ACCEPT (A CERTIFICATE)
To demonstrate approval of a certificate by a certificate applicant while knowing or having notice of its informational contents, in accordance with the CPS (Certificate Practice Statement).
A specific type of interaction between a submission and communications or information resources that results in a flow of information, the exercise of control, or the activation of a process.
A formal declaration by a VeriSign®-designated approving authority that a particular information system, professional or other employee or contractor, or organization is approved to perform certain duties and to operate in a specific security mode, using a prescribed set of safeguards.
A certificate issued to an affiliated individual. (Cf., AFFILIATED INDIVIDUAL)
A human being that is affiliated with an organization: as an officer, director, employee, partner, contractor, intern, or other person within the organization, or as a person maintaining a contractual relationship with the organization where the organization has business records providing strong assurances of the identity of such person. (Cf., AFFILIATED CERTIFICATE)
AFFIRM / AFFIRMATION
To state or indicate by conduct that data is correct or information is true.
APPLICANT (See CA APPLICANT; CERTIFICATE APPLICANT)
To store records and associated journals for a given period of time for security, backup, or auditing purposes.
Statements or conduct intended to convey a general intention, supported by a good-faith effort, to provide and maintain a specified service by an IA (Issuing Authority). "Assurances" does not necessarily imply a guarantee that the services will be performed fully and satisfactorily. Assurances are distinct from insurance, promises, guarantees, and warranties, unless otherwise expressly indicated.
A procedure used to validate that controls are in place and adequate for their purposes. This includes recording and analyzing activities to detect intrusions or abuses into an information system. Inadequacies found by an audit are reported to appropriate management personnel.
AUTHENTICATE (See AUTHENTICATION)
A signed document with appropriate assurances of authentication or a message with a digital signature verified by a valid Class 3 certificate by a relying party. However, for suspension and revocation notification purposes, the digital signature contained in such notification message must have been created by the private key corresponding to the public key contained in the certificate for the applicable certificate class.
A process used to confirm the identity of a person or to prove the integrity of specific information. Message authentication involves determining its source and verifying that it has not been modified or replaced in transit. (Cf., VERIFY (A DIGITAL SIGNATURE))
AUTHENTICODE™ (See MICROSOFT AUTHENTICODE™; SOFTWARE VALIDATION)
The granting of rights, including the ability to access specific information or resources.
The extent to which information or processes are reasonably accessible and usable, upon demand, by an authorized entity, allowing authorized access to resources and timely performance of time-critical operations.
An affirmation by an IA (Issuing Authority) (or its LRA (Local Registration Authority)) of the relationship between a named entity and its public key.
CA APPLICATION (NON-VERISIGN® CA APPLICATION)
The application submitted to the applicable VeriSign® PCA (Primary Certification Authority) by a non-VeriSign® entity requesting to become a certification authority or subordinate certification authority, and requesting an IA certificate, within VeriSign's public certification services.
A person who submits a CA application to VeriSign® requesting to become a CA or subordinate CA. (Cf., SUBSCRIBER)
CERTIFICATE (PUBLIC KEY CERTIFICATE)
A message (see definition for MESSAGE) that, at least, states a name or identifies the IA, identifies the subscriber, contains the subscriber's public key, identifies the certificate's operational period, contains a certificate serial number, and is digitally signed by the IA. All references to a "Class [1, 2, or 3] certificate" or to a "certificate" without a modifying adjective are intended as references to both "normal" and "provisional" certificates, unless the context requires otherwise. References to a certificate refer exclusively to certificates issued by an IA. (Cf., PROVISIONAL CERTIFICATE)
A person or authorized agent that requests the issuance of a public key certificate by an IA. (Cf., CA APPLICANT; SUBSCRIBER)
A request from a certificate applicant (or authorized agent) to an IA for the issuance of a certificate. (Cf., CERTIFICATE APPLICANT; CERTIFICATE SIGNING REQUEST)
An ordered list of certificates containing an end-user subscriber certificate and IA certificates (See VALID CERTIFICATE)
The time and date specified in the certificate when the operational period ends, without regard to any earlier suspension or revocation.
An extension field to a certificate which may convey additional information about the public key being certified, the certified subscriber, the certificate issuer, and/or the certification process. Standard extensions are defined in Amendment 1 to ISO/IEC 9594-8:1995 (X.509). Custom extensions can also be defined by communities of interest.
