|
Accept a Certificate
|
Demonstrate approval of a
Certificate while knowing or having notice of its contents.
|
|
Activation Data
|
Private data, other than keys, that
are required to access cryptographic modules.
|
|
Asymmetric Cryptosystem
|
A system which generates and
employs a secure key consisting of a Private Key for creating a Digital
Signature and a Public Key to verify a Digital Signature.
|
|
Authentication
|
A process used to ascertain the
identity of a person or the integrity of specific information. For a message, authentication involves
ascertaining its source and that it has not been modified or replaced in
transit.
|
|
Certificate
|
See Digital Certificate
|
|
Certificate Authority (CA)
|
See Certification Authority.
|
|
Certificate Manufacturer
|
The entity providing certificate
management operational services for the Issuing Authority.
|
|
Certificate Policy
|
A named set of rules that indicate
the applicability of a certificate to a particular community and/or class of
application with common security requirements. A certificate policy may be used by a
Subscriber or Relying Party to help in deciding whether a certificate (and
the binding therein), is sufficiently trustworthy for a particular
application.
|
|
Certificate Revocation List (CRL)
|
A list maintained by of on behalf
of an Issuing Authority of the certificates that it has issued, that are
revoked before their natural expiry time.
|
|
Certificate Status Information
|
Information that indicates whether
Certificates have been revoked or suspended,
commonly provided in bulk by Certificate Revocation Lists, or individually
through specific online enquiries (e.g. OCSP).
|
|
Certification Authority (CA)
|
The software and hardware system
used by the Issuing Authority or it’s designated Certificate Manufacturer to
issue and manage the full lifecycle of certificates.
|
|
Certification Authority Certificate
|
See Issuing Authority Certificate.
|
|
Certification Authority Key
(CA-Key)
|
The private key used by the Issuing
Authority for signing certificates and other objects.
|
|
Certification Path
|
A logical and ordered sequence of
Certificates which, together with the Public Key of the initial entity in the
Certification Path, can be processed to obtain that of the final entity in
the Certification Path.
|
|
Certification Practice Statement
|
A statement of the policies and
practices employed in the issuance of certificates and in support of one or
more Certificate Policies.
|
|
Confirm
|
Ascertain through appropriate
inquiry and investigation.
|
|
Corresponding private key
|
Given a public key taken from a key
pair, the corresponding private key is the private key from that same key
pair, (and vice-versa for corresponding public key).
|
|
Cross-certificate
|
A certificate used to establish a
trust relationship between two Issuing Authorities.
|
|
Digital Certificate
|
A collection of data that at least:
1.
Identifies the issuing Certification Authority
2.
Names or identifies its Subscriber
3.
Contains the Subscriber's Public Key
4.
Identifies the operational period of Certificate
5.
Bears the Digital Signature of the Issuing Certification
Authority
|
|
Digital Signature
|
The result of a transformation of a
message by means of a cryptographic system and a Hash function, using keys
such that a person who has the initial message and the signer’s Public Key
can determine:
1.
Whether the transformation was created using the Private Key
that corresponds to the signer's Public Key, and
2.
Whether the initial Message has been altered since the
transformation was made.
|
|
Hash Function
|
An algorithm mapping or translating
one sequence of bits into another, generally smaller, set (the Hash or
Message Digest) such that:
1.
A Message yields the same Hash Result every time the algorithm
is executed using the same Message as input;
2.
It is computationally infeasible that a Message can be derived
or reconstituted from the Hash Result provided by the algorithm; and
3.
It is computationally infeasible that two Messages can be
found that produce the same Hash Result using the algorithm
|
|
Hash or Message Digest
|
The output produced by a Hash
Function upon processing a Message.
|
|
High Security Zone
|
An area to which access is
controlled through an entry point and limited to authorised,
appropriately screened personnel and properly escorted visitors. High-Security Zones should be accessible
only from Security Zones, and are separated from Security Zones and
Operations Zones by a perimeter built to the specifications recommended in a
threat risk assessment. High-Security
Zones are monitored 24 hours a day and 7 days a week by security staff, other
personnel or electronic means.
|
|
Hold a Private Key
|
To use or to be able to use a
Private Key.
|
|
Incorporate by reference
|
Make one Message a part of another
Message by:-
1.
Identifying the Message to be incorporated;
2.
Providing information which enables the Receiving Party to
access and obtain the incorporated Message in its entirety; and
3.
Expressing the intention that it be part of the incorporating
Message.
The incorporated Message shall have
the same effect as if it had been fully stated in the incorporating Message
to the extent permitted by law.
|
|
Issue a Certificate
|
The acts of an Issuing Authority in
creating a Certificate and notifying the Subscriber identified in the
Certificate, of the contents of the Certificate.
|
|
Issuing Authority
|
By definition, an Issuing Authority
is the entity listed in the certificate in the issuer field. The Issuing Authority has the
responsibility for deciding who may be issued with a certificate carrying its
name.
|
|
Issuing Authority Certificate.
|
A Certificate for an Issuing
Authority’s Public Key, and for use in signing certificates created by
Certification Authority software under its control.
|
|
Key Pair
|
In an Asymmetric Cryptosystem - a
Private Key and its mathematically related Public Key having the property
that the Public Key can verify a Digital Signature that the Private Key
creates.
|
|
Local Registration Authority
|
See Registration Authority
|
|
Message
|
A digital representation of
information.
|
|
Message integrity
|
The assurance of unaltered
transmission and receipt of a Message from the sender to the intended
recipient
|
|
Non-repudiation
|
Strong and substantial evidence of
the identity of the Signer of a Message and of Message integrity, sufficient
to prevent a party from successfully denying the original submission or
delivery of the Message and the integrity of its contents.
