| Term | Synonym | Definition | Comment | Deprecated term |
|---|---|---|---|---|
AD | active directory | Windows OS directory service that facilitates working with interconnected, complex and different network resources in a unified manner | ||
AIA | authority information access | link to the CA certificate of the certificate issuer | ||
ARL | authority revocation list | CRL with revocation information regarding CA certificates | ||
assymetric encryption | public-key cryptography | krypteringssystem där olika nycklar används för kryptering respektive dekryptering | ||
CA | certification authority certificate authority | certifies the ownership of a public key by the named subject of the certificate | In PoSC Net iD, Pointsharp acts as a CA for the issuing of e-identities within the PoSC Net iD. | |
class driver | intermediate driver designed to provide a simple interface between a vendor-written minidriver and the operating system | |||
CP | certificate policy | document that describes the conditions under which a digital certificate may be issued and managed by a CA | State what are the different entities involved in the issuing, their roles, and their duties. | |
CPS | certification practice statement | document from a CA which describes their practice for issuing and managing certificates according to the conditions in a CP | ||
CRL | certificate revocation list | signed list of certificate serial numbers of digital certificates that have been revoked by the issuing CA before their scheduled expiration date and should no longer be trusted | ||
CRL distribution point | CDP | location where revocation list can be retrieved | ||
CRS | certificate request syntax | certificate signing request (also CSR or certification request) is a message sent from an applicant to a registration | ||
DFA | delegated forms authentication | protocol that allows generation and processing of authentication forms, including credential validation, to be delegated to another component | NetScaler delegates its authentication to StoreFront, which then interacts with a third party authentication server or service. | |
| DIGG | Agency for Digital Government Myndigheten för digital förvaltning | Swedish authority responsible for the digitalisation of Sweden to achieve a sustainable welfare society together with the entire public administration | ||
digital certificate | certificate | electronic attachment that allows a person, computer or organization to exchange information securely over computer networks using the public key infrastructure (PKI) | ||
digital signature | digital code, generated and authenticated by public key encryption, which is attached to an electronically transmitted document to verify its contents and the sender’s identity | Somewhat simplified, the digital signature can be considered as an electronic signature. The digital signature is a hash code. | ||
| e-identity | electronic identity eID | a means for people to prove electronically that they are who they say they are and thus gain access to services | digital identity document based on X.509 v3 certificates and the use of private and public keys (PKI) | e-id |
| EUID | European Unique Identifier | identifier that comprises a country code, the register identifier, the registration number, and possibly a verification digit to enable the identification of companies and their branches in EU member states in the Business Registers Interconnection System | ||
FAS | federated authentication service | privileged component designed to integrate with Active Directory Certificate Services by dynamically issuing certificates for users, allowing them to log on to an Active Directory environment as if they had a smart card | This allows StoreFront to use a broader range of authentication options, such as SAML assertions. | |
| GDPR | general data protection regulation | EU privacy and security law to protect the personal data of EU citizens | ||
GUI | graphical user interface | form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, instead of text-based user interfaces, typed command labels or text navigation | ||
| hardware token | small device, such as a smart card or USB flash drive that contains a small amount of storage holding a private key and a certificate | |||
HSM | hardware security module | physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, strong authentication, and other cryptographic functions | ||
IdP | identity provider | system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network | ||
IETF | internet engineering task force | open standards organization, which develops and promotes voluntary Internet standards | ||
| ISMS | information security management system | defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities | ||
| ISO/IEC | international organization for standardization/international electrotechnical commission | technical standards issued by a joint technical committee (JTC) of ISO and IEC. | Its purpose is to develop, maintain and promote standards in the fields of information and communications technology (ICT). | |
| key bearer | smart card, hardware token, mobile app, TPM, or other device used for storage and protection of the private keys of the Subcribers | |||
LoA | identity level of assurance | certainty with which a claim to a particular identity during authentication can be trusted to actually be the claimant's true identity | There are four, 1–4, levels of identity assurance. DIGG defines the levels 2–4 for Sweden. | |
minidriver | hardware-specific DLL that uses a Microsoft-provided class driver to accomplish most actions through function calls, and provides only device-specific controls | |||
NTP | network time protocol | networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks | Used to synchronize the time in the PoSC Net iD. | |
