GIST v0.7 ― N
“n-bit block cipher” to “nym”

N

- n-bit block cipher n.

SC 27 SD 6 (2002)

ISO/IEC 9797-1: 1999, ISO/IEC CD 10116 (12/2001), ISO/IEC 10118-2: 2000), ISO/IEC WD 18033-1 (12/2001)

A block cipher with the property that plaintext blocks and ciphertext blocks are n bits in length.

- name qualifier n. 

OASIS SAML 2.0 (2005)

A string that disambiguates an identifier that may be used in more than one namespace (in the federated sense) to represent different principals.

- named attribute n. 

OASIS XACML 2.0 (2005)

A specific instance of an attribute, determined by the attribute name and type, the identity of the attribute holder (which may be of type: subject, resource, action or environment) and (optionally) the identity of the issuing authority.

- namespace n. 

OASIS SAML 2.0 (2005)

This term is used in several senses in SAML:

• (In discussing federated names) A domain in which an identifier is unique in representing a single principal.
• (With respect to authorization decision actions) A URI that identifies the set of action values from which the supplied action comes.
• (In XML) SeeXML namespace.

- naming authority n. 

NIST IR 7298 (2006)

SP 800-32

An organizational entity responsible for assigning distinguished names (DNs) and for assuring that each DN is meaningful and unique within its domain.

- National Computer Security Center (NCSC) n. 

RFC 2828 (2000)

(N) A U.S. Department of Defense organization, housed in NSA, that has responsibility for encouraging widespread availability of trusted computer systems throughout the Federal Government. It has established criteria for, and performs evaluations of, computer and network systems that have a trusted computing base. (See: evaluated products list, Rainbow Series, TCSEC.)

- National Information Assurance Partnership (NIAP) n. 

RFC 2828 (2000)

(N) An organization created by NIST and NSA to enhance the quality of commercial products for information security and increase consumer confidence in those products through objective evaluation and testing methods.

(C) NIAP is registered, through the U.S. Department of Defense, as a National Performance Review Reinvention Laboratory. NIAP functions include the following:

• Developing tests, test methods, and other tools that developers and testing laboratories may use to improve and evaluate security products.
• Collaborating with industry and others on research and testing programs.
• Using the Common Criteria to develop protection profiles and associated test sets for security products and systems.
• Cooperating with the NIST National Voluntary Laboratory Accreditation Program to develop a program to accredit private-sector laboratories for the testing of information security products using the Common Criteria.
• Working to establish a formal, international mutual recognition scheme for a Common Criteria-based evaluation.

NIST IR 7298 (2006)

SP 800-64

A U.S. Government initiative originated to meet the security testing needs of both information technology (IT) consumers and producers. NIAP is a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in fulfilling their respective responsibilities under Public Law (PL) 100-235 (Computer Security Act of 1987). The partnership combines the extensive IT security experience of both agencies to promote the development of technically sound security requirements for IT products and systems and appropriate measures for evaluating those products and systems.

- National Institute of Standards and Technology (NIST) n. 

RFC 2828 (2000)

(N) A U.S. Department of Commerce agency that promotes U.S. economic growth by working with industry to develop and apply technology, measurements, and standards. Has primary Government responsibility for INFOSEC standards for unclassified but sensitive information. (See: ANSI, DES, DSA, DSS, FIPS, NIAP, NSA.)

- National Security Agency (NSA) n. 

RFC 2828 (2000)

(N) A U.S. Department of Defense intelligence agency that has primary Government responsibility for INFOSEC for classified information and for unclassified but sensitive information handled by national security systems. (See: FORTEZZA, KEA, MISSI, NIAP, NIST, SKIPJACK.)

- national security emergency preparedness telecommunications services n. 

NIST IR 7298 (2006)

SP 800-53; 47 C.F.R., Part 64, App A

Telecommunications services that are used to maintain a state of readiness or to respond to and manage any event or crisis (local, national, or international) that causes or could cause injury or harm to the population, damage to or loss of property, or degrade or threaten the national security or emergency preparedness posture of the United States.

- Near Field Communication (NFC) n.

SCA ISCTAG (2007)

A short-range wireless standard (ISO/IEC 18092) that uses magnetic field induction to enable communication between devices when they are brought close together (within 10-20 centimeters or 4-8 inches). NFC technology is compatible with ISO/IEC 14443-based technology.

- needs assessment n. 

NIST IR 7298 (2006)

SP 800-50

(IT security awareness and training): A process that can be used to determine an organization’s awareness and training needs. The results of a needs assessment can provide justification to convince management to allocate adequate resources to meet the identified awareness and training needs.

- need to know n., need-to-know adj. 

ISO/IEC 2382-8:1998

A legitimate requirement of a prospective recipient of data to know, to access, or to possess any sensitive information represented by these data.

RFC 2828 (2000)

(I) The necessity for access to, knowledge of, or possession of specific information required to carry out official duties.

