T0A0D00000A0004XLSE

Term
Abbreviation
4-way handshake
access
access
access control
access control
access control
access control
access control
access control
access control
certificate
access control
decision function
access control
decision information
access control en
forcement function
ADF
ADI
AEF
access control
function
access control
information
access control list
ACI
access control list
ACL
ACL
access control list
access control policy

access control policy
rules
access control
security dimension
access control service
access control token

access denial call
treatment
access management
access network
access node
access point
access request
access rights
ACL
access security
access service
authorizer
access service
provider
access threats
accessibility
accessibility feature
accidental threats
account
account linkage
accountability
accountable object
accounting authority
identification code
accuracy
accuracy percentage
accuracy percentage
acknowledgement
BIP message
acquisition
acquisition
acquisition
action
action
active
AAIC
active attack
active role
active security threats
(in IdM)
active threat
actual clock rate
adaptive QoS
resource
management
address
address
adjudicator
adjustment rate
administrative domain
administrative role (of

RA)
administrative role (of
a Registration
Authority)
administrator
administrator [role for

running cybersecurity
operations]
administrator of home
network
admission control
affiliation; affiliation
group
agent
agent
agent
aggregator node
alarm processor
alert
alerting agency
algorithm
alias
alliance
anchor point
anchoring network
anonymity
anonymity
anonymity
anti-expansion
anti-spam function
anti-spam processing
domain
entity
sub-entity
antivirus(-al) software
applet
ASF
applicable policy
application
application
application
application
application
association
applicationcentric
IdM system
application context
application context
application entity
application interface
application level
gateway
application network
interface
ALG
ANI
application protocol
application provider
application security
administrator
application security
element
application server
application service
application service
(provider)
application service
controller
application service
provider
ASP
ASC
ASP
application system
administrator
applicationassociation
application-centric
application-level
extensions (for W3C
Encryption)
applications security
layer
application-specific
data
APS channel
architecture (of a
system)
area prefix
ASN.1 character set
ASN.1 encoding rules
ASN.1 specification
aspect ratio
asserting party
assertion
assertion
assessment
knowledge base
ASD
assessment results
format
asset
asset
asset
asset manager
asset owner
assets
associated alarms
association
association security
state
assurance
assurance
assurance
assurance level
assurance level
asymmetric
authentication method
asymmetric
cryptographic
algorithm
attack
attack
attack knowledge
base (of Threat KB)
ARF
attack record [of

Incident DB]
attribute
attribute
attribute
attribute
attribute
attribute
attribute assertion
attribute authority
attribute authority
AA
AA
attribute authority
AA
attribute authority
attribute authority
AA
AA
attribute authority
revocation list
attribute certificate
AARL
attribute certificate
revocation list
ACRL
attribute
completeness
attribute exchange (as
IdM) service
attribute type
attribute type
attribute type
attribute value
attribute value
attribute value
audio description
audio server
AUDIOIN
AUDIOOUT
audit
audit analyser
audit archiver
audit authority
audit dispatcher
audit provider
audit recorder
audit trail
audit trail collector
audit trail examiner
authenticated identity
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication
authentication (as
IdM) service
authentication and
integrity
authentication and
integrity
authentication
assertion
authentication
assurance
authentication
assurance
authentication
authority
authentication
capability information
authentication center AC
authentication
certificate
authentication data
authentication data
management
authentication delay
authentication entities
authentication
exchange
authentication
exchange
authentication
exchange security
element
authentication facility
authentication factor
authentication
framework
authentication
function
authentication
function
AuF
authentication
function
authentication header AH
authentication
information
authentication
information
authentication
information
authentication initiator
authentication
mechanisms
authentication mode
authentication
negotiation procedure
authentication
parameter
authentication
procedure
AI
AI
AI
authentication proxy
authentication
security dimension
authentication
security elements
authentication server
authentication service
authentication table
authentication token
(token)
authentication value
authentication value
authentication,
authorization and
accounting
AAA
authentication,
authorization,
accounting
AAA
authenticationfunction
authenticationmechanism
AuF
authenticationmechanism name
authentication-only
authentication-only
authentication-value
authenticator
authenticator
authenticity
authenticity
authenticity
authenticity
characteristic
authoritative identity
provider
authority
authority
authority certificate
authority domain
authority relationship
authority relationship
set
authorization
authorization
authorization
authorization
authorization
authorization
authorization
authorization
authorization
authorization
authorization
authorization
administrator
authorization (as IdM)
service
authorization centre
authorization
certificate
authorization coding
authorization coding
authorization decision
AC
assertion
authorization
framework
authorization module
authorization module
authorization server
authorization time
indication
authorization token
authorized behaviour
authorized emergency
telecommunication
user
authorizing users
indication
availability
availability
availability
availability
availability security
dimension
available
average call traffic

rate
back channel
ACTR
backend
backup (of software)
backward access
control
bag
bait spam
bank account
base CRL
base layer
base modality
base unit
baseline privacy
interface plus
basic clock rate
basic service set
basic
telecommunication
service
bearer
bearer capability
bearer independent
protocol
bearer service
bidirectional
information process
bidirectional
protection switching
billing
binary notation
BSS
binding
binding
binding; protocol
binding
biometric
biometric
biometric
authentication
biometric
authentication
biometric capture
device
biometric capture
process
biometric certificate
BC
BC
authority
authority
authority
BCA
BCA
BCA
BCRL
revocation list
biometric data auditor
biometric data
manager
biometric data
provider
biometric database
biometric device
biometric device
certificate
BDC
biometric digital
signature
biometric encryption
biometric feature
biometric information
template
biometric policy
BIT
biometric policy
certificate
BPC
biometric recognition
biometric reference
biometric sample
biometric template
biometric verification
biometrics
biometrics
biometrics
biometrics data
biosphere
BIP endpoint
BIP link
BIP message
BIP-enabled
framework
bitstream
black box
blacklist
blocks extensible
exchange protocol
(BEEP) profile for
CYBEX
blog
body part
authentication and
integrity
body part encryption
bootstrapping
border element
BE
border element
BE
bot
bot
botmaster
botnet
broadcast
broadcast
BSP access UUID
BSP product UUID
buffer overflow
business continuity
planning
business
BMS
management system
business-to-consumer B2C
CA-certificate
cable security portal
CSP
cache-copy
caching
call
call agent
call blocking rate
CBR
call delivery
call delivery
call delivery method
call disconnect
call duration rate
call management
server
call recipient rate
call release
call spam
call spam
call termination
CDR
CRR
CALORIN
CALOROUT
cancelled
candidate access
point (or network)
canonical Fast Infoset
algorithm
canonical fast infoset
document
canonical XML
algorithm
canonical XML
document
capability
capability
capability
captions
cardinality
CBC (mode)
cell
cell site
CBC
certificate
certificate
certificate
certificate
certificate
management services
certificate policy
certificate repositories
certificate repository
certificate revocation
list
CRL
list
CRL
certificate serial
number
certificate user
certificate validation
certificate-using
system
certification (of a TTP)
certification
authorities
certification authority
CA
CA
CA
CA
CA
revocation list
CARL
certification path
certification practice
statement
certification service
certified credential
challenge
challenge/response
change credentials
security element
change credentials
security service
channel
channel
channel changing
channel hijacking
charging
CHEMOIN
CHEMOOUT
cipher
cipher
cipher
cipher key
ciphersuite
ciphersuite
ciphertext
CPS
circle of trust
claim
claim authentication
information
claimant
claim AI
claimant
clearance
clearinghouse
clearing trouble
reports
cleartext
client
client
client
client
client
client
client authentication
client personal video

