|
|
GlossaryA B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Access
Control
BCD
Calibration
Data
Encryption Standard (DES)
Element
Manager (ENMTMS)
Identity
Certificate
Key
L1 Band, L2
Band
Message
Authentication Code (MAC)
National
Measurement Institute (NMI)
OCSP
PCI
RA
SHA-1
TCCert
W3C
X.509
Access Control
ACTS Automated Computer Time System, a NIST service that provides announced time via telephone. Advanced Encryption Standard (AES) Developed by NIST and private companies, this standard is 256-bit based and is a stronger defense for sensitive material when compared to 40-bit or 128-bit. Algorithm A clearly specified mathematical process for computation, or a set of rules which, if followed, will give a prescribed result. ANSI American National Standards Institute, the organization responsible for approving US standards in many categories, including computers and communications. Standards approved by this organization are often called ANSI standards. Antiwarrant Attribute certificate that has the same expire date as its valid date; in other words, it was never valid. This is still sent, at times, because it contains other information that the system needs. See also Warrant API Application Program Interface. This interface allows software developers to write their software so that it can communicate with the computer's operating system or other programs. ASCII American Standards Code Information Interchange, a code in which each alphanumeric character is represented as a number from 0 to 127, in binary code so the computer can understand it. Its simplicity allows diverse computers to understand one another. ATM Asynchronous Transfer Mode, or ATM switching. This is a type of packet switching that makes it possible to transmit data at high speeds over a network. It also allows dynamic allocation of bandwidth, meaning users get only the bandwidth they need and are charged accordingly. Attribute Certificate A type of certificate that emphasizes certification of access rights and constraints. This is in contrast to Identity Certificate, which binds a distinguished name (DN) and a public key. Commonly, attribute certificates are issued with short validity periods and do not contain a public key value. Audit Trail A series of events, usually kept in and managed by a computer-based log, that give proof of a defined activity. Authentication The process by which people (or applications) who receive a certificate can verify the identity of the certificate's owner and the validity of the certificate. Certificates are used to identify the author of a message or an entity such as a Web server or StampServer. Authorization The granting of access rights to a user, program, or process. Once you have authenticated a user, the user may be allowed different types of access or activity. BCD Binary Coded Decimal. Also called packed decimal, this is the representation of a number by using 0s and 1s, or four-bit binary numbers. So the number 29 would be encoded as 0010 1001. Bureau International de l'Heure (BIPM) The worldwide organization that coordinates standard frequencies and time signals, the BIPM maintains Coordinated Universal Time (UTC). Calibration To fix the graduations of time measurement against the established national standard, including any periodic corrections that should be made. CDMA Code Division Multiple Access, a technique of multiplexing also called spread spectrum, in which analog signals are converted into digital form for transmission. CDSA Common Data Security Architecture describes the security structure for the entire network. It is unique to each network because security is managed differently for each. Certificate Certificates are used to verify the identity of an individual, organization, Web server, or hardware device. They are also used to ensure non-repudiation in business transactions, as well as enable confidentiality through the use of public-key encryption. Certificate Authority (CA) A trusted entity that issues a certificate after verifying the identity of the person or program or process that the certificate is intended to identify. A CA also renews and revokes certificates, and at regular intervals generates a list of revoked certificates. Certificate Extension An extension of the X.509 standard that lets the certificate hold additional identifying information. Certification Path A specified sequence of issued certificates necessary for the user to get their key. Certificate Request (CR) A request containing a user's public key, distinguished name (DN), and other data that is submitted to a Certificate Authority (CA) in order to receive a certificate. Certification Revocation List (CRL) CRLs list certificates that have been revoked by a particular CA. Revocation lists are vital when certificates have been stolen, for example. Confidentiality Keeping secret data from unauthorized eyes. Content Filtering A filter that screens out data by checking (for example) URLs or key words. Coordinated Universal Time (UTC) The international time standard is called Coordinated Universal Time or, more commonly, UTC, for "Universal Time, Coordinated". This standard has been in effect since being decided on in 1972 