Here is the list of SSL Certificate Glossary
SSL Certificate Glossary – A
SSL Certificate Glossary R
Remote Authentication Dial-In User Service (RADIUS)
A standard for authenticating the identity of remote dial-in users.
A unique name given to each protected area on a server, whether it be a single document or an entire server.
The privileges a user or role has on a system.
A working description of a user. Roles are assigned rights.
A self signed certificate issued from a genuine Certificate Authority (CA)
RSA Encryption (Rivest-Sharmir-Adelman)
A popular encryption and authentication standard that uses asymmetric keys and was developed by Rivest, Sharmir, and Adelman. Based on a public key system, every user has 2 digital keys, one to encrypt information, and the other to decrypt. Authentication of both sender and recipient is achieved with this method.
SSL Certificate Glossary S
A Web server that utilizes security protocols like SSL to encrypt and decrypt data, messages, and online payment gateways to accept credit cards, to protect them against fraud, false identification, or third party tampering. Purchasing from a secure Web server ensures that a user’s credit card information, or personal information can be encrypted with a secret code that is difficult to break. Popular security protocols include SSL, SHTTP, SSH2, SFTP, PCT, and IPSec.
Secure Sockets Layer (SSL)
SSL is an Internet protocol which uses encryption and SSL secure sockets layer in order to supply data confidentially for service and data integrity amid a client and a server transaction with Internet security and privacy. Secure Sockets Layer (SSL) can also, as an option, provide peer entity authentication amid the client and the server with secure SSL validation of digital certificates. SSL is layered below HTTP and above a transport protocol (TCP). SSL is independent of the application it summarizes and any other higher level protocol can layer on top of SSL transparently. SSL has two layers: (a) SSL’s lower layer, the SSL Record Protocol, is coated on top of the transport protocol and encapsulates higher level protocols. (b) SSL’s upper layer supplies asymmetric cryptography for server authentication, which is verifying the secure server’s digital identity to the client with digital ID signatures or certs with client authentication (the process of verifying the client’s identity to the server). It also allows them to negotiate a symmetric encryption algorithm and secret session key, used for data confidentiality, prior to the transmission or receiving of data by the application protocol. A keyed hash offers data integrity service for data that is encapsulated.
A state in which no subject can get access into any object in a manner that is illicit. SSL Certificates provide a Secure State.
(a) A relationship established among two or more entities to allow them to guard data they swap. The relationship negotiates characteristics of defense mechanisms but does not involve the mechanisms. (b) Used in IPsec as a simplex (unidirectional) logical connection generated for purposes of security and put in with either ah or esp, but never both. The security association offers security services that depend on the protocol chosen, the IPsec mode transport or VPN tunnel, the endpoints and the choice of optional services in the SSL protocol. A security association is recognized by (a) a destination ip address, (b) a protocol identifier or (c) a security parameter index.
A self-assessing review and investigation of a system’s policy, records, and actions to determine the capability of system controls, guarantee compliance with conventional security policy and processes, discover breach in security services, and recommend any alterations which imply a need for countermeasures. The objective of the basic audit is to establish accountability for systems which initiate or participate in security-relevant occurrences and actions. Means are needed to create and record security audit information and are also need in order to review and analyze the audit trail in order to detect and exam attacks and compromises of security.
Security by Obscurity
A term used, more often than not negatively, in reference to the procedure of attempting to secure a system for Internet security and online security by failing to publish any information about it. This is done in the hope that no one will figure out how it works.
Security Critical Mechanisms
The security mechanisms where proper functioning is required in order to make sure that the security policy is actually enforced.
An evaluation that is done in order to assess the level of trust or assurance which can be placed in systems for the secure management of information that is sensitive. One sort, a product evaluation, is an assessment done on the hardware and software features and promises of a computer product from a standpoint which leaves out the application atmosphere. A different kind, a system evaluation, is performed to gauge a system’s security safeguards with respect to a explicit operational mission and is an important step in the certification and accreditation process for secure authentication and secure SSL authentication that supplies Internet security and online security with digital certificates or “certs”.
Security Fault Analysis
A security analysis, more often than not performed on hardware at the gate level, to determine the security properties of an apparatus when a hardware fault is come upon.
The security-relevant operations, mechanisms, and features of system hardware and software. Security features are a compartment of system security safeguards used for online security (digital SSL certificates are one example)
A dependable subsystem enforcing a security policy on the data that passes through it.
