Too Cool for Internet Explorer

GIST v0.7 ― E
“EAP” to “extranet”

E

- EAL n. 
See: evaluation assurance level
- EAP n. 
See: Extensible Authentication Protocol
- Easter egg n. 
NIST IR 7298 (2006)
SP 800-28
Hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be non-threatening.
- eavesdropping n. 
ISO/IEC 2382-8:1998
The unauthorized interception of information-bearing emanations.
RFC 2828 (2000)
(I) Passive wiretapping done secretly, i.e., without the knowledge of the originator or the intended recipients of the communication.
SCA ISCTAG (2007)
The interception of communications between a reader and a credential during transmission by unintended recipients. Messages can be protected against eavesdropping by employing a security service usually implemented by encryption.
NIST SP 800-63-1 DRAFT (2008)
eavesdropping attack
An attack in which an attacker listens passively to the authentication protocol to capture information which can be used in a subsequent active attack to masquerade as the claimant.
- ECB n. 
See: electronic codebook.
- ECDSA n. 
See: Elliptic Curve Digital Signature Algorithm.
- e-commerce n. 
See: electronic commerce
- economy of mechanism n. 
RFC 2828 (2000)
(I) The principle that each security mechanism should be designed to be as simple as possible, so that the mechanism can be correctly implemented and so that it can be verified that the operation of the mechanism enforces the containing system’s security policy. (See: least privilege.)
- EDI n. 
See: electronic data interchange.
- EDIFACT n. 
See: (secondary definition under) electronic data interchange.
- education n. 
See also: awareness, awareness and training program, and training.
NIST IR 7298 (2006)
SP 800-50
education (information security)
Education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge… and strives to produce IT security specialists and professionals capable of vision and pro-active response.
SP 800-50
IT security education seeks to integrate all of the security skills and competencies of the various functional specialties into a common body of knowledge, adds a multidisciplinary study of concepts, issues, and principles (technological and social), and strives to produce IT security specialists and professionals capable of vision and pro-active response.
Two different definitions from the same source document… ? Well, clearly they’re essentially the same: maybe it’s just a transcription error by the author of NIST IR 7298.
- EE n. 
RFC 2828 (2000)
(D) ISDs SHOULD NOT use this abbreviation because of possible confusion among end entity, end-to-end encryption, escrowed encryption standard, and other terms.
- EES n. 
See: Escrowed Encryption Standard.
- effect n. 
OASIS XACML 2.0 (2005)
The intended consequence of a satisfied rule (either Permit or Deny).
- egress filtering n. 
NIST IR 7298 (2006)
SP 800-61
The process of blocking outgoing packets that use obviously false Internet Protocol (IP) addresses, such as source addresses from internal networks.
- eigenface n. 
iAfB-ICSA 1999
A method of representing a human face as a linear deviation from a mean or average face. (See: biometric characteristic.)
- eigenhead n. 
iAfB-ICSA 1999
The three-dimensional version of eigenface that also analyses the shape of the head. (See: biometric characteristic.)
- either/or multimodal adj. 
See (secondary definition under): multimodal.
- El Gamal algorithm n. 
RFC 2828 (2000)
(N) An algorithm for asymmetric cryptography, invented in 1985 by Taher El Gamal, that is based on the difficulty of calculating discrete logarithms and can be used for both encryption and digital signatures. [ElGa, Schn]
- electronic authentication, - e-authentication n. 
See: (secondary definition under) authentication.
- electronic codebook (ECB) n. 
RFC 2828 (2000)
(I) An block cipher mode in which a plaintext block is used directly as input to the encryption algorithm and the resultant output block is used directly as ciphertext [FP081].
- electronic commerce (e-commerce) n. 
RFC 2828 (2000)
(I) general usage: Business conducted through paperless exchanges of information, using electronic data interchange, electronic funds transfer (EFT), electronic mail, computer bulletin boards, facsimile, and other paperless technologies.
(O) SET usage: “The exchange of goods and services for payment between the cardholder and merchant when some or all of the transaction is performed via electronic communication.” [SET2]
- electronic credential n. 
See: (secondary definition under): credentials.
- electronic data interchange (EDI) n. 
