or entity who: i) is the subject named or identified in a Certificate
issued to such person or entity, ii) holds a Private Key that corresponds to a
Public Key listed in that Certificate, and iii) the person or entity to whom
digitally signed messages verified by reference to such Certificate are to be
attributed. A person or entity that applies for a Certificate by the submission
of an enrollment form is also referred to as a Subscriber.
- Subscriber Agreement
- An agreement between a CA and a subscriber that establishes the rights and
obligations of the parties regarding the issuance and management of certificates.
- Triple DES
- A method of improving the strength of the DES algorithm by using it three times
in sequence with different keys.
- URL
- Uniform Resource Locator. The global address of documents and other resources
on the Internet. The first part indicates the protocol to be used and the second
part shows the domain where the document is located.
|
|
|
|
