Kernel
The hardware, firmware, and software elements of a trusted computing base (TCB) that implements the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct. It is the most trusted portion of a system that enforces a fundamental property and on which the other portions of the system depend.
Key
(1) A parameter used in conjunction with a cryptographic algorithm that determines its operation. Examples include the computation of a digital signature from data and the verification of a digital signature. (2) A value used to control cryptographic operations, such as decryption, encryption, signature generation or signature verification.
Key agreement
A key establishment procedure (either manual or electronic) where the resultant keying material is a function of information contributed by two or more participants, so that no party can predetermine the value of the keying material independent of the other party’s contribution.
Key attack
(1) An attacker’s goal is to prevent a system user’s work simply by holding down the ENTER or RETURN key on a terminal that has not been logged on. This action initiates a very high-priority process that takes over the CPU in an attempt to complete the logon process. This is a resource starvation attack in that it consumes systems resources such as CPU utilization and memory. Legitimate users are deprived of their share of resources. (2) A data scavenging method, using resources available to normal system users, which may include advanced software diagnostic tools.
Key bundle
The three cryptographic keys (Key 1, Key 2, Key 3) that are used with a triple-data- encryption algorithm (TDEA) mode.
Key confirmation
A procedure to provide assurance to one party (the key confirmation recipient) that another party (the key conformation provider) actually possesses the correct secret keying material and/or shared secret.
Key encrypting key
A cryptographic key that is used for the encryption or decryption of other keys.
Key entry
A process by which a key and its associated metadata is entered into a cryptographic module in preparation for active use.
Key escrow
The processes of managing (e.g., generating, storing, transferring, and auditing) the two components of a cryptographic key by two component holders. A key component is the two values from which a key can be derived.
Key escrow system
A system that entrusts the two components comprising a cryptographic key (e.g., a device unique key) to two key component holders (also called escrow agents).
Key establishment
(1) The process by which a cryptographic key is securely shared between two or more security entities, either by transporting a key from one entity to another (key transport) or deriving a key from information shared by the entities (key agreement). (2) A function in the life cycle of keying material; the process by which cryptographic keys are securely distributed among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key transport and/or key agreement protocols), or a combination of automated and manual methods (consists of key transport plus key agreement).
Key exchange
The process of exchanging public keys in order to establish secure communications.
Key expansion
Routine used to generate a series of Round Keys from the Cipher Key.
Key generation material
Random numbers, pseudo-random numbers, and cryptographic parameters used in generating cryptographic keys.
Key label
A text string that provides a human-readable and perhaps machine-readable set of descriptors for the key.
Key lifecycle state
One of the set of finite states that describes the accepted use of a cryptographic key in its lifetime. These states include pre-activation; active, suspended, deactivated and revoked; compromised; destroyed; and destroyed compromised.
Key list
A printed series of key settings for a specific crypto-net. Key lists may be produced in list, pad, or printed tape format.
Key loader
A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.
Key management
The activities involving the handling of cryptographic keys and other related security parameters (e.g., initialization vectors, counters, identity verifications and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and destruction (zeroization).
Key management infrastructure (KMI)
A framework established to issue, maintain, and revoke keys accommodating a variety of security technologies, including the use of software.
Key output
A process by which a cryptographic key and its bound metadata are extracted from a cryptographic module, usually for remote storage.
Key owner
An entity (e.g., person, group, organization, device, and module) authorized to use a cryptographic key or key pair and whose identity is associated with a cryptographic key or key pair.
Key pair
A public key and its corresponding private key; a key pair is used with a public key algorithm.
Key recover
To reconstruct a damaged or destroyed cryptographic key after an accident or abnormal circumstance or to obtain an electronic cryptographic key from a trusted third party after satisfying the rules for retrieval.
Key renewal
The process used to extend the validity period of a cryptographic key so that it can be used for an additional time period.
Key retrieval
To obtain an electronic cryptography key from active or archival electronic storage, a backup facility, or an archive under normal operational circumstances.
Key space
The total number of possible values that a key, such as a password, can have.
Key transport
(1) A process used to move a cryptographic key from one protected domain to another domain, including both physical and electronic methods of movement. (2) A key establishment procedure whereby one party (the sender) selects and encrypts the keying material and then distributes the material to another party (the receiver). (3) The secure transport of cryptographic keys from one cryptographic module to another module.
Key transport key pairs
A key transport key pair may be used to transport keying material from an originating entity to a receiving entity during communications, or to protect keying material while in storage. The originating entity in a communication (or the entity initiating the storage of the keying material) uses the public key to encrypt the keying material; the receiving entity (or the entity retrieving the stored keying material) uses the private key to decrypt the encrypted keying material.