Читаем CISSP Practice полностью

A key establishment procedure (either manual or electronic) where the resultant keying material is a function of information contributed by two or more participants, so that no party can predetermine the value of the keying material independent of the other party’s contribution.

Key attack

(1) An attacker’s goal is to prevent a system user’s work simply by holding down the ENTER or RETURN key on a terminal that has not been logged on. This action initiates a very high-priority process that takes over the CPU in an attempt to complete the logon process. This is a resource starvation attack in that it consumes systems resources such as CPU utilization and memory. Legitimate users are deprived of their share of resources. (2) A data scavenging method, using resources available to normal system users, which may include advanced software diagnostic tools.

Key bundle

The three cryptographic keys (Key 1, Key 2, Key 3) that are used with a triple-data- encryption algorithm (TDEA) mode.

Key confirmation

A procedure to provide assurance to one party (the key confirmation recipient) that another party (the key conformation provider) actually possesses the correct secret keying material and/or shared secret.

Key encrypting key

A cryptographic key that is used for the encryption or decryption of other keys.

Key entry

A process by which a key and its associated metadata is entered into a cryptographic module in preparation for active use.

Key escrow

The processes of managing (e.g., generating, storing, transferring, and auditing) the two components of a cryptographic key by two component holders. A key component is the two values from which a key can be derived.

Key escrow system

A system that entrusts the two components comprising a cryptographic key (e.g., a device unique key) to two key component holders (also called escrow agents).

Key establishment

(1) The process by which a cryptographic key is securely shared between two or more security entities, either by transporting a key from one entity to another (key transport) or deriving a key from information shared by the entities (key agreement). (2) A function in the life cycle of keying material; the process by which cryptographic keys are securely distributed among cryptographic modules using manual transport methods (e.g., key loaders), automated methods (e.g., key transport and/or key agreement protocols), or a combination of automated and manual methods (consists of key transport plus key agreement).

Key exchange

The process of exchanging public keys in order to establish secure communications.

Key expansion

Routine used to generate a series of Round Keys from the Cipher Key.

Key generation material

Random numbers, pseudo-random numbers, and cryptographic parameters used in generating cryptographic keys.

Key label

A text string that provides a human-readable and perhaps machine-readable set of descriptors for the key.

Key lifecycle state

One of the set of finite states that describes the accepted use of a cryptographic key in its lifetime. These states include pre-activation; active, suspended, deactivated and revoked; compromised; destroyed; and destroyed compromised.

Key list

A printed series of key settings for a specific crypto-net. Key lists may be produced in list, pad, or printed tape format.

Key loader

A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.

Key management

The activities involving the handling of cryptographic keys and other related security parameters (e.g., initialization vectors, counters, identity verifications and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and destruction (zeroization).

Key management infrastructure (KMI)

A framework established to issue, maintain, and revoke keys accommodating a variety of security technologies, including the use of software.

Key output

A process by which a cryptographic key and its bound metadata are extracted from a cryptographic module, usually for remote storage.

Key owner

An entity (e.g., person, group, organization, device, and module) authorized to use a cryptographic key or key pair and whose identity is associated with a cryptographic key or key pair.

Key pair

A public key and its corresponding private key; a key pair is used with a public key algorithm.

Key recover

To reconstruct a damaged or destroyed cryptographic key after an accident or abnormal circumstance or to obtain an electronic cryptographic key from a trusted third party after satisfying the rules for retrieval.

Key renewal