A | B | C | D | E | F | G | I | K | L | N | O | P | R |
S | T | U | V | W | X
Access Control
The process of ensuring that systems are accessed only by those authorized
to do so, and only in a manner for which they have been authorized.
Algorithm
An algorithm is a set of rules that specifies a method of carrying out a task
(e.g., encryption algorithm).
Archive
To store records and associated journals for a given period of time for security,
backup, or auditing purposes.
Audit logs
All significant transactions that are recorded in audit logs. Audit logs are
valuable because they record all significant operations.
Authentication
The process of assuring that data has come from its claimed source, or of
corroborating the claimed identity of a communicating party.
Certificates are used to identify the author of a message
or entity, such as a Web server or client. People or applications who receive
a certificate can verify the identity of the certificate's owner and the validity
of the certificate. This process is known as authentication.
Authorization
Determining whether a subject is trusted for a given purpose.
Backup
A copy of computer data that is used to recreate data that has been lost,
mislaid, corrupted, or erased.
Browser
A client program that is used to look at various kinds of Internet resources.
< Back to top
Certification Authority (CA)
An entity that issues and manages certificates within a PKI.
CA certificate
A certificate that identifies a CA. When a CA issues a certificate to a client,
a server, or other entity, the certificate is signed by the CA's private key.
The signature can be verified using the public key in the CA's certificate.
Certificate
A digital identifier linking an entity and a trusted third party able to confirm
the entity's identity. It is used to verify the identity of an individual,
organization, or Web server, and to ensure non-repudiation in business transactions.
Three major kinds of certificates are used in a PKI: CA certificates, server
certificates, and end-entity certificates.
Certificate Revocation List
(CRL)
An enumeration of certificates that have been revoked by a particular CA.
CRLs can be used to check the status of certificates offline.
Certificate Serial Number
A value that unambiguously identifies a certificate generated by a CA.
Certification Authority (CA)
A trusted entity issuing certificates and confirming the identity of, or given
facts about, the certificate's subject.
Client (servers)
A machine that retrieves information from a server.
Compromise
A violation (or suspected violation) of a security policy, in which an unauthorized
disclosure of, or loss of control over, sensitive information may have occurred
(see Data Integrity). The loss of a key through noncryptanalytic means.
Confidentiality
The process of ensuring that data is not disclosed to those not authorized
to see it. Also known as secrecy.
Cryptography
The art or science of transforming clear, meaningful information into an enciphered,
unintelligible form using an algorithm and a key.
Customer
The customer is any person authorized by a data owner to read, enter, or update
that person's data.
< Back to top
Data Integrity
Measures to prevent unauthorized alteration of data, deciphering, or conversion
of ciphertext back into plaintext.
Database
A set of related information created, stored, or manipulated by a computerized
management information system.
Decrypt
To decrypt a protected file is to restore it to its original, unprotected
state.
Decryption
Decryption is the process of transforming ciphertext back into plaintext.
It is the reverse of encryption.
Digital Signature
A data element allowing the recipient of a message or transaction to verify
the content and sender.
Directory
Databases that can be used to search for and retrieve attribute-value pairs.
Directories can be configured to use (or support) authentication and access
control protection. The schema of a directory describes the objects in the
directory.
IdenTrust
IdenTrust Inc. Also refers to computing resources and computer-related
facilities specifically assigned by IdenTrust Inc. to IdenTrust for
operations and maintenance.
< Back to top
Encrypt
To encrypt a file is to render the file completely unreadable. No one can
read the file until it is decrypted. Only authorized recipients can decrypt
the file. You (the key owner) have full control in determining authorized
recipients.
Encryption
A process of disguising information so that an unauthorized person cannot
understand it.
End-entity certificate
A certificate issued to an entity that cannot itself issue certificates (in
essence, it is not a CA). Because the entity that requests such a certificate
is sometimes referred to as the client, end-entity certificates are sometimes
called client certificates.
Entity
A person, computer, organization, or piece of information. In a PKI, an entity
may be thought of as anything to which a certificate may be issued.
