home
 

Facts and figures
Glossary
Legislation
Developers corner

Home > Sec Zone > Glossary


[A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M]
[N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]

 

A

A3
Authentication algorithm

A5
Ciphering algorithm

A5/2
Amended ciphering algorithm

A8
Ciphering key generating

Abuse of Privilege
When users perform an action that they should not have, according to organizational policy or law.

Accept (a Certificate)
To demonstrate approval of a certificate by a certificate applicant while knowing or having notice of its informational contents, in accordance with the CPS.
- A message yields the same result every time the algorithm is executed using the same message as input.
- It is computationally infeasible for a message to be derived or reconstituted from the result produced by the algorithm.
- It is computationally infeasible to find two different messages that produce the same hash result using the same algorithm.

Access Authorization
Permission granted to users, programs or workstations.

Access Control List (ACL)
A list of entities, together with their access rights which are authorized to have access to a resource.

Access Control
A set of procedures performed by hardware, software and administrators to monitor access, identify users requesting access, record access attempts, and grant or deny access [ISO7498].

Access Sharing
Permitting two or more users simultaneous access to file servers or devices.

Access
A specific type of interaction between a submission and communications or information resources that results in a flow of information, the exercise of control, or the activation of a process.

Accountability
The property that ensures that the actions of an entity may be traced to that entity.

Accredit
Recognize an entity or person to perform a specific action. FPRC accredits Finland Post to act as a CA for FINEID certificates. Finland Post (CA) accredits LRAs to act as its intermediary.

Accreditation
A formal declaration by a xxx--designated approving authority that a particular information system, professional or other employee or contractor, or organization is approved to perform certain duties and to operate in a specific security mode, using a prescribed set of safeguards.

ACL
Access Control List

Address Resolution Protocol (APR)
Address Resolution Protocol maps IP addresses to physical addresses.

Affiliated Certificate
A certificate issued to an affiliated individual. (Cf., Affiliated Individual)

Affiliated Individual
A human being that is affiliated with an organization
- as an officer, director, employee, partner, contractor, intern, or other person within the organization, or
- as a person maintaining a contractual relationship with the organization where the organization has business records providing strong assurances of the identify of such person.
(Ch., Affiliated Certificate)

Affirm/Affirmation
To state or indicate by conduct that date is correct or information is true.

AIFF
Audio Interchange File Format. This audio file format was developed by Apple Computer for storing high-quality sampled audio and musical instrument information. It is also used by Silicon Graphics and in several professional audio packages. Played by a variety of downloadable software on both the PC and the Mac.

Alias
A pseudonym.

Alphanumeric Key
A sequence of letters, numbers, symbols and blank spaces from one to 80 characters long.

AMPS
Automatic Mobile Phone System

Anonymous Email
Email that is untraceable because of removed path headers.

Anonymous Remailer
A machine that removes path headers from email messages, thus anonymising the email ; to try one out, go to http://www.replay.com

ANSI ASC X12
American National Standards Institute, Accredited Standards X12 Committee - committee within the ANSI organisation charged with developing data formats for standard business documents with cross-industry application. ASC X12 is divided into subcommittees for functional areas such as finance, purchasing, etc. Each subcommittee has a delegate liaison into the Pan American EDIFACT Board to represent the U.S. position on international EDI standards within EDIFACT.

ANSI X12 Data Element Dictionary
ANSI document that contains definitions and attributes of all data elements of ANSI X12 transaction sets plus code list values for all elements requiring them.

ANSI
The American National Standards Institute. Develops standards for transmission storage, languages and protocols. Represents the United States in the ISO (International Standards Organization).

Applet
A small program for use within the Web browser environment. Typically written in the Java programming language, which was developed by Sun Microsystems. Applets generally enhance your surfing experience with graphics, animation, and enhanced text. They are significant from the security viewpoint because Java can flow through a firewall unfettered unless precautions are taken to prevent it.

Applicant
(See CA Applicant; Certificate Applicant)

Application Gateways(Firewalls)
These are firewall devices that disallow direct communication between the outside world and an internal network strung to the internet. Information flows in and out using a series of proxies that filter the information along the way. Filters are layers of internet security. The gateways speak for both ends, without allowing direct access between them.

Application Link Software
Program developed to act as a link between an application program and a pre-defined data format. The data format may be a fixed field format or a public or industry data format. Application-to-Application - Transfer of data generated by a computer program directly to another computer program. In EDI, these programs would be housed in systems at trading partner sites.

Application Software
Programs that perform useful functions in the processing or manipulation of data; includes database managers, word processors, text editors, spreadsheets, and other programs that enable the useful production of data.

Application-Level Firewall
A firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host.

Archive
To store records and associated journal for a given period of time for security, backup, or auditing purposes.

ASCII (American Standard Code for Information Interchange)
Pronounced "asky". A system used to represent alphanumeric data; a 7-bit-plus-parity character set established by ANSI X3.4 and used for data communications and data processing; ASCII allows compatibility among data services; one of two such codes (see EBCDIC) used in data interchange, ASCII is normally used for asynchronous transmission.

Assurances
Statements or conduct intended to convey a general intention, supported by a good-faith effort, to provide and maintain a specified service by an Issuing Authority. "Assurances" does not necessarily imply a guarantee that the services will be performed fully and satisfactorily. Assurances are distinct from insurance, promises, guarantees, and warranties, unless otherwise expressly indicated.

Asymmetric Cryptographic Technique
A cryptographic technique that uses two related transformations, a public transformation (defined by a public key) and a private transformation (defined by a private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation [ISO11770a]. A system based on asymmetric cryptographic techniques can either be an encipherment system, a signature system, a combined encipherment and signature system, or a key management system. With asymmetric cryptosystems there are our elementary transformations: sign and verify for signature schemes, encipher and decipher or encipherment systems. The signature and decipherment transformation are kept private by the owning entity, whereas the corresponding verification and encipherment transformation are published. There exist asymmetric cryptosystems (e.g. RSA) where the four elementary functions may be achieved by only two transformations: one private transformation suffices for both signing decrypting messages, and one public transformation suffices both verifying and encrypting messages. However this is not true in the general case.

Asymmetric Cryptography
see Public Key Cryptography

Asymmetric
A system based on asymmetric techniques whose public transformation is used for encipher-

Asynchronous PPP
Run of the mill PPP; the kind generally used by PPP dial-up customers.

Asynchronous Transmission
A data coding structure where each character transmitted is preceded by a start signal and followed by a stop signal. The receiver is switched on by the start signal and switched off by the stop signal, ready to receive the next character. Intervals between characters vary.

Asynchronous
Data transmission that is not related to the timing, or a specific frequency, of a transmission facility; transmission characterized by individual characters, or bytes, encapsulated with start and stop bits, from which a receiver derives the necessary timing for sampling bits; also, start/stop transmission.

AuC
Authentication Centre

Audit Trail
An audit trail may be on paper or on disk. In computer security systems, a chronological record of when users log in, how long they are engaged in various activities, what they were doing, whether any actual or attempted security violations occurred. Record of messages created as a by-product of data processing runs or mechanized operations.

Audit
The independent examination of records to access their veracity and completeness.

Authenticate
In networking, to establish the validity of a user or an object (i.e. communications server).Verifying a particular user's or host identity.

Authentication Key
A group of characters which is used to initiate the authentication process. Each partner of a trading partner pair must have possession of the same key.

Authentication Server Protocol
A TCP-based authentication service that can verify a user's identity.

Authentication Token
A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords.

Authentication Tool
A software or hand-held hardware "key" or "token" utilized during the user authentication process. See key and token.

Authentication
The process of establishing the legitimacy of a node or user before allowing access to requested information. During the process, the user enters a name or account number (identification) and password (authentication). The verification of the source, uniqueness, and integrity of a message. Procedure to insure that data cannot be tampered with without being detectable by the receiver.

Authorization
The process of determining what types of activities are permitted. Usually, authorization is in the context of authentication. Once you have authenticated a user, the user may be authorized different types of access or activity.

Auto-answer
The facility to answer while unattended.

Availability
Information or services are accessible by the user when needed.

B

Back Door
An entry point to a program or a system that is hidden or disguised, often created by the software's author for maintenance. A certain sequence of control characters permits access to the system manager account. If the back door becomes known, unauthorized users (or malicious software) can gain entry and cause damage.A hidden program, left behind by an intruder or a disgruntled employee, that allows them future access to a victim.

Back Orifice
Back UP To preserve a file system or files, usually for disaster recovery. Generally, back up is done on floppy disk, tape drive, or other portable media that can be safely stored for later use.

Bastion Host
A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to come under attack. Bastion hosts are often components of firewalls, or may be "outside" Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., UNIX, VMS, WNT, etc.) rather than a ROM-based or firmware operating system.

Baud
Unit of signaling speed. The speed in baud is the number of discrete conditions or events per second. If each event represents only one bit condition, baud rate equals bps. When each event represents more than one bit (e.g. digit), baud rate does not equal bps.

Beamwidth
(More correctly Half Power Beamwidth). The angle over which a directional antenna radiates no less than half power in the primary direction

Billing
The debiting of a customer's account

Binding
An affirmation by an IA (or its LRA) of the relationship between a named entity and its public key.

Biometric Access Control
Any means of controlling access through human measurements, such as fingerprinting and voiceprinting.

