Home / Support / Glossary A-E

Content Verification Glossary

ABA Guidelines: The American Bar Association (ABA) Digital Signature Guidelines are a structure of legal codes for using encrypted SSL certificates, digital ids and digital signatures in e-commerce.
Abstract Syntax Notation One: (ASN.1.): ASN.1 (Abstract Syntax Notation One) is a standard way to describe a message (a unit of application data) that can be sent or received in a network. ASN.1 is divided into two parts: (1) the rules of syntax for describing the contents of a message in terms of data type and content sequence or structure and (2) how you actually encode each data item in a message.
Accept a certificate: To manifest approval of a certificate, while knowing or having notice of its contents; or to apply to a licensed certification authority for a certificate, without canceling or revoking the application, if the certification authority subsequently issues a certificate based on the application.
Acceptable User Policy(AUP): An acceptable use policy (AUP) is a written policy that a user must agree to follow before they are allowed to use a product or service.
Acceptance Inspection: The last and final inspection that is done in order to decide whether or not a resource, feature or system meets the technical and performance standards that are specified in order for the system to receive accreditation or SSL certification.
Access: The capability and resources in order to interact or relate with or interact in any other way with a system: a certain kind of communication between a subject and an object, causing the exchange of information, for instance, a secure online payment gateway using Secure Server Certificates.
Access Control: The method of restricting access to the resources of a system solely to authorized programs (for secure authentication), procedures - like encryption --, or Secure Server network systems of any other kind. Access control is the same as controlled access and limited access. They assist in internet security and online security.
Access Control List: A list of users, programs, and/or methods and the conditions of access types to which different tasks are delegated.
Access Level: A hierarchical level of security that is used in order to detect the sensitivity of data, and the clearance or authorization of users. Similar to how digital certificates and SSL certificates help provide secure authentication for intranet and internet security.
Access Period: A time period during which access rights exist, usually given on a daily or weekly basis.
Accreditation: An official pronouncement by the command or management authority which approves the system to function within a certain security mode using a prearranged set of safeguards. Based on the certification, accreditation is a system's formal administration authorization for operation. Like a Digital Certificates (SSL certificates) that bring secure authentication, the accreditation statement attaches security responsibility to the management or operating authority. It proves that care has been appropriately taken in order to provide network security, Internet Security and Extranet security.
ActiveX: ActiveX controls are software modules which seem to be Microsoft's preferred form of active content for Web pages. They have full system access. A digital signature system called Authenticode which simply offers just "run/don't run" options is the only security tool, causing Internet security and online security problems.
Activity Monitor: Antiviral software used to check for indications of suspicious doings - things like attempts to rewrite program files, format disks, etc. The phrase activity monitor frequently is considered to consist of operation restriction style software, which is also known as activity blocker or behavior blocker. However, it can also be distinguished because an activity monitor may, rather than disabling it, simply alert the attempt to the operator.
Administrative Control and Administrative Security: The management restrictions and additional controls instituted in order to supply an satisfactory level of data protection. Encryption and 128-bit encryption provides data protection. It is the same as procedural security and is more regularly referred to as administrative controls.
Adware: See cookies, spyware, and web bugs. Advanced Encryption Standard (AES) a standard made by NIST to surpass DES encryption. Royalty-free and worldwide, it is intended to identify an unclassified, publicly-disclosed, symmetric encryption algorithm.
Adversary: A unit which attacks, or becomes a threat to, a system.
AIS: Automated Information System. A phrase that used to be utilized in U.S. government and military that referred to computer or electronic information systems.
Algorithm: A specific procedure or formula for solving a problem. In security an algorithm typically refers to cryptographic algorithms used in encryption or decryption of data files and/or messages and to generate Digital Signatures.
Ancillary Service: A person offering or performing a service, other than issuance of certificates, in support of digital signatures and other related areas of secure electronic commerce, or the service offered or performed by such person.
Anomaly Detection: Identifying intrusions by looking for unusual activity. A system would have a model of 'expected' or 'normal' behavior, and would flag any activity that deviated from this model.
Anonymous Login: An access control quality, which can be a weakness, where a lot of Secure Servers allow users to access general-purpose or public services and resources without owning a user-specific account that is pre-established, something like a user name or secret password, lowering internet security and network security because there is no secure authentication.
