public key cryptography: a commented bilingual terminology...

Public Key Cryptography:

A Commented Bilingual Terminology File

Submitted for the Degree of

Master of Arts in Translation

by

Carolina Herrera

Supervisors:

Ingrid Meyer, Ph.D.

Clara Foz, Ph.D.

University of Ottawa

School of Translation and Interpretation

2001

® Carolina Herrera, Ottawa, Canada, 2001

Public Key Cryptography: A Commented Terminology File

ACKNOWLEDGEMENTS

I would like to express my sincere thanks to my thesis supervisor, Dr. Ingrid Meyer, for her prompt and insightful feedback, as well as for her support and patience. I would also like to thank my co-director, Dr. Clara Foz, for her detailed and valuable comments, and her encouragement and trust. I am grateful to the University of Ottawa for providing me with a scholarship that made it possible for me to undertake this challenge. Many thanks to Dr. Lynne Bowker and Dr. Stan Matwin who listened to my ideas and provided helpful comments that served as starting points for this project. I am fortunate in having had the enthusiastic support of friends and colleagues at the School of Translation and Interpretation. In particular, I would like to thank Elizabeth Marshman for her constructive comments and suggestions. My family is a constant and endless source of strength and moral support. Without their love and encouragement, this project could not have been completed. Thanks.

Carolina Herrera

AGRADECIMIENTOS

Quiero expresar mi más sincera gratitud a mi supervisora de tesis, Dra. Ingrid Meyer, por sus valiosas y acertadas enseñanzas, así como por su apoyo y paciencia. Asímismo, quiero agradecer a mi co-directora, Dra. Clara Foz, por sus preciados y detallados comentarios, y por darme en todo momento aliento y confianza. Estoy muy agradecida con la Universidad de Ottawa por la beca que me otorgó, gracias a ella pude emprender este desafío. Gracias a la Dra. Lynne Bowker y al Dr. Stan Matwin por escuchar mis ideas y brindarme sus valiosos comentarios, los cuales sirvieron de punto de partida para este proyecto. Gracias a mis amigas y colegas de la Escuela de Traducción e Interpretación por su entusiasta apoyo. En especial, quisiera agradecer a Elizabeth Marshman por sus interesantes comentarios y sugerencias. Mi familia es una fuente constante e infinita de fuerza y apoyo moral. Sin su amor y aliento, yo no hubiera podido culminar este trabajo. Gracias.

Public Key Cryptography: A Commented Terminology File 4

Carolina Herrera

ABSTRACT

The objectives of this terminological file are to 1) produce records for the fundamental

English and Spanish terminology in the subject field of public key cryptography; 2) guide the

user in choosing terms and avoiding the use of pseudo-synonyms, and indicate spelling or

syntactic variants that could create confusion, and 3) discuss a number of terminological

difficulties in the field.

This work provides theoretical and practical insight on terminological research. The

theoretical aspects include the criteria for evaluation of documentation, the process of

identification and selection of concepts and terms, the representation of the conceptual system in

English and Spanish, and the discussion of the main terminological challenges encountered

during the elaboration of this project. The practical aspects consist of the production of the

English-Spanish term records, which provide not only descriptive information but also

suggestions on the use of variants.

The conclusion drawn from this research is that the field of public key cryptography

poses considerable challenges for English/Spanish terminologists and translators. Among these

challenges are the constant evolution of the terms and concepts and the different communicative

situations in which they are used. Moreover, the arbitrary creation of variants is a serious

obstacle to communication as it opens the doors to several alternative terms used simultaneously.


RÉSUMÉ

Les objectifs de ce fichier terminologique sont 1) fournir une série de fiches bilingues

dans le domaine de la cryptographie à clé publique; 2) guider les usagers dans le choix des

termes, en évitant l�usage de pseudo-synonymes, et en indiquant les variantes orthographiques et

syntaxiques sources de confusion, et 3) analyser les principales difficultés terminologiques de ce

champ.

Ce travail présente des aspects théoriques et pratiques. La partie théorique comprend les

critères d�évaluation de la documentation, les procédés d�identification et de sélection des

concepts et des termes, la création d�un arbre conceptuel en anglais et espagnol et la discussion

des plus importants problèmes terminologiques rencontrés pendant l�élaboration de ce travail. La

partie pratique traite de la préparation des fiches terminologiques anglais-espagnol qui

fournissent des renseignements descriptifs et offrent des suggestions sur l�usage des variantes.

Mes recherches me permettent de conclure que le champ de la cryptographie à clé

publique pose des défis considérables pour les terminologues et traducteurs anglais ou espagnols.

Parmi ces défis, on trouve l�évolution constante des notions et des termes et les différentes

situations de communication dans lesquelles ces termes sont utilisés. Par ailleurs, la création

arbitraire de variantes constitue également un obstacle pour la communication, étant donné

qu�elle peut mener à plusieurs termes alternatifs utilisés simultanément.

Carolina Herrera

SÍNTESIS

Los objetivos de este fichero terminológico son 1) elaborar una serie de fichas bilingües

en el campo de la criptografía de clave pública; 2) guiar a los usuarios en la elección de términos,

evitando el uso de pseudo-sinónimos, e indicar las variantes ortográficas y sintácticas que

pueden causar confusión, y 3) analizar las principales dificultades terminológicas de este campo.

Este trabajo presenta aspectos teóricos y prácticos de la investigación terminológica. La

parte teórica comprende los criterios de evaluación de la documentación, los procesos de

identificación y selección de conceptos y términos, la creación de un árbol conceptual en inglés y

español y la discusión de los más importantes problemas terminológicos que se presentaron

durante la elaboración de este trabajo. La parte práctica trata de la preparación de las fichas

terminológicas inglés-español, las cuales proporcionan información descriptiva y ofrecen

sugerencias sobre el uso de las variantes.

Mi investigación me permite concluir que el campo de la criptografía de clave pública

presenta desafíos considerables. Entre estos desafíos se encuentran la constante evolución de

conceptos y términos y las diferentes situaciones de comunicación en que se utilizan los términos.

Además, la existencia de términos concurrentes utilizados simultáneamente, constituye

igualmente un problema para terminólogos y traductores en inglés o español.


TABLE OF CONTENTS

INTRODUCTION ...................................................................................................................... i

Objectives............................................................................................................................ ii Fundamental Concepts......................................................................................................... ii Content ............................................................................................................................... iii

PART I .......................................................................................................................................4

CHAPTER ONE UNDERSTANDING PUBLIC KEY CRYPTOGRAPHY ...........................................................5

CHAPTER TWO DOCUMENTATION..................................................................................................................7

2.1 Hard Copy Documentation.............................................................................................7 2.2 On-line Documentation ..................................................................................................8 2.3 Specialists ....................................................................................................................10

CHAPTER THREE METHODOLOGY....................................................................................................................11

3.1 Understanding and Delimiting the Field of Public Key Cryptography...........................11 3.2 Term Identification and Selection.................................................................................12 3.3 Concept Diagram .........................................................................................................13 3.4 Record Preparation.......................................................................................................16

3.4.1 Presentation of the Term Records...........................................................................16

PART II ....................................................................................................................................19

CHAPTER FOUR PROBLEMS ENCOUNTERED................................................................................................20

4.1 Multidimensionality .....................................................................................................20 4.2 Definition Construction ................................................................................................21 4.3 Proliferation of New Lexical Entities............................................................................22 4.4 Use of Variants ............................................................................................................26

4.4.1 Use of True Synonyms...........................................................................................27 4.4.2 Use of Pseudo-Synonyms ......................................................................................27 4.4.3 Use of Syntactic Variants.......................................................................................30 4.4.4 Use of Spelling Variants ........................................................................................31

4.5 Proposal of the Term aceptación obligatoria as the Equivalent of nonrepudiation........32 PART III...................................................................................................................................35

CHAPTER FIVE ORGANIZATION OF THE TERM FILE .................................................................................36

5.1 Term Records Organization..........................................................................................36 TERMINOLOGY FILE ............................................................................................................37

Carolina Herrera 9

CONCLUSION.........................................................................................................................64

BIBLIOGRAPHY.....................................................................................................................65

1 Terminology....................................................................................................................65 1.1 Works Cited..............................................................................................................65 1.2 Reference Works.......................................................................................................65 1.3 Terminological Files .................................................................................................66

2 Public Key Cryptography ................................................................................................66 2.1 English Sources.........................................................................................................66 2.2 Spanish Sources ........................................................................................................69

APPENDIX I � INDEX OF ENGLISH TERMS .......................................................................72

APPENDIX II � INDEX OF SPANISH TERMS ......................................................................73

APPENDIX III � INDEX OF ENGLISH AND SPANISH TERMS ..........................................74


INTRODUCTION

The world is increasingly turning to the digital medium, and in particular to the Internet,

as a tool for carrying data. However, for sensitive information to be transmitted over the Internet,

a secure environment is essential. As more and more organizations, including private companies

and government, attempt to use electronic media whenever possible, the importance of

cryptography and other information security tools has increased. Cryptography was initially

developed as a means of disguising written messages. Today, however, its principles are applied

to the encryption of facsimile and television signals. More importantly, cryptography is pivotal

for securing data communications between computers and for authenticating such transmissions,

i.e. providing assurance to the authorized receiver that the message is not a forgery.

Different approaches to and applications of systems in this field have created

inconsistency in the use of concepts and terms. Moreover, as a result of new communication

technologies such as the Internet, concepts are constantly being introduced into Spanish-speaking

communities, often more quickly than equivalents can be developed.

This terminological file will address the problems encountered while producing records

for the fundamental English and Spanish terminology in the field of public key cryptography.

Carolina Herrera ii

Objectives

The objectives of this terminology file are as follows:

1- To produce records for the fundamental English and Spanish terminology in the subject

field of public key cryptography.

2- To guide the user in choosing terms and avoiding the use of pseudo-synonyms, and to

indicate spelling or syntactic variants that could create confusion.

3- To discuss a number of terminological difficulties in the field of public key

cryptography.

Fundamental Concepts1

The following concepts will occur frequently in this work:

True synonym: A term designating the same concept as another in the same language and which

can be used interchangeably with the other term in all contexts. Example: encryption,

encipherment.

Quasi-synonym: A term that designates the same concept as another, but which is not

interchangeable with the other term in all contexts as its use is limited to certain communication

situations. Also called partial synonym. Example: decryption and code-breaking.

Pseudo-synonym: A designation incorrectly used for a given concept as a result of

misunderstanding correct usage, confusion between a generic and a specific, etc. Example:

encryption instead of cryptography.

Spelling variant: A term whose spelling differs only slightly from that of another term

designating the same concept. Example: nonrepudiation and non repudiation.

1 H. Picht, Terminology: an Introduction, pp. 101-103.

Public Key Cryptography: A Commented Terminology File iii

Syntactic variant: A term whose syntactic form differs only slightly from that of another term

designating the same concept. Example: authentication of origin, origin authentication.

Content

The terminological file will be divided into three main parts. Part I consists of three

chapters. Chapter 1 is intended to provide the background information necessary for

understanding the field of public key cryptography, chapter 2 describes and comments on the

documentation used, and chapter 3 explains the terminological method followed. Part II

examines the main terminological challenges encountered in the terminological research and

presents the solutions adopted (chapter 4). Finally, Part III consists of the organization of the

term records and the terminological file itself (chapter 5).

Carolina Herrera

PART I


CHAPTER ONE

UNDERSTANDING PUBLIC KEY CRYPTOGRAPHY

Cryptology is the science concerned with communications in a secure and usually secret

form. The term cryptology is derived from the Greek kryptós, �hidden�, and logos, �word�. In

order to transmit information, the sender transforms the information into a cipher by using a key,

i.e. a piece of information known only to him. The cipher is inscrutable and often unforgeable to

anyone without this secret key, the authorized receiver can then either decrypt the cipher to

recover the hidden information or verify that it was sent by someone possessing the key.

Cryptology encompasses the study of cryptography and cryptanalysis. Cryptography

(from the Greek kryptós and gráphen, �to write�) is the study of the principles and techniques by

which information can be concealed in ciphers and later revealed by legitimate users employing

the secret key. Cryptanalysis (from the Greek kryptós and analýein, �to loosen� or �to untie�) is

the science of recovering information from ciphers without knowledge of the key.

In the practical use of cryptography, a problem that has been addressed in the last decades

is the communication of the key between the sender A and the receiver B. Using cryptography

has been compared with using a strongbox with a double-acting dead bolt on it2. Since A and B

are physically apart, in order to securely transmit sensitive information they must enclose the

data in the strongbox, which is locked and unlocked using the key. Encryption would be

analogous to locking the box and decryption to unlocking the box. Cryptography makes it

possible to electronically exchange documents securely between parties who do not even know

each other. It provides assurance that:

2 Encyclopaedia Britannica, �Cryptography.� [www.britannica.com]

Carolina Herrera 6

1) the parties are who they say they are, known also as authentication;

2) the messages exchanged between them have not been altered, known as data

integrity;

3) the parties cannot deny having sent them, known also as nonrepudiation; and,

4) no persons other than the parties could read them, known as confidentiality.

In a symmetric cryptosystem, encryption and decryption keys are either the same, or one

can be easily computed with information of the other. In an asymmetric cryptosystem, also called

a public key cryptosystem, there is also a pair of keys. The difference is that one of them�the

public key�is known to everyone taking part in the communications network, and the other�

the private key�is known only to the receiver of the message. It is virtually impossible to

recover the private key even if one knows the corresponding public key. Moreover, only the

public key can be used to encrypt messages on the communications network, and only the private

key can be used to decrypt them.

Another important element to understand in the field of public key cryptography is the

concept of a digital signature. This is analogous to a hand-written signature because a sender can

sign data, but any number of receivers can read the signature and verify its accuracy. Any digital

signature operation involves the use of a private key and a public key, therefore a public key

cryptosystem is required. The comprehensive system that provides public key encryption and

digital signature services is known as public key infrastructure, also called PKI.

After having understood the main concepts of public key cryptography, in the following

chapter I will explain the process of selection of documentation followed in this project.


CHAPTER TWO

DOCUMENTATION

As stated by Wayne D. Cole3, the first step in any terminological research project is to

become familiar with the subject field. In order to do this, I consulted official documents

(standards and recommendations), as well as terminological works. Encyclopaedias, technical

manuals, proceedings of conferences and specialized periodicals were also consulted.

At this stage I was able to select the documents, classify them and prepare an inventory

of sources. The criteria followed for this classification were the following4:

− language of origin of the documents and reputation of the author;

− nature of the text (specialized or educational, official or informal, encyclopaedia,

promotional material, etc.);

− organization of the information (presence of glossaries and indexes to concepts appearing in

the document); and,

− linguistic quality of the text.

2.1 Hard Copy Documentation

Documents containing information about cryptography range from technical and highly

specialized books and textbooks to brochures and promotional material. Since this work is

targeted to a generally educated public, I decided to avoid definitions and textual supports

3 W.D. Cole, Terminology: Principles and Methods, p. 79. 4 S. Pavel, Handbook of Terminology, p. 35.

Carolina Herrera 8

extracted from highly specialized journals and books. Encyclopaedias, specialized dictionaries

and introductory books were available at the Morisset Library (University of Ottawa).