OCSP | online certificate status protocol | internet protocol used to get the revocation status of an X.509 digital certificate | To check that the token is valid and not withdrawn. | |
OID | object identifier | identifier mechanism standardized by the International Telecommunications Union (ITU) and ISO/IEC for naming any object, concept, or "thing" with a globally unambiguous persistent name | ||
OTP | one time password | password that is valid for only one login session or transaction, on a computer system or other digital device | ||
PIN | personal identification number | numeric passcode used by the subscriber to unlock the use of the private key within a token for the purpose of authentication, signing, or encryption | ||
PKCS #7 | public key cryptography standard #7 | standard that signs and encrypts messages under a PKI | Often used for single sign-on. | |
PKI | public key infrastructure | set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption | PKI allows users of the internet and other public networks to engage in secure communication, data exchange, and money exchange through public and private cryptographic key pairs provided by a certificate authority. | |
Pointsharp eID | -subscriber certificate issued by PoSC Net iD | |||
| PoSC ID | internal identification number created by the PoSC Net iD service and added to the subscriber certificate | |||
| private key | digital cryptographic key that is used in pair with a public key in a PKI for | |||
| PsPT | Pointsharp service Policy Team | entity at Pointsharp responsible for the regulatory frameworks of the PoSC Net iD and to uphold the compliance to the frameworks at Pointsharp, subcontractors, and RAs | ||
| public key | digital cryptographic key that is used in pair with a private key in a PKI to prove the possession of the private key | |||
PUK | personal unblocking key | code used to reset a PIN that has been lost or forgotten | ||
RA | registration authority | authority in a network that verifies user requests for a digital certificate and tells the certificate authority to issue it | RA is responsible for the following certification functions:
Refers to customer organizations that perform enrollment procedures for subscriber certificate applications within their RA domain. RAs operate under the terms and conditions of the customer agreement and this CP and CPS, | |
RA officer | individual at an RA that administers subscribers, key bearers, and certificates | |||
relying party | RA organization with a valid customer agreement for the PoSC Net iD, or any other organization, person, application, or device that uses subscriber certificates issued by PoSC Net iD | |||
| security incident | event that may indicate that an organization's systems or data have been compromised or that measures put in place to protect them have failed | |||
separation of duties | segregation of duties SOD multi-person control duality | internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task | At least two people are required to perform the action. This is for security reasons. Separation of duties may be enforced electronically or by manual procedures or both. Sensitive tasks require the collaboration of multiple persons in Trusted roles. At least the tasks will only be allowed to be performed with multi-person control ("n" out of "m"), where "n" needs to be at least 2 persons. | |
Service RA | PoSC Net iD RA | central RA function within PoSC Net iD | Operated by Pointsharp. | |
| sign-up preparation form | document given to new customers asking for necessary information so that Pointsharp can register and validate the customer | |||
smart card | chip card integrated circuit card (ICC) | card with a built-in microprocessor that can be used to protect private keys of a subscriber | ||
smart card reader | card reader | device used for communication with a smart card or a memory card | ||
SMS | short message service | text messaging service component of most telephone, internet, and mobile-device systems | ||
soft token | software token | two-factor authentication security device that may be used to authorize the use of computer services | ||
SPAR | statens personadressregister | Swedish tax authority’s national register of citizens and other residents with a Swedish personal identification number or a Swedish coordination number | ||
SSO | single sign-on | authentication process that allows a user to access multiple applications with one set of login credentials | ||
subscriber | end-user | individual applying for or using an e-identity (certificate) | ||
| subscriber agreement | subscriber terms and conditions | terms and conditions for the use of an e-identity | ||
symmetric encryption | encryption where the same encryption key is used both to encrypt and decrypt data | |||
| trusted certificate | ||||
UPS | uninterruptible power supply | electrical apparatus that provides emergency power to a load when the input power source or mains power fails | ||
| USB Token | a USB hardware with a built-in smart card | |||
| VAT identification number | value added tax identification number | individual number given to each taxable person intending to make supplies of goods or services, or to make acquisitions of goods for business purposes, each number having a prefix of two letters by which the Member State of issue is identified | ||
WSDL | web services description language | XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information | The operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint. Related concrete endpoints are combined into abstract endpoints (services). WSDL is extensible to allow description of endpoints and their messages regardless of what message formats or network protocols are used to communicate. However, the only bindings described in this document describe how to use WSDL in conjunction with SOAP 1.1, HTTP GET/POST, and MIME. | |
YubiKey | hardware token from Yubico | The part used for the e-identity is based on PIV standards. |