Select Committee on Trade and Industry Seventh Report


Glossary of Terms

A set of information which unambiguously names or identifies the owner of an electronic signature; contains the owner's public key; identifies the certification authority issuing the information; and is digitally signed by the certification authority issuing the certificate
Certification Authority (CA) An organisation which identifies digital identities by providing a trustworthy link between a real person or organisation and a digital public key
Cryptography The techniques of the principles, means and methods for rendering plaintext unintelligible and for converting encrypted messages into intelligible form. Cryptography can be used to facilitate the confidentiality of electronic messages and to create digital signatures
Digital Signature A technique or procedure for the sender of a message to attach additional data to that message which forms a unique and unforgeable identifier of the sender and the message
Electronic Data Interchange - a well-established form of electronic commerce characterised by a pre-existing contract which allows the computers of participating merchants and suppliers to conclude transactions
Electronic Signature Covers any means of signing documents electronically. Examples of electronic signatures include a scanned image of a handwritten signature; a signature created by an electronic "pen" by "writing" on a computer screen; and a digital signature (see above)
Encryption The transformation of data to an unintelligible form in such a way that the original data either cannot be obtained (one-way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption)
Key Escrow Procedure under which keys for cryptographic systems are registered with government appointed agencies and can be accessible by law enforcement agencies on production of a warrant
Key Generation In public key cryptography, the mathematical process by which a key "pair" - the public verification key and the private signing key - are created. One controversy is whether key pairs should only ever be generated by the person who will be using them or if they can be created as part of a third-party service
Key Length The size of a key and measure of its strength. In simplistic terms a 40/384-bit secret/public key system may be classified as weak, a 56/512-bit system as borderline: and an 80/1024-bit system as strong
Key Recovery The procedure by which the owner of a private key can retrieve that key when it has been lost. May be facilitated by a key recovery agent
Private Key Encryption A method of encryption in which the same key is used to encrypt and decrypt. Sometimes referred to as symmetric key cryptography
Public Key Encryption A method of encryption in which different keys are used to encrypt and decrypt. Sometimes referred to as asymmetric key cryptography
Rebuttable Presumption Term referring to a signature (or document) which for most ordinary purposes can be regarded as reliable unless there are obvious contradictory circumstances
Session Key In many forms of secure transaction, a key is generated for one-time use and is then abandoned, giving a very high degree of assurance. The result is known as a session key
SpamUnsolicited "junk" e-mail
Steganography The concealment of the existence of messages. This can take the form of hiding text within a picture or within a word processing file the contents of part of which are concealed (and see footnote)
Trusted Service Provider (TSP) Umbrella term to cover anyone who might offer cryptographic services, whether for authentication or confidentiality
Trusted Third Party (TTP) A term used to refer to organisations which offer a wide range of cryptographic services. Used in this Report to cover organisations which offer confidentiality services including key recovery and key escrow (see above)

previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries

© Parliamentary copyright 1999
Prepared 18 May 1999