The main sources of information were recommendations and standards on information

security. Although no standards exist for public key cryptography terminology specifically,

valuable information was found in technical specification standards for cryptographic systems5.

The Library of the Standards Council of Canada (SCC) provided valuable support.

Spanish material in printed form was hard to find locally. In Spanish speaking countries,

it is not easy to find books on public key cryptography originally written in this language.

Through the websites of two Spanish specialized magazines, namely Kriptópolis and

Criptonomicón, I obtained access to books and specialized magazines in PDF format. I also

consulted technical manuals published by the CERES project (Certificación Española - Spanish

Certification) led by the Fábrica Nacional de Moneda y Timbre (National Mint)6.

I found no books, bilingual glossaries or termbanks solely devoted to cryptography

terminology. This might be due, among other factors, to the ever-evolving technology on

information security. This situation becomes more marked in Spanish terminology, where the

lack of harmonization represented one of the main problems encountered while working on this

terminological collection. This point will be discussed further in chapter 3.

2.2 On-line Documentation

Undoubtedly, the WWW is a rich source of reliable documents written in both English

and Spanish. With the growth of e-commerce, public key cryptography and digital signatures are

5 Recommendations issued by ITU (International Telecommunications Union) and ISO Standards. 6 The CERES project is concerned with establishing a Public Certification Authority that will ensure and authenticate the confidentiality of communications through open communication networks between citizens, companies or other institutions and public administrations. [www.cert.fnmt.es]


being used in more and more countries. International organizations are also concerned about

information security, as a result, the production of legal documentation in this field has increased

noticeably and such texts could not be excluded from the corpora. Web pages and search engines

of international organizations such as the European Union (EU), the International Organization

for Standardization7 (ISO), and the International Telecommunications Union (ITU) were helpful

links to the main institutions working on these issues around the world.

Since the most representative documents in the field of cryptography in Spanish come

from Spain, the inventoried documentation is mainly from this country. Spain is the Spanish

speaking country that has been most active in information security research and standardization

of terminology use. However, it is worth mentioning that the geographical variation in the use of

Spanish terms was not considered to be relevant and thus was not a factor in selecting the

documentation. This problem will be addressed later in chapter 4. (See 4.3 Proliferation of New

Lexical Entities).

The ITU Telecommunication Standardization Sector develops Recommendations

(standards) for the various fields of international telecommunications. TERMITE 8 is the

terminology database of the ITU consisting of approximately 59,000 entries. It is maintained by

the Terminology, References and Computer Aids to Translation Section (Conference Department,

General Secretariat). TERMITE contains all the terms which appeared in ITU printed glossaries

since 1980, as well as more recent entries relating to the different activities of the Union.

TERMITE was the main English-Spanish database consulted for this work.

7 There is a seeming lack of correspondence between the official title in full, International Organization for Standardization, and the short form, ISO. The word "ISO" was derived from the Greek isos, meaning �equal�. The link between "equal" and "standard" inspired the adoption of "ISO" as the official abbreviation for the organization�s name. 8 [www.itu.in/search/wais/Termite] Accessed: July 31, 2001.

Carolina Herrera 10

2.3 Specialists

At the School of Information Technology and Engineering of the University of Ottawa, I

consulted Dr. Stan Matwin, Director of the Graduate Certificate in Electronic Commerce. His

valuable help has been an important element from the first stages of this project. He helped to

clarify how different viewpoints affect the conceptual system, a problem that will be addressed

later in section 4.1 Multidimensionality.


CHAPTER THREE

METHODOLOGY

The stages involved in this terminological collection were the following: determining the

objectives and scope of the research; accumulating and evaluating documentation; understanding

and delimiting the subject field; identifying and selecting the concepts; elaborating a conceptual

system, and entering the terms and the related textual supports on records9.

3.1 Understanding and Delimiting the Field of Public Key Cryptography

My first contact with the field of cryptography was in the context of a practicum carried

out in Peru, in the translation department of a company devoted to the development and

distribution of information security tools and solutions. During this practicum, I received training

from specialists on the concepts of this field.

Delimiting the domain required a great deal of research. One of the main obstacles

encountered at this stage was the multidimensionality of the domain. As defined by Lynne

Bowker in her M.A. thesis, multidimensionality is �a phenomenon that occurs when an object

can be classified according to more than one characteristic at the same level of a classification10.�

Multidimensionality complicates the delimitation of a domain, since the various subfields of the

domain will vary depending on what characteristics are used. Only after a closer study of the

compiled documentation, and with the assistance of specialists, was a specific sub-field for

research delimited.

9 H. Picht, Terminology: an Introduction, p. 164. 10 L. Bowker, Guidelines for Handling Multidimensionality, p. xvi.

Carolina Herrera 12

Within the field of cryptography, there are several sub-fields that may pose difficulties to

terminologists and translators. For instance, the different types of attacks that can be made on a

cryptographic system can be classified into several aspects: the technique applied, the attacked

party, the results obtained by the attacker, etc. Due to time constraints, this sub-field will not be

covered in this project; however, it may be considered for further research.

The main factor that made us decide to focus on the sub-field of public key cryptography

was its challenging content of terminological synonymy, together with the relevance that public

key cryptography is acquiring in the international context. Unlike symmetric cryptography,

which has been employed for hundreds of years, public key cryptography is a relatively recent

development, having received serious consideration since about the mid-1970s. Due to the on-

going development of new applications that make public key cryptography possible, there is a

continuous need for new terms to designate new concepts.

3.2 Term Identification and Selection

Terms were first identified using the term-extraction tool TermBase11, which produces a

base list of terms with high frequency of use and relatively fixed contextual surroundings. These

base lists were compared to some specialized glossaries in both languages in order to: 1)

eliminate the noise (pseudo-terminological units, or terms belonging to other fields); and 2)

insert missing concepts12.

The criteria for the selection of terms for the present collection were as follows: the

relevance of terms to the domain being covered by this research, the terminological difficulty

11 Developed by MultiCorpora Translation Tools. 12 S. Pavel, Handbook of Terminology, p. 45.


posed by the term, the frequency with which the terms appeared, and the existence and quality of

definitions and contextual definitions available for the terms.

3.3 Concept Diagram

Picht and Draskau 13 highlight the importance of systems of concepts and their

representation: �the concept may not be viewed as an isolated unit in terminology.� In

multilingual terminology records, it is important to establish relationships between semantic

features of the concepts in each language14. Hence, the concept system helped to establish the

conceptual match when drafting the definitions for the records. At this stage, collaboration with

specialists was particularly important in order to achieve a consistent system of concepts.

Since the term records are organized by concept to form concept clusters, I decided to

include the concept diagrams in English and Spanish in order to facilitate the use of the term

records in both languages. The concept diagrams are shown below.

13 H. Picht, Terminology: an Introduction, p. 62. 14 S. Pavel. Handbook of Terminology, p. 18.

Carolina Herrera 14

TREE DIAGRAM OF CONCEPTS

Public Key Cryptography

digital signature

public key algorithm

key

private key

public key

certificate

key management key distribution

key storage element

certification authority

sender

receiver

eavesdropperparticipant

messageplaintext

ciphertext

public key

cryptosystem

public key infrastructure

process

encryption

decryption

authenticationconfidentiality nonrepudiation

data integrity

requirement

key generation

session key

attribute certificate

trusted third party

entity authentication

data origin authentication

certification authority certificate

encryption key

decryption key

By user

By function

Legend

Subfield Solid arrow Generic-specific relation, arrow

points to the generic concept Italics Terms included in the collection


ÁRBOL DE CONCEPTOS

Criptografía de Clave Pública

firma digital

algoritmo de clave pública

clave

clave privada

clave pública

certificado

gestión de claves distribución de claves

almacenamiento de claves

elemento

autoridad de certificación

emisor

receptor

fisgón participante

mensaje texto en claro

texto cifrado

criptosistemade clave pública

infraestructura de clave pública

proceso

cifrado

descifrado

autenticaciónconfidenciaildad no repudio

integridad de datos

requisito

generación de claves

clave desesión

Leyenda

Subcampo Flecha sólida Relación Genérico-específico,

la flecha indica el concepto genérico

Itálicas Términos incluidos en la colección

certificado de atributos

tercera parte fiable

autenticación de entidad

autenticación del origen de los datos

certificado de autoridad de certificación

clave de cifrado

clave de descifrado

Por usuario

Por función

Carolina Herrera 16

Deciding on the classifying criteria governing the ordering of the system was a difficult

step. Again, multidimensionality was an obstacle that made it difficult to determine the type of

relations between the various concepts. Certain concepts seemed to share the same genus and

some characteristics differentiating them were identified. In other cases, some associative

relations (action-tool, cause-effect, etc.) were easy to determine. The concept of public key

cryptography is explained as a process using certain devices to achieve specific requirements;

hence, I classified concepts according to the function they play in this process. (See 4.1

Multidimensionality).

3.4 Record Preparation

3.4.1 Presentation of the Term Records

When designing the term records, I decided to follow the model used by the Terminology

and Standardization Directorate for their terminological data bank TERMIUM®. As in

TERMIUM®, each term record covers only one concept. The description of the elements to be

found on most of the term records is as follows:

1. Field: primary subject field

2. Sub-field: field of application

3. Language identifier

4. Main entry, sources and usage parameters (see list below). The main entry is the preferred

term, expression or official title, which is entered first among the entries of the language

module.


5. Abbreviation of the main entry, sources and usage parameters.

6. Secondary entry, sources and usage parameters. Secondary entry terms are terms, expressions

or official titles that are different from the main entry but that designate the same concept or

entity. When the secondary entries are all equally popular, as may be the case with some

spelling and syntactic variants, they are listed in alphabetical order. In those cases where

there are differences in usage (frequency, level of language, etc.), these are indicated using

the parameters (labels).

7. Abbreviation of secondary entries, sources and usage parameters.

8. Textual support identifier, textual support and sources. The main types of textual support are

the definition (identifier DEF), explanatory context (identifier CONT), usage example

(identifier EX), supplementary terminological, and administrative or technical information

(identifier OBS).

9. Sources: In the case of sources I decided to provide the user with information about the

sources directly on each record, instead of in a separate document. For many of the terms, a

ready-made definition did not exist. Therefore, the definitions on the records consist mainly

of modified contexts, translations or original creations. In these cases the source indicated is

the author of this terminological collection (�Carolina Herrera�). For some terms, where one

or more sources were used in the definitions, the sources are indicated as *a, b, meaning that

the definition comes from two sources represented by those codes. When a definition has

been modified from the original source, this is indicated by *a (modified).

Carolina Herrera 18

Parameters: I will apply TERMIUM®�s classification of labels.

Category English Label Code Spanish Label Code

Avoid AVOID Evitar EVITAR Acceptability

rating Correct CORRECT Correcto CORRECTO

Proposed PROPOSED Propuesto PROPUESTO

Reference See record SEE RECORD Ver ficha VER FICHA

Femenino FEM Gender

Masculino MASC

Frequency Less common LESS COMMON Menos frecuente MENOS FRECUENTE

Official status15 Standardized STANDARDIZED Normalizado NORMALIZADO

Officially

approved

OFFICIALLY

APPROVED Uniformizado UNIFORMIZADO

15 In the present collection of terms, standardized terms were extracted from ISO standards and ITU Recommendations. The labels of �STANDARDIZED� and �NORMALIZADO� were assigned in these cases. When a term was found in documents such as government white papers, I labelled it as �OFFICIALLY APPROVED� or �UNIFORMIZADO�, meaning that it is included in terminology works produced by a working group or committee, though not for standardization purposes. In order to be consistent with usage in the terminological data bank TERMIUM®, I used the Spanish label �UNIFORMIZADO�. However, I do not completely agree with it and I consider that the label �ADOPTADO� would be more appropriate.


PART II

Carolina Herrera

CHAPTER FOUR

PROBLEMS ENCOUNTERED

As with any work in terminology, problems arose at various stages of the project. The

main problems are outlined below in the order in which they were encountered:

− Multidimensionality

− Definition Construction

− Proliferation of New Lexical Entities

− Use of variants

− Proposal of the term aceptación obligatoria as the equivalent of nonrepudiation

4.1 Multidimensionality

In her M.A. thesis, Lynne Bowker16 defines multidimensionality as �the phenomenon that

occurs when an object can be classified according to more than one characteristic at the same

level of a classification.� She gives the example of a VEHICLE that can be classified into LAND

VEHICLE, AIR VEHICLE, and WATER VEHICLE (according to the characteristic place of

transportation), or into MOTORIZED VEHICLE and NON-MOTORIZED VEHICLE

(according to the characteristic type of propulsion). According to Bowker, there are several

causes of multidimensionality: viewpoint, opinion, scientific theory, purpose, changing

organization of the reality and of the subject field describing it, and language and culture. The

cause of multidimensionality in this study is viewpoint.

16 L. Bowker, Guidelines for Handling Multidimensionality, p. xvi.


As I explained in chapter 3, establishing the concept diagram was a challenge since

multidimensionality made it difficult to determine how the domain should be organized. Public

key cryptography can be classified according to: 1) hardware and software elements, as well as

cryptographic and interface technologies (from a technological viewpoint); 2) entities and

institutions whose function is to operate within an infrastructure (from a business viewpoint); 3)

requirements that must be fulfilled in order to balance risks and liabilities among entities (from a

legal viewpoint)17. Many viewpoints were considered before deciding on the one underlying the

concept diagram presented here. Since this term file is addressed to non-specialist readers, I

decided to explain the concept of public key cryptography from a user�s viewpoint, as a process

with participants (e.g. sender, Certification Authority, etc.) using certain devices (e.g. digital

signature, certificate, etc.) to achieve specific requirements.

4.2 Definition Construction

Once I had completed the research phase, I evaluated the different types of definitions

retrieved. This stage was also not without its problems. One of the main difficulties in selecting

the English and Spanish definitions for the records was the question of how to delimit the scope

of definitions, i.e. how technical the language used in the definition should be. The

documentation contained different types of definitions, as we can see in the following examples:

encryption: An encryption scheme consists of the sets of encryption and decryption transformations {Ee : e ∈ K} and {Dd : d ∈ K}, respectively. The encryption method is said to be a public-key encryption scheme if for each associated encryption/decryption pair (e,d), one key e (the public key) is made publicly available, while the other d (the private key) is kept secret18.

17 Usertrust Network, What is PKI. [http://www.usertrust.com/pki/perspective_legal.asp] Accessed: July14, 2001. 18 A. Menezes et. al, Handbook of Applied Cryptography, p. 25.

Carolina Herrera 22

encryption: Process of transformation of data by a cryptographic algorithm to produce ciphertext, in order to hide the information content of the data19. The first definition for encryption was difficult to understand since it included formulas

and variables, a feature that is characteristic of definitions in this field. The second definition was

less technical, and it included information that was more useful from a terminologist�s viewpoint.

Therefore, the question of how much and what kind of information to include had to be solved.

Definitions including formulas and diagrams were not useful since the target readers of this work

are non-specialists. The decision-making process was based on the type of definitions found in

the English ISO standards and ITU Recommendations consulted. Most of the concepts in these

documents are defined in such a way as to provide only the essential characteristics to single out

the intension and to delineate the extension by reference to other terms in the field.

