eScan Terminology

Absolute security descriptor*

A security descriptor structure that contains pointers to the security information associated with an object. <br><br> *<a href="" target=_blank></a>

Abstract Syntax Notation One

(ASN.1) A method used to specify abstract objects that are intended for serial transmission.

Access block

A key BLOB that contains the key of the symmetric cipher used to encrypt a file or message. The access block can only be opened with a private key.

Access control entry

(ACE) An entry in an access control list (ACL). An ACE contains a set of access rights and a security identifier (SID) that identifies a trustee for whom the rights are allowed, denied, or audited.

Access control list

(ACL) A list of security protections that applies to an object. (An object can be a file, process, event, or anything else having a security descriptor.) An entry in an access control list (ACL) is an access control entry (ACE). There are two types of access control list, discretionary and system.

Access mask

A 32-bit value that specifies the rights that are allowed or denied in an access control entry (ACE). An access mask is also used to request access rights when an object is opened.

Access token

An access token contains the security information for a logon session. The system creates an access token when a user logs on, and every process executed on behalf of the user has a copy of the token. The token identifies the user, the user`s groups, and the user`s privileges. The system uses the token to control access to securable objects and to control the ability of the user to perform various system-related operations on the local computer. There are two kinds of access token, primary and impersonation.


Any program that causes advertising content to be displayed. It may be linked to other software or content that is wanted, subsidizing its cost. It may provide advertising that is desired by the user. It may be a nuisance and impair productivity; may display objectionable content; can slow machine down or cause crashes and loss of data; may not provide users with adequate removal tools; may be associated with security risks. <br><br> *<a href="" target=_blank>Anti-Spyware Coalition Definitions and Supporting Documents</a>


The CryptoAPI algorithm name for the Advanced Encryption Standard algorithm.


The CryptoAPI algorithm class for data encryption algorithms. Typical data encryption algorithms include RC2 and RC4.


The CryptoAPI algorithm class for hashing algorithms. Typical hashing algorithms include MD2, MD5, SHA-1, and MAC.


The CryptoAPI algorithm class for key exchange algorithms. A typical key exchange algorithm is RSA_KEYX.


The CryptoAPI algorithm class for signature algorithms. A typical digital signature algorithm is RSA_SIGN.

Application protocol

A protocol that normally resides on top of the transport layer. For example, HTTP, TELNET, FTP, and SMTP are all application protocols.

Application protocol data unit

(APDU) A command sequence (an Application Protocol Data Unit) that can be sent by the smart card or returned by the application.


American Standard Code for Information Interchange. A coding scheme that assigns numeric values to letters, numbers, punctuation marks, and certain other characters.

ATR string

A sequence of bytes returned from a smart card when it is turned on. These bytes are used to identify the card to the system.


An element of a relative distinguished name (RDN). Some typical attributes include common name, surname, e-mail address, postal address, and country/region name.

Attribute BLOB

An encoded representation of the attribute information stored in a certificate request.


The process for verifying that a user, computer, service, or process is who or what it claims to be.

Authentication package

A DLL that encapsulates the authentication logic used to determine whether to permit a user to log on. LSA authenticates a user logon by sending the request to an authentication package. The authentication package then examines the logon information and either authenticates or rejects the user logon attempt.


A security feature of Internet Explorer. Authenticode allows vendors of downloadable executable code (plug-ins or ActiveX controls, for example) to attach digital certificates to their products to assure end users that the code is from the original developer and has not been altered. Authenticode lets end users decide for themselves whether to accept or reject software components posted on the Internet before downloading begins. <BR>

Live Chat