Glossary CA (CERTIFICATION AUTHORITY) Entity authorized to issue, suspend, renew, or revoke certificates. CAs are identified by a distinguished name on all certificates and CRLs they issue. A Certification Authority (CA) must publicize its public key or provide a certificate from a higher level CA attesting to the validity of its public key. Symantec is a CA. CERT.DB FILE File that contains your Firefox Digital ID. CERTIFICATE (PUBLIC KEY CERTIFICATE) Another word for Digital ID, used by some software applications and Web browsers. CERTIFICATION PRACTICE STATEMENT Document used by certificate issuers that defines Symantec's procedures. CHALLENGE PHRASE A set of numbers and/or letters chosen by a Digital ID applicant, used to authenticate the subscriber for various actions such as the Digital ID revocation, replacement, and renewal. CRYPTOGRAPHY The mathematical science used to secure the confidentiality and authentication of data by transforming data in order to hide its information content, prevent undetected modification, and/or prevent unauthorized use. DIGITAL ID Symantec service mark and brand name for a certificate. DIGITAL ID EXPIRATION A time and date specified in the Digital ID when the operational period ends. DIGITAL ID HIERARCHY A structure of Digital IDs that allows individuals to verify the validity of a Digital ID's issuer. DIGITAL ID SERIAL NUMBER A unique value that unambiguously identifies a Digital ID issued by a Certification Authority. DIGITAL SIGNATURE A method for validating that a specific message was not altered during transmission. This process involves creating a message, encrypting it, and sending both the original message and the encrypted message together. Once received, the recipient compares the contents of the original message against the contents of the encrypted message to make sure the information has not been changed. DISTINGUISHED NAME The set of data used to identify an individual Digital ID holder. Within a Class 1 Digital ID this would be information such as your Name and your e-mail address, and the issuer of the Digital ID. ENCRYPTION Process of transforming readable (plaintext) data into an unintelligible form (ciphertext) so that the original data either cannot be recovered (one-way encryption) or cannot be recovered without using an inverse decryption process (two-way encryption). ENROLLMENT The process of applying for a Digital ID. EXPORT (a certificate) The process of backing up a Digital ID to avoid loss. Digital IDs contain information you cannot recover in the event of a hard drive crash or browser re-installation, so you should make a copy and store it in a secure place. KEY GENERATION The process of creating a private key whose corresponding public key is submitted to the Digital ID Center for validation. Key generation takes place during Digital ID enrollment. KEY PAIR Private key and its corresponding public key. The public key can verify a digital signature created by using the corresponding private key. In addition, depending upon the type of algorithm implemented, key pair components can also encrypt and decrypt information for confidentiality purposes, in which case a private key uniquely can reveal information encrypted by using the corresponding public key. LDAP (LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL) The Lightweight Directory Access Protocol (LDAP) is a protocol for accessing online directory services that might contain other user's Digital IDs. OPERATIONAL PERIOD The period starting with the date and time a Digital ID is issued and ending with the date and time on which the Digital ID expires or is earlier suspended or revoked. PASSWORD Confidential authentication information, usually composed of a string of characters used to provide access to the private key of your Digital ID. PIN (PERSONAL IDENTIFICATION NUMBER) The Personal Identification Number (PIN) is used only once--during Digital ID retrieval. It consists of 32 characters using the numbers 0-9 and the letters A-F. There are no spaces before, after or in the PIN number. PKCS #12 A standard that specifies a portable format for storing or transporting a user's private keys and Digital IDs. PRIVATE KEY A mathematical key (kept secret by the holder) used to create digital signatures and, depending upon the algorithm, to decrypt messages or files encrypted (for confidentiality) with the corresponding public key. PUBLIC KEY A mathematical key that can be shared so that others can send you encrypted information that can only be unscrambled by using your private key. The public key can also be used to verify signatures created with its corresponding private key. Depending on the algorithm, public keys are also used to encrypt messages or files that can then be decrypted with the corresponding private key. PUBLIC KEY CRYPTOGRAPHY A type of cryptography that uses a key pair of mathematically related cryptographic keys. The public key can be made available to anyone who wishes to use it and can encrypt information or verify a digital signature; the private key is kept secret by its holder and can decrypt information or generate a digital signature. This process is also referred to as dual-key. .P12 FILE The file extension assigned to all Digital IDs exported from Firefox using the PKCS #12 standard. .PFX FILE The file extension assigned to all Digital IDs exported from Microsoft Internet Explorer using the PKCS #12 standard. RECIPIENT (of a DIGITAL SIGNATURE) A person who receives a digital signature and who is in a position to rely on it, whether or not such reliance occurs. RELYING PARTY A recipient who accepts a Digital ID and digital signature, such as an online bank or e-commerce company. RENEW A DIGITAL ID The process of obtaining a new Digital ID once an existing Digital ID has expired. REPLACE A DIGITAL ID The process of obtaining a replacement Digital ID once an existing Digital ID has been revoked or has expired. RETRIEVE A DIGITAL ID The process of picking up a pending Digital ID after the enrollment form is completed. When the Digital ID is picked up, it is considered issued. REVOKE A DIGITAL ID The process of permanently ending the valid period of a Digital ID. You can use the Digital ID Center or download the Certificate Revocation List (CRL) to determine if a Digital ID has been revoked. SECURE CHANNEL This refers to information sent encrypted over the network. For example, you purchase items from a web site using a secure (encrypted) channel to transmit private information such as your credit card number. SESSION KEY The key size assigned for a secured communication between a client and server using SSL (Secure Sockets Layer). Depending on the use of International or Domestic browsing software the session will be assigned an 40 or 128 bit encryption session. SIGNER A person who creates a digital signature for a message or a signature for a document. S/MIME A specification for secure e-mail that uses a cryptographic message syntax in an Internet MIME (multipurpose internet message exchange) environment. SUBSCRIBER A person who has been issued a Digital ID and is capable of using the private key that corresponds to the public key listed in the Digital ID. SUBSCRIBER AGREEMENT The agreement executed between a subscriber and Symantec for the provision of designated public certification services in accordance with the Certification Practice Statement (CPS). SUBSCRIBER INFORMATION Information supplied to a certification authority as part of a Digital ID application. URL (UNIFORM RESOURCE LOCATOR) A standardized device for identifying and locating certain records and other resources located on the World Wide Web. Most URLs appear in the familiar form of Web site addresses such as http://www.verisign.com/. VALIDATE A DIGITAL ID The process performed by a recipient or relying party to confirm that an end-user Digital ID is valid and was operational at the date and time a specific digital signature was created. VERIFY (A DIGITAL SIGNATURE) The process of determining accurately that a digital signature was created during the operational period of a valid Digital ID and the associated message was not altered since the digital signature was created.