Too Cool for Internet Explorer

GIST v0.7 ― V
“v1 certificate” to “VulnXML”

V

- v1 certificate n. 
RFC 2828 (2000)
(C) Ambiguously refers to either an X.509 public-key certificate in its version 1 format, or an X.509 attribute certificate in its version 1 format. However, many people who use this term are not aware that X.509 specifies attribute certificates that do not contain a public key. Therefore, ISDs MAY use this term as an abbreviation for version 1 X.509 public-key certificate, but only after using the full term at the first instance.
(D) ISDs SHOULD NOT use this term as an abbreviation for version 1 X.509 attribute certificate.
- v1 CRL n. 
RFC 2828 (2000)
(I) An abbreviation for X.509 CRL in version 1 format.
(C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation.
- v2 certificate n. 
RFC 2828 (2000)
(I) An abbreviation for X.509 public-key certificate in version 2 format.
(C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation.
- v2 CRL n. 
RFC 2828 (2000)
(I) An abbreviation for X.509 CRL in version 2 format.
(C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation.
- v3 certificate n. 
RFC 2828 (2000)
(I) An abbreviation for X.509 public-key certificate in version 3 format.
(C) ISDs should use this abbreviation only after using the full term at its first occurrence and defining the abbreviation.
- vaccine program n. 
ISO/IEC 2382-8:1998
A synonym for anti-virus program.
- valid certificate n. 
RFC 2828 (2000)
(I) A digital certificate for which the binding of the data items can be trusted; one that can be validated successfully. (See: (usage note under) validate.)
- valid data element n. 
NIST IR 7298 (2006)
SP 800-38C
A payload, an associated data string, or a nonce that satisfies the restrictions of the formatting function.
- valid signature n. 
RFC 2828 (2000)
(D) ISDs SHOULD NOT use this term; instead, use authentic signature. This Glossary recommends saying “validate the certificate” and “verify the signature”; therefore, it would be inconsistent to say that a signature is valid. (See: (usage note under) validate.)
- validate n. 
RFC 2828 (2000)
(I) To establish the soundness or correctness of a construct. (e.g., see: certificate validation.) Compare with verify.
(C) Usage note
  • The PKI community uses words inconsistently when describing what a certificate user does to make certain that a digital certificate can be trusted. Usually, we say “verify the signature” but say “validate the certificate”; i.e., we verify atomic truths but validate data structures, relationships, and systems that are composed of or depend on verified items. Too often, however, verify and validate are used interchangeably. ISDs SHOULD comply with the definitions of validate and verify in this Glossary to ensure consistency and to align Internet security terminology with ordinary English.
  • The rationale for this definition and usage of validate is that valid derives from a word that means strong in Latin. Thus, to validate means to make sure that a construction is sound. A certificate user validates a public-key certificate to establish trust in the binding that the certificate asserts between an identity and a key. (To validate can also mean to officially approve something; e.g., NIST validates cryptographic modules for conformance with FIPS PUB 140-1.)
  • The rationale for this Glossary’s definition and usage of verify is that verify derives from a word that means true in Latin. Thus, to verify means to prove the truth of an assertion by examining evidence or performing tests. To verify an identity, an authentication process examines identification information that is presented or generated. To validate a certificate, a certificate user verifies the digital signature on the certificate by performing calculations; verifies that the current time is within the certificate’s validity period; and may need to validate a certification path involving additional certificates.
- validation n. 
iAfB-ICSA 1999
The process of demonstrating that the system under consideration meets in all respects the specification of that system.
See: validate.
NIST IR 7298 (2006)
FIPS 201; INCITS/M1-040211
The process of demonstrating that the system under consideration meets in all respects the specification of that system.
SCA ISCTAG (2007)
The process of demonstrating that the system under consideration meets in all respects the specification of that system.
JTC 1/SC 37 (2008)
Process of checking or proving the validity.
Note 1: This is a particular definition from the Oxford dictionary which is most representative of the use of the term within biometrics.
Note 2: Valid (adj.): actually supporting the intended point or claim (Oxford dictionary).
- validity period n. 
RFC 2828 (2000)
(I) A data item in a digital certificate that specifies the time period for which the binding between data items (especially between the subject name and the public key value in a public-key certificate) is valid, except if the certificate appears on a CRL or the key appears on a CKL.
- valley n. 
iAfB-ICSA 1999
The corresponding marks found on either side of a finger image ridge.
- value-added network (VAN) n. 
RFC 2828 (2000)
(I) A computer network or subnetwork (which is usually a commercial enterprise) that transmits, receives, and stores EDI transactions on behalf of its customers.
(C) A VAN may also provide additional services, ranging from EDI format translation, to EDI-to-FAX conversion, to integrated business systems.
- VAN n. 
See: value-added network.
- verification n. 
ISO/IEC 2382-8:1998
verification
Comparing an activity, a process, or product with the corresponding requirements or specifications. Example: Comparing of a specification with a security policy model or comparing object code with source code.
RFC 2828 (2000)
1. (?) system verification
The process of comparing two levels of system specification for proper correspondence, such as comparing a security policy with a top-level specification, a top-level specification with source code, or source code with object code. [NCS04]
2. (?) identification verification
