Skip Header Navigation
[an error occurred while processing this directive]

[an error occurred while processing this directive]

Glossary

Algorithm

A procedure, formula or list of instructions that can be used to accomplish a task or to solve a problem. In mathematics and computer science, an algorithm is usually a procedure used to solve a recurring problem.

Authentication

The process by which individuals and organizations verify each other's identity during the exchange of sensitive and confidential information: on secure websites, customers are usually authenticated using IDs and passwords. Customers can ensure that they are dealing with the party they intend to communicate with by examining the secure website's security certificate.

 

Browser

A software application that interfaces with the Internet and provides a way to locate, display and interact with web pages. Examples include Microsoft Explorer, Netscape, Safari and Firefox.

Cable Modem

Devices that provide high-speed Internet access using cable television networks. Like DSL, cable modems offer continuous connection to the Internet without having to dial into an Internet Service Provider (ISP) each time you wish to connect to the Internet.

 

Cache

Temporary storage: e.g. web pages you visit may be downloaded to your computer and stored in your web browser's cache, which is physically located on your computer's hard drive. When you return to a recently visited web page, your web browser can retrieve it from the cache rather than from the web server where the page is hosted. This cuts down the retrieval time and helps minimize Internet traffic.

Certification Authority (CA)

A trusted third party that issues certificates that can be used by individuals or organizations to verify their identity or credentials. Certificates generally contain the certificate holder's name, their public key, an expiration date, a serial number and identifying information about the certification authority that issued the certificate, including their digital signature.

 

Cipher, Ciphertext

Any method used to turn plain text into an unreadable and meaningless form. Ciphertext is text that has been encoded into this unreadable form. This often involves the use of a mathematical formula to encode plain text into ciphertext and a key to decode the ciphertext.

Cookies

A small file containing a unique identification number that a website sends to your computer's web browser. When you visit a website, a cookie may be used to track the activities of your browser as well as provide you with a consistent, more efficient experience. The two common types of cookies are persistent and non-persistent. Cookies cannot view or retrieve data from other cookies, or capture files or information stored on your computer. Only the website that sends you cookies is able to read them.

 

Cryptography

This represents a set of mathematical techniques to encode information so as to make it unreadable by anyone who does not have the correct key. The original text is combined with one or more keys, numbers or strings of characters known only to the sender and recipient. The resulting encoded, unreadable text is known as ciphertext.

Digital Certificate

A digital stamp that uses encryption to certify where an electronic document came from. Digital certificates allow individuals or organizations to verify each other's identity online. They are issued by a certification authority and contain the name of the certificate holder, a serial number, expiration dates, a copy of the certificate holder's public key (used for encryption messages and digital signature) and the digital signature of the certificate-issuing authority so that the recipient can verify that the certificate is real.

 

Digital Signature

Like a hand-written signature, this can be added to electronic documents or transactions to provide: authentication (proof that you are who you say you are); non-repudiation (proof that an exchange or transaction took place); and integrity (so that any attempt to alter information would be detected).

Digital Subscriber Line Technology (DSL)

Provides high-speed Internet connections over ordinary telephone lines. Like cable modems, DSL offers significantly better download and upload times than dial-up modems and provides "always-on" connection capability. DSL subscribers can use telephones and surf the Internet simultaneously because the technology separates the signals.

 

Encryption

The process of scrambling or encrypting information into a form that cannot be read or understood unless you have the corresponding key. Very similar to secret code, encryption changes information from being readable to being unreadable and back again using complex mathematical algorithms known as keys. It is not possible to change encrypted information back to unencrypted information without the correct key.

End-to-end Security

Occurs when information flows from the web server (where the website is physically hosted) to the web browser without passing through any other servers. Information exchanged between the point of origin and the point of destination is encrypted to further ensure security.

 

Firewall

A combination of industrial strength computer hardware and software designed to securely separate the Internet from internal web servers, computer systems, networks and databases. Firewalls keep unauthorized Internet traffic off a company's web server or computer network and can be set up to warn network managers if they detect intruder attempts.

Key

In cryptography, a key is complex mathematical algorithm applied to clear text, readable information, to produce encrypted unreadable information, or applied to encrypted information to change it back to the original readable format. The longer the key, the more difficult it is to decrypt the information should an unauthorized third party intercept it.

 

Malware

A blend of the words "malicious" and "software," malware includes computer viruses, worms, Trojan Horses, spyware and a multitude of other damaging and unwanted software. It is software that is designed to enter or damage a computer system, without the user's knowledge and/or informed consent.

