K Terms — Election Security Glossary

A user identity that is designated by a key management infrastructure operating account (KOA) manager to access primary services node (PRSN) product delivery enclaves for the purpose of retrieving wra…

An IT architectural model for centrally ingesting and collecting any type of log files coming from any given source or location such as servers, applications, and devices

A widely used authentication protocol developed at the Massachusetts Institute of Technology (MIT). In “classic” Kerberos, users share a secret password with a Key Distribution Center (KDC). The user,…

A numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. Usually a sequence of random or pseudorandom bits used init…

Functions of loading, storing, copying, and distributing the keys and producing the necessary audit information to support those functions. (System Unique).

A key-establishment procedure where resultant keying material is a function of information contributed by two or more participants, so that no party can predetermine the value of the keying material i…

The three cryptographic keys (Key1, Key2, Key3) that are used with a Triple Data Encryption Algorithm (TDEA) mode. (SP 800-67) (NISTIR)

The transport of a key and other keying material from an entity that either owns or generates the key to another entity that is intended to use the key.

COMSEC facility generating and distributing key in electronic form.

A key that encrypts other key (typically traffic encryption keys (TEKs)) for transmission or storage.

An envelope containing keys to voting mach ines in a precinct. La. Rev. Stat. Ann. §18:553(A).

The retention of the private component of the key pair associated with a subscriber’s encryption certificate to support key recovery.

The system responsible for storing and providing a mechanism for obtaining copies of private keys associated with encryption certificates, which are necessary for the recovery of encrypted data.

A function in the lifecycle of keying material; the process by which cryptographic keys are securely established among cryptographic modules using manual transport methods (e.g., key loaders), automat…

Process of exchanging public keys (and other information) in order to establish secure communications.

Routine used to generate a series of Round Keys from the Cipher Key. (FIPS 197) (NISTIR)

Random numbers, pseudo-random numbers, and cryptographic parameters used in generating cryptographic keys.

A printed series of key settings for a specific cryptonet. Key lists may be produced in list, pad, or printed tape format.

A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.

A program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures. (SP 800-82) (NISTIR)

Activities involving the handling of cryptographic keys and other related security parameters (e.g., passwords) during the entire life cycle of the keys, including their generation, storage, establish…

A unit that provides for secure electronic distribution of encryption keys to authorized users.

(KME) Any activity/organization that performs key management related functionality and has been assigned an electronic key management system (EKMS) ID.

The framework and services that provide the generation, production, storage, protection, distribution, control, tracking, and destruction for all cryptographic keying material, symmetric keys as well …

A public key and its corresponding private key; a key pair is used with a public key algorithm.

(KP) The high-assurance cryptographic component in electronic key management system (EKMS) designed to provide for the local generation of keying material, encryption, and decryption of key, key load …

Key used to initialize a keystream generator for the production of other electronically generated key. (CNSSI-4009) (NISTIR)

A function in the lifecycle of keying material; mechanisms and processes that allow authorized entities to retrieve or reconstruct keying material from key backup or archive.

A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance.

Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security p…

Identification information associated with certain types of electronic key.

Punched or magnetic tape containing key. Printed key in tape form is referred to as a key list.

A key-establishment procedure whereby one party (the sender) selects and encrypts the keying material and then distributes the material to another party (the receiver).

A function performed on a cryptographic key in order to compute a new, but related, key.

Irreversible cryptographic process for modifying key. (CNSSI-4009) (NISTIR)

A method of encrypting keying material (along with associated integrity information) that provides both confidentiality and integrity protection using a symmetric key algorithm. (SP 800-56A) (NISTIR)

Cryptographic logic using previous key to produce key. (CNSSI-4009) (NISTIR)

A message authentication code that uses a cryptographic key in conjunction with a hash function.

Key, code, or authentication information in physical, electronic, or magnetic form. It includes key tapes and list, codes, authenticators, one-time pads, floppy disks, and magnetic tapes containing ke…

Devices or programmes in operation between the computer and the keyboard to record keystrokes.

Repositories that contain cryptographic artifacts like certificates and private keys that are used for cryptographic protocols such as TLS

The process used to view or record both the keystrokes entered by a computer user and the computer’s response during an interactive session. Keystroke monitoring is usually considered a special case o…

A voting method intermediate between voting at a polling place and fully remote (e.g. Internet) voting. The voter casts her vote at a kiosk installed and maintained by election authorities.

Kiosk-based Internet voting refers to Internet voting conducted from a voting platform provided by public or private sponsor, somewhat like a bank ATM is provided by a bank, and in contrast to voting …

A user device that has a user identity for which the registration has significance across the entire key management infrastructure (KMI) (i.e., the identity’s registration data is maintained in a data…

In the NICE Framework, cybersecurity work where a person: Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and informatio…