by worldwide representatives within the International Telecommunication Union. UTC is maintained by the Bureau International de l'Heure (BIPM) which forms the basis of a coordinated dissemination of standard frequencies and time signals. The acronyms UTC and BIPM are each a compromise among all the participating nations. Credential(s) Much like a photo ID or birth certificate, electronic credentials are recognized as proof of a party's identity and security level. Examples: certificate, logon ID, secure ID, and so forth. Cross-Certificate Two or more Certificate Authorities (CAs) can issue certificates (cross-certificates) to establish a trust relationship between themselves. Cryptography See Encryption Data Encryption Standard (DES) Encryption method in which both the sender and receiver of a message share a single key that decrypts the message. Symmetricom Secure Network Time Protocol (DS/NTP) The protocol created by Symmetricom, based on NTP, that includes additional security features. DCLS Direct Current Level Shift, or digital IRIG. See also IRIG Decryption The transformation of unintelligible data ("ciphertext") into original data ("clear text"). Denial of Service When a network is flooded with traffic through any of a variety of methods, the systems cannot respond normally, so service is curtailed or denied. This is a favorite technique of network saboteurs. DHCP Dynamic Host Configuration Protocol is a standards-based protocol for dynamically allocating and managing IP addresses. DHCP runs between individual computers and a DHCP server to allocate and assign IP addresses to the computes as well as limit the time for which the computer can use the address. Diffie-Hellman A key-agreement algorithm used to create a random number that can be used as a key over an insecure channel. Digital Certificates Digital Certificates are issued by a Certificate Authority (CA), which verifies the identification of the sender. The certificate is attached to an electronic message, so the recipient knows the sender is really who they claim to be. Digital Fingerprint Similar to digital signature, a digital fingerprint is the encryption of a message digest with a private key. Digital Signature Like a digital certificate, a digital signature is a data string that is verified by a Certificate Authority, and is attached to an electronic message so that it can verify that the sender is really who they claim to be. The difference between a digital certificate and a digital signature is found in how the message is encrypted and decrypted. Digital Signature Algorithm (DSA) The asymmetric algorithm that is at the core of the digital signature standard. Digital Signature Standard (DSS) A National Institute of Standards and Technology (NIST) standard for digital signatures, used to authenticate both a message and the signer. DSS has a security level comparable to RSA (Rivest-Shamir-Adleman) cryptography, having 1,024-bit keys. Digital Time-Stamp See Time-stamp Directory The directory is the storage area for network security information such as keys or server names. DSA Digital Signature Algorithm. DSA is a public-key method based on the discrete logarithm problem. DS/NTP Symmetricom Secure Network Time Protocol, the protocol created by Symmetricom, based on NTP, that includes additional security features. DTT Symmetricom Temporal Token Element Manager (ENMTMS) Software that manages the components of an application. Encryption The transformation of clear data (clear text) into unintelligible data (ciphertext). Asymmetric encryption, also known as public key encryption, allows for the trading of information without having to share the key used to encrypt the information. Information is encrypted using the recipient's public key and then the recipient decrypts the information with their private key. Symmetric encryption, also known as private key encryption, allows information to be encrypted and decrypted with the same key. Thus the key must be shared with the decrypting party--but anyone who intercepts the key can also use it. Ephemeris Time Time obtained from observing the motion of the moon around the earth. FIPS Federal (US) Information Processing Standards are a set of standards for document processing and for working within documents. Some commonly-used FIPS standards are 140-1, 140-2, and 180. Firewall Firewalls are software and hardware systems that define access between two networks, offering protection from outside data that could be harmful, such as a virus sent via the Internet. GMT Greenwich Mean Time, the mean solar time of the meridian of Greenwich, England, used until 1972 as a basis for calculating standard time throughout the world. GPS Global Positioning System. The GPS is a constellation of 24 or more US Department of Defense satellites orbiting the earth twice a day. Hack/crack "Hackers" are unauthorized programmers who write code that enables them to break into a computer network or program. "Crackers" are unauthorized programmers whose goal it is to break into computer networks or programs protected by security software or hardware. Hash Also called "hash function" or hashing, used extensively in many encryption algorithms. Hashing