Certificate
| A set of information which unambiguously names or identifies the owner of an electronic signature; contains the owner's public key; identifies the certification authority issuing the information; and is digitally signed by the certification authority issuing the certificate
|
| Certification Authority (CA)
| An organisation which identifies digital identities by providing a trustworthy link between a real person or organisation and a digital public key
|
| Cryptography
| The techniques of the principles, means and methods for rendering plaintext unintelligible and for converting encrypted messages into intelligible form. Cryptography can be used to facilitate the confidentiality of electronic messages and to create digital signatures
|
| Digital Signature
| A technique or procedure for the sender of a message to attach additional data to that message which forms a unique and unforgeable identifier of the sender and the message
|
| EDI |
Electronic Data Interchange - a well-established form of electronic commerce characterised by a pre-existing contract which allows the computers of participating merchants and suppliers to conclude transactions
|
| Electronic Signature
| Covers any means of signing documents electronically. Examples of electronic signatures include a scanned image of a handwritten signature; a signature created by an electronic "pen" by "writing" on a computer screen; and a digital signature (see above)
|
| Encryption |
The transformation of data to an unintelligible form in such a way that the original data either cannot be obtained (one-way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption)
|
| Key Escrow
| Procedure under which keys for cryptographic systems are registered with government appointed agencies and can be accessible by law enforcement agencies on production of a warrant
|
| Key Generation |
In public key cryptography, the mathematical process by which a key "pair" - the public verification key and the private signing key - are created. One controversy is whether key pairs should only ever be generated by the person who will be using them or if they can be created as part of a third-party service
|
| Key Length |
The size of a key and measure of its strength. In simplistic terms a 40/384-bit secret/public key system may be classified as weak, a 56/512-bit system as borderline: and an 80/1024-bit system as strong
|
| Key Recovery |
The procedure by which the owner of a private key can retrieve that key when it has been lost. May be facilitated by a key recovery agent
|
| Private Key Encryption
| A method of encryption in which the same key is used to encrypt and decrypt. Sometimes referred to as symmetric key cryptography
|
| Public Key Encryption
| A method of encryption in which different keys are used to encrypt and decrypt. Sometimes referred to as asymmetric key cryptography
|
| Rebuttable Presumption
| Term referring to a signature (or document) which for most ordinary purposes can be regarded as reliable unless there are obvious contradictory circumstances
|
| Session Key |
In many forms of secure transaction, a key is generated for one-time use and is then abandoned, giving a very high degree of assurance. The result is known as a session key
|
| Spam | Unsolicited "junk" e-mail
|
| Steganography
| The concealment of the existence of messages. This can take the form of hiding text within a picture or within a word processing file the contents of part of which are concealed (and see footnote)
|
| Trusted Service Provider (TSP)
| Umbrella term to cover anyone who might offer cryptographic services, whether for authentication or confidentiality
|
| Trusted Third Party (TTP)
| A term used to refer to organisations which offer a wide range of cryptographic services. Used in this Report to cover organisations which offer confidentiality services including key recovery and key escrow (see above)
|
