SSL Certificate Managed PKI Personal ID MyTRUST MyKAD ID SSL VPN Managed Security Services VeriSign Certified Training Application Development
WhitePapers PKI Glosary Brochures


  PKI Glossary


ABN-DSC SUBSCRIBER AGREEMENT VeriSign's Accredited Document of the same name which summarises the responsibilities of the Organisation and Key Holder in relation to an ABN-DSC.
ACCEPT (A CERTIFICATE) "To demonstrate approval of a certificate by a certificate applicant while knowing or having notice of its informational contents, in accordance with the CPS. "
ACCESS "A specific type of interaction between a submission and communications or information resources that results in a flow of information, the exercise of control, or the activation of a process."
ACCREDITATION "A formal declaration by a entity approving authority that a particular information system, professional or other employee or contractor, or organisation is approved to perform certain duties and to operate in a specific security mode, using a prescribed set of safeguards."
AFFILIATED CERTIFICATE A certificate issued to an affiliated individual.
AFFILIATED INDIVIDUAL "A human being that is affiliated with an organisation (i) as an officer, director, employee, partner, contractor, intern, or other person within the organisation, or (ii) as a person maintaining a contractual relationship with the organisation where the organisation has business records providing strong assurances of the identity of such person."
AFFIRM / AFFIRMATION To state or indicate by conduct that data is correct or information is true.
ALIAS A pseudonym.
APPLICANT "A person who has applied to become a Key Holder, prior to the time at which Keys and Certificates are Issued to and Accepted by them."
APPLICATION A request from an Applicant (or an Organisation) for a Certificate to be Issued to the Applicant.
ARCHIVE "To store records and associated journals for a given period of time for security, backup, or auditing purposes."
ASSURANCES "Statements or conduct intended to convey a general intention, supported by a good-faith effort, to provide and maintain a specified service by an IA. ""Assurances"" does not necessarily imply a guarantee that the services will be performed fully and satisfactorily. Assurances are distinct from insurance, promises, guarantees, and warranties, unless otherwise expressly indicated."
AUDIT A procedure used to validate that controls are in place and adequate for their purposes. Includes recording and analysing activities to detect intrusions or abuses into an information system. Inadequacies found by an audit are reported to appropriate management personnel.
AUSTRALIAN BUSINESS NUMBER - DIGITAL SIGNATURE CERTIFICATE (ABN-DSC) "A Certificate that identifies an individual with an associated entity that has an ABN, as more fully described in the VeriSign Gatekeeper ABN-DSC CP."
AUSTRALIAN BUSINESS NUMBER (ABN) "The Australian Business Number (ABN) is a single identifier primarily for dealings between a Business Entity and the Australian Taxation Office, and for dealings with other government agencies."
AUSTRALIAN BUSINESS REGISTER (ABR) The Australian Business Register contains all the publicly available information provided by businesses when they register for an Australian Business Number (ABN). The Australian Business Register is established under s.24 of the A New Tax System (Australian Business Number) Act 1999.
AUTHENTICATED RECORD "A signed document with appropriate assurances of authentication or a message with a digital signature verified by a valid Class 3 certificate by a relying party. However, for suspension and revocation notification purposes, the digital signature contained in such notification message must have been created by the private key corresponding to the public key contained in the certificate for the applicable certificate class."
AUTHENTICATION A process used to confirm the identity of a person or to prove the integrity of specific information. Message authentication involves determining its source and verifying that it has not been modified or replaced in transit.
AUTHERISED OFFICER "An individual who:has been issued with, and accepted, Keys and an ABN-DSC to use on behalf of an Organisation; andis authorised by the Organisation to perform the functions described in section of the VeriSign Gatekeeper ABN-DSC CP."
AUTHORISATION "The granting of rights, including the ability to access specific information or resources."
AVAILABILITY "The extent to which information or processes are reasonably accessible and usable, upon demand, by an authorised entity, allowing authorised access to resources and timely performance of time-critical operations."
BUSINESS ENITIY An entity entitled to have an ABN within the meaning of s.8 of the A New Tax System (Australian Business Number) Act 1999 (Cth).
CA APPLICANT A person who submits a CA application to VeriSign requesting to become a CA or subordinate CA.
CA OPERATIONS MANUAL VeriSign's Accredited Document of the same name which describes in greater detail than the VeriSign Gatekeeper CPS how VeriSign operates its CA.
