Some of these definitions are drawn from International Standards. A consolidated list of defined terms used in various International Standards is set out in the ISO/IEC JTC 1/SC 27 Glossary of IT Security Terminology published at http://www.din.de/ni/sc27/doc6.html
Term or Acronym
|
Explanatory notes
|
ABN
|
Australian Business Number issued in accordance with the A New Tax System (Australian Business Number) Act 1999.
|
ABR
|
Australian Business Register
|
Access
|
Obtaining knowledge or possession of classified material, or access to a designated secure area.
|
Access Control
|
The prevention of unauthorised use of a resource, including the prevention of use of a resource in an unauthorised manner.
See ISO ref. [ISO 7498-2: 1989]
|
Accredited Documents
|
The documents which describe the ATO's PKI and which, after being successfully evaluated by Gatekeeper evaluators , are accredited as part of Gatekeeper Accreditation by the CEO, NOIE. Accredited Documents available to the public are on the ATO PKI Web Site at http://www.ato-pki.ato.gov.au/.
Some Accredited Documents have a security classification and are not available to the public.
|
AD01: Certification Authority Operations Manual for ATO CA and ATO OCA
|
See Certification Authority Operations Manual for ATO CA and ATO OCA.
|
AD02: Registration Authority Operations Manual
|
See Registration Authority Operations Manual.
|
AIS
|
ATO Integrated System
|
ARL
|
Authority Revocation List
|
ARM
|
Advanced Registration Module
|
ASVS
|
Australian Security Vetting Service
|
Asymmetric cryptographic technique
|
A cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation.
See ISO ref. [ISO/IEC 11770-1: 1996]
Operationally, in this process a person is in possession of at least one asymmetric Key pair. One part of the Key pair is the Private Key and the other part is the Public Key. The person makes the Public Key known to the world and keeps the Private Key entirely confidential.
A second person sending a message uses the first person's Public Key to encrypt the message. On receipt the first person uses the Private Key to decrypt the message.
|
Asymmetric encypherment system
|
A system based on asymmetric techniques whose public transformation is used for encypherment and whose private transformation is used for decypherment. And an asymmetric encypherment is used for confidentiality purposes and not for signature or verification (see Asymmetric signature system).
See ISO ref. [ISO/IEC 9798-1 (2nd edition): 1997] [2nd DIS ISO/IEC 11770-3 (08/1997)]
|
Asymmetric key pair
|
A pair of related Keys where the Private Key defines the private transformation and the Public Key defines the public transformation.
See ISO ref. [ISO/IEC 9798-1 (2nd edition): 1997] [2nd DIS ISO/IEC 11770-3 (08/1997)]
|
Asymmetric signature system
|
A system based on asymmetric techniques whose private transformation is used for signing and whose public transformation is used for verification.
See ISO ref. [ISO/IEC 9798-1 (2nd edition): 1997] [2nd DIS ISO/IEC 11770-3 (08/1997)]
|
ATO
|
Australian Taxation Office
|
ATO CA
|
Australian Taxation Office Certification Authority which is responsible for generating and certifying its own Certificates and signing the Certificates of the ATO OCA. It is the highest point of trust in the ATO PKI.
|
ATO CA software
|
Software used for the operations of the ATO CA, including UniCERT which is produced by Baltimore Technologies Pty Limited.
|
ATO Client Software
|
Means the software that is from time to time either provided to the Entity/Certificate Holder, or to which the Entity/Certificate Holder is given access, by the ATO, to enable the Entity/Certificate Holder to effectively operate within the ATO PKI.
|
ATO KMS
|
ATO Key Management Server
|
ATO OCA
|
ATO Organisation Certification Authority which is responsible for generating and certifying Keys and Certificates in response to requests from Entities. The ATO OCA also issued Keys and Certificates to the PKI Subordinate Elements.
|
ATO PKI
|
Means the public key infrastructure within the ATO and includes the ATO PMA, ATO CA and ATO OCA and other aspects required to administer the management of Keys and Certificates within the ATO.
|
Authentication
|
The provision of assurance of the claimed identity of an entity.