Bisynchronous Protocol
Set of conventions controlling synchronous transmission which defines the controlling start and end characters and the error checking performed.

Bisynchronous Transmission
a byte- or character-oriented IBM communications protocol that has become an industry standard. It uses a defined set of control characters for synchronised transmission of binary-coded data between stations in a data-communication system.

Bit (Binary Digit)
Contraction of "binary digit," the smallest unit of information in a binary system; a one or zero condition.

Bits/Second (bps)
the number of bits that pass a given point in a communication line per second. The basic unit of measure for serial data-transmission capacity; Kbps for kilo (thousands of) bits per second; Mbps for mega (millions of) bits per second; Gbps for giga (billions of) bits per second; Tbps for Tera (trillions of) bits per second.

Black spot
An area where radio coverage is inadequate resulting in poor or no communications

BO Sniffer
No its not some sick person who likes the smell of BO!;) A program used to trace Back Orifice

BSC
Base Station Controller

BSS
Base Station Subsystem

BTS
Base Transceiver Station

Bug
A hole or weakness in a computer program

Byte
A unit of information, used mainly in referring to parallel data transfer, semiconductor capacity, and data storage; also referred to as a "character", usually shorter than a computer 'word'; a group of eight (sometimes seven) bits used to represent a character.

C

CA Applicant
An entity who submits a PCA requesting to become a CA or subordinate CA.

CA
Certification Authority

CCITT (Consultative Committee for International Telephony and Telegraphy)
An international association that sets world-wide communications standards (e.g., V.21, V.22, X.25, X.400, etc.).

CDMF
Commercial Data Masking Facility

CDPD
Cellular Packet Digital Data

CEIR
Central Equipment Identity Register

CEN
Committee for European Normalization. A standards setting body including the members of the European Community.

CERT
The Computer Emergency Response Team was established at Carnegie-Mellon University after the 1988 Internet worm attack.CERT is a security organization, and its purpose is to assist computer networks that have beenbrought under attack by malicious users: http://www.cert.org

Certificate (Public Key Certificate)
A data structure that binds the identity of a certificate holder(or subject) to a public key. The certificate is electronically signed by the Certification Authority to ensure that nobody can tamper it. A certificate, at least, states a name or identifies the Issuing Authority (IA), identifies the subscriber, contains the subscriber's public key, identifies the certificate's operational period, contains a certificate serial number, and is digitally signed by the IA.

Certificate Applicant
A person or authorized agent that requests the issuance of a public key certificate by an IA.

Certificate Application
A request from a certificate applicant (or authorized agent) to an IA for the issuance of a certificate.

Certificate authority
Trusted third-party clearing house that is known to be reliable and secure. These clearing houses issues security certificates and ensure their authenticity. Probably the most renowned commercial certificate authority is VeriSign, which issues certificates for Microsoft compatible ActiveX components, among other things.

Certificate Chain
An ordered list of certificates containing an end-user subscriber certificate and IA certificates (see Valid Certificate)

Certificate Expiration
The time and date specified in the certificate when the operational period ends, without regards to any earlier suspension or revocation.

Certificate Extension
An extension field to a certificate which may convey additional information about the public key being certified, the certified subscriber, the certificate issuer, and/or the certification process. Standard extensions are defined in Amendment 1 to ISA/IEC 9594-8:1995 (X.509). Custom extensions can also be defined by communities of interest. Within the FINEID PKI principally SEIS extensions are used.

Certificate Hierarchy
A FINEID PCS domain of Issuing Authorities (IA), each categorized with respect to its role in a "tree structure" of subordinate IAs. An IA issues and manages certificates for end-user subscribers and/or for one or more IAs at the next level. Note: an IA in a trust hierarchy must observe uniform practices addressing issues such as naming, maximum number of levels, etc., to assure integrity of the domain and thereby ensure uniform accountability, auditability, and management through the use of trustworthy operational processes.

Certificate Holder
An entity that is named as the subject of a certificate.

Certificate Issuance
The actions performed by an IA in creating a certificate and notifying the certificate applicant (anticipated to become a subscriber) listed in the certificate of its contents.

Certificate Management
Certificate management includes, but is not limited to storage, dissemination, publication, revocation, and suspension of certificates. An IA undertakes certificate management functions by serving as a registration authority for subscriber certificates. An IA designates issued and accepted certificates as valid by publication.

Certificate of Authenticity
A document issued by an authorized official of the jurisdiction in which an acknowledgment by a notary was taken.

Certificate Policy (CP)
A named set of rules that indicated the applicability of a certificate to a particular community and/or class of application with common security requirements. For example, a particular certificate policy might indicate applicability of a type of certificate to he authentication of electronic data interchange transactions for the trading of goods within a given price range.

Certificate Revocation List(CRL)
A list of certificates which are no longer valid. A CRL is generated, time-stamped, signed and distributed by a Certification Authority. A periodically (or exigently) issued list, digitally signed by an IA, of identified certificates that have been suspended or revoked prior to heir expiration dates. The list generally indicated the CRL issuer's name, the date of issue, the date of the next scheduled CRL issue, the suspended or revoked certificates' serial numbers, and the specific times and reasons for suspension and revocation.

Certificate Revocation
See Revoke a Certificate

Certificate Serial Number
A value that unambiguously identifies a certificate generated by an IA.

Certificate Suspension
See Suspend a Certificate

Certificate User
An entity that uses certificates to know, with certain, the public key of another entity (relying party).

Certificate
Digitally signed electronical passport. See also X.509

Certificate-Using
An implementation of those functions that are used by a certificate user.

Certification Authority (CA)
An authority (e.g. a TTP) trusted by one or more users to create and issue certificates to end entities and other CAs. CAs issue CRL periodically, and post certificates and CRLs to a repository. Optionally the certification authority may create the user's keys. A person (see definition for Person) authorized to issue certificates. In the FINEID PKI, a CA is subordinate to a PCA.

Certification Path
An ordered sequence of certificates, leading from a certificate whose public key is know by a client, to a certificate whose public key is to be validated by the client.

Certification Practice Statement (CPS)
A statement of the practices which a Certification Authority employs in issuing certificates.

Certification/Certify
The process of issuing a certificate by an IA.

Certifier
See Issuing Authority

CESG
Computer Electronic Security Group at Cheltenham

CGI-based Attack
An attack that exploits vulnerabilities in Common Gateway Interface programs, usually via a World Wide Web site.

Challenge/Response
A security procedure in which one communicator requests authentication of another communicator, and the latter replies with a pre-established appropriate reply.

Chroot
A technique under UNIX whereby a process is permanently restricted to an isolated subset of the file system.

Ciphertext
Data which have been encrypted with some encryption algorithm. One cannot read the original data without possessing right decryption key.

Claimant
An entity which is or represents a principal for the purposes of authentication. A claimant includes the functions necessary for engaging in authentication exchanges on behalf of a principal. An entity which is or represents an entity whose identity is authenticated (principal) [ISO10181b].

Clear Text
see Plain Text

Clone
To program identity information from a legal equipment into an illegal equipment to give it access rights

Codec coder/decoder or compression/decompression algorithm
As the name implies, codecs are used to encode and decode (or compress and decompress) various types of data--particularly those that would otherwise use up inordinate amounts of disk space, such as sound and video files. Common codecs include those for converting analog video signals into compressed video files (such as MPEG) or analog sound signals into into digitized sound (such as RealAudio). Codecs can be used with either streaming (live video or audio) or files-based (AVI, WAV) content.

Coded File
In encryption, a coded file contains unreadable information.

Common Criteria
Revised and combined version of the Orange book and ITSEC.

Common Gateway Interface (CGI)
Refers to a programming style and standard used to provide programmatic functionality to Web sites. Search engines are geberally built to CGI specifications.(CGI standards are non-platform-specific and provide a generalized standard for any type of Web-based programming) Perl is today's most popular language used for CGI programming. However CGI programs can be writtern in C, C++, Python, Visual Basic and serval shell languages.

Communication Software
Programs that allow computers to communicate through MODEMS. Some are capable of automatic communications, such as auto-dial and auto-answer.

Communications Security
Procedures designed to ensure that telecommunications messages maintain their integrity and arenot accessible by unauthorized individuals.

Communications
The means of electronically linking two computers to exchange information in EDI.

Compromise
A violation (or suspected violation) of a security policy, in which an unauthorized disclosure of, or loss of control over, sensitive information may have occurred. (Cf., Data Integrity)

CompTIA
The Computing Technology Industry Association , formerly known as., ABCD: The Microcomputer Industry Association, a trade association serving the microcomputer industry and involved in the development and promotion of Electronic Commerce conventions for its industry members.

Computer Application
Computer program or programs which solves a problem or performs a function. Example, the order/entry application handles incoming purchase orders.

Computer Security Audit
An independent evaluation of the controls employed to ensure appropriate protection of an organization's information assets.

Computer Security
Technological and managerial procedures applied to computer systems to ensure the availability, integrity and confidentiality of information managed by the computer system.

Concentrator
Any communications device that allows a shared transmission medium to accommodate more data sources than there are channels currently available within the transmission medium.

Conditional (C)
A data element requirement designator which indicates that the presence of a specified data element is dependent on the value or presence of other data elements in the segment. The condition must be stated and must be computer processible.

