CBC-MAC (Cipher block chaining message authentication codes): A mechanism for building MACs using block ciphers
CCMP (counter mode CBC-MAC protocol): A mode of operation for block ciphers that allows for authenticated encryption
Central repository: It is needed to securely store and index keys and a certificate management system of some sort makes managing access to storage certificates and issuance of certificates easier
Certificate-based authentication:It is the most secure option, but it requires more support and management overhead since every client must have a certificate
Certificate fingerprints: These are just hash digests of the whole certificate, and aren't actually fields in the certificate itself, but are computed by clients when validating or inspecting certificates
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no longer valid
Certificate Signature Algorithm: This field indicates what public key algorithm is used for the public key and what hashing algorithm is used to sign the certificate
Certificate Signature Value: The digital signature data itself
CIA Triad: Confidentiality, integrity, and availability. Three key principles of a guiding model for designing information security policies
Client certificates: They operate very similarly to server certificates but are presented by clients and allow servers to authenticate and verify clients
CMACs (Cipher-based Message Authentication Codes): The process is similar to HMAC, but instead of using a hashing function to produce a digest, a symmetric cipher with a shared keys used to encrypt the message and the resulting output is used as the MAC
Code signing certificates: It is used for signing executable programs and allows users of these signed applications to verify the signatures and ensure that the application was not tampered with
Confidentiality:Keeping things hidden
