[Code of Federal Regulations] [Title 21, Volume 1] [Revised as of April 1, 2005] From the U.S. Government Printing Office via GPO Access [CITE: 21CFR1311.02] [Page 142-143] TITLE 21-FOOD AND DRUGS CHAPTER II--DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE PART 1311_DIGITAL CERTIFICATES--Table of Contents Subpart A_General Sec. 1311.02 Definitions. For the purposes of this chapter: Biometric authentication means authentication based on measurement of the individual's physical features or repeatable actions where those features or actions are both unique to the individual and measurable. Cache means to download and store information on a local server or hard drive. Certificate Policy means a named set of rules that sets forth the applicability of the specific digital certificate to a particular community or class of application with common security requirements. Certificate Revocation List (CRL) means a list of revoked, but unexpired certificates issued by a Certification Authority. Certification Authority (CA) means an organization that is responsible for verifying the identity of applicants, authorizing and issuing a digital certificate, maintaining a directory of public keys, and maintaining a Certificate Revocation List. CSOS means controlled substance ordering system. Digital certificate means a data record that, at a minimum: (1) Identifies the certification authority issuing it; (2) Names or otherwise identifies the certificate holder; (3) Contains a public key that corresponds to a private key under the sole control of the certificate holder; (4) Identifies the operational period; and (5) Contains a serial number and is digitally signed by the Certification Authority issuing it. Digital signature means a record created when a file is algorithmically transformed into a fixed length digest that is then encrypted using an asymmetric cryptographic private key associated with a digital certificate. The combination of the encryption and algorithm transformation ensure that the signer's identity and the integrity of the file can be confirmed. Electronic signature means a method of signing an electronic message that identifies a particular person as the source of the message and indicates the person's approval of the information contained in the message. FIPS means Federal Information Processing Standards. These Federal standards, as incorporated by reference in Sec. 1311.08, prescribe specific performance requirements, practices, formats, communications protocols, etc., for hardware, software, data, etc. FIPS 140-2, as incorporated by reference in Sec. 1311.08, means a Federal standard for security requirements for cryptographic modules. FIPS 180-2, as incorporated by reference in Sec. 1311.08, means a Federal secure hash standard. FIPS 186-2, as incorporated by reference in Sec. 1311.08, means a Federal standard for applications used to generate and rely upon digital signatures. Key pair means two mathematically related keys having the properties that: (1) One key can be used to encrypt a message that can only be decrypted using the other key; and (2) Even knowing one key, it is computationally infeasible to discover the other key. NIST means the National Institute of Standards and Technology. Private key means the key of a key pair that is used to create a digital signature. [[Page 143]] Public key means the key of a key pair that is used to verify a digital signature. The public key is made available to anyone who will receive digitally signed messages from the holder of the key pair. Public Key Infrastructure (PKI) means a structure under which a Certification Authority verifies the identity of applicants, issues, renews, and revokes digital certificates, maintains a registry of public keys, and maintains an up-to-date Certificate Revocation List.