|
|
Notify
|
Communicate or make available
information to another person as required under the circumstances
|
|
Online Certificate Status Protocol
(OCSP)
|
A network protocol used to
ascertain the current validity status of a certificate.
|
|
Operational Period of Certificate
|
The Operational Period of a
Certificate begins on the date and time it is issued by a Certification
Authority (or on a later date and time certain if stated in the Certificate),
and ends on the date and time it expires or is earlier revoked or suspended.
|
|
Operations Zone
|
An area where access is limited to
personnel who work there and to properly escorted visitors. Operations Zones should be monitored at
least periodically, based on a threat risk assessment, and should preferably
be accessible from a Reception Zone.
|
|
Policy Authority
|
The entity that has ultimate
responsibility for approving the Certificate Policy used to govern the
issuance, management and usage of a specified set of digital certificates.
|
|
Private Key
|
The private part of an asymmetric
key pair used for public key encryption techniques. The private key is typically used for
signing via digital signatures or for decrypting messages.
|
|
Public Key
|
The public part of an asymmetric
key pair used for public key encryption techniques. The public key is typically used for
verifying digital signatures or to encrypt messages to the owner of the
private key.
|
|
Public-access Zone
|
An area in which there is no
personnel access control. Generally
surrounds or forms part of a security facility. Examples include the grounds surrounding a
building, and public corridors and elevator lobbies in multiple-occupancy
buildings. Boundary designators such
as signs and direct or remote surveillance may be used to discourage unauthorised activity.
|
|
Reception Zone
|
The entry to a facility where the
initial contact between the public and the facility occurs, where services
are provided, information is exchanged and access to restricted (Operations,
Security and High-security) zones is controlled. To varying degrees, activity in a Reception
Zone is monitored by the personnel who work there, by other personnel or by
security staff. Access by the public
may be limited to specific times of the day or for specific reasons. Entry beyond the Reception Zone is
indicated by a recognisable perimeter such as a
doorway or an arrangement of furniture and dividers in an open office
environment.
|
|
Registration Authority (RA)
|
An entity which is authorised or licensed by an Issuing Authority to carry
out the practices and procedures for identification and Authentication of
Certificate Subscribers in order to grant requests from subscribers for
issuance of certificates or for their revocation, but without the
responsibility for signing or issuing Certificates or Certificate Revocation
Information.
|
|
Relying Party
|
An entity that does not necessarily
hold a certificate as a subscriber does, but even so, during the course of a
transaction, may be a recipient of a certificate and who therefore acts in
reliance on that certificate and/or digital signatures verified using that
certificate
|
|
Repository
|
The entity providing a
community-wide accessible mechanism by which primarily subscribers and
relying parties can obtain and validate information on certificates issued
under the governing policy.
|
|
Revoke a Certificate
|
Permanently end the Operational
Period of a Certificate from a specified time.
|
|
Security Zone
|
An area to which access is limited
to authorised personnel and to authorised
and properly escorted visitors.
Security Zones should preferably be accessible from an Operations
Zone, and through a specific entry point.
A Security Zone need not be separated from an Operations Zone by a
secure perimeter. A Security Zone
should be monitored 24 hours a day and 7 days a week by security staff, other
personnel or electronic means.
|
|
Signer
|
A person who creates a Digital
Signature for a Message.
|
|
Subscriber
|
An entity that:
1.
Is the subject named or identified in a Certificate issued to
such person; and
2.
Holds a Private Key that corresponds to a Public Key listed in
that Certificate.
|
|
Suspend a Certificate
|
Temporarily suspend the Operational
Period of a Certificate for a specified time period.
|
|
Time-stamp
|
1.
To create a notation that indicates, at least, the correct
date and time of an action and the identity of the person that created the
notation; or
2.
Such a notation appended, attached or referenced.
|
|
Time-stamping Authority
|
The Trust Service Provider
operating, controlling and issuing time-stamps for use by other entities.
|
|
Transactional Certificate
|
A certificate for a specific
transaction incorporating by reference, one or more Digital Signatures.
|
|
Trust Service
|
1.
A trust-enhancing service offered or performed by a Trust
Service Provider that supports the assurance, integrity or security of
electronically executed activities, (e.g. time-stamping, notarisation,
watermarking etc.)
2.
The service offered or performed by an Issuing Authority,
Registration Authority, Certificate Manufacturer or other trusted
intermediary relating to the issuance and control of Digital Certificates,
(e.g. manufacture, issuance, revocation, publication, registration,
validity-checking, policy-making, etc.)
|
|
Trust Service Provider
|
An entity that acts as a supplier
of Trust Services.
|
|
Trustworthy System
|
Computer hardware, software and
procedures that:
1.
Are adequately secure from intrusion and misuse;
2.
Provide an adequate level of availability, reliability and
correctness of operation;
3.
Are adequately suited to performing their intended functions;
and
4.
Adhere to generally accepted security principles.
|
|
Valid certificate
|
A Certificate which:
1.
A Certificate Authority has issued
2.
The Subscriber has accepted
3.
Has not been revoked or suspended
4.
Has not expired
In addition for a Transactional
Certificate:
1.
The Subscriber has accepted, but limited to the Digital
Signature created pursuant to the specific transaction to which the
Transactional Certificate relates.
|
|
Validity Period
|
The period that is defined within a
certificate, during which that certificate is intended to be valid for use in
protecting the certificate holder’s allowable activities.
|
|
Verify a Digital Signature and
message integrity
|
In relation to a given Digital
Signature, Message and Public Key, to determine accurately:-
1.
That the Digital Signature was created during the Operational
Period of a Valid Certificate by the Private Key corresponding to the Public
Key listed in the Certificate; and
2.
The Message has not been altered since its Digital Signature
was created.
|
