OAKLEY Key Determination Protocol
The OAKLEY Key Determination Protocol is based on the Diffie-Hellman algorithm and designed to be a compatible component of ISAKMP. OAKLEY was proposed as a protocol "by which two authenticated parties can agree on secure and secret keying material.

OATH: Open Authentication
Open Authentication(OATH) is an industry-wide collaboration to develop an open reference architecture by leveraging existing open standards for the universal adoption of strong authentication. OATH technologies and architecture involves devices, chipsets, platforms, applications, integrators, and users.

Obscurity
Obscurity  refers to a way of trying to enhance the security of a system by hiding aspects of its internal operation.

OCSP: Online Certificate Status Protocol
Online Certificate Status Protocol(OCSP) is one of two common schemes for maintaining the security of a server and other network resources. The other, older method, which OCSP has superseded in some scenarios, is known as Certificate Revocation List (CRL).

OCTAVE
OCTAVE is a methodology for evaluating the security risks associated with information systems.

OFB: Output Feedback
In cryptography, output feedback (OFB) is a mode of operation for a block cipher. It has some similarities to the ciphertext feedback mode in that it permits encryption of differing block sizes, but has the key difference that the output of the encryption block function is the feedback (instead of the ciphertext). The XOR (exclusive OR) value of each plaintext block is created independently of both the plaintext and ciphertext.

One-Time Pad
In cryptography, a one-time pad is a system in which a private key generated randomly is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key. Messages encrypted with keys based on randomness have the advantage that there is theoretically no way to "break the code" by analyzing a succession of messages.

One-Way Encryption
One-Way Encryption refers to the irreversible transformation of plaintext to cipher text, such that the plaintext cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known.

One-Way Function
One way function is a mathematical function, which is easy to compute the output based on a given input. However, given only the output value, it is impossible (except for a brute force attack) to figure out what the input value is.

One-Way Hash
One-way hash, also known as a message digest, fingerprint or compression function, is a mathematical function which takes a variable-length input string and converts it into a fixed-length binary sequence. One-way hash function get its name because it is hard to reverse the process.

One-way authentication
One-way authentication refers to the authentication of only one end of a communication session. For example, One-way authentication follows the flow: 1 message ( A->B) to establish identity of A and that messages is from A, and the message is intended for B; finally the integrity & originality of message is confirmed.

One-way encryption algorithm
One-way encryption algorithm, also known as one-way hashing algorithm, is a mathematical procedure that generates a fixed-size result from arbitrary amounts of data.

Onion Routing
Onion Routing is a technique for pseudonymous (or anonymous) communication over a computer network, developed by David Goldschlag, Michael Reed, and Paul Syverson. The goal of Onion Routing (OR) is to protect the privacy of the sender and recipient of a message, while also providing protection for message content as it traverses a network. Onion Routing accomplishes this according to the principle of Chaum's Mix Cascades: messages travel from source to destination via a sequence of proxies ("onion routers"), which re-route messages in an unpredictable path. To prevent an adversary from eavesdropping on message content, messages are encrypted between routers. The advantage of Onion Routing (and Mix Cascades in general) is that it is not necessary to trust each cooperating Router; if one or more routers are compromised, anonymous communication can still be achieved.

Online Personal Privacy Protection Act
Online Personal Privacy Protection Act is a proposed U.S. legislation regulating the privacy of information collected from individuals on the Internet.

Onward transfer
Onward transfer refers to the transfer of personally identifiable information (PII) to another recipient.

Open system
Open system refers to a system whose specifications are fully available to anyone who wants to see them.

OpenHack
OpenHack refers to a series of online security challenges organized by eWeek magazine.

OpenPGP
OpenPGP is an open source implementation of the Pretty Good Privacy (PGP) encryption scheme.

OpenSSH: Open Secure Shell
Open Secure Shell(OpenSSH) is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol. It was created as an open alternative to the proprietary Secure Shell(SSH) software. The project is led by Theo de Raadt from Calgary, Alberta.

OpenSSL
The OpenSSL is a collaborative project to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. The OpenSSL toolkit is licensed under an Apache-style licence, which means that you are free to get and subject to some simple license conditions.

OpenVPN
OpenVPN, a VPN package written by James Yonan, provides the ability to create point-to-point encrypted tunnels between hosts. It allows peers to authenticate to each other using a pre-shared private key, certificates, or username/password. It makes extensive use of the OpenSSL encryption library, and uses the SSLv3/TLSv1 protocol. It is available on Linux, xBSD, Mac OSX, and Windows 2000/XP. It offers a wealth of security and control features. It is not a "web-based" VPN, and is not compatible with IPsec or any other VPN package.

Opt In
Opt In refers to the action to explicitly consent to participate. For example, a person is signed up or "opt in" to receive an electronic newsletter from a particular organzation.

Opt Out
opt out refers to the action to explicitly decline to participate. For example, a person withdraws from an electronic newsletter from a particular organzation, which he/she may have sign-up (or opt in) before, or the person specifically declines to receive any newsletter from an organization when presented with such an option.

Orange Book
Orange Book, formally known as the Trusted Computer System Evaluation Criteria (TCSEC), is a set of security classifications for computer systems developed by the U.S. Department of Defense.

OS Hardening
OS Hardening is the process to address security weaknesses in operation systems by implementing the latest OS paches, hotfixes and updates and following procedures and policies to reduce attacks and system down time.

OTP: One Time Password
A one-time password authentication system (OTP) provides authentication for system access (login) that is secure against passive attacks based on replaying captured reusable passwords. OTP system can generate password randomly or based on some rules. Once one of the passwords is used, it cannot be used again. The logon system will always expect a new one-time password at the next logon. Smart cards and token-based authentication methods use one-time passwords.

Out-of-band management
Out-of-band management refers to an alternate connection for remotely administering a system or device.

Overlapping Fragment Attack
Overlapping Fragment Attack is also called IP Fragmentation attack. In an Overlapping Fragment Attack, the re-assembled packet starts in the middle of another packet. As the operating system receives these invalid packets, it allocates memory to hold them. This eventually uses all the memory resources and causes the machine to reboot or hang.

Overload
Overload refers to hindrance of system operation by placing excess burden on the performance capabilities of a system component.

Overt channel
Overt channel refers to the normal communication channel over which a system or network transfers information.

Ownership Tag
An ownership tag is a security feature on Compaq computers, consisting of an encrypted text string that displays at startup to uniquely identify a computer. The ownership tag works the same way that physical identification tags do: in the event of loss or theft, if the item is recovered, the rightful owner has absolute proof of ownership.