recorder
closed-out
cPVR
closed user group

closing trouble reports
CNv authentication
capabilities
collocation
comfort threshold
command & control
server
common attack
pattern enumeration
and classification
CNv_AUTHC
AP
CAPEC
common biometric
exchange file format
common configuration CCE
enumeration
common event
expression
CEE
common platform
enumeration
CPE
common
vulnerabilities and
exposures
CVE
common vulnerability CVSS

scoring system
common weakness
enumeration
CWE
common weakness
scoring system
CWSS
communication
communication centre
communication
security dimension
compliance
compliance
compliance risk
component network
compound rule
compromised
evidence
condition
condition
conditional access
conditional access
CA
conditional access
client software
conditional access
module
CACS
conditional access
system
CA
conditional access
system
conditionally trusted
entity
conference
confidentiality
confidentiality
CAM
confidentiality
confidentiality
confidentiality
confidentiality
confidentiality
confidentiality
confidentiality control
confidentiality function
confidentiality service
confidentialityprotected-data
confidentialityprotectedenvironment
confidentialityprotected-information
confidentiality
violations (in IdM)
configuration item
configuration
knowledge base
configuration profile
conformance
conformance
conformance
assessment
conformance
statement
conformant
management entity
conjunctive sequence
connection
connection
confidentiality
connection
confidentiality security
service
connection integrity
security service
with recovery
without recovery
connectionless
confidentiality
connectionless (for a
bearer service)
connectionless
integrity
connectionless
service
consent
consistency
consumer reference
contact
content
content and metadata

sources
content confidentiality
security element
security service
content encryption
content export
content integrity
content integrity
content integrity
check
content integrity
security element
content integrity
security service
content key
content packaging
content preprocessing functional
block
content protection
content protection
content protection
client functional block
content protection
functional block
content protection
metadata sources
content provider
content segment
content tracing
content tracing
content type
content type
content type
context
context
context awareness
context handler
context relative
naming scheme
contextual information
control channel
control path
control plane
control security plane
control word
controlled object
conversion
CW
conversion
conversion prohibition
conversion prohibition
in case of loss of
information
coordinated universal UTC

time
coordinated universal UTC

time
coordinator [role for
operations]
core ASF
CASF
core network
core network operator
corporate network
correct clock
correlative reacting
system
correlative reacting
system application
protocol
countering spam peer
countering spam
peering protocol
countermeasure
knowledge base
counter-signature
coverage area
CRS
CRSAP
coverage area (of a

mobile cellular
system)
credential
credential
credential
credential mapping
service
credentials
credentials
credentials
credentials
crisis
critical security
administration actions
CRL distribution point
cross-certificate
cryptanalysis
cryptanalysis
cryptanalysis
cryptographic
algorithm
cryptographic
algorithm
cryptographic
chaining
cryptographic
checkvalue
cryptographic duty
cycle
cryptographic
information
management
CIM
Cryptographic
information
management
CIM
Cryptographic
information
management
CIM
Cryptographic
information
management
CIM
cryptographic system,
cryptosystem
cryptographic system,
cryptosystem
cryptography
cryptography
current directory
current EF
current serving cell
custodian
customer
customer premises
equipment
CWE compatibility
requirements
evaluation form
CWE effectiveness
requirements
evaluation form
cyber environment
cyber risk knowledge
base [of discovered
cybersecurity
information]
cybersecurity
cybersecurity
cybersecurity entity
CPE
cybersecurity
information
cybersecurity
information
cybersecurity
information
cybersecurity
Information discovery
framework
cybersecurity
information exchange
clusters
cybersecurity
information identifier
cybersecurity
information query
language
cybersecurity
operational
information
cybersecurity
operations
cybersecurity
organization
CYBEX ontology
CWE compatibility
requirements
evaluation form
CWE effectiveness
requirements
evaluation form
damage threshold
data
data aggregation
data communications
data compression
function
data compression
function definition
data compression
context
data compression
facility
data confidentiality
security dimension
security elements
security services
data controller
data integrity
data integrity security
dimension
elements
services
data object
data object
data origin
authentication
data origin
authentication
data origin
authentication
data origin
authentication
data origin
authentication
security elements
data origin
authentication
security services
data plane
data security
data source
data subject
data-store threats
deceptive software
decipherment
decision
decision policy
decision request
decoder
decoder
decrypting master key
decryption
decryption function
dedicated channel
dedicated file
dedicated security
device
default PII policy
profile
defer
delegation
delegation
delegation
DF
DSB
delegation path
deliver(y of software)
delivery
delivery authority role
delivery network
gateway
delivery network
gateway functions
DNG
DNGF
delivery time stamp

indication
delta-CRL
dCRL
demand service
denial of service
denial of service
denial of service
denial of service
denial of service
dependability
dependability
constraints
de-personalization
DoS
derived key
derived modality
derived unit
descrambling
descrambling
destination user
detection/protection
knowledge base
detection threshold
device
device certificate
dialogue
dictionary attack
differentiated security
service
DiffServ Code Point. DSCP
digital contract
digital fingerprint
digital identity
digital identity
digital identity client
digital rights
management
digital signature
digital signature
direct attack
directly trusted CA
directly trusted CA
key
directory
directory
directory
directory
authentication
exchange (one-way)
directory
authentication
exchange (two-way)
directory number
directory information
base
directory service
discovery
discovery
DIB
discovery
mechanisms in the
exchange of
cybersecurity
information
discovery service
disjunctive sequence
disrupt
distinguishing
identifier
distinguishing
identifier
distributed denial of
service
distributed system
distribution
distribution service
DIT domain
administrative
authority
DMD administrative
authority
DNS cache poisoning
DNS sinkhole
DNS sinkhole
domain
domain
domain
domain border
element
donor network
DoS/DDoS attack
DDoS
double enveloping
technique
downlink
downgrading attack
downstream
EAP server
eavesdropping
eavesdropping
eavesdropping (in
IdM)
effect
effectiveness testing
electromagnetic
emanations security
EMSEC
electromagnetic
emanations security
EMSEC
electronic data
interchange
EDI
electronic key
electronic program
EPG
guide
element content part
(of an XML infoset)
element management EMS
system
element manager
element part (of an XML infoset)
elementary file
EF
elementary stream
elliptic curve
cryptosystem
elliptic curve digital
EC-GDSA
signature
elliptic curve key
agreement scheme
Diffie-Hellman
email
email spam
emanation
emanation
emergency action
emergency services
calls handling
emergency situation
emergency
telecommunications
ET
emergency
telecommunications
emergency
telecommunications
emergency
telecommunications
emergency
telecommunications
service
ET
emergency
telecommunications
service
ETS
emergency
telecommunications
service
ETS
EM mitigation
encipherment
encipherment
ETS
encoded information
type
EIT
encoder
encoder
encoding
encoding for
encryption and
hashing
encrypting master key

encryption
encryption
encryption
encryption
encryption facility
end entity
end system
end user
end user
end user device
EUD
end-entity attribute
list
EARL
end-entity public-key
list
EPRL
endpoint
endpoint IRI
end-to-end
encipherment
end-user firewall
end-user security
plane
enrollment
enrolment:
entitlements
entitlements
entitlement control
messages
entitlement
management
messages
ECMs
EMMs
entity
entity
entity
entity
entity
entity
entity authentication
assurance
EAA
centre
EAC
entity subscription
database
entropy coding
entropy decoding
entry-copy
environment
environmental
variables
equipment fraud
error of a clock
escalating a trouble
report
essential
communications
ETS user
event
event
event
event discriminator
event message
event record [of
Incident DB]
evidence
evidence generation
role
evidence generator
ESD
evidence recording
role
evidence subject
evidence user
evidence verification
role
evidence verifier
exchange
authentication
information (exchange
AI)
exchange
(cybersecurity
information)
exchange protocol
executable (of
software)
explicit authentication
exposure
extended knowledge
extended service set

