Alternate Tokens are PKI credentials stored in an ICC and issued on a smart card. Alternate Tokens allow users to authenticate their identity to log on to accounts other than their primary account on an unclassified network, to which they already have access. Alternate Tokens may not be used for e-mail signing and e-mail encryption.

Automated Key Recovery Agent. Allows you to recover your previously issued private encryption key and install it in the certificate store on your computer.

Certifying authority. See certification authority.

Common Access Card

Cryptographic Applications Interface

A certification authority creates, signs, issues, and revokes public key certificates.

A certificate store is a storage location for certificates stored locally on the computer or device that requested it, or in the case of a user, on the computer or device that the user used to request it. A certificate store will often have numerous certificates, possibly issued from a number of different certification authorities.

Code signing certificates identify software which may allow that software to be trusted.

Contracting Officer Technical Representative

CAC PIN Reset

Certificate Revocation List

Communications Tasking Order

Controlled Unclassified Information

Contractor Verification System

Drug Enforcement Agency

Decryption is the process of converting cipher text into plain text by means of a code or cryptographic system. (CNSS Instruction No. 4009, Revised June 2006)

Defense Enrollment Eligibility Reporting System

Department of Homeland Security

When combined, the PKI Certificate, public key and private key become your digital identity. Your digital identity proves to web sites and applications that you are who you say you are.

A digital signature is a cryptographic process used to assure message originator authenticity, integrity and non-repudiation. (CNSS Instruction No. 4009, Revised June 2006)

Defense Information Systems Agency

See certification authority.

Department of Defense Directive

Department of Defense Instruction

Defense Travel System

External Certification Authority. The ECA is a program sponsored by the DoD PKI. It consists of a Root Certification Authority (Root CA) maintained at the same facility that operates the DoD PKI Root CA, and Subordinate CAs maintained by vendors. Vendors wishing to become ECAs must pass a rigorous process that ensures their certificates are interoperable with the DoD PKI and that the policies and procedures they use to issue certificates are sufficient to meet requirements specified in the ECA Certificate Policy (CP), which has been approved by the DoD Certificate Policy Management Working Group (CPMWG). Once a vendor has been approved to operate as an ECA, the vendor is issued a Subordinate CA certificate from the ECA Root CA. If an ECA vendor leaves the ECA program, the Subordinate CA certificate for that vendor is revoked. ECA vendors recoup the cost of managing their ECAs by charging fees to issue certificates. (IASE Web site)

ECA certificates identify trusted external users of DoD networks and systems.

End user certificates identify users on a network which may allow the users to be trusted.

Encryption is the process of converting plain text into cipher text by means of a code or cryptographic system. (CNSS Instruction No. 4009, Revised June 2006)

Federal Information Processing Standards

Federal Information Security Management Act. FISMA is Title III of the 2002 E-Government Act. This law provides requirements for protecting Federal information, including privacy information, for both classified and unclassified systems.The Act requires each Federal agency to have an agency-wide information security program consisting of the specific security components intended to safeguard data on Federal information systems, through risk assessment and mitigation, in combination with information security training.

For Official Use Only

Global Address List. The Global Address List (GAL) is a directory service within an organization's or group of organizations' e-mail system. The GAL contains information for all e-mail users, distribution groups, and resources. Users of Microsoft Outlook can publish to the GAL their externally generated PKI e-mail encryption certificates that are used for secure e-mail.

Global Directory Service. GDS is an enterprise-wide directory service that supports the DoD PKI Program. GDS currently provides a DoD-wide search capability for information (names, e-mail addresses and public keys) regarding DoD personnel with a DoD PKI certificate on the NIPRNet and the SIPRNet. GDS includes both the public e-mail encryption keys and the certificate revocation lists.

Hardware tokens are physical, portable devices on which PKI credentials are stored and may not be copied. The CAC is an example of a hardware token.

Health Information Portability and Accounting Act

Homeland Security Presidential Directive - 12

Integrated Circuit Chip. An ICC stores and protects your PKI credentials on a hardware token.