A VeriSign® PCS (Public Certification Services) domain of IAs, each categorized with respect to its role in a "tree structure" of subordinate IAs. An IA issues and manages certificates for end-user subscribers and/or for one or more IAs at the next level. Note: an IA in a trust hierarchy must observe uniform practices addressing issues such as naming, maximum number of levels, etc., to assure integrity of the domain and thereby ensure uniform accountability, auditability, and management through the use of trustworthy operational processes.
The actions performed by an IA in creating a certificate and notifying the certificate applicant (anticipated to become a subscriber) listed in the certificate of its contents.
Certificate management includes, but is not limited to storage, dissemination, publication, revocation, and suspension of certificates. An IA undertakes certificate management functions by serving as a registration authority for subscriber certificates. An IA designates issued and accepted certificates as valid by publication.
CERTIFICATE OF AUTHENTICITY
A document issued by an authorized official of the jurisdiction in which an acknowledgment by a notary was taken, such as the secretary of state of a state (U.S.) to authenticate the status of a notary.
CERTIFICATE REVOCATION (See REVOKE A CERTIFICATE)
CERTIFICATE REVOCATION LIST (CRL)
A periodically (or exigently) issued list, digitally signed by an IA, of identified certificates that have been suspended or revoked prior to their expiration dates. The list generally indicates the CRL issuer's name, the date of issue, the date of the next scheduled CRL issue, the suspended or revoked certificates' serial numbers, and the specific times and reasons for suspension and revocation.
CERTIFICATE SERIAL NUMBER
A value that unambiguously identifies a certificate generated by an IA.
CERTIFICATE SIGNING REQUEST (CSR)
A machine-readable form of a certificate application. (Cf., CERTIFICATE APPLICATION)
CERTIFICATE SUSPENSION (See SUSPEND A CERTIFICATE)
CERTIFICATION / CERTIFY
The process of issuing a certificate by an IA.
CERTIFICATION AUTHORITY (CA)
A person (see definition for PERSON) authorized to issue certificates. Under the VeriSign® PCS, a CA is subordinate to a PCA. (Cf., REGISTRATION AUTHORITY;TRUSTED THIRD PARTY)
CERTIFICATION PRACTICE STATEMENT (CPS)
This document, as revised from time to time (representing VeriSign's statement of practices an IA employs in issuing certificates).
CERTIFIER (See ISSUING AUTHORITY)
A set of numbers and/or letters that are chosen by a certificate applicant, communicated to the IA with a certificate application, and used by the IA to authenticate the subscriber for various purposes as required by the CPS. A challenge phrase is also used by a secret share holder to authenticate himself, herself, or itself to a secret share issuer.
CLASS [1, 2, OR 3] CERTIFICATE
A certificate of a specified level of trust.
In the context of electronic commerce, the implementation and use of technology, controls, and administrative and operational procedures that reasonably ensure system and message trustworthiness.
COMMERCIAL SOFTWARE PUBLISHER CERTIFICATE
A Class 3 certificate that is issued to organizations only and is used for software validation. (Cf., INDIVIDUAL SOFTWARE PUBLISHER CERTIFICATE; SOFTWARE VALIDATION)
Some systems of cryptographic hardware require arming through a secret-sharing process and require that the last of these shares remain physically attached to the hardware in order for it to stay armed. In this case, "common key" refers to this last share. It is not assumed to be secret as it is not continually in an individual's possession.
A violation (or suspected violation) of a security policy, in which an unauthorized disclosure of, or loss of control over, sensitive information may have occurred. (Cf., DATA INTEGRITY)
The condition in which sensitive data is kept secret and disclosed only to authorized parties.
To ascertain through appropriate inquiry and investigation. (Cf., AUTHENTICATION; VERIFY A DIGITAL SIGNATURE)
CONFIRMATION OF CERTIFICATE CHAIN
The process of validating a certificate chain and subsequently validating an end-user subscriber certificate.
CONTENT INTEGRITY SERVICES
Content integrity services provide certificates to software publishers who desire to digitally sign their software publications to facilitate their customers' (end-users') ability to undertake software validation.
Measures taken to ensure the integrity and quality of a process.
