Tech-invite3GPPspaceIETF RFCsSIP
in Index   Prev   Next

RFC 2828

Internet Security Glossary

Pages: 212
Obsoleted by:  4949
Part 2 of 8 – Pages 30 to 59
First   Prev   Next

ToP   noToC   RFC2828 - Page 30   prevText
      (O) "An integer value, unique within the issuing CA, which is
      unambiguously associated with a certificate issued by that CA."

   $ certificate status responder
      (N) FPKI usage: A trusted on-line server that acts for a CA to
      provide authenticated certificate status information to
      certificate users. [FPKI] Offers an alternative to issuing a CRL,
      but is not supported in X.509. (See: certificate revocation tree.)

   $ certificate update
      (I) The act or process by which non-key data items bound in an
      existing public-key certificate, especially authorizations granted
      to the subject, are changed by issuing a new certificate. (See:
      certificate rekey, certificate renewal.)

      (C) For an X.509 public-key certificate, the essence of this
      process is that fundamental changes are made in the data that is
      bound to the public key, such that it is necessary to revoke the
      old certificate. (Otherwise, the process is only a "certificate
      rekey" or "certificate renewal".)

   $ certificate user
      (I) A system entity that depends on the validity of information
      (such as another entity's public key value) provided by a digital
      certificate. (See: relying party.)

      (O) "An entity that needs to know, with certainty, the public key
      of another entity." [X509]

      (C) The system entity may be a human being or an organization, or
      a device or process under the control of a human or an

      (D) ISDs SHOULD NOT use this term as a synonym for the "subject"
      of a certificate.

   $ certificate validation
      (I) An act or process by which a certificate user establishes that
      the assertions made by a digital certificate can be trusted. (See:
      valid certificate, validate vs. verify.)

      (O) "The process of ensuring that a certificate is valid including
      possibly the construction and processing of a certification path,
      and ensuring that all certificates in that path have not expired
      or been revoked." [FPDAM]
ToP   noToC   RFC2828 - Page 31
      (C) To validate a certificate, a certificate user checks that the
      certificate is properly formed and signed and currently in force:

       - Checks the signature: Employs the issuer's public key to verify
         the digital signature of the CA who issued the certificate in
         question. If the verifier obtains the issuer's public key from
         the issuer's own public-key certificate, that certificate
         should be validated, too. That validation may lead to yet
         another certificate to be validated, and so on. Thus, in
         general, certificate validation involves discovering and
         validating a certification path.

       - Checks the syntax and semantics: Parses the certificate's
         syntax and interprets its semantics, applying rules specified
         for and by its data fields, such as for critical extensions in
         an X.509 certificate.

       - Checks currency and revocation: Verifies that the certificate
         is currently in force by checking that the current date and
         time are within the validity period (if that is specified in
         the certificate) and that the certificate is not listed on a
         CRL or otherwise announced as invalid. (CRLs themselves require
         a similar validation process.)

   $ certification
      (I) Information system usage: Technical evaluation (usually made
      in support of an accreditation action) of an information system's
      security features and other safeguards to establish the extent to
      which the system's design and implementation meet specified
      security requirements. [FP102] (See: accreditation.)

      (I) Digital certificate usage: The act or process of vouching for
      the truth and accuracy of the binding between data items in a
      certificate. (See: certify.)

      (I) Public key usage: The act or process of vouching for the
      ownership of a public key by issuing a public-key certificate that
      binds the key to the name of the entity that possesses the
      matching private key. In addition to binding a key to a name, a
      public-key certificate may bind those items to other restrictive
      or explanatory data items. (See: X.509 public-key certificate.)

      (O) SET usage: "The process of ascertaining that a set of
      requirements or criteria has been fulfilled and attesting to that
      fact to others, usually with some written instrument. A system
      that has been inspected and evaluated as fully compliant with the
      SET protocol by duly authorized parties and process would be said
      to have been certified compliant." [SET2]
ToP   noToC   RFC2828 - Page 32
   $ certification authority (CA)
      (I) An entity that issues digital certificates (especially X.509
      certificates) and vouches for the binding between the data items
      in a certificate.

      (O) "An authority trusted by one or more users to create and
      assign certificates. Optionally, the certification authority may
      create the user's keys." [X509]

      (C) Certificate users depend on the validity of information
      provided by a certificate. Thus, a CA should be someone that
      certificate users trust, and usually holds an official position
      created and granted power by a government, a corporation, or some
      other organization. A CA is responsible for managing the life
      cycle of certificates (see: certificate management) and, depending
      on the type of certificate and the CPS that applies, may be
      responsible for the life cycle of key pairs associated with the
      certificates (see: key management).

   $ certification authority workstation (CAW)
      (I) A computer system that enables a CA to issue digital
      certificates and supports other certificate management functions
      as required.

   $ certification hierarchy
      (I) A tree-structured (loop-free) topology of relationships among
      CAs and the entities to whom the CAs issue public-key
      certificates. (See: hierarchical PKI.)

      (C) In this structure, one CA is the top CA, the highest level of
      the hierarchy. (See: root, top CA.) The top CA may issue public-
      key certificates to one or more additional CAs that form the
      second highest level. Each of these CAs may issue certificates to
      more CAs at the third highest level, and so on. The CAs at the
      second-lowest of the hierarchy issue certificates only to non-CA
      entities, called "end entities" that form the lowest level. (See:
      end entity.) Thus, all certification paths begin at the top CA and
      descend through zero or more levels of other CAs. All certificate
      users base path validations on the top CA's public key.

      (O) MISSI usage: A MISSI certification hierarchy has three or four
      levels of CAs:

       - A CA at the highest level, the top CA, is a "policy approving
       - A CA at the second-highest level is a "policy creation
ToP   noToC   RFC2828 - Page 33
       - A CA at the third-highest level is a local authority called a
         "certification authority".
       - A CA at the fourth-highest (optional) level is a "subordinate
         certification authority".

      (O) PEM usage: A PEM certification hierarchy has three levels of
      CAs [R1422]:

       - The highest level is the "Internet Policy Registration
       - A CA at the second-highest level is a "policy certification
       - A CA at the third-highest level is a "certification authority".

      (O) SET usage: A SET certification hierarchy has three or four
      levels of CAs:

       - The highest level is a "SET root CA".
       - A CA at the second-highest level is a "brand certification
       - A CA at the third-highest (optional) level is a "geopolitical
         certification authority".
       - A CA at the fourth-highest level is a "cardholder CA", a
         "merchant CA", or a "payment gateway CA".

