Appendix B

Betting Sites Not On Gamstop UK 2025

This glossary defines the terms and abbreviations in this book that may be new or unfamiliar and terms that may be of interest. It includes terms and definitions from:

The IBM Dictionary of Computing, New York: McGraw-Hill, 1994.

The American National Standard Dictionary for Information Systems, ANSI X3.172�1990, American National Standards Institute (ANSI), 1990.

The Answers to Frequently Asked Questions, Version 3.0, California: RSA Data Security, Inc., 1998.

Abstract Syntax Notation One (ASN.1). An ITU notation that is used to define the syntax of information data. It defines a number of simple data types and specifies a notation for identifying these types and for specifying values of these types. These notations can be applied whenever it is necessary to define the abstract syntax of information without curbing how the information is encoded for transmission.

access control list (ACL). A mechanism for limiting the use of a specific resource to authorised users.

ACL. Access control list.

American National Standard Code for Information Interchange (ASCII). The standard code that is used for information interchange among data processing systems, data communication systems, and associated equipment. The ASCII set uses a coded character set that consists of 7-bit coded characters (8 bits including a bit for parity checking). The character set consists of control characters and graphic characters.

American National Standards Institute (ANSI). An organisation that establishes the procedures by which accredited organisations create and maintain voluntary industry standards in the United States. It consists of producers, consumers, and general interest groups.

ANSI. American National Standards Institute.

applet. A computer program that is written in Java and runs inside a Java-compatible Web browser. Also known as a Java applet.

ASCII. American National Standard Code for Information Interchange.

ASN.1. Abstract Syntax Notation One.

asymmetric cryptography. Cryptography that uses different, asymmetric keys for encryption and decryption. Each user receives a pair of keys: a public key accessible to all, and a private key known only to the user. A secure transaction can occur when the public key and the corresponding private key match, enabling the decryption of the transaction. This is also known as key pair cryptography. Contrast with symmetric cryptography.

asynchronous communication. A mode of communication that does not require the sender and recipient to be present simultaneously.

audit trail. Data, in the form of a logical path, that links a sequence of events. An audit trail enables tracing of transactions or the history of a given activity.

authentication. The process of reliably determining the identity of a communicating party.authorisation. Permission to access a resource.

base64 encoding. A common means of conveying binary data with MIME.

Basic Encoding Rules (BER). The rules specified in ISO 8825 for encoding data units described in abstract syntax notation 1 (ASN.1). The rules specify the encoding technique, not the abstract syntax.

BER. Basic Encoding Rules.

browser. See Web browser.

browser certificate. A digital certificate is also known as a client-side certificate. It is issued by a CA through an SSL-enabled Web server. Keys in an encrypted file enable the holder of the certificate to encrypt, decrypt, and sign data. Typically, the Web browser stores these keys. Some applications permit storage of the keys on smartcards or other media. See also digital certificate.

CA. Certificate authority.

CA certificate. A certificate your Web browser accepts, at your request, from a CA it does not recognise. The browser can then use this certificate to authenticate communications with servers that hold certificates issued by that CA.

CA hierarchy. A trust structure whereby one CA is located at the top of the structure and multiple layers of subordinate CAs are located below. When users or servers are registered with a CA, they receive a certificate signed that is by that CA as well as the certification hierarchy of the layers above.

CA server. The Certificate Authority (CA) component of a PKI solution

CAST-64. A block cipher algorithm that uses a 64-bit block size and a 6-bit key. It was designed by Carlisle Adams and Stafford Tavares.

CCA. IBM Common Cryptographic Architecture.

CDSA. Common Data Security Architecture.

Common Data Security Architecture (CDSA ). An initiative to define a comprehensive approach to security service and security management for computer-based security applications. It was designed by Intel, to make computer platforms more secure for applications.

certification authority (CA). The software responsible for following an organisation�s security policies and assigning secure electronic identities in the form of certificates. The CA processes requests from RAs to issue, renew, and revoke certificates. The CA interacts with the RA to publish certificates and CRLs in the Directory. See also digital certificate.

certificate extension. An optional feature of the X.509v3 certificate format that provides for the inclusion of additional fields in the certificate. There are standard extensions and user-defined extensions. Standard extensions exist for various purposes, including key and policy information, subject and issuer attributes, and certification path constraints.