To belong to the same key pair. (See also PUBLIC KEY; PRIVATE KEY)
A condition in which either or both a VeriSign® PCA and a non-VeriSign® certificate issuing entity (representing another certification domain) issues a certificate having the other as the subject of that certificate.
A clearly specified mathematical process for computation; a set of rules that produce a prescribed result.
CRYPTOGRAPHY (Cf., PUBLIC KEY CRYPTOGRAPHY)
I. The mathematical science used to secure the confidentiality and authentication of data by replacing it with a transformed version that can be reconverted to reveal the original data only by someone holding the proper cryptographic algorithm and key.
II. A discipline that embodies the principles, means, and methods for transforming data in order to hide its information content, prevent its undetected modification, and/or prevent its unauthorized uses.
A trustworthy implementation of a cryptosystem, which safely performs encryption and decryption of data.
Programs, files, and other information stored in, communicated, or processed by a computer.
A set of related information created, stored, or manipulated by a computerized management information system.
DATA CONFIDENTIALITY (See CONFIDENTIALITY)
A condition where data has not been altered or destroyed in an unauthorized manner. (See also THREAT; cf., COMPROMISE)
A certificate issued by an IA to be used exclusively for demonstration and presentation purposes and not for any secure or confidential communications. Demo certificates may be used by authorized persons only.
DENIAL OF SERVICE (See AVAILABILITY)
DIGITAL IDSM (See CERTIFICATE)
A VeriSign® service mark and brand name for a certificate.
A transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's public key can accurately determine whether the transformation was created using the private key that corresponds to the signer's public key and whether the message has been altered since the transformation was made.
DIRECTORY (Cf., REPOSITORY)
A set of data that identifies a real-world entity, such as a person in a computer-based context. (e.g., countryName=US, state=California, organizationName=Electronic Inc., commonName=JohnDoe).
A record consisting of information inscribed on a tangible medium such as paper rather than computer-based information. (Cf., MESSAGE; RECORD)
ELECTRONIC MAIL ("E-MAIL")
Messages sent, received or forwarded in digital form via a computer-based communication mechanism.
EMPLOYEE IN GOOD STANDING
A non-probationary employee that has not been terminated or suspended, and is not the subject of pending disciplinary action, by his or her employer.
The process of transforming plaintext data into an unintelligible form (cipher text) such that the original data either cannot be recovered (one-way encryption) or cannot be recovered without using an inverse decryption process (two-way encryption).
A subscriber which is not also an IA.
The use of an extended organization field (OU=) in an X.509 v3 certificate.
The process of a certificate applicant's applying for a certificate.
ENTITY (See PERSON)
EXPORT CONTROL CERTIFICATE
A certificate-based service that allows approved server certificate subscribers to operate in a strong encryption mode, and as a result, allows a browser accessing such a server to also operate in such strong encryption mode.
Extension fields in X.509 v3 certificates. (See X.509)
FILE TRANSFER PROTOCOL (FTP)
The application protocol that offers file system access from the Internet suite of protocols.
A certificate issued by an IA such that the IA does not charge the subscriber a fee for the certificate or otherwise receive compensation.
FTP (See FILE TRANSFER PROTOCOL)
GENERATE A KEY PAIR
A trustworthy process of creating private keys during certificate application whose corresponding public key are submitted to the applicable IA during certificate application in a manner that demonstrates the applicant's capacity to use the private key.
HASH (HASH FUNCTION)
An algorithm that maps or translates one set of bits into another (generally smaller) set in such a way that:
I. A message yields the same result every time the algorithm is executed using the same message as input.
II. It is computationally infeasible for a message to be derived or reconstituted from the result produced by the algorithm.
III. It is computationally infeasible to find two different messages that produce the same hash result using the same algorithm.
IA (See ISSUING AUTHORITY)
A certificate issued by an authorized superior IA to a subordinate IA. (See SUPERIOR IA; SUBORDINATE IA; cf., CERTIFICATE)
The process of confirming the identity of a person. Identification is facilitated in public key cryptography by means of certificates.
A unique piece of information that marks or signifies a particular entity within a domain. Such information is only unique within a particular domain.
INCORPORATE BY REFERENCE
To make one message a part of another message by identifying the message to be incorporated, with information that enables the receiving party to access and obtain the incorporated message in its entirety, and by expressing the intention that it be part of the incorporating message. Such an incorporated message shall have the same effect as if it had been fully stated in the message to the extent permitted by law.
