Electronic funds transfer (EFT) system

Customers paying their bills electronically through electronic funds transfers from banks to credit card companies and others.

Electronic mail header

The section of an e-mail message that contains vital information about the message, including origination date, sender, recipient(s), delivery path, subject, and format information. The header is generally left in clear text even when the body of the e-mail message is encrypted. The body contains the actual message.

Electronic serial number (ESN)

(1) A number encoded in each cellular phone that uniquely identifies each cellular telephone manufactured. (2) A unique 32-bit number programmed into code division multiple access (CDMA) phones when they are manufactured.

Electronic signature

A method of signing an electronic message that (1) identifies and authenticates a particular person as the source of the electronic message and (2) indicates such person’s approval of the information contained in the electronic message.

Electronic surveillance

The acquisition of a non-public communication by electronic means without the consent of a person who is a party to an electronic communication. It does not include the use of radio direction-finding equipment solely to determine the location of a transmitter.

Electronic vaulting

A system is connected to an electronic vaulting provider to allow file/program backups to be created automatically at offsite storage. Electronic vaulting and remote journaling require a dedicated off-site location (e.g., hot site or offsite storage site) to receive the transmissions and a connection with limited bandwidth.

Elliptic curve DH (ECDH)

Elliptic curve Diffie-Hellman (ECDH) algorithm is used to support key establishment.

Elliptic curve digital signature algorithm (ECDSA)

A digital signature algorithm that is an analog of digital signature algorithm (DSA) using elliptic curve mathematics.

Emanation attack

An intelligence-bearing signal, which, if intercepted and analyzed, potentially discloses the information that is transmitted, received, handled, or otherwise processed by any information-processing equipment. A low signal-to-noise ratio at the receiver is preferred to prevent emanation attack. Techniques such as control zones and white noise can be used to protect against emanation attacks.

Emanation hardware

An electronic signal emitted by a hardware device not explicitly allowed by its specification.

Emanations security

Protection resulting from measures taken to deny unauthorized individuals using information derived from intercept and analysis of compromising emissions from crypto-equipment or an information system.

Embedded system

An embedded system that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem (e.g., flight simulators).

Emergency response

Immediate action taken upon occurrence of events such as natural disasters, fire, civil disruption, and bomb threats in order to protect lives, limit the damage to property, and minimize the impact on computer operations.

Emergency response time (EMRT)

The time required for any computer resource to be recovered from disruptive events. It is the time required to reestablish an activity from an emergency or degraded mode to a normal mode. EMRT is also called time-to-recover (TTR).

Emissions security

The protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from intercept and from an analysis of compromising emanations from crypto-equipment, computer systems, and telecommunications systems.

Encapsulating security payload (ESP)

An IPsec message header designed to provide a mix of security services, including confidentiality, data origin authentication, connectionless integrity, anti-replay service, and limited traffic flow confidentiality.

Encapsulating security payload (ESP) protocol

IPsec security protocol that can provide encryption and/or integrity protection for packet headers and data.

Encapsulation

(1) The principle of structuring hardware and software components such that the interface between components is clean and well-defined and that exposed means of input, output, and control other than those that exist in the interface do not exist. (2) The packaging of data and procedures into a single programmatic structure. In object-oriented programming languages, encapsulation means that an object’s data structures are hidden from outside sources and are accessible only through the object’s protocol.

Enclave

A collection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location.

Enclave boundary

It is a point at which an enclave’s internal network service layer connected to an external network’s service layer (i.e., to another enclave or to a wide-area network).

Encrypt

(1) To convert plaintext into ciphertext, unintelligible forms, through the use of a cryptographic algorithm. (2) A generic term encompassing encipher and encode.

Encrypted cookies

Some websites create encrypted cookies to protect the data from unauthorized access.

Encrypted file system (EFS)

In an encrypted file system (EFS), keys are used to encrypt a file or group of files. It can either encrypt each file with a distinct symmetric key or encrypt a set of files using the same symmetric key. The symmetric keys can be generated from a password using public key cryptography standard (PKCS) and protected with trusted platform module (TPM) chip through its key cache management. EFS, which is based on public-key encryption, integrates tightly with the public key infrastructure (PKI) features that have been incorporated into Windows XP. The actual logic that performs the encryption is a system service that cannot be shut down. This program feature is designed to prevent unauthorized access, but has an added benefit of rendering the encryption process completely transparent to the user. Each file that a user may encrypt is encrypted using a randomly generated file encryption key (FEK).

Encrypted key (ciphertext key)

A cryptographic key that has been encrypted using an approved security function with a key encrypting key, a PIN, or a password to disguise the value of the underlying plaintext key.

Encrypted network

A network on which messages are encrypted (e.g., using DES, AES, or other appropriate algorithms) to prevent reading by unauthorized parties.

Encryption

(1) Conversion of plaintext to ciphertext though the use of a cryptographic algorithm. (2) The process of changing plaintext into ciphertext for the purpose of security or privacy.

Encryption algorithm

A set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key.

Encryption certificate

A certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes.

Encryption process

(1) The process of changing plaintext into ciphertext for the purpose of security or privacy. (2) Encryption is the conversion of data into a form, called a ciphertext, which cannot be easily understood by unauthorized people. (3) It is the conversion of plaintext to ciphertext through the use of a cryptographic algorithm. (4) The process of a confidentiality mode that transforms usable data into an unreadable form.