Oracle Security Server Guide
Release 2.0.3

A54088_01

Library

Product

Contents

Index

Prev Next


Glossary

Asymmetric Cryptography

See Public-Key Cryptography.

Authentication

The process of proving the identity of a principal.There are three basic ways that you can be authenticated to a computer:

Authenticity

The assurance that a message was transmitted by the sender.

Authorization

The process of granting permission for a principal to access a resource.

Block Cipher

A cryptographic algorithm that operates on plaintext in groups of bits.

BSAFE

A security toolkit sold by RSA that enables the addition of cryptographic security to any application.

CA

See Certification Authority (CA).

CA Hierarchy

Multiple layers of CAs in which each higher level of CAs vouches for the authenticity of the certificates and/or CRLs from the next lower level of CAs.

Certificate

A formatted data item signed by a trusted party to attest to the validity of the item's information. Public key certificates use a CA's signature to attest that the enclosed public key belongs to the principal identified by the enclosed name.

Certificate Revocation List (CRL)

A list of certificates that have been revoked.

Certification Authority (CA)

A trusted third party that signs a certificate. In the Oracle Security Server, the Oracle Security Repository serves as the certification authority.

Checksum

A short piece of data that is added to a message so that the receiver can check to see if the message was distorted during transmission. Alternatively, to generate the checksum. The Oracle Security Server uses the MD5 algorithm to generate a hash value that is used as a checksum.

Cipher

See Cryptographic Algorithm.

Ciphertext

The encrypted form of data.

Cleartext

See Plaintext.

Client

A computer or a process that wants to use the services of a system facility or a computer.

Confidentiality

The assurance that only an authorized receiver can read a message.

Credentials

A term used within the Oracle Security Server Manager to refer to an X.509 certificate associated with a particular entity.

CRL

See Certificate Revocation List (CRL).

Cryptanalysis

The art and science of breaking ciphertext.

Cryptanalyst

A person who performs cryptanalysis.

Cryptographer

A person involved in cryptography.

Cryptographic Algorithm

A general procedure for transforming data from plaintext to ciphertext and back again.

Cryptography

The science of providing security for information through the reversible transformation of data.

Cryptology

A branch of mathematics that encompasses both cryptography and cryptanalysis.

Cryptosystem

The combination of a cryptographic algorithm and all possible plaintexts, ciphertexts, and keys.

Database Server

A computer or a process that accepts and processes requests for database information from clients.

Data Encryption Standard (DES)

See DES.

Decrypt

To reverse the encryption process: in other words, to restore ciphertext to its original form so that the original message is easily readable.

DES

A block cipher that uses a 56-bit key to encrypt or decrypt data in 64-bit blocks.

Digital Signature

A checksum or hash of a message encrypted with the sending party's private key. The signature is added to the message; the receiving party can use the signature to receive assurance that the original data was not modified in transit and to verify that the data came from the nominal sender.

Distinguished Name (DN)

A string that uniquely identifies a principal, a role, or a path.

DN

See Distinguished Name (DN).

Encrypt

To transform data so that it is unreadable by anyone without the correct decryption key. Encrypted data is also called ciphertext.

Enrollment

The process of making a principal known to a particular application. For example, in the Oracle Security Server, enrollment occurs when a principal's identity is added to the Oracle Security Server Repository, a database server for security data.

Enterprise Authorization

A role that a global user can perform across multiple Oracle8 databases.

Entity

A person, an object, or an event about which information is stored in a database. For example, in the Oracle Security Server, communicating parties such as users and principals are entities.

Global User

A user who needs access to more than one Oracle8 database.

Hash Function

A function that takes a variable-length input string and converts it to a fixed-length output string.

Hash Value

The output string from a hash function. See also Message Digest.

Hybrid Cryptosystem

A cryptographic system in which two parties who wish to communicate with each other use a public-key encryption algorithm to authenticate each other and a more streamlined private-key algorithm to transmit bulk data.

IDEA

A block cipher that uses a 128-bit key to encrypt or decrypt data in 64-bit blocks.

Identity

A representation of any entity that does business with the Oracle Security Server.

Integrity

The assurance that a message will not be deleted or altered without explicit authorization that the message's sender.