See [ISO/IEC 10181-2: 1996].
|
Authentication Private Key
|
The Key used to digitally sign a message.
|
Authentication Public Key
|
The Public Key corresponding to an Authentication Private Key, used to verify a digital signature.
See also Validation Key.
|
Authenticity
|
The property that ensures that the identity of a subject or resource is the one claimed. Authenticity applies to entities such as users, processes, systems and information.
|
Business Activity Statement
|
A statement required to be filed as part of the approved form of a GST Return under Division 31 of the A New Tax System (Goods and Services Tax) Act 1999.
|
CA
|
Certification Authority
|
Central generation and issuing of Keys and Certificates
|
This is where the ATO OCA receives a certificate request from the AIS and generates Keys and Certificates which are delivered to Certificate Holders either via the Internet or on diskette.
|
Central certificate signing
|
The ATO OCA always creates and signs certificates irrespective of the mode of Key generation such as Central generation and issuing of Keys and Certificates, or End User Key Generation.
|
CEO, NOIE
|
Chief Executive Officer, National Office for the Information Economy
|
CEO, OGO
|
Chief Executive Officer, Office for Government Online
|
Certificate
|
An entity's data rendered unforgeable with the private or secret key of a certification authority. [ISO/IEC 13888-1: 1997] The public keys of a user, together with some other information, rendered unforgeable by encypherment with the secret key of the certification authority which issued it.
See [ISO/IEC 9594-8: 1990] [CCITT X.509: 1988]
In the ATO PKI a Certificate is an electronic document including Public Key information generated by the ATO CA or the ATO OCA in accordance with the CP for the particular type of Certificate. Certificates issued by the ATO OCA are signed with the ATO OCA's Private Key and contain the Public Key and details of the Entity and Certificate Holder.
Certificates are issued to the Certificate Holder on the basis that they will act in all respects as a delegate of the corresponding Entity.
See also Public Key Certificate.
|
Certificate Holder
|
A natural person who holds either Primary or Secondary Authentication and Confidentiality Certificates and who is authorised by the corresponding Entity to use Keys and Certificates on behalf of that Entity.
|
Certificate of Accreditation
|
A Certificate issued by the CEO, NOIE that endorses the holder to provide CA services on behalf of a government agency or commercial organisation.
|
Certificate Policy (CP)
|
A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements.
In the ATO PKI CP are issued by the ATO CA or ATO OCA and for the on-going management of those Keys and Certificates.
|
Certification Practice Statement (CPS)
|
A statement of the practices that the ATO PKI employs when Keys and Certificates are issued by the ATO CA or ATO OCA and for the on-going management of those Keys and Certificates. CP must comply with the requirements of the CPS.
|
Certificate requests
|
In End User generation of Authentication and Confidentiality Key pairs, the Certificate Holder's computer extracts the Certificate information from the existing, still valid Certificates and allows the Certificate Holder to edit the email address only, if required. A copy of this Certificate information is combined with the Authentication Public Key into a Certificate request. Also a copy of this Certificate information is combined with the Confidentiality Public Key into a Certificate request. The two Certificate requests are combined into a single file which is signed and encrypted by the Certificate Holder's still valid Keys and Certificates and sent to the ATO OCA for creation of signed Authentication and Confidentiality Certificates which are returned to the Certificate Holder.
|
Certificate Revocation List (CRL)
|
A list maintained by a CA in accordance with the X.500 standard of the details of revoked Keys and Certificates. In the ATO PKI the CRL for Keys and Certificates issued to a Certificate Holder is only available to officers of the ATO and may not be relied on by others. Private Keys will not be included in the CRL.
|
Certificate serial number
|
An integer value, unique within the issuing CA, which is unambiguously associated with a Certificate issued by that CA.
