Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
March, 2007<br />
Split knowledge A process by which a cryptographic key is split into n multiple key<br />
components, individually providing no knowledge of the original key,<br />
which can be subsequently combined to recreate the original<br />
cryptographic key. If knowledge of k (where k is less than or equal to<br />
n) components is required to construct the original key, then<br />
knowledge of any k-1 key components provides no information about<br />
the original key other than, possibility, its length.<br />
Note that in this document split knowledge is not intended to cover key<br />
shares such as those used in threshold or multi-party signatures.<br />
Static key A key that is intended for use for a relatively long period of time and is<br />
typically intended for use in many instances of a cryptographic key<br />
establishment scheme. Contrast with an ephemeral key<br />
Symmetric key A single cryptographic key that is used with a secret (symmetric) key<br />
algorithm.<br />
Symmetric key<br />
algorithm<br />
A cryptographic algorithm that uses the same secret key for an<br />
operation and its complement (e.g., encryption and decryption).<br />
System initialization A function in the lifecycle of keying material; setting up and<br />
configuring a system for secure operation.<br />
Trust anchor A public key and the name of a certification authority that is used to<br />
validate the first certificate in a sequence of certificates. The trust<br />
anchor public key is used to verify the signature on a certificate issued<br />
by a trust anchor certification authority. The security of the validation<br />
process depends upon the authenticity and integrity of the trust anchor.<br />
Trust anchors are often distributed as self-signed certificates.<br />
Unauthorized<br />
disclosure<br />
An event involving the exposure of information to entities not<br />
authorized access to the information.<br />
User initialization A function in the lifecycle of keying material; the process whereby a<br />
user initializes its cryptographic application (e.g., installing and<br />
initializing software and hardware).<br />
User registration A function in the lifecycle of keying material; a process whereby an<br />
entity becomes a member of a security domain.<br />
Work The expected time to break a cipher with a given resource. For<br />
example, 12 MIPS years would be the amount of work that one<br />
computer, with the capability of processing a Million Instructions Per<br />
Second, could do in 12 years. The same amount of work could be done<br />
by 12 such computers in one year assuming that the algorithm being<br />
executed can be sufficiently parallelized.<br />
X.509 certificate The ISO/ITU-T X.509 standard defined two types of certificates – the<br />
X.509 public key certificate, and the X.509 attribute certificate. Most<br />
commonly (including this document), an X.509 certificate refers to the<br />
X.509 public key certificate.<br />
28