Glossary of Terms

 

Access
A subject’s ability to view, modify, or communicate with an object.  Access enables the flow of information between the subject and the object or resource.

Access Control
Mechanisms, controls and methods of limiting access to resources only to authorized subjects.

AES algorithm
AES (Advanced Encryption Standard) is a cryptographic algorithm.  It is a symmetric algorithm (in other words it uses the same key for encryption and decryption).  AES, originally called Rijndael, was selected through a public competition to be approved for protecting (encrypting) information for all industry and commerce by the US National Institute for Science and Technology (NIST).  It has been subjected to considerable scrutiny by government scientists and academics to check that it has no obvious weaknesses, and is considered to be the strongest protection of its type currently available.  See also symmetric algorithm and algorithm.
 
Asymmetric encryption
An algorithm that uses one key to encrypt information but requires a different (mathematically related) key to decrypt that information.  This is also referred to as public key cryptography.  One of the two keys can be made available to anyone - the public key.  The other key you must keep to yourself – the private key.  Anyone receiving information that you have signed (encrypted with your private key) can use your public key to decrypt the message, therefore ensuring the information must have come from you.  Additionally, if you encrypt something with someone else's public key you can be certain that only they can access is, regardless of who else sees the encrypted information. These features have created the concepts of PKI and non-repudiation.

Attack
An attempt to bypass security controls in a system with the mission of using that system or compromising it.  A passive attack will listen to data, but not capture and modify it.  An active attack modifies data.  An attack is usually accomplished by exploiting a current vulnerability.

Authentication
To verify the identity of a subject requesting the use of a system and/or access to network resources.  The steps involved in providing access to an object on behalf of a subject are, identify the subject, authenticate the subject and authorize the subject.

Authorization
Granting a subject access to an object after the subject has been properly identified and authenticated.

Biometrics
Biometrics refers to those physiological or behavioral characteristics of a person that are automatically used for verification of authenticity or to prove absolute identity.  Physiological Traits include: Hand geometry, Face characteristics, Eye feature - retina, Eye feature - iris and Fingerprint.  Behavioral Traits include: Speaker recognition, written signature and Keystroke dynamics.  A biometric system is essentially a pattern recognition system which makes a personal identification by determining the authenticity of a specific physiological or behavioral characteristic possessed by the user.

Certificate Authority
A digital certificate, also referred to as a public key certificate (PKC), is a tamperproof set of data that attests to the binding of a public key to a particular end user.  To provide this binding, a set of trusted third parties vouches for the user’s identity.  These third parties are referred to as Certificate Authorities (CAs).  The CA issues a certificate to the end user containing the user’s name, public key, and additional identifying information.  Digitally signed by the CA, the certificate can now be transferred and stored.

Confidentiality
A security principal that works to ensure that information is not disclosed to unauthorized subjects.

Cryptography
Literally, the word means the art of secret writing.  It means the conversion of writing into a form that cannot be understood without specific knowledge. (Cryptography started long before computers, with the ancient Egyptians. Computers have simply helped to automate the processes.)  Cryptography is not the only method you can use to communicate information secretly. Steganography is a technique for hiding information inside other information (a picture with a person wearing a hat has one meaning, and the same picture with the person not wearing a hat has a different meaning).

Decryption
This is the reversing of encryption, where a piece of information that has been encrypted (cipher text) is converted back into plaintext.  See also encryption, cryptography.

Denial of Service Attacks (DoS)
Any action or series of actions originating from a single source that prevents a system or any part of a system or its resources from functioning in accordance with its intended purpose.

Digital Certificate
A digital certificate, in the PKI sense, is an electronic record that contains information about the person, organization or device that owns it and about the authority that issued it.  Its main use is to certify the owner/controller of a public key.  All public keys have certificate information attached to them.  The sort of information a certificate can contain is an e-mail address, an identifier of the controller (maybe their name, home or work address), information about the cryptography being used, how long the certificate is valid for and the source of any information if the certificate is cancelled.  Certificates may be issued by their owners (self-signed), the organization they belong to, or they may be issued by other organizations. See also certificate authority and trusted authority.

Digital signature
Unlike the handwritten signature, which does not change very much over time, a digital signature is unique to every document that is signed. The digital signature makes use of the fact that, using an algorithm (hash), it is possible to calculate a unique numeric value for any given document. This value can then be encrypted (signed) using an asymmetric algorithm and the user’s private key. The user typically forwards his/her digital certificate with the signed document.  However, unlike the handwritten signature, anyone can, using the public key and its associated certificate, decrypt the unique hash value.  Also, they can calculate that value for themselves by using the same algorithm. If the two values are equal they can be certain of two things.  That the owner/controller of the private key 'signed' the document and that the document has not been altered or forged.  In this way, then, the digital signature is much more powerful than the handwritten signature because it can prevent any change to a document after it has been digitally signed.
 