See ISO ref. [ISO/IEC 9594-8: 1990] [CCITT X.509: 1988]
|
Certification Authority (CA)
|
A centre trusted to create and assign public key certificates. Optionally, the certification authority may create and assign keys to the entities.
See [ISO/IEC 11770-1: 1997] [2nd DIS ISO/IEC 11770-3 (08/1997)]
|
Certification Authority Operations Manual for ATO CA and ATO OCA
|
Describes how the ATO PKI function will be performed and managed on a day to day basis, and details of the functions and responsibilities of the personnel within the ATO PKI.
|
Certification Request
|
An electronic document containing the details of the Certificates which are to be created by the CA, completed and digitally signed by the RA, and sent by the RA to the CA.
|
Commonwealth
|
The Commonwealth of Australia, including the CEO, NOIE and the evaluators and auditors appointed by the CEO, NOIE that are subject to the Financial Management and Accountability Act 1997 and the Commonwealth Authorities and Companies Act 1997, and includes their employees, servants and agents.
|
Communications Security (COMSEC)
|
All measures applied to the protection of telecommunications from unauthorised interception and exploitation. Communications Security includes:
(a) Crypto security - That component of communications security which results from the provision of technically sound cryptosystems and their proper use
(b) Physical security - That element of communications security which results from all physical measures necessary to safeguard classified equipment, material and documents from Access or observation by unauthorised people; and
(c) Transmission Security - That component of communication security which results from all measures designed to protect transmissions from unauthorised interception, traffic analysis and imitative deception (the latter term relates to attempts to introduce bogus transmissions into a communications system).
|
Competent Authority
|
The entity which approves the Applicant's application for Gatekeeper Accreditation (including the Approved Documents and any changes to them,) as meeting the criteria for Gatekeeper Accreditation. The Competent Authority for the Gatekeeper PKI is the CEO, NOIE.
|
Concept Of Operations (CONOPS)
|
A high level description of the services offered by the ATO CA and ATO OCA including the management and security arrangements.
|
Conditions of Use
|
The conditions, that may be included in the CP that apply to the use of Keys and Certificates issued to a Certificate Holder
|
Confidentiality
|
The property that information is not made available or disclosed to unauthorised individuals, entities, or processes.
|
Confidentiality Private Key
|
The Key used to decrypt the contents of a message which has been encrypted for confidentiality purposes.
|
Confidentiality Public Key
|
The Key used to encrypt for confidentiality purposes the contents of a message to be sent to the holder of the corresponding Private Key.
|
CONOPS
|
See Concept of Operations.
|
CP
|
See Certificate Policy Statement.
|
CPS
|
See Certification Practice Statement.
|
CRL
|
Certificate Revocation List
|
Cryptographic algorithm
|
An algorithm which transforms data in order to hide or reveal its information content and which uses at least one private parameter.
This definition includes both symmetric algorithms (for example DES and Triple DES) and asymmetric algorithms (for example RSA and Rabin). In the case of a symmetric algorithm the data is hidden and revealed using a private parameter. In the case of an asymmetric algorithm the data is hidden using a public parameter and revealed using a private parameter.
See ISO ref. [ISO/IEC 9979: 1991]
|
Cryptographic key
|
See Key.
|
Cryptography
|
The discipline which embodies principles, means, and methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorised use.
See ISO ref. [ISO 7498-2: 1989] [ISO 8732: 1988]
|
DAP
|
Directory Access Protocol
|
DEA
|
Data Encryption Algorithm
|
Decrypt
|
Practice of recovering an encrypted message by reverting from cypher text to plain language.
|
DES
|
Data Encryption Standard
|
Digest
|
See Hash Code.
|
Digital signature
|
Data appended to, or a cryptographic transformation (see cryptography) of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery for example by the recipient.
