The following definitioins are from "Licensing of Trusted Third Parties for the Provision of Encryption Services -- Public Consultation paper on Detailed Proposals for Legislation," March 1997, Department of Trade and Industry, United Kingdom. Annex D: Glossary of Terms The following terms are described for information only and are not intended to be interpreted as legal definitions: Authentication: The verification of a claimed identity. Central Repository: Government department or agency set up by Government to act as a point of contact for interfacing between a TTP and the appropriate law enforcement agency. Confidentiality: The prevention of the unauthorised disclosure of information. Cryptographic key: Is a parameter used with a cryptographic algorithm to transform, validate, authenticate, encrypt or decrypt data. Cryptography: The art or science of keeping messages secure. Digital Signature: Data appended to a message that allows a recipient of the message to prove the source and integrity of the message. Dual Legality: A legal request from a foreign agency must satisfy legal access conditions in both the requesting country and the country being asked. Encryption Algorithm: A mathematical function used to change plaintext into ciphertext (encryption) or vice versa (decryption). Integrity: Prevention of the unauthorised modification of information. Key escrow / recovery A capability that allows authorised persons, under certain prescribed conditions, to decrypt ciphertext with the help of information supplied by one or more trusted parties. Key management: The process of generating, storing, distributing, changing, and destroying cryptographic keys. Key revocation: Notification that a public cryptographic key is no longer valid. Private key: The private (secret) part of a cryptographic key pair. Knowledge of which should be strictly limited. Public key certificate: Public key information of an entity, signed by a trusted entity to certify the integrity of the public key. Public Key Infrastructure Supporting infrastructure, including non-technical (PKI): aspects, for the management of public keys. Public key: The public (i.e. non secret) part of a cryptographic key pair. This key is widely known and no secrecy should be attached to it. Time stamping: An electronic equivalent of mail franking. Trusted Third Party An entity trusted by other entities with respect (TTP): to security related services and activities.