CERTIFICATE A set of information which at a minimum:
(a) identifies the Certification Authority issuing the Certificate.
(b) unambiguously names or identifies the Certificate's holder (the Key      Holder/organisation);
(c)contains the Public Key; and
(d) is digitally signed by the Certificate Authority issuing it.
CERTIFICATE APPLICANT A person or authorised agent that requests the issuance of a public key certificate by an IA.
CERTIFICATE APPLICATION A request from a certificate applicant (or authorised agent) to an RA for the issuance of a certificate.
CERTIFICATE AUTHORITY (CA) Means VeriSign and any Subordinate CA. VeriSign can be contacted as follows:
Physical Address: 134 Moray Street, South Melbourne, VIC 3205, Australia
Postal address: PO Box 3092, South Melbourne, VIC 3205, Australia
Email: FAX: +61 3 9674 5565
CERTIFICATE CHAIN The CA listed as the issuer in the Certificate Profile and all superior CAs (CAs who have signed the Certificate of the CA)
CERTIFICATE DIRECTORY The published directory containing all Gatekeeper Certificates issued by VeriSign. The Certificate Directory for all VeriSign issued Gatekeeper Certificates can be found at ldap://
CERTIFICATE EXPIRATION "The time and date specified in the certificate when the operational period ends, without regard to any earlier suspension or revocation."
CERTIFICATE EXTENSION "An extension field to a certificate which may convey additional information about the public key being certified, the certified subscriber, the certificate issuer, and/or the certification process. Standard extensions are defined in Amendment 1 to ISO/IEC 9594-8:1995 (X.509). Custom extensions can also be defined by communities of interest."
CERTIFICATE ISSUANCE The actions performed by an RA in creating a certificate and notifying the certificate applicant (anticipated to become a subscriber) listed in the certificate of its contents.
CERTIFICATE MANAGEMENT "Certificate management includes, but is not limited to storage, dissemination, publication, revocation, and suspension of certificates. An RA undertakes certificate management functions by serving as a registration authority for subscriber certificates. An RA designates issued and accepted certificates as valid by publication."
CERTIFICATE POLICY (CP) "A named set of rules that indicates the applicability of a Certificate to a particular community and/or class of application with common security requirements. For example, a particular Certificate Policy might indicate applicability of a Certificate Type to the authentication of electronic transactions with a particular Agency or Government transactions up to a certain financial value. "
CERTIFICATE REVOCATION LIST (CRL) "A list of Revoked Certificates. The CRL may form part of the Certificate Directory or may be published separately. The CRL for a Certificate is published in the Certificate Extension field named ""CRL Distribution Point""."
CERTIFICATE SERIAL NUMBER A value that unambiguously identifies a certificate generated by an RA.
CERTIFCATE SIGNING REQUEST (CSR) A request from a person generating Keys for a CA to generate a Certificate and sign that Certificate.
CERTIFICATION / CERTIFY The process of issuing a certificate by an RA.
CERTIFICATION PRACTISE STATEMENT (CPS) A statement of the practices that a Certification Authority employs in issuing Certificates (eg Gatekeeper Certificates). The VeriSign Gatekeeper CPS describes the operational practices of VeriSign in relation to its CA and RA services and is published in the Repository.
CHALLANGE PHRASE "A set of numbers and/or letters that are chosen by an Applicant, communicated to the CA with an Application, and used by the CA to authenticate the customer (such as to determine the customer's ability to Renew or Revoke a Certificate)."
"CLASS [1, 2, OR 3] CERTIFICATE" A certificate of a specified level of trust.
COMMERCIAL REASONABLENESS "In the context of electronic commerce, the implementation and use of technology, controls, and administrative and operational procedures that reasonably ensure system and message trustworthiness."
COMMON KEY "Some systems of cryptographic hardware require arming through a secret-sharing process and require that the last of these shares remain physically attached to the hardware in order for it to stay armed. In this case, ""common key"" refers to this last share. It is not assumed to be secret as it is not continually in an individual's possession."
COMPROMISE "A violation (or suspected violation) of a security policy, in which an unauthorised disclosure of, or loss of control over, sensitive information may have occurred. "
CONFIDENTIALITY The condition in which sensitive data is kept secret and disclosed only to authorised parties.