See ISO ref. [ISO 7498-2: 1989]
|
Disaster Recovery and Business Continuity Plan
|
Describes how the ATO PKI services will be restored in the event of a system crash or failure. In particular the document describes restoration priority to ensure the continuity of business reliant on the operation of the CA.
|
Distinguished Name
|
A Distinguished Name is defined by the X.500 Directory Services standard which specifies a hierarchical tree-structured directory in which countries form the top level of the directory and organisations branch from the tree. It has the following format: c=au,o=organisation eg (XYZ Pty Ltd),cn=common name eg (John Robert Smith)
|
Document
|
Anything on which information is recorded by any means, including words, symbols, images or electro-magnetic impressions.
|
DSA
|
Digital Signature Algorithm. Directory Service Agent.
|
DSD
|
Defence Signals Directorate
|
ECI
|
Electronic Commerce Interface - an ATO server that is supplied with Keys and Certificates and which is used to communicate with Certificate Holders when carrying out electronic transactions with the ATO.
|
ECRS Web
|
Web based Electronic Commerce Registration System
|
Electronic Signature
|
Defined in Section 6 of the Income Tax Assessment Act 1936. 'electronic signature in relation to a person means a unique identification in an electronic form that is approved by the Commissioner of Taxation.'. The Commissioner has approved a Digital signature created using Keys and Certificates issued by the ATO PKI as an Electronic signature for this purpose.
|
Encrypt
|
Practice of converting plain language to cypher text
|
End User Key Generation
|
The Certificate Holder as End User in possession of valid Keys and Certificates down loads some software from the ATO OCA which enables the Certificate Holder to generate Authentication and Confidentiality Key Pairs on the Certificate Holder's local computer. The private Authentication and Confidentiality Keys remain obfuscated in memory on the local computer while the Public Keys and Certificate information are sent via the Internet to the ATO OCA for it to create, sign and issue Certificates which are returned via the Internet to the Certificate Holder. The Key Pairs are re-associated and the Keys and Certificates are saved to PKCS#12 file on the Certificate Holder's computer. These replacement Keys and Certificates are used to submit a revocation request to the ATO OCA for it to revoke the replaced Keys and Certificates.
|
Entity
|
An entity which has been issued with an ABN and that wishes to authorise Certificate Holders to do business electronically with the ATO on its behalf. Keys and Certificates for Authentication and Confidentiality purposes are issued to both Primary and Secondary Certificate Holders as delegates of the Entity.
|
EPL
|
DSD Evaluated Products List (List of products that have undergone a review process through the national authority.)
|
Evaluation authority
|
A body which implements the criteria for a specific community by means of an evaluation scheme and thereby sets the standards and monitors the quality of evaluations conducted by bodies within that community.
See ISO ref. [2nd ISO/IEC CD 15408-1 (11/1997)]
Evaluation authorities for Gatekeeper Accreditation are approved by OGO.
|
Evaluation scheme
|
The administrative and regulatory framework under which the criteria are applied by an Evaluation authority within a specific community.
See ISO ref. [2nd ISO/IEC CD 15408-1 (11/1997)]
|
Gatekeeper
|
Project name for the implementation of a whole of Government Public Key Infrastructure and administered by NOIE.
|
Gatekeeper Accreditation
|
Accreditation granted by the CEO, NOIE to operate as a CA within the Gatekeeper framework.
|
GOLD
|
Government On Line Directory.
|
GPAC
|
Gatekeeper Policy Advisory Committee
|
GPKA
|
Government Public Key Authority. GPKA changed its name to GPAC.
|
GPKI
|
Government Public Key Infrastructure.
|
GST
|
Goods and Services Tax
|
Hash
|
See Hash-code.
|
Hash field
|
Field of the intermediate string which conveys the hash-code.