4.3 Proliferation of New Lexical Entities

When working on the term encryption, I found that many variants of this term and its

Spanish equivalent were currently in use. The most commonly found were encipherment,

enciphering, ciphering, and data encryption. As for the Spanish equivalents for encryption, the

terms being used are cifrado, encriptación, encripción, and criptación. In the term records, I

decided to use textual supports�observations�in order to prevent confusion and to guide the

user in the choice of terms. One difficulty I had in doing so was the discussion of whether the

Spanish term encriptación was an anglicized word and if it should be labeled as such.

19 ISO 7498-2:1989.


According to Sager20, neologisms in science and technology result from the need to name

new concepts. He makes a distinction between terminology creation which accompanies

scientific and technological innovation in any one linguistic community, and that which

accompanies the transfer of knowledge from one linguistic community to another. Therefore,

based on this explanation of terminology creation, I made the following brief analysis.

Encipher vs. Encrypt: The modern English term cryptography can be traced back to the

seventeenth century new Latin word cryptographia to designate the study of the principles and

techniques by which information can be concealed in ciphers. Since cryptography is the art of

concealing data in ciphers, then the action of converting (a message) into cipher was given the

name encipher.

It was not until after World War II that cryptography literature began to appear in the

mainstream as this science started to gain more importance in non-military applications.

Electronics made possible the practical realization of far more complex cryptographic functions

than had previously been feasible. Hence, as is common in the technical and scientific languages,

a series of new concepts and terms became part of the field. Simultaneously, some other

concepts changed in both form and meaning because of changes in principles, methods of

application, viewpoints, etc.

An example is the term encrypt, which is formed by the prefix en-, meaning �to put into

or onto�; and the root crypt (from the Greek kryptos) meaning �hidden�. This term started to be

increasingly used and it replaced the �old� term encipher, for no apparent reason other than to

keep a closer link to the word cryptography, �the science that studies the processes of encryption

20 J. Sager, Terminology Processing, p. 79.

Carolina Herrera 24

and decryption of data. 21 � The same phenomenon occurred with the term decrypt, which

replaced decipher.

Cifrar vs. Encriptar: New scientific and technical terms created in one linguistic community

spread quickly to the international scientific community by means of conferences, articles in

journals, and the WWW. Sager identifies several methods of secondary interlingual term

formation�e.g. direct borrowing, loan translation, paraphrase, parallel formation, adaptation,

and complete new creation�which may be used simultaneously or sequentially22. The main

problem encountered in the Spanish terminology was the existence of different forms and

degrees of adaptation of Spanish terms.

Cryptography is a science that has been developed mainly in English-speaking countries.

As it became an important element for international communication, scientists from other

linguistic communities were affected by an onslaught of English terms that influenced the

creation of Spanish terminology. Cryptography terminology in Spanish has a high number of

anglicized terms such as encriptar (to encrypt), desencriptar (to decrypt), no repudio

(nonrepudiation), and tercera parte confiable (trusted third party).

Nowadays, Spanish-speaking countries are trying to re-perform the term formation

process and some actions are being carried out not only by academies of the language but also by

scientists and specialists, as we can see in the following quotations:

En muchos libros sobre Criptografía aparecen términos como encriptar y desencriptar, adoptados con toda probabilidad del verbo anglosajón encrypt. El lector podrá comprobar que este tipo de expresiones ha sido evitado en el presente texto, debido a la existencia de palabras perfectamente válidas que pertenecen al idioma castellano, como son cifrar y descifrar, y codificar y decodificar (o descodificar). La opinión del autor es que sólo

21 Communications Security Establishment. Government of Canada PKI � White Paper. [http://www.cse-cst.gc.ca/cse/english/gov.html] Accessed: July 14, 2001. 22 J. Sager, Terminology Processing, p. 79.


deben emplearse términos foráneos cuando nuestro riquísimo idioma carezca de expresiones adecuadas para expresar las ideas en cuestión23. Si en el momento en que nace el nuevo concepto o cuando éste se introduce en nuestra comunidad científica acompañado de la denominación original (habitualmente, por qué no decirlo, inglesa) se crea una alternativa autóctona, que se asocie ya desde un principio al concepto, ésta podrá luchar de igual a igual con el préstamo, que quizás ya no llegará a ser tal. De esta manera se hace posible que la fuente del neologismo sea una institución especializada que, como hemos dicho, goza de más confianza entre los técnicos que los organismos lingüísticos de normalización24. The debate is about the extent to which English should be present in Spanish terminology,

and most of the time it provides an opportunity for several alternative and competing terms to be

used simultaneously. Take the Spanish synonyms cifrar (to encipher) and encriptar (to encrypt).

The argument about these terms in Spanish is that there is no need to use English-based terms

such as encriptar (and its antonym desencriptar) when there are two perfectly accepted Spanish

terms (cifrar/descifrar) to designate those concepts. This is a phenomenon in which terms

developed opposite directions in two languages. In English the term encipher evolved into the

term encrypt, a neologism that was accepted possibly because it better reflects the characteristics

of the concept it designates. In Spanish, on the other hand, the term developed with the importing

of the term encriptar, which is increasingly being replaced by the term cifrar.

The arbitrary creation of variants is a serious obstacle to communication as it opens the

doors to several alternative or competing terms, and it may be several years before Spanish

terminology stabilizes. To judge from an analysis of the frequency of occurrence of the Spanish

term encriptar (and its derived terms), we can theorize that in some years it may become

obsolete and will consequently disappear.

23 M. Lucena, Criptografía y Seguridad en Computadores, p. 25. 24 J. Bover, Proceedings of the Conference on Co-operation in the field of terminology. [http://www.eaft-aet.net] Accessed: August 3, 2001.

Carolina Herrera 26

4.4 Use of Variants

In their study of terminological variants, Daille et al.25 state that even though terms are

supposed to be labels for precise concepts within a sublanguage, they are prone to variation.

They add that the conception of terms as fixed sequences is obviously idealised. As I explained

in the introduction, there are different types of variants, e.g. true synonyms, pseudo-synonyms,

syntactic variants, etc., since terms are subject to different kinds of changes. After a brief

analysis of terms in different text types, I reached the conclusion that the variation of terms is

motivated by the text type and communicative situation in which they are used.

Sager26 affirms that at the first stage of terminology creation, the scientific community

that deals with the creation of new concepts is relatively small and educationally homogeneous.

Problems occur when the scientific community addresses other groups. This communicative

situation requires an intermediate language between scientific and general.

In Sager�s view, relatively little serious research exists into these complex processes. The

main reason is that subject specialists who are capable of distinguishing between variants are not

usually interested in, or linguistically trained to undertake, this work; linguists, on the other hand,

rarely have the detailed subject knowledge to produce reliable evidence for determining the

regularities underlying these processes of term variation.

The questions surrounding this topic are some of the reasons cryptography terminology is

being researched and documented here. Nevertheless, due to time constraints, the present

terminology work will not make a deep analysis of the use of variants and other alternative forms

in different communicative situations. This subject may be considered for further research.

25 B. Daille, �Empirical Observation of Term Variations and Principles for their Description�, Terminology Journal 3 (2), p. 198. 26 J. Sager, Terminology Processing, p. 81.


Since the initial list of terms revealing the existence and use of variants was too large for

the practical constraints of the term file, the most representative examples had to be chosen so as

to give an overview of the situation.

4.4.1 Use of True Synonyms

As defined in the Introduction, a true synonym designates the same concept as another

term in the same language. Some examples of true synonyms in English are the pairs:

! encryption / encipherment

! decryption / decipherment

! public key cryptography / asymmetric cryptography

! key storage / key backup

Since all these terms are currently circulating in cryptography documents, I have used

labels to justify the preference for a specific term (or terms). These labels were assigned

according to the official status of the term, the acceptability rating, and the frequency of

occurrence. (See 3.4.1 Presentation of the Term Records).

4.4.2 Use of Pseudo-Synonyms

As we have seen, pseudo-synonymy occurs when a given concept is incorrectly used as a

result of confusion between a generic and a specific, the whole and a part, the cause and the

effect, etc. (See Introduction, Fundamental Concepts). The following are examples of terms used

as contextual variants:

Carolina Herrera 28

! public key cryptography / public key encryption: The terminological data bank

TERMIUM® labels these entry terms as CORRECT, which means that they can be used

as true synonyms.

True synonyms are variants which have the exact same meaning and can be used in

exactly the same context. The terms public key cryptography and public key encryption are,

however, not absolute synonyms but pseudo-synonyms, as I explain in the term record:

OBS The notion of cryptography includes a set of principles, means and methods for the transformation of data. Since �encryption� is a cryptographic method, the terms �public key encryption�, �asymmetric encryption� and their syntactic variants are not true synonyms of �public key cryptography�27.

Again in these cases the appropriate labels have been used in the term record to guide the

user in the choice of the preferred term and the possible variants.

27 ISO standard 7498-2:1989.


! private key / secret key: The same problem arose with these terms as TERMIUM®

presents them as synonyms:

This is another case of pseudo-synonymy and it may be the result of an incorrectly used

designation. Again, an observation was included in the term record to clarify the use of these

terms:

OBS In symmetric algorithms, there is only one key known as the �secret key�, which is used for encryption and decryption purposes. In public key algorithms there are two keys: the decryption (private) key and the encryption (public) key28. The key that is not publicly revealed is generally referred to as a private key, rather than a secret key. This avoids confusion with the secret key of a symmetric cryptographic algorithm and derives from the idea that two people may share a secret, but a single person keeps something private29.

28 Government of Canada: Community Access Program. Community Resources. [http://cap.ic.gc.ca/english/8883.shtml] Accessed: July 30, 2001. 29 L. Adams, Understanding Public-Key Infrastructure, p. 56.

Carolina Herrera 30

Since this term file is addressed to the non-specialist community, I decided to include the

cases of pseudo-synonymy as they occurred in the documentation analyzed, with the objective of

guiding users in the correct choice of variants.

4.4.3 Use of Syntactic Variants

As explained in the Introduction, a syntactic variant is a term whose structure differs only

slightly from that of another term designating the same concept. The following are examples of

syntactic variants:

! Change in the order of words:

data origin authentication / authentication of data origin

entity authentication / authentication of entity

! Abbreviation of compound terms: A variant can also be the result of an abbreviation

process. It is then at times difficult to differentiate between a broader term used

synonymously for a narrower term and a shortened form of the narrower term. In a study of

this phenomenon, C.F.W. Hope30 shows several patterns followed in compound contraction.

Frequently the preferred mode of abbreviation in compound terms is that of omitting one

element, as we may see in the following examples:

data encryption → encryption

user certificate → certificate

digital certificate → certificate

30 J. Sager, Terminology Processing, p. 213. Quoting C.F.W. Hope, Synonymy and Abbreviation in Special-Language Compound Terms. MSc. Thesis, University of Manchester, 1984.


cryptographic algorithm → algorithm

public key cryptographic system → public key cryptosystem

public key cryptographic algorithm → public key cryptoalgorithm

As Hope states, contextual abbreviation or reduction is pragmatically conditioned.

Certain text types do not permit variation in designation, whereas in others it can be used with a

certain degree of freedom.

4.4.4 Use of Spelling Variants

A term whose spelling differs only slightly from that of another term is considered to be a

spelling variant. (See Introduction, Fundamental Concepts). Take the terms31:

! criptografía de clave pública / criptografía de claves públicas

! encriptación / encripción / criptación

! desencriptación / decripción

! autenticación / autentificación

! tercera parte confiable / tercera parte fiable

Sager 32 states that observation of usage permits the division and categorization of

linguistic variants of terms by text types. His statement was confirmed when I observed that the

longest and most transparent terms occurred in introductory textbooks and encyclopedias,

whereas the greatest proportion of complex and abbreviated terms occurred in highly specialized

texts. These observations are based on a brief analysis of the documentation gathered for this

31 Although much of the discussion and most examples in this section focus on the Spanish terms, the terminological problem and phenomena hold equally true for some English terms. 32 J. Sager, Terminology Processing, p. 213.

Carolina Herrera 32

term file, however, due to time and space constraints, the research into these complex processes

was not undertaken.

4.5 Proposal of the Term aceptación obligatoria as the Equivalent of nonrepudiation

As I have previously explained, new scientific and technical terms created in one

linguistic community spread quickly to the international scientific community. Sager33states that

scientific communities which import scientific and technological knowledge tend to prefer the

use of internationalisms as they facilitate communication by the unambiguous reference to

identical concepts in similar conceptual systems.

Spanish cryptography terminology has a high frequency of borrowings, loan translations

and adaptations. To illustrate this, I will analyze the Spanish equivalent of the term

nonrepudiation. Since the International Telecommunication Union (ITU)34 has recognized and

standardized the term no repudio, I was obliged to keep it in the term record. However, I was not

completely satisfied with it, nor did I agree with the commonly used term no rechazo.

The terms no repudio and no rechazo are literal translations of the term nonrepudiation.

In my opinion, these loan translations do not follow the general rules of Spanish word formation.

Sager provides a list of some criteria and rules for the formation of new vocabulary35. Two of

these criteria are:

! The term must conform to the general rules of word-formation of the language which will also dictate the word order in compounds and phrases.

! Terms should be capable of providing derivatives.

33 J. Sager, Terminology Processing, p. 86. 34 UIT-T, Rec. H.235 (1998). 35 J. Sager, Terminology Processing, p. 89.


M.T. Cabré36 defines three types of resources for term-formation: formal, functional and

semantic. Formal resources include the process of syntagmatic determination:

La sintagmación, como recurso formal de obtención de unidades léxicas, se basa en la formación de una nueva unidad a partir de una combinación sintáctica jerarquizada de palabras. Las nuevas unidades obtenidas respetan las reglas combinatorias del sistema lingüístico al que pertenecen, e incluyen muy frecuentemente conectores gramaticales.

The ease with which new terms can be created in English poses a problem when trying to

create the same effect in Spanish, which is sometimes less flexible. In order to propose a Spanish

equivalent for the English term nonrepudiation I analyzed it as follows:

While the nominal phrase no rechazo conveys the idea of �impossibility of refusing to

accept something�, it does not necessarily express the concept clearly, nor is it capable of

providing natural derivatives in Spanish, as we can see in the following contexts:

No rechazo: implica la autenticación y la integridad; hace referencia tanto al no rechazo en origen como al no rechazo en destino37. La arquitectura de seguridad de informaciones del SISME será proyectada y puesta en marcha con la utilización de recursos que puedan garantizar el control de acceso a las bases de datos, el no rechazo a los legítimos usuarios, el secreto y la integridad de las informaciones en los Sistemas...38

36 M.T. Cabré, Terminología, p. 188. 37 M.P. Pereira, Hacia la Seguridad en el Comercio Electrónico. [http://publicaciones.derecho.org] Accessed: July 14, 2001. 38 Gobierno de Uruguay, Complementación de la Definición y Configuración del Sistema. [http://www.mrree.gub.uy/Mercosur] Accessed: July 14, 2001.

[non] [to repudiate]

negative to refuse to accept something

(negative meaning)

Carolina Herrera 34

En el caso de no repudio de origen, el remitente del mensaje no puede negar haberlo enviado. En el caso de no repudio de destino, el destinatario del mensaje no puede negar haberlo recibido39.