extended validation
certificate framework
EVCERT
extensible
authentication
protocol
eXtensive Application XAPI
Programming
Interface
eXtensible
XCCDF
configuration checklist
description format
externally-established
security association
extra SDU delivery
probability
facade
failure to acquire
failure to enrol
false
false accept rate
FAR
false reject rate
FRR
false rejection rate

fault management
federate
federated identity
federated identity
federation
federation
federation
federation
file
file identifier
financial transaction
FID
firewall
fixed network user
rate
flexible (call)
origination
authorization
FOA
flexible (call)
termination
authorization
FTA
flow control
FC
foreign agent
forgery
forgery
forward access
control
forward secrecy
FPLMTS user mobility
framework
fraud
fraud
fraudster
frequency offset
front channel
full CRL
full period terminated
service
functional architecture
for countering VoIP
spam
functional entity
FE
functional entity
functional entity
functional group
FG
functional group
functioning clock
future network
FN
future public land

mobile
telecommunication
systems
FPLMTS
gateway
gateway
general security
threats (to IPTV)
generalized mobility
generic BIP entity
generic SIO class

GERAN radio network G-RNTI
temporary identifier
global RBL
GPRS MS
granularity
group
group
group and
membership control
agent
group call
group call initiator
group call participant
group call server
group call service
group controller
group controller and
key server
group identifier
group key
management
group key
management (GKM)
agent
GKM
group-wise key
guaranteed service
guidelines for
administering the OID
arc for cybersecurity
hacking
handover
handover
handover
handover
HOV
handover latency
handover
management
handover quality
hard handover
hash function
hash function
Hashed Message
Authentication Code
HasPrivilegesOfRole
policy
header
HMAC
hide
hiding confidentiality
information
hierarchical resource
high level concepts of
NACF
history buffer
holder
home agent
home application
service provider
home border element H-BE

home device
home environment
HE
home environment
value-added service
provider
HE-VASP
home gateway
HGW
home network
home network
home network
home PLMN
home portal
home resource
home subject
home system
home user
homonym
honeyspot
horizontal mobility
host
host-based mobility
hot spots
HTTP over SSL,
HTTPS
HTTP Secure
human resources risk
hybrid-type selective
encryption
hypertext transfer
protocol
IC card
ICT asset
management domain
HTTP
ID certificate
ID resolution
ID resolution process
ID tag
ID terminal
identification
identification
identification
identification
identification
Identification of
emergency services
calls
identifier
identifier
identifier
ID
identifier
identifier
identity
identity
identity
identity
identity
identity assurance
identity based security

policy
identity bridge
provider
identity defederation
identity exposure
identity federation
identity fraud
identity information
identity interchange
identity lifecycle
management
identity management
identity management
identity management
identity pattern
identity proof
identity proofing
identity provider
identity provider
identity provider
identity provider
identity provider
identity provider
identity provider lite
identity selector
identity server
IdP
identity service
identity service
identity service bridge

provider
identity service
IdSP
provider
identity
synchronization
identity termination
identity theft
identity theft (in IdM)
identity token
identity verification:
identity verifier
IDV
identity-based
security policy
idle mode
IdM client
IdM server
IKE
illegal supplicant
impact
implementation
capability
implementation
conformance
statement
ICS
implicit authentication
implicit authentication
implicit key
authentication
impostor acceptance
rate
IMS SIM
ISIM
inactive
inappropriate usage
inbound domain
incident
incident database [of
discovered
cybersecurity
information]
incident handling
incident handling
(domain)
incident handling
domain
incident management
incident object
IODEF
description exchange
format
incident record [of
Incident DB]
incompression-based
selective encryption
indirect attack
indirect CRL
iCRL
individual key
information
information and
communication
networks (ICN)
security incident
information asset
information data rate

information download
process
policy
information model
information object
information object
class
information
presentation process
information security
incident response
team
risk
ISIRT
information structure
security system
information system
security systems
information systems
risk
information upload
process
infrastructure security
layer
initial encoding rules

initiator
initiator
initiator
in-line TTP
in-line TTP
in-modality
install(ation of
software)
instant messaging
IM
instant messaging
IM
instant messaging
(IM) spam
instantaneous
decoding refresh
(IDR) picture
integrated scenario
integrated scenario
integrity
integrity
integrity
integrity
integrity
integrity
integrity
integrity
integrity
integrity function
integrity service
integrity-protected
channel
integrity-protected
data
integrity-protected
environment
intentional threats
inter call time
ICT
interaction modality
interactive agent
IA
interactive gateway
system for countering
spam
interactive service
intercell handover
interface
interface
interim authentication IAC-ID

check identifier
interim service
request identifier
ISR-ID
inter-message threats
international
emergency situation
international mobile
station equipment
identity
IMEI
IMUN
international mobile
user number
International
IRA
Registration Authority
internet key exchange IKE
Internet protocol
internet protocol
television
internet short
message gateway
interoperable function
inter-PLMN handover
intersystem
environment
IP
IPTV
ISMG
inter-system change
inter-system handover
inter-technology
mobility
interworking WLAN
intra cell handover
I-WLAN
intra prediction
intra-message threats
intra-PLMN handover
intra-prediction mode
intra-technology
mobility
intrusion detection
intrusion resistance
inverse quantization
inverse transformation
IP mobility
IP multicast
IP multimedia
message
IP multimedia spam
IP multimedia spam
IP multimedia spam
IP phone
IP-connectivity access IP-CAN

network
IP-connectivity access IP-CAN
network bearer
bearer
IP-message
identification
IP-message security
labelling
IPTV
IPTV terminal device
IPTV terminal device
(TD) protection
IPTV terminal function ITF
IT asset management
(domain)
IT infrastructure
provider [role for
operations]
IT services risk
junior role
jurisdiction
Kerberos
Kerberos
key
key
key
key agreement
key certification role

key confirmation
key confirmation
key derivation
key distribution role
key distribution
service
key establishment
key establishment
key exchange
key exchange
key hierarchy
key management
key management
key management
key management
key management
key management
function
key pair
key transport
keying material
knowledge
accumulation
(domain)
knowledge
accumulation domain
layer
leakage of information
legal metrology
license agreement
line identification
linear television
(linear TV)
linear TV
linear TV
link channel
link-by-link
encipherment
local address
local clock
local countering spam
database
local RBL
local server
local service
localized service area LSA
location management
location registration
location service
log
logical channel
logical channel
(UICC)
logical model
login, logon, sign-on

logout, logoff, sign-off
loss or corruption of
information
LSA exclusive access
cell
LSA only access
LSA preferential
access cell
macro cells
macro diversity
handover
malware
malware
LR
malware attribution
enumeration and
characterization
format
managed element
operator(s)
managed element
security administrator
managed element
system administrator
management centre
management domain
management
message security
management plane
message security
labelling
management security
plane
manager
managerial protection
countermeasures
mandatory UE
requirement
MAEC
manifestation
man-in-the-middle
attack
man-in-the-middle
attack
man-in-the-middleattack
man-in-the-middle
attack (in IdM)
manipulation
detection
map/mapping
map/mapping
markup language
masquerade
masquerade
masquerade
masquerade
masquerade
master DSA
master endpoint (of a

