|
Accept a
Certificate |
Demonstrate
approval of a Certificate while knowing or having notice of its contents. |
|
Activation
Data |
Private data,
other than keys, that are required to access cryptographic modules. |
|
Asymmetric
Cryptosystem |
A system
which generates and employs a secure key consisting of a Private Key for
creating a Digital Signature and a Public Key to verify a Digital Signature. |
|
Authentication |
A process
used to ascertain the identity of a person or the integrity of specific
information. For a message,
authentication involves ascertaining its source and that it has not been
modified or replaced in transit. |
|
Certificate |
See Digital
Certificate |
|
Certificate
Authority (CA) |
See
Certification Authority. |
|
Certificate
Manufacturer |
The entity
providing certificate management operational services for the Issuing
Authority. |
|
Certificate
Policy |
A named set
of rules that indicate the applicability of a certificate to a particular
community and/or class of application with common security requirements. A certificate policy may be used by a
Subscriber or Relying Party to help in deciding whether a certificate (and
the binding therein), is sufficiently trustworthy for a particular
application. |
|
Certificate
Revocation List (CRL) |
A list
maintained by of on behalf of an Issuing Authority of the certificates that
it has issued, that are revoked before their natural expiry time. |
|
Certificate
Status Information |
Information
that indicates whether Certificates have been revoked or suspended, commonly
provided in bulk by Certificate Revocation Lists, or individually through
specific online enquiries (e.g. OCSP). |
|
Certification
Authority (CA) |
The software
and hardware system used by the Issuing Authority or it’s designated Certificate
Manufacturer to issue and manage the full lifecycle of certificates. |
|
Certification
Authority Certificate |
See Issuing
Authority Certificate. |
|
Certification
Authority Key (CA-Key) |
The private
key used by the Issuing Authority for signing certificates and other objects. |
|
Certification
Path |
A logical and
ordered sequence of Certificates which, together with the Public Key of the
initial entity in the Certification Path, can be processed to obtain that of
the final entity in the Certification Path. |
|
Certification
Practice Statement |
A statement
of the policies and practices employed in the issuance of certificates and in
support of one or more Certificate Policies. |
|
Confirm |
Ascertain
through appropriate inquiry and investigation. |
|
Corresponding
private key |
Given a
public key taken from a key pair, the corresponding private key is the
private key from that same key pair, (and vice-versa for corresponding public
key). |
|
Cross-certificate |
A certificate
used to establish a trust relationship between two Issuing Authorities. |
|
Digital
Certificate |
A collection
of data that at least: 1.
Identifies
the issuing Certification Authority 2.
Names
or identifies its Subscriber 3.
Contains
the Subscriber's Public Key 4.
Identifies
the operational period of Certificate 5.
Bears
the Digital Signature of the Issuing Certification Authority |
|
Digital
Signature |
The result of
a transformation of a message by means of a cryptographic system and a Hash
function, using keys such that a person who has the initial message and the
signer’s Public Key can determine: 1.
Whether
the transformation was created using the Private Key that corresponds to the
signer's Public Key, and 2.
Whether
the initial Message has been altered since the transformation was made. |
|
Hash Function |
An algorithm
mapping or translating one sequence of bits into another, generally smaller,
set (the Hash or Message Digest) such that: 1.
A
Message yields the same Hash Result every time the algorithm is executed
using the same Message as input; 2.
It is
computationally infeasible that a Message can be derived or reconstituted
from the Hash Result provided by the algorithm; and 3.
It is
computationally infeasible that two Messages can be found that produce the
same Hash Result using the algorithm |
|
Hash or
Message Digest |
The output
produced by a Hash Function upon processing a Message. |
|
High Security
Zone |
An area to which
access is controlled through an entry point and limited to authorised,
appropriately screened personnel and properly escorted visitors. High-Security Zones should be accessible
only from Security Zones, and are separated from Security Zones and Operations
Zones by a perimeter built to the specifications recommended in a threat risk
assessment. High-Security Zones are
monitored 24 hours a day and 7 days a week by security staff, other personnel
or electronic means. |
|
Hold a
Private Key |
To use or to
be able to use a Private Key. |
|
Incorporate
by reference |
Make one
Message a part of another Message by:- 1.
Identifying
the Message to be incorporated; 2.
Providing
information which enables the Receiving Party to access and obtain the
incorporated Message in its entirety; and 3.
Expressing
the intention that it be part of the incorporating Message. The
incorporated Message shall have the same effect as if it had been fully
stated in the incorporating Message to the extent permitted by law. |
|
Issue a
Certificate |
The acts of
an Issuing Authority in creating a Certificate and notifying the Subscriber
identified in the Certificate, of the contents of the Certificate. |
|
Issuing
Authority |
By
definition, an Issuing Authority is the entity listed in the certificate in
the issuer field. The Issuing
Authority has the responsibility for deciding who may be issued with a
certificate carrying its name. |
|
Issuing
Authority Certificate. |
A Certificate
for an Issuing Authority’s Public Key, and for use in signing certificates
created by Certification Authority software under its control. |
|
Key Pair |
In an
Asymmetric Cryptosystem - a Private Key and its mathematically related Public
Key having the property that the Public Key can verify a Digital Signature
that the Private Key creates. |
|
Local
Registration Authority |
See
Registration Authority |
|
Message |
A digital
representation of information. |
|
Message
integrity |
The assurance
of unaltered transmission and receipt of a Message from the sender to the
intended recipient |
|
Non-repudiation |
Strong and
substantial evidence of the identity of the Signer of a Message and of
Message integrity, sufficient to prevent a party from successfully denying
the original submission or delivery of the Message and the integrity of its
contents. |
|
Notify |
Communicate
or make available information to another person as required under the
circumstances |
|
Online
Certificate Status Protocol (OCSP) |
A network
protocol used to ascertain the current validity status of a certificate. |
|
Operational
Period of Certificate |
The
Operational Period of a Certificate begins on the date and time it is issued
by a Certification Authority (or on a later date and time certain if stated
in the Certificate), and ends on the date and time it expires or is earlier
revoked or suspended. |
|
Operations
Zone |
An area where
access is limited to personnel who work there and to properly escorted
visitors. Operations Zones should be
monitored at least periodically, based on a threat risk assessment, and
should preferably be accessible from a Reception Zone. |
|
Policy
Authority |
The entity
that has ultimate responsibility for approving the Certificate Policy used to
govern the issuance, management and usage of a specified set of digital
certificates. |
|
Private Key |
The private
part of an asymmetric key pair used for public key encryption
techniques. The private key is
typically used for signing via digital signatures or for decrypting messages. |
|
Public Key |
The public
part of an asymmetric key pair used for public key encryption
techniques. The public key is
typically used for verifying digital signatures or to encrypt messages to the
owner of the private key. |
|
Public-access
Zone |
An area in
which there is no personnel access control.