After an analysis of the contexts where the term usually occurs and of the need of

derivatives of the term, I looked for a term in Spanish that, without sacrificing precision, could

be lexically systematic. The Real Academia Española (RAE) definition of aceptar (to accept) is

as follows: recibir alguien voluntariamente lo que se le da, ofrece o encarga. Although aceptar

is an antonym of rechazar (to repudiate), it does not convey the emphasis of the negative

elements present in the English term, and it leaves an element of choice. Therefore, I decided to

add the determining modifier obligatoria defined by the RAE as follows: dícese de lo que obliga

a su cumplimiento y ejecución. Following the grammatical possibilities of closer determination

explained by Sager, the term that I propose is aceptación obligatoria.

39 Consumo2000, Curso Básico de Comercio Electrónico para Consumidores y Usuarios. [http://www.consumo2000.org/texto.htm] Accessed: July 14, 2001.


PART III

Carolina Herrera

CHAPTER FIVE

ORGANIZATION OF THE TERM FILE

5.1 Term Records Organization

The term records are organized by concept to form concept clusters (See 3.3 Concept

Diagram). There are four major groupings under the heading of public key cryptography:

Process, Requirement, Element, and Participant. The main grouping, Element, breaks down as

follows: public key infrastructure and public key cryptosystem. The elements belonging to these

groupings should not be seen as strict boundaries between concept clusters because, as explained

in 4.1 Multidimensionality, the sub-fields of public key cryptography tend to overlap. For

example the term encryption key could be considered within the Process group, under the term

encryption, because an encryption key is a type of key used in the transformation of data, and its

function is based on the encryption process. However, for the sake of convenience, and as I

approached the field from a user�s viewpoint, terms like this are included within only one

concept cluster. In this case, encryption key can be found within the Key sub-group because it is

used as an element together with an algorithm, a certificate, etc.

In this term file, there are a total of 26 term records (i.e. 26 concepts), comprising 142 terms,

72 English and 70 Spanish.


TERMINOLOGY FILE

Carolina Herrera 38 Field: Public key cryptography Campo: Criptografía de claves públicas EN ES public key cryptography *a, b, c, d CORRECT, STANDARDIZED PKC *g, h AVOID, SEE RECORD public-key cryptography *e, f CORRECT asymmetric cryptography *e, f CORRECT two-key cryptography *f CORRECT, LESS COMMON

criptografía de claves públicas *a, b, CORRECTO, NORMALIZADO, FEM criptografía de clave pública *c, d, e, f CORRECTO, FEM criptografía de clave asimétrica *c, CORRECTO, FEM criptografía asimétrica *d, g CORRECTO, FEM

DEF Cryptography that uses two mathematically related keys for each communicating party: a public key that is disclosed to the public, and a corresponding private key that is kept secret. *a

DEF Criptografía que emplea dos claves diferentes relacionadas matemáticamente: una clave pública que se pone a disposición de las entidades en comunicación, y su correspondiente clave privada que se mantiene en secreto. *d, h OBS Public key cryptography: term standardized by ISO

and the ITU. *a

OBS Criptografía de claves públicas: término normalizado por la UIT. *a

OBS The notion of cryptography includes a set of principles, means and methods for the transformation of data. Since �encryption� is a cryptographic method, the terms �public key encryption�, �asymmetric encryption� and their syntactic variants are not true synonyms of �public key cryptography�. *b, i

OBS La noción de criptografía implica un conjunto de principios, medios y métodos para la transformación de información. El �cifrado� es un método criptográfico, por lo tanto los términos �cifrado de clave pública�, �cifrado asimétrico� y sus variantes sintácticas no son sinónimos absolutos de �criptografía de clave pública�. *h

OBS The abbreviation PKC has not been standardized and it is not commonly used. *g, h Sources a* ITU-T, Rec. X.509 (1988). b* ISO 7498-2:1989. c* OECD. Cryptography Policy. d* Industry Canada. Electronic Commerce in Canada. e* NIST. Security in Open Systems. f* Encyclopaedia Britannica. g* International Association for Cryptologic Research. Lecture Notes in Computer Science, vol. 0304. h* World Wide Web Consortium. Digital Qualification. i* Carolina Herrera.

Fuentes a* UIT-T, Rec. X.509 (1988). b* Microsoft TechNet. Introducción a la Infraestructura de Claves Públicas. c* Autoridad Pública de Certificación Española. d* CEMLA. Glosario de Sistema de Pagos. e* Casacuberta, D. Diccionario de Ciberderechos. f* Álvarez, G. PKI o los Cimientos de una Criptografía de Clave Pública. g* Lucena, M. Fisgones. h* Carolina Herrera.

Public Key Cryptography: A Commented Terminology File 39 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Process Subcampo: Proceso EN ES encryption *a, b, c, d, e CORRECT, STANDARDIZED encipherment *a, b, d CORRECT, STANDARDIZED enciphering *a, f, i CORRECT, STANDARDIZED ciphering *g CORRECT data encryption *h CORRECT

cifrado *a, b, c, d CORRECTO, NORMALIZADO, MASC encriptación *e, f CORRECTO, FEM, VER FICHA encripción *g CORRECTO, NORMALIZADO, FEM criptación *a CORRECTO, NORMALIZADO, FEM codificación *h EVITAR, FEM, VER FICHA codificación de datos *i EVITAR, FEM, VER FICHA

DEF Process of transformation of data by a cryptographic algorithm to produce ciphertext, in order to hide the information content of the data. *a

DEF Proceso utilizado para transformar un texto en claro en un texto cifrado por medio de un algoritmo matemático de manera que los datos originales sean ininteligibles para entidades no autorizadas. *c

CONT Computers encrypt data by applying an algorithm to a block of data. A personal encryption key, known only to the transmitter of the message and its intended receiver, is used to control the encryption of the data, thus yielding unique ciphertext that can be decrypted only by using the key. *b

CONT El proceso de cifrado utiliza un algoritmo secreto o un algoritmo público que a su vez utiliza una clave de cifrado, conocida sólo por las personas autorizadas. Esta clave debe ser imprescindible para el cifrado y descifrado. *c OBS Actualmente se observa una tendencia a evitar el término �encriptación� por considerarse un anglicismo innecesario. Sin embargo, su uso es bastante frecuente en el campo de la criptografía. *c OBS Cifrado; criptación; encripción: términos normalizados por la UIT. *a OBS Los términos �codificación� y �codificación de datos� tienen significados específicos en el campo de las telecomunicaciones y no deben usarse como sinónimos absolutos de �cifrado�. El cifrado utiliza un algoritmo, mientras que la codificación (o la codificación de datos) se basa en un diccionario de códigos. *i Fuentes a* UIT-T, Rec. X.841 (2000). b* Autoridad Pública de Certificación Española. c* Álvarez, G. Correo Seguro. d* Casacuberta, D. Diccionario de Ciberderechos. e* CEMLA. Glosario de Sistema de Pagos. f* Pons, M. Criptología. g* Mendivil, I. El ABC de los Documentos Electrónicos Seguros. h* Carlos, B. Criptografía, Maple y RSA. i* UIT-T Rec. V.75 (1996). j* Lucena, M. Criptografía.

OBS encryption; encipherment; enciphering: terms and definition standardized by ISO. Sources a* ISO 7498-2:1989. b* Encyclopaedia Britannica. c* Scientific American. Confidentially yours. d* NIST. Security in Open Systems. e* The International PGP Home Page. How PGP works. f* W. Stallings. Cryptography and Network Security. g* International Association for Cryptologic Research. Lecture Notes in Computer Science, vol. 0304. h* Information Society Technologies. Guide to Information Security. i* ITU-T, Rec. X.841 (2000).

Carolina Herrera 40 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Process Subcampo: Proceso EN ES decryption *a, b, c, d CORRECT, STANDARDIZED decipherment *a, e, f CORRECT, STANDARDIZED deciphering *a CORRECT, STANDARDIZED decrypting *g AVOID, SEE RECORD decoding *b AVOID, SEE RECORD

descifrado *a, b, c, d CORRECTO, NORMALIZADO, MASC desencriptación *e, f CORRECTO, FEM, VER FICHA descriptación *b EVITAR, FEM , VER FICHA decripción *a CORRECTO, NORMALIZADO, FEM

DEF Process of converting enciphered text to the equivalent plain text by means of a cryptographic system. *a OBS The definition of this term does not apply to the field of cryptanalysis. The cryptanalytic process of decryption (also called code breaking) consists in converting encrypted messages to plain text without initial knowledge of the algorithm and/or key employed in the encryption. It does not include solution by cryptanalysis. *b OBS Decryption; decipherment, deciphering: terms standardized by ISO. OBS The use of the term �decoding� as a noun applies to the field of information theory and not to cryptography. *e OBS The use of the term �decrypting� as a noun is not common and should be avoided. *h

Sources a* ISO/IEC 11770-1:1996. b* American National Standard. Telecom Glossary 2000. c* Scientific American. Confidentially Yours. d* The International PGP Home Page. How PGP works. e* Encyclopaedia Britannica. f* NIST. Security in Open Systems. g* Oracle Technology Network. Public Key Infrastructure. h* Carolina Herrera.

DEF Proceso que obtiene un texto original a partir de un texto cifrado por medio de un sistema criptográfico. *b OBS El criptoanálisis es la ciencia que investiga técnicas y métodos para romper (o criptoanalizar) los algoritmos de cifrado creados por la criptografía. El término �descriptar� es el proceso realizado por el criptoanalista, quien cuando tiene éxito es capaz de leer un mensaje cifrado sin conocer la clave. La persona que conoce la clave de cifrado �descifra� los mensajes, mientras que el criptoanalista, que no conoce la clave, los descripta. *b OBS Actualmente se observa una tendencia a evitar el término �desencriptación� por considerarse un anglicismo innecesario. Sin embargo, su uso es bastante frecuente en el campo de la criptografía. *b OBS Descifrado: término normalizado por la UIT. *a Fuentes a* UIT Rec.X.32 (1996). b* Álvarez, G. Correo Seguro. c * Casacuberta, D. Diccionario de Ciberderechos. d* OMPI. Tecnología de los Sistemas Digitales. e* Autoridad Pública de Certificación Española. f* CEMLA. Glosario de Sistema de Pagos.

Public Key Cryptography: A Commented Terminology File 41 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Requirement Subcampo: Requisito EN ES authentication *a, b, c CORRECT, STANDARDIZED entity authentication *d AVOID, SEE RECORD data origin authentication *e AVOID, SEE RECORD

autenticación *a, b, c CORRECTO, NORMALIZADO, FEM autentificación *d, e CORRECTO, FEM autenticación de entidad *f EVITAR, FEM, VER FICHA autenticación del origen de los datos *g EVITAR, FEM, VER FICHA

DEF Service that provides evidence that the sender and source of an electronic message are as claimed. *a

DEF Servicio que permite verificar que el emisor y origen de un mensaje electrónico son legítimos. *a, h

CONT Existen dos tipos de autenticación: de entidad, que asegura la identidad de las entidades participantes en la comunicación, y de origen de información, que asegura que una unidad de información proviene de cierta entidad. *b OBS Término normalizado por la UIT. Fuentes

CONT Authentication applies to entities and information itself and is usually subdivided into two major classes: entity authentication and data origin authentication. *c OBS Term standardized by ISO. Sources a* ISO/IEC 10181-2:1996. b* Industry Canada. Electronic Commerce in Canada. c* Menezes, A. Handbook of Applied Cryptography. d* ITU-T, Rec. X.842 (2000). e* ITU-T, Rec. X.800 (1991).

a* Recomendación X.811 (04/95). b* Álvarez, G. Correo Seguro. c* CEMLA. Glosario de Sistema de Pagos. d* Autoridad Pública de Certificación Española. e* Lucena, M. Criptología. f* UIT-T, Rec. X.842 (2000). g* UIT-T, Rec. X.800 (1991). h* Carolina Herrera.

Carolina Herrera 42 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Requirement > Authentication Subcampo: Requisito > Autenticación EN ES entity authentication *a, b, c, CORRECT, STANDARDIZED

autenticación de entidad *a, b, c, d CORRECTO, NORMALIZADO, FEM DEF Servicio mediante el cual una entidad puede verificar que la identidad de la segunda entidad involucrada en la comunicación es legítima, y que la autorización de la segunda entidad estaba vigente en el momento de la comunicación. *e CONT Existen dos tipos de autenticación: de entidad, que asegura la identidad de las entidades participantes en la comunicación, y de origen de información, que asegura que una unidad de información proviene de cierta entidad. *b OBS Término normalizado por la UIT. Fuentes

DEF Service that assures one entity of both the identity of a second entity involved, and that the second entity was active at the time the communication was initiated. *c CONT Authentication applies to entities and information itself and is usually subdivided into two major classes: entity authentication and data origin authentication. *c OBS Term standardized by the ITU. Sources a* ITU-T, Rec. X.842 (2000). b* Communications Security Establishment. Government of Canada PKI � White Paper. c* Menezes, A. Handbook of Applied Cryptography.

a* UIT-T, Rec. X.842 (2000). b* Álvarez, G. Correo Seguro. c* CEMLA. Glosario de Sistema de Pagos. d* Autoridad Pública de Certificación Española. e* Carolina Herrera.

Public Key Cryptography: A Commented Terminology File 43 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Requirement > Authentication Subcampo: Requisito > Autenticación EN ES data origin authentication *a, b, c CORRECT, STANDARDIZED

autenticación del origen de los datos *a, b CORRECTO, NORMALIZADO, FEM

DEF Service that provides to one entity which receives a message assurance of the identity of the entity which originated the message. *c

DEF Servicio mediante el cual la entidad que recibe un mensaje puede verificar la identidad de la entidad que envió el mensaje. *c

CONT Existen dos tipos de autenticación: de entidad, que asegura la identidad de las entidades participantes en la comunicación, y de origen de información, que asegura que una unidad de información proviene de cierta entidad. *b OBS Autenticación: término normalizado por la UIT. Fuentes

CONT Authentication applies to entities and information itself and is usually subdivided into two major classes: entity authentication and data origin authentication. *b OBS Term standardized by ISO and the ITU. Sources a* ISO/IEC 10181-2:1996. b* ITU-T, Rec. X.800 (1991). c* Menezes, A. Handbook of Applied Cryptography.

a* UIT-T, Rec. X.842 (2000). b* Álvarez, G. Correo Seguro. c* Carolina Herrera.

Carolina Herrera 44 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Requirement Subcampo: Requisito EN ES confidentiality *a, b, c, d CORRECT, STANDARDIZED

confidencialidad *a, b, c, d CORRECTO, NORMALIZADO, FEM

DEF Situation in which there is assurance that the content of sensitive information has been kept from all those unauthorized to have it. *c, d

DEF Situación que brinda la seguridad de que solamente entidades autorizadas han tenido acceso a la información. *b, e

CONT There are numerous approaches to providing confidentiality, ranging from physical protection to mathematical algorithms which render data unintelligible. *a

CONT Existen diferentes enfoques que proporcionan confidencialidad, desde la protección física hasta algoritmos matemáticos que transforman la información en textos cifrados. *e

OBS Confidentiality: term standardized by ISO and the ITU.

OBS Confidencialidad de datos: término normalizado por la UIT.

Sources a* ISO 7498-2:1989. b* NIST. Security Requirements for Cryptographic Modules. c* Menezes, A. Handbook of Applied Cryptography. d* ITU-T, Rec. X.402 (1988). e* Carolina Herrera.

