Cyber Glossary - P

Packet - The logical unit of network communications produced by the transport layer. SOURCE: Cyberspace Solarium Commission Final Report, 2020

---

Packet Filter – A routing device that provides access control functionality for host addresses and communication sessions. (SP 800-41) (NISTIR)

---

Packet Sniffer – Software that observes and records network traffic. (CNSSI-4009) (NISTIR)

---

Parity – Bit(s) used to determine whether a block of data has been altered. (CNSSI-4009) (NISTIR)

---

Partitioned Security Mode – Information systems security mode of operation wherein all personnel have the clearance, but not necessarily formal access approval and need-to-know, for all information handled by an information system. (CNSSI-4009) (NISTIR)

---

Passive Attack – An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.

Related Term(s): active attack

(Adapted from: IETF RFC 4949, NIST SP 800-63 Rev 1) (NICCS)

---

Passive Attack – An attack against an authentication protocol where the Attacker intercepts data traveling along the network between the Claimant and Verifier, but does not alter the data (i.e., eavesdropping). SOURCE: SP 800-63 An attack that does not alter systems or data. (CNSSI-4009) (NISTIR)

---

Passive Security Testing – Security testing that does not involve any direct interaction with the targets, such as sending packets to a target. (SP 800-115) (NISTIR)

---

Passive Wiretapping – The monitoring or recording of data while it is being transmitted over a communications link, without altering or affecting the data. (CNSSI-4009) (NISTIR)

---

Password – A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. (From: FIPS 140-2) (NICCS)

---

Password – A secret that a Claimant memorizes and uses to authenticate his or her identity. Passwords are typically character strings. (SP 800-63) (NISTIR)

---

Password – A protected character string used to authenticate the identity of a computer system user or to authorize access to system resources. (FIPS 181) (NISTIR)

A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. SOURCE: FIPS 140-2

A protected/private string of letters, numbers, and/or special characters used to authenticate an identity or to authorize access to data. (CNSSI-4009) (NISTIR)

---

Password Cracking – The process of recovering secret passwords stored in a computer system or transmitted over a network. SOURCE: SP 800-115

---

Password Protected – The ability to protect a file using a password access control, protecting the data contents from being viewed with the appropriate viewer unless the proper password is entered. (SP 800-72) (NISTIR)

---

Patch – An update to an operating system, application, or other software issued specifically to correct particular problems with the software. (SP 800-123) (NISTIR)

---

Patch Management – The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs. SOURCE: CNSSI-4009

---

Patching – patching is the process of updating software to x bugs and vulnerabilities. (UK 2016)

---

Path Histories – Maintaining an authenticatable record of the prior platforms visited by a mobile software agent, so that a newly visited platform can determine whether to process the agent and what resource constraints to apply. (SP 800-19) (NISTIR)

---

Payload – The input data to the CCM generation-encryption process that is both authenticated and encrypted. (SP 800-38C) (NISTIR)

---

Peer Entity Authentication – The process of verifying that a peer entity in an association is as claimed. (CNSSI-4009) (NISTIR)

---

Pen Test – A colloquial term for penetration test or penetration testing.

Synonym(s): penetration testing

---

Penetration – Synonym(s): intrusion

---

Penetration Testing – A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system. (SP 800-53A) (NISTIR)

Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability. (SP 800-115) (NISTIR)

Activities designed to test the resilience of a network or facility against hacking, which are authorised or sponsored by the organisation being tested. (UK 2016)

---

Per-Call Key – Unique traffic encryption key generated automatically by certain secure telecommunications systems to secure single voice or data transmissions. See Cooperative Key Generation. (CNSSI-4009) (NISTIR)

---

Performance Reference Model – (PRM) Framework for performance measurement providing common output measurements throughout the federal government. It allows agencies to better manage the business of government at a strategic level by providing a means for using an agency’s EA to measure the success of information systems investments and their impact on strategic outcomes. (CNSSI-4009) (NISTIR)

---

Perimeter – (C&A) Encompasses all those components of the system that are to be accredited by the DAA, and excludes separately accredited systems to which the system is connected. (Authorization) Encompasses all those components of the system or network for which a Body of Evidence is provided in support of a formal approval to operate. (CNSSI-4009) (NISTIR)