Conditioning
Extra-cost options that users may apply to leased, or dedicated, voice-grade telephone lines in which line impedances are carefully balanced; will generally allow for higher-quality and/or higher speed data transmission; in increasing order of resultant line quality and cost, conditioning may be C1, C2, C4, or D1; allows improved line performance with regard to frequency response and delay distortion.

Confidentiality
The condition in which sensitive data is kept secret and disclosed only to authorized parties. The property that information is not made available or disclosed to an unauthorized individuals, entities, or processes.

Confirmation of Certificate Chain
The process of validating a certificate chain and subsequently validating an end-user subscriber certificate.

Content Confidentiality
The content confidentiality security service provides assurance that the content of a message is only known to the originator and the recipient.

Content Integrity
The content integrity security service enables the recipient to determine if the message content have been modified.

Control Envelope
The beginning and ending segments of an interchange or functional group in a standard data format. Used by the receiver to validate that the complete group has been received and that it contains the correct number of units as counted by the sender.

Control Number/Reference Number
Number used to identify an entity. For example, a segment identifier identifies a standard segment; a data element identifier identifies a standard data element.

Convention
A document usually developed by an industry, sometimes by a company, which describes the selected subset of a standard and the way data will be used by the industry or company EDI trading community.

CP
Certificate Policy

CPS
Certification Practice Statement

Crack
To breach system security or break the registration scheme on commerical software.

Cracker
Someone who, with malicious intent, unlawfully breaches the security of computer systems ; someone who breaks schemes on commercial software.

Crash
When a system suddenly fails and requires a reboot.

Credentials
Data that is transferred to establish the claimed identity of an entity.

CRL
see Certificate Revocation List

Cross-Certification
A condition in which a CA in one domain certifies a CA in another domain.

Cross-industry Standard
A data standard that has cross-industry application. EDIFACT is such a standard, with broad participation from many industries and a requirement of public review prior to becoming a standard.

Cryptographic Algorithm
A clearly specified mathematical process for computation; a set of rules that produce a prescribed result.

Cryptographic Equipment
Hardware or software that performs cryptographic functions (e.g., encryption, authentication, key generation)

Cryptographic Key
A parameter that determines the transformation from plain text to cipher text or vice versa. For example a DEA key is a 64-bit parameter consisting of 56 independent bits and eight bits which may be used as odd parity bits.

Cryptography
- The mathematical science used to secure the confidentiality and authentication of data by replacing it with a transformed version that can be reconverted to reveal the original data only by someone holding the proper cryptographic algorithm and key.
- A discipline that embodies the principles, means, and methods for transforming data in order to hide its information content, prevent its undetected modification ,and/or prevent its unauthorized uses.

Cryptomodule
A trustworthy implementation of a cryptosystem which safely performs encryption and decryption of data.

Crytographic Checksum
A one-way function applied to a file to produce a unique "fingerprint" of the file for later reference. Checksum systems are a primary means of detecting file system tampering on UNIX.

CT2
Cordless Telephony No. 2

D

Data Confidentiality
See Confidentiality

Data Driven Attack
A form of attack in which the attack is encoded in innocuous-seeming data which is executed by a user or other software to implement an attack. In the case of firewalls, a data driven attack is a concern since it may get through the firewall in data form and launch an attack against a system behind the firewall. An attack that relies upon hidden or encapsulated data, which maybe designed to flow through a firewall undetected. (Java and JavaScripts can be used for such attacks).

Data Element Delimiter Character
A character that marks the end of information contained in a variable length data field.

Data Element Length
The range, minimum to maximum, or the number of character positions available to represent the value of a data element. A data element may be of variable length with range from minimum to maximum, or it may be of fixed length in which case the minimum is equal to the maximum.

Data Element Reference Number
The number which identifies each element found in a standard segment with its corresponding definition in the data element dictionary.

Data Element Separator
A unique character preceding each data element that is used to delimit data elements within a segment.

Data Element
The basic units of information in the EDI standards and conventions containing a set of values that represent a singular fact. Data elements may be single character codes, literal descriptions, or numeric values.

Data Encryption Standard (DES)
An encryption standard developed by IBM and then tested and adopted by the National Bureau of Standards. Published in 1977, the DES standard has proven itself over nearly 20 years of use in both government and private sectors. Currently DES is the US government standard tool for encrypting non-classified data.

Data Integrity
A condition in which data has not been altered or destroyed in an unauthorized manner. The property that data has not been altered or destroyed in an unauthorized manner.

Data Link
Any serial data-communications transmission path, generally between two adjacent nodes or devices and without intermediate switching nodes. A data link includes the physical transmission medium, the protocol, and associated devices and programs, so it is both a physical and a logical link.

Data Message
An arrangement of data characters with appropriate communication's overhead, e.g., check characters, data identifiers, function indicators.

Data Origin Authentication
The corroboration that the entity responsible for the creation of a set of data is the one claimed.

Data Recovery
See Key Recovery

Data Requirements
Describes those data elements needed by a computer application in order to process a specified business transaction.

Data Segment
A segment is the intermediate unit of information in a message set. Segments consist of logically related data elements in a defined sequence. Segments have a unique segment identifier that compresses the first characters of the segment. When segments are combined to form a message set, their relationship to the message set is defined by a segment requirement designator and a segment sequence. Some segments may be repeated, and groups of segments may be repeated as loops.

Data Type
The characteristic of a data element that describes whether it is numeric, alphabetic, or alphanumeric.

Data
A general term to denote the basic elements of information which can be processed or produced by a computer. Information represented in digital form, including voice, text, facsimile, and video.

Database
A set of related information created, stored, or manipulated by a computerized management information system.

Decipher
To convert ciphertext back to plaintext using decryption key.

Decode
Conversion of encoded text to plaintext through the use of a code.

Decrypt
Conversion of either encoded or enciphered text into plaintext.

Decryption
The process of transforming cipher text into plain

Dedicated Line
A dedicated circuit, a non-switched channel; also called a private line; See "Leased Line".

Dedicated
A special purpose device. Although it is capable of performing other duties, it is assigned to only one.

Defense in Depth
The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.

Demo Certificate
A certificate issued by an IA to be used exclusively for demonstration and presentation purposes and not for any secure or confidential communications. Demo certificates may be used by authorized persons only.

Denial of Service
See Availability

DES
Look at: Data encryption standard.

Destination Field
A field in a message header that contains the address of the station to which a message is being directed.

Dial-up Link
Dialed-up link over the switched telephone network.

Digital Certificate
see Certificate

Digital Signature
Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient [ISO7498]. A transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's public key can accurately determine whether the transformation was created using the private key that corresponds to the signer's public key and whether the message has been altered since the transformation was made.

Directory Service (DS)
A distributed database service capable of storing information, such as certificates and CRLs, in various nodes or servers distributed across a network. An example is the ITU-T standard X.500.

Directory
System where certificates and revocation lists are published.

DISA Data Interchange Standards Association
The organisation that acts as secretariat for ANSI ASC X12 and the Pan American EDIFACT Board in the United States.

Distinguished Name
A set of data that identifies a real-world entity, such as a person in a computer-based context. (e.g., countryName=US, state=California, organizationName=Electronic Inc., commonName=JohnDoe).

DNS spoofing
A technique through which the attacker compromises a Domain Name Service Server. This can be done either by corrupting the DNS cache or by man-in-the-middle attacks (in which your machine impersonates the legitimate DNS server). Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.

DOS (Disk Operating System)
A set of programs that instruct a disk-based computing system to manage resources and operate related equipment. This refers to Denial of Aervice, a condition that results when a user maliciously renders an Internet information server inoperable, thereby denying computer service to legitimate users.

Download
The transfer of data from a large computer to a front- end processor (smaller computer).

Downtime
The period during which computer or network resources are unavailable to users because of a failure.

DTI
Department of Trade and Industry

Dual Homed Gateway
A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.

E

EAC
Equipment Identity Register Administration Centre

EBCDIC (Extended Binary Coded Decimal Interchange Code)
An eight-bit character code used primarily in IBM equipment. The code allows for 256 different bit patterns; compare with ASCII.

ECC
see Elliptic Curve Cryptography

E-Commerce
Electronic Commerce has come to mean many different things to many different people. Originally, the term meant selling things online. The term has evolved to mean conducting business online (which can include customer service functions, sales, marketing, PR, advertising, and more).

EDI "Gateway"
The logical location of entry or exit of EDI data into/out of your company. A device having output and input channels through which EDI communication of EDI data is affected.

EDI Electronic Data Interchange
Inter company, computer-to-computer communication of data which permits the receiver to perform the function of a standard business transaction and is in a standard data format.

EDI Readiness
An indicator to determine a firm's ability to physically accomplish and attain benefits from EDI based on the presence of computer and communication hardware and application software.

EDIFACT
Acronym for Electronic Data Interchange for Administration, Commerce and Transport, the international EDI Standard as developed through the United Nations.

EEPROM
Electronically Erasable Programmable Read Only Memory

EFT
Electronic Funds Transfer. Computerized systems that process financial transactions and information about financial transactions, or that affect an exchange of value between two parties.

EIA Electronic Industries Association
A standards organisation in the U.S.A. specializing in the electrical and functional characteristics of interface equipment.

EIDX Electronics Industry Data Exchange
A group formed to coordinate EDI activities for the electronics industry.

