For the purposes of these Guidelines.

[35] “Authentication” means the process of establishing the validity of a claimed identity of a user, devise or other entity in an information system.

SECRETARIAT NOTE: “Authentication” could refer to either a user or a machine (i.e., when a message comes from a trusted system). Furthermore, the dictionary definition of “authentication” is “to establish as genuine or valid”. This definition has been selected because it includes both of these concepts.

[36] “Confidentiality” means the property that information is not made available or disclosed to unauthorised individuals, entities, or processes.

SECRETARIAT NOTE: The two options previously given for this definition were very similar. The definition which has been selected is simpler and states all necessary concepts. This definition of “confidentiality” is used by ISO and ITU.

[37] “Cryptography” means the discipline which embodies principles, means, and methods for the transformation of data in order to hide its information content, prevent its undetected modification, establish its authenticity, and/or prevent its unauthorised use.

SECRETARIAT NOTE: A clear majority of delegations preferred this definition. It has been slightly modified to include the concept of “authenticity”.

[38] “Cryptographic key” means a parameter used with an algorithm to transform, validate, authenticate, encrypt or decrypt data.

[39] “Cryptographic methods” means hardware and software techniques, services, systems and products that use cryptography.

SECRETARIAT NOTE: This definition is included for the first time in this draft. A suggestion was made to add the following text to the end of the above definition:

“...for the confidentiality, integrity, non-repudiation or authenticity of information transferred over telecommunications and information networks or stored electronically, including techniques that do and do not generate keys that can be stored by a keyholder”.

[40] “Data” means information or communications, including that in digital or electronic form, which can be collected, stored, transmitted, processed, disseminated, conveyed, exchanged or administered.

[41] “Decryption” means the transformation of encrypted data back to its original intelligible form (plaintext) by using a cryptographic method.