(C) This criterion is used in security procedures that require a custodian of sensitive information, prior to disclosing the information to someone else, to establish that the intended recipient has proper authorization to access the information.

- negative claim n. 

BEM 2002

A claim by a user not to be enrolled in the biometric system. This may be needed to establish that double claims are not being made. Compare: positive claim.

- negative identification n. 

JTC 1/SC 37 (2006⇒2008)

negative identification (deprecated)

Note 1: Use of this term is deprecated to avoid confusion between biometric verification and biometric identification.

Note 2: This term has been used in biometrics to mean biometric verification of a claim to not be the source of any biometric reference in the database.

Note 3: Preferred expression would be a negative identity claim.

- network n. 

See: computer network.

- network-based IDS, - network-based intrusion detection system (NIDS) n. 

See: (secondary definition under) intrusion detection system.

- network weaving n. 

ISO/IEC 2382-8:1998

A penetration technique in which different communication networks are used to gain access to a data processing system to avoid detection and trace-back.

- neural net n., - neural network n. 

iAfB-ICSA 1999

One particular type of algorithm. An artificial neural network uses artificial intelligence to learn by past experience and compute whether a biometric sample and template are a match.

Note: It is the biometric data derived from the sample, not the sample itself, that is directly compared with the (reference) template.

- NFC n.

See: Near Field Communication.

- NIAP n. 

See: National Information Assurance Partnership.

- nibble n.

SC 27 SD 6 (2002)

ISO/IEC FDIS 9796-2 (12/2001)

Block of four consecutive bits (half an octet).

- NIDS n. 

See: (secondary definition under) intrusion detection system.

- NIST n. 

See: National Institute of Standards and Technology.

- NLSP n. 

Network Layer Security Protocol . An OSI protocol (IS0 11577) for end-to-end encryption services at the top of OSI layer 3. NLSP is derived from an SDNS protocol, SP3, but is much more complex.

- no-lone zone n. 

RFC 2828 (2000)

(I) A room or other space to which no person may have unaccompanied access and that, when occupied, is required to be occupied by two or more appropriately authorized persons. (See: dual control.)

- nonce n. 

RFC 2828 (2000)

(I) A random or non-repeating value that is included in data exchanged by a protocol, usually for the purpose of guaranteeing liveness and thus detecting and protecting against replay attacks.

NIST SP 800-63-1 DRAFT (2008)

A value used in security protocols that is never repeated with the same key. For example, challenges used in challenge-response authentication protocols generally must not be repeated until authentication keys are changed, or there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable.

- non-critical adj. 

See: critical (extension of certificate).

- non-match n.

JTC 1/SC 37 (2006⇒2008)

Comparison decision that the probe biometric sample(s) and the biometric reference are not from the same source.

- non-recoverable part n.

SC 27 SD 6 (2002)

ISO/IEC FDIS 9796-2 (12/2001)

Part of the message stored and transmitted along with the signature; empty when message recovery is total.

- non-repudiation n.

SC 27 SD 6 (2002)

ISO/IEC PDTR 13335-1 (11/2001)

The ability to prove an action or event has taken place, so that this event or action cannot be repudiated later.

NIST IR 7298 (2006)

SP 800-53; CNSSI-4009

Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.

SCA ISCTAG (2007)

The ability to ensure and have evidence that a specific action occurred in an electronic transaction (e.g., that a message originator cannot deny sending a message or that a party in a transaction cannot deny the authenticity of their signature).

- non-repudiation exchange n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

A sequence of one or more transfers of non-repudiation information (NRI) for the purpose of non-repudiation.

- non-repudiation information n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

A set of information that may consist of the information about an event or action for which evidence is to be generated and validated, the evidence itself, and the non-repudiation policy in effect.

- non-repudiation of creation n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

This service is intended to protect against an entity’s false denial of having created the content of a message (i.e. being responsible for the content of a message).

ISO/IEC 15945: 2002

Protection against an entity’s false denial of having created the content of a message (i.e., being responsible for the content of a message).

- non-repudiation of delivery (NRD) n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

This service is intended to protect against a recipient’s false denial of having received the message and recognised the content of a message.

- non-repudiation of knowledge n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

This service is intended to protect against a recipient’s false denial of having taken notice of the content of a received message.

- non-repudiation of origin (NRO) n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

This service is intended to protect against the originator’s false denial of having approved the content of a message and of having sent a message.

modonis^IDM (2005)

Definition: Non-repudiation of origin is the ability to prevent an acting entity from denying at a later stage that it performed that specific action.

- non-repudiation of receipt n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

This service is intended to protect against a recipient’s false denial of having received a message.

- non-repudiation of sending n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

This service is intended to protect against the sender’s false denial of having sent a message.

- non-repudiation of submission (NRS) n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

This service is intended to provide evidence that a delivery authority has accepted the message for transmission.

- non-repudiation of transport (NRT) n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

This service is intended to provide evidence for the message originator that a delivery authority has delivered the message to the intended recipient.

- non-repudiation policy n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

A set of criteria for the provision of non-repudiation services. More specifically, a set of rules to be applied for the generation and verification of evidence and for adjudication.