---

Periods Processing – The processing of various levels of classified and unclassified information at distinctly different times. Under the concept of periods processing, the system must be purged of all information from one processing period before transitioning to the next. (CNSSI-4009) (NISTIR)

---

Perishable Data – Information whose value can decrease substantially during a specified time. A significant decrease in value occurs when the operational circumstances change to the extent that the information is no longer useful. (CNSSI-4009) (NISTIR)

---

Permuter – Device used in cryptographic equipment to change the order in which the contents of a shift register are used in various nonlinear combining circuits. (CNSSI-4009) (NISTIR)

---

Persistent Engagement - The concept by which U.S. Cyber Command implements defend forward. It is based on the idea that adversaries are in constant contact in cyberspace. Its elements are enabling partners and acting as far forward as possible. SOURCE: Cyberspace Solarium Commission Final Report, 2020

---

Personal Firewall – A utility on a computer that monitors network activity and blocks communications that are unauthorized. (SP 800-69) (NISTIR)

---

Personal Identification Number – (PIN) A password consisting only of decimal digits. (SP 800-63) (NISTIR)

A secret that a claimant memorizes and uses to authenticate his or her identity. PINs are generally only decimal digits. (FIPS 201) (NISTIR)

An alphanumeric code or password used to authenticate an identity. SOURCE: FIPS 140-2 A short numeric code used to confirm identity. (CNSSI-4009) (NISTIR)

---

Personal Identity Verification – (PIV) The process of creating and using a governmentwide secure and reliable form of identification for federal employees and contractors, in support of HSPD 12, Policy for a Common Identification Standard for Federal Employees and Contractors. (CNSSI-4009) (NISTIR)

---

Personal Identity Verification Accreditation – The official management decision to authorize operation of a PIV Card Issuer after determining that the Issuer’s reliability has satisfactorily been established through appropriate assessment and certification processes. (CNSSI-4009) (NISTIR)

---

Personal Identity Verification Authorizing Official – An individual who can act on behalf of an agency to authorize the issuance of a credential to an applicant. (CNSSI-4009) (NISTIR)

---

Personal Identity Verification Card – (PIV Card) Physical artifact (e.g., identity card, “smart” card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation, etc.) such that a claimed identity of the cardholder may be verified against the stored credentials by another person (human-readable and verifiable) or an automated process (computer-readable and verifiable). (FIPS 201; CNSSI-4009) (NISTIR)

---

Personal Identity Verification Issuer – An authorized identity card creator that procures FIPS-approved blank identity cards, initializes them with appropriate software and data elements for the requested identity verification and access control application, personalizes the cards with the identity credentials of the authorized subjects, and delivers the personalized card to the authorized subjects along with appropriate instructions for protection and use. (FIPS 201) (NISTIR)

---

Personal Identity Verification Registrar – An entity that establishes and vouches for the identity of an applicant to a PIV Issuer. The PIV RA authenticates the applicant’s identity by checking identity source documents and identity proofing, and that ensures a proper background check has been completed, before the credential is issued. (FIPS 201) (NISTIR)

---

Personal Identity Verification Sponsor – An individual who can act on behalf of a department or agency to request a PIV Card for an applicant. (FIPS 201) (NISTIR)

---

Personally Identifiable Information – (PII) Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc., alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. SOURCE: CNSSI-4009 Any information about an individual maintained by an agency, including

1. any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and
2. any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. (SP 800-122) (NISTIR)

---

Personnel Registration Manager – The management role that is responsible for registering human users, i.e., users that are people. (CNSSI-4009) (NISTIR)

---

Phishing – A digital form of social engineering to deceive individuals into providing sensitive information. (Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1) (NICCS)

Tricking individuals into disclosing sensitive personal information through deceptive computer-based means. SOURCE: SP 800-83 Deceiving individuals into disclosing sensitive personal information through deceptive computer-based means. (CNSSI-4009) (NISTIR)

A digital form of social engineering that uses authentic-looking—but bogus—emails to request information from users or direct them to a fake Web site that requests information. (SP 800-115) (NISTIR)

---

Physically Isolated Network – A network that is not connected to entities or systems outside a physically controlled space. (SP 800-32) (NISTIR)

---

Piconet – A small Bluetooth network created on an ad hoc basis that includes two or more devices. (SP 800-121) (NISTIR)