Fuentes a* UIT-T, Rec. X.402 (1988). b* Autoridad Pública de Certificación Española. c* Álvarez, G. Correo Seguro. d* OMPI. Tecnología de los Sistemas Digitales. e* Carolina Herrera.

Public Key Cryptography: A Commented Terminology File 45 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Requirement Subcampo: Requisito EN ES nonrepudiation *a CORRECT, STANDARDIZED non repudiation *b CORRECT non-repudiation *c CORRECT

no repudio *a, b, c CORRECTO, NORMALIZADO, MASC no rechazo *d, e CORRECTO, MASC no repudiación *d, f EVITAR, FEM, VER FICHA aceptación obligatoria *f PROPUESTO, FEM

DEF Service that provides protection from denial by one of the entities involved in a communication of having participated in all or part of the communication. *b

DEF Servicio que proporciona protección contra la negación por parte de una de las entidades que participan en la comunicación de haber participado en toda la comunicación o en parte de ésta. *a

CONT When disputes arise due to an entity denying that certain actions were taken, a means to resolve the situation is necessary. For example, one entity may authorize the purchase of property by another entity and later deny such authorization was granted. *c

CONT Cuando surgen disputas debido a que una entidad niega haber realizado ciertas acciones, se requiere un medio para resolver la situación. Por ejemplo, una entidad puede autorizar que otra entidad compre una propiedad y luego negar que dicha autorización fue emitida. *f OBS El término �no repudiación� es un anglicismo y debe evitarse. OBS No repudio: término normalizado por la UIT. Fuentes

OBS Nonrepudiation: term standardized by ISO. Sources a* ISO 7498-2:1989. b* ITU-T, draft new Rec. H.235 (1998). c* Menezes, A. Handbook of Applied Cryptography.

a* UIT-T, Rec. H.235 (1998). b* Autoridad Pública de Certificación Española. c* Álvarez, G. Correo Seguro. d* Pérez, M. Hacia la Seguridad en el Comercio Electrónico. e* PGP Security. PGP Keyserver. f* Carolina Herrera.

Carolina Herrera 46 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Requirement Subcampo: Requisito EN ES data integrity *a, b CORRECT, STANDARDIZED integrity *c CORRECT

integridad de datos *a, b, c CORRECTO, NORMALIZADO, FEM integridad *d, e CORRECTO, FEM

DEF Situation in which there is assurance that data has not been altered in an unauthorized manner. *a

DEF Situación que confirma que el mensaje o comunicación que se recibe no ha sido alterado sin autorización. *d OBS Integridad de datos: término normalizado por la UIT. Fuentes

OBS Data integrity: term standardized by ISO. Sources a* ISO 7498-2:1989. b* ITU-T, Rec. X.402 (1988). c* NIST. Security Requirements for Cryptographic Modules.

a* UIT-T, Rec. X.402 (1988). b* Álvarez, G. Correo Seguro. c* OMPI. Comercio Electrónico y Propiedad Intelectual. d* Autoridad Pública de Certificación Española. e* Casacuberta, D. Diccionario de Ciberderechos.

Public Key Cryptography: A Commented Terminology File 47 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element Subcampo: Elemento EN ES public key infrastructure *a, b, c CORRECT, STANDARDIZED PKI *a, b, c CORRECT, STANDARDIZED

infraestructura de clave pública *a, b CORRECTO, NORMALIZADO, FEM PKI *a, b, c CORRECTO, NORMALIZADO, FEM infraestructura de claves públicas *c CORRECTO, FEM infraestructura PKI *d MENOS FRECUENTE, FEM

DEF System consisting of trusted third parties (TTPs), together with the services they make available to support the application (including generation and validation) of digital signatures, and of the persons or technical components who use these services. *a

DEF Sistema formado por terceros de confianza, junto con los servicios que hacen posible el soporte de la aplicación de firmas digitales (incluidas la generación y validación), y por las personas o componentes técnicos que utilizan estos servicios. *a

OBS Term and definition standardized by ISO and the ITU.

OBS Término y definición normalizados por la UIT.

Sources a* ISO/IEC FDIS 15945. b* ITU-T, Rec. X.843 (2000). c* Communications Security Establishment. Government of Canada PKI � White Paper.

Fuentes a* UIT-T, Rec. X.843 (2000). b* Autoridad Pública de Certificación Española. c* Álvarez, G. PKI o los Cimientos de una Criptografía de Clave Pública. d* Microsoft TechNet. Fundamentos de Criptografía y de PKI.

Carolina Herrera 48 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Public key infrastructure Subcampo: Elemento > Infraestructura de clave

pública EN ES certificate *a, b, c CORRECT, STANDARDIZED public key certificate *a, d, e CORRECT, STANDARDIZED user certificate *b CORRECT, STANDARDIZED digital certificate *f, g CORRECT, SEE RECORD

certificado *a, b, c CORRECTO, NORMALIZADO, MASC certificado de clave pública *a, b, c CORRECTO, NORMALIZADO, MASC certificado de usuario *a, b CORRECTO, NORMALIZADO, MASC certificado digital *d, e CORRECTO, MASC

DEF Document consisting of the public key of a user, together with some other information, rendered unforgeable by the signature of the certification authority (CA) which issued it. *a

DEF Documento emitido y firmado por una autoridad de certificación la cual autentica la relación de un usuario con su clave pública. *b

OBS The term �digital certificate� can refer to any paper-based certificate that has been digitized. Although its use is frequent in promotional material due to its relation with digital signatures, it should be used cautiously in contexts different from Information Security. *d, g, h

OBS El término �certificado digital� puede hacer referencia a cualquier certificado en papel que ha sido digitalizado. Aunque se observa una alta frecuencia de uso en material promocional debido a su relación con las firmas digitales, este término se debe usar con precaución en contextos diferentes a los de Seguridad de la Información. *d, e, f OBS Certificado; certificado de clave pública; certificado: términos normalizados por la UIT.

OBS Public key certificate; certificate; user certificate: terms standardized by ISO and the ITU. *a, b Sources a* ISO/IEC 9594-8. b* ITU-T, Rec. X.509 (1988). c* Industry Canada. Electronic Commerce in Canada. d* Adams, C. Understanding Public-Key Infrastructure. e* Menezes, A. Handbook of Applied Cryptography. f* Scientific American. Confidentially yours. g* The International PGP Home Page. How PGP works. h* Carolina Herrera.

Fuentes a* UIT-T, Rec. X.509. b* Autoridad Pública de Certificación Española. c* Kriptópolis. Introducción a las Firmas Digitales. d* OMPI. Derecho de Patentes. e* Martínez, F. ¿Qué son los Certificados Digitales?. f* Carolina Herrera.

Public Key Cryptography: A Commented Terminology File 49 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Public key infrastructure Subcampo: Elemento > Infraestructura de clave

pública EN ES certification authority certificate *a, b CORRECT, STANDARDIZED CA certificate *a CORRECT, STANDARDIZED

certificado de autoridad de certificación *a, b CORRECTO, UNIFORMIZADO, MASC

DEF Certificate that identifies the certification authority as a subscriber and that contains the public key that the certification authority uses to digitally sign certificates in a web of trust. *b

DEF Certificado emitido por la autoridad de certificación para sí misma y en el cual consta la clave pública que la autoridad de certificación utiliza para firmar digitalmente los certificados de una cadena de confianza. *b

OBS Certification authority certificate; CA certificate: terms standardized by the ITU.

OBS Certificado de autoridad de certificación: término normalizado por la UIT.

Sources

Fuentes

a* ITU-T, Rec. X.509 (1988). b* Illinois General Assembly. Electronic Commerce Security Act. c* Carolina Herrera.

a* UIT-T, Rec. X.509. b* Autoridad Pública de Certificación Española. c* Carolina Herrera.

Carolina Herrera 50 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Public key infrastructure Subcampo: Elemento > Infraestructura de clave

pública EN ES attribute certificate *a, b, c CORRECT, STANDARDIZED

certificado de atributos *a, b, c, d CORRECTO, NORMALIZADO, MASC

DEF Set of attributes of a user rendered unforgeable by the digital signature of the certification authority which issued it. *a

DEF Serie de atributos de un usuario validados por la firma digital de la autoridad de certificación que lo emite. *d

CONT Public-key certificates bind a public key and an identity, and include additional data fields necessary to clarify this binding, but are not intended for certifying additional information. Attribute certificates are similar to public-key certificates, but specifically intended to allow specification of information (attributes) other than public keys (but related to a Certification Authority, entity or public key), such that may also be conveyed in a trusted (verifiable) manner. *c

CONT Los certificados de clave pública proporcionan evidencia de la identidad de una persona. En entornos de comercio electrónico, se precisa más información que la mera identidad, en especial cuando las partes involucradas en una transacción no han tenido contacto previo. Los certificados de atributos, similares a los certificados de clave pública, contienen información sobre los atributos de una entidad (por ejemplo, su capacidad de firmar un contrato, o su límite de crédito). *c

OBS The attribute certificate may or may not exist in combination with a public key certificate. *b

OBS El certificado de atributos puede o no existir en combinación con un certificado de claves públicas. *a

OBS Term and definition standardized by ISO. OBS Término normalizado por la UIT. Sources Fuentes a* ISO/IEC 9594-8:1998. b* ITU-T, Rec. X.842 (2000). c* Menezes, A. Handbook of Applied Cryptography.

a* UIT-T, Rec. X.842 (2000). b* Autoridad Pública de Certificación Española. c* Rodríguez. L. Control de Accesos. d* CEMLA. Glosario de Sistema de Pagos.

Public Key Cryptography: A Commented Terminology File 51 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Public key infrastructure Subcampo: Elemento > Infraestructura de clave

pública EN ES key management *a, b, c CORRECT, STANDARDIZED gestión de claves *a, b, c CORRECTO, NORMALIZADO, FEM

administración de claves *d CORRECTO, FEM

DEF Protocol for the generation, storage, distribution, deletion, archiving and application of keys in accordance with a security policy. *a

DEF Protocolo para la generación, distribución, almacenamiento, tiempo de vida, destrucción y aplicación de las claves de acuerdo con una política de seguridad. *b

DEF Conjunto de procesos y mecanismos que sirven como base para el establecimiento de claves y el mantenimiento de las subsiguientes relaciones entre las entidades, incluyendo el reemplazo de claves antiguas cuando nuevas claves son necesarias. *e OBS Gestión de claves: término normalizado por la UIT. Fuentes

DEF Set of processes and mechanisms that support key establishment and the maintenance of ongoing keying relationships between parties, including replacing older keys with new keys as necessary. *b OBS Term and first definition standardized by ISO. Sources a* ISO/CEI JTC 1 SC 1 N1278. b* Menezes, A. Handbook of Applied Cryptography. c* NIST. Security in Open Systems.

a* UIT-T Rec. X.812 (1995). b* Álvarez, G. Correo Seguro. c* Autoridad Pública de Certficación Española. d* CEMLA. Glosario de Sistema de Pagos. e* Carolina Herrera.

Carolina Herrera 52 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Public key infrastructure > Key management

Subcampo: Elemento > Infraestructura de clave pública > Gestión de claves

EN ES key generation *a, b, c CORRECT, STANDARDIZED generación de claves *a, b, c CORRECTO, NORMALIZADO,

FEM

DEF Protocol to generate keys in a secure way for a particular cryptographic algorithm. *a

DEF Protocolo para la generación de claves de manera segura para un algoritmo criptográfico particular. *b, d

EJ La seguridad de un algoritmo descansa en la generación de la clave. Un criptosistema que haga uso de claves criptográficamente débiles será consecuentemente débil. *b OBS Término normalizado por la UIT. Fuentes

EX The generation of secret and unpredictable numbers with certain properties is fundamental for key generation. *a OBS Term and definition standardized by ISO and the ITU. Sources a* ISO/IEC DTR 14156. b* ITU-T, Rec. X.509 (1988). c* OECD. Electronic Commerce.

a* UIT-T, Rec. X.509 (1988). b* Álvarez, G. Correo Seguro. c* Lucena, M. Criptología. d* Carolina Herrera.

Public Key Cryptography: A Commented Terminology File 53 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Public key infrastructure > Key management


EN ES key distribution *a, b, c, CORRECT, STANDARDIZED distribución de claves *a, b CORRECTO, NORMALIZADO, FEM

DEF Protocol that includes mechanisms to securely distribute a private key to the owner of that key. *b

DEF Protocolo usado para distribuir de forma segura las claves que se usarán en la futura comunicación. *a

EX A driving force in the practical use of cryptography is the key distribution problem inherent in single-key cryptosystems. *c

EJ La distribución y transferencia de las claves suele iniciarse con la petición de la clave por parte de una entidad a un Centro de Distribución de Claves o a la otra entidad involucrada en la comunicación. *b

OBS Term standardized by ISO and the ITU. OBS Término normalizado por la UIT.

Fuentes

Sources a* ISO/IEC DTR 14156. b* ITU-T, Rec. X.843 (2000). c* Encyclopaedia Britannica.

a* UIT-T, Rec. X.843 (2000). b* Álvarez, G. Correo Seguro.

Carolina Herrera 54 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Public key infrastructure > Key management


EN ES key storage *a, b, c, d CORRECT, STANDARDIZED key backup *b CORRECT, OFFICIALLY APPROVED key escrow *b, c, d AVOID, SEE RECORD

almacenamiento de claves *a, b CORRECTO, MASC depósito de claves *b, e CORRECTO, MASC, VER FICHA

DEF Protocol that provides secure storage of decryption keys to ensure the confidentiality and integrity of the keys. *a

DEF Protocolo que permite almacenar las claves privadas de un sistema criptográfico para garantizar la integridad del entorno. *a, e

EX Encrypted data must be retrievable when users lose their decryption keys, therefore a cryptographic system requires a system for backing up and recovering the decryption keys. *b

EJ Si se almacena la clave privada en un medio portátil, como por ejemplo un disquete, se aumenta el riesgo de tener problemas de seguridad. *a

OBS Key storage: term and definition standardized by ISO. *a OBS The concept of key backup implies that decryption keys are stored in a secondary location. �Key escrow� is a type of location to store private keys and is normally managed by a federal agency. The purpose of key escrow is to help with law enforcement, and it is a debated topic because of the fine lines between issues of public interest (such as national security) and individual freedom and privacy. *b, c OBS The concept of key storage can change depending on the level of security needed for the key. Keys can be simply stored as passwords, on hard disks or on magnetic cards. Critical high-security keys require store systems protected by elaborate security. *d

OBS El almacenamiento de claves implica la existencia de un segundo lugar donde se almacenan las claves, la cual puede ser controlada por el gobierno (almacenamiento centralizado de claves). El sistema de �almacenamiento centralizado de claves� implica que todo usuario de un sistema criptográfico debe entregar una copia de su clave privada a un tercero de confianza (en este caso, un organismo gubernamental). La aprobación del almacenamiento centralizado de claves es un punto de discusión ya que podría comprometer la seguridad de la criptografía. *d, e, g OBS En sistemas con un solo usuario las claves pueden ser almacenadas en la memoria del usuario. Una solución más sofisticada consiste en almacenarlas en una tarjeta de banda magnética o en una tarjeta inteligente. Las claves que impliquen un mayor riesgo requieren sistemas de almacenamiento más elaborados. *g, f

Sources Fuentes a* ISO/IEC DTR 14156. b* Entrust Technologies. What is PKI? c* Industry Canada. Electronic Commerce in Canada. d* Communications Security Establishment. Government of Canada PKI � White Paper.

a* OMPI. Comercio Electrónico y Propiedad Intelectual. b* Kriptopólis, octubre de 1999. c* Casacuberta, D. Diccionario de Ciberderechos. d* Ley General de Telecomunicaciones España. e* Casacuberta, D. Diccionario de Ciberderechos. g* Álvarez, G. Correo Seguro. f* Carolina Herrera.