certificate policy. A named set of rules that indicates the applicability of a certificate to a particular class of applications that have common security requirements. For example, a certificate policy might indicate whether a particular certification type allows a user to conduct transactions for goods within a given price range.

certificate profile. A set of characteristics that define the type of certificate wanted (such as SSL certificates or IPSec certificates). The profile aids in managing certificate specification and registration. The issuer can change the names of the profiles and specify characteristics of the desired certificate, such as the validity period, key usage, DN constraints, and so forth.

certificate revocation list (CRL). A digitally signed, time-stamped list of certificates that the certificate authority has revoked. The certificates in this list should be considered unacceptable. See also digital certificate.

certification. The process during which a trusted third party issues an electronic credential that vouches for an individual, business, or organisational identity.

CGI. Common Gateway Interface.

chain validation. The validation of all CA signatures in the trust hierarchy through which a given certificate was issued. For example, if a CA was issued its signing certificate by another CA, both signatures are validated during validation of the certificate that the user presents.

cleartext. Data that is not encrypted. Synonym for plaintext.

client. (1) A functional unit that receives shared services from a server. (2) A computer or program that requests a service of another computer or program.

client/server. A model in distributed processing in which a program at one site sends a request to a program at another site and waits for a response. The requesting program is called a client; the answering one is called a server.

code signing. A technique for signing executable programs with digital signatures. Code signing is designed to improve the reliability of software that is distributed over the Internet.

Common Gateway Interface (CGI). Standard method of transmitting information between Web pages and Web servers.

confidentiality. The property of not being divulged to unauthorised parties.

credential. Confidential information used to prove one�s identity in an authentication exchange. In environments for network computing, the most common type of credential is a certificate that a CA has created and signed.

CRL. Certificate revocation list.

CRL publication interval. Set in the CA configuration file, the interval of time between periodic publications of the CRL to the Directory.

cross-certification. A trust model whereby one CA issues to another CA a certificate that contains the public key associated with its private signature key. A cross-certified certificate allows client systems or end entities in one administrative domain to communicate securely with client systems or end entities in another domain.

cryptographic. Pertaining to the transformation of data to conceal its meaning.

cryptography. In computer security, the principles, means, and methods for encrypting plaintext and decrypting encrypted text.

Data Encryption Standard (DES). An encryption block cipher, defined and endorsed by the U.S. government in 1977 as an official standard. IBM developed it originally. DES has been extensively studied since its publication and is a well-known and widely used cryptographic system.

DES is a symmetric cryptographic system. When it is used for communication, both the sender and receiver must know the same secret key. This key is used to encrypt and decrypt the message. DES can also be used for single-user encryption, such as to store files on a hard disk in encrypted form.�

DES has a 64-bit block size and uses a 56-bit key during encryption. It is was originally designed for implementation in hardware. NIST has recertified DES as an official U.S. government encryption standard every five years.

decrypt. To undo the encryption process.

DEK. Document encrypting key.

DER. Distinguished Encoding Rules.

DES. Data Encryption Standard.

Diffie-Hellman. A method of establishing a shared key over an insecure medium, named after the inventors (Diffie and Hellman).

digital certificate. An electronic credential that is issued by a trusted third party to a person or entity. Each certificate is signed with the private key of the CA. It vouches for an individual, business, or organisational identity.

Depending on the role of the CA, the certificate can attest to the authority of the bearer to conduct e-business over the Internet. In a sense, a digital certificate performs a similar role to a driver�s license or a medical diploma. It certifies that the bearer of the corresponding private key has authority to conduct certain e-business activities.

A certificate contains information about the entity it certifies, whether person, machine, or computer program. It includes the certified public key of that entity.

digital signature. A coded message added to a document or data that guarantees the identity of the sender.

A digital signature can provide a greater level of security than a physical signature. The reason for this is that a digital signature is not an encrypted name or series of simple identification codes.

Instead, it is an encrypted summary of the message that is being signed. Thus, affixing a digital signature to a message provides solid identification of the sender. (Only the sender�s key can create the signature.) It also fixes the content of the message that is being signed (the encrypted message summary must match the message content or the signature is not valid).

Thus, a digital signature cannot be copied from one message and applied to another because the summary, or hash, would not match. Any alterations to the signed message would also invalidate the signature.

Digital Signature Algorithm (DSA). A public key algorithm that is used as part of the Digital Signature Standard. It cannot be used for encryption, only for digital signatures.