---

PII Confidentiality Impact Level – The PII confidentiality impact level—low, moderate, or high— indicates the potential harm that could result to the subject individuals and/or the organization if PII were inappropriately accessed, used, or disclosed. (SP 800-122) (NISTIR)

---

Plaintext – Data input to the Cipher or output from the Inverse Cipher. (FIPS 197) (NISTIR)

Intelligible data that has meaning and can be understood without the application of decryption. (SP 800-21 Unencrypted information. SOURCE: CNSSI-4009) (NISTIR)

Unencrypted information. (From: CNSSI 4009) (NICCS)

Related Term(s): ciphertext

---

Plaintext Key – An unencrypted cryptographic key. (FIPS 140-2) (NISTIR)

---

Plan of Action and Milestones – (POA&M) A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and scheduled completion dates for the milestones. (SP 800-53; SP 800-53A; SP 800-37; SP 800-64; CNSSI4009; OMB Memorandum 02-01) (NISTIR)

---

Policy Approving Authority – (PAA) First level of the PKI Certification Management Authority that approves the security policy of each PCA. (CNSSI-4009) (NISTIR)

---

Policy-Based Access Control – (PBAC) A form of access control that uses an authorization policy that is flexible in the types of evaluated parameters (e.g., identity, role, clearance, operational need, risk, and heuristics). (CNSSI-4009) (NISTIR)

---

Policy Certification Authority – (PCA) Second level of the PKI Certification Management Authority that formulates the security policy under which it and its subordinate CAs will issue public key certificates. (CNSSI-4009) (NISTIR)

---

Policy Management Authority – (PMA) Body established to oversee the creation and update of Certificate Policies, review Certification Practice Statements, review the results of CA audits for policy compliance, evaluate non-domain policies for acceptance within the domain, and generally oversee and manage the PKI certificate policies. For the FBCA, the PMA is the Federal PKI Policy Authority. (SP 800-32) (NISTIR)

---

Policy Mapping – Recognizing that, when a CA in one domain certifies a CA in another domain, a particular certificate policy in the second domain may be considered by the authority of the first domain to be equivalent (but not necessarily identical in all respects) to a particular certificate policy in the first domain. (SP 800-15) (NISTIR)

---

Port – A physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire). (FIPS 140-2(NISTIR)

---

Port Scanning – Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports. (CNSSI-4009) (NISTIR)

---

Portable Electronic Device (PED) – Any nonstationary electronic apparatus with singular or multiple capabilities of recording, storing, and/or transmitting data, voice, video, or photo images. This includes but is not limited to laptops, personal digital assistants, pocket personal computers, palmtops, MP3 players, cellular telephones, thumb drives, video cameras, and pagers. (CNSSI-4009) (NISTIR)

---

Portal – A high-level remote access architecture that is based on a server that offers teleworkers access to one or more applications through a single centralized interface. (SP 800-46) (NISTIR)

---

Post-election Audit - Any review conducted after polls close for the purpose of determining whether the votes were counted accurately (a results audit) or whether proper procedures were followed (a process audit), or both. SOURCE: Cyberspace Solarium Commission Final Report, 2020

---

Positive Control Material – Generic term referring to a sealed authenticator system, permissive action link, coded switch system, positive enable system, or nuclear command and control documents, material, or devices. (CNSSI-4009) (NISTIR)

---

Potential Impact – The loss of confidentiality, integrity, or availability could be expected to have: 1) a limited adverse effect (FIPS 199 low); 2) a serious adverse effect (FIPS 199 moderate); or 3) a severe or catastrophic adverse effect (FIPS 199 high) on organizational operations, organizational assets, or individuals. (SP 800-53; SP 800-60; SP 800-37; FIPS 199) (NISTIR)

The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect; a serious adverse effect, or a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. (FIPS 200) (NISTIR)

---

Practice Statement – A formal statement of the practices followed by an authentication entity (e.g., RA, CSP, or Verifier). It usually describes the policies and practices of the parties and can become legally binding. (SP 800-63) (NISTIR)

---

Precursor – A sign that an attacker may be preparing to cause an incident. (SP 800-61) (NISTIR)