See ISO ref. [ISO/IEC 9796-2: 1997]
|
Hash function
|
(i) A (mathematical) function which maps values from a (possibly very large) domain into a smaller range. A good hash function is such that the results of applying the function to a (large) set of values in the domain will be evenly distributed (and apparently at random) over the range.
(ii) A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties:
- it is computationally infeasible to find for a given output an input which maps to this output.
- it is computationally infeasible to find for a given input a second input which maps to the same output.
See ISO ref. for paragraph (i) [ISO/IEC 9594-8:1990] [CCITT X.509: 1988]
|
Hash-code
|
The string of bits which is the output of a hash-function.
See [FCD ISO/IEC 14888-1 (12/1997)] [ISO/IEC 10118-1: 1994]
Note - The literature of the subject contains a variety of terms which have the same or similar meaning as hash-code. Modification Detection Code, Manipulation Detection Code, digest, hash-result, hash-value and imprint are some examples. [ISO/IEC 10118-1]
|
Hierarchy
|
See ATO PKI.
|
IT/12/4/1
|
Standards Australia Committee for PKAF related standards
|
ITSEC
|
Information Technology Security Evaluation Criteria
|
Key
|
A sequence of symbols that controls the operation of a cryptographic transformation (for example encypherment, decypherment, cryptographic check function computation, signature generation, or signature verification).
See ISO ref. [ISO/IEC 9798-1 (2nd edition): 1997] [ISO/IEC 11770-1: 1997]
|
Key generating function
|
A function which takes as input a number of parameters, at least one of which shall be secret, and which gives as output Keys appropriate for the intended algorithm and application. The function shall have the property that it shall be computationally infeasible to deduce the output without prior knowledge of the secret input.
See [ISO/IEC 11770-2: 1996]
|
Key generator
|
A type of cryptographic equipment used for generating cryptographic keys and, where needed, initialisation vectors.
See [ISO 8732: 1988]
|
Key management
|
The administration and use of the generation, registration, certification deregistration, distribution, installation, storage, archiving, revocation, derivation and destruction of keying material in accordance with a security policy.
See [ISO/IEC 11770-1: 1997]
|
Key Management Plan
|
This document set out the policy and practices surrounding the generation and management of Key pairs within the ATO PKI. The ATO PKI supports the creation and use of Key pairs and of Public Key Certificates. It complies with the Gatekeeper strategy for the use of PKI.
|
Key pair
|
A pair of encryption/decryption Keys consisting of a Private Key and a Public Key. In the ATO PKI, Key pairs are generated by the ATO CA or the ATO OCA. The Public Key is distributed within a Certificate issued by the ATO CA or ATO OCA. Private Keys are distributed to Certificate Holders by a secure means and are not retained by the ATO.
Key pairs are also generated by the Certificate Holder using End User Key Generation software to create replacement Key pairs. The Private keys are obfuscated in memory on the local computer while the Authentication and the Confidentiality Public keys are sent via the Internet with Certificate information as Certificate requests to the ATO OCA. The ATO OCA creates and signs Authentication and the Confidentiality Certificates to which the respective public keys are tightly bound. The ATO OCA sends these Certificates back to the Certificate Holder.
See also Asymmetric key pair.
|
Key transport
|
The process, suitably protected, of transferring a key from one entity to another entity.
See [2nd DIS ISO/IEC 11770-3 (08/1997)]
|
Keys and Certificates
|
Includes Authentication Key pairs and related Certificates, and Confidentiality Key pairs and related Certificates or any part thereof.
|
KGS
|
Key Generation System
|
KMS
|
Key Management Server
|
KRA
|
Key Renewal Applet
|
ISO
|
International Organisation for Standardisation
|
Message
|
(i) String of bits of limited length.
See [ISO/IEC 9796: 1991]
(ii) A string of bits of any length.
See [3rd ISO/IEC CD 14888-1 (06/1997)]
(iii) String of bits of any length, possibly empty.