RFC 2828 (2000)
(I) Computer-to-computer exchange, between trading partners, of business data in standardized document formats.
(C) EDI formats have been standardized primarily by ANSI X12 and by EDIFACT (EDI for Administration, Commerce, and Transportation), which is an international, UN-sponsored standard primarily used in Europe and Asia. X12 and EDIFACT are aligning to create a single, global EDI standard.
- electronic evidence n. 
NIST IR 7298 (2006)
SP 800-72
Information and data of investigative value that is stored on or transmitted by an electronic device.
- electronic key entry n. 
NIST IR 7298 (2006)
FIPS 140-2
The entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device. (The operator of the key may have no knowledge of the value of the key being entered.)
- Electronic Product Code (EPC) n.
The Electronic Product Code (EPC) is a low-cost method of tracking goods using RFID technology, created by the MIT Auto-ID Center (a consortium of over 120 global corporations and university labs) as an eventual successor to the bar code. The EPC system is managed by EPCglobal.
- electronic signature n. 
RFC 2828 (2000)
(D) ISDs SHOULD NOT use this term because there is no current consensus on its definition. (Instead, see: digital signature.)
The term electronic signature is generally used to describe a superset of signature mechanisms, including but not limited to message authentication codes and digital signatures.
- electronic trust service (ETS) n.
IAEG LIAF (2008)
A service that enhances trust and confidence in electronic transactions, typically but not necessarily using cryptographic techniques or involving confidential material such as PINs and passwords.
- electronic trust service provider (ETSP) n.
IAEG LIAF (2008)
An entity that provides one or more electronic trust services.
- element n.
SC 27 SD 6 (2002)
ISO/IEC 15408-1: 1999
An indivisible security requirement.
ISO/IEC WD 15443-1 (11/2001)
security element
An indivisible security requirement.
- elliptic curve cryptography (ECC) n. 
RFC 2828 (2000)
(I) A type of asymmetric cryptography based on mathematics of groups that are defined by the points on a curve.
(C) The most efficient implementation of ECC is claimed to be stronger per bit of key (against cryptanalysis that uses a brute force attack) than any other known form of asymmetric cryptography. ECC is based on mathematics different than the kinds originally used to define the Diffie-Hellman algorithm and the Digital Signature Algorithm. ECC is based on the mathematics of groups defined by the points on a curve, where the curve is defined by a quadratic equation in a finite field. ECC can be used to define both an algorithm for key agreement that is an analog of Diffie-Hellman and an algorithm for digital signature that is an analog of DSA. (See: ECDSA.)
- Elliptic Curve Digital Signature Algorithm (ECDSA) n. 
RFC 2828 (2000)
(N) A standard [A9062] that is the elliptic curve cryptography analog of the Digital Signature Algorithm.
- emanation n. 
ISO/IEC 2382-8:1998
compromising emanation Signals that are unintentionally emitted and that, if intercepted and analyzed, may reveal sensitive information being processed or transmitted. Examples: acoustic emanation, electromagnetic emanation.
RFC 2828 (2000)
(I) A signal (electromagnetic, acoustic, or other medium) that is emitted by a system (through radiation or conductance) as a consequence (i.e., byproduct) of its operation, and that may contain information. (See: TEMPEST.)
- emanations security (EMSEC) n. 
RFC 2828 (2000)
(I) Physical constraints to prevent information compromise through signals emanated by a system, particular the application of TEMPEST technology to block electromagnetic radiation.
- emergency plan n. 
RFC 2828 (2000)
(D) A synonym for contingency plan. In the interest of consistency, ISDs SHOULD use contingency plan instead of emergency plan.
- EMSEC n. 
See: emanations security.
- EMV n. 
RFC 2828 (2000)
(I) An abbreviation of Europay, MasterCard, Visa. Refers to a specification for smart cards that are used as payment cards, and for related terminals and applications. [EMV1, EMV2, EMV3]
- Encapsulating Security Payload (ESP) n. 
RFC 2828 (2000)
(I) An Internet IPsec protocol [R2406] designed to provide a mix of security services – especially data confidentiality service – in the Internet Protocol. (See: Authentication Header.)