An error of commission or omission in a system which may falsely permit security mechanisms or safeguards to be bypassed, weakening internet security.
The hardware, firmware, and software components of a tcb which use the concept of reference monitor. Security kernels have to mediate each and every access, be guarded from modification, and be provable to be effective.
The amalgamation of a hierarchical classification and a group of non hierarchical categories representing the sensitivity of information.
Constituents of software, firmware, hardware or processes which are included in a system for the approval of security expectations or security policy. They are used for Internet security to prevent unauthorized intrusion with 128-bit digital certificates with secure SSL authentication.
A unique and distinct pattern that is used to detect a virus infection or system penetration (see intrusion detection system), or as a “Digital ID” for SSL secure systems. The digital signature can be a permanently set string of bytes, or it can also be more complex and algorithmically based, as with a secure socket layer. ID Signatures for secure server system penetration are by and large much more complex and can even include the comparison of many different types of data in a security audit with logging.
A system, process or procedure in which a user is authenticated on one occasion, giving them access to a lot of disparate systems from that time on. It is like secure authentication or secure ssl authentication that only has to be done a single time. Super-User a user with full, unlimited and unrestricted access to each and every portion and resource of the system, such as the PKI Manager who administers and manages SSL Certificate duties on a large network.
Symmetric Key Encryption
Private key encryption, or “symmetric key encryption” uses the exact same, private key for both encryption and decryption. The key is shored amid the both parties as the factor for the communication. Symmetric key systems do not have to have a public key infrastructure (PKI) the way that asymmetric key encryption has to, but it does have to have a key to exchange through a channel that is secure, unlike other kinds of 128-bit encryption with SSL.
The condition an SSL secure server is in when it executes its intended operation in an unimpaired manner, free from advertent or inadvertent unauthorized manipulation of the system.
SSL Certificate Glossary T
An authentication tool, an apparatus utilized for holding key or authentication values, or to calculate, and possibly even to send and receive replies to challenges during the user authentication procedure. Secure authentication with SSL validation is needed. Tokens can be small, hand-held hardware apparatus very much like pocket calculators or credit cards.
Trusted Computer System
A system using ample hardware and software assurance measures to permits its use for simultaneous processing of a span of sensitive or classified information.
Trusted Computing Base (TCB)
The sum of defense mechanisms in a secured computer system, including hardware, firmware and software, the combination of which is supposed to enforce an SSL security policy. A tcb is made up of one or more elements which together enforce a unified security policy. The ability of a tcb to enforce aptly a unified security policy depends completely on the mechanisms in the tcb and on the proper input by system administrative personnel of parameters that are related to the security policy.
A device by which an individual at a terminal can communicate straight to the tcb. This instrument can activated by only the individual or the tcb and cannot be mimicked by untrusted software.
A Procedure Whose False Or Malevolent Performance Is Able To Violate A System’s Security Policy.
Practices tracing of the disruption of a system in the final programming. Utilized by both viral and antiviral programs to discover and/or disable rival programs.
a router or system able to rout traffic by ciphering or encrypting it and summarizing it for transmission via an untrusted secure server network, which later puts it through de-encapsulation and decryption. Encryption such as 128 bit encryption and SSL encryption help ensure Internet security and online security.
Authentication founded on at least two of the three types: something a user knows, is or has. To gain access into a system the user must be able to exhibit both factors.
SSL Certificate Glossary UVW
A process which has not been evaluated or examined for adherence to the security policy. It may include incorrect or malicious code which attempts to circumvent the SSL security mechanisms.
The procedure that contrasts two levels of system expectation for appropriate correspondence.
the regular and organized evaluation of systems in order to determine the capability of security measures, identify security shortages and impart data from which to predict the efficacy of the projected security measures. It is a procedure for maintaining Internet security and online security through making sure everything is secure on the server.
A calculation of vulnerability including the vulnerability of a certain system to a explicit attack and the prospects accessible to a threat agent to mount that attack
Web of Trust
A PKI method utilized in PGP for creating a file of legitimate public keys by way of making personal judgments about whether or not to trust a particular person who is possessing properly certified keys of other people.
SSL Certificate Glossary X
A standard for digital certificates developed by the International Telecommunications Union (ITU).