Distributed Denial of Service Attacks (DoS)
The ability of an attacker to coordinate an attack against a given target system or resource from many points of origin simultaneously.

Encryption
The process of protecting information by making it impossible for anyone who is not authorized to read that information in a useable form. Encryption is done on a computer by transforming the information to be encrypted (plaintext) using a key and producing cipher text.  If a suitable algorithm and key have been used, the cipher text is, for all practical purposes, impossible to use in any way at all unless it is first decrypted. See also decryption, algorithm and cryptography.

FIPS (Federal Information Processing Standard)
The National Institute for Science and Technology of the USA publishes standards for Federal organizations.  These are also generally used by US businesses.  They are not standards in the same way as the British Standards Institute (BSI) or American National Standards Institute (ANSI), but nevertheless have a considerable influence on industry and commerce as well as government. Many of the published standards deal with aspects of computer security, including the use of algorithms and cryptography.

Integrity
A security principal that ensures that information and systems are not modified maliciously or accidentally.

Interoperability
Generally, the ability to understand the form and format of information received and to be able to respond to that information in the manner expected by the sender.

Intrusion Detection System (IDS)
Software employed to monitor and detect possible attacks and behaviors that vary from the normal and expected activity.  The IDS can be network-based, which monitors network traffic, or host-based, which monitors activities of a specific system and protects system files and control mechanisms

Hashing / hash algorithm
This is a mathematical process, similar in many respects to encryption and sometimes referred to as one-way encryption.  Information (some text, a web page, a file) can be processed by the algorithm.  Some algorithms also require a key, just like encryption.  The algorithm processes the information and calculates a number that is unique to the original information.  According to the standards it should be 'collision free' - that is that no two pieces of information should ever produce the same value.  Hashing is useful, because once a value has been calculated it is impossible to alter the information without detection since hashing the altered file cannot produce the original calculated value.

Key length / strength
The key length for an algorithm is the number of bits (binary digits) that the key value occupies.  With computerized algorithms it is often considered to be a measure of the strength of the algorithm (the more bits the better).  Generally speaking, for implementations of internationally recognized algorithms this is the case.

Keystore
This file stores keys and certificates used to protect and verify web sites, web site content, files and message content.  It also contains user notes on any of the information stored in it. It must be backed up regularly to prevent its being lost.  It is protected from attack by strong cryptography.

NIST
The USA National Institute for Science and Technology.  This is the US body responsible for the development and maintenance of scientific standards, methods and techniques.  They produce standards for a broad range of topics including measuring, structures and vessels and information technology.  See www.nist.gov.

Non-Personal Entity (NPE)
An entity not consistently accompanied with a person, like machines and devices.

Non-repudiation
Literally, that a thing cannot be denied.  In the case of computer systems and PKI it is understood to mean that when a message (or file) is signed by a digital signature, the owner/controller of the private key for that signature cannot deny having signed it, and, by implication, cannot deny the contents of the information that was signed.  This is similar to the idea that if you physically sign a document you cannot later deny either that you signed it or what the document contained.

Out of Band Authentication (OBA)
Out-of-Band authentication is the use of two separate networks working simultaneously to authenticate a user.

Password
In computer systems this is a series of alphanumeric characters that are entered secretly (they are not displayed) in order to prove the identity of a specific user.  As a result, a password should never be shown or given to anyone else, even if they seem to have a reason to need the password.

Passwords are normally chosen by the user, but typically must comply to corporate rules and guidelines.  These may include specifics regarding the use of letters, numbers, 'special' characters such as () =, etc. They may also forbid re-use within a particular timeframe.  Generally passwords are recommended to be longer than six characters, should not be common words or readily identifiable to their user, should contain special characters and should not contain repeating or consecutive characters.  See also passphrase and PIN

Passphrase
An alternative to the password (and sometimes this term is used when password is meant), the passphrase is usually longer.  So, whilst a password could be rdg6*9jkq, a passphrase could be a quotation such as, "Mary had a little lamb” or "Dear sir or madam would you read my book”.