(C) ESP may be used alone, or in combination with the IPsec AH protocol, or in a nested fashion with tunneling. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a host and a gateway. The ESP header is encapsulated by the IP header, and the ESP header encapsulates either the upper layer protocol header (transport mode) or an IP header (tunnel mode). ESP can provide data confidentiality service, data origin authentication service, connectionless data integrity service, an anti-replay service, and limited traffic flow confidentiality. The set of services depends on the placement of the implementation and on options selected when the security association is established.
- encipher n. 
RFC 2828 (2000)
(D) ISDs SHOULD NOT use this term as a synonym for encrypt. However, see the usage note under encryption.
- encipherment n. 
RFC 2828 (2000)
(D) ISDs SHOULD NOT use this term as a synonym for encryption, except in special circumstances that are explained in the usage discussion under encryption.
- encipherment algorithm n.
SC 27 SD 6 (2002)
ISO/IEC WD 18033-1 (12/2001)
Alternative term for encryption algorithm.
- encode n. 
RFC 2828 (2000)
(I) Use a system of symbols to represent information, which might originally have some other representation. (See: decode.)
(C) Examples include Morse code, ASCII, and BER.
(D) ISDs SHOULD NOT use this term as a synonym for encrypt, because encoding is not usually intended to conceal meaning.
- encrypt n. 
RFC 2828 (2000)
(I) Cryptographically transform data to produce ciphertext. (See: encryption.)
- encrypted key n. 
NIST IR 7298 (2006)
FIPS 140-2
A cryptographic key that has been encrypted using an approved security function with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key.
- encrypted network n. 
NIST IR 7298 (2006)
SP 800-32
A network on which messages are encrypted (e.g. using DES, AES, or other appropriate algorithms) to prevent reading by unauthorized parties.
- encryption n. 
Encrypt(ion) and decrypt(ion) are common in English-speaking countries, while encipher(ment) and decipher(ment) seem to be the preferred English term in continental Europe… but in either case the result is ciphertextnot cryptotext.
ISO/IEC 2382-8:1998
encryption, encipherment
The cryptographic transformation of data. Notes: The result of encryption is ciphertext. The reverse process is called decryption. See also asymmetric cryptography, symmetric cryptography, one-way encryption.
iAfB-ICSA 1999
The act of converting biometric data into a code so that people will be unable to read it. A key or a password is used to decrypt (decode) the encrypted biometric data.
Note: Clearly, this definition is specific to biometric systems. Oh, and “decode” should be avoided in this context.
RFC 2828 (2000)
(I) Cryptographic transformation of data (called plaintext) into a form (called ciphertext) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called decryption, which is a transformation that restores encrypted data to its original state. (See: cryptography.)
(C) usage note: For this concept, ISDs should use the verb [to] encrypt (and related variations: encryption, decrypt, and decryption). However, because of cultural biases, some international usage, particularly ISO and CCITT standards, avoids [to] encrypt and instead uses the verb [to] encipher (and related variations: encipherment, decipher, decipherment).
(O) “The cryptographic transformation of data (see: cryptography) to produce ciphertext.” [I7498 Part 2]
(C) Usually, the plaintext input to an encryption operation is cleartext. But in some cases, the plaintext may be ciphertext that was output from another encryption operation. (See: superencryption.)
(C) Encryption and decryption involve a mathematical algorithm for transforming data. In addition to the data to be transformed, the algorithm has one or more inputs that are control parameters: (a) a key value that varies the transformation and, in some cases, (b) an initialization value that establishes the starting state of the algorithm.
SC 27 SD 6 (2002)
ISO/IEC CD 10116 (12/2001)
encipherment
The (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the data.
ISO/IEC 9797-1: 1999, ISO/IEC 9798-1: 1997, ISO/IEC 11770-1: 1996, ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)
encipherment
The (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e., to hide the information content of the data.
ISO/IEC WD 18033-1 (12/2001)
encipherment
Alternative term for encryption.
encryption
(Reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e. to hide the information content of the data.
NIST IR 7298 (2006)
SP 800-46
Encryption is the conversion of data into a form, called a ciphertext, which cannot be easily understood by unauthorized people.
FIPS 185
Conversion of plaintext to ciphertext through the use of a cryptographic algorithm.
