A person within the administrative authority responsible for the IT system and who has been designated to take decisions concerning security accreditation.
Authorised certification agent
Actual person who is mandated by the legal representative to manage all the certificates of a business (managing files and the identity of a future holder).
Certification authority (CA)
Within an electronic certification service provider's organisation the certification authority is responsible, in the name of and acting on behalf of, the electronic certification service provider, for the the application of at least one certification policy and is identified as that authority, when issuing certificates under the auspices of this policy.
All the rules, identified by name or a unique number (known as an OID - Object IDentifier), which defines the requirements which certification authority has to comply with to supply its services and showing the applicability of a certificate to a particular community and/or application class and how it meets common security requirements. A certification may also, if necessary, identify the obligations and requirements that have a bearing on others, in particular subscribers and users of certificates. French electronic and IT security guidelines (RGS)
An actual person who has been empowered by the legal representative to commit the business to a course of action
Electronic file that certifies the ownership of a public key by an actual person, company or organisation, material element or directly or indirectly (pseudonymously) identified software. It is delivered by an electronic certification service provider. By signing the certificate the certification authority validates the link between the identity and the public-key. The certificate is valid for a limited time as detailed in the certificate.
Electronic certification service provider
Any individual or body that is responsible for the management of electronic certificates through their life-cycle in relation to the holders and users of these certificates. An electronic certification service provider may supply different types of certificates for different uses and/or different levels of security. An electronic certification service provider must have at least one certification authority but there may be several in their organisation. The various certification authorities may be independent of each other and/or linked by hierarchical links or others (Root CA / Subordinate CA). An electronic certification service provider shall be indentified in the certificates they are responsible for, through the CA who should also be directly indentified in the user field of the certificate.
Electronic time stamping service provider
Any person or body who is responsible for the generation and management of time stamp tokens for its subscribers and the users of these time stamp tokens. An electronic time stamping service provider may supply a variety of timestamps to be used in different ways. An electronic time stamping service provider must include at least one Time stamp authority but may have more depending on the organisation. An electronic time stamping service provider will be identified in the public key of the certificates they are responsible for through their time stamp authorities
All the means used to draw up, process and transmit information that is sent electronically between administrative bodies and users as well as between administrative bodies
Information System Security
Satisfaction of the security needs (availability, integrity, confidentiality, imputability, traceability) of an information system.
Any information system allowing users to undertake administrative measures and operations using electronic means
Public document which defines for a category of products a number of safety requirements and objectives, independently of their technology and their implementation, which will satisfy the common security needs of a group of users.
Function in place within an IT system which contributes to the security of information shared by electronic means
Security product accreditation
Action by which ANSSI (National Agency for the Security of Information Systems) tests the capacity of a product to meet the security requirements which are the objectives of the test. Successful accreditation shows that the product is able to perform, at a given level of security one of more of the functions required by the French electronic and IT security guidelines (RGS).
Shared-key management infrastructure
The components, functions and procedures that are dedicated to management of asymmetric cryptographic keys and the certificates used by the trusted third parties. A shared key management infrastructure may be composed of a certification authority, a centralised registration authority and/or premises, authorised certification agents, an archive body, a publication body etc.
Time stamp policy
All the rules, identified by name or a unique number (known as an OID - Object IDentifier), which defines the requirements which the electronic time stamping service provider has to comply with to supply its services and showing the applicability of a time stamp token to a particular community and/or application class and how it meets common security requirements. A time stamp policy may also, if necessary, identify the obligations and requirements that have a bearing on others, in particular subscribers and users of timestamp tokens
Time stamp token
Data which links information to a particular time, expressed in UTC, which provides proof that the data existed at that particular moment
Time stamping authority
Within an electronic time stamping service provider's organisation, the time stamping authority is responsible, in the name of and acting on behalf of, the time stamping service provider, for the application of at least one time stamping policy that relies on one or more time stamp units.
Trusted service provider (TSP)
Any person or body offering services consisting of operations that implement measures which contribute to the security of information exchanges using electronic means.
Trusted third party accreditation
Action by which a certification body attests to the compliance of all or part of the service offer of a trusted third party to meet the requirements of the French electronic and IT security guidelines (RGS), for a given level of security which meets the level of service envisaged by the trusted third party.