See [ISO/IEC 9796-2: 1997]
|
NATA
|
National Association of Testing Authorities
|
NOIE
|
National Office of the Information Economy
|
Non-repudiation policy
|
A set of criteria for the provision of non-repudiation services. More specifically, a set of rules to be applied for the generation and verification of evidence and for adjudication.
|
OCA
|
Organisation Certification Authority
|
OECD
|
Organisation for Economic Co-operation and Development
|
OGO
|
Office for Government Online
|
OID
|
Object Identifier
|
p12
|
File name extension for a PKCS#12 file. See PKCS#12.
|
p7c
|
File name extension for a PKCS#7 file. See PKCS#7.
|
PAA
|
Policy Approval Authority - In the ATO PKI, the functions of the PAA are performed by the ATO Policy Management Authority (PMA).
|
Personal Identification Code (PIC)
|
An Access Control mechanism used during key transport to import Private Keys into an application operated by a Certificate Holder on behalf of an Entity.
|
Personnel Security
|
The protective measures used to ensure that only suitable people are given Access, remain suitable for Access and are made aware of their security responsibilities.
|
Physical Security
|
(i) That part of Protective Security concerned with physical measures designed to prevent unauthorised Access to resources, and to safeguard them against espionage, deliberate damage, alteration or theft (for example locks, alarms, safes, and so on).
(ii) The measures used to provide physical protection of resources against deliberate and accidental threats.
See [ISO 7498-2: 1989]
|
PIC
|
See Personal Identification Code.
|
PKAF
|
Public Key Authentication Framework - A framework that allows for the establishment of a trusted Public Key Infrastructure.
|
PKCS#10
|
Public Key Cryptographic Standard number 10
|
PKCS#12
|
Public Key Cryptographic Standard number 12
|
PKCS#7
|
Public Key Cryptographic Standard number 7
|
PKI
|
Public Key Infrastructure provides a structure for verifying and authenticating parties involved in transactions over the Internet using a hierarchy of trusted elements with Keys and Certificates in a way that is supported by the Internet Engineering Taskforce's X.509 certificate policy and certification practice.
|
PKI
|
Public Key Infrastructure
|
PKI Entity
|
The ATO CA, ATO OCA, ATO RA, Entity/Certificate Holder (Subscriber).
|
PKI Server
|
Any ATO server using PKI to perform electronic service delivery, for example: ECI Server, ATO Security Proxy Server
|
PKI Subordinate Elements
|
Applications and systems that perform functions within the ATO PKI and maintain the level of trust. They are issued with Keys and Certificates by the ATO OCA and perform functions that include: tasks related to Registration through to revocation, dispatch and management of Keys and Certificates, and management of electronic commerce transactions with the ATO.
|
PMA
|
Policy Management Authority - the body responsible for creating and modifying the policies for the ATO PKI in consultation with NOIE.
|
Position of Trust (POT)
|
A position on the establishment of an agency, including the ATO, the duties of which are likely to involve Access to sensitive material, and/or valuable or attractive resources, or a position in which the occupant may exercise considerable authority/responsibility - for example management of the ATO OCA.
|
Position of Trust Clearance
|
A clearance issued to enable a person to have Access to sensitive material or resources of a valuable or attractive nature.
|
Primary Certificate
|
An ATO PKI Certificate which permits the Certificate Holder to have:
(a) unlimited access to the online service capabilities that ATO provides to the Entity;
(b) the ability to identify to the system Secondary Certificate Holders (governed by the CP for Organisational Type 2 Grade 2 Secondary Certificates) whose identity and entitlement to a Secondary Certificate they have established;
(c) the ability to change their own functionality to that of a Secondary Certificate Holder;
(d) the ability to request Keys and Secondary Certificates on behalf of individuals authorised by the Entity, whose name appears in the Certificates, to hold them on its behalf;
(e) the ability to limit or expand the functional capabilities of the holder of any Secondary Certificate of which the ABN is identical to the ABN within the Primary Certificate Holder's Certificate.
|
Primary Certificate Holder
|
A natural person who holds a Primary Certificate.
|
Privacy
|
The right of individuals to control or influence what information related to them may be collected and stored and to whom that information may be disclosed.