< Back to top
Firewall
A combination of hardware and software that separates a LAN into two or more
parts for security purposes.
Frequently Asked Questions
(FAQ)
FAQs are documents that list and answer the most common questions on a particular
subject.
< Back to top
Generate a Key Pair
A trustworthy process of creating private keys whose corresponding public
keys are submitted to the applicable IA during certificate application in
a manner that demonstrates the applicant's capacity to use the private key.
< Back to top
Identification and Authentication
(I&A)
A process that identifies and authenticates a person or a business that applied
to receive a digital certificate.
Identity certificate
A certificate that links a public key value to a real world entity such as
a person, a computer, or a Web server. Server certificates, CA certificates,
and most end-entity certificates are all examples of identity certificates.
Integrity
The element of data protection concerned with ensuring that data cannot be
deleted, modified, duplicated, or forged without detection.
Internet
A global public network consisting of millions of interconnected computers
all linked together using the Internet protocol.
Issuing
The act of signing a certificate request with the private key of a CA to create
a certificate.
< Back to top
Key
A special number that an encryption algorithm uses to change data, making
that data secure.
Key lifetime
The length of time for which a key is valid. All keys have a specific lifetime
except the decryption private key, which never expires. Default key lifetimes
are defined by Security Officers as part of an organization's security policy.
Key management
Administering keys securely so that they are provided to users where and when
they are needed. Processes associated with the secure generation, transport,
storage, and destruction of encryption keys.
Key recovery
A key management process associated with the retrieval of a key lost by the
keyholder to ensure access to ciphertext created with the key in question.
Key update
When key pairs are updated, they are replaced with the new key pairs, and
new public key certificates are created. The new keys and certificates have
no relation to the old keys and certificates.
Key
When used in the context of encryption, a series of numbers which are used
by an encryption algorithm to transform plaintext data into encrypted (ciphertext)
data, and vice versa.
< Back to top
Lightweight Directory Access
Protocol (LDAP)
The standard Internet protocol for accessing directory systems over a network.
LDAP is a "lightweight" (smaller amount of overhead) version of DAP (Directory
Access Protocol), which is part of X.500, a standard for directory services
in a network. Sentry's Secure Directory is an LDAP directory.
Lightweight Directory Applications
Protocol
The Internet standard for simple directories for use in messaging and similar
applications.
< Back to top
National Institute of Standards
& Technology (NIST)
The National Institute of Standards and Technology (NIST) is taking a leadership
role in the development of a Federal Public Key Infrastructure that supports
digital signatures and other public key-enabled security services. NIST is
coordinating with industry and technical groups developing PKI technology
to foster interoperability of PKI products and projects.
Netscape Communicator
A Web browser, widely recognized and popular.
< Back to top
Out-of-band
Not in the electronic pipeline; any communication which is not computer-to-computer.
< Back to top
Password
A sequence of characters which allows users access to a system. Although they
are supposed to be unique, experience has shown that most people's choices
are highly insecure. People tend to choose short words such as names, which
are easy to guess.
Personal Identification Number
(PIN)
A sequence of digits used to verify the identity of the holder of a token.
It is a kind of password.
Policy
An informal, generally natural language description of desired system behavior.
Policies may be defined for particular requirements, such as confidentiality,
integrity, availability, safety, etc.
Portal
The place people see when using the Web.
Private Key
The private part of a key pair. With Sentry CA and Sentry RA, private keys
are generated on the client whenever a certificate request is made. Private
keys must be securely stored to prevent unauthorized access and accidental
deletion. In general, information encrypted with a private key can only be
decrypted with the corresponding public key. A digital signature involves
encrypting messages with a private key and allows anyone with a corresponding
public key to decrypt the message to be certain of who sent the message and
that it has not been tampered with.
Protocol
A series of steps involving two or more parties designed to accomplish a task.