CONFIRM To ascertain through appropriate inquiry and investigation.
CONFIRMATION OF CERTIFICATE CHAIN The process of validating a certificate chain and subsequently validating an end-user subscriber certificate.
CONTENT INTEGRITY SERVICES Content integrity services provide certificates to software publishers who desire to digitally sign their software publications to facilitate their customers' (end-users') ability to undertake software validation.
CONTROLS Measures taken to ensure the integrity and quality of a process.
CORRESPOND To belong to the same key pair. (See also PUBLIC KEY; PRIVATE KEY)
CROSS-CERTIFICATION A condition in which either or both a VeriSign PCA and a non-VeriSign certificate issuing entity (representing another certification domain) issues a certificate having the other as the subject of that certificate.
CRYPTOGRAPHIC ALGORITHM A clearly specified mathematical process for computation; a set of rules that produce a prescribed result.
CRYPTOGRAPHIC MODUAL "A Cryptographic Module is hardware, software, or firmware or any combination of them which using Cryptography can be used to protect the information stored therein."
CRYPTOGRAPHY (a)The mathematical science used to secure the confidentiality and authentication of data by replacing it with a transformed version that can be reconverted to reveal the original data only by someone holding the proper cryptographic algorithm and Key.
(b) A discipline that embodies the principles, means, and methods for transforming data in order to hide its information content, prevent its undetected modification, and/or prevent its unauthorised use."
CRYPTOMODULE A trustworthy implementation of a cryptosystem which safely performs encryption and decryption of data.
DATA "Programs, files, and other information stored in, communicated, or processed by a computer."
DATA INTEGRITY A condition in which data has not been altered or destroyed in an unauthorised manner.
DATABASE "A set of related information created, stored, or manipulated by a computerised management information system."
DEMO CERTIFICATE A certificate issued by an CA to be used exclusively for demonstration and presentation purposes and not for any secure or confidential communications. Demo certificates may be used by authorised persons only.
DIGITAL IDSM (See CERTIFICATE) A VeriSign service mark and brand name for a certificate.
DIGITAL SIGNATURE "An electronic signature created using a Private Key consisting of data appended to, or a Cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery."
DISTINGUISHED NAME "A unique identifier of a person or thing having the structure required by the relevant Certificate Profile. A Distinguished Name is assigned to each Key Holder, Organisation or other entity."
DOCUMENT A record consisting of information inscribed on a tangible medium such as paper rather than computer-based information.
"ELECTRONIC MAIL (""E-MAIL"")" "Messages sent, received or forwarded in digital form via a computer-based communication mechanism. "
EMPLOYEE IN GOOD STANDING "A non-probationary employee that has not been terminated or suspended, and is not the subject of pending disciplinary action, by his or her employer."
ENCRYPTION The process of transforming plaintext data into an unintelligible form (ciphertext) such that the original data either cannot be recovered (one-way encryption) or cannot be recovered without using an inverse decryption process (two-way encryption).
ENHANCED NAMING The use of an extended organisation field (OU=) in an X.509 v3 certificate.
ENROLLMENT The process of a certificate applicant's applying for a certificate.
ESCROW Escrow is the process of entrusting material (for example a Key) to a third party (such as an Organisation or government) ('Escrow Agent') and providing another third party with a legal right to obtain the material from the Escrow Agent in certain circumstances.
EXPIRATION DATE "The time and date stated in a Certificate as the end of the Operational Period, after which the Certificate will expire."
EXPIRY When the current date passes the Expiration Date a Certificate is said to have expired.
EXPORT CONTROL CERTIFICATE "A certificate-based service that allows approved server certificate subscribers to operate in a strong encryption mode, and as a result, allows a browser accessing such a server to also operate in such strong encryption mode."
EXTENSIONS Extension fields in X.509 v3 certificates. (See X.509)
FILE TRANSFER PROTOCOL (FTP) The application protocol that offers file system access from the Internet suite of protocols.
GATEKEEPER The Commonwealth Government strategy for the use of Public Key Technology in the delivery of Commonwealth Government services and in all business dealings with Commonwealth Agencies.