The advantages of a passphrase over a password are, it cannot be readily observed or guessed by watching the user logon, and that dictionary attacks are of little use since the length and content of the passphrase is very hard to predict. As a result, passphrases do not have to be changed as often as passwords.  See also Password and PIN.

PIN (Personal Identity Number)
This is usually four digits for credit and debit cards.  It replaces the password in situations where a full keyboard is not available to the user, or where the system security mechanism can invalidate the user's identity very quickly if the wrong values are entered.  Typically, three attempts are allowed to enter a correct PIN, and if they all fail the PIN is revoked and the user (card holder) is informed that they must contact the issuer before they can do anything.  Like the password and passphrase, a PIN should never be given to anyone else no matter what plausible reason they seem to have.

PKCS#12
This is Public Key Cryptography Standard #12 developed by RSA and subsequently endorsed by general industry.  It is a specific method for storing and holding a private key and a public key in a certificate.  It is often used as a secure means for transferring keys to users, and is encrypted using a secret key or password.  See also X.509.  See www.rsasecurity.com.

Private key
This is one of the two keys used in 'public key cryptography', also referred to as asymmetric cryptography.  They are called public and private because for the system to work, one of the related keys must be kept private - it must not be disclosed to anyone other than its controller, while the other key must be made public - that is must be available to anyone that needs to contact the owner/controller of the matching private key or needs to check a digital signature that appears to come from them.

Public key
See private key.

Public Key Infrastructure (PKI)
This is a concept where it is theoretically possible to obtain the public key of any person that you wish to communicate securely with over a public communications network such as the Internet, and where it is possible to verify the accuracy of the information being presented by anyone offering a 'public key certificate' as a means of proving their identity.
 
Root certificate
In a public key and certificate system, this is the certificate that identifies a trusted authority from which other trusted relationships are derived.  In PKI theory, the ability to trust an identity is based upon the trust you have in the organization (authority) that vouches for the identity.  You might accept a person's identity if your government has issued it, or a company's if the national company registration authority issues it.  At the time of writing, nation states have not taken the step of issuing PKI identities, preferring to allow the commercial market to develop the infrastructure.  As a result, root certificates contained in web browsers are currently those of commercial companies that are recognized in their own markets as competent to make statements about the certificates that they issue. That may not be the case in all countries in the future.

RSA algorithm
This is the name of the first published asymmetric or public key algorithm.  It is named after its inventors, Rivest, Shamir and Edelman. RSA has been in existence for over 20 years, and has been subjected to considerable academic research to determine if algorithmic weaknesses exist, and so far, none have been published.  It has key lengths of 512, 1024, 2048 bits, etc. The maximum possible number of unique keys (and hence unique users) that could exist range from 2 raised to the power 512 to 2 raised to the power 2048, etc.  (For the non-mathematicians 2 raised to the power of 100 is calculated by multiplying 2 by itself 100 times, giving a value 1,267,650,600,228,229,401,496,703,205,376 and that value doubles each time you raise it by multiplying by two.  (2 to the power 2048 doesn't fit very readably on this page and is difficult to proof read.)

Symmetric algorithm
This is an encryption algorithm where the same key is used for both encryption and decryption (unlike asymmetric where different keys are used).  The key used in a symmetric algorithm is often called a secret key because it has to be kept secret by all users of the system, unlike a public key that has to be made available to everyone.  See algorithm, cryptography.

Trusted Authorities
Trusted Authorities are electronic identities (people, businesses, governments and so on) that you have decided (either by some positive action or by default) to trust.  In this sense, the word trust means simply that you believe they are who they say they are.  You may also believe that these identities can vouch for the identity of others.  See digital certificate, root certificate and certificate authority.

Virtual Private Network (VPN)
A Virtual Private Network is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger networks (such as the Internet), as opposed to running across a single private network. The Link Layer protocols of the virtual network are said to be tunneled through the transport network. One common application is to secure communications through the public Internet, but a VPN does not need to have explicit security features such as authentication or content encryption. For example, VPNs can also be used to separate the traffic of different user communities over an underlying network with strong security features, or to provide access to a network via customized or private routing mechanisms.

X.509
This term refers to an information technology standard that was first developed by the International Telecommunications Union (ITU), and later modified by the Internet Engineering Task Force (IETF).  The standard concerns the definition of a record in a database that is used to store public key certificates for access through a PKI.  Although the format is a standard, it has been shown to be capable of many interpretations by different manufacturers.  Some of the information in a certificate includes the owner's/controller's identity and the identity of the Trusted Authority that vouches for them (or their own identity if they are issuing certificates for themselves (as a root authority).