given BIP endpoint)
master file
master key
MF
MK
master key
MK
master session key
MSK
maximum drift of a
clock
maximum error of a
clock
mean bit rate
mean transit delay
media
media access control. MAC
media gateway
media stream
media stream
mediated services
medical-staff-scheme
medium access
control
membership
authentication
message
message argument
element
message argument
integrity security
element
message
authentication code
message data
message flow
confidentiality
message flow
confidentiality
message flow
service
message
identification
message modification
message origin
authentication
MAC
message origin
authentication
message origin
authentication
security element
message origin
authentication
security service
message security
label
message security
label security element
message security
labelling
message security
labelling
message security
labelling security
service
message sequence
integrity
message sequence
integrity
message sequence
integrity security
element
message sequence
integrity security
service
message sequence
number
message sequencing
message set
message store threat

message token
messaging service
metadata
metadata for
watermarking
facilitation
MExE SIM
MExE subscriber
MHS-security threat
micro cells
middleware
misuse knowledge
base (of Threat KB)
mobile assisted
handoff
mobile device
mobile evaluated
handover
MAHO
MEHO
mobile financial
transaction
mobile IdM client
mobile network
mobile number
portability
mobile payment
system
mobile security
gateway
mobile station
MS
mobile station
MS
mobile station
operating system
MSOS
mobile station
operating system
updating server
MSOS-US
mobile terminal
mobile terminal
mobile termination
mobile user
mobility
mobility
mobility
mobility
mobility
mobility at the interaccess network level

mobility at the intraaccess level (Wide
area)
mobility at the intraaccess network level
(Local area)
mobility at the intraaccess network radio
level
mobility at the
personal level
mobility at the service
level
mobility classes
based on layers
mobility classes
based on moving
mobility classes
based on network
topology
mobility features by
service quality
mobility management
mobility management
mobility management
mobility management
basic functions
mobility routing proxy MRP
mobility service
authorizer
mobility service
provider
modality
modality
modality
modality ideal-type
modification of
information
modification of routing
information
modification or
fabrication
module
module
monetary token
monitoring role
motion vector
motion vector
difference
MSC-G
MSC-H
MSC-V
MS-Register security
element
MS-Register security
service
MVD
multicast
multicast
communication
multicast IPTV service
multicast service
multicast-based
downloadable SCP
scheme
multi-channel audio
multi-factor
authentication
multimedia
information
multimedia
information delivery
function
multimedia
messaging service
multimedia service
multimodal message
multimodal message
multimodal message
multi-mode terminal
multipoint
multi-role permissions
must
mutual authentication
MMS
NAL unit
name
name
name
name
name (use of)
name authority
name qualifier
name resolution
name space
named attribute
naming action
naming authority
naming authority
naming authority
naming authority
naming authority
naming authority
pointer
naming context
NAPTR
naming context (use

of)
naming convention
naming domain
naming graph
naming system
NAPT control
narrow area
communication
narrow TDD
NAT traversal
negotiated QoS
NTDD
network access
controller
NAC
network address port NAPT

translation
network address
translation
network address
NAT
translator
network addressing
authority
network border
element
network code
network code group
network connection
network element
network fraud
network fraud/abuse
control
network management NMS

system
network manager
network mobility
network mobility
network operator
network operator
network operator's
network personal
video recorder
network
personalization
network provider
nPVR
network provider
network reference
model
network service data
unit
network services risk
network subset
personalization
network termination
network-based
mobility
networked ID
NSDU
NID
network-network
interface
NNI
next generation
network
NGN
NGN service stratum
NGN transport
stratum
NID PII protection
service
node
nomadic operating
mode
nomadism
NPPS
nomadism
nomadism
non-access stratum
non-delivery
non-disclosure of
communications
non-mediated
services
non-monetary token
non-registered access
non-repudiation
non-repudiation
non-repudiation
non-repudiation
non-repudiation
non-repudiation
non-repudiation
function
non-repudiation of
content originated
non-repudiation of
content received
non-repudiation of
content received
non-repudiation of
content received
request
non-repudiation of
creation
non-repudiation of
delivery
non-repudiation of
delivery
non-repudiation of
delivery security
service
non-repudiation of IPnotification
non-repudiation of
origin
non-repudiation of
origin
non-repudiation of
origin security service
non-repudiation of
submission
non-repudiation of
submission
non-repudiation of
submission security
service
non-repudiation of
voice notification
non-repudiation of
voice notification
request
non-repudiation
security dimension
non-repudiation
security elements
non-repudiation
security services
non-repudiation
service requester
non-repudiation
services
non-repudiation with
proof of delivery
proof of delivery
service
proof of origin
proof of origin service
proof of submission
service
proof of transfer
service
proof of transport
service
normal GSM
operation
normal mode
normal mode of
operation
notarization
notary
notary role
notification BIP
message
notification/acknowled
gement link channel
number
number portability
number portability
numeric user identifier

O/R address
O/R name
object
object
object identifier
object identifier
object identifier
object identifier
object method
obligation
ODP function
OID
OID
ODP functions
off-line authentication
certificate
offline dictionary
attack
off-line TTP
off-line TTP
OID internationalized
resource identifier
one time password
OTP
one-time biometric
template
one-time telebiometric
template
one-way
authentication
one-way function
one-way function
one-way hash
one-way hash
function
on-line authentication
certificate
on-line certificate
status providers
online dictionary
attack
online game
on-line TTP
on-line TTP
ontology
open application
interface
open interface
open service
architecture
open service
environment
capabilities
open service
environment
capabilities
open standard
open systems
interconnection
OSI
open vulnerability and OVAL

assessment language
operation domains
operation type
operational risk
operations system
opt-in
opt-out
origin authentication
security services
original template
originating MSC
originating SMS
supplementary
service
originator
OSA interface
OSE capabilities in
NGN
other threats
OTP authentication
system
OTP service provider
OTP token
OTT database
OTT token
outage
outbound domain
out-modality
overlay multicast
network
overlay network
owner
owner
owner
P2P communications
package
packet
packet data protocol PDP
packet transfer mode
padding
paging
paging occasion
pain threshold
pair-wise key
pair-wise master key
PMK
pairwise master key

pair-wise transient
key
party
PMK
PTK
passive attack
passive attack
passive security
threats (in IdM)
passive threat
passive threats
password
password
password related
threats (in IdM)
password sniffing (in

IdM)
patch
pathname
pattern
pattern
payment ID
pay-per-view
peak bit rate
peer
peer entity
peer user
peer-entity
authentication
peer-entity
authentication
peer-entity
authentication
security service
peer-to-peer
P2P
perceived severity
perceptual security
perfect forward
secrecy
PFS
perfect forward
secrecy
PFS
performance
permission
permission <policy
set>
persistent
PPS
persistent pseudonym
personal information
personal mobility
personal mobility
personal mobility
personal privacy
sphere
personal security
environment
PSE
personal service
environment
personal user identity PUI
personal video
recorder
personalization
PVR
personalization entity
personalization
service
personalized services
personally identifiable PII

information
personally identifiable PII
information
pharming
phisher
phishing
phishing
phishing
phishing
phishing
phishing
phishing (attack)
phishing (in IdM)
phishing, fraud, and

