Glossary
This page’s purpose is to provide definitions and explanations for terms used throughout the Safe Exam Browser and Safe Exam Browser Server documentation.
Term |
What it is |
If set up |
If not set up |
|---|---|---|---|
Config Key (CK) |
A cryptographic key used to authenticate the Safe Exam Browser configuration used for an exam to ensure
that only authorized users can change the configuration. There is a unique key for each configuration.
Any change to the configuration file content (e.g. modifying settings) will alter the signature,
making unauthorized changes detectable.
|
Only clients with the correct config
file can access the exam with SEB.
|
Any SEB config can be used for the exam. |
SEB Server Exam Key |
A cryptographic key generated by the Safe Exam Browser Server to identify the exam and ensure that
only authorized devices can access the exam. It ties SEB clients to a specific exam setup.
Changing the exam settings or creating a new exam generates a new key. This ensures only
clients launched for that specific exam can connect.
|
Only SEB clients with a matching
exam key can access the exam.
|
Any SEB client can access the exam. |
Browser Exam Key (BEK) |
A cryptographic key used for enhanced verification. It is tied to Safe Exam Browser
versions/builds and the used SEB exam settings/configuration. The BEK has to be manually copy-pasted
from the configuration/settings user interface of each SEB version used (SEB Windows Configuration Tool
or SEB in-app Settings menus on macOS/iOS). Note that you first have to finalize and save the
configuration file and then copy-paste the BEKs from each SEB version without re-saving the config
file (as this always changes the BEK). Modifying browser-related exam settings (e.g. permitted
resources or behaviour) will generate a new BEK.
|
Only SEB clients with correct config
file/SEB build (matching BEK) can connect.
|
Only the Config Key is verified. |
Additional Browser Exam Key (BEK) |
An additional cryptographic key, currently used for consecutive exams. Copy the SEB Server Exam Key
of the first exam into the field for additional browser exam keys of the second exam.
|
Only SEB clients sending either a correct SEB Server Exam Key or a matching Additional
Browser Exam Key can access the exam.
|
Only the Exam key is verified,
additional BEK checks are skipped.
|
App-Signature Key (ASK) |
A cryptographic key used to verify the integrity and authenticity of the Safe Exam Browser
application to ensure that the application has not been tampered with. The ASK is created
at runtime. There is a unique ASK for every official SEB release and build. Each manipulation
of the SEB application in any way will change the ASK of that SEB.
|
Only clients providing an accepted ASK are granted. |
Any client providing any ASK or none is granted. |