INDIVIDUAL SOFTWARE PUBLISHER CERTIFICATE
A Class 2 certificate that is issued to individuals only and is used for software validation. (Cf., COMMERCIAL SOFTWARE PUBLISHER CERTIFICATE; SOFTWARE VALIDATION)
INTEGRITY (See DATA INTEGRITY)
ISSUING A CERTIFICATE (See CERTIFICATE ISSUANCE)
ISSUER (See ISSUING AUTHORITY)
ISSUING AUTHORITY (IA)
Within VeriSign's PCS, the VR (VeriSign® Root), PCA, or CA (or subordinate CA) that issues, suspends, or revokes a certificate. IAs are identified by a distinguished name on all certificates and CRLs they issue. With prior approval by VeriSign®, an IA may delegate the responsibility to evaluate and approve or reject certificate applications to one or more LRAs not owned or operated by the IA under CPS Section 2.1.3. When such delegation occurs and where the context requires, the term "IA" in this CPS shall include such LRAs with respect to the delegating IA's obligations, representations, warranties, and disclaimers.
The trustworthy process of creating a private key/public key pair. The public key is supplied to an IA during the certificate application process.
A private key and its corresponding public key. The public key can verify a digital signature created by using the corresponding private key. In addition, depending upon the type of algorithm implemented, key pair components can also encrypt and decrypt information for confidentiality purposes, in which case a private key uniquely can reveal information encrypted by using the corresponding public key.
LOCAL REGISTRATION AUTHORITY (LRA)
An entity approved by an IA to assist persons in applying for certificates, revoking (or where authorized, suspending) their certificates, or both and also approving such applications. An LRA is not the agent of a certificate applicant. An LRA may not delegate the authority to approve certificate applications other than to authorized LRAAs (Local Registration Authority Administrator) of the LRA. (Cf., LOCAL REGISTRATION AUTHORITY ADMINISTRATOR)
LOCAL REGISTRATION AUTHORITY ADMINISTRATOR (LRAA)
An employee of an LRA that is responsible for carrying out the functions of an LRA. (Cf., LOCAL REGISTRATION AUTHORITY)
A digital representation of information; a computer-based record. A subset of RECORD. (Cf., RECORD)
MESSAGE INTEGRITY (See DATA INTEGRITY)
MICROSOFT AUTHENTICODETM (See SOFTWARE VALIDATION)
A set of identifying attributes purported to describe an entity of a certain type.
Naming is the assignment of descriptive identifiers to objects of a particular type by an authority which follows specific issuing procedures and maintains specific records pertinent to an identified registration process. (Cf., NAMING AUTHORITY; VERISIGN® NAMING AUTHORITY)
A body which executes naming policy and procedures and has control over the registration and assignment of primitive (basic) names to objects of a particular class. (Cf., NAMING; VERISIGN® NAMING AUTHORITY)
NETSURESM PROTECTION PLAN
The VeriSign® branded service that provides enhanced warranty protection and that is backed by USF&G (United States Fidelity and Guarantee Insurance Company). This service will become available shortly.
Provides proof of the origin or delivery of data in order to protect the sender against a false denial by the recipient that the data has been received or to protect the recipient against false denial by the sender that the data has been sent. Note: Only a trier of fact (someone with the authority to resolve disputes) can make an ultimate determination of nonrepudiation. By way of illustration, a digital signature verified pursuant to this CPS can provide proof in support of a determination of nonrepudiation by a trier of fact, but does not by itself constitute nonrepudiation.
NONVERIFIED SUBSCRIBER INFORMATION (NSI)
Information submitted by a certificate applicant to an IA, and included within a certificate, which has not been confirmed by the IA and for which the IA provides no assurances other than that the information was submitted by the certificate applicant. Information such as titles, professional degrees, accreditations, and registration field information are considered NSI unless otherwise indicated.