Public Key
The public and widely distributed part of a key pair. A cryptographic key employed
in public key cryptography to encrypt (usually small) amounts of data to the
key's owner, or to verify the key owner's signature. A certificate contains
information about the certificate subject, the certificate's signer, and a
public key value. In general, information encrypted with a public key can
only be decrypted with the corresponding private key. It can be published
without revealing the owner's corresponding private key.
Public key algorithm
An asymmetric algorithm, so designed that the key used for encryption is different
from the key used for decryption.
Public Key Cryptography
A form of asymmetric encryption where all parties possess a pair of keys,
one private and one public, for use in encryption and digital signing of data.
Public Key Cryptography Standard
(PKCS)
A set of commonly applied data cryptography standards developed by RSA Data
Security Inc. for making secure information exchange possible. The standards
include RSA encryption, password-based encryption, extended certificate syntax,
and cryptographic message syntax for S/MIME, RSA's proposed standard for secure
e-mail.
Public Key Infrastructure (PKI)
A system for publishing the public key values used in public key cryptography.
Also a system used in verifying, enrolling, and certifying users of a security
application. All PKIs involve issuing public key certificates to individuals,
organizations, and other entities and verifying that these certificates are
indeed valid.
< Back to top
Recovering a user
Recovering means generating a new signing key pair and securely retrieving
from the Certification Authority, your current encryption public key certificate,
decryption private key history, verification public key certificate, and CA
verification public key certificate.
Registration Authority (RA)
The part of a PKI involved in verifying and enrolling users. RAs work with
a particular CA to vet requests for certificates that will then be issued
by the CA.
Repository
A database of certificates and other relevant information accessible online.
Repudiation
The denial or attempted denial by an entity involved in a communication of
having participated in all or part of the communication.
Revocation
Revoking a certificate makes the certificate invalid, effectively suspending
all of the certificate user's privileges in the PKI. Revocation is necessary
if the CA administrator wants to retract the certificate before it expires.
Certificates are revoked by marking them as invalid in the Secure Directory.
Users of the PKI are notified of a certificate's revoked status during online
validation or with CRLs.
Roaming Certificate
A type of digital certificate that uses IdenTrust's Roaming Solution to store and
manage the subscriber's private key. The private key associated with a Roaming Certificate is not
stored on a particular computer. Rather, it is accessible temporarily during an online session
facilitated by the Roaming Client. This means that Roaming Certificate holders have the ability
to access and use their Roaming Certificates from any computer with the Roaming Client installed.
A Roaming Certificate is always protected by a password.
Roaming Client
A software tool that is installed on the computer used by a subscriber who
holds a Roaming Certificate. The Roaming Client will prompt the subscriber to enter a password
whenever the subscriber wants to use the certificate to digitally sign or log in to a website
that requires user authentication.
Roaming Password
The password you enter into the Roaming Client software when you use your
Roaming Certificate to digitally sign or log in to a secure website that requires user authentication.
You must protect the secrecy of your Roaming Password at all times, because it forms part of the
private key that uniquely identifies you in the process of signing or user authentication.
Roaming Solution
An online service that allows subscribers to use Roaming Certificates.
It includes the Roaming Client software installed on each subscriber's computer that works in
conjunction with a secure key storage and management system hosted by IdenTrust.
The Roaming Client and the online key storage system communicate and interact with each other
every time a subscriber uses a Roaming Certificate to digitally sign or log in to a secure
web site that requires user authentication.
Root
The IA that issues the first certificate in a certification chain. The root's
public key must be known in advance by a certificate issuer in order to validate
a certification chain. The root's public key is made trustworthy by some mechanism
other than a certificate, such as by secure physical distribution.
Root CA
The source CA is a certification path. Generally, the Root CA is a self-signed
CA that is used to sign the certificates of other CAs. The Root CA may also
be referred to as a top-level CA to reflect the CA's position in a hierarchical
PKI.
RSA keys
The encryption keys employed in the RSA cryptography system.
< Back to top
Schema
A schema describes an object and its attributes in LDAP.