SP 800-21 [2ndEd]
The process of changing plaintext into ciphertext for the purpose of security or privacy.
JTC 1/SC 37 (2006⇒2008) – A.2.8
(Reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e., to hide the information content of the data.
Note: Definition Source: ISO 18033-1 (via SC27 SD6).
SCA ISCTAG (2007)
The process of translating information into a code that can only be read if the reader has access to the key that was used to encrypt it. There are two main types of encryption – asymmetric (or public key) and symmetric (or secret key).
The first part of this definition is true only for symmetric encryption! For asymmetric encryption, the “code” (i.e., cyphertext; see: code) can be read only using a different key (the reader’s private key) from the one used to encrypt it (the public key).
- encryption algorithm n.
See: cipher.
- encryption certificate n. 
RFC 2828 (2000)
(I) A public-key certificate that contains a public key that is intended to be used for encrypting data, rather than for verifying digital signatures or performing other cryptographic functions.
(C) A v3 X.509 public-key certificate may have a keyUsage extension that indicates the purpose for which the certified public key is intended.
NIST IR 7298 (2006)
SP 800-32
A certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes.
- end entity n. 
RFC 2828 (2000)
(I) A system entity that is the subject of a public-key certificate and that is using, or is permitted and able to use, the matching private key only for a purpose or purposes other than signing a digital certificate; i.e., an entity that is not a CA.
(D) “A certificate subject which uses its public [sic] key for purposes other than signing certificates.” [X509]
(C) ISDs SHOULD NOT use the X.509 definition, because it is misleading and incomplete. First, the X.509 definition should say private key rather than public key because certificates are not usefully signed with a public key. Second, the X.509 definition is weak regarding whether an end entity may or may not use the private key to sign a certificate, i.e., whether the subject may be a CA. The intent of X.509’s authors was that an end entity certificate is not valid for use in verifying a signature on an X.509 certificate or X.509 CRL. Thus, it would have been better for the X.509 definition to have said “only for purposes other than signing certificates”.
(C) Despite the problems in the X.509 definition, the term itself is useful in describing applications of asymmetric cryptography. The way the term is used in X.509 implies that it was meant to be defined, as we have done here, relative to roles that an entity (which is associated with an OSI end system) is playing or is permitted to play in applications of asymmetric cryptography other than the PKI that supports applications.
(C) Whether a subject can play both CA and non-CA roles, with either the same or different certificates, is a matter of policy. (See: certification practice statement.) A v3 X.509 public-key certificate may have a basicConstraints extension containing a cA value that specifically “indicates whether or not the public key may be used to verify certificate signatures”.
- end-point products n.
SCA ISCTAG (2007)
As defined in NIST SP 800-73, products that employ a unified card edge interface that is technology independent and compliant with current international standards.
- end system n. 
RFC 2828 (2000)
(I) An OSI term for a computer that implements all seven layers of the OSIRM and may attach to a subnetwork. (In the context of the Internet Protocol Suite, usually called a host.)
- end-to-end encryption n. 
RFC 2828 (2000)
(I) Continuous protection of data that flows between two points in a network, provided by encrypting data when it leaves its source, leaving it encrypted while it passes through any intermediate computers (such as routers), and decrypting only when the data arrives at the intended destination. (See: link encryption, wiretapping.)
(C) When two points are separated by multiple communication links that are connected by one or more intermediate relays, end-to-end encryption enables the source and destination systems to protect their communications without depending on the intermediate systems to provide the protection.
NIST IR 7298 (2006)
SP 800-12
Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible.
- end user n. 
Compare: user.
iAfB-ICSA 1999
A person who interacts with a biometric system to enrol or have his/her identity checked.
A biometric capture subject in the first case (“to enrol”); a biometric data subject in the second (“to have his/her identity checked”).
RFC 2828 (2000)
(I) general usage: A system entity, usually a human individual, that makes use of system resources, primarily for application purposes as opposed to system management purposes.
(I) PKI usage: A synonym for end entity; but the term end entity is preferred.
OASIS SAML 2.0 (2005)
A natural person who makes use of resources for application purposes (as opposed to system management purposes; see administrator, user).