Presenting information to establish the truth of a claimed identity. (See: authentication.)
SCA ISCTAG (2007)
The process by which the question “is this person who the person claims to be?” is answered. This function requires a one-to-one match between presented identity information and identity information that is known to a system. See identity verification.
IAEG LIAF (2008)
Establishment of the truth or correctness of something by investigation of evidence.
See also: biometric verification; identity verification.
- verification attempt n.
JTC 1/SC 37 (2008)
Biometric claim and capture attempt(s) that together provide the inputs for biometric comparison(s).
- verification function n.
SC 27 SD 6 (2002)
ISO/IEC 9796-3: 2000, ISO/IEC 14888-1: 1998
A function in the verification process which is determined by the verification key and which gives a recomputed value of the witness as output.
- verification key n.
SC 27 SD 6 (2002)
ISO/IEC WD 13888-1 (11/2001)
A value required to verify a cryptographic check value.
ISO/IEC 9796-3: 2000, ISO/IEC 14888-1: 1998, ISO/IEC FDIS 15946-2 (04/2001), ISO/IEC WD 15946-4 (10/2001)
A data item which is mathematically related to an entity’s signature key and which is used by the verifier in the verification process.
- verification process n.
SC 27 SD 6 (2002)
ISO/IEC 9796-3: 2000, ISO/IEC 14888-1: 1998, ISO/IEC FDIS 15946-2 (04/2001)
A process which takes as input the signed message, the verification key and the domain parameters, and which gives as output the result of the signature verification: valid or invalid.
ISO/IEC CD 15946-4 (12/2000)
A process, which takes as input the signed message, the verification key and the domain parameters, and which gives as its output the recovered message if valid.
- verification transaction n.
JTC 1/SC 37 (2008)
One or more verification attempts resulting in a resolution of the biometric claim.
- verified name n. 
NIST SP 800-63-1 DRAFT (2008)
A subscriber name that has been verified by identity proofing.
- verifier n. 
SC 27 SD 6 (2002)
ISO/IEC WD 13888-1 (11/2001)
An entity that verifies evidence.
ISO/IEC 9798-1: 1997
An entity which is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges.
NIST IR 7298 (2006)
FIPS 196
An entity which is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges.
NIST SP 800-63-1 DRAFT (2008)
An entity that verifies the claimant’s identity by verifying the claimant’s possession of a token using an authentication protocol. To do this, the verifier may also need to validate credentials that link the token and identity and check their status.
- verifier impersonation attack n. 
NIST SP 800-63-1 DRAFT (2008)
An attack A scenario where the attacker impersonates the verifier in an authentication protocol, usually to learn a password capture information that can be used to masquerade as that claimant to the real verifier.
- verify n. 
RFC 2828 (2000)
(I) To test or prove the truth or accuracy of a fact or value. (e.g., see: authenticate.) Compare with (and see usage note under) validate.
JTC 1/SC 37 (2008)
verify (biometrics) – 3.5.13
Confirm a biometric claim through biometric comparisons.
Note 1: Criteria for confirmation will be determined by policy.
Note 2: It is understood that Popperians  argue claims can never be verified, only falsified.
verify – A.2.17
Make sure or demonstrate that something is true, accurate or justified.
Note 1: Definition source: Oxford dictionary.
- vetting n.
SCA ISCTAG (2007)
The process of inspection, evaluation and adjudication of claims ensuring that people are who they claim to be before giving them authorization or rights to do something.
- vicinity card n.
See: ISO/IEC 15693.
- victim n. 
NIST IR 7298 (2006)
SP 800-61
A machine that is attacked.
- violation n. 
See: security violation.
- virtual private network (VPN) n. 
RFC 2828 (2000)
(I) A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network.
(C) For example, if a corporation has LANs at several different sites, each connected to the Internet by a firewall, the corporation could create a VPN by (a) using encrypted tunnels to connect from firewall to firewall across the Internet and (b) not allowing any other traffic through the firewalls. A VPN is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network.
NIST IR 7298 (2006)
SP 800-46
A virtual private network is a logical network that is established, at the application layer of the Open Systems Interconnection (OSI) model, over an existing physical network and typically does not include every node present on the physical network.
- virus n. 
ISO/IEC 2382-8:1998
A program that propagates itself by modifying other programs to include a possibly changed copy of itself and that is executed when the infected program is invoked. Note: A virus often causes damage or annoyance and may be triggered by some event such as the occurrence of a predetermined date.
RFC 2828 (2000)
(I) A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting – i.e., inserting a copy of itself into and becoming part of – another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.
NIST IR 7298 (2006)
SP 800-46
computer virus
A computer virus is similar to a Trojan horse because it is a program that contains hidden code, which usually performs some unwanted function as a side effect. The main difference between a virus and a Trojan horse is that the hidden code in a computer virus can only replicate by attaching a copy of itself to other programs and may also include an additional “payload” that triggers when specific conditions are met.
SP 800-61
A self-replicating program that runs and spreads by modifying other programs or files.
- virus hoax n. 
NIST IR 7298 (2006)
SP 800-61
An urgent warning message about a nonexistent virus.
- virus signature n. 
ISO/IEC 2382-8:1998
A unique bit string that is common to each copy of a particular virus and that may be used by a scanning program to detect the presence of the virus.
- voice print, voiceprint n. 
iAfB-ICSA 1999
A representation of the acoustic information found in the voice of a speaker. (See: speaker verification.)
2001