EIR
Equipment Identity Register

Electronic signature
Some form of signature in electronic form.

Elliptic Curve Cryptography
Asymmetric cryptography that is based on elliptic curve mathematics.

Emulation
The imitation, performed by a combination of hardware and software, of all or part of one device, terminal, or computer by another, so that the imitating device accepts the same data, performs the same functions, and appears to other network devices as if it were the imitated device. Emulation allows programs to run between incompatible systems.

Encipher
To convert plaintext to ciphertext using encryption key.

Encrypting Rounter
See Tunneling Router and Virtual Network Perimeter.

Encryption Key
A group of characters which is used to initiate the encryption process. Each partner of a trading partner pair must have possession of the same key.

Encryption
The process of transforming plaintext data into an unintelligible form (ciphertext) such that the original data either cannot be recovered (one-way encryption) or cannot be recovered without using an inverse decryption process (two-way encryption).

End-to-End Encryption
Encryption at the point of origin in a network, followed by decryption at the destination.

End-User Subscriber
A subscriber which is not also an IA.

Enhanced Naming
The use of an extended organization field (OU=) in an X.509 v3 certificate.

Enrollment
The process of a certificate applicant's applying for a certificate.

Entity
See Person

Environment
The aggregate of external circumstances, conditions and events that affect the development, operation and maintenance of a system.

Error Detecting Protocol
A communications protocol having a procedure in place to detect when data received is not identical to that sent.

Ethernet
Spoofing Any procedure that involves assuming another host's ethernet address to gain unauthorized access to the target

ETSI
European Telecommunications Standards Institute

Evidence
Information that either by itself or when used in conjunction with other information is used to establish proof about an event or action. [ISO13888a]

Exploit
Firewall Device that examines each packet and determines its source address. If that address is on an approved list, the packets gain entry. If not, they are rejected.

Export Control Certificate
A certificate-based service that allows approved server certificate subscribes to operate in a strong encryption mode, and as a result, allows a browser accessing such a server to also operate in such strong encryption mode.

Extensions
Extension fields in X.509 v3 certificates. See X.509. In FINEID PKI principally SEIS extensions are used.

F

Feasibility Stage
The stage during which the possible benefits and costs of implementing a business or system change are evaluated. The deliverable of this stage is a feasibility study.

Feasibility Study
A document generated out of investigation into the economic environment, internal and external pressures, systems, procedures, and communication capability in a business area within a firm. A deliverable to help corporate managers evaluate possible benefits of implementing a business or system change and is an integral part of a corporate implementation plan.

FINEID ROOT (FR)
An Issuing Authority that registers PCAs (e.g. Finnish Population Register Center) by registering the self-signed public key of each PCA.

FINEID
Finnish Electronic Identity

Finland Post Naming Authority
A Finland Post registration authority that establishes and enforced controls over and has decision-making authority regarding the issuance of relative distinguished names for all IAs (but not for end-user subscribers). (Cf., Naming Authority).

Finland Post Qualifier
A data syntax facilitating the representation of a set of values which restrict the meaning of the FINEID CP. The qualifier value augments the standard certificate policy extension present in all certificates according to the rules defined by X.509 for that extension type.

Finnish Population Register Center (FPRC)

Firewall
A system or combination of systems that enforces a boundary between two or more networks.

Flat File
A computer file where all the information is run together in a signal character string.

Flood, Floods, Flooder
Tool or tools that overflow the connection queue of a TCP/IP enabled system, thereby causing denial of service.

FR
FINEID Root

FTP security extensions
Extensions to the File Transfer Protocol that provide authentication, integrity, and confidentiality checking for FTP-based sessions.

Functional Acknowledgement
An ANSI X12 message set generated by the receiver of EDI data and transmitted to the sender. The message set acknowledges receipt of the data and reports the results of validation edits on the functional group, message set, or data element level.

Functional Group Header Segment
A standard data format segment defined as the start of a functional group. It contains group type, group identifier, sender and receiver codes and version of the standard used.

Functional Group Identifier
Each message set is assigned a functional group identifier code. This identifier is the first data element of the functional group header segment (GS). The applicable functionalgroup identifier is shown at the top of each message set after the message set name. In cases where no functional group ID is given, the message set assumes the functional group ID of the functional group with which it is transmitted.

Functional Group Level Acknowledgement
A functional acknowledgment which acknowledges receipt of data and reports back to the sender on the completeness of the functional group.

Functional Group Trailer Segment
A standard data format segment defined as the end of a functional group. It contains the group identifier and the number of message sets contained in the group.

Functional Group
A group of like EDI message sets being sent from one party to another.

G

Gateway
A bridge between two networks.

Generate a Key Pair
A trustworthy process of creating private keys during certificate application whose corresponding public key are submitted to the applicable IA during certificate application in a manner that demonstrates the applicant's capacity to use the private key.

Gigabit
1,000,000,000 bits

Global Security
The ability of an access control package to permit protection across a variety of mainframe environments, providing users with a common security interface to all.

Granularity
The relative fineness or coarseness by which a mechanism can be adjusted.

GSM Groupe Speciale Mobile (Global System for Mobile Communications)
This set of standards is widely used in Europe for cellular communications. The audio encoding subset of the GSM standard is best known to computer users because its data compression and decompression techniques are also being used for Web-phone communication and encoding WAV and AIFF files.

GSM
Global System for Mobile Communications or Groupe Spéciale Mobile

H

Hack
Any software in which a significant portion of the code was originally another program.

Hacker
Someone interested in operating systems, software, security, and the internet. Also a programmer; an individual who codes for a living.

Hacking
Any activity performed by a hacker

Hash (Hash Function)
A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties:

Hash Code
The string of bits which is the output of a hash function

Hash Function
An algorithm mapping or translating one sequence of bits into another, generally smaller set (the hash result) such that (1) a message yields the same hash result every time the algorithm is executed using the same message as input, (2) it is computationally infeasible that a message can be derived or reconstituted from the hash result produced by the algorithm, and (3) it is computationally infeasible that two messages can be found that produce the same hash result using the algorithm.

Header
The specific segment that, in simplest terms tells the receiving computer where an individual EDI message starts.

Hexadecimal
A Base-16 notation commonly used to represent binary values in computers and coding structures, such as ASCII, EBCDIC, and ISO 646.

Highjacking
This refers to terminal highjacking, where an attacker seizes control of another user's session. This is rare occurrence and when it happens, it indicates that the target's security has been breached

HLR
Home Location Register

HLRID
Home Location Register Identity

Host-based Security
The technique of securing an individual system from attack. Host-based security is operating system and version dependent.

Hot Standby
A backup system configured in such a way that it may be used if the system goes down.

Hypertext Transfer Protocol (HTTP)
The protocol used to traffic hypertext across the Internet, and the WWW's underlying protocol.

I

IA Certificate
A certificate issued by an authorized superior IA to a subordinate IA.

IA
Issuing Authority

ICQ
Identification Protocol (IDENT) A TCP-based protocol for use in identifying users. This is a more advance and updated version of Authentication Protocol.

IDEA International Data Encryption Algorithm
A powerful encryption system.IDEA is a block-ciper algorithm that operates with a 128-bit key default. IDEA encrypts data faster than DES, and therefore more secure.

Identification/Identity
The process of confirming the identity of a person. Identification is facilitated in public key cryptography by means of certificates.

Identity
A unique piece of information that marks or signifies a particular entity within a domain. Such information is only unique within a particular domain.

IETF
The Internet Engineering Task Force, a public forum that develops standards and resolves operational issues for the Internet. IETF is purely voluntary.

IMEI
International Mobile Equipment Identity

IMSI
International Mobile Subscriber Identity

Information Systems Technology
The protection of information assets from accidental or intentional but unauthorized disclosure, modification, or destruction, or the inability to process that information.

Information Warfare
The practice of or the field of attacking another's information: a term often used in military or intelligence circles to describe the destruction, degradation or disintegration of another's information infrastructure.

Insider Attack
An attack originating from inside a protected network.

Integrity
The element of data protection concerned with ensuring that data cannot be deleted, modified, duplicated or forged without detection.

International Standard
An ISO standards document that has been approved through the final balloting process.

Internet (The Beginning)
The Internet had its roots in early 1969 when the ARPANET was formed. ARPA stands for Advanced Research Projects Agency (which was part of the U.S. Department of Defense). One of the goals of ARPANET was research in distributed computer systems for military purposes. The first configuration involved four computers and was designed to demonstrate the feasibility of building networks using computers dispersed over a wide area. (Source: "Navigating the Internet," by Mark Gibbs and Richard Smith)

Internet (Today)
A web of different, intercommunicating networks funded by both commercial and government organizations. It connects networks in 40 countries. No one owns or runs the Internet. There are thousands of enterprise networks connected to the Internet, and there are millions of users, with thousands more joining every day.

Internet Worm
Also called the Morris Worm; a program that attacked the internet in November 1988.

Intrusion Detection
Detection of break-ins or break-in attempts either manually or via software expert systems that operate on logs or other information available on the network. The practice of deploying automated procedures and applications to detect intrusions attempts.

IP Internet Protocol
The means of computers communicating via the Internet.

IP Splicing/Hijacking
An attack whereby an active, established, session is intercepted and co-opted by the attacker. IP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer.