Directory. A hierarchical structure intended as a global repository for information related to communications (such as e-mail or cryptographic exchanges). The Directory stores specific items that are essential to the PKI structure, including public keys, certificates, and certificate revocation lists.

Data in the Directory is organised hierarchically in the form of a tree, with the root at the top of the tree. Often, higher level organisations represent individual countries, governments, or companies. Users and devices are typically represented as leaves of each tree. These users, organisations, localities, countries, and devices each have their own entry. Each entry consists of typed attributes. These provide information about the object that the entry represents.

Each entry in the Directory is bound with an associated distinguished name (DN). This is unique when the entry includes an attribute that is known to be unique to the real world object. Consider the following example DN. In it, the country (C) is GB, the organisation (O) is NSS, the organisational unit (OU) is Trust, and the common name (CN) is CA1. C=GB/O=NSS/OU=Trust/CN=CA1

Directory server. A certificate repository that is updated automatically by the CA. The Directory usually supports LDAP standards and can be queried by internal and external users in order to retrieve certificates and public key details.

Distinguished Encoding Rules (DER). Provides constraints on the BER. DER selects just one type of encoding from those that the encoding rules allow, eliminating all of the sender�s options.

distinguished name (DN). The unique name of a data entry that is stored in the Directory. The DN uniquely identifies the position of an entry in the hierarchical structure of the Directory.

DN. Distinguished name.

document encrypting key (DEK). Typically, a symmetric encryption/decryption key, such as DES.

domain. See security domain and registration domain.

DSA. Digital Signature Algorithm.

e-business. Business transactions over networks and through computers. It includes buying and selling goods and services. It also includes transferring funds through digital communications.

e-commerce. Business-to-business transactions. It includes buying and selling goods and services (with customers, suppliers, vendors, and others) on the Internet. It is a primary element of e-business.

end-entity. The subject of a certificate that is not a CA.

encrypt. To scramble information so that only someone who has the appropriate decryption code can obtain the original information through decryption.

encryption/decryption. Using the public key of the intended recipient to encipher data for that person, who then uses the private key of the pair to decipher the data.

enrolment. The process of obtaining credentials for use over the Internet. Enrolment encompasses the requesting, renewing, and revoking of certificates.

enrolment attribute. An enrolment variable that is contained in an enrolment form. Its value reflects the information that is captured during the enrolment. The value of the enrolment attribute remains the same throughout the lifetime of the credential.

enrolment variable. See enrolment attribute.

extranet. A derivative of the Internet that uses similar technology. Companies are beginning to apply Web publishing, electronic commerce, message transmission, and groupware to multiple communities of customers, partners, and internal staff.

File Transfer Protocol (FTP). An Internet client/server protocol for use in transferring files between computers.

firewall. A gateway between networks that restricts the flow of information between networks. Typically, the purpose of a firewall is to protect internal networks from unauthorised use from the outside.

FTP. File Transfer Protocol.

gateway. A functional unit that allows incompatible networks or applications to communicate with each other.

HTML. Hypertext Markup Language.

HTTP. Hypertext Transaction Protocol.

HTTP server. A server that handles Web-based communications with browsers and other programs in a network.

hypertext. Text that contains words, phrases, or graphics that the reader can click with the mouse to retrieve and display another document. These words, phrases, or graphics are known as hyperlinks. Retrieving them is known as linking to them.

Hypertext Markup Language (HTML). A mark-up language for coding Web pages. It is based on SGML.

Hypertext Transaction Protocol (HTTP). An Internet client/server protocol for transferring hypertext files across the Web.

ICL. Issued certificate list.

IETF (Internet Engineering Task Force). A group that focuses on engineering and developing protocols for the Internet. It represents an international community of network designers, operators, vendors, and researchers. The IETF is concerned with the development of the Internet architecture and the smooth use of the Internet.

integrity. A system protects the integrity of data if it prevents unauthorised modification (as opposed to protecting the confidentiality of data, which prevents unauthorised disclosure).

integrity checking. The checking of audit records that result from transactions with external components.

internal structure. See schema.

International Standards Organisation (ISO). An international organisation tasked with developing and publishing standards for everything from wine glasses to computer network protocols.

International Telecommunication Union (ITU). An international organisation within which governments and the private sector coordinate global telecommunication networks and services. It is the leading publisher of telecommunication technology, regulatory, and standards information.