An IA that is not owned or operated by VeriSign®. (Cf., ISSUING AUTHORITY)
NON-VERISIGN® ORGANIZATIONAL LRA
An LRA that is not owned or operated by VeriSign® and is restricted to performing LRA functions in connection with certificates issued to affiliated individuals that are affiliated with it. (See CPS Section 2.5.4; Cf., LOCAL REGISTRATION AUTHORITY; AFFILIATED INDIVIDUALS)
NORMAL CERTIFICATE (See CERTIFICATE)
A natural person authorized by an executive governmental agency to perform notarial services such as taking acknowledgments, administering oaths or affirmations, witnessing or attesting signatures, and noting protests of negotiable instruments. In Japan, a natural person is appointed and authorized by the Minister of Legal Affairs to perform such duties as prescribed in the Notary Public Law.
The result of notification in accordance with this CPS.
To communicate specific information to another person as required by this CPS and applicable law.
Communications that provide a real-time connection to the VeriSign® PCS (Public Certification Services).
A certificate which is within its operational period at the present date and time or at a different specified date and time, depending on the context.
The period starting with the date and time a certificate is issued (or on a later date and time if stated in the certificate) and ending with the date and time on which the certificate expires or is earlier suspended or revoked.
An entity with which a user is affiliated. An organization may also be a user.
A person by whom (or on whose behalf) a data message is purported to have been generated, stored, or communicated. It does not include a person acting as an intermediary.
The entities whose rights and obligations are intended to be controlled by this CPS. These entities may include certificate applicants, IAs, subscribers, and relying parties. (See USER; ISSUING AUTHORITY; RELYING PARTY)
PASSWORD (PASS PHRASE; PIN NUMBER)
Confidential authentication information, usually composed of a string of characters used to provide access to a computer resource.
PC CARD (See also SMART CARD)
A hardware token compliant with standards promulgated by the Personal Computer Memory Card International Association (PCMCIA) providing expansion capabilities to computers, including the facilitation of information security.
A human being or an organization (or a device under the control of a human being or organization) capable of signing or verifying a message, either legally or as a matter of fact. (A synonym of ENTITY.)
The act of appearing (physically rather than virtually or figuratively) before an LRA or its designee and proving one's identity as a prerequisite to certificate issuance under certain circumstances.
A set of IAs whose functions are organized according to the principle of delegation of authority and related to each other as subordinate and superior IA.
PLEDGE (See SOFTWARE PUBLISHER'S PLEDGE)
PRIMARY CERTIFICATION AUTHORITY (PCA)
A person that establishes practices for all certification authorities and users within its domain.
A mathematical key (kept secret by the holder) used to create digital signatures and, depending upon the algorithm, to decrypt messages or files encrypted (for confidentiality) with the corresponding public key. (See also PUBLIC KEY CRYPTOGRAPHY; PUBLIC KEY)
A Class 2 certificate during the first 21 days of its operational period that is issued upon the successful completion of all required IA-internal validation procedures with respect to a Class 2 certificate application. The provisional state denotes that further validation of the certificate application regarding the subscriber's identity will be completed through a postal address "mail-back" procedure. (Cf., CERTIFICATE)
PUBLIC CERTIFICATION SERVICES (See VERISIGN® PUBLIC CERTIFICATION SERVICES)
A mathematical key that can be made publicly available and which is used to verify signatures created with its corresponding private key. Depending on the algorithm, public keys are also used to encrypt messages or files which can then be decrypted with the corresponding private key. (See also PUBLIC KEY CRYPTOGRAPHY; PRIVATE KEY)
PUBLIC KEY CERTIFICATE (See CERTIFICATE)
PUBLIC KEY CRYPTOGRAPHY (Cf., CRYPTOGRAPHY)
A type of cryptography that uses a key pair of mathematically related cryptographic keys. The public key can be made available to anyone who wishes to use it and can encrypt information or verify a digital signature; the private key is kept secret by its holder and can decrypt information or generate a digital signature.
PUBLIC KEY INFRASTRUCTURE (PKI)
The architecture, organization, techniques, practices, and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system. The PKI consists of systems which collaborate to provide and implement the PCS and possibly other related services.
PUBLIC/PRIVATE KEY PAIR (See PUBLIC KEY; PRIVATE KEY; KEY PAIR)
PUBLISH / PUBLICATION
To record or file information in the VeriSign® repository and optionally in one or more other repositories in order to disclose and make publicly available such information in a manner that is consistent with this CPS and applicable law.