Secure Sockets Layer (SSL)
An encryption standard devised by Netscape Communications for secure communication
over the World Wide Web. SSL is a protocol layer created by Netscape to manage
the security of message transmissions in a network. The "sockets" part of
the term refers to the sockets method of passing data back and forth between
client and server programs in a network or between program layers in the same
computer. Now in widespread use in all Web browsers. It is about to be superseded
by TLS, an open standard developed by the IETF.
Secure/Multipurpose Internet
Mail Extensions (S/MIME)
S/MIME is a specification for secure electronic mail and was designed to add
security to e-mail messages in MIME format. The security services offered
are authentication (using digital signatures) and privacy (using encryption).
Security
The quality or state of being protected from unauthorized access or uncontrolled
losses or effects. Absolute security is impossible to achieve in practice
and the quality of a given security system is relative. Within a state-model
security system, security is a specific "state" to be preserved under various
operations.
Server
A machine running a service. A Web server provides a Web-based information
service to a community of machines. A computer, or a software package, that
provides a specific kind of service to client software running on other computers.
Server Certificate
A certificate issued to a server. Servers present their certificates to Web
browsers so they can verify (authenticate) the identity of the server. Server
certificates are sometimes called SSL certificates.
SHA-1
Secure Hash Algorithm-a hash function first originated by the US National
Security Agency and National Institute of Standards and Technology.
Signer
A person who creates a digital signature for a message or a signature for
a document.
Smart Card
A hardware token that incorporates one or more integrated circuit (IC) chips
to implement cryptographic functions and that possesses some inherent resistance
to tampering. A plastic card (looks like a credit card) with an embedded computer
chip, used most widely in Europe. Many countries use the smart card for pay
telephones. There are also smart credit cards and smart cash cards.
SSL Server Authentication
The process whereby a client application authenticates a server by verifying
the certificate chain presented by the server during SSL operations.
Subscriber Agreement
The agreement executed between a subscriber and a CA for the provision of
designated public certification services in accordance with this CPS. Test
Certificate A certificate issued by a CA for the limited purpose of internal
technical testing. Test certificates may be used by authorized persons only.
< Back to top
Time Stamp
A notion that indicates (at least) the correct date and time of an action
and the identity of the person or device that sent or received the time stamp.
Token
A physical object, often containing sophisticated electronics, which is required
to gain access to a system. Some tokens contain a microprocessor, and are
called intelligent tokens, or smart cards.
Trust
A person or system in which confidence or faith is placed.
Trusted Third Party
Someone other than the principals who are involved in a transaction.
Type of Certificate
The defining properties of a certificate, which limit its intended purpose
to a class of applications uniquely associated with that type.
< Back to top
Uniform Resource Locator (URL)
A URL is used to specify the location and name of a World Wide Web document,
for example, http://www.IdenTrust.com. Previously called Universal Resource
Locator.
Universal Resource Locator
(URL)
Same as Uniform Resource Locator.
User
Any person utilizing resources provided and maintained by Digital Signature
Trust Co. (IdenTrust). An authorized entity that uses a certificate. User authentication
Determining that a user truly is authentic.
< Back to top
Validation
The process of verifying that a certificate is still valid. Validation can
occur online or through the use of CRLs.
< Back to top
World Wide Web
The whole constellation of resources that can be accessed using Gopher, FTP,
HTTP, telnet, USENET, WAIS and some other tools. A hypertext-based, distributed
information system in which users may create, edit, or browse hypertext documents.
A graphical document publishing and retrieval medium. A collection of linked
documents that reside on the Internet.
< Back to top
X.509
The ITU (International Telecommunications Union) standard for certificates.
X.509 v3 refers to certificates containing or capable of containing extensions.
Also an International Standards Organization (ISO) standard that describes
a basic electronic format for digital certificates.
X.509 v3 Certificate Extension
The PKI suites used by IdenTrust support X.509 v3 certificate extensions including
extensions for PKIX, SET, and SSL. These extensions conform to the X.509 standard
and specify additional constraints or capabilities on the certificate subject.
< Back to top
A | B | C | D | E | F | G | I | K | L | N | O | P | R |
S | T | U | V | W | X
|