   $ certification path
      (I) An ordered sequence of public-key certificates (or a sequence
      of public-key certificates followed by one attribute certificate)
      that enables a certificate user to verify the signature on the
      last certificate in the path, and thus enables the user to obtain
      a certified public key (or certified attributes) of the entity
      that is the subject of that last certificate. (See: certificate
      validation, valid certificate.)

      (O) "An ordered sequence of certificates of objects in the [X.500
      Directory Information Tree] which, together with the public key of
      the initial object in the path, can be processed to obtain that of
      the final object in the path." [X509, R2527]

      (C) The path is the "list of certificates needed to allow a
      particular user to obtain the public key of another." [X509] The
      list is "linked" in the sense that the digital signature of each
      certificate (except the first) is verified by the public key
      contained in the preceding certificate; i.e., the private key used
      to sign a certificate and the public key contained in the
      preceding certificate form a key pair owned by the entity that
ToP   noToC   RFC2828 - Page 34
      (C) In the X.509 quotation in the previous "C" paragraph, the word
      "particular" points out that a certification path that can be
      validated by one certificate user might not be able to be
      validated by another. That is because either the first certificate
      should be a trusted certificate (it might be a root certificate)
      or the signature on the first certificate should be verified by a
      trusted key (it might be a root key), but such trust is defined
      relative to each user, not absolutely for all users.

   $ certification policy
      (D) ISDs SHOULD NOT use this term. Instead, use either
      "certificate policy" or "certification practice statement",
      depending on what is meant.

   $ certification practice statement (CPS)
      (I) "A statement of the practices which a certification authority
      employs in issuing certificates." [ABA96, R2527] (See: certificate

      (C) A CPS is a published security policy that can help a
      certificate user to decide whether a certificate issued by a
      particular CA can be trusted enough to use in a particular
      application. A CPS may be (a) a declaration by a CA of the details
      of the system and practices it employs in its certificate
      management operations, (b) part of a contract between the CA and
      an entity to whom a certificate is issued, (c) a statute or
      regulation applicable to the CA, or (d) a combination of these
      types involving multiple documents. [ABA]

      (C) A CPS is usually more detailed and procedurally oriented than
      a certificate policy. A CPS applies to a particular CA or CA
      community, while a certificate policy applies across CAs or
      communities. A CA with a single CPS may support multiple
      certificate policies, which may be used for different application
      purposes or by different user communities. Multiple CAs, each with
      a different CPS, may support the same certificate policy. [R2527]

   $ certification request
      (I) A algorithm-independent transaction format, defined by PCKS
      #10 and used in PKIX, that contains a DN, a public key, and
      optionally a set of attributes, collectively signed by the entity
      requesting certification, and sent to a CA, which transforms the
      request to an X.509 public-key certificate or another type of
ToP   noToC   RFC2828 - Page 35
   $ certify
      1. (I) Issue a digital certificate and thus vouch for the truth,
      accuracy, and binding between data items in the certificate (e.g.,
      see: X.509 public key certificate), such as the identity of the
      certificate's subject and the ownership of a public key. (See:

      (C) To "certify a public key" means to issue a public-key
      certificate that vouches for the binding between the certificate's
      subject and the key.

      2. (I) The act by which a CA employs measures to verify the truth,
      accuracy, and binding between data items in a digital certificate.

      (C) A description of the measures used for verification should be
      included in the CA's CPS.

   $ CFB
      See: cipher feedback.

   $ Challenge Handshake Authentication Protocol (CHAP)
      (I) A peer entity authentication method for PPP, using a randomly-
      generated challenge and requiring a matching response that depends
      on a cryptographic hash of the challenge and a secret key. [R1994]
      (See: challenge-response, PAP.)

   $ challenge-response
      (I) An authentication process that verifies an identity by
      requiring correct authentication information to be provided in
      response to a challenge. In a computer system, the authentication
      information is usually a value that is required to be computed in
      response to an unpredictable challenge value.

   $ Challenge-Response Authentication Mechanism (CRAM)
      (I) IMAP4 usage: A mechanism [R2195], intended for use with IMAP4
      AUTHENTICATE, by which an IMAP4 client uses a keyed hash [R2104]
      to authenticate itself to an IMAP4 server. (See: POP3 APOP.)

      (C) The server includes a unique timestamp in its ready response
      to the client. The client replies with the client's name and the
      hash result of applying MD5 to a string formed from concatenating
      the timestamp with a shared secret that is known only to the
      client and the server.

   $ channel
      (I) An information transfer path within a system. (See: covert
ToP   noToC   RFC2828 - Page 36
   $ CHAP
      See: Challenge Handshake Authentication Protocol.

   $ checksum
      (I) A value that (a) is computed by a function that is dependent
      on the contents of a data object and (b) is stored or transmitted
      together with the object, for the purpose of detecting changes in
      the data. (See: cyclic redundancy check, data integrity service,
      error detection code, hash, keyed hash, protected checksum.)

      (C) To gain confidence that a data object has not been changed, an
      entity that later uses the data can compute a checksum and compare
      it with the checksum that was stored or transmitted with the

      (C) Computer systems and networks employ checksums (and other
      mechanisms) to detect accidental changes in data. However, active
      wiretapping that changes data could also change an accompanying
      checksum to match the changed data. Thus, some checksum functions
      by themselves are not good countermeasures for active attacks. To
      protect against active attacks, the checksum function needs to be
      well-chosen (see: cryptographic hash), and the checksum result
      needs to be cryptographically protected (see: digital signature,
      keyed hash).

   $ chosen-ciphertext attack
      (I) A cryptanalysis technique in which the analyst tries to
      determine the key from knowledge of plaintext that corresponds to
      ciphertext selected (i.e., dictated) by the analyst.

   $ chosen-plaintext attack
      (I) A cryptanalysis technique in which the analyst tries to
      determine the key from knowledge of ciphertext that corresponds to
      plaintext selected (i.e., dictated) by the analyst.

   $ CIAC
      See: Computer Incident Advisory Capability.

   $ CIK
      See: cryptographic ignition key.

   $ cipher
      (I) A cryptographic algorithm for encryption and decryption.

   $ cipher block chaining (CBC)
      (I) An block cipher mode that enhances electronic codebook mode by
      chaining together blocks of ciphertext it produces. [FP081] (See:
      [R1829], [R2451].)
ToP   noToC   RFC2828 - Page 37
      (C) This mode operates by combining (exclusive OR-ing) the
      algorithm's ciphertext output block with the next plaintext block
      to form the next input block for the algorithm.