misuse format
phonebook
physical channel
physical channel data
stream
physical pathname
physical risk
physical security
pico cells
picture parameter set
picture-in-picture
piracy
PKCROSS
place shifting
plaintext-equivalent
SPAK
PLMN area
point of
interconnect(ion)
point-to-multipoint
service
point-to-point
point-to-point service
policy
policy
policy
policy
policy
policy (or applicable
policy)
policy conflict
policy database
policy decision point
policy decision point
policy determination
service
policy enforcement
point
policy enforcement
point
policy information
point
PDP
PDP
PEP
PEP
PIP
policy mapping
policy requirements
for certification
authorities issuing
public key certificates
policy server
policy server
policy set
portability
ported number
ported subscriber
porting process
post-compressionbased selective
encryption
post-handover quality
of service
postpay billing
potentially unwanted
software
practical threats to a
WLAN
precision
predicate
prediction
predictive service
predictor
preferential
telecommunications
prepay billing
preplay
presence
presence service
presentation-contextbound security
association
pre-shared key
primary integer value
primary shadowing
primary value
principal
principal
principal
principal identity
priority
priority call
priority treatment
capabilities
privacy
privacy
privacy
privacy
privacy
privacy
privacy
privacy
privacy
privacy policy
privacy policy
PSK
privacy security
dimension
private channel
private entity identifier
(PID)
private key:
private key; secret
key (deprecated)
private key; secret
key (deprecated)
private key; secret
key (deprecated)
privilege
privilege
privilege asserter
privilege management PMI
infrastructure
privilege policy
privilege verifier
privilege verifier
privileged recipient
proactive QoS
reservation
proactive SIM
probe origin
authentication
probe origin
authentication
probe origin
authentication
security element
probe origin
authentication
security service
processed data
PV
product & service

developer [role for
operations]
product & service
knowledge base
profile
proof of content
received
proof of content
received
proof of content
received request
proof of delivery
proof of delivery
proof of delivery
security element
proof of delivery
security service
proof of IP-notification
proof of submission
proof of submission
proof of submission
security element
proof of submission
security service
proof of voice
notification
proof of voice
notification request
proofing
protecting
presentation context
protecting
presentation context
protecting transfer
syntax
protecting transfer
syntax
protecting transfer
syntax
protection mapping
protocol
protocol binding
protocol extension
provider
provider resource
database [of
discovered
cybersecurity
information]
proxy
proxy
pseudonym
public entity identifier UID

public key
public key
public key
public key
public key certificate
public key
cryptography
public key
cryptography
public key
cryptography
public key
cryptography
public key directory
PKD
public key
infrastructure
public key
infrastructure
PKI
public key
infrastructure
PKI
public land mobile

network
public land mobile
network operator
public policy
PLMN
public
telecommunication
operator
PTO
PKI
PLMN
operator
push VoD
QoS profile
QoS session
quality of service
QoS
quality of service
QoS
quality of service
constraints
quantization
radio access bearer

radio access network

operator
technology
radio interface
radio link
radio link control
radio network
controller
radio network
subsystem
RNC
RADIOIN
RADIOOUT
RAN sharing
random access point
rapport
RBL central system
for VoIP Spam
Prevention
RC4
real time
realm
VSP-RBL
real-time blocking list RBL

real-time internetwork defense
RID
real-world entity
receiver agent
receiver gateway
function
receiver security
agent
ReSA
recipient
recipient network
recipient-side ASF
RASF
record
record keeping server RKS
record number
record pointer
reference
configuration
reference point
reference point
reflection protection
register security
element
register security
service
registered
registered PLMN
RPLMN
registrar [role for

operations]
registration
registration
registration
registration
registration
registration area
registration authorities
registration authority
RA
RA
RA
RA
RA
RA
REGistration
AUThority
registration
procedures
registration service
REGAUT
regulatory authorities
rekey
relation
relationship
relay
relay attack
relay/seed gateway
relaylink
release 99
relevant question(s)
relying party
relying party
RP
RP
relying party
RP
relying party
RP
relying party
RP
remote access policy
remote feature control RFC port
port
remote procedure call RPC
remote terminal
remote user
repeater
replay
replay
replay attack
replay attacks (in IdM)
replicated area
replication
replication base entry
report origin
authentication
report origin
authentication
report origin
authentication
security element
report origin
authentication
security service
repository
repository
repudiation
repudiation
repudiation
repudiation
repudiation of
messages
request BIP message
request for nonrepudiation of content
received
request for nonrepudiation of IPnotification
request for proof of

content received
request for proof of

IP-notification
request/response link
channel
requested QoS
requester
requesting entity
requesting/asserting
entity
researcher [role for

operations]
residual
residual error rate
resilience
resource
resource
responder
responder
response BIP
message
response team [role
for running
cybersecurity
operations]
restore (of software)
re-transmission
broadcast service
retrieval service
retriever
reveal
revealing
confidentiality
information
revert (of software)
review
review
review authority
review authority
review date
review sample
review version
revocation
revocation certificate
revocation list
certificate
revocation of
authentication
information
RFID manufacturer
RFID service provider
RFID system
RFID tag
rights
rights
rights
rights
rights expression
rights expression
risk
risk categories
risk management
risk of exposure
RoE
risk profile
roamer port
roamer service profile
roamer validation
roaming
roaming
roaming
rogue network access
server
role
role
role
role
role
role <PolicySet>
role assignment
certificate
role based access
control
role enablement
authority
role specification
certificate
roles for running
cybersecurity
operations
root key
root private key
root private key
root public key
root public key
routing control
RTP session
rule
rule
rule
rule-based security
policy
RPS
RBAC
rule-combining
algorithm
safe telebiometric
device
safety
safety threshold
SAML artifact
SAML authority
sample email
sample size
sampling method
scale
scale hierarchy
SCP
SCP bridging
SCP client code

SCP end-to-end
SCP functions
SCP interchange
SCP interworking
scrambler
scrambling
scrambling
scrambling
scrambling algorithm
SDU error probability
SDU loss probability
SDU misdelivery
probability
SDU transfer delay
SDU transfer rate
seal
seal
seal
seal
seal
seamless handover
seamless handover
seamless service
secondary identifier
secondary shadowing
secondary value
secret key
sector
secure access
management
secure access
management
secure access
management security
elements
secure access
management security
service
secure answering
SANSW
secure data
aggregation
secure data
communication path
secure data
compression facility
secure hash
algorithm, revision 1
SHA-1
secure home gateway
secure interaction
rules
secure interaction
rules
secure messaging
secure mobile system

secure passwordbased authentication
protocol with key
exchange
secure signature
secure signature
secure storage
secure transcodable
scheme
secure transfer
secured packet
security
security
security
security
security
security accounting
security alarm
security alarm
security alarm
administrator
security application
software
security application
software updating
server
SAS
SAS-US
security arrangements
security assertion
SA
SA
SA
SA
SA
SA
attributes
attributes
identifier
identifier
security audit
SAID
security audit control

function
SAID
security audit function
security audit
message
security audit record
security audit trail
security auditor
security authority
security authority
security authority
security authority
security capabilities
security capabilities
security certificate
security certificate
chain
security
communication
function
security console
security context
security context
security context
security context
security context
attribute type
security context
security element
security context
security service
SCF
security control
information
security controls
SCI
security correlation
agent
SCA
Information
SCI
server
security degree
SCS
security dimension
security domain
security domain
security domain
security domain
security domain
security domain
security domain
security domain
security domain
security domain
security domain
administrator
security domain
authority
security domain
authority
security domain
authority
security element
SDA
SDA
security element
security elements
security error
security error
security event
security exchange
security exchange
function
security exchange
item
security exchange
service element
security feature
security functions
security functions
security gateway
SEI
SESE
security gateway
security incident
security information
object
object class
security interaction
policy
security key
security label
security label
security label
security label
security label security