Internet. A worldwide collection of networks that provide electronic connection between computers. This enables them to communicate with each other via software devices such as electronic mail or Web browsers. For example, some universities are on a network that in turn links with other similar networks to form the Internet.

intranet. A network within an enterprise that usually resides behind firewalls. It is a derivative of the Internet and uses similar technology. Technically, intranet is a mere extension of the Internet. HTML and HTTP are some of the commonalties.

IPSec. An Internet Protocol Security standard, developed by the IETF. IPSec is a network layer protocol, designed to provide cryptographic security services that flexibly support combinations of authentication, integrity, access control, and confidentiality. Because of its strong authentication features, it has been adopted by many VPN product vendors as the protocol for establishing secure point-to-point connections over the Internet.

ISO. International Standards Organisation.

ITU. International Telecommunication Union.

Java. A set of network-aware, non-platform-specific computer technologies developed by Sun Microsystems, Incorporated. The Java environment consists of the Java OS, the virtual machines for various platforms, the object-oriented Java programming language, and several class libraries.

Java applet. See applet. Contrast with Java application.

Java application. A stand-alone program that is written in the Java language. It runs outside the context of a Web browser.

Java class. A unit of Java program code.

Java language. A programming language, developed by Sun Microsystems, designed specifically for use in applet and agent applications.

Java Virtual Machine (JVM). The part of the Java run-time environment responsible for interpreting byte codes.

key. A quantity used in cryptography to encipher or decipher information.

key pair. Corresponding keys that are used in asymmetric cryptography. One key is used to encrypt and the other to decrypt.

LDAP. Lightweight Directory Access Protocol.

Lightweight Directory Access Protocol (LDAP ). A protocol used to access the Directory.

MD2. A 128-bit message-digest hash function, designed by Ron Rivest. It is used with MD5 in the PEM protocols.

MD4. A 128-bit message-digest hash function, designed by Ron Rivest. It is several times faster than MD2.

MD5. A one-way message-digest hash function, designed by Ron Rivest. It is an improved version of MD4. MD5 processes input text in 512-bit blocks, divided into 16 32-bit sub-blocks. The output of the algorithm is a set of four 32-bit blocks, which concatenate to form a single 128-bit hash value. It is also used along with MD2 in the PEM protocols.

message digest. An irreversible function that takes an arbitrary-sized message and produces a fixed length quantity. MD5 is an example of a message digest algorithm.

MIME (Multipurpose Internet Mail Extensions). A freely available set of specifications that allows the interchange of text in languages with different character sets. it also allows multimedia e-mail among many different computer systems that use Internet mail standards. For example, the e-mail messages may contain character sets other than US-ASCII, enriched text, images, and sounds.

modulus. In the RSA public key cryptographic system, the product (n) of two large primes: p and q. The best size for an RSA modulus depends on one�s security needs. The larger the modulus, the greater the security. The current RSA Laboratories�recommended key sizes depend on the planned use for the key: 768 bits for personal use, 1024 bits for corporate use, and 2048 bits for extremely valuable keys like the key pair of a CA. A 768-bit key is expected to be secure until at least the year 2004.

NIST. National Institute of Standards and Technology, formerly known as NBS (National Bureau of Standards). It promotes open standards and interoperability in computer-based industries.

nonce. A string that is sent down from a server or application, requesting user authorisation. The user that is asked for authentication signs the nonce with a private key. The user�s public key and the signed nonce are sent back to the server or application that requested authentication. The server then attempts to decipher the signed nonce with the user�s public key. If the deciphered nonce is the same as the original nonce that was sent, the user is authenticated.

non-repudiation. The use of a digital private key to prevent the signer of a document from falsely denying having signed it.

object. In object-oriented design or programming, an abstraction encapsulating data and the operations associated with that data. See also class.

object identifier (OID). An administratively assigned data value of the type defined in abstract syntax notation 1 (ASN.1).

object type. The kind of object that can be stored in the Directory. For example, an organisation, meeting room, device, person, program, or process.

ODBC. Open Database Connectivity.

Open Database Connectivity (ODBC). A standard for accessing different database systems.

Open Systems Interconnect (OSI). The name of the computer networking standards that the ISO approved.

OSI. Open Systems Interconnect.

PC card. Similar to a smartcard, and sometimes called a PCMCIA card. This card is somewhat larger than a smartcard and usually has a greater capacity.