   $ cipher feedback (CFB)
      (I) An block cipher mode that enhances electronic code book mode
      by chaining together the blocks of ciphertext it produces and
      operating on plaintext segments of variable length less than or
      equal to the block length. [FP081]

      (C) This mode operates by using the previously generated
      ciphertext segment as the algorithm's input (i.e., by "feeding
      back" the ciphertext) to generate an output block, and then
      combining (exclusive OR-ing) that output block with the next
      plaintext segment (block length or less) to form the next
      ciphertext segment.

   $ ciphertext
      (I) Data that has been transformed by encryption so that its
      semantic information content (i.e., its meaning) is no longer
      intelligible or directly available. (See: cleartext, plaintext.)

      (O) "Data produced through the use of encipherment. The semantic
      content of the resulting data is not available." [I7498 Part 2]

   $ ciphertext-only attack
      (I) A cryptanalysis technique in which the analyst tries to
      determine the key solely from knowledge of intercepted ciphertext
      (although the analyst may also know other clues, such as the
      cryptographic algorithm, the language in which the plaintext was
      written, the subject matter of the plaintext, and some probable
      plaintext words.)

   $ CIPSO
      See: Common IP Security Option.

   $ CKL
      See: compromised key list.

   $ class 2, 3, 4, or 5
      (O) U.S. Department of Defense usage: Levels of PKI assurance
      based on risk and value of information to be protected [DOD3]:

       - Class 2: For handling low-value information (unclassified, not
         mission-critical, or low monetary value) or protection of
         system-high information in low- to medium-risk environment.
ToP   noToC   RFC2828 - Page 38
       - Class 3: For handling medium-value information in low- to
         medium-risk environment. Typically requires identification of a
         system entity as a legal person, rather than merely a member of
         an organization.

       - Class 4: For handling medium- to high-value information in any
         environment. Typically requires identification of an entity as
         a legal person, rather than merely a member of an organization,
         and a cryptographic hardware token for protection of keying

       - Class 5: For handling high-value information in a high-risk

   $ classification
   $ classification level
      (I) (1.) A grouping of classified information to which a
      hierarchical, restrictive security label is applied to increase
      protection of the data. (2.) The level of protection that is
      required to be applied to that information. (See: security level.)

   $ classified
      (I) Refers to information (stored or conveyed, in any form) that
      is formally required by a security policy to be given data
      confidentiality service and to be marked with a security label
      (which in some cases might be implicit) to indicate its protected
      status. (See: unclassified.)

      (C) The term is mainly used in government, especially in the
      military, although the concept underlying the term also applies
      outside government. In the U.S. Department of Defense, for
      example, it means information that has been determined pursuant to
      Executive Order 12958 ("Classified National Security Information",
      20 April 1995) or any predecessor order to require protection
      against unauthorized disclosure and is marked to indicate its
      classified status when in documentary form.

   $ clean system
      (I) A computer system in which the operating system and
      application system software and files have just been freshly
      installed from trusted software distribution media.

      (C) A clean system is not necessarily in a secure state.

   $ clearance
      See: security clearance.
ToP   noToC   RFC2828 - Page 39
   $ clearance level
      (I) The security level of information to which a security
      clearance authorizes a person to have access.

   $ cleartext
      (I) Data in which the semantic information content (i.e., the
      meaning) is intelligible or is directly available. (See:

      (O) "Intelligible data, the semantic content of which is
      available." [I7498 Part 2]

      (D) ISDs SHOULD NOT use this term as a synonym for "plaintext",
      the input to an encryption operation, because the plaintext input
      to encryption may itself be ciphertext that was output from
      another operation. (See: superencryption.)

   $ client
      (I) A system entity that requests and uses a service provided by
      another system entity, called a "server". (See: server.)

      (C) Usually, the requesting entity is a computer process, and it
      makes the request on behalf of a human user. In some cases, the
      server may itself be a client of some other server.

   $ CLIPPER chip
      (N) The Mykotronx, Inc. MYK-82, an integrated microcircuit with a
      cryptographic processor that implements the SKIPJACK encryption
      algorithm and supports key escrow. (See: CAPSTONE, Escrowed
      Encryption Standard.)

      (C) The key escrow scheme for a chip involves a SKIPJACK key
      common to all chips that protects the unique serial number of the
      chip, and a second SKIPJACK key unique to the chip that protects
      all data encrypted by the chip. The second key is escrowed as
      split key components held by NIST and the U.S. Treasury

   $ closed security environment
      (O) U.S. Department of Defense usage: A system environment that
      meets both of the following conditions: (a) Application developers
      (including maintainers) have sufficient clearances and
      authorizations to provide an acceptable presumption that they have
      not introduced malicious logic. (b) Configuration control provides
      sufficient assurance that system applications and the equipment
      they run on are protected against the introduction of malicious
      logic prior to and during the operation of applications. [NCS04]
      (See: open security environment.)
ToP   noToC   RFC2828 - Page 40
   $ code
      (I) noun: A system of symbols used to represent information, which
      might originally have some other representation. (See: encode.)

      (D) ISDs SHOULD NOT use this term as synonym for the following:
      (a) "cipher", "hash", or other words that mean "a cryptographic
      algorithm"; (b) "ciphertext"; or (c) "encrypt", "hash", or other
      words that refer to applying a cryptographic algorithm.

      (D) ISDs SHOULD NOT this word as an abbreviation for the following
      terms: country code, cyclic redundancy code, Data Authentication
      Code, error detection code, Message Authentication Code, object
      code, or source code. To avoid misunderstanding, use the fully
      qualified term, at least at the point of first usage.

   $ color change
      (I) In a system that is being operated in periods processing mode,
      the act of purging all information from one processing period and
      then changing over to the next processing period.

   $ Common Criteria
   $ Common Criteria for Information Technology Security
      (N) "The Common Criteria" is a standard for evaluating information
      technology products and systems, such as operating systems,
      computer networks, distributed systems, and applications. It
      states requirements for security functions and for assurance
      measures. [CCIB]

      (C) Canada, France, Germany, the Netherlands, the United Kingdom,
      and the United States (NIST and NSA) began developing this
      standard in 1993, based on the European ITSEC, the Canadian
      Trusted Computer Product Evaluation Criteria (CTCPEC), and the
      U.S. "Federal Criteria for Information Technology Security" (FC)
      and its precursor, the TCSEC. Work was done in cooperation with
      ISO/IEC Joint Technical Committee 1 (Information Technology),
      Subcommittee 27 (Security Techniques), Working Group 3 (Security
      Criteria). Version 2.1 of the Criteria is equivalent to ISO's
      International Standard 15408 [I15408]. The U.S. Government intends
      that this standard eventually will supersede both the TCSEC and
      FIPS PUB 140-1. (See: NIAP.)

