The following words and terms, when used in this chapter, shall have the following meanings, unless the context clearly indicates otherwise. (1) Asymmetric cryptosystem--A computer-based system that employs two different but mathematically related keys with the following characteristics: (A) one key encrypts a given message; (B) one key decrypts a given message; and (C) the keys have the property that, knowing one key, it is computationally infeasible to discover the other key. (2) Certificate--A message which: (A) identifies the certification authority issuing it; (B) names or identifies its subscriber; (C) contains the subscriber's public key; (D) identifies its operational period; (E) is digitally signed by the certification authority issuing it; and (F) conforms to ISO X.509 Version 3 standards. (3) Certificate Manufacturer--A person that provides operational services for a Certification Authority or PKI Service Provider. The nature and scope of the obligations and functions of a Certificate Manufacturer depend on contractual arrangements between the Certification Authority or other PKI Service Provider and the Certificate Manufacturer. (4) Certificate Policy--A document prepared by a Policy Authority that describes the parties, scope of business, functional operations, and obligations between and among PKI Service Providers and End Entities who engage in electronic transactions in a Public Key Infrastructure. (5) Certification Authority--A person who issues a certificate. (6) Certification practice statement--Documentation of the practices, procedures, and controls employed by a Certification Authority. (7) Digital signature--An electronic identifier intended by the person using it to have the same force and effect as the use of a manual signature, and that complies with the requirements of this chapter. (8) Digitally-signed communication--A message that has been processed by a computer in such a manner that ties the message to the individual that signed the message. (9) Electronic--Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities. (10) Electronic record--A record created, generated, sent, communicated, received, or stored by electronic means. (11) Electronic signature--An electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. (12) End Entities--Subscribers or Signers and Relying Parties. (13) Escrow agent--A person who holds a copy of a private key at the request of the owner of the private key in a trustworthy manner. (14) Expert--A person with demonstrable skill and knowledge based on training and experience who would qualify as an expert under Rule 702 of the Texas Rules of Evidence. (15) Handwriting measurements--The metrics of the shapes, speeds and/or other distinguishing features of a signature as the person writes it by hand with a pen or stylus on a flat surface. (16) Key pair--A private key and its corresponding public key in an asymmetric cryptosystem. The keys have the property that the public key can verify a digital signature that the private key creates. (17) Local government--A county, municipality, special district, or other political subdivision of this state or another state, or a combination of two or more of those entities, but excluding an agency in the judicial branch of local government. (18) Message--A digital representation of information. (19) Person--An individual, state agency, institution of higher education, local government, corporation, partnership, association, organization, or any other legal entity. (20) PKI--Public Key Infrastructure. (21) PKI Service Provider--A Certification Authority, Certificate Manufacturer, Registrar, or any other person that performs services pertaining to the issuance or verification of certificates. (22) Policy Authority--A person with final authority and responsibility for specifying a Certificate Policy. (23) Private key--The key of a key pair used to create a digital signature. (24) Proof of Identification--The document or documents or other evidence presented to a Certification Authority to establish the identity of a subscriber. (25) Public key--The key of a key pair used to verify a digital signature. (26) Public Key Cryptography--A type of cryptographic technology that employs an asymmetric cryptosystem. (27) Record--Information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form. (28) Registrar--A person that gathers evidence necessary to confirm the accuracy of information to be included in a Subscriber's certificate. (29) Relying Party--A state agency, including an institution of higher education, that has received an electronic message that has been signed with a digital signature and is in a position to rely on the message and signature. (30) Role-based key--A key pair issued to a person to use when acting in a particular business or organizational capacity. (31) Signature Dynamics--Measuring the way an individual writes his or her signature by hand on a flat surface and binding the measurements to a message through the use of cryptographic techniques. (32) Signer--The person who signs a digitally signed communication with the use of an acceptable technology to uniquely link the message with the person sending it. (33) Subscriber--A person who: (A) is the subject listed in a certificate; (B) accepts the certificate; and (C) holds a private key which corresponds to a public key listed in that certificate. (34) Technology--The computer hardware and/or software-based method or process used to create digital signatures. (35) Transaction--An action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs, where one of the persons is a state agency, including an institution of higher education. (36) Written electronic communication--A message that is sent by one person to another person. |