JTC 1/SC 37 (2006⇒2008)
end user (deprecated)
Note: “End user” suggests active involvement and could be confused with biometric system owner, biometric system operator, administrator, biometric subject [either a biometric capture subject or a biometric data subject].
- end user adaptation n. 
iAfB-ICSA 1999
The process of adjustment whereby a participant in a test becomes familiar with what is required and alters their responses accordingly.
- enrol, - enroll vb. 
JTC 1/SC 37 (2006⇒2008)
enrol
Create and store, for an individual, an enrolment data record associated with an individual and including biometric reference(s) and, typically, non-biometric data in accordance with an enrolment policy.
- enrolee, - enrollee n. 
iAfB-ICSA 1999
enrolee
A person who has a biometric reference template on file.
BEM 2002
enrolee
A user with a stored biometric reference template on file.
JTC 1/SC 37 (2006⇒2008)
biometric enrollee
Biometric data subject whose biometric data is held in a biometric enrolment database.
- enrollment, - enrolment n. 
iAfB-ICSA 1999
The process of collecting biometric samples from a person and the subsequent preparation and storage of biometric reference templates representing that person’s identity.
BEM 2002
The process of collecting biometric sample(s) from a person, and the subsequent preparation and storage of reference template(s) and associated data representing that person’s identity.
IBG
The process whereby a user’s initial biometric sample or samples are collected, assessed, processed, and stored for ongoing use in a biometric system. Enrollment takes place in both 1:1 [verification] and 1:N [identification] systems. If users are experiencing problems with a biometric system, they may need to re-enroll to gather higher quality data.
A biometric system will always collect, assess, and process samples, but many biometric systems do not store samples! See: biometric reference.
modonisIDM (2005)
Definition: An enrolment is synonymous with a registration.
But see the following JTC 1/SC 37 definition!
JTC 1/SC 37 (2006⇒2008)
enrolment; registration (deprecated)
The action of enrolling or being enrolled.
SCA ISCTAG (2007)
The process of entering the appropriate identity data for an individual into a system and associating the identity with the privileges being granted by the system.
Note that this definition is more general than those above, in which the ambit is restricted to biometric systems.
- enrollment data record, - enrolment data record n. 
See: biometric enrolment data record.
- enrollment database, - enrolment database n. 
See: biometric enrolment database.
- enrollment time, - enrolment time n. 
iAfB-ICSA 1999
The time period a person must spend to have his/her biometric reference template successfully created.
- enterprise single sign-on (ESSO) n.
SCA ISCTAG (2007)
A system designed to minimize the number of times that a user must type their ID and password to sign into multiple applications. The ESSO solution automatically logs users in and acts as a password filler where automatic login is not possible. Each client is typically given a token that handles the authentication; in other ESSO solutions each client has ESSO software stored on their computer to handle the authentication. An ESSO authentication server is also typically implemented into the enterprise network.
Token-less ESSO is actually rather more common.
- entitlement n. 
See: rule.
- entity n. 
RFC 2828 (2000)
system entity
(I) An active element of a system – e.g., an automated process, a subsystem, a person or group of persons – that incorporates a specific set of capabilities.
OASIS SAML 2.0 (2005)
system entity
An active element of a computer/network system. For example, an automated process or set of processes, a subsystem, a person or group of persons that incorporates a distinct set of functionality. [RFC2828] [SAMLAgree]
modonisIDM (2005)
Definition: An entity is anyone (natural or legal person) or anything that shall be characterised through the measurement of its attributes.
The choice was made to provisionally keep this definition open to any type of person (including legal persons, to facilitate e.g., eProcurement), but also to any other type of entity, such as objects (e.g., computers or other forms of machinery), digital resources or processes (e.g., programmes), as this allows abstraction to the largest common element and thus offers the largest number of applications.
In order for its existence to be acknowledged, an entity needs to have at least one unique identity.
NIST IR 7298 (2006)
SP 800-27A
Either a subject (an active element that operates on information or the system state) or an object (a passive element that contains or receives information).
FIPS 188
An active element in an open system.
FIPS 196
Any participant in an authentication exchange; such a participant may be human or nonhuman, and may take the role of a claimant and/or verifier.
