Definitions[edit | edit source]
Biometrics[edit | edit source]
Computer modeling/simulation[edit | edit source]
|“||the process of determining that a model or simulation implementation accurately represents the developer's conceptual description and specifications.||”|
Computer systems[edit | edit source]
Verification is the process of comparing two levels of system specification for proper correspondence (e.g., security policy model with top-level specification, top-level specification with source code, or source code with object code). This process may or may not be automated.
Data[edit | edit source]
|“||the process of checking or testing performance information to assess types of errors, such as errors in keying data.||”|
Digital certificate[edit | edit source]
Before a certification authority can issue a digital certificate to a user, it must verify the user’s identity in accordance with the organization’s preset policies. In some cases, the certification authority is set up to perform the identification and authentication of users by itself, but often this function is delegated to separate entities called registration authorities. A user’s identity is verified through one of two means, based on the level of security that is deemed necessary by the organization.
In the first method, the user would need to appear in person at the registration authority and present identity documents such as a birth certificate or passport. A second, less secure method, involves the confirmation of a shared secret through an online application. For example, the user could verify his identity by confirming something that the agency already knows about him but which is not common knowledge, such as tax return information. After verifying the user's identity, the registration authority creates a unique user name. This unique name, which may include the user's given name, ensures that people who rely on the certificate can distinguish between several individuals with similar given names, much like an e-mail address. The certification authority then creates the certificate that irrevocably links that unique name to the user's public key.
General[edit | edit source]
|“||[c]onfirmation, through the provision of objective evidence, that specified requirements have been fulfilled (e.g., an entity's requirements have been correctly defined, or an entity's attributes have been correctly presented; or a procedure or function performs as intended and leads to the expected outcome).||”|
Software/system[edit | edit source]
|“||[t]he process, using formal methods, of evaluating a system or software component to determine whether it satisfies the requirements imposed at the start of development.||”|
Surveillance[edit | edit source]
|“||[t]he process whereby law enforcement can adequately demonstrate to a judge or jury that the number or other identifier (e.g., telephone number, electronic mail address) targeted for interception corresponds to the person or persons whose communications are being intercepted.||”|