IP Spoofing
An attack whereby a system attempts to illicitly impersonate another system by using its IP network address. Any procedure by which an attacker assumes another host's IP address to gain unauthorized access to the target.

IPSEC
IP Security provides encryption and authentication services at the IP level of the protocol stack used in Internet.

IRC
Jack In Slang term used by crackers; refers to the act of breaching the security of an Internet information server.

ISDN
Integrated Services Digital Network

ISO 646
A seven-bit international coding structure for 128 different data characters. International equivalent to ASCII.

ISO International Standards Organisation
An international organisation, working through the United Nations, that maintains and sets the standards for all applications of technology and mechanics and data comunications for global industry.

ISSA
International Systems Security Association.

Issuer
See Issuing Authority

Issuing a Certificate
See Certificate Issuance

Issuing Authority (IA)
Within FINEID PKI, the FR, PCA, or CA (or subordinate CA) that issues, suspends, or revokes a certificate. IAs are identified by a distinguished name on all certificates and CRLs they issue. it is computationally infeasible to find for a given output an input which maps to this output; and
- it is computationally infeasible to find for a given input a second input which maps to the same output.
An algorithm that maps or translates one set of bits into another (generally smaller) set in such a way that:

ITSEC
European standard for information technology certification.

J

K

KES
Key Escrow System

Key Generation
The trustworthy process of creating a private key/public key pair. The public key is supplied to an IA during the certificate application process.

Key Management
The generation, storage, distribution, deletion, archiving and application of keys in accordance with a security policy

Key Pair
A private key and its corresponding public key. The public key can verify a digital signature created by using the corresponding private key. In addition, depending upon the type of algorithm implemented, key pair components can also encrypt and decrypt information for confidentiality purposes, in which case a private key uniquely can reveal information encrypted by using the corresponding public key.

Key Recovery/Data Recovery
A key recovery encryption system is an encryption system with a backup decryption capability that allows authorized persons (user, officers or an organization and law enforcement authorities) under certain prescribed condition, to decrypt ciphertext with the help of information supplied by one or more trusted parties who hold special data recovery keys. The data recovery keys are not normally the same as those used to encrypt and decrypt the data, but rather provide a means of determining the data encryption/decryption keys. An example, of key recovery scheme based on escrow techniques.

Key
In encryption, a key is a sequence of characters used to encode and decode a file. You can enter a key in two formats: alphanumeric and condensed (hexadecimal). In the network access security market, "key" often refers to the "token," or authentication tool, a device utilized to send and receive challenges and responses during the user authentication process. Keys may be small, hand-held hardware devices similar to pocket calculators or credit cards, or they may be loaded onto a PC as copy-protected, software.

L

LAC
Location Area Code

LAI
Local Area Identifier

LDAP
Lightweight Directory Access Protocol, Internet standard for accessing simple directories.

Leased Line
A dedicated circuit, typically supplied by the telephone company, that permanently interconnects two or more user locations; generally voice-grade in capacity and in range of frequencies supported; typically analog, though sometimes it refers to DDS sub-rate digital channels (2.4 to 9.6 Kbps); used for voice (2000 Series leased line) or data (3002 type); could be point-to-point or multi-point; may be enhanced with line conditioning; also, private line.

Least Privelege
Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach.

Left-Hand Justified Blank Filled
A common data processing convention for the storage of variable length data in fixed length memory locations. When data of shorter length than the maximum length of the storage location field are input, the data are shifted to the left, so that the first significant character of the input appears in the first reserved memory location of the storage medium. Those memory locations that follow the data field and are unused are filled with blank characters (ASCII hex 20). Also referred to as alphanumeric field convention.

Levels of Security
The various degrees of access to data in order to assure protection of computer-stored data. Line Speed - See "Bits/Second".

Line Turnaround
The reversing of transmission direction from sender to receiver or vice versa when a half-duplex circuit is used.

Local Area Network (LAN)

Local Registration Authority (LRA)
An entity approved by an IA to assist persons in applying for certificates, revoking (or where authorized, suspending) their certificates, or both and also approving such applications. An LRA is not the agent of a certificate applicant. An entity that acts an intermediary between the CA and a prospective certificate subject. The CA trusts the LRA to verify the subject's identity and that the subject possesses the private key corresponding to the public key to be bound to that identity in a certificate. Equivalent functions are referred to as Organizational Registration Authority (ORAs) or Registration Authorities (RAs) in some documents.

Local Registration Authority Administrator (LRAA)
An employee of an LRA that is responsible for carrying out the functions of an LRA.

Local Registration Authority
Entity in PKI that is responsible for verifying user's identity before creating and issuing a certificate.

Lock Box
A post office or electronic box in which customer payments are deposited. The box is accessible by local banks who pass the payments to the company's main bank. A lock box serves the purpose of reducing float for the receiver company.

Log Processing
How audit logs are processed, searched for key events, or summarized.

Log Retention
How long audit logs are retained and maintained.

Logging
The process of storing information about events that occurred on the firewall or network.

Logon ID
The personally generated identification code used when logging on to a system, which permits the system to recognize the user. May be associated with varying levels of security.

Logon
A procedure for user access to a system involving identification, access control, and exchange of information between user and system.

Loop
A group of semantically related segments. The NAD loop, which includes segments NAD to CTA for name and address information, is an example of a loop. Loops may be nested within other loops. If the requirement designator of the first segment in a loop is mandatory (M), then at least one iteration of the loop is required. If a loop is used, the first segment shall be used for each iteration of the loop. Mandatory segments within a loop are mandatory only if the loop is used.

Looping
The repetition of a group of segments in a standard data format message set.

LRA
see Local Registration Authority

M

MAC - Macro Authentication code
A cryptographically computed value that is the result of passing text or numeric data through the authentication algorithm using a specific key. The message authentication code can be used as a hash or control total when text or numeric data must be protected from alteration. A character string computed as a result of an authentication of an EDI data stream. The MAC is appended to the original stream and transmitted along with the data. After performing the identicalcomputations at the receiving location, the receiver must verify that his computed MAC is identical to that sent. If not, he knows that the data has been tampered with during transmission.

Mailbox
A logical partition of disk data storage in which all data sent to a particular recipient is stored until retrieved by that recipient. Mailboxes are provided as a service by third party EDI service providers.

Mandatory Data Element/Segment
A data element or segment within a standard data format in which information must be contained.

Mapping
The act of determining what pieces of information in the company's data base should be placed into each data element of an EDI message or message set, or in reverse, what data elements of an EDI message or message set should be placed into the company's database. Logical Mapping: The act of comparing a company data base to a set of standards. Physical Mapping: The act of programming a translation software package to relate a logical map to the mapping capabilities of the translation software.

Market Factors
Those situations outside of a company that influence its decision to implement EDI. For example, pressure from a major customer.

Mass Merchandiser
A large retailer, carrying a large variety of merchandise and competing for consumers mainly on the basis of price.

Material Release
A message set used by the automotive industry which acts as a release for product against an annually negotiated purchase order.

MCC
Mobile Country Code

MCert
Compressed form of a X.509 certificate used in SmartTrust technology.

MD5
A Message digest algorithm.

ME
Mobile Equipment

Message Digest
Output of hash function for given message.

Message
A block of information in EDI making up a business transaction or part of a business transaction within an international standard

MIPS (million instructions per second)
A general comparison gauge of a computer's raw processing power.

MNC
Mobile Network Code

MNP Level 5
Incorporates the first four levels and employs a data compression algorithm. It "compresses" data by a factor of 2 to 1, allowing the transmission of twice the amount of data as rated by themodem's top transmission speed, e.g., modems that transmit data at 4800 bps would send an amount of data equal to an uncompressed 9600 bps. See V.42, V.42 bis.

MNP Levels 1-4
The Microcom Networking Protocol (MNP) developed by Microcom, Inc., enables error-free asynchronous data transmission. Although MNP is a proprietary protocol, it became a de facto industry standard in the 1980s because users demanded it from modem manufacturers. Bothmodems in a connection must implement the same MNP protocols.

Modem (MOdulator-DEModulator)
A device used to convert serial digital data from a transmitting terminal to a signal suitable for transmission over a telephone channel, or to re-convert the transmitted signal to serial digital data for acceptance by a receiving terminal.

MS
Mobile Station

MSC
Mobile Switching Centre

MSIN
Mobile Subscriber Identification Number

N

Name
A set of identifying attributes purported to describe an entity of a certain type.

Naming Authority
A body which executes naming policy and procedures and has control over the registration and assignment of primitive (basic) names to object of a particular class.

Naming
Naming is the assignment of descriptive identifiers to object of a particular type by an authority which follows specific issuing procedures and maintains specific records pertinent to an identified registration process.

Network Architecture
A set of design principles, including the organisation of functions and the description of data formats and procedures, used as the basis for the design and implementation of a network (ISO). A reference used for the definition and development of protocols and products for inter-networking between data processing systems, often used to define a hierarchy of communication function layers.

Network Worm
A program or command file that uses a computer network as a means for adversely affecting a system's integrity, reliability or availability. A network worm may attack from one system to another by establishing a network connection. It is usually a self-contained program that does not need to attach itself to a host file to infiltrate network after network.

Network
An interconnected group of nodes; a series of points, nodes, or stations connected by communications channels; the assembly of equipment through which connections are made between data stations.

Network-Level Firewall
A firewall in which traffic is examined at the network protocol packet level.

