Internet Security Terms

Authentication: The verification of the identity of a user or host. When you
communicate over a network, authentication ensures that you are
communicating with the intended party and not an imposter.

Encryption : The encoding of data such that only the intended recipient can
read it. Encryption hides the data from eavesdroppers and ensures that only
the intended recipient can read it.

Certificate: A file that contains information about a browser, server, proxy,
or other network entity. It includes identifying information, the entity's public
key, and a signature made by a Certification Authority.

Certification Authority (CA): A trusted third party that uses its private key
to create unique signatures for certificates. It publishes its public key, which
servers and clients can use to verify signatures made by that CA.

Cipher: A mathematical algorithm used for encryption. Some ciphers, such
as those used in software exported from the US, can easily be broken.
Others are strong and cannot be broken using ordinary computing facilities.

Key pair: A matching public and private key, where the private key contains
the prime factors of the number contained in the public key.

Private key: A key that a server or client keeps confidential. Only this key
can decrypt data that is encrypted with its counterpart, the public key.

Public key: A key that a server or client publishes for use by other servers
or clients. Others can use this key to encrypt the data they send to the key's
owner, but no one can use it to decrypt the same data.

Secure server: A server that uses the Secure Sockets Layer (SSL)
protocol to encrypt data for transfer over TCP/IP networks, including the
Internet. Secure servers provide security and privacy on the World Wide
Web.

Session key: A key that both client and server use to encrypt all
transactions for a single session. For each session, the client generates a
session key, encrypts it with the server's public key, and sends it to the
server.

SSL: The Secure Sockets Layer, a protocol developed by Netscape for
authentication and encryption over TCP/IP networks, including the Internet.