Concepts

This document explains concepts related to KCM.

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is a network transmission protocol. HTTPS uses SSL/TLS to encrypt data packets. HTTPS is intended for network server identity authentication and privacy and integrity protection of exchanged data.

SSL Secure Sockets Layer (SSL), predecessor of Transport Layer Security (TLS), is a protocol that ensures security and data integrity for communication over the Internet. TLS uses X.509 certificates for identity authentication, an asymmetric encryption algorithm for key encryption, and a session key for encryption of data exchanged between the communicating peers. SSL ensures the communication privacy and reliability. It protects the communication between peers against eavesdropping.

SSL certificate An SSL certificate is used to establish a secure channel between a web browser on a client and a web server. Data transmitted over the channel is encrypted to defend against eavesdropping. A client can also use the server certificate to authenticate the authenticity of the server.

CA A certificate authority (CA) is an organization that issues and manages digital certificates and acts as the trusted party in e-commerce transactions to validate public keys.

CSR Certificate Signing Request (CSR) is a file that a certificate applicant submits to a certificate authority to apply for a certificate. Specifically, when an applicant creates a certificate request, a private key and a CSR file are generated. After the applicant submits the CSR file to a certificate authority, the certificate authority creates a certificate based on CSR, uses the private key in its root certificate to sign the certificate, and then issues this certificate to the applicant.

RSA Asymmetric Cryptography Algorithm (RSA) is the most popular asymmetric public-key cryptographic algorithm. It can defend against most known password attacks. RSA is recommended by ISO as the public-key cryptographic standard. RSA can be used for both encryption and signing. The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers.

ECC Elliptic Curve Cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. Compared with classic algorithms such as DSA and RSA, ECC is securer and faster and uses less storage space and requires less bandwidth.