Node
A computer or switching device situated at the point where two or more communications lines meet with both input and output circuits.

Nonrepudiation
Cryptographic assurance that a message sender cannot later deny sending a message, or that the recipient cannot deny receipt

Non-Repudiation of Origin (NRO)
This security service guarantees that the originator of a message cannot later falsely repudiate having originated that message.

Non-Repudiation of Receipt (NRR)
This of security service guarantees that the recipient of a message cannot falsely repudiate having received that message (ISO draft documents use the term "non-repudiation of delivery").

Non-Repudiation
Provides proof of the origin of delivery of data in order to protect the sender against a false denial by the recipient that the data has been received of to protect the recipient against false denial by the sender that the data has been sent.

Non-Verified Subscriber Information (NSI)
Information submitted by a certificate applicant to an Issuing Authority (IA), and included within a certificate, which has not been confirmed by the IA and for which the IA provides no assurances other than that the information was submitted by the certificate applicant. Information such as titles, professional degrees, accreditations, and Registration Field Information are considered NSI unless otherwise indicated.

Notary
A natural person authorized by an executive governmental agency to perform notarial services such as taking acknowledgments, administering oaths or affirmations, witnessing or attesting signatures, and noting protests of negotiable instruments.

Notice
The result of notification in accordance with the CPS

Notify
To communicate specific information to another person as required by the CPS and applicable law.

NR-PIN
Nonrepudiation PIN is a PIN that is used to protecy user's private key that is used for digital signatures.

O

OMC
Operation and Maintenance Centre

One-Time Password
In network security, a password issued only once as a result of a challenge-response authentication process. Cannot be "stolen" or reused for unauthorized access.

On-Line
Communications that provide a real-time connection to he Finland post PCS.

Operating System
The software of a computer that controls the execution of programs, typically handling the functions of input/output control, resource scheduling, and data management (e.g., CP/M, MS-DOS, VM/370).

Operational "Window"
A pre-defined number of hours per day and days per week in which normal business can be transacted. In EDI, those hours when data can be transmitted to a company directly.

Operational Certificate
A certificate which is within its operational period at the present date and time or at a different specified date and time, depending on the context.

Operational Period
The period starting with the data and time a certificate is issued (or on a later date and time certain if stated in the certificate) and ending with the date and time on which the certificate expires or is earlier suspended or revoked.

Optional Data Element/Segment
A data element or segment within a standard message set in which data can, but does not need to be present.

Orange Book
The Department of Defense Trusted Computer System Evaluation Criteria. It provides information to classify computer systems, defining the degree of trust that may be placed in them.

Order Entry Application
A computer program or group of programs, accepting data from an incoming order as input, validating its information, and usually passing it to an order processing application.

Order Processing Application
A computer program or group of programs accepting a validated order from an order entry application, evaluating it in terms of available inventory, and generating an internal staging order for stock items with inventory availability and an internal order to a manufacturing or assembly location for stock items with no inventory availability.

Order
A request or commission to make or provide an item or service, e.g., purchase order, shop order customer order, work order.

Organization
An entity with which a user is affiliated. An organization may also be a user.

Origin Authentication
The message origin authentication security service enables anyone who receives or transfers a message to authenticate the identity of the originator.

Originator
A person by whom (or on whose behalf) a data message is purported to have been generated, stored, or communicated. It does not include a person acting as an intermediary.

P

Paper-based Business Document
A business document whose information is printed on a paper form, For example, a purchase order or invoice.

Parties
The entities whose rights and obligations are intended to be controlled by the CPS. These entities may include certificate applicants, IAs, subscribers, and relying parties. (Se User; Issuing Authority; Relying Party)

Password (Pass Phrase; PIN Number)
Confidential authentication information, usually composed of string of characters used to provide access to a computer resource.

Password
A secret code assigned to a user. Also known by the computer system. Knowledge of the password associated with the user ID is considered proof of authorization. (See One-Time Password.)

Perimeter-based Security
The technique of securing a network by controlling access to all entry and exit points of the network.

PC Card (see also Smart Card)
A hardware token compliant with standards promulgated by the Personal Computer Memory Card International Association (PCMCIA) providing expansion capabilities to computers, including the facilitation of information security.

PCA
Primary Certification Authority

PCM/CIA
Personal Computer Module/Computer Industries Association

PCS
Public Certification Service(s)

Person
A human being or an organization (or a device under the control of a human being or organization) capable of signing or verifying a message, either legally or as a matter of fact. (A synonym of Entity.)

Personal Presence
The act of appearing (physically rather than virtually or figuratively) before an LRA or its designee and proving one's identity as a prerequisite to certificate issuance under certain circumstances.

Pilot
The process of testing a part of the final system as a gauge to determine the viability of the concept prior to implementing the entire system for full production. It takes the concept out of the realm of theory, and provides empirical knowledge of what can reasonably be expected of the system when it is fully implemented.

PIN
In computer security, a personal identification number used during the authentication process. Known only to the user. (See Challenge/Response, Two-Factor Authentication.)

PKCS
Public Key Cryptography Standard is a set of industry standards developed by RSA Data Security Inc.

PKI Hierarchy
A set of IAs whose functions are organized according to the principle of delegation of authority and related to each other as subordinate and superior IA.

PKI
see Public Key Infrastructure

Plaintext
Data.

Platform
The type of computer system being used.

Point-to-Point
Describing a circuit that interconnects two points directly, where there are generally no intermediate processing nodes, computers, or branched circuits, although there could be switching facilities; a type of connection, such as a phone line circuit, that links two, and only two, logical entities.

Policy Mapping
Recognizing that, when a CA in one domain certifies CA in another domain, a particular certificate policy in the second domain may be considered by the authority of the first domain to be equivalent (but not necessarily identical in all respects) to a particular certificate policy in the first domain.

Policy
Organization-level rules governing acceptable use of computing resources, security practices, and operational procedures.

Port
A point of access into a computer, a network, or other electronic device; the physical or electrical interface through which one gains access; the interface between a process and a communications or transmission facility.

Primary Certification Authority (PCA)
A person that establishes practices for all certification authorities and users within its domain.

Principal
An entity whose identity can be authenticated [ISO10181b].

Private Key
A mathematical key (kept secret by the holder) used to create digital signatures and, depending upon the algorithm, to decrypt messages or files encrypted (for confidentiality) with the corresponding public key. (See also Public Key Cryptography; Public Key) A private key is the secret part of an asymmetric key. When used to encrypt data, its corresponding public part may be used to decrypt the data. This can be used for signatures. Likewise, when the public part is used to encrypt data, the private part can be used to decrypt this data. This can be used for content confidentiality.

Proof of Delivery
Provides the originator with the means to verify whether a message was delivered to its destination.

Proprietary Ordering System
A group of programs developed and owned by a supplier, which is offered to its customers to handle ordering. Usually, such a system is interactive.

Protocol Conversion
For computers with different protocols to understand each other meaningful conversation needs to take place. Many VANS are equipped to allow conversations between different 'tongues'.

Protocol
Formal set of rules governing the format, timing, sequencing, and error control of exchanged messages of a data network; may be oriented toward data transfer over an interface, between two logical units directly connected, or on an end-to-end basis between two users over a large and complex network. Simple protocols define only hardware configuration. More complex protocols define timing, data formats, error detection, and correction techniques.

Protocols
Agreed-upon methods of communications used by computers.

Proxy
A software agent that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps does additional authentication, and then completes a connection on behalf of the user to a remote destination.

PSN
Packet Switched Network

PSTN
Public Switched Telephone Network

Public Certification Services (PCS)
The certification system provided by the FINEID and any FPRC authorized IAs. (See Finland post Public Certification Services)

Public Key Certificate
See Certificate

Public Key Cryptography (CF., Cryptography)
A type of cryptography that uses a key pair of mathematically related cryptographic keys. The public key can be made available to anyone who wishes to use it and can encrypt information or verify a digital signature; the private key is kept secret by its holder and can decrypt information or generate a digital signature.

Public Key Infrastructure (PKI)
The architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system. The PKI consists of systems which collaborate to provide and implement the PCS and possibly other related services.

Public Key
A mathematical key that can be made publicly available and which is used to verify signatures created with its corresponding private key. Depending on the algorithm, public keys are also used to encrypt messages or files which can then be decrypted with the corresponding private key. (See also Public Key Cryptography; Private Key) A public key is the public part of an asymmetric key. The public key may be available from the X.500 Directory, in the form of a certificate, or the sender may have received it directly from the recipient. When used to encrypt data, its corresponding public part may be used to decrypt the data. This can be used for signatures. Likewise, when the public part is used to encrypt data, the private part can be used to decrypt this data. This can be used for content confidentiality.

Public Switched Network
Any switching communications system such as Telex, TWX or public telephone networks - that provide circuit switching to many customers.

Public/Private Key
(See Public Key; Private Key; Key Pair)

Publish/Publication
To record or file information in the Finland Post repository and optionally in one or more other repositories in order to disclose and make publicly available such information in a manner that is consistent with this CPS and applicable law.

PUK
Personal Unblocking Key that can be used to unblock

Purchase-Pay Cycle
Period of time from generation of a purchase order, through receipt of ordered product, to payment for that product.

Purchasing Transaction
One of many transactions containing information relating to the purchase of a product or service. For example, purchase order, purchase order change, purchase order acknowledgment.