An observable occurrence or sign that an attacker may be preparing to cause an incident. (Adapted from: CNSSI 4009, NIST SP 800-61 Rev 2) (DRAFT) (NICCS)

Related Term(s): indicator

---

Prediction Resistance – Prediction resistance is provided relative to time T if there is assurance that an adversary who has knowledge of the internal state of the DRBG at some time prior to would be unable to distinguish between observations of ideal random bitstrings and bitstrings output by the DRBG at or subsequent to time T. The complementary assurance is called Backtracking Resistance. (SP 800-90A) (NISTIR)

---

Predisposing Condition – A condition that exists within an organization, a mission/business process, enterprise architecture, or information system including its environment of operation, which contributes to (i.e., increases or decreases) the likelihood that one or more threat events, once initiated, will result in undesirable consequences or adverse impact to organizational operations and assets, individuals, other organizations, or the Nation. (SP 800-30) (NISTIR)

---

Prefix – Prefix appended to the short title of U.S.-produced keying material to indicate its foreign releasability. "A" designates material that is releasable to specific allied nations, and "U.S." designates material intended exclusively for U. S. use. (CNSSI-4009) (NISTIR)

---

Preparedness – The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents. (Adapted from: NIPP) (NICCS)

---

Preproduction Model – Version of INFOSEC equipment employing standard parts and suitable for complete evaluation of form, design, and performance. Preproduction models are often referred to as beta models. (CNSSI-4009) (NISTIR)

---

Primary Services Node (PRSN) – A Key Management Infrastructure core node that provides the users’ central point of access to KMI products, services, and information. (CNSSI-4009) (NISTIR)

---

Principal – An entity whose identity can be authenticated. SOURCE: FIPS 196

---

Principal Accrediting Authority – (PAA) Senior official with authority and responsibility for all intelligence systems within an agency. (CNSSI-4009) (NISTIR)

---

Principal Certification Authority – (CA) The Principal Certification Authority is a CA designated by an agency to interoperate with the FBCA. An agency may designate multiple Principal CAs to interoperate with the FBCA. (SP 800-32) (NISTIR)

---

Print Suppression – Eliminating the display of characters in order to preserve their secrecy. (CNSSI-4009) (NISTIR)

---

Privacy – The assurance that the confidentiality of, and access to, certain information about an entity is protected.

Extended Definition: The ability of individuals to understand and exercise control over how information about themselves may be used by others.

(From: NIST SP 800-130; Adapted from: DHS personnel) (NICCS)

Restricting access to subscriber or Relying Party information in accordance with federal law and agency policy. (SP 800-32) (NISTIR)

---

Privacy Impact Assessment (PIA) – An analysis of how information is handled: 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. (SP 800-53; SP 800-18; SP 800-122; CNSSI-4009; OMB Memorandum 03-22) (NISTIR)

---

Privacy System – Commercial encryption system that affords telecommunications limited protection to deter a casual listener, but cannot withstand a technically competent cryptanalytic attack. (CNSSI-4009) (NISTIR)

---

Private Key – A cryptographic key, used with a public key cryptographic algorithm, that is uniquely associated with an entity and is not made public. In an asymmetric (public) cryptosystem, the private key is associated with a public key. Depending on the algorithm, the private key may be used, for example, to: 1) Compute the corresponding public key, 2) Compute a digital signature that may be verified by the corresponding public key, 3) Decrypt keys that were encrypted by the corresponding public key, or 4) Compute a shared secret during a key-agreement transaction. (SP 800-57 Part 1) (NISTIR)

---

Privilege – A right granted to an individual, a program, or a process. (CNSSI-4009) (NISTIR)

---

Privilege Management – The definition and management of policies and processes that define the ways in which the user is provided access rights to enterprise systems. It governs the management of the data that constitutes the user’s privileges and other attributes, including the storage, organization and access to information in directories. (NISTIR 7657) (NISTIR)

---

Privileged Account – An information system account with approved authorizations of a privileged user. (CNSSI-4009) (NISTIR)

An information system account with authorizations of a privileged user. (SP 800-53) (NISTIR)

Individuals who have access to set “access rights” for users on a given system. Sometimes referred to as system or network administrative accounts. (SP 800-12) (NISTIR)

