SWRA780A September 2023 – February 2024 CC3300 , CC3301
| Abbreviations | Meaning |
|---|---|
| Asset | An asset is any piece of information (security-relevant elements) that has value to the owner. An asset therefore must be protected by the measures of the target system (by means of confidentiality, integrity, authenticity). Assets can be proprietary information, personal data, or intellectual property. |
| Authenticity | Maintains that assets or entities are genuine and authorized to perform a task or used as intended. The verification process usually involves cryptographic algorithms, which check that the entities are who they claim to be. Some predefined trust mechanism is always part of an authentication scheme. |
| Certificates | Certificates are standard-formatted files. Certificates typically contain the public key of the subject, and a CA signature of the header and public key. Anyone provided with the CA public key (or sub-CA in case of certificate chain) can verify the subject’s identity. |
| Certificate authority (CA) | A trusted entity that issues certificates used to verify identities. |
| Certificate chain, Chain of trust | A certificate chain consists of a hierarchy of certificates that allows anyone to verify the identity of any certificate issuer, down to the root certificate. |
| Confidentiality | Confidentiality maintains that an asset is not made available or disclosed to unauthorized entities. In most cases, confidentiality translates into encryption, while in other cases, obfuscation techniques are used to maintain confidentiality. |
| Integrity | Attribute describing an object that remains intact entirely, compared to the original version. |
| Root CA | The topmost certificate provided by a certificate authority, against which the certificate chain is eventually verified. The certificate is always self-signed and publicly available. |