Non-persistent cookies do not permanently record data and they are not stored on your computer's hard drive. Rather, non-persistent cookies are stored in memory and are only available during a single active session. Once a session ends, the cookie disappears. Non-persistent cookies are used primarily for technical reasons, like providing seamless navigation so users can navigate through webpages without having to log on to each separate page they visit.

 

Persistent cookies are stored on your computer's hard drive where they remain resident until they are either deleted or they reach a predetermined expiration date. Persistent cookies are most commonly used to provide visitors with a customized experience by recording preferences such as how a visitor prefers to have his/her web pages displayed. Additionally, cookies are commonly used to gather statistical information such as the average time spent on a particular page. This kind of information provides insight on how organizations can improve the design, content and navigation of their website.

Plug-in

A software module that adds a specific functionality to a web browser. For example, plug-ins will allow browsers to display various types of audio and video messages or popular Adobe Acrobat (PDF) files.

 

Public Key Encryption

This process uses a pair of private and public keys that are mathematically related for the encryption and decryption of information. The public key is made widely available to parties who want to communicate with the private key issuer/holder in a secure manner and it is the key used to encrypt the information. The private key is never shared and remains private to the issuer/holder of the public key and is used to decrypt the information.

Public Key Infrastructure (PKI)

Allows users to encrypt sensitive information, so as to exchange it over the Internet in a private manner using special "keys", a public and private key pair that is obtained through a certification authority. The public key infrastructure uses a digital certificate to identify the individual attempting to decrypt information.

 

Secure Electronic Transaction (SET)

An open technical standard for the commerce industry, developed by Visa and MasterCard, to facilitate secure credit card payment transactions over the Internet. Digital Certificates are used throughout the transaction, verifying cardholder and merchant. SET may be used by software vendors, merchants, financial institutions, and others that pass SET compliance testing.

Secure Socket Layer (SSL)

This protocol was developed by Netscape Communications Corporation to provide a high level of security for Internet communications. SSL provides an encrypted communications session between your web browser and a web server. SSL helps verify that sensitive information (e.g. credit card numbers, account balances and other proprietary financial and personal information) sent over the Internet between you browser and a web server, remains private during online transactions.

 

Security Holes/Bugs

Faults, defects or programming errors exploited by unauthorised intruders to enter computer networks or web servers from the Internet. As these holes or bugs become known, software publishers develop "patches," "fixes" or "updates" users can download to fix the problems.

Smart Card

A plastic card about the size of a credit card with an embedded microchip where information and applications are stored. Information on Smart Cards can be updated after the card is issued. A Smart Card reader, a small device into which the smart card is inserted, is required to load data onto the card or read information from it.

 

Spyware

Software programs that are installed on a user's computer without their knowledge to secretly gather information about the user. This software typically establishes an Internet connection with a third party, who may monitor a user's web surfing habits or engage in malicious monitoring to steal confidential information.

Symmetric Key Encryption

Also known as Private Key Encryption, this uses the same private key shared by the sender and recipient for the encryption and decryption of information. A web browser will generate a new symmetric key each time it opens a secure connection.

 

Trojan Horse

A malicious program disguised as a useful or fun program. Trojan Horses are frequently transmitted as files attached to email message, can be downloaded from websites, or enter a computer via a USB or CD file. When you install the file, it appears as if nothing untoward has happened, but the Trojan Horse installs itself on your computer and may destroy files or create a "back door" entry point that allows an unauthorized individual to gain access to your computer.

Virus

Malicious programs often designed as games, image files (JPEG) or screen savers. They are frequently transmitted as files attached to email messages, can be downloaded from websites, or enter a computer via a USB or CD file. Some viruses do damage immediately. Others remain dormant until a date is reached, predetermined by the virus creator, then come alive and destroy files or information. When run (i.e. when clicked on to install the file or play the game), viruses frequently search the Microsoft Outlook address book and send themselves to contacts in the address book without the user's knowledge. Known as self-propagation, this is how viruses can spread like wildfire across the Internet and corporate networks.

 

Web Beacon

Web beacons are very small transparent images (usually 1 x 1 pixel) and are sometimes called clear gifs or actions tags. This technology can be used to compile aggregated statistics about website usage patterns like how many times a particular link, advertisement or specific area on a webpage is clicked.

Worm

A malicious program that replicates itself over a computer network. It does not alter files but resides in active memory of the computer, invisible to the user until massive replication causes a computer to slow or shut down. An example is when a worm infects commercial servers by flooding them with large amounts of data, the volume of which is uncontrollable. This can cause havoc in home PCs and commercial network and web servers. Self-replicating worms generally use email and infected websites to spread across computer networks.