Q

Qualifier Code
A piece of information placed in a data element which is related to a second element and is used to identify how to interpret the data in the second element. The code list is found in the EDI standards Data Element Dictionary for element numbers.

Queue
Any group of items, such as computer jobs or messages, waiting for service.

Queuing
Sequencing of batch data sessions.

Quick Response (QR)
A retail philosophy developed by VICS, permitting the receipt of goods from suppliers at the retail site based upon the sales of the supplier's goods that are transmitted to the supplier on a periodic basis. Sales are generally recorded using bar codes and transmission between retailer and supplier occurs through the use of EDI standards - X.12 in the US and EDIFACT in Europe.

R

RCA
Radio Communications Agency (of the DTI)

Recipient (of a Digital Signature)
A person who receives a digital signature and who is in a position to rely on it, whether or not such reliance occurs. (Cf., Relying Party)

Record
Information that is inscribed on a tangible medium (a document) or stored in an electronic or other medium and retrievable in perceivable form. The term "record" is a superset of the two terms "document" and " message". (Cf., Document; Message)

Re-Enrollment
(Cf., Renewal)

Registered String
A class of object subject to registration and recording procedures which demonstrates the value is unambiguous within the records of the registration authority. The type of value recorded is a string of characters.

Registration Authority (RA)
An entity trusted to register other entities and assign them a relative distinguished value such as a distinguished name or, a hash of a certificate. A register scheme for each registration domain ensures that each registered value is unambiguous within that domain. (Cf., Certification Authority, see Local Registration Authority)

Registration Field Information
Country, zip code, age, and gender data included within designated certificates at the option of the subscriber.

Relative Distinguished Name (RDN)
A set of attributes compromising an entity's distinguished name that distinguishes the entity from others of the same type.

Relying Party
A recipient who acts in reliance on a certificate and digital signature. A recipient of a certificate who acts in reliance on that certificate and/or digital signatures verified using that certificate. The terms "certificate user" and "relying party" are often used interchangeably.

Remote Job Entry (RJE)
Executing a program or group of programs by entering a series of commands to a computer from a remote source.

Renewal
The process of obtaining a new certificate of the same type for the same subject once an existing certificate has expired.

Repository
A database of certificates and other relevant information accessible on-line.

Repudiation (see also Non-Repudiation)
The denial or attempted denial by an entity involved in a communication of having participated in all or part of the communication. Denial by one of the parties involved in a communication of having part participated in all or part of the communication [ISO7498].

Response Time
The elapsed time between the generation of the last character of a message at a terminal and the receipt of the first character of the reply. It includes terminal delay and network delay.

Revocation List
see Certificate Revocation List

Revoke a Certificate
The process of permanently ending the operational period of a certificate from a specified time forward.

Right-Hand Justified Zero Filled
A common data processing convention for the storage of variable length numeric data in fixed length memory locations. When data are input of shorter length than the maximum length of the storage location field, the data are shifted to the right so that the last significant character of the input appears in the last reserved memory location of the storage medium. The memory locations preceding the first character of the field being input are unused and filled with zero characters (ASCII hex 30). A convention used for numeric fields.

RISC
Reduced Instruction Set Computer

Risk Analysis
The analysis of an organization's information resources, existing controls and computer system vulnerabilities. It establishes a potential level of damage in dollars and/or other assets.

Rogue Program
Any program intended to damage programs or data. Encompasses malicious Trojan Horses.

Root CA
See FINEID Root (FR)

Root
The IA that issues the first certificate in a certification chain. The root's public key must be known in advance by a certificate user in order to validate a certification chain. The root's public key is made trustworthy by some mechanism other than a certificate, such as by secure physical distribution.

RSA
A public key cryptosystem named by its inventors, Rivest, Shamir and Adelman, who hold the patent.

S

Sales Reporting - (CompTIA)
The process by which a seller of product advises the supplier of the product what product was sold in a given time frame. May also include the identity of the customer to assist in issues such as warranty registration.

Salt
Random value

Screened Host
A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router.

Screened Subnet
A subnet behind a screening router. The degree to which the subnet may be accessed depends on the screening rules in the router.

Screening Router
A router configured to permit or deny traffic based on a set of permission rules installed by the administrator.

Secret Key
A key used with symmetric cryptographic techniques and usable only by a set of specified entities.

Secret Share Holder
An authorized holder of a physical token containing a secret share.

Secret Share Issuer
The person designated by an IA to create and distribute secret shares.

Secret Share
A portion of a cryptographic secret split among a number of physical tokens.

Secret Sharing (see also Secret Share)
The practice of distributing secret shares of a private key to a number of secret share holders; threshold-based splitting of keys.

Secure Channel
A cryptographically enhanced communications path that protects messages against perceived security threats.

Security Policy
The document describing IA's internal security policies.

Security Services
Services provided by a set of security frameworks and performed by means of certain security mechanisms. Such services include, but are not limited to, access control, data confidentiality, and data integrity.

Security
The quality or state of being protected from unauthorized access or uncontrolled losses or effects. Absolute security is impossible to achieve in practice and the quality of a given security system is relative. Within a state-model security system, security is a specific "state" to be preserved under various operations.

Segment - (see data Segment)
In a standard data format, a unit of a message set made up of related data elements.

Segment Delimiter Character
A character that marks the end of information contained in a variable length segment.

Segment Diagram
As related to a standard data format, a diagrammatic representation of a segment in terms of all of its data elements.

Segment Identifier
As related to a standard data format, the code that uniquely identifies a segment. It is contained in a combination of two or three letters or digits occupying the first character positions of the segment.

Segment Requirement Designator
A segment is assigned one of the following two requirement designators defining its need to appear within the message set. The requirement designators shown below are each followed by their code abbreviation in parentheses.Mandatory (M) - this segment shall appear in the message set at least once.

Self-Signed Public Key
A data structure that is constructed the same as a certificate but that is signed by its subject. Unlike a certificate, a self-signed public key cannot be used in a trustworthy manner to authenticate a public key to other parties. A PCA self-signed public key digitally signed by the FR shall constitute a certificate. (Cf., Certificate)

Serial Number
See Certificate Serial number, Card Serial Number

Server
A computer system that responds to requests from client systems.

Session Stealing
See IP Splicing.

SHA-1
Secure Hash Algorithm - a hash function first originated by the US National Security Agency and National Institute of Standards and Technology

Sign
To create a digital signature for a message, or to affix a signatory to a document, depending upon the context.

Signature
A method that is used or adopted by a document originator to identify himself or herself, which is either accepted by the recipient or its use is customary under the circumstances. (Cf., Digital Signature)

SIM
Subscriber Identity Module

Signer
A person who creates a digital signature for a message, or a signature for a document.

Smart Card
A credit-card-sized device with embedded microelectronic circuitry for storing information about an individual. This is not a key or token, as used in the remote access authentication process.

SmartTrust

SMS
Short Message Service is a protocol to transmit short messages in GSM network.

Social Engineering
An attack based on deceiving users or administrators at the target site. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to systems.

Sonera

SmartTrust

SRAM
Static Random Access Memory

SRES
Signed Response

SS#7
Signalling System No. 7

SSH
SSH Communications Security is a provider of IPSEC toolkits and SSH Secure Shell secure administration program.

SSL
Secure Sockets Layer is a protocol that adds cryptographic functions to otherwise insecure web.

Steganography
The hiding of information within other data such as a picture file

streaming
Data is streaming when it's moving quickly from one chunk of hardware to another and doesn't have to be all in one place for the destination device to do something with it. When your hard disk's data is being written to a tape backup device, it's streaming. When you're watching a QuickTime movie on the Internet, it's not streaming, because the movie must be fully downloaded before you can play it.

Subject (of a Certificate)
The holder of a private key corresponding to a public key. The term "subject" can refer to both the equipment or device that holds a private key and to the individual person, if any, who controls that equipment or device. A subject is assigned an unambiguous name which is bound to the public key contained in the subject's certificate.

Subject Name
The unambiguous value in the subject name field of a certificate which is bound to the public key.

Subordinate IA
Within the FINEID PKI architecture's hierarchy of IAs, each IA is either the FR, a PCA, a CA or a "subordinate CA". The subordinate IA of the FR is a PCA; the PCA's subordinate IA is a CA; a CA's subordinate IA is a subordinate CA. If present, a subordinate CA's subordinate IA is yet another subordinate CA. (Cf., Superior IA)

Subscriber Agreement
The agreement executed between a subscriber and an IA for the provision of designated public certification services in accordance with the Certificate Policy.

Subscriber Information
Information supplied to a certification authority as part of a certificate application. (Cf., Certificate Application)

Subscriber
A person who is the subject of, has been issued a certificate, and is capable of using, and authorized to use, the private key that corresponds to the public key listed in the certificate. (See also Subject; cf., Certificate Applicant; User)

Superior IA
Within the FINEID PKI architecture's hierarchy of Issuing Authorities (IA), each IA is either the VR, a PCA, a CA or a "subordinate CA". The superior IA of a subordinate CA is either another subordinate CA or a CA; a CA's superior is a PCA; a PCA's superior is either the FINEID Root (FR), or itself. The FR is its won superior IA. (Cf., Subordinate IA)

Suspend a Certificate
A temporary "hold" placed on the effectiveness of the operation period of a certificate without permanently revoking the certificate. A certificate suspension is invoked by, e.g., a CRL entry with a reason code. (Cf., Revoke a Certificate)

Symmetric Cryptographic Technique Test Certificate
A cryptographic technique that uses the same secret key for both the originator's and the recipient's transformation. A certificate issued by an IA for the limited purpose of internal technical testing. Test certificates may be used by authorized persons only.