Applet: A minute application conveyed via Secure Server networks. Two of the more common applet systems are java and activex. Java applets are allowed access only to particular functions or information, in a restriction is called the sandbox.
Applicable Law: : Unless otherwise specified or unless the context dictates otherwise, the term "applicable law," when used throughout UTN documents, refers to the Law of the State of Utah, of any other licensing jurisdiction, and without limitation to the law of the United States, state, county, province, municipality, governmental subdivision, or rule of any authorized agency thereof that is enforceable upon The USERTRUST Network PKI or any of its constituent members.
Application Level Gateway: A firewall system where service is given by processes which keep total TCP connection state and sequencing. Application level firewall's provide protection, Internet security and online security by re-addressing traffic.
Archive: Often a secured site that has a lot of files, perhaps accumulated over a span of time. Sometimes the files are publicly accessible. Also can be a protected SSL secure server folder containing related files, that are often in a compressed format in order to reduce the size of the file and to lessen the transmission -- upload or download -- time on Internet electronic bulletin boards or download sites. Because of the compression, archive files look as if they are encrypted, and password protected with authentication, so they are not a threat or malware scanning software.
Assurance: SSL secure web servers need A calculation of confidence which the security features and architecture where a system exactly arbitrates and imposes the security policy. It is usually neglected in security planning. Assurance may be partially decided by penetration testing or simulation.
Asymmetric Cryptography or Asymmetric Cryptosystem: : An algorithm or series of algorithms, which provide a secure key pair.
Asymmetric Key Encryption: Asymmetric Key Encryption, or public key encryption, employs two keys. One of these is publicly known and the other held privately. To derive a public key from a private key, any would be hacker would need to factor a very large number, and this is computationally infeasible for such derivation.
Attack: An attack is the action of attempting to bypass system security controls. The event of an attack does not necessarily mean that a systems security has been breached, but merely that an attempt to breach it has been made.
Attack Signature: Secure Server network logs often show activities or alterations to a system signaling an attack or attempted attack. Attack signature especially indicates a particular kind of attack, which is often decided by examination of audit.
Attribute: The qualities representing file permissions in MS-DOS and Windows systems.
Audit: The gathering of records to check their conformity with an SSL security policy.
Audit Trial: A time-sequential record of system actions that is sufficient to reconstruct, review and examine an operation or transaction from start to finish. Also known as a security audit trail.
Authenticate: To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system.
Also to confirm data's reliability. Data that has been stored or transmitted in a way that is likely to expose it to possible unauthorized modification. Authenticate is related to secure authentication and secure SSL authentication which provides Internet security and Network Security.
Authentication: A process used to ascertain the identity of a person or the integrity of specific information. For a message, authentication involves ascertaining its source and that it has not been modified or replaced in transit.
Authentication Authority (AA) Service: A service rendered by a CA delegate made responsible for authentication of certificate subscribers, but who does not identify such subscribers, or issue or sign certificates. [UTH PKI CPS]
Authentication Header: An Internet IPsec protocol, A field that immediately follows the IP header in an IP datagram and provides authentication and integrity checking for the datagram. Also protection against replay attacks; it secures authentication like secure SSL digital ID validation.
Authorization Revocation List (ARL): A Certificate Revocation List (CRL) checking functionality referred to by customers.
Authentication Token: A portable device used for authenticating a user. Security authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords.
Authenticator: A record containing information that can be shown to have been recently generated using the session key known only by the client and server.
Authenticity: SSL certificate security must be genuine and verifiable. In SSL Internet security and network security, it is imperative that authenticity is not assumed.
Authenticode: A technology that makes it possible to identify who published a piece of software and to verify that it has not been tampered with. It also confirms that the digital certificate used to sign the code was issued by the certificate authority originally.
Authorization: Giving access or other rights to a user, process or program that has been authorized.
Backdoor: A software or hardware mechanism that is hidden and can be triggered to allow system protection mechanisms to be circumvented. The act will by and large supply unusually high, or sometimes even full, access to the system either without an account or from an account that is usually restricted. Backdoor can also be used by sending a certain packet to a secure server network port, see rat. Developer of software recurrently introduce backdoors in their code to allow themselves the luxury of reentering the system and performing particular functions, see maintenance hook.