QUALIFIER (See VERISIGN® QUALIFIER)
RECIPIENT (of a DIGITAL SIGNATURE)
A person who receives a digital signature and who is in a position to rely on it, whether or not such reliance occurs. (Cf., RELYING PARTY)
Information that is inscribed on a tangible medium (a document) or stored in an electronic or other medium and retrievable in perceivable form. The term "record" is a superset of the two terms "document" and "message". (Cf., DOCUMENT; MESSAGE)
RE-ENROLLMENT (Cf., RENEWAL)
A class of object, subject to registration and recording procedures which demonstrates the value is unambiguous within the records of the registration authority. The type of value recorded is a string of characters.
An entity trusted to register other entities and assign them a relative distinguished value such as a distinguished name or, a hash of a certificate. A registration scheme for each registration domain ensures that each registered value is unambiguous within that domain. (Cf., CERTIFICATION AUTHORITY)
REGISTRATION FIELD INFORMATION
Country, zip code, age, and gender data included within designated certificates at the option of the subscriber.
RELATIVE DISTINGUISHED NAME (RDN)
A set of attributes compromising an entity's distinguished name that differentiates the entity from others of the same type.
RELY / RELIANCE (on a CERTIFICATE and DIGITAL SIGNATURE)
To accept a digital signature and act in a manner that could be detrimental to oneself whereby the digital signature is ineffective. (Cf., RELYING PARTY; RECIPIENT)
A recipient who acts in reliance on a certificate and digital signature. (Cf., RECIPIENT; RELY OR RELIANCE (on a CERTIFICATE and DIGITAL SIGNATURE))
The process of obtaining a new certificate of the same class and type for the same subject once an existing certificate has expired.
A database of certificates and other relevant information accessible on-line.
REPUDIATION (See also NONREPUDIATION)
The denial or attempted denial by an entity involved in a communication of having participated in all or part of the communication.
REVOKE A CERTIFICATE
The process of permanently ending the operational period of a certificate from a specified time forward, prior to the certificates expiration date.
The IA that issues the first certificate in a certification chain. The root's public key must be known in advance by a certificate user in order to validate a certification chain. The root’s public key is made trustworthy by some mechanism other than a certificate, such as by secure physical distribution.
A public key cryptographic system invented by Rivest, Shamir & Adelman.
A portion of a cryptographic secret split among a number of physical tokens.
SECRET SHARE HOLDER
An authorized holder of a physical token containing a secret share.
SECRET SHARE ISSUER
The person designated by an IA to create and distribute secret shares.
SECRET SHARING (See also SECRET SHARE)
The practice of distributing secret shares of a private key to a number of secret share holders; threshold-based splitting of keys.
A cryptographically enhanced communications path that protects messages against perceived security threats.
The quality or state of being protected from unauthorized access or uncontrolled losses or effects. Absolute security is impossible to achieve in practice and the quality of a given security system is relative. Within a state-model security system, security is a specific "state" to be preserved under various operations.
A document which articulates requirements and good practices regarding the protections maintained by a trustworthy system in support of the PCS.
Services provided by a set of security frameworks and performed by means of certain security mechanisms. Such services include, but are not limited to, access control, data confidentiality, and data integrity.
SELF-SIGNED PUBLIC KEY
A data structure that is constructed the same as a certificate but that is signed by its subject. Unlike a certificate, a self-signed public key cannot be used in a trustworthy manner to authenticate a public key to other parties. A PCA self-signed public key digitally signed by the VR shall constitute a certificate. (Cf., CERTIFICATE)
SERIAL NUMBER (See CERTIFICATE SERIAL NUMBER)
A computer system that responds to requests from client systems.
To create a digital signature for a message, or to affix a signature to a document, depending upon the context.
A method that is used or adopted by a document originator to identify himself or herself, which is either accepted by the recipient or its use is customary under the circumstances. (Cf., DIGITAL SIGNATURE)
A person who creates a digital signature for a message, or a signature for a document.
A hardware token that incorporates one or more integrated circuit (IC) chips to implement cryptographic functions and that possesses some inherent resistance to tampering.
A specification for E-mail security exploiting a cryptographic message syntax in an Internet MIME environment.