Passport Girl (TV): Good morning and welcome to Voice Print Identification. When you see the red light go on would you please state in the following order: your desitination, your nationality and your full name. Surname first, Christian name and initial. For example: Moon, American, Smith, John, D. Thank you.

2001: A Space Odyssey (1968), screenplay by Stanley Kubrick and Arthur C. Clarke
- voice verification n. 
See: speaker verification.
- volatile n. 
iAfB-ICSA 1999
The chemical breakdown of body odour. (See: biometric characteristic.)
- VPN n. 
See: virtual private network.
- vulnerability n. 
ISO/IEC 2382-8:1998
Any weakness or flaw in a data processing system. Notes: If a vulnerability corresponds to a threat, a risk exists.
RFC 2828 (2000)
(I) A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
(C) Most systems have vulnerabilities of some sort, but this does not mean that the systems are too flawed to use. Not every threat results in an attack, and not every attack succeeds. Success depends on the degree of vulnerability, the strength of attacks, and the effectiveness of any countermeasures in use. If the attacks needed to exploit a vulnerability are very difficult to carry out, then the vulnerability may be tolerable. If the perceived benefit to an attacker is small, then even an easily exploited vulnerability may be tolerable. However, if the attacks are well understood and easily made, and if the vulnerable system is employed by a wide range of users, then it is likely that there will be enough benefit for someone to make an attack.
BEM 2002
The potential for the function of a biometric system to be compromised by e.g. intention (fraudulent activity); design flaw (including usage error); accident; hardware failure; or external environmental condition.
SC 27 SD 6 (2002)
ISO/IEC PDTR 13335-1 (11/2001)
A weakness of an asset or group of assets which can be exploited by one or more threats.
ISO/IEC DTR 15947 (10/2001)
A weakness that can be exploited by one or more threats.
ISO/IEC 17799: 2000
A weakness of an asset or group of assets which can be exploited by a threat.
NIST IR 7298 (2006)
SP 800-53; FIPS 200; CNSSI-4009 Adapted
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
- vulnerability assessment n. 
NIST IR 7298 (2006)
SP 800-53; CNSSI-4009
Formal description and evaluation of the vulnerabilities in an information system.
- VulnXML n. 
Subsumed within WAS-XML.
The originals sources of these definitions may be protected by copyright. The definitions are republished here for review and commentary.
Copyleft & Creative Commons (cc) 2000–2008 Ant: This XHTML encoding and antnotations are dual-licensed under both ―
GFDL The GNU Free Documentation License   Creative Commons License A Creative Commons Attribution-Noncommercial-Share Alike 3.0 License
URL http://homepage.mac.com/antallan/gistv.html History Last updated Wednesday 10 December 2008

Made on a MacBuilt with BBEdit In Association with Amazon.co.uk Valid XHTML 1.0! Valid CSS!