Background Task: An assignment performed by the system that by and large stays invisible to the user. The majority of the procedures in advanced or multi-user systems function in the background. Some malware is performed by a system as a background task so that the user doesn't recognize that unwanted actions are happening. A lot of attacks recurrently take advantage of loopholes in utility procedures working in the background.
Backup: A replicated copy of data this is made for archiving purposes and protecting against the loss of data in case of loss or damage. A back up must be stored away from the original in order to be considered secure.
Bastion: A bastion host is a gateway between an inside network and an outside network. Used as a security measure, the bastion host is designed to defend against attacks aimed at the inside network. Depending on a network's complexity and configuration, a single bastion host may stand guard by itself, or be part of a larger security system with different layers of protection.
Bacterium: Network security threats that are specialized and do not attack certain files.
Bait: Network security threats that are specialized and do not attack certain files.
Beneficiary: : The term "beneficiary" refers either to (1) a Cybercitizens Trust beneficiary, defined as (a) any party reposing data in a UTN repository administered under the UTN Repository Practices Statement or (b) any party that has been issued a digital certificate administered under the CPS by USERFirst, a UTN joint, subordinate, or secondary CA, or issued by USERTrust Inc. or one its affiliates or subsidiaries; or (2) a beneficiary of The User Trust, which beneficiary is defined as USERTrust Inc., or such other party designated by USERTrust Inc. which has conveyed property into The User Trust.
Biometric: A unique and measurable characteristic of a human being used to identify an individual. A key characteristic of a biometric access system is that it must operate in real-time. An example could be a fingerprint scanner, which scans the fingerprint and compares the results instantly to a stored database of acceptable fingerprints. Other characteristics include retina scans and voice recognition. Biometrics can be used with a smart card to authenticate the user. The user's biometric information is stored on a smart card, the card is placed in a reader, and a biometric scanner reads the information to match it against that on the card. This is a fast, accurate, and highly-secure form of user authentication.
Black hat: A community or individual who either attempts to hack computer systems or explore security primarily from an attack perspective. See white hat. Block cipher a crypto-algorithm which encrypts data by encryption, like 128 bit encryption and SSL encryption, into discrete blocks of a specific size, as compared to a continuous stream of bits of data.
Brain: The first internet security virus, most certainly written in the ms-dos computing environment which became widespread among ordinary computer users. An example of a "strict" boot sector infector and the earliest known use of stealth threat programming.
British Standard 7799 (BS7799): BS7799 is the British standard for Information Security Management. It has now become an International Standard, ISO 17799. It is in two parts - Part 1 sets out approximately 40 objectives for Information Security, and Part 2 has about 130 controls which can be implemented to achieve those objectives.
Brute Force: An attack where all possible options are used at one time, often in a programmed sequence that attempts to use all possible passwords or decryption keys.
Bug: A problem that causes a program to crash or produce invalid output. An unpredictable outcome that can cause actions that are not planned by the programmer or the user.
Call Back: A process for finding a remote terminal or secure SSL VPN virtual private network. In a call back, the host system detaches the caller before dialing the sanctioned telephone number of the remote terminal in order to reestablish the connection.
Category: A restrictive label which has been applied to data that is classified or unclassified to increase the protection of the data while further restricting data access.
Cavity Internet Security Threat: An overwriting internet security threat which overwrites either slack space in or behind the intended program file or sections of null data in the file. Thus, it can infect host files without increasing the length of the file or effecting the host's functionality.
CERT: Computer Emergency Response Team (network, Internet, security) The CERT was formed by ARPA in November 1988 in response to the needs exhibited during the Internet worm incident. The CERT charter is to work with the Internet community to facilitate its response to computer security events involving Internet hosts, to take proactive steps to raise the community's awareness of computer security issues, and to conduct research targeted at improving the security of existing systems. CERT products and services include 24-hour technical assistance for responding to computer security incidents, product vulnerability assistance, technical documents, and tutorials. In addition, the team maintains a number of mailing lists (including one for CERTAdvisories), and provides an anonymous FTP server, at "cert.org", where security-related documents and tools are archived.