GATEKEEPER ACCREDITATION "Accreditation by the CEO, NOIE, granted on the basis that:" (a) in the case of a CA - the CA meets the criteria set out in the Gatekeeper Criteria for Accreditation of Certificate Authorities; or; (b)in the case of an RA - the RA meets the Gatekeeper Criteria for Accreditation of Registration Authorities.The Gatekeeper Accreditation process involves:An examination of the ability of the applicant to protect the privacy of Key Holder's Personal Information;An examination of the financial viability of the applicant as part of that entity obtaining endorsement under the Endorsed Supplier Arrangements administered by the Commonwealth Department of Finance and Administration; andEvaluation of the Accredited Documents Granting of accreditation by the CEO, NOIE once the evaluation of the applicant's operation has been successfully completed."
GENERATE A KEY PAIR A trustworthy process of creating private keys during certificate application whose corresponding public key are submitted to the applicable IA during certificate application in a manner that demonstrates the applicant's capacity to use the private key.
IDENTIFICATION/IDENTITY The process of confirming the identity of a person. identification is facilitated in public key cryptography by means of certificates.
IDENTITY A unique piece of information that marks or signifies a particular entity within a domain. Such information is only unique within a particular domain.
INCORPORATE BY REFERENCE "To make one message a part of another message by identifying the message to be incorporated, with information that enables the receiving party to access and obtain the incorporated message in its entirety, and by expressing the intention that it be part of the incorporating message. Such an incorporated message shall have the same effect as if it had been fully stated in the message to the extent permitted by law. "
ISSUE "A process whereby the CA, based on the Registration Information, generates a Certificate and distributes this to the customer."
JURISTICION "A CA may have one or more jurisdictions. For example, in the case of the VeriSign ABN-DSC CA there are two jurisdictions: encryption and signing. Certificates issued under the encryption jurisdiction of the ABN-DSC CA will be marked for use for encryption only."
KEY "A data element used to encrypt or decrypt a message - includes both Public Keys and Private Keys. A sequence of symbols that controls the operation of a Cryptographic transformation (eg. encipherment, decipherment, Cryptographic check function computation, signature generation, or signature authentication)."
KEY GENERATION The trustworthy process of creating a private key/public key pair. The public key is supplied to an CA during the certificate application process.
KEY PAIR A pair of asymmetric cryptographic Keys (ie. one decrypts messages which have been encrypted using the other) consisting of a Public Key and a Private Key.
MESSAGE A digital representation of information; a computer-based record. A subset of RECORD.
NAME A set of identifying attributes purported to describe an entity of a certain type.
NAMING Naming is the assignment of descriptive identifiers to objects of a particular type by an authority which follows specific issuing procedures and maintains specific records pertinent to an identified registration process.
NAMING AUTHORITY A body which executes naming policy and procedures and has control over the registration and assignment of primitive (basic) names to objects of a particular class.
NON-INDUVIDUAL CERTIFICATE A body which executes naming policy and procedures and has control over the registration and assignment of primitive (basic) names to objects of a particular class.
NONREPUDIATION "Provides proof of the origin or delivery of data in order to protect the sender against a false denial by the recipient that the data has been received or to protect the recipient against false denial by the sender that the data has been sent. Note: Only a trier of fact (someone with the authority to resolve disputes) can make an ultimate determination of nonrepudiation. By way of illustration, a digital signature verified pursuant to this CPS can provide proof in support of a determination of nonrepudiation by a trier of fact, but does not by itself constitute nonrepudiation."
NONVERIFIED SUBSCRIBER INFORMATION (NSI) "Information submitted by a certificate applicant to an RA, and included within a certificate, which has not been confirmed by the RA and for which the RA provides no assurances other than that the information was submitted by the certificate applicant. Information such as titles, professional degrees, accreditations, and Registration Field Information are considered NSI unless otherwise indicated."
NOTARY "A natural person authorised by an executive governmental agency to perform notarial services such as taking acknowledgments, administering oaths or affirmations, witnessing or attesting signatures, and noting protests of negotiable instruments. "
NOTICE The result of notification in accordance with this CPS.
NOTIFY To communicate specific information to another person as required by this CPS and applicable law.
OCSP Online Certificate Status Protocol. A protocol to enable real time checking of the validity of a Certificate (ie whether it is during the Operational Period of the Certificate and the Certificate has not been Revoked).
OPERATIONAL CERTIFICATE "A certificate which is within its operational period at the present date and time or at a different specified date and time, depending on the context."
