SSL Certificate Glossary of Terms: C
Call back is a process for finding a remote terminal or a secure SSL VPN (virtual private network). In a call back, the host system detaches the caller before dialing the sanctioned telephone number of the remote terminal in order to reestablish the connection.
Computer Emergency Response Team (CERT) refers to an initiative of Carnegie Mellon University . It is chartered to work with the Internet community to facilitate its response to computer security events involving Internet hosts, to take proactive steps to raise the community's awareness of computer security issues, and to conduct research targeted at improving the security of existing systems. CERT is a registered service mark that Carnegie Mellon University licenses to other similar teams around the world, such as the US Government's US-CERT team, part of Homeland Security.
Certificate is a file that attests to the identity of an organization or web browser user and is used to verify that data being exchanged over a network is from the intended source. The certificate is digitally signed either by a Certificate Authority or is self-signed. There are many certificates involved in providing Internet security and online security. Secure SSL certificates come in many different forms, including Extended Validation certificates, Domain Only Validated certificates, Server Gated Cryptography certificates, email certificates and Content Verification certificates. Today 128 or 256 Bit SSL digital certificates are the most common type of SSL certificates.
A list maintained by the Certificate Authority of all certificates that are revoked, but not expired. A certificate may be revoked because the user's private key is assumed to be compromised, the user is no longer certified by this Certificate Authority, or the Certificate Authorities private key is assumed to be compromised. An alternative to Online Certificate Status Protocol (OCSP).
The process of assigning a digital certificate, usually for encryption or verification of online information for Secure Socket Layer (SSL) or Transport Layer Security (SSL)
A third-party organization which confirms the relationship between a party to the hyper text transfer protocol secure (https) transaction and that party's public key. Certification authorities may be widely known and trusted institutions for Internet-based transactions, though where https is used on company's internal networks, an internal department within the company may fulfill this role. Comodo is the world's 2nd largest Certificate Authority for high-assurance digital certificates.
A Certificate Signing Request (CSR) is a text file generated by a Web server that binding information about an organization to its server's public key
An authentication method that can be used when connecting to an Internet Service Provider. CHAP allows you to login to your provider automatically, without the need for a terminal screen. It is more secure than the Password Authentication Protocol (another widely used authentication method) since it does not send passwords in text format.
Challenge or Response is a method for SSL Server Security. It is a security procedure in which one communicator requests authentication of another communicator, and the latter replies with a pre-established appropriate reply.
It makes use of strong encryption, sometimes known as authentication software. See CHAP Challenge Handshake Authentication Protocol.
A checksum is a value that is used to check the integrity of data.
Cipher is an encryption - decryption cryptographic algorithm.
A string of data that appears to be completely haphazard. Like text that is encrypted or been through encryption, ciphertext carries little or no information to an entity that is unauthorized. An original message or plaintext, however, can be pulled out with an appropriate key and algorithm that decrypts with SSL decryption.
(a) Application developers that have adequate clearances and authorizations to offer an acceptable presumption that they haven't launched malicious logic. Authorizations and validations are often performed via 128-bit SSL.
(b) Configuration control gives ample assurance that the SSL applications and equipment within such an environment are protected against malicious logic prior to and during the functioning of system applications.
SSL digital certificates use encryption with a secure sockets layer (SSL) crypto-algorithm in a computer, microprocessor, or microcomputer in order to execute encryption or decryption to guard information by ciphering it with 128-bit encryption in order to provide Internet security and online security. It can also be used for user authentication, source authentication or for authenticating information.
It used to be the full means of acquiring legal evidence from computers and computer use. Now computer forensics has seemingly restricted itself solely to recovery of data from computers and computer media. It is now only one part of digital forensics.
Computer Security Audit A self-governing assessment of the controls used to ensure proper protection of an institution's information assets. An official computer security audit has goals and procedures that are different from the usual and ongoing audit process.
A small piece of data, originally intended to keep state between web browser accesses to a server. Now used in many SSL Secure Servers.
An uninvited person attempting to breach the security of, and gain access to a system. See also hacker, adversary and intruder. Secure servers using SSL often prevent unauthorized logins of this kind with secure validation.
Cryptanalysis is the art of decoding text and a complex process, involving statistical analysis, analytical reasoning, math tools and pattern-finding. It is a way to figure out how to break down Internet Security.
Widely used abbreviation for cryptography, cryptographic services, cryptology or even encryption.
Cryptographic Algorithm is a process or a sequence of rules or steps that are well-defined and are used to convert a key stream or ciphertext from plaintext and vice versa.
A one-way function attached to a file in order to construct a unique "fingerprint" of the file for reference at a later time. Recurrently it is a part of the development of generating a Digital Signature.
See key cryptography, and PKI. The public or private key used in cryptographic algorithms for making information unintelligible or for restoring encrypted information back to intelligible form.
Cryptology incorporates cryptanalysis, or code breaking, as well as code making; it is a slightly more general subject area than cryptography.
Cryptoperiod is a time span necessary for a particular key to be authorized and to be used in a cryptographic system, which is a characteristic of PKI key management.
The validation and security protection coming from the appropriate application of technically solid cryptosystems such as encrypted SSL certificates.
Cryptosystem is an absolute and completely functional system for cryptography. It includes a solid Crypto-algorithm, necessities for the system's required functions and proper key choice and administration.
Cypherpunk is a society of users and developers who are devoted to generate systems for anonymous communications and secure server network access.