Certificate: : [Also referred to as an encryption certificate, a digital certificate, a digital signature, digital ID, or a "cert"] A message which at least (1) identifies the certification authority issuing it, (2) names or identifies its subscriber, (3) contains the subscriber's public key, (4) identifies its operation period, and (5) is digitally signed by the certification authority issuing it. The basic purpose of a certificate is to bind a key pair to a sole authenticated subscriber who may use the public key to verify a digital signature created with its corresponding private key. A certificate will generally take the form of the binary records common in current electronic data interchange (EDI) and will usually be in the form prescribed by ITU's Standard X.509 version 3, although the use of additional fields and extensions to provide additional attributes or information is optional with the certificate authority. Unless otherwise indicated by the context, the term "certificate," when used in the UTN PKI CPS, shall be understood to mean a renewable license for the use of a certificate (including a co-branded certificate or a digital signature), which license is valid for the operational period of the certificate as stated therein, unless suspended, revoked, or otherwise nullified by the CA or IA issuing the certificate. A "co-branded certificate" as used in the UTN PKI CPS is a certificate governed by an Additional Adopted CPS, whether or not included in the Schedule of Additional Adopted CPS annexed as EXHIBIT D, under which USERFirst serves or served, not as the signer of the certificate, but as either an IA, RA, or AA, as defined in the UTN PKI CPS. Unless otherwise specified or unless the context dictates otherwise, the term "certificate" when used throughout UTN documents refers to a digital certificate (a.k.a., a digital ID, digital signature, encryption certificate). "Digital certificate" includes digital certificates used to identify individuals or persons or to authenticate technology such as servers, routers, switches, code, etc. An "ID certificate" refers to a digital certificate used to authenticate and identify individuals, to encrypt and secure e-mail, S/MIME transmissions, and to sign digital documents whether as a part of or apart from e-mail. A "technology certificate" refers to a digital certificate used primarily to identify and authenticate servers, routers, objects and strings and to perform other specialized technological functions.
Certificate Acceptance: : To "accept a certificate" means (a) to manifest approval of a certificate, while knowing or having notice of it's contents; or (b) to apply to a licensed certification authority for a certificate, without canceling or revoking the application, if the certification authority subsequently issues a certificate based on the application.
Certification: The complete assessment of the technical and non technical security functions of a system and other safeguards that are made for the accreditation process, which establishes the degree to which a particular plan and implementation meet a certain set of security conditions.
Certification Authority / Certification Authority (CA): : A person who issues a certificate.
Certification Authority (CA) Certificate: : A certificate which lists a certification authority as subscriber and contains a public key corresponding to a private key used to digitally sign another certificate.
Certification Authority (CA) Disclosure Record: : An online, publicly accessible record, which concerns a licensed certification authority . The CA disclosure record for The USERTRUST Network is kept by the Division of Corporations and Commercial Code within the Utah Department of Commerce. A certificate authority disclosure record has the contents specified by rule of that division pursuant to the Utah Digital Signature Act, Section 46-3-104.; : Products and services that are provided by a certification authority.
Certificate Policy: : A named set of rules that indicates the applicability of a digital certificate to a particular community and/or class of application with common security requirements.
Certificate Revocation: : To make a certificate ineffective permanently from a specified time forward. Revocation is effected by notation or inclusion in a set of revoked certificates, and does not imply that a revoked certificate is destroyed or made illegible.
Certificate Revocation List (CRL)
Certificate Signing Request: A Certificate Signing Request (CSR) is a text file generated by a Web server that contains information about your organization (name, address etc) as well as your server's public key.
Certificate Suspension: : To "suspend a certificate" means to make a certificate ineffective temporarily from a specified time forward.
Certify: : The declaration of material facts by the certification authority regarding a certificate.
Challenge-Handshake Authentication Protocol (CHAP): An authentication method that can be used when connecting to an Internet Service Provider. CHAP allows you to login to your provider automatically, without the need for a terminal screen. It is more secure than the Password Authentication Protocol (another widely used authentication method) since it does not send passwords in text format.
Challenge / Response: A method for SSL Server Security. A security procedure in which one communicator requests authentication of another communicator, and the latter replies with a pre-established appropriate reply.
Change Detection: Antiviral security software which searches for alterations in the system of a computer. A internet security threat must change something, and it presumes that program files, disk system areas and certain areas of memory should not be the thing to change. It makes use of strong encryption, sometimes known as authentication software. See CHAP Challenge Handshake Authentication Protocol.