OPERATIONAL PERIOD "The operative period of the Certificate, as can be determined from the Certificate (being the time between the 'Valid From' and 'Valid To' fields), unless it is earlier Suspended or Revoked."
ORGANISATION An entity with which a user is affiliated. An organisation may also be a user.
ORIGINATOR "A person by whom (or on whose behalf) a data message is purported to have been generated, stored, or communicated. It does not include a person acting as an intermediary. "
PARTIES "The entities whose rights and obligations are intended to be controlled by this CPS. These entities may include certificate applicants, IAs, subscribers, and relying parties."
PASSWORD (PASS PHRASE; PIN NUMBER) "Confidential authentication information, usually composed of a string of characters used to provide access to a computer resource."
PC CARD (See also SMART CARD) "A hardware token compliant with standards promulgated by the Personal Computer Memory Card International Association (PCMCIA) providing expansion capabilities to computers, including the facilitation of information security."
PERSON "A human being or an organisation (or a device under the control of a human being or organisation) capable of signing or verifying a message, either legally or as a matter of fact. (A synonym of ENTITY.) "
PERSONAL PRESENCE The act of appearing (physically rather than virtually or figuratively) before an LRA or its designee and proving one's identity as a prerequisite to certificate issuance under certain circumstances.
PKI See Public Key Infrastructure.
PKI ENITY "VeriSign, Subordinate CAs, RAs, Key Holders, Relying Parties and the entity which provides Repository services (if it is not one of these entities)."
PKI SERVICE PROVIDER "Any entity which has roles, functions, obligations or rights under a CP, other than an End Entity. PKI Service Providers include the Specification Administration Organisations, the CA, Subordinate CAs and RAs."
PRIMARY CERTIFICATION AUTHORITY (PCA) A person that establishes practices for all certification authorities and users within its domain.
PRIVATE KEY "The half of a Key Pair which must be kept secret to ensure confidentiality, integrity, authenticity and non-repudiation of messages."
PUBLIC KEY "The half of a Key Pair which may be made public, and is published in the Certificate."
"PUBLIC KEY CRYPTOGRAPHY (Cf.,CRYPTOGRAPHY)" A type of cryptography that uses a key pair of mathematically related cryptographic keys. The public key can be made available to anyone who wishes to use it and can encrypt information or verify a digital signature; the private key is kept secret by its holder and can decrypt information or generate a digital signature.
PUBLIC KEY INFRASTRUCTURE (PKI) "The combination of hardware, software, people, policies and procedures needed to create, manage, store, distribute and revoke Public Key Certificates based on public key Cryptography."
PUBLISH / PUBLICATION To record or file information in a repository in order to disclose and make publicly available such information in a manner that is consistent with this CPS and applicable law.
RA See Registration Authority.
RA OPERATIONS MANUAL VeriSign's Accredited Document of the same name which sets out in greater detail the operations of VeriSign's RA.
RECIPIENT (of a DIGITAL SIGNATURE) "A person who receives a digital signature and who is in a position to rely on it, whether or not such reliance occurs. "
RECORD "Information that is inscribed on a tangible medium (a document) or stored in an electronic or other medium and retrievable in perceivable form. The term ""record"" is a superset of the two terms ""document"" and ""message""."
REGISTERED STRING A class of object subject to registration and recording procedures which demonstrates the value is unambiguous within the records of the registration authority. The type of value recorded is a string of characters.
REGISTRATION "The process for receiving and processing applications for Keys and Certificates, including collection of Registration Information."
REGISTRATION AUTHORITY (RA) "An entity which registers Applicants for Keys and Certificates (see Registration). RAs may have other functions or obligations specified in the relevant CP. The contact details for each RA (including physical address, postal address, email and facsimile) will be published in the Repository. "
REGISTRATION FIELD INFORMATION "Country, postcode, age, and gender data included within designated certificates at the option of the subscriber."
REGISTATION INFORMATION "Information about Key Holders or Organisations which is reasonably required for the issue and use of Keys and Certificates, including information needed to:verify the identity of the Key Holder;verify the identity of and the Organisation; confirm that the Key Holder has authority to hold and use Keys and Certificates on behalf of the Organisation; andconfirm that the Organisation is a member of the Community of Interest"
RELATIVE DISTINGUISHED NAME (RDN) A set of attributes compromising an entity's distinguished name that distinguishes the entity from others of the same type.