PEM. Privacy-enhanced mail.

PKCS. Public Key Cryptography Standards.

PKCS #1. See Public Key Cryptography Standards.

PKCS #7. See Public Key Cryptography Standards.

PKCS #10. See Public Key Cryptography Standards.

PKCS #11. See Public Key Cryptography Standards.

PKCS #12. See Public Key Cryptography Standards.

PKI. Public key infrastructure.

PKIX. An X.509v3-based PKI.

PKIX certificate management protocol (CMP). A protocol that enables connections with PKIX-compliant applications. PKIX CMP uses TCP/IP as its primary transport mechanism, but an abstraction layer over sockets exists. This enables support for additional polling transports.

PKIX CMP. PKIX certificate management protocol.

PKIX listener. The public HTTP server that a particular registration domain uses to listen for requests from the Client application.

plaintext. Unencrypted data. Synonym for cleartext.

policy exit. In a registration application, an organisation-defined program that is called by the application. The rules specified in a policy exit apply the organisation�s business and security preferences to the enrolment process.

preregistration. A process that allows one user, typically an administrator, to enrol other users. If the request is approved, the RA provides information that allows the user to obtain the certificate at a later time.

privacy. Protection from the unauthorised disclosure of data.

privacy-enhanced mail (PEM). The Internet privacy-enhanced mail standard, that the Internet Architect Board (IAB) adopted to provide secure electronic mail over the Internet. The PEM protocols provide for encryption, authentication, message integrity, and key management.

private key. The key in a public/private key pair that is available only to its owner. It enables the owner to receive a private transaction or make a digital signature. Data signed with a private key can be verified only with the corresponding public key. Contrast with public key. See also public/private key pair.

protocol. An agreed-on convention for inter-computer communication.

proxy server. An intermediary between the computer that is requesting access (computer A) and the computer that is being accessed (computer B). Thus, if an end user makes a request for a resource from computer A, this request is directed to a proxy server. The proxy server makes the request, gets the response from computer B, and then forwards the response to the end user. Proxy servers are useful for accessing World Wide Web resources from inside a firewall.

public key. The key in a public/private key pair that is made available to others. It enables them to direct a transaction to the owner of the key or verify a digital signature. Data encrypted with the public key can be decrypted only with the corresponding private key. Contrast with private key. See also public/private key pair.

Public Key Cryptography Standards (PKCS). Informal inter-vendor standards developed in 1991 by RSA Laboratories with representatives from various computer vendors. These standards cover RSA encryption, the Diffie-Hellman agreement, password-based encryption, extended-certificate syntax, cryptographic message syntax, private-key information syntax, and certification syntax.

* PKCS #1 describes a method for encrypting data by using the RSA public key cryptosystem. Its intended use is in the construction of digital signatures and digital envelopes.

* PKCS #7 specifies a general format for cryptographic messages.

* PKCS #10 specifies a standard syntax for certification requests.

* PKCS #11 defines a technology-independent programming interface for cryptographic devices such as smartcards.

* PKCS #12 specifies a portable format for storing or transporting a user�s private keys, certificates, miscellaneous secrets, and so forth. public key infrastructure (PKI). A standard for security software that is based on public key cryptography. The PKI is a system of digital certificates, certificate authorities, registration authorities, certificate management services, and distributed directory services. It is used to verify the identity and authority of each party involved in any transaction over the Internet.�

These transactions might involve operations where identity verification is required. For example, they might confirm the origin of proposal bids, authors of e-mail messages, or financial transactions.

The PKI achieves this by making the public encryption keys and certificates of users available for authentication by a valid individual or organisation. It provides online directories that contain the public encryption keys and certificates that are used in verifying digital certificates, credentials, and digital signatures.

The PKI provides a means for swift and efficient responses to verification queries and requests for public encryption keys. It also identifies potential security threats to the system and maintains resources to deal with security breaches. Lastly, the PKI provides a digital time stamping service for important business transactions.

public/private key pair. A public/private key pair is part of the concept of key pair cryptography (introduced in 1976 by Diffie and Hellman to solve the key management problem). In their concept, each person obtains a pair of keys, one called the public key and the other called the private key. Each person�s public key is made public while the private key is kept secret. The sender and receiver do not need to share secret information: all communications involve only public keys, and no private key is ever transmitted or shared. It is no longer necessary to trust some communications channel to be secure against eavesdropping or betrayal. The only requirement is that public keys must be associated with their users in a trusted (authenticated) manner (for instance, in a trusted directory). Anyone can send a confidential message by using public information. However, the message can be decrypted only with a private key, which is in the sole possession of the intended recipient. Furthermore, key pair cryptography can be used not only for privacy (encryption), but also for authentication (digital signatures).

