Читаем CISSP Practice полностью

A server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server. A device or product that provides network protection at the application level by using custom programs for each protected application. These programs can act as both a client and server and are proxies to the actual application. Proxy servers are available for common Internet services; for example, a hypertext transfer protocol (HTTP) proxy used for Web access and a simple mail transfer protocol (SMTP) proxy used for e-mail. Proxy servers are also called application gateway firewall or proxy gateway.

Pseudonym

A subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing.

Pseudorandom number generator (PRNG)

An algorithm that produces a sequence of bits that are uniquely determined from an initial value called a “seed.” The output of the PRNG “appears” to be random, i.e., the output is statistically indistinguishable from random values. A cryptographic PRNG has the additional property that the output is unpredictable, given that the seed is not known.

Public key

(1) The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data. (2) A cryptographic key used with a public key cryptographic algorithm, that is uniquely associated with an entity and that may be made public. It is the key in a matched key pair of private-key and public-key that is made public, for example, posted in a public directory. In an asymmetric (public) key crypto-system, the public key is associated with a private key. The public key may be known by anyone and, depending on the algorithm, may be used to (i) verify a digital signature that is signed by the corresponding private key, (ii) encrypt data that can be decrypted by the corresponding private key, or (iii) compute a piece of common shared data. (3) The public key is used to verify a digital signature. (4) The public key is mathematically linked with a corresponding private key.

Public key certificate

A set of data that unambiguously identifies an entity, contains the entity’s public key, and is digitally signed by a trusted third party (certification authority, CA). A digital document issued and digitally signed by the private key of a CA that binds the name of a subscriber to a public key. The certificate indicates that the subscriber identified in the certificate has sole control and access to the private key. A subscriber is an individual or business entity that has contracted with a CA to receive a digital certificate verifying an identity for digitally signing electronic messages.

Public key (asymmetric) cryptographic algorithm

A cryptographic algorithm that uses two related keys (a public key and a private key). The two keys have the property that deriving the private key from the public key is computationally infeasible. Public key cryptography uses “key pairs,” a public key and a mathematically related private key. Given the public key, it is infeasible to find the private key. The private key is kept secret, whereas the public key may be shared with others. A message encrypted with the public key can only be decrypted with the private key. A message can be digitally signed with the private key, and anyone can verify the signature with the public key. Public key cryptography is used to perform (1) digital signatures, (2) secure transmission or exchange of secret keys, and/or (3) encryption and decryption. Cryptography that uses separate keys for encryption and decryption; also known as asymmetric cryptography.

Public key cryptography (reversible)

An asymmetric cryptographic algorithm where data encrypted using the public key can only be decrypted using the private key and, conversely, data encrypted using the private key can only be decrypted using the public key.

Public key cryptography standard (PKCS)

The PKCS is used to derive a symmetric encryption key from a password, which can be guessed relatively easily.

Public key infrastructure (PKI)