A subscriber who obtained a special certificate used to digitally sign software with the Microsoft AuthenticodeTM system. Subscribers may also obtain other Class 2 and 3 certificates that may be used to sign content, including software, but the subscribers of such other certificates are not software publishers as defined in the CPS. (Cf., INDIVIDUAL SOFTWARE PUBLISHER CERTIFICATE; COMMERCIAL SOFTWARE PUBLISHER CERTIFICATE)
SOFTWARE PUBLISHER'S CERTIFICATE REVOCATION STATUS SERVICE
An automated, on-line status service used to support software validation, provided exclusively for software publisher's certificates. The service is automatically (and exclusively) invoked upon the downloading of software digitally signed with a software publisher's certificate. That is, upon receipt of such digitally signed software, the Web browser's authentication module automatically establishes a connection to VeriSign® and queries a VeriSign® server to validate the software publisher's certificate. The service returns to the Web browser a digitally signed status message. The service's data is VeriSign® repository-based and is updated daily. The service is exclusively available to users of Microsoft Internet Explorer Web browsers. (Cf., SOFTWARE PUBLISHER'S PLEDGE; SOFTWARE VALIDATION)
SOFTWARE PUBLISHER'S PLEDGE
The representations and guarantees made by individual and commercial software publishers as stated in the CPS.
VeriSign® services which provide assurances in accordance with the CPS and the software publisher's pledge of an individual or commercial software publisher (for Microsoft AuthenticodeTM Only) that digitally-signed software was duly published by the subject of the corresponding VeriSign®-issued certificate and has not been modified since it was digitally signed. (Cf., INDIVIDUAL SOFTWARE PUBLISHER CERTIFICATE; COMMERCIAL SOFTWARE PUBLISHER CERTIFICATE; SOFTWARE PUBLISHER'S PLEDGE; VALIDATION (OF CERTIFICATE APPLICATION))
SUBJECT (OF A CERTIFICATE)
The holder of a private key corresponding to a public key. The term "subject" can refer to either the equipment or the device that holds a private key and to the individual person, if any, who controls that equipment or device. A subject is assigned an unambiguous name which is bound to the public key contained in the subject's certificate.
The unambiguous value in the subject name field of a certificate which is bound to the public key.
Within the VeriSign® PKI architecture's hierarchy of IAs, each IA is either the VR (Verisign® Root), a PCA, a CA or a "subordinate CA". The subordinate IA of the VR is a PCA; the PCA's subordinate IA is a CA; a CA's subordinate IA is a subordinate CA. If present, a subordinate CA's subordinate IA is yet another subordinate CA. (Cf., SUPERIOR IA)
A person who is the subject of, has been issued a certificate, and is capable of using, and authorized to use, the private key that corresponds to the public key listed in the certificate. (See also SUBJECT; cf., CERTIFICATE APPLICANT; USER)
The agreement (See Subscriber Agreement) executed between a subscriber and an IA for the provision of designated public certification services in accordance with this CPS.
Information supplied to a certification authority as part of a certificate application. (Cf., CERTIFICATE APPLICATION)
Within the VeriSign® PKI architecture's hierarchy of IAs, each IA is either the VR, a PCA, a CA or a "subordinate CA". The superior IA of a subordinate CA is either another subordinate CA or a CA; a CA's superior is a PCA; a PCA's superior is either the VR, or itself. The VR is its own superior IA. (Cf., SUBORDINATE IA)
SUSPEND A CERTIFICATE
A temporary "hold" placed on the effectiveness of the operational period of a certificate without permanently revoking the certificate. A certificate suspension is invoked by, e.g., a CRL entry with a reason code. (Cf., REVOKE A CERTIFICATE)
A certificate issued by an IA for the limited purpose of internal technical testing. Test certificates may be used by authorized persons only. (See CPS Section 2.2.4).
A circumstance or event with the potential to cause harm to a system, including the destruction, unauthorized disclosure, or modification of data and/or denial of service.
A notation that indicates (at least) the correct date and time of an action, and identity of the person or device that sent or received the time stamp.
A hardware security token containing a user's private key(s), public key certificate, and, optionally, a cache of other certificates, including all certificates in the user's certification chain.
A computer-based transfer of business information which consists of specific processes to facilitate communication over global networks.
Generally, the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity and an IA. An authenticating entity must be certain that it can trust the IA to create only valid and reliable certificates, and users of those certificates rely upon the authenticating entity's determination of trust.
