Glossary
Every technical term used in this book, in plain English first. Where you first encountered the concept is noted in brackets.
AES (Advanced Encryption Standard) The symmetric encryption algorithm used to encrypt most data on the internet today. AES-256 means the key is 256 bits long — effectively unbreakable with current technology. [Session 2]
Asymmetric Encryption An encryption system using two mathematically linked keys — a public key and a private key. Data encrypted with the public key can only be decrypted with the private key. Solves the key distribution problem. [Session 2]
CA (Certificate Authority) An organisation that verifies identities and issues digital certificates. Examples include DigiCert, Let’s Encrypt, and Sectigo. Your device pre-trusts a list of CAs. [Session 3]
Certificate An electronic document that links a public key to an identity (e.g., a domain name). Signed by a Certificate Authority to prove its authenticity. [Session 3]
Certificate Chain The sequence of certificates from a website’s certificate up through Intermediate CAs to a Root CA. Your browser walks this chain to verify trust. [Session 3]
Cipher An algorithm for encrypting and decrypting data. AES and RSA are examples of ciphers. [Session 2]
Certificate Store A pre-installed collection of trusted Root CA certificates on a device or browser. On Android, Google pre-installs approximately 150 Root CA certificates. Any HTTPS certificate whose chain traces back to one of these is automatically trusted. [Session 4]
DNS (Domain Name System)
The internet’s phone book. Converts human-readable domain names (like sbi.co.in) into IP addresses that computers use to route data. [Session 1]
DNS Cache A temporary store of DNS lookup results on your device. Prevents the device from asking the DNS server for the same domain name every time. [Session 1]
Encryption The transformation of readable data (plaintext) into scrambled, unreadable data (ciphertext) that can only be read by someone with the correct key. [Session 2]
Hash / SHA-256 A hash function takes any input and produces a fixed-length output (a “fingerprint”) called a hash or digest. SHA-256 always produces a 256-bit (64-character) output. Good hash functions are one-way, deterministic, have the avalanche effect, and produce fixed-length output. Used in certificates, digital signatures, and password storage. [Session 3]
HSTS (HTTP Strict Transport Security)
A browser security policy where a server instructs the browser to always use HTTPS for that domain — never plain HTTP — for a specified time period. Once a browser receives an HSTS header, it enforces HTTPS even if the user types only the domain name without https://. [Session 4]
HTTPS (HTTP Secure)
HTTP (the web protocol) running over a TLS encrypted connection. Indicated by https:// in the address bar and a padlock icon. [Session 2]
IP Address (Internet Protocol Address) A unique numerical label assigned to every device connected to the internet. Like a postal address — data cannot find its destination without one. [Session 1]
ISP (Internet Service Provider) The company that provides your internet connection — for example, Jio, Airtel, or BSNL. [Session 1]
Key (cryptographic) A piece of information that controls how an encryption algorithm encrypts or decrypts data. In symmetric encryption, one key does both. In asymmetric encryption, a public key encrypts and a private key decrypts. [Session 2]
Mixed Content When an HTTPS page attempts to load a resource (image, script, font) over plain HTTP. Because that resource travels unencrypted, it could be intercepted and replaced by anyone on the network path. Browsers block mixed content automatically. [Session 4]
NAT (Network Address Translation) The mechanism by which a router maps many private IP addresses to one public IP address. Allows multiple devices to share one internet connection. [Session 1]
Non-repudiation The property of a digital signature that makes it impossible to credibly deny having signed something. Legally significant under India’s IT Act. [Session 3]
2FA (Two-Factor Authentication) A login method requiring two separate proofs of identity — typically something you know (password) and something you have (your phone, for OTP). Used by all Indian banks for net banking login. [Session 4]
Packet A small unit of data transmitted over a network. Large data (like a file or web page) is broken into many packets that travel separately and are reassembled at the destination. [Session 1]
PKI (Public Key Infrastructure) The complete system of hardware, software, policies, and organisations that enables secure digital communication through certificates and public-key cryptography. [Session 3]
Private IP Address
An IP address used within a local network (home, office, college). Not routable on the public internet. Common ranges include 192.168.x.x and 10.x.x.x. [Session 1]
Private Key In asymmetric encryption, the key that is kept secret by its owner. Can decrypt data encrypted with the corresponding public key. Can also create digital signatures. [Session 2]
Port A number (0–65535) that identifies a specific service on a networked device. Port 443 is HTTPS; port 80 is HTTP; port 53 is DNS. When your browser connects to an HTTPS site, it connects to port 443 automatically. [Session 1]
Protocol A set of agreed rules for how devices communicate. TCP/IP, HTTP, HTTPS, and DNS are all protocols. [Session 1]
Public IP Address An IP address visible to the rest of the internet. Assigned by ISPs. Uniquely identifies a connection point on the public internet. [Session 1]
Public Key In asymmetric encryption, the key that can be shared freely. Anyone can use it to encrypt a message for the key owner, or to verify the key owner’s digital signature. [Session 2]
Session Cookie A small piece of data your browser sends with every request after you log in, to prove to the server that you are authenticated. If captured in transit on an unencrypted connection, a session cookie can be replayed to impersonate a logged-in user without knowing their password. HTTPS encrypts session cookies in transit. [Session 2]
Root CA A top-level Certificate Authority whose certificate is pre-installed in devices and browsers as unconditionally trusted. Fewer than 200 Root CAs are trusted globally. [Session 3]
Router A device that receives network packets and decides where to forward them next. Connects networks together. Your home Wi-Fi box is a router. [Session 1]
Routing The process of forwarding packets hop-by-hop across the internet from source to destination. Each router makes a forwarding decision based on the destination IP address. [Session 1]
SSL (Secure Sockets Layer) The predecessor to TLS. Technically obsolete but the name persists in common usage — “SSL certificate” is usually a TLS certificate. [Session 2]
Symmetric Encryption Encryption where the same key is used to both encrypt and decrypt data. Fast and efficient, but requires a secure way to share the key. AES is a symmetric cipher. [Session 2]
TCP (Transmission Control Protocol) A protocol that guarantees reliable, ordered delivery of packets. If a packet is lost, TCP ensures it is resent. Runs on top of IP. [Session 1]
TCP/IP Stack A four-layer model describing how internet communication is structured: Application layer (HTTP, DNS) → Transport layer (TCP, ports) → Network layer (IP addresses, routing) → Physical layer (cables, Wi-Fi). Each layer has one job and passes data to the layer above or below it. [Session 1]
TLS (Transport Layer Security) The protocol that encrypts internet communication. What makes HTTPS work. Involves a handshake to verify identity and establish an encrypted session. [Session 2]
TLS Handshake The negotiation between a browser and server that establishes an encrypted connection. Involves certificate verification and key exchange. Happens before any page data is sent. [Session 2]
OTP (One-Time Password) A short numeric code valid for a single login or transaction, sent to your registered phone number. Used by banks as the second factor in 2FA. Expires within minutes. Never share it — no bank will ever ask for it. [Session 4]
Session Token A temporary credential issued by a server after successful login. Stored in your browser and sent with each request to prove you are logged in. Expires after inactivity or logout. [Session 2]