Public Key Cryptography: A Commented Terminology File 55 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element Subcampo: Elemento EN ES public key cryptosystem *a, b, c, d CORRECT, STANDARDIZED asymmetric cryptosystem *c, e CORRECT public key cryptographic system *f CORRECT asymmetric cryptographic system *g CORRECT

criptosistema de clave pública *a, b, c, d CORRECTO, NORMALIZADO, MASC criptosistema asimétrico *e, f CORRECTO, NORMALIZADO, MASC sistema criptográfico asimétrico *g CORRECTO, MENOS FRECUENTE, MASC sistema de cifrado asimétrico *h CORRECTO, MENOS FRECUENTE, MASC

DEF Collection of transformations from plaintext into ciphertext and vice versa, the particular transformation to be used being determined by two different keys: one private and one public. The transformations are normally defined by a mathematical algorithm. *a (modified)

DEF Conjunto de transformaciones de texto en claro a texto cifrado y viceversa. Cada transformación está definida por un algoritmo de cifrado y dos claves: una privada y una pública. *b (modificado)

CONT Cryptosystems may be either symmetric or asymmetric. In a symmetric cryptosystem, encryption and decryption are performed with a single key, so that both the sender and the receiver use the same key. In an asymmetric cryptosystem, by contrast, two different keys are employed: a private (encryption) key and a public (decryption) key. *d OBS Public key cryptosystem: term standardized by the ITU. OBS The terms �public key cryptographic algorithm� and �public key cryptosystem� are not true synonyms. A cryptographic algorithm is a mathematical formula used to encrypt data, while a �cryptosystem� is a collection of elements (including an algorithm) that make encryption possible. *g, h OBS The terms �cipher system� and �cipher� are not true synonyms of the term �cryptosystem�. A cipher is an element of a cryptosystem. (See �cryptographic algorithm� for definition of �cipher�) *h, i Sources a* ISO 9594-8 :1998. b* ITU-T, Rec. X.509 (1988). c* NIST. Security in Open Systems. d* The International PGP Home Page. How PGP works. e* Utah House of Representatives. Uniform Electronic Transactions Act f* NIST. Fact Sheet on Digital Signature Standard. g* Menezes, A. Handbook of Applied Cryptography. h* American National Standard. Telecom Glossary 2000. i* Carolina Herrera.

CONT Existen dos tipos de criptosistemas: simétricos y asimétricos. Los criptosistemas simétricos o de clave privada son aquellos que emplean la misma clave tanto para cifrar como para descifar. Los criptosistemas asimétricos o de clave pública emplean una clave pública (cifrado) y una clave privada (descifrado). *e OBS Criptosistema de clave pública: término normalizado por la UIT. OBS Los términos �algoritmo criptográfico de clave pública� y �criptosistema de clave pública� no son sinónimos absolutos. Un algoritmo criptográfico es una fórmula matemática utilizada en el cifrado de información, mientras que un �criptosistema� es un conjunto de elementos (incluyendo un algoritmo) que hacen posible el cifrado. * i, j Fuentes a* UIT Rec. X.509 (1988). b* Carlos, B. Criptografía, Maple y RSA. c* Álvarez, G. Generación de Claves. d* The International PGP Home Page. Cifrado de Clave Pública para Todos. e* Lucena, M. Criptografía. f* Hebe, F. Argentina: E-Commerce. g* Iriarte, E. Firma Digital y Certificado Digital. h* Pérez, M. Hacia la Seguridad en el Comercio Electrónico. i* American National Standard. Telecom Glossary 2000. j* Carolina Herrera.

Carolina Herrera 56 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Cryptosystem Subcampo: Elemento > Sistema criptográfico EN ES public key algorithm *a, b, c CORRECT , STANDARDIZED public key encryption algorithm *d CORRECT, SEE RECORD public key cryptographic algorithm *c CORRECT asymmetric algorithm *c CORRECT

algoritmo de clave pública *a, b CORRECTO, NORMALIZADO, MASC algoritmo asimétrico *c CORRECTO, MASC algoritmo de cifrado de clave pública *d CORRECTO, MASC

DEF Algorithm for performing encryption or the corresponding decryption in which the keys used for encryption and decryption differ. *a

DEF Algoritmo en el cual las operaciones de cifrado y descifrado implican el uso de dos claves distintas, una privada y otra pública. *a, i

OBS The notion of cryptography includes a set of principles, means and methods for the transformation of data. Since �encryption� is a cryptographic method, the terms �public key encryption algorithm� is not true synonym of �public key algorithm� and its variants. However, it is commonly used as such. *b, i

Fuentes a* UIT-T, Rec. X.841 (2000) b* Autoridad Pública de Certificación Española c* Jiménez, J. Comercio electrónico, Internet y su Seguridad. d* Álvarez, G. Comercio Electrónico. i* Carolina Herrera.

Sources a* ISO/IEC 9798-3:1993 b* ITU, Rec.X.32. c* NIST. Security in Open Systems. d* Stallings, W. Introduction to Number Theory.

Public Key Cryptography: A Commented Terminology File 57 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Cryptosystem Subcampo: Elemento > Sistema criptográfico EN ES key *a, b, c CORRECT, STANDARDIZED cryptographic key *b, d, e CORRECT encryption key *f AVOID, SEE RECORD encipherment key *g AVOID, SEE RECORD ciphering key *h AVOID, SEE RECORD

clave *a, b, c, d, e CORRECTO, NORMALIZADO, FEM clave criptográfica *a CORRECTO, FEM clave de cifrado *f EVITAR, VER FICHA, FEM

DEF Serie única de símbolos utilizados en combinación con un algoritmo criptográfico para operaciones de cifrado y descifrado. *e

DEF Sequence of symbols that used with an algorithm control operations of encryption and decryption. *a OBS The ITU differentiates two subtypes of keys: �encryption key� and �decryption key�. Therefore the term �key� is not a true synonym of the terms �encryption key�, �encipherment key� or �ciphering key�. *h

OBS La UIT reconoce dos subtipos de clave: �clave de cifrado� y �clave de descifrado�. Por lo tanto, el término �clave� no es sinónimo absoluto del término �clave de cifrado�. *f OBS En algoritmos simétricos, la clave de descifrado se puede calcular a partir de la clave de cifrado y viceversa. En la mayoría de los casos, la clave de cifrado utilizada en algoritmos simétricos es la misma que la clave de descifrado. En algoritmos de clave pública, la clave de descifrado (privada) no se puede calcular fácilmente partiendo de la clave de cifrado (pública). *g OBS Clave: término normalizado por la UIT.

OBS In symmetric algorithms, the decryption key can be calculated from the encryption key and vice versa. In most cases, the encryption key used with symmetric algorithms is the same as decryption key. In public key algorithms, the decryption (private) key cannot be easily calculated from the encryption (public) key. *f OBS Term and definition standardized by ISO. *a Sources a* ISO/IEC 11770-1:1996. b* NIST. Security Requirements for Cryptographic Modules. c* Communications Security Establishment. Government of Canada PKI � White Paper. d* NIST. Computer Data Authentication. e* OECD. Cryptography Policy. f* Government of Canada. Technical Know How. g* International Association for Cryptologic Research. Lecture Notes in Computer Science, vol. 0219. h* ITU-R, Rec. M.1224 (1997).

Fuentes a* UIT-T, Rec. X.843 (2000). b* Autoridad Pública de Certificación Española. c* Álvarez, G. Correo Seguro. d* Casacuberta, D. Diccionario de Ciberderechos. e* CEMLA. Glosario de Sistema de Pagos. f* UIT-R, Rec. M.1224 (1997). g* Carolina Herrera.

Carolina Herrera 58 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Cryptosystem > Key > By user Subcampo: Elemento > Sistema criptográfico > Clave

> Por usuario EN ES private key *a, b, c CORRECT, STANDARDIZED secret key *d AVOID, SEE RECORD

clave privada *a, b, c CORRECTO, NORMALIZADO, FEM clave secreta *d EVITAR, FEM, VER FICHA

DEF Cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and not made public. *c

DEF Clave criptográfica empleada en algoritmos de cifrado de clave pública, asociada con una sola entidad y no revelada al público. *e

OBS In symmetric algorithms, there is only one key known as the �secret key�, which is used for encryption and decryption purposes. In public key algorithms there are two keys: the decryption (private) key and the encryption (public) key. *e, f

OBS En algoritmos simétricos, hay solamente una clave que se conoce con el nombre de �clave secreta� y que se usa tanto para el cifrado como para el descifrado. En algoritmos de clave pública se utilizan dos claves: la clave de descifrado (privada) y la clave de cifrado (pública). *e

OBS The key that is not publicly revealed is generally referred to as a private key, rather than a secret key. This avoids confusion with the secret key of a symmetric cryptographic algorithm and derives from the idea that two people may share a secret, but a single person keeps something private. *d

OBS La clave que no se revela al público se conoce como �clave privada� y no �clave secreta�. Esto evita la confusión con la clave secreta de un algoritmo criptográfico simétrico y tiene como fundamento que dos personas pueden compartir un secreto, pero una sola persona mantiene algo privado. *e

OBS Term standardized by ISO and the ITU. OBS Clave privada: término normalizado por la UIT. Sources a* ISO/IEC 11770-1:1996. b* ITU-T, Rec. X.841 (2000). c* NIST. Security Requirements for Cryptographic Modules. d* Adams, C. Understanding Public-Key Infrastructure. e* Government of Canada. Technical Know How. f* Carolina Herrera.

Fuentes a* UIT-T, Rec. X.841 (2000). b* Autoridad Pública de Certificación Española. c* Álvarez, G. Correo Seguro. d* Microsoft TechNet. Fundamentos de Criptografía y de PKI. e* Carolina Herrera.

Public Key Cryptography: A Commented Terminology File 59 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Cryptosystem > Key > By user Subcampo: Elemento > Sistema criptográfico > Clave

> Por usuario EN ES public key *a, b, c CORRECT, STANDARDIZED

clave pública *a, b, c CORRECTO, NORMALIZADO, FEM

DEF Cryptographic key used with a public key cryptographic algorithm, uniquely associated with an entity, and which may be made public in the communication. *b

DEF Clave criptográfica empleada en los algoritmos de cifrado de clave pública, asociada con una sola entidad y puesta a disposición del público en la comunicación. *d

OBS In symmetric algorithms, there is only one key known as the �secret key�, which is used for encryption and decryption purposes. In public key algorithms there are two keys: the decryption (private) key and the encryption (public) key. *d, e

OBS En algoritmos simétricos, hay solamente una clave que se conoce con el nombre de �clave secreta� y que se usa tanto para el cifrado como para el descifrado. En algoritmos de clave pública se utilizan dos claves: la clave de descifrado (privada) y la clave de cifrado (pública). *d

OBS Term and definition standardized by ISO. Sources a* ISO/IEC 11770-1:1996. b* NIST. Security Requirements for Cryptographic Modules. c* OECD. Cryptography Policy. d* Government of Canada. Technical Know How. e* Carolina Herrera.

OBS Término normalizado por la UIT. Fuentes a* UIT-T, Rec. X.843 (2000). b* Autoridad Pública de Certificación Española. c* Álvarez, G. Correo Seguro. d* Carolina Herrera.

Carolina Herrera 60 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Cryptosystem > Key > By function Subcampo: Elemento > Sistema criptográfico > Clave

> Por función EN ES encryption key *a, b, c, d CORRECT, STANDARDIZED ciphering key *e, f CORRECT, STANDARDIZED encipherment key *a, g CORRECT, STANDARDIZED enciphering key *h CORRECT data encryption key *i CORRECT, LESS COMMON data encrypting key *j CORRECT, LESS COMMON cryptographic key *a AVOID, SEE RECORD key *a AVOID, SEE RECORD

clave de cifrado *a, b, c CORRECTO, NORMALIZADO, FEM clave de encriptación *d CORRECTO, FEM, VER FICHA clave de encripción *e MENOS FRECUENTE, FEM, VER FICHA clave de criptación *f CORRECTO, NORMALIZADO, FEM, VER FICHA clave *a EVITAR, FEM, VER FICHA clave criptográfica *a EVITAR, FEM, VER FICHA

DEF Cryptographic key used with an algorithm in the transformation of data to produce ciphertext. *a, l

DEF Clave criptográfica usada en combinación con un algoritmo en la transformación de datos para producir textos cifrados. *g

OBS The ITU differentiates two subtypes of keys: �encryption key� and �decryption key�. Therefore the term �key� is not a true synonym of the terms �encryption key�, �encipherment key� or �ciphering key�. *e

OBS La UIT reconoce dos subtipos de clave: �clave de cifrado� y �clave de descifrado�. Por lo tanto, el término �clave� no es sinónimo absoluto del término �clave de cifrado�. *a

OBS In symmetric algorithms, there is only one key known as the �secret key�, which is used for encryption and decryption purposes. In public key algorithms there are two keys: the decryption (private) key and the encryption (public) key. *k, l

OBS En algoritmos simétricos, hay solamente una clave que se conoce con el nombre de �clave secreta� y que se usa tanto para el cifrado como para el descifrado. En algoritmos de clave pública se utilizan dos claves: la clave de cifrado (pública) y la clave de descifrado (privada). *g OBS Actualmente se observa una tendencia a evitar el término �encriptación� por considerarse un anglicismo innecesario. Sin embargo, su uso es bastante frecuente en el campo de la criptografía. *b OBS Clave de cifrado: término normalizado por la UIT.

OBS Encryption key; encipherment key: terms standardized by ISO. OBS Ciphering key : term standardized by the ITU. Sources a* ISO/IEC 11770-1:1996. b* Encyclopaedia Britannica. c* Industry Canada. Electronic Commerce in Canada. d* NIST. Announcing Plans to Develop a Federal Information Processing Standard for Public-Key. e* ITU-T, Rec. X.843 (2000). f* George Mason University. GSM Security and Encryption. g* International Association for Cryptologic Research. Lecture Notes in Computer Science, vol. 0209. h* Institute of Electrical and Electronics Engineers. A New Public-Key Cipher. i* WIPO. PKI Architecture. j* International Association for Cryptologic Research. Lecture Notes in Computer Science, vol. 0218. k* Government of Canada. Technical Know How. l* Carolina Herrera.

Fuentes a* UIT-T, Rec. X.843 (2000). b* Autoridad Pública de Certificación Española. c* Álvarez, G. Correo Seguro. d* Criptograma, noviembre 1998. e* Universidad de Murgía. Redes de Ordenadores y Comunicaciones. f* UIT-T, Rec. H.234 (1994). g* Carolina Herrera.

