Oracle Security Server Guide Release 2.0.3 A54088_01 |
|
The process of proving the identity of a principal.There are three basic ways that you can be authenticated to a computer:
The assurance that a message was transmitted by the sender.
The process of granting permission for a principal to access a resource.
A cryptographic algorithm that operates on plaintext in groups of bits.
A security toolkit sold by RSA that enables the addition of cryptographic security to any application.
See Certification Authority (CA).
Multiple layers of CAs in which each higher level of CAs vouches for the authenticity of the certificates and/or CRLs from the next lower level of CAs.
A formatted data item signed by a trusted party to attest to the validity of the item's information. Public key certificates use a CA's signature to attest that the enclosed public key belongs to the principal identified by the enclosed name.
A list of certificates that have been revoked.
A trusted third party that signs a certificate. In the Oracle Security Server, the Oracle Security Repository serves as the certification authority.
A short piece of data that is added to a message so that the receiver can check to see if the message was distorted during transmission. Alternatively, to generate the checksum. The Oracle Security Server uses the MD5 algorithm to generate a hash value that is used as a checksum.
The encrypted form of data.
See Plaintext.
A computer or a process that wants to use the services of a system facility or a computer.
The assurance that only an authorized receiver can read a message.
A term used within the Oracle Security Server Manager to refer to an X.509 certificate associated with a particular entity.
See Certificate Revocation List (CRL).
The art and science of breaking ciphertext.
A person who performs cryptanalysis.
A person involved in cryptography.
A general procedure for transforming data from plaintext to ciphertext and back again.
The science of providing security for information through the reversible transformation of data.
A branch of mathematics that encompasses both cryptography and cryptanalysis.
The combination of a cryptographic algorithm and all possible plaintexts, ciphertexts, and keys.
A computer or a process that accepts and processes requests for database information from clients.
See DES.
To reverse the encryption process: in other words, to restore ciphertext to its original form so that the original message is easily readable.
A block cipher that uses a 56-bit key to encrypt or decrypt data in 64-bit blocks.
A checksum or hash of a message encrypted with the sending party's private key. The signature is added to the message; the receiving party can use the signature to receive assurance that the original data was not modified in transit and to verify that the data came from the nominal sender.
A string that uniquely identifies a principal, a role, or a path.
To transform data so that it is unreadable by anyone without the correct decryption key. Encrypted data is also called ciphertext.
The process of making a principal known to a particular application. For example, in the Oracle Security Server, enrollment occurs when a principal's identity is added to the Oracle Security Server Repository, a database server for security data.
A role that a global user can perform across multiple Oracle8 databases.
A person, an object, or an event about which information is stored in a database. For example, in the Oracle Security Server, communicating parties such as users and principals are entities.
A user who needs access to more than one Oracle8 database.
A function that takes a variable-length input string and converts it to a fixed-length output string.
The output string from a hash function. See also Message Digest.
A block cipher that uses a 128-bit key to encrypt or decrypt data in 64-bit blocks.
A representation of any entity that does business with the Oracle Security Server.
The assurance that a message will not be deleted or altered without explicit authorization that the message's sender.
See IDEA.
A hashing algorithm that compresses a message of arbitrary length into a 128-bit message digest.
The output string from a hash function. See also Hash Value.
See MD5.
A process whereby two communicating parties authenticate each other.
A unique character string, which usually includes the current date and time, that is only used once.
The condition established by a digital signature under which the sender of a message cannot later claim that it did not send the message.
A hash function that works in one direction: it is easy to compute a hash value from a pre-image, but it is hard to generate a pre-image that hashes to a particular value.
The component of the Oracle Security Server that interfaces with the Oracle Security Repository and oversees the authentication and authorization processes.
The component of the Oracle Security Server that enables administrators to add, modify, and delete information in the Oracle Security Repository.
The component of the Oracle Security Server that stores certificates and roles.
The unencrypted, readable form of data.
The input string to a hash function.
A communicating party that has been enrolled in the Oracle Security Server.
The ability to keep anyone but the intended recipient from reading a given message.
An encryption key that is used only by a limited number of communicating parties, because it needs to be kept secret.
A type of cryptography that is based on a single key.
A technique for encrypting information such that the same key is used in encrypting and decrypting a given message.
Authorization for an entity to perform certain actions on certain programs or objects. For example, John may have the SELECT privilege on table EMP within database ITR.
The key that is distributed to parties that wish to communicate with the owner of the private key.
A type of cryptography that is based on public/private key pairs.
A technique for encrypting information such that the key used to decrypt the message is different from the key used to encrypt the message.
A stream cipher that uses a key of any length between 1 and 2048 bits inclusive to encrypt or decrypt a block of text of arbitrary length.
A collection of one or more privileges.
A public-key cryptosystem that can be used for both encryption and authentication; also, the name of the company that owns the cryptosystem.
A computer or a process that accepts and processes requests from clients. In Oracle documentation, "server" often refers to the Oracle database server.
A role that has been "identified globally" at an Oracle8 Server.
A key that is used to encrypt and/or decrypt the data transmitted during one and only one communication session.
To add a digital signature to a message.
See Digital Signature.
A system capability that enables users to access a number of applications without having to log on and/or present a password to each application.
A cryptographic algorithm that operates on plaintext one bit or byte at a time.
With regard to a cryptographic algorithm, the difficulty an attacker would have deriving plaintext input to that algorithm from the ciphertext output from that algorithm without prior knowledge of the key.
A security toolkit sold by RSA that enables the addition of cryptographic security to mail and other messaging applications.
One or more identities that are considered trustworthy and that can be used to validate other identities. Also, the certificate of a CA, which has been signed by a CA that is higher in the CA hierarchy and theoretically more trustworthy. Also, the CA itself.
To determine that the signer of a digital signature is legitimate.
To check to see if the data in a signed message has not been changed and that the data came from the nominal sender.
A data structure that contains an X.509 certificate and a public/private key pair.
A server that receives anonymous requests from unauthenticated hosts on the Internet and delivers requested information in a quick and efficient manner.
ITU-T Recommendation X.500 [CCI88c], which defines a directory service.
ITU-T Recommendation X.509 [CCI88c], a subset of X.500 that specifies the syntax used within Oracle Security Server digital certificates.