See [ISO 7498-2: 1989]
The ATO, including the ATO PKI, is required to protect the personal information of individuals in accordance with the Information Privacy Principles set out in the Privacy Act 1988 (Commonwealth).
|
Private Key
|
Secret part, key or mathematical construct from a pair of keys which together form the basis of public key technologies. (See public key).
That key of an entity's asymmetric key pair which should only be used by that entity.
See [ISO/IEC 9798-1 (2nd edition): 1997] [ISO/IEC 11770-1: 1997]
Note - In the case of an asymmetric signature system the private key defines the signature transformation. In the case of an asymmetric encipherment system the private key defines the decipherment transformation.
See [ISO/IEC 9798-1]
Note - A private key shall normally not be disclosed. [ISO/IEC 11770-1]
|
Private signature key
|
Private Key which defines the private signature transformation.
Note - This is sometimes referred to as a secret signature key.
|
Protective Security
|
The total concept of administrative, Personnel, Physical, technical, computer and communication security.
|
Protective Security Plan
|
Describes the practices of the ATO PKI to ensure the security and integrity of the overall operation of the service including the establishment of standards for the access and operation of the ATO PKI and Registration Authority.
|
PSM
|
Protective Security Manual - the Commonwealth's publication that establishes requirements for Protective Security.
|
PSRR
|
Protective Security Risk Review - describes the ATO PKI's threat and risk analysis carried out in accordance with a methodology determined by Gatekeeper in conjunction with DSD.
|
Public Key
|
Public part, key or mathematical construct from a pair of keys which together form the basis of public key technologies. (See Private Key).
That key of an entity's asymmetric key pair which can be made public.
See [ISO/IEC 9798-1 (2nd edition): 1997] [ISO/IEC 11770-1: 1997] [2nd DIS ISO/IEC 11770-3 (08/1997)]
Note - In the case of an asymmetric signature system the public key defines the verification transformation. In the case of an asymmetric encipherment system the public key defines the encipherment transformation. A key that is publicly known is not necessarily globally available. The key may only be available to all members of a pre-specified group.
See [ISO/IEC 9798-1] [ISO/IEC 11770-3]
|
Public Key Certificate
|
(i) The Public Key information of a User including a Certificate Holder signed by the CA and thereby rendered secure.
(ii) A security Certificate which binds securely the Public Key issued to a Certificate Holder acting on behalf of an Entity to the Entity's full legal name and the Certificate Holder's full legal name, and which indicates the validity of the corresponding Private Key.
|
Public Key information
|
(i) Information specific to a single User including the Certificate Holder and which contains at least the User's Distinguishing Name and at least one Public Key for that User. There may be other information regarding the CA, the User, the validity period of the Keys and the identifier of the algorithms.
See also [ISO/IEC 9798-1 (2nd edition ): 1997] [ISO/IEC 11770-1: 1997]
(ii) Information containing at least the entity's distinguished identifier and Public Key. The Public Key information is limited to data regarding one entity, and one Public Key for this entity. There may be other static information regarding the certification authority, the entity, the Public Key, or the involved algorithms, included in the Public Key information.