---

Privileged Command – A human-initiated command executed on an information system involving the control, monitoring, or administration of the system including security functions and associated security-relevant information. (SP 800-53; CNSSI-4009) (NISTIR)

---

Privileged Process – A computer process that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary processes are not authorized to perform. (CNSSI-4009) (NISTIR)

---

Privileged User – A user that is authorized (and, therefore, trusted) to perform securityrelevant functions that ordinary users are not authorized to perform. (SP 800-53; CNSSI-4009) (NISTIR)

---

Probability of Occurrence – See Likelihood of Occurrence. (NISTIR)

---

Probe – A technique that attempts to access a system to learn something about the system. (CNSSI-4009) (NISTIR)

---

Product Source Node (PSN) – The Key Management Infrastructure core node that provides central generation of cryptographic key material. (CNSSI-4009) (NISTIR)

---

Production Model – INFOSEC equipment in its final mechanical and electrical form. (CNSSI-400) (NISTIR)

---

Profiling – Measuring the characteristics of expected activity so that changes to it can be more easily identified. (SP 800-61; CNSSI-4009) (NISTIR)

---

Promiscuous Mode – A configuration setting for a network interface card that causes it to accept all incoming packets that it sees, regardless of their intended destinations. (SP 800-94) (NISTIR)

---

Proprietary Information (PROPIN) – Material and information relating to or associated with a company's products, business, or activities, including but not limited to financial information; data or statements; trade secrets; product research and development; existing and future product designs and performance specifications; marketing plans or techniques; schematics; client lists; computer programs; processes; and know-how that has been clearly identified and properly marked by the company as proprietary information, trade secrets, or company confidential information. The information must have been developed by the company and not be available to the government or to the public without restriction from another source. (CNSSI-4009) (NISTIR)

---

Protected Distribution System (PDS) – Wire line or fiber optic system that includes adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for the transmission of unencrypted information through an area of lesser classification or control. (CNSSI-4009) (NISTIR)

---

Protection Philosophy – Informal description of the overall design of an information system delineating each of the protection mechanisms employed. Combination of formal and informal techniques, appropriate to the evaluation class, used to show the mechanisms are adequate to enforce the security policy. (CNSSI-4009) (NISTIR)

---

Protect & Defend – A NICE Workforce Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks. (From: NICE Workforce Framework) (NICCS)

---

Protection Profile – Common Criteria specification that represents an implementation independent set of security requirements for a category of Target of Evaluations (TOE) that meets specific consumer needs. (CNSSI-4009) (NISTIR)

---

Protective Distribution System – Wire line or fiber optic system that includes adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for the transmission of unencrypted information. (SP 800-53) (NISTIR)

---

Protective Packaging – Packaging techniques for COMSEC material that discourage penetration, reveal a penetration has occurred or was attempted, or inhibit viewing or copying of keying material prior to the time it is exposed for use. (CNSSI-4009) (NISTIR)

---

Protective Technologies – Special tamper-evident features and materials employed for the purpose of detecting tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material. (CNSSI-4009) (NISTIR)

---

Protocol – Set of rules and formats, semantic and syntactic, permitting information systems to exchange information. (CNSSI-4009) (NISTIR)

---

Protocol Data Unit – A unit of data specified in a protocol and consisting of protocol information and, possibly, user data. (FIPS 188) (NISTIR)

---

Protocol Entity – Entity that follows a set of rules and formats (semantic and syntactic) that determines the communication behavior of other entities. (FIPS 188) (NISTIR)

---

Proxy – A proxy is an application that “breaks” the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it. This effectively closes the straight path between the internal and external networks making it more difficult for an attacker to obtain internal addresses and other details of the organization’s internal network.

Proxy servers are available for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email. (SP 800-44) (NISTIR)

An application that “breaks” the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it. Note: This effectively closes the straight path between the internal and external networks, making it more difficult for an attacker to obtain internal addresses and other details of the organization’s internal network. Proxy servers are available for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email. (CNSSI-4009) (NISTIR)

---

Proxy Agent – A software application running on a firewall or on a dedicated proxy server that is capable of filtering a protocol and routing it between the interfaces of the device. (CNSSI-4009) (NISTIR)

---

Proxy Server – A server that services the requests of its clients by forwarding those requests to other servers. (CNSSI-4009) (NISTIR)

