- absolute security descriptor
- A security descriptor structure that contains pointers to the security information associated with an object.
See also security descriptor and self-relative security descriptor.
- Abstract Syntax Notation One (ASN.1)
- A method used to specify abstract objects that are intended for serial transmission.
- access block
- A key BLOB that contains the key of the symmetric cipher used to encrypt a file or message.
The access block can only be opened with a private key.
- access-control entry (ACE)
- An entry in an access-control list (ACL). An ACE contains a set of access rights and a security identifier (SID) that identifies a trustee for whom the rights are allowed, denied, or audited.
See also access-control list, security identifier, and trustee.
- access-control list (ACL)
- A list of security protections that applies to an object. (An object can be a file, process, event, or anything else having a security descriptor.) An entry in an access-control list (ACL) is an access-control entry (ACE). There are two types of access-control list, discretionary and system.
See also access-control entry, discretionary access-control list, security descriptor, and system access-control list.
- access mask
- A 32-bit value that specifies the rights that are allowed or denied in an access-control entry (ACE). An access mask is also used to request access rights when an object is opened.
See also access-control entry.
- access token
- An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token. The token identifies the user, the user's groups, and the user's privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There are two kinds of access token, primary and impersonation.
See also impersonation token, primary token, privilege, process, and security identifier.
- ACE
- See access-control entry.
- ACL
- See access-control list.
- ALG_CLASS_DATA_ENCRYPT
- The CryptoAPI algorithm class for data encryption algorithms.
Typical data encryption algorithms include RC2 and RC4.
- ALG_CLASS_HASH
- The CryptoAPI algorithm class for hashing algorithms.
Typical hashing algorithms include MD2, MD5, SHA-1, and MAC.
- ALG_CLASS_KEY_EXCHANGE
- The CryptoAPI algorithm class for key exchange algorithms.
A typical key exchange algorithm is RSA_KEYX.
- ALG_CLASS_SIGNATURE
- The CryptoAPI algorithm class for signature algorithms.
A typical digital signature algorithm is RSA_SIGN.
- APDU
- See application protocol data unit.
- application protocol data unit (APDU)
- A command sequence (an Application Protocol Data Unit) that can be sent by the smart card or returned by the application.
See also reply APDU.
- application protocol
- A protocol that normally resides on top of the transport layer. For example, HTTP, TELNET, FTP, and SMTP are all application protocols.
- ASN.1
- See Abstract Syntax Notation One.
- ASCII
- American Standard Code for Information Interchange. A coding scheme that assigns numeric values to letters, numbers, punctuation marks, and certain other characters.
- asymmetric algorithm
- See public-key algorithm.
- ATR string
- A sequence of bytes returned from a smart card when it is turned on. These bytes are used to identify the card to the system.
- attribute
- An element of a relative distinguished name (RDN). Some typical attributes include common name, surname, e-mail address, street address, and country name.
With respect to the CryptoAPI, each attribute is defined by a CERT_RDN_ATTR structure.
- attribute BLOB
- An encoded representation of the attribute information stored in a certificate request.
- authenticate
- To determine the identity of the entity that signed a message (entity authentication), or to verify that a message was not altered (data authentication).
- authentication package
- A DLL that encapsulates the authentication logic used to determine whether to permit a user to log on. LSA authenticates a user logon by sending the request to an authentication package. The authentication package then examines the logon information and either authenticates or rejects the user logon attempt.