International Data Encryption Algorithm (IDEA)

See IDEA.

Key

A variable parameter of a cryptographic algorithm.

MD5

A hashing algorithm that compresses a message of arbitrary length into a 128-bit message digest.

Message Digest

The output string from a hash function. See also Hash Value.

Message Digest 5 (MD5)

See MD5.

Mutual Authentication

A process whereby two communicating parties authenticate each other.

Nonce

A unique character string, which usually includes the current date and time, that is only used once.

Nonrepudiation

The condition established by a digital signature under which the sender of a message cannot later claim that it did not send the message.

One-Way Hash Function

A hash function that works in one direction: it is easy to compute a hash value from a pre-image, but it is hard to generate a pre-image that hashes to a particular value.

Oracle Security Server Authentication Adapter

The component of the Oracle Security Server that interfaces with the Oracle Security Repository and oversees the authentication and authorization processes.

Oracle Security Server Manager

The component of the Oracle Security Server that enables administrators to add, modify, and delete information in the Oracle Security Repository.

Oracle Security Server Repository

The component of the Oracle Security Server that stores certificates and roles.

Plaintext

The unencrypted, readable form of data.

Pre-Image

The input string to a hash function.

Principal

A communicating party that has been enrolled in the Oracle Security Server.

Privacy

The ability to keep anyone but the intended recipient from reading a given message.

Private Key

An encryption key that is used only by a limited number of communicating parties, because it needs to be kept secret.

Private-Key Cryptography

A type of cryptography that is based on a single key.

Private-Key Encryption

A technique for encrypting information such that the same key is used in encrypting and decrypting a given message.

Privilege

Authorization for an entity to perform certain actions on certain programs or objects. For example, John may have the SELECT privilege on table EMP within database ITR.

Public Key

The key that is distributed to parties that wish to communicate with the owner of the private key.

Public-Key Cryptography

A type of cryptography that is based on public/private key pairs.

Public-Key Encryption

A technique for encrypting information such that the key used to decrypt the message is different from the key used to encrypt the message.

RC4

A stream cipher that uses a key of any length between 1 and 2048 bits inclusive to encrypt or decrypt a block of text of arbitrary length.

Role

A collection of one or more privileges.

RSA

A public-key cryptosystem that can be used for both encryption and authentication; also, the name of the company that owns the cryptosystem.

Secret-Key Cryptography

See Private-Key Cryptography.

Server

A computer or a process that accepts and processes requests from clients. In Oracle documentation, "server" often refers to the Oracle database server.

Server Authorization

A role that has been "identified globally" at an Oracle8 Server.

Session Key

A key that is used to encrypt and/or decrypt the data transmitted during one and only one communication session.

Sign

To add a digital signature to a message.

Signature

See Digital Signature.

Single Sign-On

A system capability that enables users to access a number of applications without having to log on and/or present a password to each application.

Stream Cipher

A cryptographic algorithm that operates on plaintext one bit or byte at a time.

Strength

With regard to a cryptographic algorithm, the difficulty an attacker would have deriving plaintext input to that algorithm from the ciphertext output from that algorithm without prior knowledge of the key.

Symmetric-Key Cryptography

See Private-Key Cryptography.

TIPEM

A security toolkit sold by RSA that enables the addition of cryptographic security to mail and other messaging applications.

Trustpoint

One or more identities that are considered trustworthy and that can be used to validate other identities. Also, the certificate of a CA, which has been signed by a CA that is higher in the CA hierarchy and theoretically more trustworthy. Also, the CA itself.

Validate

To determine that the signer of a digital signature is legitimate.

Verify

To check to see if the data in a signed message has not been changed and that the data came from the nominal sender.

Wallet

A data structure that contains an X.509 certificate and a public/private key pair.

Web Server

A server that receives anonymous requests from unauthenticated hosts on the Internet and delivers requested information in a quick and efficient manner.

X.500

ITU-T Recommendation X.500 [CCI88c], which defines a directory service.

X.509

ITU-T Recommendation X.509 [CCI88c], a subset of X.500 that specifies the syntax used within Oracle Security Server digital certificates.




Prev

Next
Oracle
Copyright © 1997 Oracle Corporation.

All Rights Reserved.

Library

Product

Contents

Index