 

Glossary of Terms

 

Access
A subject’s ability to view, modify, or communicate with an object.  Access enables the flow of information between the subject and the object or resource.

Access Control
Mechanisms, controls and methods of limiting access to resources only to authorized subjects.

AES algorithm
AES (Advanced Encryption Standard) is a cryptographic algorithm.  It is a symmetric algorithm (in other words it uses the same key for encryption and decryption).  AES, originally called Rijndael, was selected through a public competition to be approved for protecting (encrypting) information for all industry and commerce by the US National Institute for Science and Technology (NIST).  It has been subjected to considerable scrutiny by government scientists and academics to check that it has no obvious weaknesses, and is considered to be the strongest protection of its type currently available.  See also symmetric algorithm and algorithm.
 
Asymmetric encryption
An algorithm that uses one key to encrypt information but requires a different (mathematically related) key to decrypt that information.  This is also referred to as public key cryptography.  One of the two keys can be made available to anyone - the public key.  The other key you must keep to yourself – the private key.  Anyone receiving information that you have signed (encrypted with your private key) can use your public key to decrypt the message, therefore ensuring the information must have come from you.  Additionally, if you encrypt something with someone else's public key you can be certain that only they can access is, regardless of who else sees the encrypted information. These features have created the concepts of PKI and non-repudiation.

Attack
An attempt to bypass security controls in a system with the mission of using that system or compromising it.  A passive attack will listen to data, but not capture and modify it.  An active attack modifies data.  An attack is usually accomplished by exploiting a current vulnerability.

Authentication
To verify the identity of a subject requesting the use of a system and/or access to network resources.  The steps involved in providing access to an object on behalf of a subject are, identify the subject, authenticate the subject and authorize the subject.

Authorization
Granting a subject access to an object after the subject has been properly identified and authenticated.

Biometrics
Biometrics refers to those physiological or behavioral characteristics of a person that are automatically used for verification of authenticity or to prove absolute identity.  Physiological Traits include: Hand geometry, Face characteristics, Eye feature - retina, Eye feature - iris and Fingerprint.  Behavioral Traits include: Speaker recognition, written signature and Keystroke dynamics.  A biometric system is essentially a pattern recognition system which makes a personal identification by determining the authenticity of a specific physiological or behavioral characteristic possessed by the user.

Certificate Authority
A digital certificate, also referred to as a public key certificate (PKC), is a tamperproof set of data that attests to the binding of a public key to a particular end user.  To provide this binding, a set of trusted third parties vouches for the user’s identity.  These third parties are referred to as Certificate Authorities (CAs).  The CA issues a certificate to the end user containing the user’s name, public key, and additional identifying information.  Digitally signed by the CA, the certificate can now be transferred and stored.

Confidentiality
A security principal that works to ensure that information is not disclosed to unauthorized subjects.

Cryptography
Literally, the word means the art of secret writing.  It means the conversion of writing into a form that cannot be understood without specific knowledge. (Cryptography started long before computers, with the ancient Egyptians. Computers have simply helped to automate the processes.)  Cryptography is not the only method you can use to communicate information secretly. Steganography is a technique for hiding information inside other information (a picture with a person wearing a hat has one meaning, and the same picture with the person not wearing a hat has a different meaning).

Decryption
This is the reversing of encryption, where a piece of information that has been encrypted (cipher text) is converted back into plaintext.  See also encryption, cryptography.

Denial of Service Attacks (DoS)
Any action or series of actions originating from a single source that prevents a system or any part of a system or its resources from functioning in accordance with its intended purpose.

Digital Certificate
A digital certificate, in the PKI sense, is an electronic record that contains information about the person, organization or device that owns it and about the authority that issued it.  Its main use is to certify the owner/controller of a public key.  All public keys have certificate information attached to them.  The sort of information a certificate can contain is an e-mail address, an identifier of the controller (maybe their name, home or work address), information about the cryptography being used, how long the certificate is valid for and the source of any information if the certificate is cancelled.  Certificates may be issued by their owners (self-signed), the organization they belong to, or they may be issued by other organizations. See also certificate authority and trusted authority.

Digital signature
Unlike the handwritten signature, which does not change very much over time, a digital signature is unique to every document that is signed. The digital signature makes use of the fact that, using an algorithm (hash), it is possible to calculate a unique numeric value for any given document. This value can then be encrypted (signed) using an asymmetric algorithm and the user’s private key. The user typically forwards his/her digital certificate with the signed document.  However, unlike the handwritten signature, anyone can, using the public key and its associated certificate, decrypt the unique hash value.  Also, they can calculate that value for themselves by using the same algorithm. If the two values are equal they can be certain of two things.  That the owner/controller of the private key 'signed' the document and that the document has not been altered or forged.  In this way, then, the digital signature is much more powerful than the handwritten signature because it can prevent any change to a document after it has been digitally signed.
 