Checksum: A checksum is a value that is used to check the integrity of data. Checksums are generated by a function that is dependent upon the data in question. For security purposes, checksums are generated by one-way hash functions. Once a checksum has been generated, it is either stored with or transmitted with the data in question. The integrity of the data can be checked by generating a new checksum. If the two checksums are identical, then the file has not changed. If the two checksums are different, then the data (or file) in question has been altered.
Chosen Ciphertext Attacks: An attack where the cryptanalyst may choose the ciphertext to be decrypted.
Chosen Plaintext Attacks: A form of cryptanalysis where the cryptanalyst may choose the plaintext to be encrypted.
Cipher: An encryption - decryption cryptographic algorithm.
Cipher Block Chaining (CBC): A block cipher form which improves electronic codebook mode because it chains together blocks of ciphertext it makes. This form operates by combining the algorithm's ciphertext output block with the next plaintext block in order to make the next input block.
Cipher Feed Back (CFB): A block cipher mode which improves electronic codebook mode because it chains together the blocks of ciphertext it makes. It also operates on plaintext sections of all different lengths equal to or less than the block length.
Ciphertext: An string of data that appears to be completely haphazard. Like text that is encrypted or been through encryption, ciphertext carries little or no information to an entity that is unauthorized. An original message or plaintext, however, can be pulled out with an appropriate key and algorithm that decrypts with SSL decryption.
Ciphertext-Only Attacks: A form of cryptanalysis where the cryptanalyst has some ciphertext but nothing else.
Classification: An assembly of classified information to which a hierarchical, restrictive security label is attached in order to heighten the protection of the data, which provides network security and online security.
Classified: Information officially mandated by a security policy that is to be given data confidentiality service and is to be denoted with a special security label in order to signify the status of its protection.
Closed Security Environment: an environment where the ensuing conditions hold true:
Co-branded/private label certificate: : Co-branded/private label certificate - A digital certificate issued by USERFirst, but labeled with the brand name of a party that has a contractual relationship with USERTrust Inc., but is not a member of The USERTRUST Network LLC. The authentication and documentation of co-branded and private label certificates is not necessarily conducted by UTN or according to the requirements set out for UTN certificates in paragraph 4.2.2.2(a) of this CPS. Coordinated Online Repositories Protected by USERTrust's Structure (CORPUS) Custodian (CC): equivalent to Repository Trustee (it is the analog of CA).
Code: (a)The machine-readable form of a computer program, produced by conversion of the human-written program (source code) into binary code by a compiler or interpreter.
Communication Security: (COMSEC): The protection resulting from all measures designed to deny authorized persons information of value which might be derived from the possession and study of telecommunications, or to mislead unauthorized persons in their interpretation of the results of such possession and study. Communications security involves cryptosecurity, transmission security, emission security, and physical security of communications security material and information.
Computer Cryptography: SSL digital certificates use encryption with a secure sockets layer crypto-algorithm in a computer, microprocessor, or microcomputer in order to execute encryption or decryption to guard information by ciphering it with 128 bit encryption in order to provide Internet security and online security. It can also be use to authenticate users, sources, or information.
Computer Forensic: It used to be the full means of acquiring legal evidence from computers and computer use. Now computer forensics has seemingly restricted itself solely to recovery of data from computers and computer media. It is now only one part of digital forensics.
Computer Security Audit: An self-governing assessment of the controls used to ensure proper protection of an institution's information assets. An official computer security audit Free Computer Scan has goals and procedures that are different from the usual and ongoing audit process.
Concealment Systems: A technique of gaining confidentiality by concealing vulnerable information by embedding it in irrelevant data.
Confidentiality: The idea of possessing sensitive data in confidence, restricted to a precise set of individuals or organizations.
Confirm: : To ascertain through appropriate inquiry and investigation.
Content Verification Certificate: A digital certificate which holds either images or text. It also holds details of the web page on which it is used and therefore cannot be copied / moved to other locations helping to prevent web site spoofing and curb phishing attacks.
Contingency: An emergency response plan, including backup operations and post-disaster recovery that might be maintained with activity as a part of its security program, guaranteeing the accessibility of critical resources and making the continuity of operations in an emergency situation possible. See also disaster recovery plan and business continuity plan.
Cookie: A small piece of data, originally intended to keep state between web browser accesses to a server. Now used in many SSL Secure servers .
Correspond: : With reference to keys, means to belong to the same key pair.
Cost-Benefit Analysis: The evaluation of the costs of supplying data protection for a system against the cost of losing or compromising the data.