      (C) The standard addresses data confidentiality, data integrity,
      and availability and may apply to other aspects of security. It
      focuses on threats to information arising from human activities,
      malicious or otherwise, but may apply to non-human threats. It
      applies to security measures implemented in hardware, firmware, or
      software. It does not apply to (a) administrative security not
      related directly to technical security, (b) technical physical
ToP   noToC   RFC2828 - Page 41
      aspects of security such as electromagnetic emanation control, (c)
      evaluation methodology or administrative and legal framework under
      which the criteria may be applied, (d) procedures for use of
      evaluation results, or (e) assessment of inherent qualities of
      cryptographic algorithms.

   $ Common IP Security Option (CIPSO)
      See: (secondary definition under) Internet Protocol Security

   $ common name
      (I) A character string that (a) may be a part of the X.500 DN of a
      Directory object ("commonName" attribute), (b) is a (possibly
      ambiguous) name by which the object is commonly known in some
      limited scope (such as an organization), and (c) conforms to the
      naming conventions of the country or culture with which it is
      associated. [X520] (See: ("subject" and "issuer" under) X.509
      public-key certificate.)

      (C) For example, "Dr. E. F. Moore", "The United Nations", or
      "12-th Floor Laser Printer".

   $ communication security (COMSEC)
      (I) Measures that implement and assure security services in a
      communication system, particularly those that provide data
      confidentiality and data integrity and that authenticate
      communicating entities.

      (C) Usually understood to include cryptographic algorithms and key
      management methods and processes, devices that implement them, and
      the life cycle management of keying material and devices.

   $ community string
      (I) A community name in the form of an octet string that serves as
      a cleartext password in SNMP version 1. [R1157]

   $ compartment
      (I) A grouping of sensitive information items that require special
      access controls beyond those normally provided for the basic
      classification level of the information. (See: category.)

      (C) The term is usually understood to include the special handling
      procedures to be used for the information.

   $ compromise
      See: data compromise, security compromise.
ToP   noToC   RFC2828 - Page 42
   $ compromised key list (CKL)
      (O) MISSI usage: A list that identifies keys for which
      unauthorized disclosure or alteration may have occurred. (See:

      (C) A CKL is issued by an CA, like a CRL is issued. But a CKL
      lists only KMIDs, not subjects that hold the keys, and not
      certificates in which the keys are bound.

      See: computer security.

   $ computer emergency response team (CERT)
      (I) An organization that studies computer and network INFOSEC in
      order to provide incident response services to victims of attacks,
      publish alerts concerning vulnerabilities and threats, and offer
      other information to help improve computer and network security.
      (See: CSIRT, security incident.)

      (C) For example, the CERT Coordination Center at Carnegie-Mellon
      University (sometimes called "the" CERT) and the Computer Incident
      Advisory Capability.

   $ Computer Incident Advisory Capability (CIAC)
      (N) A computer emergency response team in the U.S. Department of

   $ computer network
      (I) A collection of host computers together with the subnetwork or
      internetwork through which they can exchange data.

      (C) This definition is intended to cover systems of all sizes and
      types, ranging from the complex Internet to a simple system
      composed of a personal computer dialing in as a remote terminal of
      another computer.

   $ computer security (COMPUSEC)
      (I) Measures that implement and assure security services in a
      computer system, particularly those that assure access control

      (C) Usually understood to include functions, features, and
      technical characteristics of computer hardware and software,
      especially operating systems.
ToP   noToC   RFC2828 - Page 43
   $ computer security incident response team (CSIRT)
      (I) An organization "that coordinates and supports the response to
      security incidents that involve sites within a defined
      constituency." [R2350] (See: CERT, FIRST, security incident.)

      (C) To be considered a CSIRT, an organization must do as follows:

       - Provide a (secure) channel for receiving reports about
         suspected security incidents.
       - Provide assistance to members of its constituency in handling
         the incidents.
       - Disseminate incident-related information to its constituency
         and other involved parties.

   $ computer security object
      (I) The definition or representation of a resource, tool, or
      mechanism used to maintain a condition of security in computerized
      environments. Includes many elements referred to in standards that
      are either selected or defined by separate user communities.
      [CSOR] (See: object identifier, Computer Security Objects

   $ Computer Security Objects Register (CSOR)
      (N) A service operated by NIST is establishing a catalog for
      computer security objects to provide stable object definitions
      identified by unique names. The use of this register will enable
      the unambiguous specification of security parameters and
      algorithms to be used in secure data exchanges.

      (C) The CSOR follows registration guidelines established by the
      international standards community and ANSI. Those guidelines
      establish minimum responsibilities for registration authorities
      and assign the top branches of an international registration
      hierarchy. Under that international registration hierarchy the
      CSOR is responsible for the allocation of unique identifiers under
      the branch {joint-iso-ccitt(2) country(16) us(840) gov(101)

      See: communication security.

   $ confidentiality
      See: data confidentiality.

   $ configuration control
      (I) The process of regulating changes to hardware, firmware,
      software, and documentation throughout the development and
      operational life of a system. (See: administrative security.)
ToP   noToC   RFC2828 - Page 44
      (C) Configuration control helps protect against unauthorized or
      malicious alteration of a system and thus provides assurance of
      system integrity. (See: malicious logic.)

   $ confinement property
      See: (secondary definition under) Bell-LaPadula Model.

   $ connectionless data integrity service
      (I) A security service that provides data integrity service for an
      individual IP datagram, by detecting modification of the datagram,
      without regard to the ordering of the datagram in a stream of

      (C) A connection-oriented data integrity service would be able to
      detect lost or reordered datagrams within a stream of datagrams.

   $ contingency plan
      (I) A plan for emergency response, backup operations, and post-
      disaster recovery in a system as part of a security program to
      ensure availability of critical system resources and facilitate
      continuity of operations in a crisis. [NCS04] (See: availability.)

   $ controlled security mode
      (D) ISDs SHOULD NOT use this term. It was defined in an earlier
      version of the U.S. Department of Defense policy that regulates
      system accreditation, but was subsumed by "partitioned security
      mode" in the current version. [DOD2]

      (C) The term refers to a mode of operation of an information
      system, wherein at least some users with access to the system have
      neither a security clearance nor a need-to-know for all classified
      material contained in the system. However, separation and control
      of users and classified material on the basis, respectively, of
      clearance and classification level are not essentially under
      operating system control like they are in "multilevel security

      (C) Controlled mode was intended to encourage ingenuity in meeting
      the security requirements of Defense policy in ways less
      restrictive than "dedicated security mode" and "system high
      security mode", but at a level of risk lower than that generally
      associated with the true "multilevel security mode". This was to
      be accomplished by implementation of explicit augmenting measures
      to reduce or remove a substantial measure of system software
      vulnerability together with specific limitation of the security
      clearance levels of users permitted concurrent access to the
ToP   noToC   RFC2828 - Page 45
   $ cookie
      (I) access control usage: A synonym for "capability" or "ticket"
      in an access control system.