Distributed Denial of Service Attacks (DoS)
The ability of an attacker to coordinate an attack against a given target system or resource from many points of origin simultaneously.

Encryption
The process of protecting information by making it impossible for anyone who is not authorized to read that information in a useable form. Encryption is done on a computer by transforming the information to be encrypted (plaintext) using a key and producing cipher text.  If a suitable algorithm and key have been used, the cipher text is, for all practical purposes, impossible to use in any way at all unless it is first decrypted. See also decryption, algorithm and cryptography.

FIPS (Federal Information Processing Standard)
The National Institute for Science and Technology of the USA publishes standards for Federal organizations.  These are also generally used by US businesses.  They are not standards in the same way as the British Standards Institute (BSI) or American National Standards Institute (ANSI), but nevertheless have a considerable influence on industry and commerce as well as government. Many of the published standards deal with aspects of computer security, including the use of algorithms and cryptography.

Integrity
A security principal that ensures that information and systems are not modified maliciously or accidentally.

Interoperability
Generally, the ability to understand the form and format of information received and to be able to respond to that information in the manner expected by the sender.

Intrusion Detection System (IDS)
Software employed to monitor and detect possible attacks and behaviors that vary from the normal and expected activity.  The IDS can be network-based, which monitors network traffic, or host-based, which monitors activities of a specific system and protects system files and control mechanisms

Hashing / hash algorithm
This is a mathematical process, similar in many respects to encryption and sometimes referred to as one-way encryption.  Information (some text, a web page, a file) can be processed by the algorithm.  Some algorithms also require a key, just like encryption.  The algorithm processes the information and calculates a number that is unique to the original information.  According to the standards it should be 'collision free' - that is that no two pieces of information should ever produce the same value.  Hashing is useful, because once a value has been calculated it is impossible to alter the information without detection since hashing the altered file cannot produce the original calculated value.

Key length / strength
The key length for an algorithm is the number of bits (binary digits) that the key value occupies.  With computerized algorithms it is often considered to be a measure of the strength of the algorithm (the more bits the better).  Generally speaking, for implementations of internationally recognized algorithms this is the case.

Keystore
This file stores keys and certificates used to protect and verify web sites, web site content, files and message content.  It also contains user notes on any of the information stored in it. It must be backed up regularly to prevent its being lost.  It is protected from attack by strong cryptography.

NIST
The USA National Institute for Science and Technology.  This is the US body responsible for the development and maintenance of scientific standards, methods and techniques.  They produce standards for a broad range of topics including measuring, structures and vessels and information technology.  See www.nist.gov.

Non-Personal Entity (NPE)
An entity not consistently accompanied with a person, like machines and devices.

Non-repudiation
Literally, that a thing cannot be denied.  In the case of computer systems and PKI it is understood to mean that when a message (or file) is signed by a digital signature, the owner/controller of the private key for that signature cannot deny having signed it, and, by implication, cannot deny the contents of the information that was signed.  This is similar to the idea that if you physically sign a document you cannot later deny either that you signed it or what the document contained.

Out of Band Authentication (OBA)
Out-of-Band authentication is the use of two separate networks working simultaneously to authenticate a user.

Password
In computer systems this is a series of alphanumeric characters that are entered secretly (they are not displayed) in order to prove the identity of a specific user.  As a result, a password should never be shown or given to anyone else, even if they seem to have a reason to need the password.

Passwords are normally chosen by the user, but typically must comply to corporate rules and guidelines.  These may include specifics regarding the use of letters, numbers, 'special' characters such as () =, etc. They may also forbid re-use within a particular timeframe.  Generally passwords are recommended to be longer than six characters, should not be common words or readily identifiable to their user, should contain special characters and should not contain repeating or consecutive characters.  See also passphrase and PIN

Passphrase
An alternative to the password (and sometimes this term is used when password is meant), the passphrase is usually longer.  So, whilst a password could be rdg6*9jkq, a passphrase could be a quotation such as, "Mary had a little lamb” or "Dear sir or madam would you read my book”.

