2 Access, Authentication and Encryption

Identification

The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.

Authentication

The process of establishing confidence in the identity of users of information systems, often involving the verification of a user's identity by an authentication server.

Authorization

Access privileges granted to a user, program, or process, or the act of granting those privileges, often managed through Access Control.

Access Control

The process of granting or denying specific requests to obtain and use information and related information processing services, as well as to enter specific physical facilities.

Access Control List

A list of permissions associated with an object that specifies who or what is allowed to access the object and what operations are permitted.

Encryption

The conversion of data into a code to protect it during transmission, making it unreadable without the appropriate decryption key.

Ciphertext

The term used to describe data in its encrypted form, which is produced through the encryption process.

Public Key Encryption

An asymmetric encryption system that uses a public-private key pair for encryption and/or digital signatures, allowing secure communication.

Private Key Encryption

A symmetric encryption method that requires a single secret key for each pair of parties wanting to send coded messages, generally considered less secure than public key methods.

Data Encryption Standard (DES)

A shared private key method developed by the US government, based on 56 binary digits, and widely used for symmetric encryption.

Advanced Encryption Standard (AES)

A successor to DES, introduced to address vulnerabilities in DES and provide stronger encryption.

Digital Signature

A method of verifying the authenticity of an electronic document using public key encryption, where the sender encodes the document with their private key.

Digital Certificate

A coded electronic certificate that verifies the holder's identity and contains the holder's name, public key, serial number, and expiration date.

Individual Digital Certificate

Certificates used to identify a person, allowing them to sign electronic documents and implement access control mechanisms.

Server Certificates

Certificates that identify a server and are used to ensure secure communication of data over a network, commonly used in Internet Banking transactions.

Encryption Certificates

Certificates used to encrypt messages using the recipient's public key to ensure data confidentiality during transmission.