Symmetric Cryptography
An algorithm in which the key used for encryption is identical to the key used for decryption.

T

TACS
Total Access Communication System

TCP/IP (Transmission Control Protocol/Internet Protocol)
The means of communication of networks and computers via the Internet

TDMA
Time Division Multiple Access

Telco
Telephone central office, in most usages; but also, a generic abbreviation for "telephone company."

Telecommunication Port
Entry channel through which data is communicated. A port is part of a central computer system.

Telecommunications
A term encompassing transmission or reception of coded signals, writing, sounds or intelligence of any nature by wire, radio, light beam or any other electromagnetic means.

Third Party Service Provider
A company which acts as a communications intermediary between EDI trading partners, providing communications services such as line speed conversion, and protocol matching as well as electronic mailbox, translation, and other services.

Threat
A circumstance or event with the potential to cause harm to a system, including the destruction, unauthorized disclosure, or modification of data and/or denial of service.

Time (Stamp) Service
Attests that an event has happened at a precise instant determined by a synchronized clock.

Time Stamp
A notation that indicates (at least) the correct date and time of an action, and identity of the person or device that sent or received the time stamp.

Time-stamp
(1) To append or attach to a message a digitally signed notation indicating at least the date, time, and identity of the person appending or attaching the notation; or (2) the notation thus appended or attached.

TMSI
Temporary Mobile Subscriber Identity

Token
A "token" is an authentication too, a device utilized to send and receive challenges and responses during the user authentication process. Tokens may be small, hand-held hardware devices similar to pocket calculators or credit cards. See key.

Trading Partners
The entities among which EDI is carried on. This may be either the sender or receiver of information in EDI or all the members within the channel of distribution within an industry. Example, customers, suppliers, carriers, banks.

Transaction Set Diagram
A diagrammatic representation of the segments in a transaction in the order in which they are valid in that transaction.

Transaction Set Header Area
Segments that contain information relating to the entire transaction set.

Transaction Set Header Segment
A data segment which defines the beginning of a transaction.

Transaction Set Identifier
The transaction set identifier is a reference number for the transaction set and is the first data element of the transaction set header segment (ST). This identifier is unique for each transaction set.

Transaction Set Level
Sending, receiving, or processing data for a full transaction set.

Transaction Set Summary Area
Segments that contain information relating to transaction set totals.

Transaction Set Trailer Segment
A segment which defines the end of a transaction set.

Transaction Set
The collection of data that is exchanged in order to convey meaning between the parties engaged in electronic data interchange. A transaction set is composed of a specific group of segments that represent a common business document (for example, a purchase order or an invoice). Each transaction set consists of the transaction set header (ST) as the first segment and contains at least one data segment before the transaction set trailer (SE).

Transaction
An exchange conducted, performed or carried out between two (or more) parties that accomplishes a particular action or result. In communications, a message destined for an application program; a computer-processed task that accomplishes a particular action or result; in interactive communications, an exchange between two devices, one of which is usually a computer; in batch or remote job entry, a job or job step.

Transceiver
A combined transmitter and receiver

Translation Software
A program or group of programs that decode, format, provide for protocol conversion, and may map data between an application data format or a pre-defined fixed-field data format to a standard data format.

Transmission
The dispatching of a signal, message, or other form of intelligence by wire, radio, telegraphy, telephony, facsimile, or other means; a series of characters, messages, or blocks, including control information and user data; the signalling of data over communications channels.

Trojan or trojan horse
A file or program that masquerades as another. Usually of malicious nature and when opened or executed may cause harm to your computer through virus, delete files, or open your system remotely to another user via the internet. Any program designed to do things that the user of the program did not intend to do or that disguises its harmful intent. NEVER open files sent to you or downloaded without first scanning for viruses and trojans with the LATEST update of your computer or virus protection software.

Trust Model
How is trust deployed in given security infrastructure.

Trust
Generally, the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity and an IA. An authenticating entity must be certain that it can trust the IA to create only valid and reliable certificates, and users of those certificates rely upon the authenticating entity's determination of trust. A relationship between two elements, a set of operations and security policy in which element X trusts element Y if and only if X has confidence that Y behaves in a well defined way (with respect to the operations) that does not violate the given security policy.

Trusted Person
A person who serves in a trusted position and is qualified to serve in it in accordance with the Certificate Policy. (Cf., Trust; Trusted position; Trusted Third Party; Trustworthy System)

Trusted Position
A role within an IA that includes access to or control over cryptographic operations that may materially affect the issuance, use, suspension, or revocation of certificates, including operations that restrict access to a repository.

Trusted Root
A trusted root is a public key which has been confirmed as bound to an IA by user or system administrator. Software and system implementing authentication based on public cryptography and certificates assume that this key value has been correctly obtained. It is confirmed by always accessing it from a trusted system repository to which only identified and trusted administrators have modification authorizations.

Trusted Third Party
In general, an independent, unbiased third party that contributes to the ultimate security and trustworthiness of computer-based information transfers. A trusted third party does not connote the existence of a trustor-trustee or other fiduciary relationship. (Cf., Trust). Service or organization, or its agent, trusted by other entities with respect to security-related activities [ISO14516].

TSD
Telephone Security Device

TTP
see Trusted Third Party

Tunneling Router
A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.

Two-Factor Authentication
Two-factor authentication is based on something a user knows (factor one) plus something the user has (factor two). In order to access a network, the user must have both "factors" - just as he/she must have an ATM card and a Personal Identification Number (PIN) to retrieve money from a bank account. In order to be authenticated during the challenge/response process, users must have this specific (private) information.

U

UCC
Abbreviation for Uniform Code Council overseeing the implementation of UPC and related bar code standards within the retail, commercial, and industrial markets. The UCC is also the source and coordinating body for VICS.

Unambiguous Name
See Distinguished Name

UNIRAS
Unified Incident Reporting and Alerting System

User ID
A unique character string that identifies users.

User Identification
User identification is the process by which a user identifies himself to the system as a valid user. (As opposed to authentication, which is the process of establishing that the user is indeed that user and has a right to use the system.)

User
An authorized entity that uses a certificate as applicant, subscriber, recipient or relying party, but not including the IA issuing the certificate. (Cf., Certificate Applicant; Entity; Person; Subscriber)

Utility Software
Programs that make operation of a PC or LAN more convenient, including programs to move disk files more easily, diagnostic programs, etc. Compare with application software.

V

Valid Certificate
A certificate issued by an IA and accepted by the subscriber listed in it.

Validate a Certificate (I.E., of an End-User Subscriber Certificate)
The process performed by a recipient or relying party to confirm that an end-user subscriber certificate is valid and was operational at the date and time a pertinent digital signature was created.

Validation (of Certificate Application) Verifier
The process performed by the IA (or its LRA) following submission of a certificate application as a prerequisite to approval of the application and the issuance of a certificate. An entity which is or represents the entity requiring and authenticated entity [ISO10181b]

VAN
Value Added Network A network whose services go beyond simple switching, providing communication services such as line speed conversion and protocol matching.

Veiled speech
An attempt to protect sensitive information by referring to it indirectly

Verify (a Digital Signature)
In relation to a given digital signature, message, and public key, to determine accurately
- that the digital signature was created during the operational period of a valid certificate by the private key corresponding to the public key contained in the certificate,
- and that the associated message has not been altered since the digital signature was created.

VICS
Abbreviation for Voluntary Inter Industry Communications Standards Committee overseeing the EDI and shipping container standards within the retail industry.

Virtual Network Perimeter
A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks.

Virus
A self-replicating code segment. Viruses may or may not contain attack programs or trapdoors.

VLR
Visited Location Register

VLSI
Very Large Scale Integration Ltd

W

WAP
The Wireless Application Protocol (WAP) is an open, global specification that empowers mobile users with wireless devices to easily access and interact with information and services instantly.

WAV
Pronounced "wave," this is the Windows standard for waveform sound files. WAV files predictably have the extension .wav.

WIG
Wireless Internet Gateway

WML
Wireless Markup Language

WTLS
WAP Transport Layer Security is a protocol that adds cryptographic functions to otherwise insecure WAP.

WWW
Abbreviation for "world wide web". What most users think of when you say "the internet".

X

X.500
CCITT/ITU Recommendation X.500 outlines the behavior of a Directory, which is a logical database information. A Directory can store information on many items, including user addresses and certificates.

X.509
The ITU-T (International Telecommunications Union-T) standard for certificates. X.509 v3 refers to certificates containing or capable of containing extensions.

X12
The ANSI committee responsible for the development and maintenance of standards for Electronic Data Interchange in the US.

X12.5 Interchange Control Structure
This standard provides the interchange envelope of the header and trailer for the electronic interchange through a data transmission, and it provides a structure to acknowledge the receipt and processing of this envelope.

X12.6 Application Control Structure
This standard describes the control segments used to envelope loops of data segments, transaction sets, and groups of related transaction sets.

Y

Z