Home / Cyber Security / PKI Glossary

PKI Glossary



Procedure or formula for solving a problem.

Asymmetric Cryptography

Use of algorithms that use different keys for encryption than decryption, and the decryption key cannot be derived from the encryption key. Public keys are sometimes known as asymmetric cryptography.


Verifying the identity of a person or computer system. The use of a username and password is the most common method of authentication on a network.


Usually refers to technologies for measuring and analyzing human body characteristics such as fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements for user authentication.

Certificate Authority (CA)

Authority in a network (PKI) that issues and manages security credentials and public keys for message encryption.

Certificate Practice Statement (CPS)

Provides a detailed explanation of how the certificate of authority manages the certificates it issues and associate services such as key management. The CPS acts as a contact between the CA and users, describing the obligations and legal limitations and setting the foundation for future audits.

Certificate Revocation List (CRL)

A list of subscribers paired with their digital signature status, specifically the revoked certificates and the reason for the revocation


Encrypted text. Plain text or clear text is what you have before encryption and ciphertext is the encrypted result.


The art of breaking ciphers, i.e. retrieving the plaintext without knowing the proper key.


The science of information security. Includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit.

Digital Certificate

A digital document which is generally stored and administered in a central directory. It contains the certificate holder's name, a serial number, expiration dates, public key and the digital signature of the certificate issuing authority.

Digital Signature

An electronic signature that authenticates the identity of the sender, ensures the original content of the message is unchanged, is easily transportable, cannot be easily repudiated, cannot be imitated, and can be automatically time stamped.


A specialized, highly available database organized to be primarily used for lookup.

Directory Access Protocol (DAP)

The X.500 protocol for client access to a directory.

Directory Information Base (DIB)

The X.500 term referring to all the information in the directory.

Directory Information Tree (DIT)

Hierarchical arrangement of container objects that fall within one logical grouping or namespace.

Directory Interoperability Forum (DIF)

Group of vendors who support development of directory enabled applications and open directory standards.

Directory Service

A collection of software, hardware, processes, policies and administrative procedures involved in organizing the information in a directory and making it available to users.

Directory Services Markup Language (DSML)

Enables different computer network directory formats to be expressed in a common format and shared by different directory systems.


Process of enciphering or encoding data so that it is inaccessible to unauthorized users.


A mathematical summary that can be used to provide message integrity popular because it is simple and small.


The state of being unaltered.

Internet Engineering Task Force (IETF)

Is the body that defines standard Internet operating protocol such as TCP/IP and is supervised by the Internet Society Internet Architecture Board.

Internet Protocol Security (IPSec)

A developing standard for security at the network or packet processing layer of network communication. Is especially useful for implementing virtual private networks and remote user access through dial-up connections.

LDAP Data Interchange Format (LDIF)

A means of describing LDAP entries in a standardized text format to facilitate the exchange of directory information.

Lightweight Directory Access Protocol (LDAP)

A standard method for a client to access and modify directory information.


The basis of insisting that the document signed by a particular private key represents acknowledgment by the private key owner. Depends on the security of the private key.

Online Certificate Status Protocol (OCSP)

Standard for checking whether digital certificates are valid at the time of a given transaction.


Ordinary readable text before being encrypted into ciphertext or after being decrypted.

Point-to-Point Protocol (PPP)

Protocol for communication between two computers using a serial interface.

Policy Management Authority (PMA)

Authority that reviews and updates the certificate policy, reviews the certification practice statement for compliance, and reviews the results of the certification authority audits.

Private Key

The private part of a two-part, public key asymmetric cryptography system. The private key is provided by a certificate authority, kept secret and never transmitted over a network.

Public Key

The public part of a two-part, public key asymmetric cryptography system. The public key is provided by a certificate authority and can be retrieved over a network.

Public Key Cryptosystem (PKC)

Provides asymmetric encryption of confidential messages and transactions, authenticates the origin of such data, and guarantees data integrity.

Public Key Infrastructure (PKI)

A system that enables users of a public network to exchange data securely and privately through the use of a public and private cryptographic key pair that is obtained and shared through a trusted authority. Provides for a digital certificate that can identify an individual or an organization and director services that can store and, when necessary, revoke the certificates. The comprehensive architecture includes key management, the registration authority, certificate authority, and various administrative tool sets.

Public Key Cryptography Standards (PKCS)

Set of intervendor standard protocols for making possible secure information exchange on the Internet using a public key infrastructure. Standards include RSA encryption, password-based encryption, extended certificate syntax, and cryptographic message syntax for S/MIME.

Registration Authority

The authority in a Public Key Infrastructure that verifies user requests for a digital certificate and tells the certificate authority it is alright to issue a certificate.

Remote Access

The ability to get access to a computer or a network from a remote distance.

Rivest-Shamir-Adleman (RSA)

An algorithm used for key pairs for authentication, encryption and decryption.


Series of instructions that can be written from within a program in order to accomplish a particular task and that can be launched easily, as by pressing a button, and executed without further input from others.

Secret Key

Also known as a private key. Is an encryption/decryption key known only to the party or parties that exchange secret messages.

Secure Multi-Purpose Internet Mail Extensions (S/MIME)

Secure method of sending e-mail that uses the RSA encryption system.

Secure Socket Layer (SSL)

Commonly-used protocol for managing the security of a message transmission on the Internet by using a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.

Serial Line Internet Protocol (SLIP)

TCP/IP protocol used for communication between two machines that are previously configured for communication with each other.


A computer that stores files and provides them to individual workstations in a client/server network. Often controls access to peripherals such as printers and executes complex programs or tasks that the client requests.


Sometimes referred to as a "port layer", manages the setting up and taking down of the association between two communication end points known as a connection in an Open Systems Interconnection (OSI) model.

Symmetric Cryptography

Uses symmetric algorithms which use the same key for encryption and decryption.

User Interface

The way a user enters commands in a given program. Three main types: 1) Command Driven - User types commands from key board, 2) Menu Driven - Either the keyboard or a mouse is used to select an option from a displayed menu, 3)Graphical User - User selects and activates functions by manipulating icons and pop-up windows on the screen.

Virtual Private Network (VPN)

Private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.


Standard way to develop an electronic directory of people in an organization so that it can be part of a global directory available to anyone in the world through Internet access.


Certificate authority standard.



Department of Information Systems
One Capitol Mall
Little Rock, AR 72201
Google Map

Contact Us | Career Opportunities