Secure Access Acronyms and Definitions
The process of granting or denying specific requests to (i) obtain and use information, and (ii) enter specific facilities.
AES (Advanced Encryption Standard)
One of many encryption standards utilized by the US Government.
APL (Approved Product List)
A list of products that are approved by the General Services Administration for FIPS 201 solutions.
Two related keys, a public key and a private key, that are used to perform complementary operations, such as encryption and decryption or signature generation and signature verification.
The process of establishing confidence of authenticity in the validity of a person’s identity and the PIV credential.
A measurable physical characteristic, such as a fingerprint, used to recognize the identity, or verify the claimed identity, of an individual.
CA (Certificate authority)
A trusted entity that issues and revokes public key certificates.
CAC (Common Access Card)
The smart card based technology used as the identity credential by the Department of Defense.
CHUID (Card Holder Unique Identifier)
The data structure for card holder identification defined by the FIPS-201 standard.
The PIV card and data elements associated with an individual that authoritatively binds an identity (and, optionally additional attributes) to that individual.
CRL (Certificate Revocation List)
A list of certificates serial numbers that have been revoked by the Certificate Authority as being expired, lost or otherwise unreliable and signed by the Certificate Authority.
DES (Data Encryption Standard)
The Data Encryption Standard that will be retired in 2010.
FASC-N (Federal Agency Smart Credential Number)
The data element contained within the CHUID and all data objects in a PIV that uniquely identifies the credential holder.
FIPS (Federal Information Processing Standard)
Standards published by the NIST, a part of the U.S. Department of Commerce, for use by all non-secret government agencies and by government contractors to achieve a common level of quality and interoperability.
FRAC (First Responder Authentication Credential)
PIV smart credentials issued to local first responders to allow them to be interoperable with Federal Government authorities in the event of a terrorist attack or other disaster.
GSC-IS (Government Smart Card Interoperability Specification)
The technical specification developed by government and industry defining a common interface for smart cards used by the US government and utilized heavily in FIPS-201 and NIST SP 800-116.
GSC-IAB (Government Smart Card Interoperability Advisory Board)
Group of government and industry representatives that collaborate on the establishment of smart card interoperability and related standards. http://www.smart.gov/iab
GUID (Globally Unique Identifier)
An number used in to provide a unique identifier.
A function that maps a bit string or arbitrary length to a fixed length bit string such that it is One-Way (computationally infeasible to find any input that maps to any pre-specified input) and is Collision Resistant (it is computationally infeasible to find any two distinct inputs that map to the same output).
HMAC (Hashed Message Authentication Code)
A cryptographic checksum on data calculated using a specific symmetric key in combination with a hash function to detect both accidental and intentional modifications of data.
HSPD-12 (Homeland Security Presidential Directive 12)
Presidential Directive signed by President Bush in August 2004 calling for a common set of secure and reliable identification standards for government employees and contractors.
IAB (Interagency Advisory Board)
Group of government and industry members providing guidance and coordinating efforts to develop new specifications and standards advancing use of the government smart cards for physical and logical access control systems. http://www.smart.gov/iab
The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you have, something you know, something you are) of a person requesting access with those previously proven and stored in the PIV credential or system and associated with the identity being claimed.
IDMS (Identity Management System)
A software system that collects, verifies, and maintains identity verification, validation and issuance and makes that information available to relying parties.
Interoperability allows any government facility or information system, regardless of the PIV issuer, to verify a cardholder’s identity using the credentials on the PIV card.
LACS (Logical Access Control System)
A security system that authenticates an individual to a Information Technology (IT) networks and related applications.
NIST (National Institute of Standards and Technology)
The federal agency under the Department of Commerce that develops and promotes standards and technology to advance commerce.
OCSP (Online Certificate Status Protocol)
A protocol used for obtaining the revocation status of a public key certificate issued by a trusted Certificate Authority. Two approaches are typically used: a centralized server-based approach and distributed (often referred to as responder) approach.
OMB (Office of Management and Budget)
OMB's mission is to assist the President in overseeing the preparation of the federal budget and to supervise its administration. OMB evaluates the effectiveness of agency programs, policies, and procedures, assesses competing funding demands among agencies, and sets funding priorities.
PACS (Physical Access Control System)
A system comprised of cards, readers, door controllers, servers and software to control the physical ingress and egress of people within a given space.
PAIIWG (Physical Access Interagency Interoperability Working Group)
A group of government and industry members that work to coordinate guidance and recommendations for standardized interoperability among PACS across federal agencies.
PIN (Personal Identification Number)
The secret numeric password shared between a user and a system or the user and the PIV credential that can be used as a second factor to authenticate the user to the system.
PIV (Personal Identification Verification) Card
A physical smart card token with stored identity information (e.g. photograph, keys, biometric data) enabling the claimed identity of the cardholder to be verified by another human or by an automated (machine readable and verifiable) process. The PIV conforms to the FIPS-201 standard.
An authorized identity card creator that purchases FIPS approved blank identity cards, initializes them with the appropriate software and data elements for the requested identity verification and access control application, personalizes the cards with the identity credentials of the authorized subjects, and delivers the personalized cards to the authorized subjects.
PKI (Public-Key Infrastructure)
Public Key Infrastructure (PKI) is a system that enables users of an unsecure network to secure transactions through the use of a public and private cryptographic key pair. It assumes the use of public key cryptography which is the most common method on a network for encrypting a message or authenticating a message sender.
The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data.
SCIF (Sensitive Compartmented Information Facility)
A physical area where sensitive information may be stored, used, or processed.
SCVP (Server Certificate Validation Protocol)
A method of determining the ability to trust the issuer of a certificate from outside of the user’s own enterprise. A crucial component of certificate validation when dealing with federated environments and multiple certificate authorities such as the United States government.
A cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key.
SHA (Secure Hash Algorithm)
A one-way algorithm that computes a fixed-length message (known as a message digest) of an input message of any length.
SP (Special Publications)
NIST publications that provide information and guidance that support specific standards, eliminating the need to revise the entire standard.
TPK (TWIC Privacy Key)
A unique encryption key accessible from a TWIC’s magnetic stripe or contact interface establishing a secure channel for biometric data transfer.
TWIC (Transportation Worker Identification Credential)
A PIV compatible credential for personnel that require unescorted access to secure areas regulated facilities and vessels. The credential includes a TWIC privacy key for encryption of a biometric that is passed over the contactless interface.
The process of determining that the system under consideration meets in all respects the specification of that system.