Alexis
Hi everyone, welcome to Talk Tech with Data Dave. My name is Alexis, and I work for a company called D3Clarity. I am here with my friend, Data Dave, for the podcast which is Talk Tech with Data Dave. Hey, Dave! 

Data Dave
Good morning, Alexis, how are you this morning? 

Alexis
I’m good. I’m good. I’m excited. We have a fun topic today. Before we get to our topic though, I just want to let everyone know that if you have questions for Data Dave like I do, you are very welcome to send them in. We will answer them on the podcast. You can submit them to an e-mail, talk to tech@d3clarity.com, or you can submit your questions on the D3Clarity website. But we would love to answer some more listener questions and not just questions that I have, although today I’ve got questions. 

Data Dave
Yes, I think that’s an excellent idea. Alexis. Thank you for saying that. 

Alexis
I have a list of acronyms that I hear all the time in this digital world that we work in Dave, and I’m hoping that you can explain them to me in kind of a what does that mean sort of situation. So, I want to start with a couple that we have. I heard about already on previous podcasts. 

So, I think a few episodes back, you had talked about PCI. I think Patrick actually dropped that acronym as well during our expert episode. So PCI, what does that mean? 

Data Dave
PCI. So, PCI means personal credit information. It is the information that defines you as having credit. So okay, credit card number, your name, all the information relevant to charge credit or be charged. So, it’s your personal financial information if you like.  

If I put that in context, we talked about three sets of personal information. Usually PII, which is personal identifying information which is the information that describes you. So, it’s your demographic information. All aspects, your address, your phone number, various things about you that allow people to identify you. So, when you identify yourself with somebody, that is considered PII. If it gets stolen, they can, to a certain extent, steal your identity. They can impersonate you if they to.  

Alexis
That’s not great. 

Data Dave
So, we treat PII as a certain level of security. We add extra security protocols, extra security depth to information that is considered PII, so you get PII-compliant security. Now this network, this area is suitable for personal identifying information.  

Insert PCI. 

Alexis
I.E. personal credit information. 

Data Dave
PCI is personal credit information, so this adds a layer on top of that to start. Say, “Here’s the credit card number for Alexis”, so now you’ve got another level which says you cannot use a credit card outside the context of the purchase that it was made.  

So, I can’t take your credit card and without your permission, use it for a second purchase. Now I’ve gotta put another set of controls on top of that data to say this data has to be protected even more because it’s now somebody’s personal credit information. It is very prone to theft. It is very desirable information to get your credit card number and all the information surrounding that credit card number that allows a charge to be made. 

Alexis
That would be PII. 

Data Dave
Which would be PCI. 

Alexis
But like the are personal identification. 

Data Dave
So, the personal identifying information is then PCI, which is the credit piece on top of that. 

Alexis
Okay. 

Data Dave
Then, the third one that I’m going to talk about, just to fill out the set is PHI. PHI and your HR background, you’ve heard of HIPAA right? The whole health-related thing. PHI is personal health information. So, this is now your health record that layers on top as well. 

There’s extra protection from HIPAA and other legal legislation that protects personal health information as private because, again, you don’t want people getting your personal health information and using your medical history to deny insurance or deny credit or deny anything else. So, now you’ve got PII, which is the basic identifying information. PCI, which is the financial credit information, and then Phi, which is the personal health information. 

Alexis
So, those three things kind of weave together to form our identities online. 

Data Dave
They weave together to form identities, and different organizations will have different controls in place for the information that’s relevant to them, and it can be things like, “We don’t keep PCI or we only keep PCI like this. We keep PCI here, but we separate PII from PCI from PHI and control them differently.” 

Alexis
That’s awesome. I’d heard of PHI before, but then PCI dropped, and I was like, “I don’t know what that one is”. So that’s an interesting kind of three level weave that I really like.  

But as long as we’re talking about things that Patrick said, at the very end of our, “How do You Secure Your Identity in the Cloud conversation?” Patrick dropped the acronym TLS. And I was very, very confused about what TLS stands for. So… 

Data Dave
TLS. TLS is transport layer security, transport layer security. That’s a relatively new one, relatively new. It’s basically a protocol for securing, for lack of a better word, pipes. So when your computer speaks on the Internet, when it broadcasts on the Internet, what it does is it requests what we call a port on another computer using the IP address. So you’ve heard of IP addresses, right, or domain name? 

Alexis
IP is its own acronym. 

Data Dave
We will do that one. Yes, I will do that one now because it builds up. Your IP address is essentially the – for want of another phrase, I’m gonna simplify this quite a lot – so, it’s essentially the phone number of your computer. Yeah, of a publicly accessible computer. So you’ve seen that 123.45.6.7.89 type address? That is an IP address and that is essentially the phone number of that computer.  

On that computer, we have a set of ports or a set of services that are available. So, when you request a connection, you essentially, send data to that port on that computer, and you open a socket on that computer, and it essentially forms a pipe using TCP—another acronym which is the Transmission Control Protocol. We established a pipe between those two computers that we can now send data down. The computers ask for this connection between two computers. I’m not gonna go into the gory detail, but they established this connection and imagine this connection is transparent, so I’ve got a clear plastic pipe between two computers, and I’m sending data down it—anybody who’s outside of the pipe can look in and see what you’re sending. 

Alexis
It doesn’t sound good. 

Data Dave
But it’s not necessarily good, but that’s the way it was created. Connect this pipe then we start sending data in both directions down. It was okay. We then invented another acronym that Patrick used which was SSL. 

Alexis  

Okay, so thus far we have TLS, SSL, IP, and TCP. 

Data Dave
TCP right so. 

Alexis
I’m over here writing these down, trying to remember them all. Okay all right, so TCP and so SSL. That’s the one we’re on. 