See [2nd DIS ISO/IEC 11770-3 (08/1997)]
|
Public Officer
|
A Public Officer under the section 252 of the Income Tax Assessment Act 1936.
|
RA
|
Registration Authority
|
RCA
|
Root Certification Authority
|
Register of Australian Business Numbers
|
Established under the A New Tax System (Australian Business Number) Regulations.
|
Registration
|
The process of recording and validating information about an Entity and the corresponding Certificate Holder, as specified by the CP that the Keys and Certificates are to be issued under.
|
Registration Authority
|
Registration Authority - An entity which establishes the identity of Users and registers their certification requirements with a CA.
|
Registration Authority Operations Manual
|
Describes how the RA function will be performed and managed on a day to day basis, and details of the functions and responsibilities of the personnel within the RA.
|
Relying Party
|
Is a person who relies upon the Keys and Certificates of the Certificate Holder to decrypt and/or authenticate a message, transaction or other electronic file.
|
Repudiation
|
Denial by one of the entities involved in a communication of having participated in all or part of the communication.
|
RSA
|
A Cryptographic algorithm developed by Rivest Shamir Adleman and used to support Keys and Certificates.
|
Secondary Certificate
|
An ATO PKI Certificate:
a. for which the initial Certificate request is made by a Primary Certificate Holder who is responsible for establishing the identity of the Secondary Certificate Holder and for gaining the approval of the Entity whose ABN appears in the Primary Certificate Holder's Certificate and will appear in the Secondary Certificate, in order for the Secondary Certificate Holder to transact with ATO on behalf of the Entity;
b. for which subsequent renewals are made by the Secondary Certificate Holder;
c. for which the functionality permitted to the Certificate Holder can be specified, limited or enlarged by any holder of a Primary Certificate of which the ABN is identical to the ABN within the Secondary Certificate.
|
Secondary Certificate Holder
|
A natural person who holds a Secondary Certificate.
|
SE01 Security Policy
|
See Security Policy.
|
SE02: Disaster Recovery and Business Continuity Plan
|
See Disaster Recovery and Business Continuity Plan
|
SE02: Protective Security Risk Review
|
See PSRR.
|
SE04: Protective Security Plan
|
See Protective Security Plan
|
Security Policy
|
The main purpose of a Security Policy is to state what protection is needed for the system and the information it is to process.
|
Standards Australia
|
An Australian organisation whose mission is to develop and promote the use of standards.
|
Steering Committee
|
Peak directional committee for Gatekeeper.
|
Subscriber
|
Means a person who has been issued with a set of Keys and Certificates under the terms of a Certificate Policy Statement to use on behalf of an Entity. The Certificate Holder and the Entity constitutes the Subscriber.
|
Symmetric cryptographic technique
|
A cryptographic technique that uses the same private key for both the originator's and the recipient's transformation. Without knowledge of the private key, it is computationally infeasible to compute either the originator's or the recipient's transformation.
See [ISO/IEC 9798-1 (2nd edition): 1997] [ISO/IEC 11770-1: 1997]
|
Token
|
A message consisting of data fields relevant to a particular communication and which contains information that has been transformed using a cryptographic technique.
|
UniCERT
|
Certification Authority produced by Baltimore Technologies Pty Ltd. It has an ARM, RA, RAO, CA and CAO
|
URI
|
Universal Resource Identifier. The generic set of all names or that are short strings that refer to resources.
|
URL
|
Universal Resource Locator. The set of URI schemes that have explicit instructions on how to access the resource on the Internet. The address of an object that is normally typed in the address field of a web browser.
|
User
|
Any entity (human or machine) outside the ATO PKI including a Certificate Holder that interacts with the ATO PKI.
|
Validation
|
The process of checking the integrity of a message, or selected parts of a message.
See [ISO 8732: 1988]
|
Verification key
|
(i) A value required to verify a cryptographic check value.
See [ISO/IEC 13888-1: 1997]
(ii) A data item which is mathematically related to a User's Authentication Key and which is used by the verifier in the verification process.
See also [FCD ISO/IEC 14888-1 (12/1997)]
See also Authentication Public Key.
|
Vetting
|
The process of acquiring information to assess a person's suitability for Access to classified and/or sensitive material or to a designated secure area.
|
X.500 Directory
|
Hierarchical tree-structured directory of Certificates including Certificate Revocation Lists.
|
Note: Some of the definitions have been adopted from ISO standards.