---

Pseudorandom number generator – (PRNG) An algorithm that produces a sequence of bits that are uniquely determined from an initial value called a seed. The output of the PRNG “appears” to be random, i.e., the output is statistically indistinguishable from random values. A cryptographic PRNG has the additional property that the output is unpredictable, given that the seed is not known. (CNSSI-4009) (NISTIR)

---

Pseudonym – A false name. SOURCE: SP 800-63 1. A subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing. 2. An assigned identity that is used to protect an individual’s true identity. (CNSSI-4009) (NISTIR)

---

Psychological Operations – Planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals. The purpose of psychological operations is to induce or reinforce foreign attitudes and behavior favorable to the originator’s objectives. Also called PSYOP. (JP 1-02) (Jt Pub 3-13)

---

Public Domain Software – Software not protected by copyright laws of any nation that may be freely used without permission of, or payment to, the creator, and that carries no warranties from, or liabilities to the creator. (CNSSI-4009) (NISTIR)

---

Public Key – A cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and which may be made public; it is used to verify a digital signature; this key is mathematically linked with a corresponding private key. (FIPS 196) (NISTIR)

A cryptographic key that may be widely published and is used to enable the operation of an asymmetric cryptography scheme. This key is mathematically linked with a corresponding private key. Typically, a public key can be used to encrypt, but not decrypt, or to validate a signature, but not to sign. (CNSSI-4009) (NISTIR)

In an asymmetric (public) cryptosystem, the public key is associated with a private key. The public key may be known by anyone and, depending on the algorithm, may be used, for example, to: 1) Verify a digital signature that is signed by the corresponding private key, 2) Encrypt keys that can be decrypted by the corresponding private key, or 3) Compute a shared secret during a key-agreement transaction. (SP 800-57 Part 1) (NISTIR)

---

Public Key – A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.

Extended Definition: The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public.

Related Term(s): private key, asymmetric cryptography

(Adapted from: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25) (NICCS)

---

Public Key Cryptography – A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).

Synonym(s): asymmetric cryptography, public key encryption

(Adapted from: CNSSI 4009, FIPS 140-2, InCommon Glossary) (NICCS)

---

Public Key Certificate – A digital document issued and digitally signed by the private key of a Certificate authority that binds the name of a Subscriber to a public key. The certificate indicates that the Subscriber identified in the certificate has sole control and access to the private key. (SP 800-63) (NISTIR)

A set of data that unambiguously identifies an entity, contains the entity's public key, and is digitally signed by a trusted third party (certification authority). (FIPS 196) (NISTIR)

---

Public Key (Asymmetric) Cryptographic Algorithm – A cryptographic algorithm that uses two related keys, a public key and a private key. The two keys have the property that deriving the private key from the public key is computationally infeasible. (FIPS 140-2) (NISTIR)

---

Public Key Cryptography – Encryption system that uses a public-private key pair for encryption and/or digital signature. (CNSSI-4009) (NISTIR)

---

Public Key Enabling (PKE) – The incorporation of the use of certificates for security services such as authentication, confidentiality, data integrity, and non-repudiation. (CNSSI-4009) (NISTIR)

---

Public Key Encryption – Synonym(s): public key cryptography or asymmetric cryptography

---

Public Key Infrastructure – An architecture which is used to bind public keys to entities, enable other entities to verify public key bindings, revoke such bindings, and provide other services critical to managing public keys. (FIPS 196 A) (NISTIR)

Framework that is established to issue, maintain, and revoke public key certificates. (FIPS 186) (NISTIR)

A support service to the PIV system that provides the cryptographic keys needed to perform digital signature-based identity verification and to protect communications and storage of sensitive verification system data within identity cards and the verification system. (FIPS 201) (NISTIR)

The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of public key certificates. Components include the personnel, policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, recover, and revoke public key certificates. (CNSSI-4009) (NISTIR)

A set of policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates. (SP 800-32; SP 800-63) (NISTIR)

---

Public Seed – A starting value for a pseudorandom number generator. The value produced by the random number generator may be made public. The public seed is often called a “salt.”(CNSSI-4009) (NISTIR)

---

Purge – Rendering sanitized data unrecoverable by laboratory attack methods. (SP 800-88; CNSSI-4009) (NISTIR)