Glossary

For the purpose of this documentation, the following terms and definitions apply.

Terms and Definitions

Asymmetrical cryptography

Encryption/decryption operations performed using a key pair: a private key used by the issuer to sign documents and a public key used to verify the signature. The two keys have an “asymmetric” role, hence the term.

C40 encoding

Encoding defined in ISO 16022:2006 to reduce the number of bytes required to encode a string of characters.

Certificate

Electronic file attesting that a cryptographic key pair belongs to a person or a hardware or software component as identified in the certificate. A certificate is issued by a Certification Authority. By signing the certificate, the Certification Authority approves the link between the identity of a person or component and the cryptographic key pair. The certificate may be revoked if it doesn’t attest the validity of this link any more. The certificate has a limited validity period.

Certificate Authority (CA)

Service offered by a trust service provider to create, issue and produce certificates on behalf of users, and ensure the integrity of the electronic identification of signatories.

Note: The CA signs the certificate (with its own private key) to guarantee the integrity of the certificate and the accuracy of the data contained in the certificates that it issues.

Certificate Revocation List (CRL)

List of Certificates that have been revoked by the issuing Certificate Authority before their scheduled expiration date and should no longer be trusted.

Digital Signature Algorithm (DSA)

Algorithms that can be used to generate digital signatures. These include, but are not limited to, RSA and ECDSA algorithms defined in FIPS PUB 186-4 – Digital Signature Standard.

Digital Seal

Data set signed in digital form that is logically attached or associated with other data in digital form to ensure the origin and integrity of the data.

Electronic certificate (also referred to as a “certificate” or “X.509 certificate”)

Electronic file attesting that a cryptographic key pair belongs to either a physical or legal person, a hardware component or a software component as identified in the certificate. Certificates are issued by a Certificate Authority (CA). By signing the certificate, the CA certifies the association between the key pair with the person, hardware component or software component. A certificate may be revoked if this association can no longer be established. A certificate is valid for a limited amount of time.

Electronically Signed Encoded Data Set (ESEDS)

A structured data set, often in the form of an MRC, containing a payload and its signature from the issuer. A header identifies the type of payload and the issuer. An optional auxiliary data block may be added after the signature.

Hash

Operation that consists of applying a mathematical function to create a digital fingerprint on a data block, transforming the data block into a fixed-size code for authentication and storage purposes. Any change to the original data block results in a change in the hash value.

Machine-Readable Code (MRC)

A graphic symbol or electronic device or a combination of the two containing a set of signs or letters that can be interpreted by an acquisition system. Examples of MRC include, but are not limited to, 2D barcodes and RFID tags

Manifest

External resource containing information in XML format about the VDS use case, its data schema, validation policies and optional extensions.

Online Certificate Status Protocol (OCSP)

Protocol defined in RFC 6960 to validate a certificate’s status, usually to determine if the certificate has been revoked. Alternative to a certificate revocation list (CRL).

Personal Data

Any information relating to an individual who is or can be identified, directly or indirectly, from that information. Personal data include: biographical data, such as name, sex, civil status, date and place of birth, country of origin, country of residence, individual registration number, occupation, religion and ethnicity; biometric data, such as a photograph, fingerprint, facial or iris image; health data; as well as any expression of opinion about the individual, such as assessments of his or her health status and/or specific needs.

Response Formatting Function (RFF)

A function specifying how to format and present the output with VDS verification results.

Schema

Payload data structure. Allows for data encoding, decoding and verification.

Symbology

Correspondence between a payload and a machine-readable code, generally in the form of a barcode. A symbology:

  • describes the encoding of numeric, text or binary data in a barcode;

  • defines the redundancy and error correction code mechanisms; and

  • specifies the quiet zone around the barcode

Trusted Entry Point (TEP)

Software application that manages the acquisition and strict validation of the VDS against format specifications, and security and governance rules.

Trust Service List (TSL)

A trusted-service list compliant with ETSI TS 119 612 and containing information about the TSO, the TSPs and the TSP’s CA authorized to issue certificates to sign a VDS. TSLs are extensible using XML extensions defined by the TSO.

Trust Service Operator (TSO)

Entity that defines the governance structure and technical requirements of the trust service, and oversees the overall operations. In some industries, the TSO acts as the Authentication Service Body (ASB).

Trust Service Provider (TSP)

Entity tasked with defining the CA trust framework and governance structure, offering certificate service(s), operating the CA and ensuring compliance with said governance.

Uniform Resource Identifier (URI)

Character string that unambiguously identifies a particular resource. Their syntax is defined in rfc{3986} – Uniform Resource Identifiers.

Visible Digital Seal (VDS)

A VDS is a device used to guarantee the authenticity and the integrity of sensitive data contained in a hard copy or electronic document at a relatively low cost, but with a high level of security by using asymmetrical cryptography.

Abbreviated Terms

For the purpose of this documentation, the following abbreviations apply.

AES

Advanced Encryption Standard

CA

Certification Authority

CBC

Cipher Block Chaining

CRL

Certification Revocation List

ECDSA

Elliptic Curve Digital Signature Algorithm

ESEDS

Electronically Signed Encoded Data Set

ISO

International Organization for Standardization

LoTL

List of Trust List

MRC

Machine-Readable Code

OCSP

Online Certificate Status Protocol

RFF

Response Formatting Function

RFU

Reserved for Future Use

SHA

Secure Hash Algorithm

TEP

Trusted Entry Point

TSL

Trust Service List

TSO

Trust Service Operator

TSP

Trust Service Provider

URI

Uniform Resource Identifier

VDS

Visible Digital Seal

XAdES

XML Advanced Electronic Signature

XML

eXtensible Markup Language