Glossary

Every technical term used in this book, in plain English first. Where you first encountered the concept is noted in brackets.

AES (Advanced Encryption Standard) The symmetric encryption algorithm used to encrypt most data on the internet today. AES-256 means the key is 256 bits long — effectively unbreakable with current technology. [Session 2]

Asymmetric Encryption An encryption system using two mathematically linked keys — a public key and a private key. Data encrypted with the public key can only be decrypted with the private key. Solves the key distribution problem. [Session 2]

CA (Certificate Authority) An organisation that verifies identities and issues digital certificates. Examples include DigiCert, Let’s Encrypt, and Sectigo. Your device pre-trusts a list of CAs. [Session 3]

Certificate An electronic document that links a public key to an identity (e.g., a domain name). Signed by a Certificate Authority to prove its authenticity. [Session 3]

Certificate Chain The sequence of certificates from a website’s certificate up through Intermediate CAs to a Root CA. Your browser walks this chain to verify trust. [Session 3]

Cipher An algorithm for encrypting and decrypting data. AES and RSA are examples of ciphers. [Session 2]

DNS (Domain Name System) The internet’s phone book. Converts human-readable domain names (like sbi.co.in) into IP addresses that computers use to route data. [Session 1]

DNS Cache A temporary store of DNS lookup results on your device. Prevents the device from asking the DNS server for the same domain name every time. [Session 1]

DNS Spoofing An attack where a false DNS response sends you to an attacker’s server instead of the real one. Certificate verification is the defence. [Session 4]

Encryption The transformation of readable data (plaintext) into scrambled, unreadable data (ciphertext) that can only be read by someone with the correct key. [Session 2]

HTTPS (HTTP Secure) HTTP (the web protocol) running over a TLS encrypted connection. Indicated by https:// in the address bar and a padlock icon. [Session 2]

IP Address (Internet Protocol Address) A unique numerical label assigned to every device connected to the internet. Like a postal address — data cannot find its destination without one. [Session 1]

ISP (Internet Service Provider) The company that provides your internet connection — for example, Jio, Airtel, or BSNL. [Session 1]

Key (cryptographic) A piece of information that controls how an encryption algorithm encrypts or decrypts data. In symmetric encryption, one key does both. In asymmetric encryption, a public key encrypts and a private key decrypts. [Session 2]

MITM (Man-in-the-Middle) An attack where the attacker secretly positions themselves between a user and a server, potentially reading or altering the communication. HTTPS with certificate verification defeats most MITM attacks. [Session 4]

NAT (Network Address Translation) The mechanism by which a router maps many private IP addresses to one public IP address. Allows multiple devices to share one internet connection. [Session 1]

Non-repudiation The property of a digital signature that makes it impossible to credibly deny having signed something. Legally significant under India’s IT Act. [Session 3]

2FA (Two-Factor Authentication) A login method requiring two separate proofs of identity — typically something you know (password) and something you have (your phone, for OTP). Used by all Indian banks for net banking login. [Session 4]

Packet A small unit of data transmitted over a network. Large data (like a file or web page) is broken into many packets that travel separately and are reassembled at the destination. [Session 1]

Phishing An attack that tricks users into revealing credentials or installing malware by impersonating a trusted entity — a bank, government agency, or company. [Session 4]

PKI (Public Key Infrastructure) The complete system of hardware, software, policies, and organisations that enables secure digital communication through certificates and public-key cryptography. [Session 3]

Private IP Address An IP address used within a local network (home, office, college). Not routable on the public internet. Common ranges include 192.168.x.x and 10.x.x.x. [Session 1]

Private Key In asymmetric encryption, the key that is kept secret by its owner. Can decrypt data encrypted with the corresponding public key. Can also create digital signatures. [Session 2]

Protocol A set of agreed rules for how devices communicate. TCP/IP, HTTP, HTTPS, and DNS are all protocols. [Session 1]

Public IP Address An IP address visible to the rest of the internet. Assigned by ISPs. Uniquely identifies a connection point on the public internet. [Session 1]

Public Key In asymmetric encryption, the key that can be shared freely. Anyone can use it to encrypt a message for the key owner, or to verify the key owner’s digital signature. [Session 2]

Ransomware Malware that encrypts a victim’s files and demands payment for the decryption key. [Session 2]

Root CA A top-level Certificate Authority whose certificate is pre-installed in devices and browsers as unconditionally trusted. Fewer than 200 Root CAs are trusted globally. [Session 3]

Router A device that receives network packets and decides where to forward them next. Connects networks together. Your home Wi-Fi box is a router. [Session 1]

Routing The process of forwarding packets hop-by-hop across the internet from source to destination. Each router makes a forwarding decision based on the destination IP address. [Session 1]

SSL (Secure Sockets Layer) The predecessor to TLS. Technically obsolete but the name persists in common usage — “SSL certificate” is usually a TLS certificate. [Session 2]

Symmetric Encryption Encryption where the same key is used to both encrypt and decrypt data. Fast and efficient, but requires a secure way to share the key. AES is a symmetric cipher. [Session 2]

TCP (Transmission Control Protocol) A protocol that guarantees reliable, ordered delivery of packets. If a packet is lost, TCP ensures it is resent. Runs on top of IP. [Session 1]

TLS (Transport Layer Security) The protocol that encrypts internet communication. What makes HTTPS work. Involves a handshake to verify identity and establish an encrypted session. [Session 2]

TLS Handshake The negotiation between a browser and server that establishes an encrypted connection. Involves certificate verification and key exchange. Happens before any page data is sent. [Session 2]

OTP (One-Time Password) A short numeric code valid for a single login or transaction, sent to your registered phone number. Used by banks as the second factor in 2FA. Expires within minutes. Never share it — no bank will ever ask for it. [Session 4]

Session Token A temporary credential issued by a server after successful login. Stored in your browser and sent with each request to prove you are logged in. Expires after inactivity or logout. [Session 4]

WHOIS A protocol and associated databases that store registration information for domain names — including creation date, registrant, and registrar. Used to investigate suspicious domains. [Session 4]