Countermeasure: A countermeasure is any action, device, procedure or technique which reduces the susceptibility of or danger to a system. See also safeguard.
Covert Channel: A communications channel allowing two cooperating procedures to transmit information in a way violating the system's security policy, hurting intranet security and online security.
Cracker: Any one who attempts to cut into the security of, and gain access to, someone else's system without having been invited. The term is a try to avoid the controversial usage of hacker. See also adversary and intruder. secure servers using SSL often prevent unauthorized logins of this kind with secure validation.
Cryptanalysis: The art of decoding text. Cryptanalysis is a complex process, involving statistical analysis, analytical reasoning, math tools and pattern-finding. It is a way to figure out how to break down Internet Security.
Crypto: Widely used as an abbreviation for cryptography, cryptographic, cryptology or even encryption.
Cryptographic Algorithm: A process or sequence of rules or steps that is well-define and is used to convert a key stream or ciphertext from plaintext and vice versa. Crypto-algorithm is an older usage.
Cryptographic Checksum: A one-way function attached to a file in order to construct a unique "fingerprint" of the file for reference at a later time. Recurrently part of the development of generating a digital signature.
Cryptographic Key: See key cryptography the process -- principles, means and methods -- for making information unintelligible or for restoring encrypted information back to intelligible form.
Cryptology: Cryptology incorporates cryptanalysis, or code breaking, as well as code making; it is a slightly more general subject area than cryptography.
Cryptoperiod: The time span necessary for a particular key to be authorized and to be used in a cryptographic system, which is a characteristic of PKI key management.
Cryptosecurity: The validation and security protection coming from the appropriate application of technically solid cryptosystems such as encrypted SSL certificates.
Cryptosystem: An absolute and completely functional system for cryptography. It includes a solid Crypto-algorithm, necessities for the system's required functions and proper key choice and administration.
CVC: See: Content Verification Certificate
Cybercopy: : A copy authenticated and certified by a certificate authority's repository or repository archive, of a digitally signed and/or encrypted message.
Cypherpunk: A society of users and developers who are devoted to generating systems for anonymous communications and secure server network access. The cypherpunk community is by and large against invasion of privacy or surveillance of any kind, so law enforcement frequently views them negatively. There does seem to be a relation between certain cypherpunks and some groups that engage in software piracy and other kinds of stealing of intellectual property. Password protected systems utilizing SSL encryption are much less vulnerable.
CypherSignTM: Is a desktop signing tool that allows you to digitally sign, encrypt, and time stamp any file on your computer.
Data Diddling: This term by and large speaks of an act which, unlike encryption (or 128-bit encryption and SSL encryption), makes small, random, or incremental alterations to information, instead of completely erasing files or purposefully altering data.
Data Encryption Algorithm (DEA): An ANSI Standard that describes a cryptographic algorithm for encrypting data. The algorithm is private key driven. Also referred to as the Data Encryption Standard (DES).
Data Encryption Standard: (DES): A cryptographic algorithm for the defense of data that is unclassified. It is published in US Federal Information Processing Standard (FIPS) 46. The DES, approved by the National Institute of Standards and Technology, was planned to be used for public and government use. The old DES algorithm is not the officially sanctioned standard anymore and is being replaced by the Advanced Encryption Standard (AES).
Data Integrity: The formal definition of comprehensive rules and the consistent application of those rules to assure high integrity data. It consists of techniques to determine how well data are maintained in the data resource and to ensure that the data resource contains data that have high integrity. The guarding of data from unauthorized altering, destruction or disclosure in order to ensure secure authentication and secure server SSL authentication for Internet payment gateways to accept credit cards securely.
Data Vaulting: :
DDoS (Distributed Denial of Service): A kind of complex system denial of service (DoS) attack where a master computer is in command of a number of client computers in order to flood the target (or victim) with traffic. It uses things like a backdoor agent, client, or zombie software on a lot of client network machines, unless protected with secure SSL validation and authentication for online security. The truly Secure Server cannot be attacked by any kind of trojan horse.
Deception: Giving fake or forged identity or authentication to break the security policy.
Decryption: The procedure that obtains an original message, or plaintext, from a ciphertext by applying an appropriate private key algorithm. It is the reverse of encryption.
