Dictionary

Subscriber - Entity (entity or legal entity, organizational unit without legal personality, hardware device owned by these entities or persons) who: (1) is subject to the certificate issued to that entity, (2) possesses a private key associated with the certificate issued to that entity, and (3) does not issue certificates to other entities

Access - the ability to use an informational resource from the system.

Certificate Update - Before the expiration of a certificate, the CA may update it (or renew) confirming the validity of the same key pair for the next validity period (in accordance with the Certification Policy).

Audit - Performing independent verification and evaluation procedures to test the extent to which management implemented for system control is sufficient and appropriate to verify that system operations are performed in accordance with the Accepted Certification Policy and other regulations arising from to discover possible breaches of security and to recommend the appropriate modification of control measures, certification policy and related procedures.

To authenticate - To confirm the declared identity of an entity.

Authentication - security controls used to provide security and trust for transferred data, messages, or issuers; checks to verify the authenticity of a person before delivering a certain type of secret information.

Primary Registration Authority (PRA) - the Registration Authority to which the rest of the Registration Authorities are affiliated and who is allowed to generate - on behalf of a Registration Authority - pairs of keys that will subsequently be subject to the certification process.

Certification path - the order of the certificates, starting from a certificate considered trust point (chosen by the verifier) to the certificate to be verified. A certification path fulfills the following conditions:

  • for all certificated certs (x) included in the certification path {cert (1), cert (2), ........., cert (n-1)
  • the Certified Certificate (1) is issued by a Certification Authority (trust point) considered trustworthy by the verifier
  • cert(n) is the certificate to be verified

Each certification path may be linked to one or more certification policies, or such a policy may be non-existent. Policies assigned to a certification path are the intersection of policies whose identifiers are included in each certificate, embedded in the certification path and definitions in the certificatePolicies extension.

Digital Certificate (Public Key Certificate) - a data structure that contains at least the name or identifier of a Certification Authority, the identifier of a Subscriber, its public key, the validity period, the serial number and the one assigned by the Certification Authority. A certificate may be in one of three fundamental states: pending activation, active and inactive.

Valid certificate - a public key certificate is valid only when (1) it was issued by a Certification Authority (2) was accepted by the Subscriber (subject of the certificate) and (3) was not revoked.

Revoked Certificate - public key certificate placed on the certificate revocation list.

Secret key – key used in symmetric cryptographic techniques, known only by a group of Authorized Subscribers.

Private Key - one of the asymmetric keys belonging to a Subscriber and used only by that subscriber. For systems with asymmetric keys, a private key describes the signing transformation. In the asymmetric encryption system, a private key describes the decryption transformation. The private key is:

  • the key to decrypt or create a signature for the exclusive use of the owner
  • that key in a pair of keys that is known only by the owner

Public key - one of the Subscriber's asymmetric pair keys, which is available to the public. In the case of asymmetric encryption systems, the public key defines the signature verification transformation. In case of asymmetric encryption, the public key defines the encryption transformation of the messages.