Term
| Certificate revocation list (CRL) |
|
Definition
| A list of certificates that have been revoked and therefore no longer valid |
|
|
Term
| Certification authority (CA) |
|
Definition
| An independent trusted third party that issues digital certificate, certifying the public key of an owner entity |
|
|
Term
| Certification infrastructure |
|
Definition
| Two main components of public key infrastructure (PKI): public key cryptology and certification infrastructure. An infrastructure si a network that runs behind the scene, almost transparent to the user to a point where the user is likely to take it for granted. A public key infrastructure has two major components: public key cryptography (PKC) and the certification infrastructure. A certification infrastructure is designed using a trust model. Beginning with the highest level, called root certification authority, the chain of trust is typically organized in a hierarchy of certification authorities. Thus, the trust in the public key of an entity stems from the root, extending across the entire hierarchy. |
|
|
Term
|
Definition
| A certificate that uses a digital signature to bind together a public key with the owner equity |
|
|
Term
|
Definition
| An encryption of the message, or any part thereof, by sender using the sender's private key |
|
|
Term
|
Definition
| More like several independent hierarchies, each with its own root CA, often called a peer CA. Because entities that communicate may belong to separate hierarchies under different root CAs, peer CAs must coordinate the certification process across these hierarchies |
|
|
Term
|
Definition
| The top node is called the root CA, who certifies at a level immediately below the root. IN turn, these CAs certify CAs below their level and so on. Ultimately, the final level of CAs certifies the end entitites that are not CAs |
|
|
Term
|
Definition
| An electronic certificate that binds (links or associates) an entity's name with the entity's public key |
|
|
Term
|
Definition
| An approach to cryptography that uses a pair of related keys, a public and a private key |
|
|
Term
| Public key infrastructure (PKI) |
|
Definition
| An infrastructure that permits use of public keys, digital signatures, and public key certificates throughout the system |
|
|
Term
| Registration authority (RA) |
|
Definition
| An agent, appointed by a certification authority, for receiving applications and conducting initial review of applications |
|
|
Term
|
Definition
| PKC technology allows two entities that establish communication to create their own one-time secret session key, a symmetric key that is never transmitted explicitly and is used only during a single communication session. Compared to a "permanent" secret key, this would be a string of random characters comprising a one-time key determined at the beginning of the session. A key agreement method, such as Diffie-Hellman Key Agreement protocol, is used to accomplish the process. |
|
|
Term
|
Definition
| Depending on the risk involved due to the purpose on hand, one would set a threshold trust level that needs to be sought. Presumably, seeking higher levels of trust costs more; consequently, an attempt should be made to match the value of the level of trust desired and the cost of obtaining it. The need for trusting the same entity can also be different. |
|
|
Term
|
Definition
| Also known as web of trust model, relies on the user to act as a de facto CA. That is, the user decides whether to accept or reject a particular certificate. |
|
|
Term
|
Definition
| Actually a specific case of a distributed trust model implemented by storing public keys of root CAs in widely used browsers. The browser vendor acts as its own root, in turn certifying the root CAs |
|
|
Term
|
Definition
| A user-centric trust model, also known as web of trust model, relies on the user to act as a de facto CA. That is, the user decides whether to accept or reject a particular certificate. |
|
|