transforms a string of characters usually into a shorter, fixed-length value or key. Information in a database is faster to search when you use a hashed key, than if you were to try to match the original data. HTML HyperText Markup Language, the computer language used to create pages for the World Wide Web. HTTP HyperText Transfer (or Transport) Protocol, the protocol most often used to transfer information from World Wide Web servers to users of the Web. HTTPS HTTP over an SSL connection. Identity Certificate Also called Digital Certificates. The hash creates a message digest based on the contents of the message. The message is then encrypted using the publisher's private key, then it is appended to the original message. IEEE Institute of Electrical and Electronic Engineers, an international organization that sets standards for electrical and computer engineering. IETF Internet Engineering Task Force, an international organization which sets standards for Internet protocols in their Request for Comment (RFC) papers. These papers are numbered (RFC 1305, RFC 868, and so on) and are referred to by engineers worldwide as they work on technologies that support IETF standards. IKE Internet Key Exchange, a security system that uses a private key and an exchange key that encrypts private keys. Passwords are delivered via the Internet. In-band Authentication When you use PKI for authentication, which involves public keys and a private key, it is called in-band authentication. See also Out-of-band authentication Integrity Data that has retained its integrity has not been modified or tampered with. IPSec Internet Protocol Security describes the IETF protocols that protect the secure exchange of packets on the IP layer. IRIG InteRange Instrumentation Group is an analog standard for serial time formats. Irrefutable See Non-repudiation ITU International Telecommunications Union, the international organization that sets standards for data communication. Key An alphanumeric string that encrypts and decrypts data. Key Escrow A secure storage maintained by a trusted third party, which holds keys. Key Generation Creation of a key. Key Management The process by which keys are created, authenticated, issued, distributed, stored, recovered, and revoked. Key Pair Two integrated keys: one public, one private. Key Recovery The process of recovering a private decryption key from a secure archive for the purposes of recovering data that has been encrypted with the corresponding encryption key. L1 Band, L2 Band Each Navstar GPS satellite currently transmits in two dedicated frequency bands: L1 and L2, which is centered on 1227.6 MHz. L1 carries one encrypted signal, as does L2, both being reserved for the military. L1 also carries one unencrypted signal, for civilian use. LDAP The Lightweight Directory Access Protocol is the standard Internet protocol for accessing directory servers over a network. Leap Seconds Today's scientists and engineers have perfected clocks based on a resonance in cesium atoms to an accuracy of better than one part in 10 trillion. These clocks keep pace with each other to within one two- or three-millionth of a second over a year's time. The earth, on the other hand, might randomly accumulate nearly a full secondís error during a given year. To keep coordinated with the rotation of the earth, this error is added to (or deleted from) UTC time as a leap second, on the last day of the June or December in that year. MD5 An algorithm for creating a cryptographic hash (or "fingerprint") of a message or of data. Message Authentication Code (MAC) A MAC is a function that takes a variable length input and a key to produce a fixed-length output. Message Digest The hash of a message. See also Hash MIB Management Information Base, a database on the network that tracks, records, and corrects performance for each device on the network. MTBF Mean Time Between Failure, a measure of reliability. The longer the time span between failures, the more reliable the device. Multiplexing Process during which two or more signals are combined into one; at the other end, signals are "unbundled" by a demultiplexer. TDM is Time Division Multiplexing, FDM is Frequency Division Multiplexing, and CDMA is Code Division Multiple Access. National Measurement Institute (NMI) Also known as National Metrology Institute(s), the national authority in each country that is usually recognized as the source of official time. Network Time Management System (NTMS) Symmetricom's architecture for the use of its Trusted Time product. NIST National Institute of Standards and Technology, the National Measurement Institute in the United States. NIST produces standards for security and cryptography in the form of FIPS documents. NOC A Network Operations Center is a central point of network management within a large-scale data network. Non-repudiation The Trusted Time time-stamp creates an evidentiary trail to a reliable time source that prevents a party in a transaction from later denying when the transaction took place. Notarization Certification of the identity of the party in a transaction based on identifying credentials. NTMS Network Time Management System is a Symmetricom