Identification

Internet Explorer

An Intermediate CA, or Subordinate CA, is a certification authority that has certificates issued by a Root CA. (The DoD Public Key Infrastructure and Public Key-Enabling Frequently Asked Questions, 3 May 2004)

Information Technology

Joint Task Force - Global Network Operations

Local Registration Authority. The DOD PKI LRA registers users for DoD PKI Software Certificates and assists the RA.

Microsoft

Non-Secure Internet Protocol Router Network. The NIPRNet is a global, long-haul Internet Protocol (IP)-based network to support unclassified IP data communications services for combat support applications to the Department of Defense.

National Institute of Standards and Technology

National Security Agency

Office of Management and Budget

P12 files are portable, password-protected files with .p12 extensions. For example, software certificates must be installed into the Microsoft Certificate Store so that the user's certificates will be available for use with Microsoft products such as Internet Explorer and Outlook. In the DoD, Firefox is the approved browser used to create user software certificates and their corresponding keys into P12 files and stored on software tokens.

Personal digital assistant

Personal electronic device

Personally Identifiable Information. Personal Information. Information about an individual that identifies, links, relates, or is unique to, or describes him or her (e.g., a social security number; age; military rank; civilian grade; marital status; race; salary; home or office phone numbers; other demographic, biometric, personnel, medical, and financial information, etc). Such information also is known as personally identifiable information (e.g., information which can be used to distinguish or trace an individual`s identity, such as his or her name; social security number; date and place of birth; mother`s maiden name; and biometric records, including any other personal information which is linked or linkable to a specified individual. (DoDD 5400.11, May 8, 2007)

Personal Identification Number

Personal Identity Verification

PIV Card is the generic name for a common identification card that is produced by an HSPD-12 system. Other generic terms that are interchangeable with PIV card include credential or smart card. Departments and Agencies have the option to further brand the PIV card to make it more relevant and recognizable to employees and contractors. An example of PIV card branding will be the DoD's next generation Common Access Card (CAC), once it is PIV compliant.

Public Key

Public Key Enabling. PKE is the incorporation of the use of certificates for security services such as authentication, confidentiality, data integrity and non-repudiation. (DoDI 8520.2, PKI and PKE, 1 April 2004)

Public Key Infrastructure. PKI is the framework and services that provide for the generation, production, distribution, control, and accounting and destruction of public key certificates. (DoDI 8520.2, PKI and PKE, 1 April 2004)

A PKI Credential is a private key paired with a certificate that can be used for digital signatures and encryption and for outbound Secure Sockets Layer (SSL) authentication.

Registration Authority. The DoD PKI RA approves DoD PKI Server Certificates, revokes DoD PKI Certificates, and manages LRAs.

Real-time Automated Personnel Identification System

A Root CA or a Trusted Root is a certification authority that signs its own certificates. (The DoD Public Key Infrastructure and Public Key-Enabling Frequently Asked Questions, 3 May 2004)

RAPIDS Site Locator.

Server certificates identify machines or websites on a network which may allow the machines or websites to be trusted.

Secret Internet Protocol Router Network. The SIPRNet is the DoD's largest interoperable command and control data network, supporting the Global Command and Control System (GCCS), the Defense Message System (DMS), collaborative planning, and numerous other classified warfighter applications.

A Smart Card is a credit card-size device, normally for carrying and use by personnel, that contains one or more integrated circuit chips (ICC) and also may employ one or more of the following technologies: magnetic stripe, bar codes (linear and two dimensional), non-contact and radio frequency transmitters, biometric information, encryption and authentication, or photo identification. (DoDD 8190.3, Smart Card Technology, 31 August 2002)

Software tokens are general purpose electronic devices used to store and secure personal PKI credentials. Examples of software tokens are desktop computers, laptops, thumb drives, and floppy diskettes.

Secure Sockets Layer

Social Security Number

Trusted Agent. The TA assists users with obtaining certificates and verifies users' identities in a face-to-face environment for the RA or the LRA.

Verifying Official. The VO issues CACs to DoD members.