Generally surrounds or forms part of a security facility. Examples include the grounds surrounding a
building, and public corridors and elevator lobbies in multiple-occupancy
buildings. Boundary designators such
as signs and direct or remote surveillance may be used to discourage
unauthorised activity. |
|
Reception
Zone |
The entry to
a facility where the initial contact between the public and the facility
occurs, where services are provided, information is exchanged and access to
restricted (Operations, Security and High-security) zones is controlled. To varying degrees, activity in a Reception
Zone is monitored by the personnel who work there, by other personnel or by
security staff. Access by the public
may be limited to specific times of the day or for specific reasons. Entry beyond the Reception Zone is
indicated by a recognisable perimeter such as a doorway or an arrangement of
furniture and dividers in an open office environment. |
|
Registration
Authority (RA) |
An entity
which is authorised or licensed by an Issuing Authority to carry out the
practices and procedures for identification and Authentication of Certificate
Subscribers in order to grant requests from subscribers for issuance of
certificates or for their revocation, but without the responsibility for
signing or issuing Certificates or Certificate Revocation Information. |
|
Relying Party |
An entity
that does not necessarily hold a certificate as a subscriber does, but even
so, during the course of a transaction, may be a recipient of a certificate
and who therefore acts in reliance on that certificate and/or digital signatures
verified using that certificate |
|
Repository |
The entity
providing a community-wide accessible mechanism by which primarily
subscribers and relying parties can obtain and validate information on
certificates issued under the governing policy. |
|
Revoke a
Certificate |
Permanently
end the Operational Period of a Certificate from a specified time. |
|
Security Zone |
An area to
which access is limited to authorised personnel and to authorised and
properly escorted visitors. Security
Zones should preferably be accessible from an Operations Zone, and through a
specific entry point. A Security Zone
need not be separated from an Operations Zone by a secure perimeter. A Security Zone should be monitored 24
hours a day and 7 days a week by security staff, other personnel or
electronic means. |
|
Signer |
A person who
creates a Digital Signature for a Message. |
|
Subscriber |
An entity
that: 1.
Is the
subject named or identified in a Certificate issued to such person; and 2.
Holds a
Private Key that corresponds to a Public Key listed in that Certificate. |
|
Suspend a
Certificate |
Temporarily
suspend the Operational Period of a Certificate for a specified time period. |
|
Time-stamp |
1.
To
create a notation that indicates, at least, the correct date and time of an
action and the identity of the person that created the notation; or 2.
Such a
notation appended, attached or referenced. |
|
Time-stamping
Authority |
The Trust
Service Provider operating, controlling and issuing time-stamps for use by
other entities. |
|
Transactional
Certificate |
A certificate
for a specific transaction incorporating by reference, one or more Digital
Signatures. |
|
Trust Service |
1.
A trust-enhancing
service offered or performed by a Trust Service Provider that supports the
assurance, integrity or security of electronically executed activities, (e.g.
time-stamping, notarisation, watermarking etc.) 2.
The
service offered or performed by an Issuing Authority, Registration Authority,
Certificate Manufacturer or other trusted intermediary relating to the
issuance and control of Digital Certificates, (e.g. manufacture, issuance,
revocation, publication, registration, validity-checking, policy-making,
etc.) |
|
Trust Service
Provider |
An entity
that acts as a supplier of Trust Services. |
|
Trustworthy
System |
Computer
hardware, software and procedures that: 1.
Are
adequately secure from intrusion and misuse; 2.
Provide
an adequate level of availability, reliability and correctness of operation; 3.
Are
adequately suited to performing their intended functions; and 4.
Adhere
to generally accepted security principles. |
|
Valid
certificate |
A Certificate
which: 1.
A
Certificate Authority has issued 2.
The
Subscriber has accepted 3.
Has not
been revoked or suspended 4.
Has not
expired In addition
for a Transactional Certificate: 1.
The
Subscriber has accepted, but limited to the Digital Signature created
pursuant to the specific transaction to which the Transactional Certificate
relates. |
|
Validity
Period |
The period
that is defined within a certificate, during which that certificate is
intended to be valid for use in protecting the certificate holder’s allowable
activities. |
|
Verify a Digital
Signature and message integrity |
In relation
to a given Digital Signature, Message and Public Key, to determine
accurately:- 1.
That
the Digital Signature was created during the Operational Period of a Valid
Certificate by the Private Key corresponding to the Public Key listed in the
Certificate; and 2.
The
Message has not been altered since its Digital Signature was created. |
Copyright © Trustis
Limited 2010. All Rights Reserved
This document is licensed for use only in conjunction with the use of Trustis
Trust Services