- entity authentication n.
See: authentication.
- entity authentication of A to B n.
SC 27 SD 6 (2002)
ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)
The assurance of the identity of entity A for entity B.
- entrapment n. 
ISO/IEC 2382-8:1998
The deliberate planting of apparent flaws in a data processing system for the purpose of detecting attempted penetrations or for confusing an intruder about which flaws to exploit.
RFC 2828 (2000)
(I) “The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit.” [FP039] (See: honey pot.)
- entropy n. 
NIST SP 800-63-1 DRAFT (2008)
entropy
A measure of the amount of uncertainty that an attacker faces to determine the value of a secret. Entropy is usually stated in bits. See Appendix A.
guessing entropy
A measure of the difficulty that an attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution. See Appendix A.
- entry label n.
SC 27 SD 6 (2002)
ISO/IEC 15292: 2001
The naming information that identifies a registered PP or package uniquely.
- environment n. 
OASIS XACML 2.0 (2005)
The set of attributes that are relevant to an authorization decision and are independent of a particular subject, resource or action.
NIST IR 7298 (2006)
FIPS 200; CNSSI-4009
Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system.
- ePassport n.
SCA ISCTAG (2007)
A travel document that contains an integrated circuit chip based on international standard ISO/IEC 14443 and that can securely store and communicate the ePassport holder’s personal information to authorized reading devices.
- EPC n.
See: Electronic Product Code.
- EPC Generation 2 (EPC Gen 2) n.
SCA ISCTAG (2007)
The specification developed by EPCglobal for the second-generation RFID air-interface protocol. EPC Gen 2 was developed to support supply chain applications (e.g., tracking inventory). The current ratified standard operates in the ultra-high-frequency (UHF) range (860-960 MHz), supports operation at long distances (e.g., 25-30 feet), and has minimal support for security (e.g., static passwords to access or kill information on the RFID device).
- EPCglobal n.
SCA ISCTAG (2007)
The not-for-profit organization establishing and supporting “the EPCglobal Network™ as the global standard for real-time, automatic identification of information in the supply chain of any company, anywhere in the world” and “leading the development of industry-driven standards for the Electronic Product Code™ (EPC) to support the use of Radio Frequency Identification (RFID) in today’s fast-moving, information rich, trading networks.” Additional information can be found at EPCglobal Homepage .
- ephemeral key n. 
RFC 2828 (2000)
(I) A public key or a private key that is relatively short-lived. (See: session key.)
NIST IR 7298 (2006)
SP 800-57
ephemeral keys
Short-lived cryptographic keys that are statistically unique to each execution of a key establishment process and meets other requirements of the key type (e.g., unique to each message or session).
- EPL n. 
See: evaluated products list
- equal error rate n. 
iAfB-ICSA 1999
The error rate occurring when the decision threshold of a biometric system is set so that the proportion of false rejections will be approximately equal to the proportion of false acceptances. A synonym is crossover rate.
- error detection code n. 
RFC 2828 (2000)
(I) A checksum designed to detect, but not correct, accidental (i.e., unintentional) changes in data.
NIST IR 7298 (2006)
FIPS 140-2
A code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data.
- escrow n. 
NIST IR 7298 (2006)
FIPS 185
Something (e.g., a document, an encryption key) that is "delivered to a third person to be given to the grantee only upon the fulfillment of a condition."
- Escrowed Encryption Standard (EES) n. 
RFC 2828 (2000)
(N) A U.S. Government standard [FP185] that specifies use of a symmetric encryption algorithm (SKIPJACK) and a Law Enforcement Access Field (LEAF) creation method to implement part of a key escrow system that provides for decryption of encrypted telecommunications when interception is lawfully authorized.
(C) Both SKIPJACK and the LEAF are to be implemented in equipment used to encrypt and decrypt unclassified, sensitive telecommunications data.
- ESM n. 
See: external security manager.
- ESP n. 
See: Encapsulating Security Payload.
- Estelle n. 
RFC 2828 (2000)
(N) A language (ISO 9074-1989) for formal specification of computer network protocols.
- ETS
See: electronic trust service.
- ETSP
See: electronic trust service provider.