The advantages of a passphrase over a password are, it cannot be readily observed or guessed by watching the user logon, and that dictionary attacks are of little use since the length and content of the passphrase is very hard to predict. As a result, passphrases do not have to be changed as often as passwords.  See also Password and PIN.

PIN (Personal Identity Number)
This is usually four digits for credit and debit cards.  It replaces the password in situations where a full keyboard is not available to the user, or where the system security mechanism can invalidate the user's identity very quickly if the wrong values are entered.  Typically, three attempts are allowed to enter a correct PIN, and if they all fail the PIN is revoked and the user (card holder) is informed that they must contact the issuer before they can do anything.  Like the password and passphrase, a PIN should never be given to anyone else no matter what plausible reason they seem to have.

PKCS#12
This is Public Key Cryptography Standard #12 developed by RSA and subsequently endorsed by general industry.  It is a specific method for storing and holding a private key and a public key in a certificate.  It is often used as a secure means for transferring keys to users, and is encrypted using a secret key or password.  See also X.509.  See www.rsasecurity.com.

Private key
This is one of the two keys used in 'public key cryptography', also referred to as asymmetric cryptography.  They are called public and private because for the system to work, one of the related keys must be kept private - it must not be disclosed to anyone other than its controller, while the other key must be made public - that is must be available to anyone that needs to contact the owner/controller of the matching private key or needs to check a digital signature that appears to come from them.

Public key
See private key.

Public Key Infrastructure (PKI)
This is a concept where it is theoretically possible to obtain the public key of any person that you wish to communicate securely with over a public communications network such as the Internet, and where it is possible to verify the accuracy of the information being presented by anyone offering a 'public key certificate' as a means of proving their identity.
 
Root certificate
In a public key and certificate system, this is the certificate that identifies a trusted authority from which other trusted relationships are derived.  In PKI theory, the ability to trust an identity is based upon the trust you have in the organization (authority) that vouches for the identity.  You might accept a person's identity if your government has issued it, or a company's if the national company registration authority issues it.  At the time of writing, nation states have not taken the step of issuing PKI identities, preferring to allow the commercial market to develop the infrastructure.  As a result, root certificates contained in web browsers are currently those of commercial companies that are recognized in their own markets as competent to make statements about the certificates that they issue. That may not be the case in all countries in the future.

RSA algorithm
This is the name of the first published asymmetric or public key algorithm.  It is named after its inventors, Rivest, Shamir and Edelman. RSA has been in existence for over 20 years, and has been subjected to considerable academic research to determine if algorithmic weaknesses exist, and so far, none have been published.  It has key lengths of 512, 1024, 2048 bits, etc. The maximum possible number of unique keys (and hence unique users) that could exist range from 2 raised to the power 512 to 2 raised to the power 2048, etc.  (For the non-mathematicians 2 raised to the power of 100 is calculated by multiplying 2 by itself 100 times, giving a value 1,267,650,600,228,229,401,496,703,205,376 and that value doubles each time you raise it by multiplying by two.  (2 to the power 2048 doesn't fit very readably on this page and is difficult to proof read.)

Symmetric algorithm
This is an encryption algorithm where the same key is used for both encryption and decryption (unlike asymmetric where different keys are used).  The key used in a symmetric algorithm is often called a secret key because it has to be kept secret by all users of the system, unlike a public key that has to be made available to everyone.  See algorithm, cryptography.

Trusted Authorities
Trusted Authorities are electronic identities (people, businesses, governments and so on) that you have decided (either by some positive action or by default) to trust.  In this sense, the word trust means simply that you believe they are who they say they are.  You may also believe that these identities can vouch for the identity of others.  See digital certificate, root certificate and certificate authority.

Virtual Private Network (VPN)
A Virtual Private Network is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger networks (such as the Internet), as opposed to running across a single private network. The Link Layer protocols of the virtual network are said to be tunneled through the transport network. One common application is to secure communications through the public Internet, but a VPN does not need to have explicit security features such as authentication or content encryption. For example, VPNs can also be used to separate the traffic of different user communities over an underlying network with strong security features, or to provide access to a network via customized or private routing mechanisms.

X.509
This term refers to an information technology standard that was first developed by the International Telecommunications Union (ITU), and later modified by the Internet Engineering Task Force (IETF).  The standard concerns the definition of a record in a database that is used to store public key certificates for access through a PKI.  Although the format is a standard, it has been shown to be capable of many interpretations by different manufacturers.  Some of the information in a certificate includes the owner's/controller's identity and the identity of the Trusted Authority that vouches for them (or their own identity if they are issuing certificates for themselves (as a root authority).