- non-repudiation service n. 

RFC 2828 (2000)

(I) A security service that provide protection against false denial of involvement in a communication. (See: repudiation.)

(C) Non-repudiation service does not and cannot prevent an entity from repudiating a communication. Instead, the service provides evidence that can be stored and later presented to a third party to resolve disputes that arise if and when a communication is repudiated by one of the entities involved. There are two basic kinds of non-repudiation service:

• Non-repudiation with proof of origin provides the recipient of data with evidence that proves the origin of the data, and thus protects the recipient against an attempt by the originator to falsely deny sending the data. This service can be viewed as a stronger version of an data origin authentication service, in that it proves authenticity to a third party. (Compare: non-repudiation of creation, … of origin, … of sending.)
• Non-repudiation with proof of receipt provides the originator of data with evidence that proves the data was received as addressed, and thus protects the originator against an attempt by the recipient to falsely deny receiving the data. (Compare: non-repudiation of delivery, … of knowledge, … of receipt.)

See also: non-repudiation of submission, … of transport.

(C) Phases of a Non-Repudiation Service: Ford [For94, For97] uses the term critical action to refer to the act of communication that is the subject of the service: Phase / Explanation

1. Before the critical action, the service requester asks, either implicitly or explicitly, to have evidence of the action be generated.
2. When the critical action occurs, evidence is generated by a process involving the potential repudiator and possibly also a trusted third party.
3. The evidence is transferred to the requester, or stored by a third party, for later use if needed.
4. The entity that holds the evidence tests to be sure that it will suffice if a dispute arises.
5. The evidence is retained for possible future retrieval and use.
6. In this phase, which occurs only if the critical action is repudiated, the evidence is retrieved from storage, presented, and verified to resolve the dispute.

NIST IR 7298 (2006)

FIPS 191

non-repudiation

Is the security service by which the entities involved in a communication cannot deny having participated. Specifically the sending entity cannot deny having sent a message (non-repudiation with proof of origin) and the receiving entity cannot deny having received a message (non-repudiation with proof of delivery).

Clearly this is a defnition of non-repudiation service, rather than non-repudiation per se…

- non-repudiation token n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

A special type of security token as defined in ISO/IEC 10181-1 consisting of a set of evidence, and, optionally, of additional data.

- no-PIN ORA (NORA) n. 

RFC 2828 (2000)

(O) MISSI usage: An organizational RA that operates in a mode in which the ORA performs no card management functions and, therefore, does not require knowledge of either the SSO PIN or user PIN for an end user’s FORTEZZA PC card.

- NORA n. 

See: no-PIN ORA.

- notarization n. 

ISO/IEC 2382-8:1998

The registration of data with a trusted third party that allows the later assurance of the accuracy of the data’s characteristics such as content, origin, time, and delivery.

RFC 2828 (2000)

(I) Registration of data under the authority or in the care of a trusted third party, thus making it possible to provide subsequent assurance of the accuracy of characteristics claimed for the data, such as content, origin, time, and delivery. [I7498 Part 2] (See: digital notary.)

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

The provision of evidence by a notary about the properties of the entities involved in an action or event, and of the data stored or communicated.

- notarization token n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

A non-repudiation token generated by a notary.

- notary n., - notary authority n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

A trusted third party trusted to provide evidence about the properties of the entities involved and of the data stored or communicated, or to extend the lifetime of an existing token beyond its expiry or beyond subsequent revocation.

- NRD n.

See: non-repudiation of delivery.

- NRD token n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

Non-repudiation of delivery token. A data item which allows the originator to establish non-repudiation of delivery for a message.

- NRO n.

See: non-repudiation of origin.

- NRO token n.

SC 27 SD 6 (2002)

Non-repudiation of origin token. A data item which allows recipients to establish non-repudiation of origin for a message. [ISO/IEC WD 13888-1 (11/2001)]

- NRS n.

See: non-repudiation of submission.

- NRS token n.

SC 27 SD 6 (2002)

Non-repudiation of submission token. A data item which allows either the originator (sender) or the delivery authority to establish non-repudiation of submission for a message having been submitted for transmission. [ISO/IEC WD 13888-1 (11/2001)]

- NRT n.

See: non-repudiation of transport.

- NRT token n.

SC 27 SD 6 (2002)

ISO/IEC WD 13888-1 (11/2001)

Non-repudiation of transport token. A data item which allows either the originator or the delivery authority to establish non-repudiation of transport for a message.

- NULL encryption algorithm n. 

RFC 2828 (2000)

(I) An algorithm [R2410] that does nothing to transform plaintext data; i.e., a no-op. It originated because of IPsec ESP, which always specifies the use of an encryption algorithm to provide confidentiality. The NULL encryption algorithm is a convenient way to represent the option of not applying encryption in ESP (or in any other context where this is needed).

- nym n.

modonis^IDM (2005)

Definition: A nym is synonymous with a pseudonym.