- Europay MasterCard Visa (EMV) n.
SCA ISCTAG (2007)
Specifications developed by Europay, MasterCard and Visa that define a set of requirements to ensure interoperability between payment chip cards and terminals.
- evaluated products list (EPL) n. 
RFC 2828 (2000)
(O) general usage: A list of information system equipment items that have been evaluated against, and found to be compliant with, a particular set of criteria.
(O) U.S. Department of Defense usage: The Evaluated Products List (http://www.radium.ncsc.mil/tpep/epl/) contains items that have been evaluated against the TCSEC by the NCSC, or against the Common Criteria by the NCSC or one of its partner agencies in another county. The List forms Chapter 4 of NSA’s Information Systems Security Products and Services Catalogue.
- evaluated system n. 
RFC 2828 (2000)
(I) Refers to a system that has been evaluated against security criteria such as the TCSEC or the Common Criteria.
- evaluation n.
SC 27 SD 6 (2002)
ISO/IEC 15408-1: 1999
Assessment of a PP, an ST or a TOE, against defined criteria.
ISO/IEC WD 15443-1 (11/2001)
Assessment of a deliverable against defined criteria.
- evaluation assurance level (EAL) n.
SC 27 SD 6 (2002)
ISO/IEC 15408-1: 1999
A package consisting of assurance components from Part 3 that represents a point on the CC predefined assurance scale.
- evaluation authority n.
SC 27 SD 6 (2002)
ISO/IEC 15408-1: 1999
A body that implements the CC for a specific community by means of an evaluation scheme and thereby sets the standards and monitors the quality of evaluations conducted by bodies within that community.
- evaluation pass statement n.
SC 27 SD 6 (2002)
ISO/IEC 15292: 2001
A statement issued by an organisation that performs evaluations against ISO/IEC 15408 confirming that a PP has successfully passed assessment against the evaluation criteria given in clause 4 of Part 3 of that International Standard.
- evaluation scheme n.
SC 27 SD 6 (2002)
ISO/IEC 15408-1: 1999
The administrative and regulatory framework under which the CC is applied by an evaluation authority within a specific community.
- event n.
SC 27 SD 6 (2002)
ISO/IEC DTR 15947 (10/2001)
An occurrence of some specific data, situation or activity.
NIST IR 7298 (2006)
SP 800-61
Any observable occurrence in a network or system.
- evidence n.
SC 27 SD 6 (2002)
ISO/IEC WD 13888-1 (11/2001)
Information that either by itself or when used in conjunction with other information is used to establish proof about an event or action. Note: Evidence does not necessarily prove truth or existence of something (see proof) but contributes to establish proof.
- evidence requester n.
SC 27 SD 6 (2002)
ISO/IEC WD 13888-1 (11/2001)
An entity requesting an evidence to be generated either by another entity or by a trusted third party.
- evidence subject n.
SC 27 SD 6 (2002)
ISO/IEC WD 13888-1 (11/2001)
The entity responsible for the action, or associated with the event, with regard to which evidence is generated.
- examination n. 
NIST IR 7298 (2006)
SP 800-72
A technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data.
- exchange multiplicity parameter n.
SC 27 SD 6 (2002)
ISO/IEC 9798-5: 1999
Positive integer used to determine how many times the exchange of entity authentication messages shall be performed in one instance of the authentication mechanism.
- excite field n.
SCA ISCTAG (2007)
The RF field or electromagnetic field constantly transmitted by a contactless door reader. When a contactless card is within range of the excite field, the internal antenna on the card converts the field energy into electricity that powers the chip. The chip then uses the antenna to transmit data to the reader.
- exclude vb. 
See: thresholding.
- exculpatory evidence n. 
NIST IR 7298 (2006)
SP 800-72
Evidence that tends to decrease the likelihood of fault or guilt.
- executive agency n. 
NIST IR 7298 (2006)
SP 800-53; FIPS 200; FIPS 199; 41 U.S.C., Sec. 403
An executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned Government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.
- exhaustive attack n. 
See: brute force.
- expire n. 
See: certificate expiration.
- explicit key authentication from A to B n.