network management platform that provides secure management of Trusted Time infrastructure devices. NTP Network Time Protocol is a protocol that provides a reliable way of transmitting and receiving the time over the TCP/IP networks. The NTP, defined in IETF RFC 1305, is useful for synchronizing the internal clock of the computers to a common time source. OCSP Online Certificate Status Protocol, a protocol defined in RFC 2560, enables applications to check the status of a certificate every time the certificate is used. OID Object Identifier Online validation A way of validating a key each time before it is used to verify that it has not expired or revoked. OSI Operations System Interface Out-of-band Authentication When authentication is performed using relatively insecure methods, such as over the telephone, it is called out-of-band authentication. In-band authentication, which uses PKI, is preferred. See also In-band Authentication PCI Peripheral Component Interconnect, a local bus that supports high-speed connection with peripherals. It plugs into a PCI slot on the motherboard. PKCS Public Key Cryptography Standards. These standards allow compatibility among different cryptographic products. PKI Public Key Infrastructure. The PKI includes the Certificate Authority (CA), key directory, and management. Other components such as key recovery and registration may be included. The result is a form of cryptography in which each user has a public key and a private key. Messages are sent encrypted with the receiver's public key; the receiver decrypts them using the private key. PKI Certificate See Digital certificate. PKIX Extended Public Key Infrastructure, or PKI with additional features approved by the IETF Policy A company's security policy. Private Key This is a secret key, known only by the parties involved in a transaction. PSTN Public Switched Telephone Network, a voice and data communications service for the general public which uses switched lines. Public Key Messages are sent encrypted with the recipient's public key, which is known to others; the recipient decrypts them using their private key. Public Key Certificate Certificate in the form of data that holds a public key, authentication information, and private key information. RA A Registration Authority does not issue certificates, but does the required identification for certain certificate data. Resolution Resolution of a time code refers to the smallest increment of time, whether it is days, hours, seconds, or other. Revocation The withdrawing of a certificate by a Certificate Authority before its expiration date or time. Also see Certificate Revocation List (CRL) Risk Management The tasks and plans that help avoid security risk, and if security is breached, helps minimize damage. Root CA A Certificate Authority (CA) whose certificate is self-signed; that is, the issuer and the subject are the same. A root CA is at the top of a hierarchy. Root Trust Time Services (RTTS) End-user organizations who provide time calibration and auditing services. RSA The RSA (Rivest-Shamir-Andleman) algorithm is a public-key encryption technology developed by RSA Data Security, Inc. SHA-1 Secure Hash Algorithm is an algorithm developed by the US National Institute of Standards and Technology (NIST). SHA-1 is used to create a cryptographic hash of a message of data. It has a larger message digest, so it is considered to be somewhat stronger than MD5. Smart card A card the size of a credit card, which holds a microprocessor that stores information. S/MIME Secure Multipurpose Internet Mail Extensions. The standard for secure messaging. SNMP Simple Network Management Protocol is the Internet standard protocol for network management software. It monitors devices on the network, and gathers device performance data for management information (data)bases ("MIB"). Solar Time Time based on the revolution of the earth around the sun. SSL Secure Sockets Layer, a protocol that allows secure communications on the World Wide Web/Internet. SSL Client Authentication Part of the SSL "handshake" process, when the client responds to server requests for a key. SSL Server Authentication Part of the SSL "handshake" process, when the server informs the client of its certificate (and other) preferences. SSL-LDAP Secure Sockets Layer-Lightweight Directory Access Protocol. Stratum Levels These are standards set by Network Time Protocol RFC 1305. The highest level are Stratum 0 devices such as GPS, which get their time from a primary time source such as a national atomic clock. Stratum 1 servers, such as TymServe, source their time from a Stratum 0 device. Stratum 2 and beyond obtain their time from Stratum 1 servers. The further away a network is from a primary source, the greater the chance of signal degradations due to variations in communications lines and other factors. Sysplex Timer The Sysplex Timer provides a synchronized Time-of-Day clock for multiple attached computers. TCCert Time Calibration Certificate TCP/IP A mainstay of the Internet, the Transmission Control Protocol (TCP) provides dependable communication and multiplexing. It is connection-oriented, meaning it requires a connection be established