Default Account: Predefined in a manufactured system, a default account is a system login account used to facilitate initial access the first time the system is first put into service. The default user name and password can be the same in each system's copy. The default password should be altered immediately or the default account should be disabled when the system is put into service.
Default Classification: An impermanent classification reflecting the highest classification that is being processed in a system.
Default password: A system's manufacturer password on system administration or service account. Not changing default passwords or default accounts is a real security risk.
Defense in Dept: A security approach where each and every system on the secure server network is secured the most it possibly can, using layers of defenses, that penetrated successfully at one spot will be caught by another.
Denial of Service (DOS): Actions or series of actions which stop any division of a system from operating according to its intended purpose. Any action causing unauthorized delay of service. Dos, more precisely, speaks of an action which doesn't destroy data or resources but stops access or use. Dos is synonymous with interdiction and is not to be confused with dos, which stands for disk operating system.
Designating Approval Authority (DAA): An example would be the secure server administrator having the authority to make a decision on accepting the security safeguards that are prescribed for an ais or the administrator who might be responsible for issuing an accreditation statement which records the pronouncement to accept those safeguards.
Dictionary Attacks: A variety of a brute force attack that is refined by the assumption that, for instance, passwords are probably real words instead of random character strings.
Diffie-Hellman Algorithm (DH): A public key (asymmetric) algorithm used mostly for secure key exchange in order to provide secure authentication and secure SSL authentication and internet security and online security. 128-bit encryption and SSL encryption are used for secure exchanges.
Digest: A data piece of specific length, measured from a file or message. More often that not digest is a part of a digital signature and is known as hash or message digest.
Digital Forensic: Occasionally known as digital forensic research or digital forensic science. More recently digital forensics has become the umbrella term for all sorts of computer research and analysis and computer use directed at acquiring evidence of intrusion, attack, or wrongdoing. Computer forensics, forensic programming, and Secure Servers network forensics are the three major fields of digital forensics.
Digital Signature: : A transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's public key can accurately determine whether: (a) the transformation was created using the private key that corresponds to the signer's public key; and (b) the message has been altered since the transformation was made.
Digital Signature Algorithm (DSA): An algorithm for producing digital signatures, developed by NIST and the NSA. To sign a message, Alice uses the DSA Sign Algorithm to encode a digest of the message using her private key. For all practical purposes, there is no way to decrypt this information. However, anyone who receives the message and accompanying digital signature can verify the signature by using the DSA Verify Algorithm to process the following information: the received signature; a digest of the received message; and Alices public key. If the output of this algorithm matches a certain part of the digital signature, the signature is valid and the message has not changed. In contrast to RSA and other encryption-based signature algorithms, DSA has no ability to encrypt or decrypt information.
Digital Signature Standard (DSS): A National Institute of Standards and Technology (NIST) standard for digital signatures, used to authenticate both a message and the signer. DSS has a security level comparable to RSA (Rivest-Shamir-Adleman) cryptography, having 1,024-bit keys.
Digital Signature Forgery: : According to the Utah Digital Signature Act, to "forge a digital signature" means (a) to create a digital signature without the authorization of the rightful holder of the private key; or (b) to create a digital signature verifiable by a certificate listing as subscriber a person who either: (i) does not exist; or (ii) does not hold the private key corresponding to the public key listed in the certificate.
Digital Signature Verification: : To "verify a digital signature" (in relation to a given digital signature, message, and public key) means to determine accurately that: (a) the digital signature was created by the private key corresponding to the public key; and (b) the message has not been altered since its digital signature was created.
DigiTrueTM: Is a viewer for the UDF format. This viewer can read files of any format. Universal Document Format (UDF) is a cryptographically enabled file container, which allows management of multiple documents and directories in conjunction with encryption, digital signatures and cryptographic timestamp's.
Disaster Plan, contingency plan, or "disaster recovery plan" (DRP): The plan and preparations made for the continuation of business and the retrieval of systems after cataclysmic loss of crucial systems. A disaster recovery plan is by and large concerned with longer time frames than a business continuity plan (business resumption plan).
Disinfections: Internet security can immobilize a threat's potential to work, with the removal of the internet security threat, or the return of the system to a condition that is identical to its position prior to attempted intrusion.