elements
security layers
security layers
security level
security level
security level
security level violation
SI
SIO
security management
security management
security management
security elements
security management
services
security management SMS
system
security manager
security model
security module
security plane
security policy
SP
security policy
SP
security policy
SP
security policy
SP
security policy
security policy
expression
security policy
information file
security policy
management
security policy rules
security policy server
SP
security problem
security profile
SP1
security recovery
security report
security rules
security rules
security service
security service
security service
classes
security state
security system
security systems of
neighboring
telecommunication
networks
security systems of
user terminal systems
security threats
related to IdM system
security token
security token
security token (as
IdM) service
security
transformation
security
transformation
security zone
security zone
security-related event
security-related event
selected attribute
types
selective field
confidentiality
selective field
selective field
connectionless
integrity
selective field
protection
self-asserted identity
self-issued AC
self-issued certificate
self-service
authorized user
self-signed certificate
semio-anthropology
sender agent
sender gateway
function
sender security agent SSA
sender-side ASF
senior role
sensed data
sensitivity
SASF
sensitivity
sensitivity indication
sensor
sensor network
sensor network
common interface
sensor network
metadata
sensor network
metadata directory
service
sensor node
sequence parameter
set
server
server
server authentication
server compromisebased dictionary
attack
server compromised
dictionary attack
server-compromised
attack
server-compromised
dictionary attack
service
service
service
service
service
service
service and content
protection
service and content
protection (SCP)
functions
SCP
service and content

protection client (SCP
client) functions
service area
service authentication SAP

proxy
service capabilities
service capability
feature
service capability
server
service chain
service composition
service continuity
service continuity
service control
service coordination
service description
language
service development
support
service discontinuity
service discovery
service enabler
service entity
service fraud
service information
service level
agreement
SLA
service management
service management
system
service mobility
service network
interface
SNI
service protection
service protection
service protection
client functional block
service protection
functional block
service provider
SP
service provider
SP
service provider
SP
service provider
SP
service provider
service provider
SP
service provider
service provider
service provider
service provider
service provider lite

service qualification
service relationship
service request
service request
service requester
service restoration
service set identifier
service subscriber
SSID
service subscriber
service subscriber
service transaction
record
service type
service
universalization
services (of a mobile
cellular system)
services security layer
serving access point

(or network)
serving MSC
serving network
session
session authority
session hijacking
session initiation
protocol
session key
session key
session participant
session word
settlement
shadow consumer
shadow operational
binding
shadow service
shadow supplier
shadowed DSA
specific entry (SDSE )
SIP
shadowed information
shadowing
shadowing agreement
shared keying
material
shared network
shared secret
shield
short message
short message entity
SME
short message entity
SME
short message
service
SMS
short message
service
SMS
short message
service centre
SMSC
shoulder surfing
sign language
interpretation
signalling
signalling gateway.
SG
signalling system
number 7
signature
SS7
signature generation
role
signature verification
role
sign-off
sign-on
SIM personalization
simple authentication
simple object access SOAP
protocol/service
oriented architecture
protocol
simple object access
protocol (SOAP) for
CYBEX
single sign-on
single sign-on
single-item-bound
SIP+
site
skin
slave endpoint (of a
given BIP endpoint)
smartphone
SMS spam
SMS-DELIVER
SMS-STATUSREPORT
SSO
SMS-SUBMIT
source of authority
SOA
SPAK
spam
spam
spam
spam
spam
spam over instant
messaging
spam over Internet
telephony
spam recipient
spam recipient
function
spammer
spammer
spammer
spammer
spamming
spamming
spamming
specialized access
specific SIO class

speed
spimmer
spitter
SPIM
SPIT
SRF
split scenario
split scenario
sponsoring authority
spoofing
spyware
SRNC radio network

S-RNTI
SRTP cryptographic
context
status of a trouble
report
status report
stratum
stream
strong authentication
subject
subject
subject to profile
specification
sub-local area group
submission time
stamp indication
sub-network
management
functions
subordinate
completeness
subscribed QoS
SLAG
subscriber
subscriber
subscriber security
control
subscription
SSC
subscription
subscription fraud
subscription
information
subscription
management
subtitles
SuM
successful
authentication
suitable cell
super-peer
supplementary
content
supplementary
service
supplicant
supplier reference
suprathreshold
stimulus
switch number
SWNO
symmetric
authentication method
symmetric
cryptographic
algorithm
synchronization
domain
synchronization
information
synchronization
source
synonym
system
system area
system entity; entity
system security
function
system security object SSO
systems security
system state
tag
tag-based
identification
tag-based identifierreading process
tagged types
tagging
TAI application
tamper detection
tamper evidence
tamper response
tamper-resistant
tamper-resistant
module
TANGOIN
TANGOOUT
target
target
target access point (or
network)
target MSC
task
task
TCAP
technical protection
countermeasures
technical role (of a

registration authority)
technical role (of a

registration authority)
telebiometric authority TBA
telebiometric device
telebiometric
identification
telebiometric
multimodal model
telebiometric security
telebiometric
verification
telebiometrics
telebiometrics
telebiometrics
authentication
infrastructure
TAI
telebiometrology
telebiometronomy
telecommunication
fraud
telecommunication
IP-based network
security system
telecommunication
network internal
objects
telecommunication
records
telecommunication
service
telecommunications
applications
telecommunications
business
telecommunications
equipment room
telecommunications
facilities
telecommunications
for disaster relief
TDR
telecommunications TMN
management network
telecommunications
organizations
telecommunications
security incident
telecommunications
service customer
telecommunications
service provider
infrastructure
telecommunications
service user
telecommunications
services
teleservice
tempest
TEMPEST
temporal key
TK
temporary local
directory number
terminal address
terminal
authentication
TLDN
terminal device
TD
terminal device
protection
terminal device
protection
TAUT
terminal equipment
border element
terminal equipment
identifier
terminal facilities
terminal mobility
terminal mobility
terminal mobility
terminal object
terminating SMS
supplementary
service
termination address
test results
text conversation
text telephony
texture sign
third party metadata
threat
threat
threat
threat
threat:
threat
threat forms
threat knowledge
base (of Cyber Risk
KB)
threats countering
threats, broad classes
of
threshold
threshold
throughput
ticket granting server
time offset
time shifting
time stamping
authorities
TGS
time stamping
authority
TSA
time stamping role

time stamping service
time stamping service
time variant
parameter
time-out
time-stamp
TMM metric layer
TMM scientific layer
TMM sensory layer
TMN access control
tool
tool
topology
total call time
TCT
total conversation
traceability
traceback
traffic
traffic analysis
traffic analysis
traffic channel
traffic control
traffic flow
confidentiality
traffic light protocol
traffic padding
transcoding
transcoding
transcoding types
transformation
transformation
transformation
information
transformed template
transient pseudonym
TLP
transit delay
translated credential
transmission control
protocol
transmission time
interval
transport block
TCP
transport block set

transport block set
size
transport block size
transport channel
transport format
transport format
combination
transport format
TFCI
combination indicator
transport format
combination set
transport format
TFIN
identification (in
GERAN)
transport format
identification (in
UTRAN)
TFI
transport format set

transport layer
security
transport of real-time
Inter-network defense
(RID) messages
transport protocol
binding
transport stream
trapdoor
trick mode
functionality
TLS
Trojan horse
Trojan horse
trouble
trouble administration
trouble history record

trouble management
trouble reporting
trouble resolution
trouble tracking
trouble type
true
trust
trust
trust
trust
trust
trust
trust anchor
trust domain
trust level
trust service provider

trusted but vulnerable
zone
trusted entity
trusted functionality
trusted interoperable
set of IdM functions
trusted network
connect
trusted platforms
TPM
trusted third party
TTP
trusted third party
TTP
trusted third party
TTP
trusted third party for TTP