SC 27 SD 6 (2002)
The assurance for entity B that A is the only other entity that is in possession of the correct key. Note: Implicit key authentication from A to B and key confirmation from A to B together imply explicit key authentication from A to B. [ISO/IEC 11770-3: 1999, ISO/IEC FDIS 15946-3 (02/2001)] (“…imply explicit…”?)
- exploit n.
SC 27 SD 6 (2002)
ISO/IEC DTR 15947 (10/2001)
A defined way to breach the security of an IT system through a vulnerability.
- exploit code n. 
NIST IR 7298 (2006)
SP 800-40 Ver 2
A program that allows attackers to automatically break into a system.
- exposure n. 
ISO/IEC 2382-8:1998
The possibility that a particular attack will exploit a particular vulnerability of a data processing system.
RFC 2828 (2000)
See: (secondary definition under) threat consequence.
- eXtensible Access Control Markup Language (XACML) n. 
An XML schema for an extensible access-control policy language, developed by the OASIS eXtensible Access Control Markup Language (XACML) Technical Committee (TC).
See: OASIS XACML TC externalLink
- Extensible Authentication Protocol (EAP) n. 
RFC 2828 (2000)
(I) A framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences. [R2284]
(C) This protocol is intended for use primarily by a host or router that connects to a PPP network server via switched circuits or dial-up lines.
- eXtensible Markup Language (XML) n. 
OASIS SAML 2.0 (2005)
Extensible Markup Language, abbreviated XML, describes a class of data objects called XML documents and partially describes the behavior of computer programs which process them. [XML]
NIST SP 800-63-1 DRAFT (2008)
Extensible Markup Language, abbreviated XML, describes a class of data objects called XML documents and partially describes the behavior of computer programs which process them.
- extension n. 
RFC 2828 (2000)
(I) A data item defined for optional inclusion in a v3 X.509 public-key certificate or a v2 X.509 CRL.
(C) The formats defined in X.509 can be extended to provide methods for associating additional attributes with subjects and public keys and for managing a certification hierarchy:
  • certificate extension: X.509 defines standard extensions that may be included in v3 certificates to provide additional key and security policy information, subject and issuer attributes, and certification path constraints.
  • CRL extension: X.509 defines extensions that may be included in v2 CRLs to provide additional issuer key and name information, revocation reasons and constraints, and information about distribution points and delta CRLs.
  • private extension: Additional extensions, each named by an OID, can be locally defined as needed by applications or communities. (See: PKIX private extension, SET private extension .)
SC 27 SD 6 (2002)
ISO/IEC 15408-1: 1999
The addition to an ST or PP of functional requirements not contained in Part 2 and/or assurance requirements not contained in Part 3 of the CC.
- external IT entity n.
SC 27 SD 6 (2002)
ISO/IEC 15408-1: 1999
Any IT product or system, untrusted or trusted, outside of the TOE that interacts with the TOE.
- external security manager (ESM) n. 
A generic term for a guest access control service for IBM operating systems, such as RACF for z/OS. (See: External Security Managers for z/OS.)
- extra sector n. 
ISO/IEC 2382-8:1998
A sector that is written on a track in excess of the standard number of sectors, as part of a method of copy protection.
- extra track n. 
ISO/IEC 2382-8:1998
A track that is written on a disk in excess of the standard number of tracks, as part of a method of copy protection.
- extract vb., - extraction n. 
See: feature extraction.
- extranet n. 
RFC 2828 (2000)
(I) A computer network that an organization uses to carry application data traffic between the organization and its business partners. (See: intranet.)
(C) An extranet can be implemented securely, either on the Internet or using Internet technology, by constructing the extranet as a VPN.
The originals sources of these definitions may be protected by copyright. The definitions are republished here for review and commentary.
Copyleft & Creative Commons (cc) 2000–2008 Ant: This XHTML encoding and antnotations are dual-licensed under both ―
GFDL The GNU Free Documentation License   Creative Commons License A Creative Commons Attribution-Noncommercial-Share Alike 3.0 License
URL http://homepage.mac.com/antallan/giste.html History Last updated Thursday 11 December 2008

Made on a MacBuilt with BBEdit In Association with Amazon.co.uk Valid XHTML 1.0! Valid CSS!