      (I) IPsec usage: Data exchanged by ISAKMP to prevent certain
      denial-of-service attacks during the establishment of a security

      (I) HTTP usage: Data exchanged between an HTTP server and a
      browser (a client of the server) to store state information on the
      client side and retrieve it later for server use.

      (C) An HTTP server, when sending data to a client, may send along
      a cookie, which the client retains after the HTTP connection
      closes. A server can use this mechanism to maintain persistent
      client-side state information for HTTP-based applications,
      retrieving the state information in later connections. A cookie
      may include a description of the range of URLs for which the state
      is valid. Future requests made by the client in that range will
      also send the current value of the cookie to the server. Cookies
      can be used to generate profiles of web usage habits, and thus may
      infringe on personal privacy.

   $ Coordinated Universal Time (UTC)
      (N) UTC is derived from International Atomic Time (TAI) by adding
      a number of leap seconds. The International Bureau of Weights and
      Measures computes TAI once each month by averaging data from many
      laboratories. (See: GeneralizedTime, UTCTime.)

   $ copy
      See: card copy.

   $ correctness integrity
      (I) Accuracy and consistency of the information that data values
      represent, rather than of the data itself. Closely related to
      issues of accountability and error handling. (See: data integrity,
      source integrity.)

   $ correctness proof
      (I) A mathematical proof of consistency between a specification
      for system security and the implementation of that specification.
      (See: formal specification.)

   $ countermeasure
      (I) An action, device, procedure, or technique that reduces a
      threat, a vulnerability, or an attack by eliminating or preventing
      it, by minimizing the harm it can cause, or by discovering and
      reporting it so that corrective action can be taken.
ToP   noToC   RFC2828 - Page 46
      (C) In an Internet protocol, a countermeasure may take the form of
      a protocol feature, an element function, or a usage constraint.

   $ country code
      (I) An identifier that is defined for a nation by ISO. [I3166]

      (C) For each nation, ISO Standard 3166 defines a unique two-
      character alphabetic code, a unique three-character alphabetic
      code, and a three-digit code. Among many uses of these codes, the
      two-character codes are used as top-level domain names.

   $ covert channel
      (I) A intra-system channel that permits two cooperating entities,
      without exceeding their access authorizations, to transfer
      information in a way that violates the system's security policy.
      (See: channel, out of band.)

      (O) "A communications channel that allows two cooperating
      processes to transfer information in a manner that violates the
      system's security policy." [NCS04]

      (C) The cooperating entities can be either two insiders or an
      insider and an outsider. Of course, an outsider has no access
      authorization at all. A covert channel is a system feature that
      the system architects neither designed nor intended for
      information transfer:

       - "Timing channel": A system feature that enable one system
         entity to signal information to another by modulating its own
         use of a system resource in such a way as to affect system
         response time observed by the second entity.

       - "Storage channel": A system feature that enables one system
         entity to signal information to another entity by directly or
         indirectly writing a storage location that is later directly or
         indirectly read by the second entity.

   $ CPS
      See: certification practice statement.

   $ cracker
      (I) Someone who tries to break the security of, and gain access
      to, someone else's system without being invited to do so. (See:
      hacker and intruder.)

   $ CRAM
      See: Challenge-Response Authentication Mechanism.
ToP   noToC   RFC2828 - Page 47
   $ CRC
      See: cyclic redundancy check.

   $ credential(s)
      (I) Data that is transferred or presented to establish either a
      claimed identity or the authorizations of a system entity. (See:
      authentication information, capability, ticket.)

      (O) "Data that is transferred to establish the claimed identity of
      an entity." [I7498 Part 2]

   $ critical
      1. (I) "Critical" system resource: A condition of a service or
      other system resource such that denial of access to (i.e., lack of
      availability of) that resource would jeopardize a system user's
      ability to perform a primary function or would result in other
      serious consequences. (See: availability, sensitive.)

      2. (N) "Critical" extension: Each extension of an X.509
      certificate (or CRL) is marked as being either critical or non-
      critical. If an extension is critical and a certificate user (or
      CRL user) does not recognize the extension type or does not
      implement its semantics, then the user is required to treat the
      certificate (or CRL) as invalid. If an extension is non-critical,
      a user that does not recognize or implement that extension type is
      permitted to ignore the extension and process the rest of the
      certificate (or CRL).

   $ CRL
      See: certificate revocation list.

   $ CRL distribution point
      See: distribution point.

   $ CRL extension
      See: extension.

   $ cross-certificate
      See: cross-certification.

   $ cross-certification
      (I) The act or process by which two CAs each certify a public key
      of the other, issuing a public-key certificate to that other CA.

      (C) Cross-certification enables users to validate each other's
      certificate when the users are certified under different
      certification hierarchies.
ToP   noToC   RFC2828 - Page 48
   $ cryptanalysis
      (I) The mathematical science that deals with analysis of a
      cryptographic system in order to gain knowledge needed to break or
      circumvent the protection that the system is designed to provide.
      (See: cryptology.)

      (O) "The analysis of a cryptographic system and/or its inputs and
      outputs to derive confidential variables and/or sensitive data
      including cleartext." [I7498 Part 2]

      (C) The "O" definition states the traditional goal of
      cryptanalysis--convert the ciphertext to plaintext (which usually
      is cleartext) without knowing the key--but that definition applies
      only to encryption systems. Today, the term is used with reference
      to all kinds of cryptographic algorithms and key management, and
      the "I" definition reflects that. In all cases, however, a
      cryptanalyst tries to uncover or reproduce someone else's
      sensitive data, such as cleartext, a key, or an algorithm. The
      basic cryptanalytic attacks on encryption systems are ciphertext-
      only, known-plaintext, chosen-plaintext, and chosen-ciphertext;
      and these generalize to the other kinds of cryptography.

   $ crypto
      (D) Except as part of certain long-established terms listed in
      this Glossary, ISDs SHOULD NOT use this abbreviated term because
      it may be misunderstood. Instead, use "cryptography" or

   $ cryptographic algorithm
      (I) An algorithm that employs the science of cryptography,
      including encryption algorithms, cryptographic hash algorithms,
      digital signature algorithms, and key agreement algorithms.

   $ cryptographic application programming interface (CAPI)
      (I) The source code formats and procedures through which an
      application program accesses cryptographic services, which are
      defined abstractly compared to their actual implementation. For
      example, see: PKCS #11, [R2628].