A person who serves in a trusted position and is qualified to serve in it in accordance with this CPS. (Cf., TRUST; TRUSTED POSITION; TRUSTED THIRD PARTY; TRUSTWORTHY SYSTEM)
A role within an IA that includes access to or control over cryptographic operations that may materially affect the issuance, use, suspension, or revocation of certificates, including operations that restrict access to a repository.
A trusted root is a public key which has been confirmed as bound to an IA by a user or system administrator. Software and systems implementing authentication based on public cryptography and certificates assume that this key value has been correctly obtained. It is confirmed by always accessing it from a trusted system repository to which only identified and trusted administrators have modification authorizations.
TRUSTED THIRD PARTY
In general, an independent, unbiased third party that contributes to the ultimate security and trustworthiness of computer-based information transfers. A trusted third party does not connote the existence of a trustor-trustee or other fiduciary relationship. (Cf., TRUST)
Computer hardware, software, and procedures that are reasonably secure from intrusion and misuse; provide a reasonable level of availability, reliability, and correct operation; are reasonably suited to performing their intended functions; and enforce the applicable security policy. A trustworthy system is not necessarily a "trusted system" as recognized in classified government nomenclature.
TYPE (OF CERTIFICATE)
The defining properties of a certificate which limit its intended purpose to a class of applications uniquely associated with that type.
UNAMBIGUOUS NAME (See DISTINGUISHED NAME)
UNIFORM RESOURCE LOCATOR (URL)
A standardized device for identifying and locating certain records and other resources located on the World Wide Web (WWW).
An authorized entity that uses a certificate as applicant, subscriber, recipient or relying party, but not including the IA issuing the certificate. (Cf., CERTIFICATE APPLICANT; ENTITY; PERSON; SUBSCRIBER)
A certificate issued by an IA and accepted by the subscriber listed in it.
VALIDATE A CERTIFICATE (i.e., of an END-USER SUBSCRIBER CERTIFICATE)
The process performed by a recipient or relying party to confirm that an end-user subscriber certificate is valid and was operational at the date and time a pertinent digital signature was created.
VALIDATE A CERTIFICATE CHAIN
For each certificate in a chain, the process performed by the recipient or relying party to authenticate the public key (in each certificate), confirm that each certificate is valid, was issued within the operational period of the corresponding IA certificate, and that all parties (IAs, end-user subscribers, recipients, and relying parties) have operated in accordance with this CPS as to all certificates in the chain.
VALIDATION (OF CERTIFICATE APPLICATION)
The process performed by the IA (or its LRA) following submission of a certificate application as a prerequisite to approval of the application and the issuance of a certificate. (Cf., AUTHENTICATION; SOFTWARE VALIDATION)
VALIDATION (OF SOFTWARE) (See SOFTWARE VALIDATION)
VERIFY (a DIGITAL SIGNATURE)
In relation to a given digital signature, message, and public key, to determine accurately that the digital signature was created during the operational period of a valid certificate by the private key corresponding to the public key contained in the certificate and the associated message has not been altered since the digital signature was created. (Cf., AUTHENTICATION; CONFIRM)
VERISIGN® NAMING AUTHORITY
A VeriSign® registration authority that establishes and enforces controls over and has decision-making authority regarding the issuance of relative distinguished names for all IAs (but not for end-user subscribers). (Cf., NAMING AUTHORITY).
VERISIGN® PUBLIC CERTIFICATION SERVICES (PCS)
The certification system provided by VeriSign® and any VeriSign®-authorized IAs described in this CPS.
A data syntax facilitating the representation of a set of values which restrict the meaning of the VeriSign® CPS. The qualifier value augments the standard certificate policy extension present in all certificates according to the rules defined by X.509 for that extension type.
VERISIGN® ROOT (VR)
An IA that registers PCAs by registering the self-signed public key of each PCA.
VERISIGN® SECURITY POLICY (VSP)
The document describing VeriSign's internal security policies.
WORLD WIDE WEB (WWW)
A hypertext-based, distributed information system in which users may create, edit, or browse hypertext documents. A graphical document publishing and retrieval medium; a collection of linked documents that reside on the Internet.
Information in a record that is accessible and usable for subsequent reference.
The ITU-T (International Telecommunications Union-T) standard for certificates. X.509 v3 refers to certificates containing or capable of containing extensions.
Copyright © 2000, VeriSign, Inc. All Rights Reserved