Public Key Cryptography: A Commented Terminology File 61 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Cryptosystem > Key Subcampo: Elemento > Sistema criptográfico > Clave EN

ES

decryption key *a, b, c, d CORRECT, STANDARDIZED deciphering key *e, f CORRECT, STANDARDIZED decipherment key *a, g CORRECT, STANDARDIZED

clave de descifrado *a, b CORRECTO, NORMALIZADO, FEM clave de descencriptación *a, b CORRECTO, FEM, VER FICHA

DEF Cryptographic key used in the reversal of a corresponding encryption to change ciphertext into plaintext. *a, c

DEF Clave criptográfica empleada en la reversión de la operación correspondiente de cifrado para cambiar un texto cifrado en texto claro. *c

OBS The ITU differentiates two subtypes of keys: �encryption key� and �decryption key�. *e

OBS La UIT reconoce dos subtipos de clave: �clave de cifrado� y �clave de descifrado�. *a

OBS In symmetric algorithms, there is only one key known as the �secret key�, which is used for encryption and decryption purposes. In public key algorithms there are two keys: the decryption (private) key and the encryption (public) key. *k, l

OBS En algoritmos simétricos, hay solamente una clave que se conoce con el nombre de �clave secreta� y que se usa tanto para el cifrado como para el descifrado. En algoritmos de clave pública se utilizan dos claves: la clave de cifrado (pública) y la clave de descifrado (privada). *c OBS Actualmente se observa una tendencia a evitar el término �desencriptación� por considerarse un anglicismo innecesario. Sin embargo, su uso es bastante frecuente en el campo de la criptografía. *b OBS Clave de descifrado: término normalizado por la UIT. Fuentes

OBS Term and definition standardized by ISO. *a Sources a* ISO/IEC 11770-1:1996. b* Encyclopaedia Britannica. c* Industry Canada. Electronic Commerce in Canada. d* NIST. Announcing Plans to Develop a Federal Information Processing Standard for Public-Key. e* ITU-T, Rec. X.843 (2000). f* George Mason University. GSM Security and Encryption. g* International Association for Cryptologic Research. Lecture Notes in Computer Science, vol. 0209. h* Institute of Electrical and Electronics Engineers. A New Public-Key Cipher. i* WIPO. PKI Architecture. j* International Association for Cryptologic Research. Lecture Notes in Computer Science, vol. 0218. k* Government of Canada. Technical Know How. l* Carolina Herrera.

a* UIT-T, Rec. X.843 (2000). b* Criptograma, noviembre de 1999. c* Carolina Herrera.

Carolina Herrera 62 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Element > Cryptosystem > Key > By function > Encryption key

Subcampo: Elemento > Sistema criptográfico > Clave > Por función > Clave de cifrado

EN ES session key *a, b, c CORRECT, STANDARDIZED transaction key *d CORRECT, OFFICIALLY APPROVED

clave de sesión *a, b, c CORRECTO, NORMALIZADO, FEM

DEF Temporary encryption key used between two entities, with a limited lifetime. *c

DEF Clave temporal de cifrado empleada entre dos entidades durante un periodo limitado de tiempo. *d

DEF Número generado de forma aleatoria basándose en los movimientos del ratón y las teclas pulsadas. *b

DEF A random number generated from the user�s random movements of the mouse and the keystrokes typed. *b

CONT PGP (Pretty Good Privacy) creates a session key. It works with a conventional encryption algorithm to encrypt the plaintext. Once the data is encrypted, the session key is also encrypted with the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient, who will use his or her private key to recover the session key and decrypt the message. *b

CONT Cuando se envía un mensaje cifrado con PGP (Pretty Good Privacy), el programa crea una clave de sesión, la cual se usa para cifrar el texto del mensaje. Esta clave de sesión se cifra con la clave pública del destinatario y se transmite junto con el texto cifrado. El destinatario descifra la clave de sesión usando su clave privada y descifra el texto del mensaje. *b

OBS Session key: term standardized by the ITU. OBS Transaction key: term officially approved by the Department of Industry (Canada). *d Sources a* ITU-T Recommendation X.413. b* Introduction to Cryptography. PGP 6.5.1 documentation. c* Fermilab. Strong Authentication at Fermilab. d* Industry Canada. Electronic Commerce in Canada.

OBS Clave de sesión: término normalizado por la UIT. Fuentes a* UIT-T Rec. X.413. b* Álvarez, G. Correo Seguro. c* Criptograma, octubre de 1998. d* Carolina Herrera.

Public Key Cryptography: A Commented Terminology File 63 Field: Public key cryptography Campo: Criptografía de claves públicas Subfield: Participant Subcampo: Participante EN ES trusted third party *a CORRECT, STANDARDIZED TTP *a CORRECT, STANDARDIZED

tercera parte fiable *a, b CORRECTO, NORMALIZADO, FEM tercero de confianza *a, c CORRECTO, MASC tercera parte confiable *d, e CORRECTO, FEM TPC *d, e CORRECTO, FEM, VER FICHA TTP *d, e CORRECTO, FEM, VER FICHA

DEF Organisation or its agent that provides one or more security services, and is trusted by other entities with respect to activities related to these security services. *b

DEF Organización, o su agente, que proporciona uno o más servicios de seguridad, y es aceptada como fiduciaria por otras entidades con respecto a actividades relacionadas con estos servicios de seguridad. *a OBS Tercera parte fiable: término normalizado por la UIT. OBS La UIT no reconoce una abreviación para este término. Las abreviaciones �TPC� y �TTP�son menos frecuentes. *a, d

OBS Term and definition standardized by ISO and the ITU. *a, b Sources a* ISO/IEC 10181-1:1996. b* ITU-T, Rec. X.842 (2000). c* ISO/IEC FDIS 15945.

Fuentes a* UIT-T, Rec. X.842 (2000). b* Kriptópolis. Introducción a las Firmas Digitales. c* Pérez, M. Hacia la seguridad en el Comercio Electrónico. d* Autoridad Pública de Certificación Española. e* Álvarez, G. PKI o los Cimientos de una Criptografía de Clave Pública.

Carolina Herrera

CONCLUSION

The objectives of this terminological file have been to 1) produce records for the

fundamental English and Spanish terminology in the subject field of public key cryptography; 2)

guide the user in choosing terms and avoiding the use of pseudo-synonyms, and indicate spelling

or syntactic variants that could create confusion, and 3) discuss a number of terminological

difficulties in the field. I began by accumulating and evaluating documentation, which helped me

to gain a basic understanding of the subject field. I then proceeded to identify and select the

concepts, producing a base list of terms that was compared to some specialized glossaries in

order to eliminate the noise and insert missing concepts. Using the information obtained from

this analysis, I continued with the representation of the conceptual system in English and Spanish.

My next step was to enter the terms and the related textual supports on the terminological records.

Finally, I discussed the main problems encountered while researching and writing the file.

The conclusion drawn from this research is that for English/Spanish terminologists and

translators, the field of public key cryptography poses considerable challenges. Among them are

the constant evolution of the terms and concepts, and the different communicative situations in

which they are used. Moreover, the arbitrary creation of variants is a serious obstacle to

communication as it opens the doors to several alternative terms used simultaneously.

The suggestions given should help users to select and use better public key cryptography

terminology. I do not envision terms being fixed labels for precise concepts since this is an

idealised conception of terminology. But I hope that this work will be a useful start of a

consistent and correct terminology usage in the field of public key cryptography.


BIBLIOGRAPHY

1 Terminology

1.1 Works Cited Bowker, Lynne. Guidelines for Handling Multidimensionality in a Terminological Knowledge

Base. Thesis (M.A.). Ottawa: University of Ottawa, 1992. Cabré, M. Teresa. La Terminología: Teoría, metodología, aplicaciones. Barcelona:

Antártida/Empúries, 1993 Cole, Wayne D. �Terminology: Principles and Methods.� Computers and Translation. Sarasota:

Paradigm Press, 1987. 77-87. Daille, Béatrice et al. �Empirical Observation of Term Variations and Principles for their

Description.� Terminology 3.2 (1996): 197-257. Dubuc, Robert. Terminology: A Practical Approach. Québec: Linguatech, 1997. Pavel, Silvia, and Diane Nolet. Handbook of Terminology. Adapted into English by Christine

Leonhardt. Ottawa: Terminology and Standardization, Translation Bureau, 2001. Picht, Heribert, and Jennifer Draskau. Terminology: An Introduction. Guildford: University of

Surrey, 1985. Sager, Juan C. A Practical Course in Terminology Processing. Philadelphia: J. Benjamins, 1990.

1.2 Reference Works Bowker, Lynne. �You say �flatbed colour scanner�, I say �colour flatbed scanner�: A Descriptive

Study of the Influence of Multidimensionality on Term Formation and Use with Special Reference to the Subject Field of Optical Scanning Technology.� Terminology 4.2 (1997): 275-302.

Meyer, Ingrid, Karen Eck, and Douglas Skuce. �Systematic Representation of Concepts in a

Knowledge-based System.� Handbook of Terminology Management. Amsterdam/Philadelphia: John Benjamins, 1997. 98-118.

Pearson, Jennifer. Terms in Context. Philadelphia: J. Benjamins Pub. Co, 1998. Rondeau, Guy. Introduction à la Terminologie. Montréal: Centre éducatif et culturel Inc, 1984.

Carolina Herrera 66

Temmerman, Rita. Towards New Ways of Terminology Description: The Socio-Cognitive

Approach. Amsterdam; Philadelphia: J. Benjamins Pub. Co, 2000.

1.3 Terminological Files Duguay, Christine. L�Analyse Génétique: fichier terminologique bilingue commenté. M.A. thesis.

Ottawa: University of Ottawa, 1996. González, Genny. Persons with Impaired Vision: Challenges Faced in the Development of a

Terminological Collection. M.A. thesis. Ottawa: University of Ottawa, 2001. Leslie, Lynne. Web Publishing: A Commented Bilingual Terminology File. M.A. thesis. Ottawa:

University of Ottawa, 1997 2 Public Key Cryptography

2.1 English Sources

2.1.1 Hard Copy Sources Adams, Carlile. Understanding Public Key Infrastructure. Indianapolis: Macmillan Technical,

1999. Menezes, Alfred, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied

Cryptography. Boca Raton: CRC Press, 1997. Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C. New

York: Wiley, 1996. Stallings, William. Cryptography and Network Security: Principles and Practice. Upper Saddle

River, N.J.: Prentice Hall, 1999. 2.1.2 On-Line Sources American National Standard for Telecommunications. Telecom Glossary 2000. Last date

updated: December 15, 2000. [http://www.its.bldrdoc.gov/projects/telecomglossary2000/] Accessed: July 30, 2001.

Communications Security Establishment. Government of Canada PKI � White Paper. Published:

February, 1998. [http://www.cse-cst.gc.ca/cse/english/gov.html] Accessed: July 30, 2001.


Department of Justice of Canada. �A Survey of Legal Issues Relating to the Security of

Electronic Information.� Electronic Commerce. Last date updated: September 09, 1997. [http://Canada.justice.gc.ca/en/ps/ec/toc.html] Accessed: July 30, 2001.

Encyclopaedia Britannica. �Cryptography.� [www.britannica.com] Entrust Technologies Resource Center. What is a PKI?

[http://www.entrust.com/resourcecenter/docs/pki.htm] Accessed: April 1, 2001. Fermi National Accelerator Laboratory (Fermilab). Strong Authentication at Fermilab. Last date

updated: July 31, 2001. [http://www.fnal.gov/docs/strongauth/html/glossary.html] Accessed: August 3, 2001.

George Mason University. GSM Security and Encryption.

[http://www.dsinet.org/textfiles/phreaking/gsmsecurity.txt] Accessed: July 30, 2001. Government of Canada, Communications Security Establishment. Government of Canada Public

Key Infrastructure. [http://www.cse-cst.gc.ca/cse/english] Accessed: April 1, 2001. Government of Canada, Department of Justice. A Survey of Legal Issues Relating to the Security

of Electronic Information. Last date updated: December 9, 1997. [http://canada.justice.gc.ca/en/ps/ec/toc.html] Accessed: April 1, 2001.

Government of Canada, Community Access Program. �Community Resources.� Technical

Know How. [http://cap.ic.gc.ca/english/8883.shtml] Accessed: July 30, 2001. Illinois General Assembly. Electronic Commerce Security Act. Last date updated: July 1, 2001.

[http://www.legis.state.il.us/ilcs/ch5/ch5act175articles/ch5act175Sub4.htm] Accessed: July 30, 2001.

Industry Canada. Electronic Commerce in Canada: Security and Cryptography. Last date

updated: December 10, 2000. [http://e-com.ic.gc.ca/english/crypto/631d24.html] Accessed: July 27, 2001.

Information Society Technologies. �Guide to Information Security.� Diffuse Project: European

Commission's programme. Last date updated: January, 2001. [http://www.diffuse.org/secguide.html] Accessed: July 30, 2001.

Institute of Electrical and Electronics Engineers (IEEE). �A New Public-Key Cipher System

Based Upon the Diophantine Equations.� IEEE Transactions on Computers 44.1 (1995). [http://www.computer.org/tc/tc1995/t0013abs.htm] Accessed: July 30, 2001.

International Association for Cryptologic Research. �Lecture Notes in Computer Science.�

Journal of Cryptology. New York: Springer-Verlag New York, Inc, 1996-2000. [http://link.springer.de/link/service/journals/00145/] Accessed: July 30, 2001.

Carolina Herrera 68

Internet.com. Webopedia. [http://www. webopedia.com] Accessed: April 1, 2001. National Institute of Standards and Technology (NIST). U.S. Department of Commerce.

Announcing Plans to Develop a Federal Information Processing Standard for Public-Key Based Cryptographic Key Agreement and Exchange. Last date updated: May 6, 1997. [http://csrc.nist.gov/encryption/kms/ann2.txt] Accessed: July 30, 2001.

National Institute of Standards and Technology (NIST). U.S. Department of Commerce. �Computer Data Authentication.� Computer Systems Technology: Federal Information Processing Standards Publication 113. [http://www.itl.nist.gov/fipspubs/fip113.htm#FIPS_TOP] Accessed: July 30, 2001.

National Institute of Standards and Technology (NIST). U.S. Department of Commerce. Fact

Sheet on Digital Signature Standard, 1994. Last date updated: April 17, 2001. [http://www.nist.gov/public_affairs/releases/digsigst.htm] Accessed: August 3, 2001.

National Institute of Standards and Technology (NIST). U.S. Department of Commerce. �Security in Open Systems.� Computer Systems Technology. NIST Special publication 800-7, 1994. Last date updated: April 17, 2001. [http://csrc.nist.gov/publications/nistpubs/800-7/node2.html] Accessed: July 30, 2001.

National Institute of Standards and Technology (NIST). U.S. Department of Commerce. Security

Requirements for Cryptographic Modules, 1994. Last date updated: April 17, 2001. [http://itl.nist.gov/fipspubs/fip140-1/htm] Accessed: July 30, 2001.

Oracle Technology Network. Public Key Infrastructure.

[http://otn.oracle.com/deploy/security/pki/listing.htm] Accessed: July 30, 2001. Organisation for Economic Co-operation and Development (OECD). The OECD Cryptography

Policy Guidelines and the Report on Background and Issues of Cryptography Policy, March 1997. Last date updated: January 5, 1999. [http://www.oecd.org//dsti/sti/it/secur/prod/e-crypto.htm] Accessed: July 27, 2001.

