FIPS Standard

Cryptographic key component (key component): a parameter used in conjunction with other key

components in an Approved security function to form a plaintext cryptographic key or perform a

cryptographic function.

Cryptographic module: the set of hardware, software, and/or firmware that implements Approved security

functions (including cryptographic algorithms and key generation) and is contained within the

cryptographic boundary.

Cryptographic module security policy: a precise specification of the security rules under which a

cryptographic module will operate, including the rules derived from the requirements of this standard and

additional rules imposed by the vendor. (See Appendix C.)

Crypto officer: an operator or process (subject), acting on behalf of the operator, performing cryptographic

initialization or management functions.

Data path: the physical or logical route over which data passes; a physical data path may be shared by

multiple logical data paths.

Differential power analysis (DPA): an analysis of the variations of the electrical power consumption of a

cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of

extracting information correlated to cryptographic keys used in a cryptographic algorithm.

Digital signature: the result of a cryptographic transformation of data which, when properly implemented,

provides the services of:

1. origin authentication

2. data integrity, and

3. signer non-repudiation.

Electromagnetic compatibility (EMC): the ability of electronic devices to function satisfactorily in an

electromagnetic environment without introducing intolerable electromagnetic disturbances to other devices

in that environment.

Electromagnetic interference (EMI): electromagnetic emissions from a device, equipment, or system that

interfere with the normal operation of another device, equipment, or system.

Electronic key entry: the entry of cryptographic keys into a cryptographic module using electronic methods

such as a smart card or a key-loading device. (The operator of the key may have no knowledge of the value

of the key being entered.)

Encrypted key: a cryptographic key that has been encrypted using an Approved security function with a key

encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key.

Environmental failure protection (EFP): the use of features to protect against a compromise of the security

of a cryptographic module due to environmental conditions or fluctuations outside of the module's normal

operating range.

Environmental failure testing (EFT): the use of testing to provide a reasonable assurance that the security

of a cryptographic module will not be compromised by environmental conditions or fluctuations outside of

the module's normal operating range.

Error detection code (EDC): a code computed from data and comprised of redundant bits of information

designed to detect, but not correct, unintentional changes in the data.