Data Dave
So we’ve got the Internet Protocol, IP. SSL is essentially every piece of data that you now send down that pipe. Think of them as a letter. Cut your data up into little pieces and put them all in different letters, and then you send them down this pipe.  

SSL allows you to encrypt every one of those what we call “packets” or letters. So now you’re essentially made the walls of the pipe opaque, so now you can’t see into the pipe. What I’ve done is IP says. How do I send it? How do I break it up and how do I address the direction to these letters? Blah, blah, blah. I’m sending a lot of letters. TCP allows me to reconstruct the stream, because they’re not guaranteed to all go the same route. So some might take longer to get there than others. Therefore, TCP is a protocol we use called Transmission Control Protocol, that allows us to put them back together again. So you can watch your movie in order and – I’m being a little flippant – but you know, it allows you to put them in order. 

Alexis
I like your flippant statements here because my brain is thinking about that scene and Willy Wonka and the Chocolate Factory where the little kid gets, like, zapped and then he goes up in the air in little pieces, and then he comes back on the TV little tiny and I know that’s not the big picture here, but that’s what I’m imagining, and that can’t be that far off. 

Data Dave
Not quite, but yeah. 

Alexis
That’s kind of close. 

Data Dave
Yeah, things don’t really necessarily get smaller. It’s just different in order. But his leg bone might no longer be connected to his knee bone. It might be connected somewhere else.  

So, SSL allows us to make these pipes opaque.  

Okay, so now people can’t see into them. They can’t read the data that’s being put on the wire. And we do that by encrypting every single packet using different techniques. So, that was the original one for what we call Secure Socket Layer. And then that got superseded by essentially the same technique but with different security protocols, different encryption protocols, different encryption strength, to make it stronger, make it safer, basically, and that became known as TLS because it is at the transport layer.  

In other words, it’s at the pipe layer. So, transport layer security is security on the transport layer versus on the application layer. That also then allows us to add HTTP, right? You’re familiar with that one? 

Alexis
Yes, that’s what I put at the beginning of an URL. Like an Internet search? Yeah. 

Data Dave
Exactly what? When you put the, put it at the beginning of a URL, a universal resource locator, right? A URL? 

Alexis  

A link yeah. 

Data Dave
When you put it at the beginning, it says, “We’re going to talk HTTP. That’s the protocol we’re going to use.” But then you add the S to it, HTTPS. 

Alexis
Which is secure. 

Data Dave
So if you notice any banking site or healthcare site or whatever, has https://. So that’s saying, “We’re going to use the secure version of HTTP. It’s still HTTP. But now I’m putting more security over the top of either secure sockets or TLS.” So, it’s the secure version of HTTP using a secure socket or TLS layer, which is then going down to the TCP layer which is then going down to the IP layer. 

Alexis
So many acronyms. 

Data Dave
Right. I know. It gets complicated. 

Alexis  

Okay, I think I got it, but the picture for all of those is that they’re all levels of security that we use on a regular basis and probably don’t even realize we’re using. Would you say that’s right? 

Data Dave
Yes, I mean some of them are the fundamentals, the Internet Protocol, IP, and TCP are the fundamentals of the Internet invented in 1960s by the US government. And they are the fundamentals of the Internet. And then as things have moved on, we’ve made them faster, better, more secure, and added different layers up that point to where they’re useful and where they can be used by everybody, and they’ve just come into our language as we’ve moved through this technical era. They’re essentially very technical terms, but they’ve just come into our language as things that we know, as things that we do. 

Alexis  

Yeah, like URL. That’s a phrase that I know, like, that’s an acronym I know. One that I talk about that I use all the time. I didn’t realize that that stood for something else. Universal… 

Data Dave
Resource Locator. 

Alexis  

Universal Resource Locator,  okay. 

Data Dave 

So, if we break down that URL for you, then that URL actually is: 

The protocol – HTTP colon And then the ROOT which is the domain name,  http://thenthedomainname – .www.d3clarity.com. So that’s the domain. So that’s the name we’ve gotten used to those domain names. That domain name is a human-readable or proxy for an IP address. So within that you can do a lookup on that and that will give you the IP address, the public IP address of the computer that is serving that page then a…. 

Alexis
I did not know that. I didn’t know that at all. 

Data Dave
Then a colon. Then you can specify the port. The port is the service on the computer that you’re requesting in a numeric format. HTTP is usually port 80. HTTPS is usually port 443, so they default a lot of that, but often you’ll see http://domainname:PORT/ the actual page you’re looking for, “home”. And that is the universal resource locator of that page.  

So, there’s a structure to that on the link that people often don’t recognize or don’t see or don’t know about. You can also add into that username and password at domain name if you actually have to authenticate with that machine. So, often when you see authenticated certainly API protocols and other things. You have a universal locator that is the protocol, who you are, UID, user ID, password @ domain name / actual resource or with the port number, etcetera. So, that breaks up that universal resource locator into a link that is just a URL, a universal resource locator. 

Alexis
So, today we talked about PCI, PII, PHI, TSL, IP, TCL, SSL, URL and probably another one that I’ve missed. If you have an acronym that you’d like to hear Dave explain, Like I said earlier, e-mail us at talktech@d3clarity.com if you have any question for Dave about anything data, cloud, technology, or D3Clarity related. Just e-mail us at talktech@d3clarity.com and we would be happy to answer your question on the podcast.  

Dave, thank you so much for telling me what these things mean. That’s really, really helpful in my life right now. 

Data Dave
Yeah. Thank you, Alexis, and thank you everybody for listening. This is always fun. Yes, I hope this helped. Hope it cleared some things up a little bit, yes. 

Alexis
Thanks everyone and have a wonderful day. 

Data Dave
Thank you.