RELY / RELIANCE (on a CERTIFICATE and DIGITAL SIGNATURE) To accept a digital signature and act in a manner that could be detrimental to oneself were the digital signature to be ineffective.
RELYING PARTY A recipient who acts in reliance on a certificate and digital signature.
RENEW The process whereby a new Certificate is issued to a Key Holder/organisation at the end of the Operational Period of a Certificate.
RENEWAL The process of obtaining a new certificate of the same class and type for the same subject once an existing certificate has expired.
REPOSITORY "The location, at which can be found a copy of all VeriSign's Gatekeeper Accredited Certificate Policies, CPS, Subscriber Agreements, Relying Party Agreement and other documentation. "
REPUDIATION (See also NONREPUDIATION) The denial or attempted denial by an entity involved in a communication of having participated in all or part of the communication.
REVOKE To terminate the effectiveness of a Certificate before the end of the Operational Period of a Certificate.
ROOT "The CA that issues the first certificate in a certification chain. The root's public key must be known in advance by a certificate user in order to validate a certification chain. The root 's public key is made trustworthy by some mechanism other than a certificate, such as by secure physical distribution."
RSA "A public key cryptographic system invented by Rivest, Shamir & Adelman."
S/MIME A specification for E-mail security exploiting a cryptographic message syntax in an Internet MIME environment.
SECRET SHARE A portion of a cryptographic secret split among a number of physical tokens.
SECRET SHARE HOLDER An authorised holder of a physical token containing a secret share.
SECRET SHARE ISSUER The person designated by an IA to create and distribute secret shares.
SECRET SHARING (See also SECRET SHARE) The practice of distributing secret shares of a private key to a number of secret share holders; threshold-based splitting of keys.
SECURE CHANNEL A cryptographically enhanced communications path that protects messages against perceived security threats.
SECURITY "The quality or state of being protected from unauthorised access or uncontrolled losses or effects. Absolute security is impossible to achieve in practice and the quality of a given security system is relative. Within a state-model security system, security is a specific ""state"" to be preserved under various operations."
SECURITY POLICY VeriSign's Accredited Document of the same name which sets out its various policies and procedures that relate to security of its premises and infrastructure.
SECURITY SERVICES "Services provided by a set of security frameworks and performed by means of certain security mechanisms. Such services include, but are not limited to, access control, data confidentiality, and data integrity. "
SELF-SIGNED PUBLIC KEY "A data structure that is constructed the same as a certificate but that is signed by its subject. Unlike a certificate, a self-signed public key cannot be used in a trustworthy manner to authenticate a public key to other parties. A PCA self-signed public key digitally signed by the VR shall constitute a certificate. "
SERVER A computer system that responds to requests from client systems.
SIGN "To create a digital signature for a message, or to affix a signature to a document, depending upon the context."
SIGNATURE "A method that is used or adopted by a document originator to identify himself or herself, which is either accepted by the recipient or its use is customary under the circumstances. "
SIGNER A person who affixes their Digital Signature to information to enable a third party to confirm that the information was sent by them.
SMART CARD A hardware token that incorporates one or more integrated circuit (IC) chips to implement cryptographic functions and that possesses some inherent resistance to tampering.
SOFTWARE PUBLISHER "A subscriber who obtained a special certificate used to digitally sign software with the Microsoft AuthenticodeTM system. Subscribers may also obtain other Class 2 and 3 certificates that may be used to sign content, including software, but the subscribers of such other certificates are not software publishers as defined in the CPS."
SOFTWARE PUBLISHER'S PLEDGE The representations and guarantees made by individual and commercial software publishers as stated in the CPS.
SOFTWARE VALIDATION VeriSign services which provide assurances in accordance with the CPS and the software publisher's pledge of an individual or commercial software publisher (for Microsoft AuthenticodeTM Only) that digitally-signed software was duly published by the subject of the corresponding VeriSign-issued certificate and has not been modified since it was digitally signed.
SUBJECT A field in a Certificate that identifies the person or entity to whom the Certificate is Issued - see the Certificate Profile in the relevant CP.
SUBJECT (OF A CERTIFICATE) "The holder of a private key corresponding to a public key. The term ""subject"" can refer to both the equipment or device that holds a private key and to the individual person, if any, who controls that equipment or device. A subject is assigned an unambiguous name which is bound to the public key contained in the subject's certificate. "
SUBJECT NAME The unambiguous value in the subject name field of a certificate which is bound to the public key.