RA. Registration authority.

RA administrator. A user who has been authorised to administer certificates and requests for certificates by subscribers

RA server. The Registration Authority component of a PKI solution

RC2. A variable key-size block cipher, designed by Ron Rivest for RSA Data Security. RC stands for Ron�s Code or Rivest�s Cipher. It is faster than DES and is designed as a drop-in replacement for DES. It can be made more secure or less secure against exhaustive key search than DES by using appropriate key sizes. It has a block size of 64 bits and is about two to three times faster than DES in software. RC2 can be used in the same modes as DES.

registration authority (RA). The software that administers digital certificates to ensure that an organisation�s business policies are applied from the initial receipt of an enrolment request through certificate revocation.

registration domain. A set of resources, policies, and configuration options related to specific certificate registration processes.�

registration process. The steps for validating a user, so that the user and the user�s public key can become certified and participate in transactions. This process can be local or Web-based, and can be automated or administered by human interaction.

repudiate. To reject as untrue; for example, to deny that you sent a specific message or submitted a specific request.

RSA. A public key cryptographic algorithm that is named for its inventors (Rivest, Shamir, and Adelman). It is used for encryption and digital signatures.

schema. As relates to the Directory, the internal structure that defines the relationships between different object types.

Secure Electronic Transaction (SET). An industry standard that facilitates secure credit card or debit card payment over untrusted networks. The standard incorporates authentication of cardholders, merchants, and card-issuing banks because it calls for the issuance of certificates.

Secure Sockets Layer (SSL ). An IETF standard communications protocol with built-in security services that are as transparent as possible to the end user. It provides a digitally secure communications channel.

An SSL-capable server usually accepts SSL connection requests on a different port than requests for standard HTTP requests. SSL creates a session during which the exchange signals to set up communications between two modems need to occur only once. After that, communication is encrypted. Message integrity checking continues until the SSL session expires.

security domain. A group (a company, work group or team, educational or governmental) whose certificates have been certified by the same CA. Users with certificates that are signed by a CA can trust the identity of another user that has a certificate signed by the same CA.

server. (1) In a network, a data station that provides functions to other stations; for example, a file server. (2) In TCP/IP, a system in a network that handles the requests of a system at another site, called a client/server.

server certificate. A digital certificate, issued by a CA to enable a Web server to conduct SSL-based transactions. When a browser connects to the server by using the SSL protocol, the server sends the browser its public key. This enables authentication of the identity of the server. It also enables encrypted information to be sent to the server. See also CA certificate, digital certificate, and browser certificate.

servlet. A server-side program that gives Java-enabled servers additional functionality.

SET. Secure Electronic Transaction.

SGML. Standard Generalised Markup Language.

SHA-1 (Secure Hash Algorithm). An algorithm that was designed by NIST and NSA for use with the Digital Signature Standard. The standard is the Secure Hash Standard; SHA is the algorithm that the standard uses. SHA produces a 160-bit hash.

sign. To use your private key to generate a signature. The signature is a means of proving that you are responsible for and approve of the message you are signing.

signing/verifying. To sign is to use a private digital key to generate a signature. To verify is to use the corresponding public key to verify the signature.

Simple Mail Transfer Protocol (SMTP). A protocol that transfers electronic mail over the Internet.

site certificate. Similar to a CA certificate, but valid only for a specific Web site. See also CA certificate.

smartcard. A piece of hardware, typically the size of a credit card, for storing a user�s digital keys. A smartcard can be password-protected.

S/MIME. A standard that supports the signing and encryption of e-mail transmitted across the Internet. See MIME.

SMTP. Simple Mail Transfer Protocol.

SSL. Secure Sockets Layer.

Standard Generalised Markup Language (SGML). A standard for describing mark-up languages. HTML is based on SGML.

symmetric cryptography. Cryptography that uses the same key for both encryption and decryption. Its security rests in the key � revealing the key means that anyone could encipher and decipher messages. The communication remains secret only as long as the key remains secret. Contrast with asymmetric cryptography.

symmetric key. A key that can be used for both encryption and decryption. See also symmetric cryptography.

