The following words and terms, when used in this chapter, shall
have the following meanings, unless the context clearly indicates
otherwise.
(1) Asymmetric cryptosystem--A computer-based system
that employs two different but mathematically related keys with the
following characteristics:
(A) one key encrypts a given message;
(B) one key decrypts a given message; and
(C) the keys have the property that, knowing one key,
it is computationally infeasible to discover the other key.
(2) Certificate--A message which:
(A) identifies the certification authority issuing
it;
(B) names or identifies its subscriber;
(C) contains the subscriber's public key;
(D) identifies its operational period;
(E) is digitally signed by the certification authority
issuing it; and
(F) conforms to ISO X.509 Version 3 standards.
(3) Certificate Manufacturer--A person that provides
operational services for a Certification Authority or PKI Service
Provider. The nature and scope of the obligations and functions of
a Certificate Manufacturer depend on contractual arrangements between
the Certification Authority or other PKI Service Provider and the
Certificate Manufacturer.
(4) Certificate Policy--A document prepared by a Policy
Authority that describes the parties, scope of business, functional
operations, and obligations between and among PKI Service Providers
and End Entities who engage in electronic transactions in a Public
Key Infrastructure.
(5) Certification Authority--A person who issues a
certificate.
(6) Certification practice statement--Documentation
of the practices, procedures, and controls employed by a Certification
Authority.
(7) Digital signature-- An electronic identifier that
currently provides higher levels of security and universal acceptance.
Digital signatures are based on Public Key Infrastructure (PKI) technology,
and guarantee signer identity and intent, data integrity, and the
non-repudiation of signed records. The digital signature cannot be
copied, tampered with or altered.
(8) Digitally signed communication--A message that
has been processed by a computer in such a manner that ties the message
to the individual that signed the message.
(9) Electronic--Relating to technology having electrical,
digital, magnetic, wireless, optical, electromagnetic, or similar
capabilities.
(10) Electronic record--A record created, generated,
sent, communicated, received, or stored by electronic means.
(11) Electronic signature--An electronic sound, symbol,
or process attached to or logically associated with a record and executed
or adopted by a person with the intent to sign the record. Digital
signatures are a subset of electronic signatures.
(12) End Entities--Subscribers or Signers and Relying
Parties.
(13) Escrow agent--A person who holds a copy of a private
key at the request of the owner of the private key in a trustworthy
manner.
(14) Expert--A person with demonstrable skill and knowledge
based on training and experience who would qualify as an expert under
Rule 702 of the Texas Rules of Evidence.
(15) Handwriting measurements--The metrics of the shapes,
speeds and/or other distinguishing features of a signature as the
person writes it by hand with a pen or stylus on a flat surface.
(16) Key pair--A private key and its corresponding
public key in an asymmetric cryptosystem. The keys have the property
that the public key can verify a digital signature that the private
key creates.
(17) Local government--A county, municipality, special
district, or other political subdivision of this state or another
state, or a combination of two or more of those entities, but excluding
an agency in the judicial branch of local government.
(18) Message--A digital representation of information.
(19) Person--An individual, state agency, institution
of higher education, local government, corporation, partnership, association,
organization, or any other legal entity.
(20) PKI--Public Key Infrastructure; A set of policies,
processes, server platforms, software and workstations used for the
purpose of administering certificates and public-private key pairs,
including the ability to issue, maintain, and revoke public key certificates.
(21) PKI Service Provider--A Certification Authority,
Certificate Manufacturer, Registrar, or any other person that performs
services pertaining to the issuance or verification of certificates.
(22) Policy Authority--A person with final authority
and responsibility for specifying a Certificate Policy.
(23) Private key-- The secret part of an asymmetric
key pair that is used to digitally sign or decrypt data.
(24) Proof of Identification--The document or documents
or other evidence presented to a Certification Authority to establish
the identity of a subscriber.
(25) Public key-- The public part of an asymmetric
key pair that is used to verify signatures or encrypt data.
(26) Public Key Cryptography--A type of cryptographic
technology that employs an asymmetric cryptosystem.
(27) Record--Information that is inscribed on a tangible
medium or that is stored in an electronic or other medium and is retrievable
in perceivable form.
(28) Registrar--A person that gathers evidence necessary
to confirm the accuracy of information to be included in a Subscriber's
certificate.
(29) Relying Party--A state agency, including an institution
of higher education, that has received an electronic message that
has been signed with a digital signature and is in a position to rely
on the message and signature.
(30) Role-based key--A key pair issued to a person
to use when acting in a particular business or organizational capacity.
(31) Signer--The person who signs a digitally signed
communication with the use of an acceptable technology to uniquely
link the message with the person sending it.
(32) Subscriber--A person who:
(A) is the subject listed in a certificate;
(B) accepts the certificate; and
(C) holds a private key which corresponds to a public
key listed in that certificate.
(33) Technology--The computer hardware and/or software-based
method or process used to create digital signatures.
(34) Transaction--An action or set of actions occurring
between two or more persons relating to the conduct of business, commercial,
or governmental affairs, where one of the persons is a state agency,
including an institution of higher education.
(35) Written electronic communication--A message that
is sent by one person to another person.
|
Source Note: The provisions of this §203.1 adopted to be effective November 28, 2004, 29 TexReg 10710; amended to be effective September 20, 2011, 36 TexReg 6143; amended to be effective November 23, 2015, 40 TexReg 8191; amended to be effective November 23, 2017, 42 TexReg 6505 |