The following words and terms, when used in this chapter, shall have the following meanings, unless the context clearly indicates otherwise.
(1) Asymmetric cryptosystem--A computer-based system that employs two different but mathematically related keys with the following characteristics:
- (A) one key encrypts a given message;
- (B) one key decrypts a given message; and
- (C) the keys have the property that, knowing one key, it is computationally infeasible to discover the other key.
(2) Certificate--A message which:
- (A) identifies the certification authority issuing it;
- (B) names or identifies its subscriber;
- (C) contains the subscriber's public key;
- (D) identifies its operational period;
- (E) is digitally signed by the certification authority issuing it, and
- (F) conforms to ISO X.509 Version 3 standards.
- (3) Certificate Manufacturer--A person that provides operational services for a Certification Authority or PKI Service Provider. The nature and scope of the obligations and functions of a Certificate Manufacturer depend on contractual arrangements between the Certification Authority or other PKI Service Provider and the Certificate Manufacturer.
- (4) Certificate Policy--A document prepared by a Policy Authority that describes the parties, scope of business, functional operations, and obligations between and among PKI Service Providers and End Entities who engage in electronic transactions in a Public Key Infrastructure.
- (5) Certification Authority--A person who issues a certificate.
- (6) Certification practice statement-- Documentation of the practices, procedures, and controls employed by a Certification Authority.
- (7) Department--Department of Information Resources
- (8) Digital signature--An electronic identifier intended by the person using it to have the same force and effect as the use of a manual signature, and that complies with the requirements of this section.
- (9) Digitally-signed communication--A message that has been processed by a computer in such a manner that ties the message to the individual that signed the message.
- (10) Electronic--Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
- (11) Electronic record--A record created, generated, sent, communicated, received, or stored by electronic means.
- (12) Electronic signature--An electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
- (13) End Entities--Subscribers or Signers and Relying Parties.
- (14) Escrow agent--A person who holds a copy of a private key at the request of the owner of the private key in a trustworthy manner.
- (15) Expert--A person with demonstrable skill and knowledge based on training and experience who would qualify as an expert under Rule 702 of the Texas Rules of Evidence.
- (16) Handwriting measurements--The metrics of the shapes, speeds and/or other distinguishing features of a signature as the person writes it by hand with a pen or stylus on a flat surface.
- (17) Key pair--A private key and its corresponding public key in an asymmetric cryptosystem. The keys have the property that the public key can verify a digital signature that the private key creates.
- (18) Local government--A county, municipality, special district, or other political subdivision of this state or another state, or a combination of two or more of those entities, but excluding an agency in the judicial branch of local government.
- (19) Message--A digital representation of information.
- (20) Person--An individual, state agency, institution of higher education, local government, corporation, partnership, association, organization, or any other legal entity.
- (21) PKI--Public Key Infrastructure.
- (22) PKI Service Provider--A Certification Authority, Certificate Manufacturer, Registrar, or any other person that performs services pertaining to the issuance or verification of certificates.
- (23) Policy Authority--A person with final authority and responsibility for specifying a Certificate Policy.
- (24) Private key--The key of a key pair used to create a digital signature.
- (25) Proof of Identification--The document or documents or other evidence presented to a Certification Authority to establish the identity of a subscriber.
- (26) Public key--The key of a key pair used to verify a digital signature.
- (27) Public Key Cryptography--A type of cryptographic technology that employs an asymmetric cryptosystem.
- (28) Record--Information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.
- (29) Registrar--A person that gathers evidence necessary to confirm the accuracy of information to be included in a Subscriber's certificate.
- (30) Relying Party--A state agency, including an institution of higher education, that has received an electronic message that has been signed with a digital signature and is in a position to rely on the message and signature.
- (31) Role-based key--A key pair issued to a person to use when acting in a particular business or organizational capacity.
- (32) Signature Dynamics--Measuring the way an individual writes his or her signature by hand on a flat surface and binding the measurements to a message through the use of cryptographic techniques.
- (33) Signer--The person who signs a digitally signed communication with the use of an acceptable technology to uniquely link the message with the person sending it.
(34) Subscriber--A person who:
- (A) is the subject listed in a certificate;
- (B) accepts the certificate; and
- (C) holds a private key which corresponds to a public key listed in that certificate.
- (35) Technology--The computer hardware and/or software-based method or process used to create digital signatures.
- (36) Transaction--An action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs, where one of the persons is a state agency, including an institution of higher education.
- (37) Written electronic communication--A message that is sent by one person to another person.
Source Note:The provisions of this §203.1 adopted to be effective November 28, 2004, 29 TexReg 10710.