TCP/IP. Transmission Control Protocol/Internet Protocol.

top CA. The CA at the top of a PKI CA hierarchy.

TP. Trust Policy.

Transmission Control Protocol/Internet Protocol (TCP/IP ). A set of communication protocols that support peer-to-peer connectivity functions for local and wide area networks.

triple DES. A symmetric algorithm that encrypts the plaintext three times. Although many ways exist to do this, the most secure form of multiple encryption is triple-DES with three distinct keys.

trust domain. A set of entities whose certificates have been certified by the same CA.

trusted computer base (TCB). The software and hardware elements that collectively enforce an organisation�s computer security policy. Any element or part of an element that can effect security policy enforcement is security-relevant and part of the TCB. The TCB is an object that is bounded by the security perimeter. The mechanisms that carry out the security policy must be non-circumventable, and must prevent programs from gaining access to system privileges to which they are not authorised.

trust model. A structuring convention that governs how certificate authorities certify other certificate authorities.

tunnel. In VPN technology, an on-demand virtual point-to-point connection made through the Internet. While connected, remote users can use the tunnel to exchange secure, encrypted, and encapsulated information with servers on the corporate private network.

type. See object type.

Unicode. A 16-bit character set that is defined by ISO 10646. The Unicode character encoding standard is an international character code for information processing. The Unicode standard encompasses the principal scripts of the world and provides the foundation for the internationalisation and localisation of software. All source code in the Java programming environment is written in Unicode.

Uniform Resource Locator (URL). A scheme for addressing resources on the Internet. The URL specifies the protocol, host name or IP address. It also includes the port number, path, and resource details needed to access a resource from a particular machine.

URL. Uniform Resource Locator.

user authentication. The process of validating that the originator of a message is the identifiable and legitimate owner of the message. It also validates that you are communicating with the end user or system you expected to.

UTF-8. A transformation format. It enables information processing systems that handle only 8-bit character sets to convert 16-bit Unicode to an 8-bit equivalent and back again without loss of information.

Virtual Private Network (VPN). A private data network that uses the Internet rather than phone lines to establish remote connections. Because users access corporate network resources through an Internet Service Provider (ISP) rather than a telephone company, organisations can significantly reduce remote access costs. A VPN also enhances the security of data exchanges. In traditional firewall technology, message content can be encrypted, but the source and destination addresses are not. In VPN technology, users can establish a tunnel connection in which the entire information packet (content and header) is encrypted and encapsulated.

Web browser. Client software that runs on a desktop PC and enables the user to browse the World Wide Web or local HTML pages. It is a retrieval tool that provides universal access to the large collection of hypermedia material available in the Web and Internet.�

Web server. A server program that responds to requests for information resources from browser programs. See also server.

World Wide Web (WWW). That part of the Internet where a network of connections is established between computers that contain hypermedia materials. These materials provide information and can provide links to other materials in the WWW and Internet. WWW resources are accessed through a Web browser program.

X.500. A standard for putting into effect a multipurpose, distributed and replicated directory service by interconnecting computer systems. Jointly defined by the International Telecommunications Union (ITU), formerly known as CCITT, and the International Organisation for Standardisation and International Electro-Chemical Commission (ISO/IEC).

X.509 certificate. A widely-accepted certificate standard designed to support secure management and distribution of digitally signed certificates across secure Internet networks. The X.509 certificate defines data structures that accommodate procedures for distributing public keys that are digitally signed by trusted third parties.

X.509 Version 3 certificate. The X.509v3 certificate has extended data structures for storing and retrieving certificate application information, certificate distribution information, certificate revocation information, policy information, and digital signatures. X.509v3 processes create time-stamped CRLs for all certificates. Each time a certificate is used, X.509v3 capabilities allow the application to check the validity of the certificate. It also allows the application to determine whether the certificate is on the CRL. X.509v3 CRLs can be constructed for a specific validity period. They can also be based on other circumstances that might invalidate a certificate. For example, if an employee leaves an organisation, their certificate would be put on the CRL.�

Click here to return to the PKI Index Section

Send mail to [email protected] with questions or comments about this web site. Copyright � 1991-2001 The NSS Group. All rights reserved.

Send mail to [email protected] with
questions or comments about this web site.
Copyright � 1991-2001 The NSS Group.
All rights reserved.