   $ cryptographic card
      (I) A cryptographic token in the form of a smart card or a PC

   $ cryptographic component
      (I) A generic term for any system component that involves
      cryptography. (See: cryptographic module.)
ToP   noToC   RFC2828 - Page 49
   $ cryptographic hash
      See: (secondary definition under) hash function.

   $ cryptographic ignition key (CIK)
      (I) A physical (usually electronic) token used to store,
      transport, and protect cryptographic keys. (Sometimes abbreviated
      as "crypto ignition key".)

      (C) A typical use is to divide a split key between a CIK and a
      cryptographic module, so that it is necessary to combine the two
      to regenerate a key-encrypting key and thus activate the module
      and other keys it contains.

   $ cryptographic key
      (I) Usually shortened to just "key". An input parameter that
      varies the transformation performed by a cryptographic algorithm.

      (O) "A sequence of symbols that controls the operations of
      encipherment and decipherment." [I7498 Part 2]

      (C) If a key value needs to be kept secret, the sequence of
      symbols (usually bits) that comprise it should be random, or at
      least pseudo-random, because that makes the key hard for an
      adversary to guess. (See: cryptanalysis, brute force attack.)

   $ Cryptographic Message Syntax (CMS)
      (I) A encapsulation syntax for digital signatures, hashes, and
      encryption of arbitrary messages. [R2630]

      (C) CMS was derived from PKCS #7. CMS values are specified with
      ASN.1 and use BER encoding. The syntax permits multiple
      encapsulation with nesting, permits arbitrary attributes to be
      signed along with message content, and supports a variety of
      architectures for digital certificate-based key management.

   $ cryptographic module
      (I) A set of hardware, software, firmware, or some combination
      thereof that implements cryptographic logic or processes,
      including cryptographic algorithms, and is contained within the
      module's cryptographic boundary, which is an explicitly defined
      contiguous perimeter that establishes the physical bounds of the
      module. [FP140]

   $ cryptographic system
      (I) A set of cryptographic algorithms together with the key
      management processes that support use of the algorithms in some
      application context.
ToP   noToC   RFC2828 - Page 50
      (C) This "I" definition covers a wider range of algorithms than
      the following "O" definition:

      (O) "A collection of transformations from plaintext into
      ciphertext and vice versa [which would exclude digital signature,
      cryptographic hash, and key agreement algorithms], the particular
      transformation(s) to be used being selected by keys. The
      transformations are normally defined by a mathematical algorithm."

   $ cryptographic token
      (I) A portable, user-controlled, physical device used to store
      cryptographic information and possibly perform cryptographic
      functions. (See: cryptographic card, token.)

      (C) A smart token may implement some set of cryptographic
      algorithms and may implement related algorithms and key management
      functions, such as a random number generator. A smart
      cryptographic token may contain a cryptographic module or may not
      be explicitly designed that way.

   $ cryptography
      (I) The mathematical science that deals with transforming data to
      render its meaning unintelligible (i.e., to hide its semantic
      content), prevent its undetected alteration, or prevent its
      unauthorized use. If the transformation is reversible,
      cryptography also deals with restoring encrypted data to
      intelligible form. (See: cryptology, steganography.)

      (O) "The discipline which embodies principles, means, and methods
      for the transformation of data in order to hide its information
      content, prevent its undetected modification and/or prevent its
      unauthorized use. . . . Cryptography determines the methods used
      in encipherment and decipherment." [I7498 Part 2]

   $ Cryptoki
      See: (secondary definition under) PKCS #11.

   $ cryptology
      (I) The science that includes both cryptography and cryptanalysis,
      and sometimes is said to include steganography.

   $ cryptonet
      (I) A group of system entities that share a secret cryptographic
      key for a symmetric algorithm.
ToP   noToC   RFC2828 - Page 51
   $ cryptoperiod
      (I) The time span during which a particular key is authorized to
      be used in a cryptographic system. (See: key management.)

      (C) A cryptoperiod is usually stated in terms of calendar or clock
      time, but sometimes is stated in terms of the maximum amount of
      data permitted to be processed by a cryptographic algorithm using
      the key. Specifying a cryptoperiod involves a tradeoff between the
      cost of rekeying and the risk of successful cryptanalysis.

      (C) Although we deprecate its prefix, this term is long-
      established in COMPUSEC usage. (See: crypto) In the context of
      certificates and public keys, "key lifetime" and "validity period"
      are often used instead.

   $ cryptosystem
      (D) ISDs SHOULD NOT use this term as an abbreviation for
      cryptographic system. (For rationale, see: crypto.)

   $ CSIRT
      See: computer security incident response team.

   $ CSOR
      See: Computer Security Objects Register.

   $ cut-and-paste attack
      (I) An active attack on the data integrity of ciphertext, effected
      by replacing sections of ciphertext with other ciphertext, such
      that the result appears to decrypt correctly but actually decrypts
      to plaintext that is forged to the satisfaction of the attacker.

   $ cyclic redundancy check (CRC)
      (I) Sometimes called "cyclic redundancy code". A type of checksum
      algorithm that is not a cryptographic hash but is used to
      implement data integrity service where accidental changes to data
      are expected.

   $ DAC
      See: Data Authentication Code, discretionary access control.

   $ DASS
      See: Distributed Authentication Security Service.

   $ data
      (I) Information in a specific physical representation, usually a
      sequence of symbols that have meaning; especially a representation
      of information that can be processed or produced by a computer.
ToP   noToC   RFC2828 - Page 52
   $ Data Authentication Algorithm
      (N) A keyed hash function equivalent to DES cipher block chaining
      with IV = 0. [A9009]

      (D) ISDs SHOULD NOT use the uncapitalized form of this term as a
      synonym for other kinds of checksums.

   $ data authentication code vs. Data Authentication Code (DAC)
      1. (N) Capitalized: "The Data Authentication Code" refers to a
      U.S. Government standard [FP113] for a checksum that is computed
      by the Data Authentication Algorithm. (Also known as the ANSI
      standard Message Authentication Code [A9009].)

      2. (D) Not capitalized: ISDs SHOULD NOT use "data authentication
      code" as a synonym for another kind of checksum, because this term
      mixes concepts in a potentially misleading way. (See:
      authentication code.) Instead, use "checksum", "error detection
      code", "hash", "keyed hash", "Message Authentication Code", or
      "protected checksum", depending on what is meant.

   $ data compromise
      (I) A security incident in which information is exposed to
      potential unauthorized access, such that unauthorized disclosure,
      alteration, or use of the information may have occurred. (See:

   $ data confidentiality
      (I) "The property that information is not made available or
      disclosed to unauthorized individuals, entities, or processes
      [i.e., to any unauthorized system entity]." [I7498 Part 2]. (See:
      data confidentiality service.)

