- AAccess Control
The selective restriction of access to resources or to a place. One-, two-, or three-factor authentication can be used. The authentication factors are often characterized by:
- Something you have (such as a smart card or electronic passport)
- Something you know (such as a PIN or password)
- Something you are (generally a piece of biometric data on a smart card)
ANSSI, Agence Nationale de la Sécurité des Systèmes d’Information (France’s national Information Security Agency). Its chief mandates are to:
- Detect and react to cyberattacks
- Prevent threats by supporting the development of proven products and services for government entities and economic players
- Provide reliable advice and support to government entities and critical infrastructure providers
- Keep companies and the general public informed of information security threats and the related protection methods through an active communication policy
Cryptographic process that consists of verifying the identity of a person or computer in order to authorize said person or computer to access resources such as systems, networks, or applications.
- BBAC (Basic Access Control)
Basic Access Control. Mechanism to access signed data on an e-passport chip. Objective is to verify authenticity of secure electronic (travel) documents.BRING YOUR OWN DEVICE (BYOD)
Bring Your Own Device is a policy allowing secure remote access to company resources from mobile devices. The end-users can easily access their workspace from a mobile device such as a smart phone or tablet, without compromising the security of sensitive data.
- CCertificate Policy
A description of the rules governing the use of a public key certificate in a particular environment.CERTIFICATE REVOCATION LIST (CRL)
A list of revoked certificates that is created and signed by the same CA that issued the certificates. A certificate is added to the list if it is revoked (because of suspected key compromise, DN change, or another valid reason) and then removed from the list when the certificate reaches the end of its certificate validity period.CERTIFICATION AUTHORITY (CA)
A Certification Authority is a trusted third party that issues digital certificates and confirms the identity of the holder of a digital certificate.Cloud Computing
Cloud computing is the general term used for the provision of services hosted on the Internet. These services are typically divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). The name “cloud computing” was inspired by the cloud icon often used to represent the Internet in flow charts and diagrams.COMMON CRITERIA (CC)
Internationally recognized standard used in multi-lateral recognition agreements. CC define the different assurance levels used to evaluate a product’s security, known as EAL (Evaluation Assurance Level). The higher the level, the stricter the requirements in terms of the proof elements that must be provided by the developer to the evaluating laboratory.CONFIDENTIALITY
The characteristic of information that is neither available nor disclosed to unauthorized persons or entities.Credential
General term referring to any means used to identify, authenticate, or authorize users.CRYPTOGRAPHIC ALGORITHM
Method for transforming plain text into encrypted text using a mathematical formula and a key to decrypt the ciphered data.Cryptography
Transforming clear, meaningful information into an enciphered, unintelligible form using an algorithm and a key.Cyber Defense
Set of technical and non-technical measures enabling a state to defend its critical information systems in cyberspace.Cyber Security
The protection of information systems allowing entities to withstand events that are likely to compromise the availability, integrity, or confidentiality of the stored, processed, or transmitted data and associated services these systems offer or make available.
- DDigital Certificate
A digital certificate is a secure digital identity that certifies the identity of the holder. Issued by a Certificate Authority, it typically contains a user’s name, public key, and related information. A digital certificate is tamper-proof, cannot be forged, and is signed by the private key of the Certificate Authority that issued it.Digital Identity
Set of information (data trail) associated with a person or institution, available on the Internet.
Also known as e-gov, digital government, or online government, E-government refers to the use of information and communication technologies to provide and improve government services as well as transactions and interactions with citizens, companies, and other administrations.EAL (EVALUATION ASSURANCE LEVEL)
The EAL of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation. The intent of the higher levels is to provide higher confidence that the system’s principal security features are reliably implemented. The EAL does not measure the security of the system itself. It simply indicates the level at which the system was tested to see if it meets all relevant requirements.Encryption
The act of disguising information through the use of a key so that it cannot be understood by an unauthorized person.European Telecommunications Standards Institute (ETSI)
The European Telecommunications Standards Institute (ETSI) develops internationally applicable standards for information and communications technologies (ICT), including mobile and non-mobile services and Internet technologies.Extended Access Control (EAC)
Extended Access Control [ICAO]. Mechanism to access sensitive biometric data on an e-passport chip, by mutual authentication between chip and terminal. Objective is to verify a traveler’s identity.
- FFederations of identities
The creation of a reliable identity recognized within an organization or an organization group.
Cryptographic function that transforms a string of random-sized characters into a string of same-sized characters, generally smaller than the original.HTPP
Hyper Text Transfer Protocol.
Infrastructure as a Service.Integrity
A security property ensuring that data or information has not been altered.IPSEC
A developing standard for security at the network or packet processing layer of network communication. Is especially useful for implementing virtual private networks and remote user access through dial-up connections.
Programming language used to display dynamic content on Web pages.
When used in the context of cryptography, a series of random numbers used by a cryptographic algorithm to transform plain text data into encrypted data and vice versa.Key Pair
A pair of digital keys – one public and one private – used for encrypting and signing digital information.
Fraudulent technique used by computer hackers to collect sensitive personal or confidential data from Web users. The most common form of phishing is sending a seemingly legitimate email whose content incites the user to click on a link that will then request confidential data.Private Key
A cryptographic key known only to the user, employed in public key cryptography in decrypting or signing information. One half of a key pair.Public key
The other half of a key pair, a public key is held in a digital certificate. Public keys are usually published in a directory. Any public key can encrypt information; however, data encrypted with a specific public key can only be decrypted by the corresponding private key, which the key owner keeps secret.PUBLIC KEY INFRASTRUCTURE (PKI)
A set of policies, processes, and technologies used to verify, enroll, and certify users of a security application. A PKI uses public key cryptography and key certification practices to secure communications.
The aim of qualification is to ensure that a security product (hardware or software) or a Trust Service Provider meets administration requirements. The regulatory framework stipulates that administrations are required to use qualified security products and Trust Service Providers (TSP). For security products, this qualification is delivered directly by ANSSI based on a certification. There are three qualification levels: elementary, standard, and reinforced. These levels are intended to withstand attacks of increasing severity. For TSP, this qualification is delivered by a qualification organization accredited by COFRAC (French accreditation committee) and approved by ANSSI.
- RRegistration Authority (RA)
A person or organization responsible for the identification and authentication of an applicant for a digital certificate. An RA does not issue or sign certificates.
- SSecurity policies
Set of laws, rules, and practices governing the means used by an organization to manage, protect, and distribute sensitive data.Smart card
A device that is often the same size as a credit card and is “smart” enough to hold its own data and applications and do its own processing. Smart cards can be used to store personal information, hold digital cash, or prove identity.SSL (SECURE SOCKETS LAYER)
A standard security technology that provides identification and confidentiality to applications.
A timestamp is the digital proof that objectively enables the detection of the creation time of certain data. To get a timestamp, the party that is interested in proving the creation time of the data sends a cryptographic code to a time-stamping service provider (TSP). The time-stamping service provider returns a digitally signed proof that proves the existence of the said data collection. Since the time-stamping authority sees only a cryptographic code, the confidentiality of the data is retained.TRUST SERVICE PROVIDER (TSP)
Trust Service Providers assure the electronic identification of people and services through the use of strong authentication mechanisms, digital certificates, and electronic signatures. They offer digital certificate issuing, time stamping, and signature generation and verification services, providing a trust framework for the relations between organizations and countries.
- VVirtual private network (vpn)
Private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.