Authentication | Authentication is the process of confirming the identity of a party with whom one is communicating. |
CA | A CA (Certificate Authority) issues and manages security credentials and public keys for message encryption and decryption. The private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never shared with anyone or sent across the Internet.
A CA (certificate Authority) issues digital certificates which contain a public key and the identity of the owner. The CA also attests that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates. |
Certificate, (Public Key Certificate) | A certificate is a digitally signed statement vouching for the identity and public key of an entity (person, company, etc.). Certificates can either be self-signed or issued by a Certification Authority (CA). Certification Authorities are entities that are trusted to issue valid certificates for other entities. Well-known CAs includes VeriSign, Entrust, and GTE CyberTrust. X509 is a common certificate format, and they can be managed by the JDK's keytool.
Certificate definition from Entrust documentation Certificate definition from Wikipedia |
Certificate Serial Number | Serial Number A certificate serial number uniquely identifies a certificate (and thereby an entity and a public key) among those signed by a particular certificate issuer. |
CRL | Certificate Revocation List
A certificate revocation list contains information about certificates whose validity an issuer has prematurely revoked. The information consists of an issuer name, the time of issue, the next scheduled time of issue, and a list of certificate serial numbers and their associated revocation times. The CRL is digitally signed by the issuer. |
Cipher Suite | A cipher suite is a combination of lower-level algorithms that an SSL connection uses to do authentication, key exchange, and stream encryption. |
DER | Distinguished Encoding Rules
Data encoding format
|
Digital Signature | A digital signature is the digital equivalent of a handwritten signature. It is used to ensure that data transmitted over a network was sent by whoever claims to have sent it and that the data has not been modified in transit. For example, an RSA-based digital signature is calculated by first computing a cryptographic hash of the data and then encrypting the hash with the sender's private key. |
DN | Distinguished Name (see FQDN) |
FQDN | Fully Qualified Distinguished Name
Also called DNS (Domain Name Service) name The FQDN prevent attacks by tying a certificate to some piece of information unique to a machine (its FQDN). For example, The common practice with X.509.v1 certificates was to put the FQDN in the certificate&'s commonName field. This practice is no longer recommended for new applications since X.509v3 allows certificate extensions to hold the FQDN as well as other identifying information, such as IP address. The proper place for FQDN is the dNSName field of the subjectAltName extension. The dNSName should be checked first, and if is missing, the commonName checked. Checking the commonName is strictly for backward compatibility. |
HTTP | Hypertext Transfer (or Transport) Protocol is the data transfer protocol used on the World Wide Web. |
Infrastructure | The basic, underlying framework and/or features of a system. |
IP | IP (Internet Protocol) is the method by which information is sent between any two devices (computers, printers, etc.) on the Internet. Each device on the Internet is assigned a unique address so information can be routed to it. |
LDAP | Light Weight Directory Access Protocol.
Defined by RFCs. They defines an access protocol, data model, API bindings, etc. |
MAC | Message Authentication Code
A Message Authentication Code (MAC) provides a way to check the integrity of information transmitted over or stored in an unreliable medium, based on a secret key. Typically, MACs are used between two parties that share a secret key in order to validate information transmitted between these parties. A MAC mechanism that is based on cryptographic hash functions is referred to as HMAC. HMAC can be used with any cryptographic hash function, such as Message Digest 5 (MD5) and Secure Hash Algorithm (SHA), in combination with a secret shared key. HMAC is specified in RFC 2104. |
Out of Band | The exchange of information using a method other thatn the standard one. |
PEM | Privacy Enhanced Mail
Data encoding format
|
PKCS | Public Key Cryptography Standards
A series of cryptographic standards dealing with public-key issues, published by RSA Laboratories. |
PKI | Public Key Infrastructure
An infrastructure that supports Public Key Cryptography. It usually includes:
|
port | An application runing on a specific computer has a socket that is bound to a specific port number. Servers listening to a port for a client to make a connection request. When a client connects to a server it tells the server what port it is listenming on. Port numbers are from 0 to 65535. Some ports have preassigned numbers and are known as "well-known ports". Ports 0 to 1024 are reserved for use by certain privileged services. For example, port 80 is defined as a default for HTTP (web servers). Note: Ubuntu contains a file with a list of the "well-known-ports". Enter the command "$ less /etc/services" to display this file. |
Protocol | A communication/network protocol is a formal description of message formats and the rules two computers must follow to exchange those messages.
There are three basic purposes for communication protocols:
|
RA | Registration Authority (part of a public key infrastructure) |
S/MIME | Secure Multipurpose Internet Mail Exchange
S/MIME provides encryption and authentication services for email. It uses a PKI to establish trust, which means it is capable of scaling to support large groups of people. |
Secret Key Cryptography | Secret key cryptography uses an encryption algorithm in which the same key is used both to encrypt and decrypt the data. Secret key cryptography is also called symmetric cryptography. |
SSL | Secure Socket Layer
SSL is a application layer protocol created by Netscape for managing the security of message transmissions in a network. SSL uses the public-and-private key encryption, which also includes the use of a digital certificate. |
Socket | A socket is one end-point of a two-way communication link between two programs running on the network. On a particular machine, a socket is bound to a port (number) on that machine. |
TCP | TCP (Transmission Control Protocol) is a protocol developed for the internet to get data from one network device to another. TCP uses a retransmission strategy to insure that data will not be lost in transmission |
TLS | Transport Layer Security
TLS is the latest version of SSL. It is an enhancement of SSL version 3.0, and is a proposed Internet Standard (see RFC2246). |
Vetting | Vetting is a process of examination and evaluation. It often refers to performing a background check on someone or verifying there identity before giving them an account, special privileges, etc. |
VPN | A Virtual Private Network is a network that uses the internet to transfer information using secure methods such as SSL. |