      (D) ISDs SHOULD NOT use this term as a synonym for "privacy",
      which is a different concept.

   $ data confidentiality service
      (I) A security service that protects data against unauthorized
      disclosure. (See: data confidentiality.)

      (D) ISDs SHOULD NOT use this term as a synonym for "privacy",
      which is a different concept.

   $ Data Encryption Algorithm (DEA)
      (N) A symmetric block cipher, defined as part of the U.S.
      Government's Data Encryption Standard. DEA uses a 64-bit key, of
      which 56 bits are independently chosen and 8 are parity bits, and
      maps a 64-bit block into another 64-bit block. [FP046] (See: DES,
      symmetric cryptography.)
ToP   noToC   RFC2828 - Page 53
      (C) This algorithm is usually referred to as "DES". The algorithm
      has also been adopted in standards outside the Government (e.g.,

   $ data encryption key (DEK)
      (I) A cryptographic key that is used to encipher application data.
      (See: key-encrypting key.)

   $ Data Encryption Standard (DES)
      (N) A U.S. Government standard [FP046] that specifies the Data
      Encryption Algorithm and states policy for using the algorithm to
      protect unclassified, sensitive data. (See: AES, DEA.)

   $ data integrity
      (I) The property that data has not been changed, destroyed, or
      lost in an unauthorized or accidental manner. (See: data integrity

      (O) "The property that information has not been modified or
      destroyed in an unauthorized manner." [I7498 Part 2]

      (C) Deals with constancy of and confidence in data values, not
      with the information that the values represent (see: correctness
      integrity) or the trustworthiness of the source of the values
      (see: source integrity).

   $ data integrity service
      (I) A security service that protects against unauthorized changes
      to data, including both intentional change or destruction and
      accidental change or loss, by ensuring that changes to data are
      detectable. (See: data integrity.)

      (C) A data integrity service can only detect a change and report
      it to an appropriate system entity; changes cannot be prevented
      unless the system is perfect (error-free) and no malicious user
      has access. However, a system that offers data integrity service
      might also attempt to correct and recover from changes.

      (C) Relationship between data integrity service and authentication
      services: Although data integrity service is defined separately
      from data origin authentication service and peer entity
      authentication service, it is closely related to them.
      Authentication services depend, by definition, on companion data
      integrity services. Data origin authentication service provides
      verification that the identity of the original source of a
      received data unit is as claimed; there can be no such
      verification if the data unit has been altered. Peer entity
ToP   noToC   RFC2828 - Page 54
      authentication service provides verification that the identity of
      a peer entity in a current association is as claimed; there can be
      no such verification if the claimed identity has been altered.

   $ data origin authentication
      (I) "The corroboration that the source of data received is as
      claimed." [I7498 Part 2] (See: authentication.)

   $ data origin authentication service
      (I) A security service that verifies the identity of a system
      entity that is claimed to be the original source of received data.
      (See: authentication, authentication service.)

      (C) This service is provided to any system entity that receives or
      holds the data. Unlike peer entity authentication service, this
      service is independent of any association between the originator
      and the recipient, and the data in question may have originated at
      any time in the past.

      (C) A digital signature mechanism can be used to provide this
      service, because someone who does not know the private key cannot
      forge the correct signature. However, by using the signer's public
      key, anyone can verify the origin of correctly signed data.

      (C) This service is usually bundled with connectionless data
      integrity service. (See: (relationship between data integrity
      service and authentication services under) data integrity service.

   $ data privacy
      (D) ISDs SHOULD NOT use this term because it mix concepts in a
      potentially misleading way. Instead, use either "data
      confidentiality" or "privacy", depending on what is meant.

   $ data security
      (I) The protection of data from disclosure, alteration,
      destruction, or loss that either is accidental or is intentional
      but unauthorized.

      (C) Both data confidentiality service and data integrity service
      are needed to achieve data security.

   $ datagram
      (I) "A self-contained, independent entity of data carrying
      sufficient information to be routed from the source to the
      destination." [R1983]

   $ DEA
      See: Data Encryption Algorithm.
ToP   noToC   RFC2828 - Page 55
   $ deception
      See: (secondary definition under) threat consequence.

   $ decipher
      (D) ISDs SHOULD NOT use this term as a synonym for "decrypt",
      except in special circumstances. (See: (usage discussion under)

   $ decipherment
      (D) ISDs SHOULD NOT use this term as a synonym for "decryption",
      except in special circumstances. (See: (usage discussion under)

   $ decode
      (I) Convert encoded data back to its original form of
      representation. (See: decrypt.)

      (D) ISDs SHOULD NOT use this term as a synonym for "decrypt",
      because that would mix concepts in a potentially misleading way.

   $ decrypt
      (I) Cryptographically restore ciphertext to the plaintext form it
      had before encryption.

   $ decryption
      See: (secondary definition under) encryption.

   $ dedicated security mode
      (I) A mode of operation of an information system, wherein all
      users have the clearance or authorization, and the need-to-know,
      for all data handled by the system. In this mode, the system may
      handle either a single classification level or category of
      information or a range of levels and categories. [DOD2]

      (C) This mode is defined formally in U.S. Department of Defense
      policy regarding system accreditation, but the term is also used
      outside the Defense Department and outside the Government.

   $ default account
      (I) A system login account (usually accessed with a user name and
      password) that has been predefined in a manufactured system to
      permit initial access when the system is first put into service.

      (C) Sometimes, the default user name and password are the same in
      each copy of the system. In any case, when the system is put into
      service, the default password should immediately be changed or the
      default account should be disabled.
ToP   noToC   RFC2828 - Page 56
   $ degauss
      (N) Apply a magnetic field to permanently remove, erase, or clear
      data from a magnetic storage medium, such as a tape or disk
      [NCS25]. Reduce magnetic flux density to zero by applying a
      reversing magnetic field.

   $ degausser
      (N) An electrical device that can degauss magnetic storage media.

   $ DEK
      See: data encryption key.

   $ delta CRL
      (I) A partial CRL that only contains entries for X.509
      certificates that have been revoked since the issuance of a prior,
      base CRL. This method can be used to partition CRLs that become
      too large and unwieldy.

   $ denial of service
      (I) The prevention of authorized access to a system resource or
      the delaying of system operations and functions. (See:
      availability, critical (resource of a system), flooding.)

   $ DES
      See: Data Encryption Standard.

   $ dictionary attack
      (I) An attack that uses a brute-force technique of successively
      trying all the words in some large, exhaustive list.

