Glossary
Authentication - verifies the identity of a user who is logging onto a computer system or the origin of a transmitted message.
Authorization - is the right to use a resource. Typically this
right is granted only after a user or organization is identified and their
access rights are verified.
Biometrics - is the biological identification of a person, including
iris and retinal patterns, hand geometry, fingerprints, voice responses
to challenges, and the dynamics of hand-written signatures. Biometrics
are a more secure form of authentication than typing passwords or even
using smart cards, which can be stolen; however, some forms have relatively
high failure rates.
Cryptographic Key - a binary number typically 40 to 128 bits long
that an encryption algorithm uses to perform calculations. The greater
the number of bits in the key (cipher strength), the more possible key
combinations and the longer it would take to break the code.
Cryptography - is the conversion of data into a secret code. The original text or plaintext is converted into a coded equivalent called ciphertext using an encryption algorithm. The ciphertext is decoded or decrypted at the receiving end and turned back into plaintext.
The encryption algorithm uses a key, which is a binary number typically
from 40 to 128 bits in length. The greater the number of bits in the key,
the more possible key combinations and the longer it would take to break
the code. The data are encrypted, or locked, by combining the bits in
the key mathematically with the data bits. At the receiving end, the key
is used to unlock the code and restore the original data.
DES - (Data Encryption Standard) is a NIST-standard secret key cryptography method that uses a 56-bit key. DES decryption is very fast and widely used. The secret key may be kept a total secret and used over again. Or, a key can be randomly generated for each session, in which case the new key is transmitted to the recipient using a public key cryptography method.
Digital Certificate - is the digital equivalent of an ID card used with a public key encryption system. Also called digital IDs, digital certificates are issued by trusted third parties known as certification authorities (CAs).
Digital Signature - ensures that the file originated with the entity signing it and that it was not tampered with after the signature was applied. However, the sender could still be an impersonator and not who the sender claims to be. To verify that the message was indeed sent by the person or organization claiming to send it requires a digital certificate (digital ID), which is issued by a certification authority.
Encryption Algorithm - is a formula used to turn ordinary data, or plaintext, into a secret code known as ciphertext. Each algorithm uses a string of bits known as a key to perform the calculations. The larger the key (the more bits it has), the greater the number of potential patterns that can be created. This makes it harder to break the code and descramble the contents.
Firewall - is a method for implementing security policies designed to keep a network secure from intruders. It can be a single router that filters out unwanted packets or may comprise a combination of routers and servers each performing some type of firewall processing.
Memory Key - is a removable and portable device that stores information,
such as registration files. Moving personal registration files to a memory
key permits users to access protected web sites or to encrypt and decrypt
files from any computer. As long as users have memory keys containing
their registrations, they can work remotely.
PKI - (Public Key Infrastructure) is a secure
method for exchanging information. PKI uses a public/private key, to encrypt
IDs, documents, or messages. It starts with a certificate authority (CA),
which issues digital certificates. Digital certificates or digital IDs
authenticate the identity of people and organizations over a public system
such as the Internet.
Smart Card - is a credit card with a built-in microprocessor and
memory used for identification or financial transactions. When inserted
into a reader, a smart card transfers data to and from a central computer.
It is more secure than a magnetic stripe card and can be programmed to
self-destruct if the wrong password is entered too many times.
SSL - (Secure Sockets Layer) is the leading security protocol on the Internet. When an SSL session starts, the server sends its public key to the browser, which the browser uses to send a randomly generated secret key back to the server in order to have a secret key exchange for that session.
SM CA™ - generates registrations that can be used by SM Client™ to access applications protected by SM Gateway™ . This registration consists
of an RSA public/private key pair used with associated software to enable
users to access protected applications. SM CA™ creates X.509 version 1
certificates as part of the registration and uses LDAP to distribute the
public key information. It packages each registration using InstallShield
to provide an easy and commonly recognized installation mechanism for
users. (Learn more)
SM Client™ - transparently adds cryptographic services to access protected applications through SM Gateway™ . It uses 1024 bit RSA for key exchange and triple DES for bulk encryption. It also provides a means to easily cryptographically enhance files either with or without adding a digital signature. Users can also de-enhance files others encrypted for them and verify the identity of the person who encrypted the file. (Learn more)
SM Gateway™ - authorizes secure access to protected, unmodified application servers. The software uses digital signatures to identify who is attempting to submit or retrieve data and logs all access attempts. (Learn more)
Three Key Triple DES - is a version of triple DES (Data Encryption Standard); using three keys and encrypts three times. EDE3 uses three keys to encrypt, decrypt, and encrypt again.
Triple DES - increases the security provided by DES (Data Encryption Standard) by extending the key space to 112 or 168 bits, but requires multiple passes and takes more time.
The information in many of these definitions is from techweb.com's excellent TechEncyclopedia and from InformationWeek.