confidentiality facilities
trusted zone
tunnel
tunnel lower end
tunnel upper end
TV with trick mode
two-way
authentication
type
type unification
ubiquitous museum
ubiquitous sensor
network
UE service
capabilities
u-Museum
unauthorized access
USN
unauthorized access
(in IdM)
unauthorized access
and usage
unavailable
unconditionally
trusted entity
underlying biometric
process
unicast IPTV service
unicast-based
downloadable SCP
unicode character
unicode character set
unicode label
unidirectional
protection switching
unilateral
authentication
unique number
unit
unit of replication
unit of usage (unit)
universal IC card
UICC
universal design
universal personal
telecommunication
UPT
universal personal
telecommunication
UPT
universal subscriber
identity module
unnaming action
unregistered
USIM
unshield
un-trusted zone
uplink
UPT service provider
authentication
UPT service provider

authentication
UPT user
identification
UPT user identity

authentication
UPT user identity

authentication
usage
usage environment
description
usage metering
usage metering
control
usage metering data
usage metering
record
use of weak
authentication
user
user
user
user
user
user
user
user
user
user
user
user (of the directory)
user access or user
network access
user authentication
user authentication
user authentication
UAUT
user authentication
processing
user created contents UCC

user database
user equipment
UE
user generated
contents
user identifier
UGC
user network
user password
user plane
user privacy
protection
user privacy
protection
user profile
user reputation
system
user resource
database [of
discovered
cybersecurity
information]
URS
user secret
user security agent
user spam report

protocol
user universal
identification model
UUIM
user/UA capabilities
registration
user-centric
user-centric
user-centric IdM
system
user-network interface UNI
USN end-user
USN gateway
USN middleware
utilize (of software)
UTRAN access point
UTRAN radio network U-RNTI

UTRAN registration
area
UTRA-TDD
validate
validate (of software)
validation authority
value
value reference name
value set
value-added service
provider
variable bit rate
service
verification
verification
authentication
information
(verification AI)
verifier
verifier
verifier
verifier
verifier
verifier
verifier-based SPAK
version knowledge
base
vertical mobility
video signature
VIDEOIN
video on demand
VoD
video-on-demand
VoD
VIDEOOUT
viewpoint (on a
system):
virtual home
environment
virtual machine
virus (computer virus)
vishing
visited border element V-BE
visited network
visited network
visited network
visited PLMN of home
country
visited system
VoIP spam
VoIP spam prevention VSPPS
policy server
VoIP spam prevention VSPS
system
VoIP spam score
VoIP spam types

vulnerabilities in EAP
vulnerability
vulnerability
vulnerability
vulnerability
vulnerability
vulnerability
vulnerability
vulnerability
vulnerability
knowledge base (of
Cyber Risk KB)
warning database [of

discovered
cybersecurity
information]
weak cipher suites
weak key derivation

weakness
weakness
web services
WSDL
description language
web services (security
model/architecture)
wetware
whitelist
wide area public

communication
wireless network
characteristics
WLAN user
equipment
worms
X.509 certificate
X.509 certificate
xDSL
XML attribute
XML element
XML infoset
WLAN UE
a process consisting of 4 messages exchanged by two parties, where a pair-wise master key is
involved. As a Pair-wise Authentication and Key Management Protocol (AKMP) defined in ISO/IEC
8802-11, it confirms the mutual possession of a Pair-wise Master Key by two parties and distributes
a Group Key
1) Performing an action.
2) subjects ability to view, modify, or communicate with an object. Access enables the flow of
information between the subject and the object.
1) The prevention of unauthorized use of a resource, including the prevention of use of a
resource in an unauthorized manner
2) Limiting the flow of information from the resources of a system only to authorized persons,
programs, processes or other system resources on a network.
3) Controlling access in accordance with a policy.
4) a procedure used to determine if an entity should be granted access to resources, facilities,
services, or information based on pre-established rules and specific rights or authority associated
with the requesting party.
5) Method of controlling access to information held in the directory either for retrieval, managing
or updating purposes.
6) Limiting the flow of information from the resources of a system only to authorized persons,
programs, processes or other system resources on a network.
A security certificate that contains ACI.
A specialized function that makes access control decisions by applying access control policy rules to
an access request, ADI (of initiators, targets, access requests, or that retained from prior decisions),
and
context
in which
access
request
is made.
The the
portion
(possibly
all) the
of the
ACI made
available
to the ADF in making a particular access control
decision.
A specialized function that is part of the access path between an initiator and a target on each
access request and enforces the decision made by the ADF.
The access control function prevents unauthorized interactions with an object. It includes both an
access control decision function and an access control enforcement function. Within the context of
access control, objects fulfill the roles of either target or initiator. The function requires access
control information about the target, the initiator and the interaction. The initiator requests an
interaction with the target from the access control function. The action control decision function
decides whether access is permitted or denied on the basis of the access control information and
the decision is enforced by the access control enforcement function. NOTE The access control
decision function and the access control enforcement function can be provided by the object which
has the role of target, or by other objects.
Any information used for access control purposes, including contextual information.
1) A list of entities, together with their access rights, which are authorized to have access to a
resource.
2) The access control list attribute is used to contain identities of initiators that are either
specifically granted access to management Information or specifically denied access to
management Information.
3) An ACL is a protected table residing in memory in the same device as a resource whose
access is protected. It is a set of entries, and each entry contains the following: subject,
authorization, delegation and validity. The subject is an identifier of the entity being granted access,
the authorization is an indicator of the permission being granted that subject, the delegation is a
flag, indicating whether the subject may further delegate these rights, the validity is an optional field
on the validity of the entry such as "not-after" and "not-before" date and time. Access control list is a
list of entries that anchors a certificate chain. Sometimes called a "list of root keys", the ACL is the
source of empowerment for certificates. That is, a certificate passes permission from its issuer to its
subject, but the ACL is the source of that permission (since it theoretically has the owner of the
resource it controls as its implicit issuer). An ACL entry has potentially the same content as a
certificate body, but has no issuer (and is not signed). There is most likely one ACL for each
resource owner, if not for each controlled resource.
The set of rules that define the conditions under which an access may take place.
Security policy rules concerning the provision of the access control service.
protects against unauthorized use of network resources, and ensures that only authorized personnel
or devices are allowed access to network elements, stored information, information flows, services
and applications. In addition, Role-Based Access Control (RBAC) provides different access levels to
guarantee that individuals and devices can only gain access to, and perform operations on, network
elements, stored information, and information flows that they are authorized for.
The access control service provides means to ensure that resources are accessed by subjects only
in an authorized manner. Resources concerned may be the physical system, the system software,
applications and data. The access control service can be defined and implemented at different
levels of granularity in the TMN: at agent level, object level or attribute level. The limitations of
access are laid out in access control information: the means to determine which entities are
authorized to have access; what kind of access is allowed (reading, writing, modifying, creating,
deleting).
A security token that contains ACI.
A tone, announcement, or call redirection applied as appropriate.
This element of service enables a UA and an MTA to establish access to one another and to
manage information associated with access establishment. The element of service permits the UA
and MTA to identify and validate the identity of the other. It provides a capability for the UA to specify
its O/R address and to maintain access security. When access security is achieved through
passwords, these passwords can be periodically updated. NOTE A more secure form of access
management is provided by the element of service Secure Access Management.
A network that connects access technologies (such as a radio access network) to the core network.
As used in this document, an Access Node is a layer two termination device that terminates the
network end of the CM connection. It is technology specific. In J.112 Annex A it is called the INA
while in Annex B it is the CMTS
An IEEE 802.11 wireless hub, a special kind of station (STA) operating as an access point.
The operations and operands that form part of an attempted access.
A description of the type of authorized interactions a subject can have with a resource. Examples
include read, write, execute, add, modify, and delete.
Authentication delay, impostor acceptance rate and false rejection rate are parameters related to
the security aspects which is an additional requirement for UPT. Security of access to UPT service
is required in order to protect the users resources or information from unauthorized persons
(fraudulent use), or from unauthorized listening or recording of information (eavesdropping). The
access security procedures thus minimize the probability of incorrect charging, malicious call
redirection and ensure integrity of users information and privacy. Various methods and protocols to
provide access security for personal mobility (UPT) and terminal mobility (FPLMTS) are being
considered. Some of the potential options include (a) use of PIN (Personal Identification Number)
and UPT number over DTMF signalling; (b) use of a UPT device (smart card); and (c) use of
speaker verification techniques. Each option will have different characteristics with respect to the
access security parameters. In general, there will be a trade-off between false rejection (level of
user annoyance) and impostor acceptance (breach of security), and also between the level of
security (low impostor acceptance) and authentication delay. If a UPT device (smart card) is used
for authentication/verification, authentication delay will depend on the length of the authentication
A network operator that authenticates a UE and establishes the UE's authorization to receive
Internet service.
The operator of the access network to which the UE is attached.
The prime security threats to MHS, when an invalid user access into the system. If invalid users can
be prevented from using the system, the subsequent security threat to the system is greatly
reduced.
The property of being accessible and useable upon demand by an authorized entity
An additional content component that is intended to assist people hindered in their ability to
perceive an aspect of the main content. Examples: captions for the hard of hearing, subtitles in
various languages, sign-language interpretation video and descriptive audio.
Threats that exist with no premeditated intent. Examples of realized accidental threats include
system malfunctions, operational blunders and software bugs.
A formal business agreement for providing regular dealings and services between a principal and a
business service provider.
A method of relating accounts at two different providers that represent the same principal so that the
providers can communicate about the principal. Account linkage can be established through the
sharing of attributes or through identity federation.
The property that ensures that the actions of an entity may be traced uniquely to the entity.
A managed object representing a resource or another entity for which usage data are to be
maintained, requiring its usage to be attributed to a user.
An accounting authority identification code is assigned to each accounting authority (defined in the
International Telecommunication Regulations). In effect the accounting authority acts as a billing
intermediary between mobile stations and ROAs.
Accuracy is a measure of how well a local clocks time value and frequency compare to UTC.
1)a The percentage of security elements in the Review Sample that reference the correct CVE
identifiers.
1)b The percentage of security elements in the Review Sample that reference the correct CWE
identifiers.
BIP message conveying a response (acknowledgement) to a prior notification BIP message. NOTE
Not all notification BIP messages have a corresponding acknowledgement BIP message.
1) Process of obtaining content by the end-user.
2)a The process of obtaining content by the end-user. Note: For content with accessibility
features, this means that the content will be available in a form that can be used by the end-user.
2)b The process of obtaining content by the end user. Note: For content with accessibility features,
this means that the content will be available in a form that can be used by the end user.
1) An operation on a resource.
2) This operation is governed by a policy rule. Any action evaluated to be TRUE based on a rule
is triggered.
The MS is available for call delivery. This state is maintained by the MSC, the VLR and the HLR
(see also Available, Inactive and Unavailable).
This attack involves the modification or injection of Information listening.