SUBSCRIBER "A person who is the subject of, has been issued a certificate, and is capable of using, and authorised to use, the private key that corresponds to the public key listed in the certificate."
SUBSCRIBER AGREEMENT An agreement between an End Entity and VeriSign in relation to the responsibilities of the Key Holder and/or Organisation. Separate Subscriber Agreements exist for:Individual Certificates - VeriSign Individual Subscriber Agreement;Non-Individual Certificates - VeriSign Non-Individual Subscriber Agreement; andABN-DSCs - VeriSign ABN-DSC Subscriber Agreement.Web Server Certificates - Server ID Subscriber Agreement
SUBSCRIBER INFORMATION Information supplied to a certification authority as part of a certificate application.
TEST CERTIFICATE A certificate issued by an CA for the limited purpose of internal technical testing. Test certificates may be used by authorised persons only.
THREAT "A circumstance or event with the potential to cause harm to a system, including the destruction, unauthorised disclosure, or modification of data and/or denial of service. "
TIME STAMP "A Time Stamp is a record that indicates (at least) the correct date and time of an action (expressly or implicitly) and the identity of the person or device that created the notation. VeriSign uses time stamps that reflect Greenwich mean time (GMT) and adopt the Universal Time Conventions (UTC). Any two-digit year in the range 00-69 means 2000-2069, and in the range 70-99 means 1970-1999."
TOKEN "A hardware security token containing a user's private key(s), public key certificate, and, optionally, a cache of other certificates, including all certificates in the user's certification chain."
TRANSACTION A computer-based transfer of business information which consists of specific processes to facilitate communication over global networks.
TRUST "Generally, the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an RA entity and an CA. A RA entity must be certain that it can trust the CA to create only valid and reliable certificates, and users of those certificates rely upon the authenticating entity's determination of trust."
TRUSTED PERSON A person who serves in a trusted position and is qualified to serve in it in accordance with this CPS.
TRUSTED POSITION "A role within an RA/CA that includes access to or control over cryptographic operations that may materially affect the issuance, use, suspension, or revocation of certificates, including operations that restrict access to a repository."
TRUSTED ROOT A trusted root is a public key which has been confirmed as bound to an CA by a user or system administrator. Software and systems implementing authentication based on public cryptography and certificates assume that this key value has been correctly obtained. It is confirmed by always accessing it from a trusted system repository to which only identified and trusted administrators have modification authorisations.
TRUSTED THIRD PARTY "In general, an independent, unbiased third party that contributes to the ultimate security and trustworthiness of computer-based information transfers. A trusted third party does not connote the existence of a trustor-trustee or other fiduciary relationship."
TRUSTWORTHY SYSTEM "Computer hardware, software, and procedures that are reasonably secure from intrusion and misuse; provide a reasonable level of availability, reliability, and correct operation; are reasonably suited to performing their intended functions; and enforce the applicable security policy. A trustworthy system is not necessarily a ""trusted system"" as recognised in classified government nomenclature. "
TYPE (OF CERTIFICATE) The defining properties of a certificate which limit its intended purpose to a class of applications uniquely associated with that type.
UNIFORM RESOURCE LOCATOR (URL) A standardised device for identifying and locating certain records and other resources located on the World Wide Web.
USER A standardised device for identifying and locating certain records and other resources located on the World Wide Web.
VALID CERTIFICATE A certificate issued by an CA and accepted by the subscriber listed in it.
"VALIDATE A CERTIFICATE (i.e., of an END-USER SUBSCRIBER CERTIFICATE)" The process performed by a recipient or relying party to confirm that an end-user subscriber certificate is valid and was operational at the date and time a pertinent digital signature was created.
VERIFY The process whereby the identity of a person or thing or relationship is confirmed by reference to external documentation.
WORLD WIDE WEB (WWW) "A hypertext-based, distributed information system in which users may create, edit, or browse hypertext documents. A graphical document publishing and retrieval medium; a collection of linked documents that reside on the Internet. "
WRITING Information in a record that is accessible and usable for subsequent reference.
X.509 The ITU-T (International Telecommunications Union-T) standard for certificates. X.509 v3 refers to certificates containing or capable of containing extensions.