Scientific American.com. �Confidentially yours: A novel security scheme sidesteps.� Scientific

American June 1998. [http://www.sciam.com/] Accessed: July 30, 2001. Stallings, William. �Introduction to Number Theory.� Lecture Notes for Use with Cryptography

and Network Security. Last date updated: April 24, 1996. [http://williamstallings.com/Extras/Security-Notes/lectures/publickey.html] Accessed: August 3, 2001.

Standards Council of Canada. [http://www.ccn.ca/home.html] Accessed: April 1, 2001.


The International PGP Home Page. �How PGP works.� Introduction to Cryptography in the PGP 6.5.1. Last date updated: July 6, 2001. [http://www.pgpi.org/doc/pgpintro/] Accessed: July 30, 2001.

Utah House of Representatives. Uniform Electronic Transactions Act. Last date updated: July 12,

2001. [http://www.le.state.ut.us/~code/TITLE46/46_03.htm] Accessed: July 30, 2001. World Intellectual Property Organization (WIPO). PKI Architecture for the E-PCT Standard.

Last date updated: January 30, 2001. [http://pcteasy.wipo.int/efiling_standards/a5pr2e.pdf] Accessed: July 30, 2001.

World Wide Web Consortium. �Digital Qualification - Direct Deployment of PKC in the Access

Control of Diverse Content and Services.� Workshop on Digital Rights Management for the Web. Last date updated: March 8, 2001. [http://www.w3.org/2000/12/drm-ws/pp/accessticket.html] Accessed: July 30, 2001.

2.2 Spanish Sources 2.2.1 On-Line Sources Álvarez, Gonzalo. �Comercio Electrónico.� Criptonomicón.

[http://www.iec.csic.es/criptonomicon/comercio/ssl.html#top] Visitada: 5.8.2001. ---. �Correo Seguro.� Criptonomicón. [www.iec.csic.es/criptonomicon/seguridad] Visitada:

30.7.2001. ---. �Gestión de Claves.� Criptonomicón.

[http://www.iec.csic.es/criptonomicon/seguridad/claves.html] Visitada: 3.8.2001. ---. �PKI o los Cimientos de una Criptografía de Clave Pública�. Criptonomicón.

[http://www.iec.csic.es/criptonomicon/susurros/susurros11.html] Visitada: 30.7.2001. Álvarez, Gonzálo, et al. Generación de Claves del Criptosistema de Clave Pública de Blum,

Blum y Shub. V Reunión Española sobre Criptología, 1998. [http://www.iec.csic.es/~gonzalo/publis/publis.html] Visitada: 30.7.2001.

Arce, Alfonso y Federico Díaz. �La Firma Digital. Aspectos Jurídicos. Su Aplicación a las

Comunicaciones Previstas por la Ley 22.172.� Revista Electrónica de Derecho Informático, 16.11.1999. [http://publicaciones.derecho.org/redi/No._16_-_Noviembre_de_1999/3] Visitada: 30.7.2001.

Arnal: Tecnologías de la Información. Ley General de Telecomunicaciones de España. Última

modificación: 6.7.1998. [http://www.arnal.es/free/coms/cripto-52.html] Visitada: 30.7.2001.

Carolina Herrera 70

Autoridad Pública de Certificación Española. Conceptos de Criptografía. [http://www.cert.fnmt.es/faq.htm] Visitada: 30.7.2001.

Bover, Jordi, y Rosa Colomer. �La Intervención del Especialista en la Normalización

Terminológica.� Actas de la Conferencia sobre la Cooperación en Materia de Terminología en Europa. París del 17 al 19 de mayo de 1999. [http://www.eaft-aet.net/actes/BOVER_COLOMER.htm] Visitada: 3.8.2001.

Carlos, B. Criptografia, Maple y RSA. [http://www.kriptopolis.com/pubs.html] Visitada:

30.4.2001. Casacuberta, David, y José Luis Más. Diccionario de Ciberderechos.

[http://www.kriptopolis.com/dicc.html] Visitada: 30.7.2001. Centro de Estudios Monetarios Latinoamericanos (CEMLA). Lista de Términos y Abreviaturas

Aplicados en Materia de Sistema de Pagos. [http://www.cemla.org/pdf/sp-glosario.PDF] Visitada: 30.7.2001.

Consumo2000. Curso Básico de Comercio Electrónico para Consumidores y Usuarios.

[http://www.consumo2000.org/texto.htm] Visitada: 14.7.2001. Hebe, Fabiana. �Argentina: E-Commerce: La Nueva Realidad Comercial.� Revista Electrónica

de Derecho Informático. 3.2001. [http://publicaciones.derecho.org/redi/No._32_-_Marzo_del_2001/8] Visitada: 30.7.2001.

Gobierno de Uruguay. Complementación de la Definición y Configuración del Sistema de

Intercambio de Información de Seguridad entre los Estados Partes del Mercosur. [http://www.mrree.gub.uy/Mercosur/ConsejoMercadoComun/Reunion18/Anexo2/dec18.html] Visitada: 14.7.2001.

Iriarte, Erick. �Firma Digital y Certificado Digital. El Proyecto Peruano.� Revista Electrónica de

Derecho Informático. 14.9.1999. [http://publicaciones.derecho.org/redi/No._14_-_Septiembre_de_1999/9] Visitada: 30.7.2001.

Jiménez, José Carlos. �Comercio electrónico, Internet y su Seguridad.� Bit 126 (2001).

[http://www.iies.es/teleco/publicac/publbit/bit126/sumario.htm] Visitada: 5.8.2001. Kriptópolis. �Introducción a las Firmas Digitales.� Kriptópolis 2001.

[http://www.kriptopolis.com/docs/firmad.html] Visitada: 30.7.2001. Lucena López, Manuel. Criptografía y Seguridad en Computadores. Kriptópolis, 2001.

[http://www.kriptopolis.com/cys.html] Visitada: 30.7.2001. ---. Fisgones. Kriptópolis, 2000. [http://www.kriptopolis.com/luc/20000224.html] Visitada:

30.7.2001.


Martínez, Fernando. ¿Qué son los Certificados Digitales?. [http://www.iec.csic.es/criptonomicon/articulos/expertos51.html] Visitada: 30.7.2001.

Mendívil, Ignacio. El ABC de los Documentos Electrónicos Seguros. Kriptópolis, 2001.

[http://www.kriptopolis.com/pubs.html] Visitada: 30.4.2001. Microsoft TechNet. Fundamentos de Criptografía y de PKI. Última modificación: 19.7.2001.

[http://www.microsoft.com/spain/technet/comunidad/articulos/welcome3.asp?opcion=2006]. Visitada: 30.7.2001.

Microsoft TechNet. Introducción a la Infraestructura de Claves Públicas. Última modificación:

19.7.2001. [www.microsoft.com/latam/technet/articulos/windows2k/pkiintro] Visitada: 30.7.2001.

Organización Mundial de la Propiedad Intelectual (OMPI): Comercio Electrónico y Propiedad

Intelectual. Comité Permanente sobre el Derecho de Patentes. Última modificación: 18.12.1998. [http://www.wipo.org/spa/document/scp_ce/pdf/scp1_11.pdf] Visitada: 30.7.2001.

---. Tecnología de los Sistemas Digitales para la Seguridad y Autenticación de los Servicios que

Ofrecen las Oficinas de Propiedad Intelectual. [http://ecommerce.wipo.int/primer/annex2-es.html] Visitada: 30.7.2001.

Pérez Pereira, María. �Hacia la seguridad en el Comercio Electrónico.� Revista Electrónica de

Derecho Informático 11.6.1999. [http://publicaciones.derecho.org/redi/No._11_-_Junio_de_1999/pereira] Visitada: 30.7.2001.

PGP Security. PGP Keyserver.

[www.pgp.com/international/spain/products/keyserver/default.asp] Visitada: 30.7.2001. Pons, M. Criptología. Kriptópolis, 2001. [http://www.kriptopolis.com/pubs.html] Visitada:

30.4.2001. Quirantes, Arturo. �Depósito de claves en la FNMT�. Boletín Kriptópolis 10.1999.

[http://www.kriptopolis.com/boletin/0137.html] Visitada: 30.7.2001. Schneier, Bruce. Criptograma 10.1998. [http://www.kriptopolis.com/criptograma/cg.html]

Visitada: 30.7.2001. The International PGP Home Page. �Cifrado de clave pública para todos.� Guía del usuario de

PGP. Última modificación: 6.7.2001. [http://www.pgpi.org/docs/spanish1.txt] Visitada: 30.7.2001.

Carolina Herrera 72

APPENDIX I � INDEX OF ENGLISH TERMS asymmetric algorithm, 56 asymmetric cryptographic system, 55 asymmetric cryptography, 38 asymmetric cryptosystem, 55 attribute certificate, 50 authentication, 41 CA certificate, 49 certificate, 48 certification authority certificate, 49 ciphering, 39 ciphering key, 57, 60 confidentiality, 44 cryptographic key, 57, 60 data encrypting key, 60 data encryption, 39 data encryption key, 60 data integrity, 46 data origin authentication, 41, 43 deciphering, 40 deciphering key, 61 decipherment, 40 decipherment key, 61 decoding, 40 decrypting, 40 decryption, 40 decryption key, 61 digital certificate, 48 enciphering, 39 enciphering key, 60 encipherment, 39 encipherment key, 57, 60 encryption, 39 encryption key, 57, 60

entity authentication, 41, 42 integrity, 46 key, 57, 60 key backup, 54 key distribution, 53 key escrow, 54 key generation, 52 key management, 51 key storage, 54 non repudiation, 45 nonrepudiation, 45 non-repudiation, 45 PKC, 38 PKI, 47 private key, 58 public key, 59 public key algorithm, 56 public key certificate, 48 public key cryptographic algorithm, 56 public key cryptographic system, 55 public key cryptography, 38 public key cryptosystem, 55 public key encryption algorithm, 56 public key infrastructure, 47 public-key cryptography, 38 secret key, 58 session key, 62 transaction key, 62 trusted third party, 63 TTP, 63 two-key cryptography, 38 user certificate, 48


APPENDIX II � INDEX OF SPANISH TERMS aceptación obligatoria, 45 administración de claves, 51 algoritmo asimétrico, 56 algoritmo de cifrado de clave pública, 56 algoritmo de clave pública, 56 almacenamiento de claves, 54 autenticación, 41 autenticación de entidad, 41, 42 autenticación del origen de los datos, 41, 43 autentificación, 41 certificado, 48 certificado de atributos, 50 certificado de autoridad de certificación, 49 certificado de clave pública, 48 certificado de usuario, 48 certificado digital, 48 cifrado, 39 clave, 57, 60 clave criptográfica, 57, 60 clave de cifrado, 57, 60 clave de criptación, 60 clave de descencriptación, 61 clave de descifrado, 61 clave de encripción, 60 clave de encriptación, 60 clave de sesión, 62 clave privada, 58 clave pública, 59 clave secreta, 58 codificación, 39 codificación de datos, 39 confidencialidad, 44 criptación, 39

criptografía asimétrica, 38 criptografía de clave asimétrica, 38 criptografía de clave pública, 38 criptografía de claves públicas, 38 criptosistema asimétrico, 55 criptosistema de clave pública, 55 decripción, 40 depósito de claves, 54 descifrado, 40 descriptación, 40 desencriptación, 40 distribución de claves, 53 encripción, 39 encriptación, 39 generación de claves, 52 gestión de claves, 51 infraestructura de clave pública, 47 infraestructura de claves públicas, 47 infraestructura PKI, 47 integridad, 46 integridad de datos, 46 no rechazo, 45 no repudiación, 45 no repudio, 45 sistema criptográfico asimétrico, 55 sistema de cifrado asimétrico, 55 tercera parte confiable, 63 tercera parte fiable, 63 tercero de confianza, 63 TPC, 63 TTP, 63

Carolina Herrera 74

APPENDIX III � INDEX OF ENGLISH AND SPANISH TERMS aceptación obligatoria, 45 administración de claves, 51 algoritmo asimétrico, 56 algoritmo de cifrado de clave pública, 56 algoritmo de clave pública, 56 almacenamiento de claves, 54 asymmetric algorithm, 56 asymmetric cryptographic system, 55 asymmetric cryptography, 38 asymmetric cryptosystem, 55 attribute certificate, 50 autenticación, 41 autenticación de entidad, 41, 42 autenticación del origen de los datos, 41, 43 autentificación, 41 authentication, 41 CA certificate, 49 certificado, 48 certificado de atributos, 50 certificado de autoridad de certificación, 49 certificado de clave pública, 48 certificado de usuario, 48 certificado digital, 48 certificate, 48 certification authority certificate, 49 cifrado, 39 ciphering, 39 ciphering key, 57, 60 clave, 57, 60 clave criptográfica, 57, 60 clave de cifrado, 57, 60 clave de criptación, 60 clave de descencriptación, 61 clave de descifrado, 61 clave de encripción, 60 clave de encriptación, 60 clave de sesión, 62 clave privada, 58 clave pública, 59 clave secreta, 58 codificación, 39 codificación de datos, 39 confidencialidad, 44 confidentiality, 44 criptación, 39 criptografía asimétrica, 38 criptografía de clave asimétrica, 38 criptografía de clave pública, 38

criptografía de claves públicas, 38 criptosistema asimétrico, 55 criptosistema de clave pública, 55 cryptographic key, 57, 60 data encrypting key, 60 data encryption, 39 data encryption key, 60 data integrity, 46 data origin authentication, 41, 43 deciphering, 40 deciphering key, 61 decipherment, 40 decipherment key, 61 decoding, 40 decripción, 40 decrypting, 40 decryption, 40 decryption key, 61 depósito de claves, 54 descifrado, 40 descriptación, 40 desencriptación, 40 digital certificate, 48 distribución de claves, 53 enciphering, 39 enciphering key, 60 encipherment, 39 encipherment key, 57, 60 encripción, 39 encriptación, 39 encryption, 39 encryption key, 57, 60 entity authentication, 41, 42 generación de claves, 52 gestión de claves, 51 infraestructura de clave pública, 47 infraestructura de claves públicas, 47 infraestructura PKI, 47 integridad, 46 integridad de datos, 46 integrity, 46 key, 57, 60 key backup, 54 key distribution, 53 key escrow, 54 key generation, 52 key management, 51 key storage, 54


no rechazo, 45 no repudiación, 45 no repudio, 45 non repudiation, 45 nonrepudiation, 45 non-repudiation, 45 PKC, 38 PKI, 47 private key, 58 public key, 59 public key algorithm, 56 public key certificate, 48 public key cryptographic algorithm, 56 public key cryptographic system, 55 public key cryptography, 38 public key cryptosystem, 55

public key encryption algorithm, 56 public key infrastructure, 47 public-key cryptography, 38 secret key, 58 session key, 62 sistema criptográfico asimétrico, 55 sistema de cifrado asimétrico, 55 tercera parte confiable, 63 tercera parte fiable, 63 tercero de confianza, 63 TPC, 63 transaction key, 62 trusted third party, 63 TTP, 63 two-key cryptography, 38 user certificate, 48