Disk Compression: Real time compression and decompression of files on disk in order to efficiently enhance disk space. Known as disk doublers, programs for disk compression usually pledge to double the size of the hard disk. Compression is a type of encryption, so scanning a compressed disk without the secure server security software running will often hide internet security threats, scumware, spyware and malware from a security scanner.
DNS Spoofing: Assuming the domain name service, dns, name a different system by corrupting the name service cache of a victim system or by compromising a domain name server for a legitimate domain.
Domain: The unique context where a program is functioning. The set of objects which a subject has the potential to access. Not be confused with the domain names that are used in internet addressing. See process and subject.
Dongle: A physical and portable electronic device required to be affixed to a computer in order to allow a certain software program to run. It is a form of authentication token.
DOS: Disk Operating System. By and large any computer operating system. But recurrently used now days as shorthand for Microsoft's MS-DOS or the related PC-DOS and DR-DOS. It should not be confused with DoS (denial of service).
Dropper: A program which is not itself infected but will install a internet security threat onto a system in a computer. internet security threat author's recurrently utilize droppers in order to seed their creations in the wild, especially in the case of boot sector infectors.
DSA Digital Signature Algorithm, DSS, and Digital Signature Standard DTLS: A Descriptive Top-Level Specification dual infector.
Economy of mechanism: The standard where each and every security mechanism should be designed to be as simple as is feasible. Making the mechanism able to correctly implement and verify the function of the mechanism enforcing the system's security policy in order to provide internet security for online payment gateway security.
E-Commerce: Quite simply, the act of selling over the internet. This can either be Business to Business (B2B) or Business to Consumer (B2C). Also known as E-business or E-tailing.
El Gamal Algorithm: An algorithm for asymmetric cryptography that was invented by taher el gamal, founded on the challenge of calculating discrete logarithms and can be used for both encryption, like 128-bit encryption and SSL encryption, and digital signatures, used in digital certificates like SSL digital certificates and 128-bit certificates for internet security and network security with secure authentication and secure SSL authentication.
Electronic Code Book (ECB): Block cipher mode that consists of simply applying the cipher to blocks of data in sequence, one block at a time. It does not use feedback, and is also considered the weakest form of block cipher.
Electronic Data Interchange (EDI): : The electronic exchange of trading documents (e.g., invoices and orders) to enable e-commerce.
Elliptic Curve Cryptography (ECC): It represents a different way to do public-key cryptography - an alternative to the older RSA system - and also offers certain advantages. ECC devices will require less storage, less power, less memory and less bandwidth - ultimately a more efficient cryptosystem. This allows the implementation of cryptography in platforms that are constrained, such as wireless devices, handheld computers, smart cards and thin-clients. It also provides a big win in situations where efficiency is extremely important, such as on a bottlenecked web server supporting e-commerce. Ecc can be used to describe both an algorithm for key agreement and an algorithm for digital signature certificates (128 Bit Encrypted digital SSL certificates) which is an analog of the digital signature algorithm.
Encrypted Internet Security: Internet security threats are often a code that starts with a decryption algorithm and resumes with scrambled or encrypted code for the rest of the internet security threat. Each and every time it infects, a distinct encryption key is chosen, which avoids providing a consistent scan string to use as a signature. The internet security threat tries, through this scheme, to avoid detection by antivirus software via self-encryption polymorphic activity.
Encryption: Encryption is the process of changing data into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key. In traditional https / encryption schemes, the sender and the receiver use the same key to encrypt and decrypt data. Public-key encryption schemes use two keys: a public key, which anyone may use, and a corresponding private key, which is possessed only by the person who created it. With this method, anyone may send a message encrypted with the owner's public key, but only the owner has the private key necessary to decrypt it. There are different types of encryption. SSL encryption is one type of this (usually 128 bit encryption). The process of encryption, ciphering or encrypting messages, is used to provide secure server Internet security online.
End-to-End Encryption: Encryption at the point of origin in a network, followed by decryption at the destination. This allows the source and destination systems protected communications without having to rely on intermediate systems for protection.
Exploit: A certain attack or vulnerability utilized in order to take advantage of a certain loophole or weakness that may be in a security measure. The terms exploit and exposure are sometimes used synonymously.
Exploitable Channel: An information channel usable or detectable to/by subjects that are external to the trusted computing base whose objective is to breach the security policy of the system. See covert channel.
Exposure: A certain weakness or vulnerability to a particular attack. Exposure is also the measure of risk to a certain threat.