      (C) For example, an attack on an authentication service by trying
      all possible passwords; or an attack on encryption by encrypting
      some known plaintext phrase with all possible keys so that the key
      for any given encrypted message containing that phrase may be
      obtained by lookup.

   $ Diffie-Hellman
      (N) A key agreement algorithm published in 1976 by Whitfield
      Diffie and Martin Hellman [DH76, R2631].

      (C) Diffie-Hellman does key establishment, not encryption.
      However, the key that it produces may be used for encryption, for
      further key management operations, or for any other cryptography.

      (C) The difficulty of breaking Diffie-Hellman is considered to be
      equal to the difficulty of computing discrete logarithms modulo a
      large prime. The algorithm is described in [R2631] and [Schn]. In
      brief, Alice and Bob together pick large integers that satisfy
ToP   noToC   RFC2828 - Page 57
      certain mathematical conditions, and then use the integers to each
      separately compute a public-private key pair. They send each other
      their public key. Each person uses their own private key and the
      other person's public key to compute a key, k, that, because of
      the mathematics of the algorithm, is the same for each of them.
      Passive wiretapping cannot learn the shared k, because k is not
      transmitted, and neither are the private keys needed to compute k.
      However, without additional mechanisms to authenticate each party
      to the other, a protocol based on the algorithm may be vulnerable
      to a man-in-the-middle attack.

   $ digest
      See: message digest.

   $ digital certificate
      (I) A certificate document in the form of a digital data object (a
      data object used by a computer) to which is appended a computed
      digital signature value that depends on the data object. (See:
      attribute certificate, capability, public-key certificate.)

      (D) ISDs SHOULD NOT use this term to refer to a signed CRL or CKL.
      Although the recommended definition can be interpreted to include
      those items, the security community does not use the term with
      those meanings.

   $ digital certification
      (D) ISDs SHOULD NOT use this term as a synonym for
      "certification", unless the context is not sufficient to
      distinguish between digital certification and another kind of
      certification, in which case it would be better to use "public-key
      certification" or another phrase that indicates what is being

   $ digital document
      (I) An electronic data object that represents information
      originally written in a non-electronic, non-magnetic  medium
      (usually ink on paper) or is an analogue of a document of that

   $ digital envelope
      (I) A digital envelope for a recipient is a combination of (a)
      encrypted content data (of any kind) and (b) the content
      encryption key in an encrypted form that has been prepared for the
      use of the recipient.

      (C) In ISDs, this term should be defined at the point of first use
      because, although the term is defined in PKCS #7 and used in
      S/MIME, it is not yet widely established.
ToP   noToC   RFC2828 - Page 58
      (C) Digital enveloping is not simply a synonym for implementing
      data confidentiality with encryption; digital enveloping is a
      hybrid encryption scheme to "seal" a message or other data, by
      encrypting the data and sending both it and a protected form of
      the key to the intended recipient, so that no one other than the
      intended recipient can "open" the message. In PCKS #7, it means
      first encrypting the data using a symmetric encryption algorithm
      and a secret key, and then encrypting the secret key using an
      asymmetric encryption algorithm and the public key of the intended
      recipient. In S/MIME, additional methods are defined for
      conveying the content encryption key.

   $ Digital ID(service mark)
      (D) ISDs SHOULD NOT use this term as a synonym for "digital
      certificate" because (a) it is the service mark of a commercial
      firm, (b) it unnecessarily duplicates the meaning of other, well-
      established terms, and (c) a certificate is not always used as
      authentication information. In some contexts, however, it may be
      useful to explain that the key conveyed in a public-key
      certificate can be used to verify an identity and, therefore, that
      the certificate can be thought of as digital identification
      information. (See: identification information.)

   $ digital key
      (C) The adjective "digital" need not be used with "key" or
      "cryptographic key", unless the context is insufficient to
      distinguish the digital key from another kind of key, such as a
      metal key for a door lock.

   $ digital notary
      (I) Analogous to a notary public. Provides a trusted date-and-time
      stamp for a document, so that someone can later prove that the
      document existed at a point in time. May also verify the
      signature(s) on a signed document before applying the stamp. (See:

   $ digital signature
      (I) A value computed with a cryptographic algorithm and appended
      to a data object in such a way that any recipient of the data can
      use the signature to verify the data's origin and integrity. (See:
      data origin authentication service, data integrity service,
      digitized signature, electronic signature, signer.)

      (I) "Data appended to, or a cryptographic transformation of, a
      data unit that allows a recipient of the data unit to prove the
      source and integrity of the data unit and protect against forgery,
      e.g. by the recipient." [I7498 Part 2]
ToP   noToC   RFC2828 - Page 59
      (C) Typically, the data object is first input to a hash function,
      and then the hash result is cryptographically transformed using a
      private key of the signer. The final resulting value is called the
      digital signature of the data object. The signature value is a
      protected checksum, because the properties of a cryptographic hash
      ensure that if the data object is changed, the digital signature
      will no longer match it. The digital signature is unforgeable
      because one cannot be certain of correctly creating or changing
      the signature without knowing the private key of the supposed

      (C) Some digital signature schemes use a asymmetric encryption
      algorithm (e.g., see: RSA) to transform the hash result. Thus,
      when Alice needs to sign a message to send to Bob, she can use her
      private key to encrypt the hash result. Bob receives both the
      message and the digital signature. Bob can use Alice's public key
      to decrypt the signature, and then compare the plaintext result to
      the hash result that he computes by hashing the message himself.
      If the values are equal, Bob accepts the message because he is
      certain that it is from Alice and has arrived unchanged. If the
      values are not equal, Bob rejects the message because either the
      message or the signature was altered in transit.

      (C) Other digital signature schemes (e.g., see: DSS) transform the
      hash result with an algorithm (e.g., see: DSA, El Gamal) that
      cannot be directly used to encrypt data. Such a scheme creates a
      signature value from the hash and provides a way to verify the
      signature value, but does not provide a way to recover the hash
      result from the signature value. In some countries, such a scheme
      may improve exportability and avoid other legal constraints on

   $ Digital Signature Algorithm (DSA)
      (N) An asymmetric cryptographic algorithm that produces a digital
      signature in the form of a pair of large numbers. The signature is
      computed using rules and parameters such that the identity of the
      signer and the integrity of the signed data can be verified. (See:
      Digital Signature Standard.)

   $ Digital Signature Standard (DSS)
      (N) The U.S. Government standard [FP186] that specifies the
      Digital Signature Algorithm (DSA), which involves asymmetric

   $ digital watermarking
      (I) Computing techniques for inseparably embedding unobtrusive
      marks or labels as bits in digital data--text, graphics, images,
      video, or audio--and for detecting or extracting the marks later.

(next page on part 3)

Next Section