data transfer. It sits on top of the Internet Protocol (IP), which provides packet routing. This is connectionless, meaning each data packet has its source and destination data embedded, so it can bounce around a network and still get to its destination. Telnet Telnet is a terminal emulation application protocol that enables a user to log in remotely across a TCP/IP network to any host supporting this protocol. The keystrokes that the user enters at the computer or terminal are delivered to the remote machine, and the remote computer response is delivered back to the user's computer or terminal. TFTP Trivial File Transfer Protocol is a UDP-based, connectionless protocol. Time-Stamp A record mathematically linking a piece of data to a time and date. Time-Stamp Request (TSR) The client computer or application sends a time-stamp request to a stamp server. Time-Stamp Token The essential part of the time-stamp. It contains the time, the message digest, the message imprint (hash), and it is signed to verify the accuracy of that time. In detail, it is a signed data object where the encapsulated content is a TSTInfoObject, thus it verifies the stamp as coming from the device you submitted it to, and it is bound to the file you are working with. Time-Stamping Authority (TSA) An authorized device that issues time-stamps, and its owner. TLS Transport Layer Security, security that protects the OSI layer that is responsible for reliable end-to-end data transfer between end systems. Token See Time-Stamp Token Tool Box A group of software applications that have similar functions. TPC Third Party Certificate See also Certificate TPCA Third Party Certification/Certificate Authority. See also Certificate Authority Traceability Traceability infers that the time standard used on the time-stamp server was set using time directly or indirectly from a National Measurement Institute. Transaction An activity, such as a request or an exchange. Triple-DES Also called Triple Data Encryption Algorithm (TDEA), Data Encryption Standard is an algorithm that encrypts blocks of data. Trust In the network security context, trust refers to privacy (the data is not viewable by unauthorized people), integrity (the data stays in its true form), non-repudiation (the publisher cannot say they did not send it), and authentication (the publisher--and recipient--are who they say they are). Trusted Time (TT) Symmetricom's family of products that produce accurate and auditable time-stamps. Trusted Time Infrastructure (TTI) The internal architecture of Symmetricom's Trusted Time products. Trusted Time MasterClock (TMC) Symmetricom's Trusted MasterClock is a rubidium-based master clock synchronized to UTC time and certified by a National Measurement Institute (NMI). Trusted Time NMIServer Symmetricom's NMI Trusted Time Server, or NMIServer, is a standalone secure server based on the Trusted MasterClock, which is dedicated to the creation of trusted UTC time at the National Measurement Institute (NMI). Trusted Time Products (TTP) The family of Symmetricom's Trusted Time products, including the Network Time Management System, Trusted MasterClock, Trusted Time StampServer, and Trusted Time application software. Trusted Time StampServer (TSS) Symmetricom's Trusted Time StampServer (TSS) services time-stamp requests from applications, transactions, or computer logs. TSP Time-Stamp Protocol TTDS Trusted Time Distribution Service UDP/IP User Datagram Protocol/Internet Protocol is a communications protocol that provides service when messages are exchanged between computers in a network that uses the Internet Protocol. It is an alternative to the Transmission Control Protocol. USNO U.S. Naval Observatory, in Washington, D.C., where the atomic clock that serves as the official source of time for the United States is maintained. Vault Secure data storage facility. Verification The process of making sure the identity of the parties involved in a transaction is what they claim it to be. Virus An unwanted program that hides "behind" legitimate code, and which is activated when the legitimate program is activated. VPN Virtual Private Network, a way that authorized individuals can gain secure access to an organization's intranet, usually via the Internet. W3C The World Wide Web Consortium, based at the Massachusetts Institute of Technology (MIT), is an international organization which creates standards for the World Wide Web. Warrant An attribute certificate that attests to the time of the device. It is used to adjust the clock. See also PKI certificate Wireless Application Protocol (WAP) Wireless Application Protocol, a worldwide standard for applications used on wireless communication networks. WPKI Wireless Public Key Infrastructure WTLS Wireless Transport Layer Security X.509 The ITU's X.509 standard defines a standard format for digital certificates, the most-widely used PKI standard. X.509 v3 Certificate Extension The X.509 standard with extended features approved by the IETF. |
White Papers
|
Solutions
|
Application Notes
|
Testimonials
|
Customer List
|
Regulatory Issues
|
Glossary
|
Site Map
© Symmetricom 2008 All Rights Reserved - Privacy Statement - Disclaimer Web Code: 100 |