A role that a system entity has donned when performing some operation, for example accessing a
resource.
When an attack involves writing data to the network or the system, we refer to this as an active
attack. Active attack is an intrusion into a computer network which attempts to delete or modify the
data stored on the IdM systems which form part of the network. This is one of the most serious
forms of attack since many companies' operations critically depend on data. Active security threats
include replay attacks; and man-in-the-middle attack.
The threat of a deliberate unauthorized alteration of information contained in the system, or change
to the state of the system. Note - Examples of security-relevant active threats may be: modification
of messages, replay of messages, insertion of spurious messages, masquerading as an authorized
entity, denial of service, malicious change to the routing tables of a system by an unauthorized user.
The actual clock rate is the frequency or rate at which a clock increments, including any
modifications resulting from frequency adjustment or clock training. The actual clock rate is
equivalent to the basic clock rate in the absence of or prior to any frequency adjustment
modifications.
The network capability which may afford dynamic QoS assurance to mobile UE according to
network capability, user preference and service administration policies during handover. With this
capability, the network may dynamically change the QoS resources granted to the individual flows of
a session upward or downward within the range set by the application.
1) an identifier for a specific termination point that is used for routing
2) the identifier for a specific termination point and is used for routing to this termination point.
Entity who arbitrates disputes that may arise as a result of repudiated events or actions i.e. who
evaluates the evidence and determines whether or not the disputed action or event occurred.
Adjudication can only be provided effectively if the parties to the dispute accept the authority of the
adjudicator
Adjustment rate is the frequency or rate at which a single time adjustment is applied to the local
clock.
An environment or context that is defined by some combination of one or more administrative
policies, Internet domain name registrations, civil legal entities (for example, individuals,
corporations, or other formally organized entities), plus a collection of hosts, network devices and
the interconnecting networks (and possibly other traits), plus (often various) network services and
applications running upon them. An administrative domain may contain or define one or more
security domains. An administrative domain may encompass a single site or multiple sites. The traits
defining an administrative domain may, and in many cases will, evolve over time. Administrative
domains may interact and enter into agreements for providing and/or consuming services across
administrative domain boundaries.
Assigning and making available unambiguous names according to this Rec.
Assigning and making available unambiguous names according to the ITU-T Recommendation
and/or International Standard defining the procedures for the Registration Authority.
A person who installs or maintains a system or who uses it to manage system entities, users, and/or
content. An administrator is typically affiliated with a particular administrative domain and may be
affiliated with more than one administrative domain.
the role which administers the system of its organization and maintains its functionality. For this
purpose, this role monitors the system usage, diagnoses the system by running integrity checks,
scanning vulnerability, and running penetration tests, and then assesses the security level of the
system. A system administrator inside each organization is one typical instance. A Managed Security
Service Provider (MSSP) also serves as an Administrator in case an organization outsources some
of the above operations to it.
A home network administrator is an entity or an agent that performs security-related activities, such
as a key generation, a key store, and a key distribution, and monitors the status of entities in the
home network.
A set of actions/policies taken by the network at session set-up phase in order to accept or reject a
service based on requested performance and priority criteria and the availability of necessary
resources.
A set of system entities that share a single namespace (in the federated sense) of identifiers for
principals.
1) An implementation of this Rec. operating in support of an installed Asset on a given Device, in
support of Server functionality or in support of Local Server functionality.
2) An entity that acts on behalf of another entity
3) As defined in Recommendation X.701, the Systems Management Overview (SMO), but with the
following restriction. With respect to a particular telecommunications service (or resource) instance,
it shall be possible to manage the service with one system playing the manager role, and the other
playing the agent role.
a sensor node that performs the data aggregation function in a sensor network
A function which generates an appropriate action in response to a security alarm and generates a
security audit message.
A warning or alarm message concerning an impending danger or problem.
A national, regional or international entity responsible for the management of alerts.
A mathematical process which can be used for the scrambling and descrambling of a data stream.
Another name, besides the object identifier, by which a trouble report may be known, referenced or
identified (usually by the customer).
an agreement between two or more independent entities that defines how they will relate to each
other and how they jointly conduct activities.
A location in the forwarding plane above which movement of the terminal equipment within a certain
topological scope is masked by the provision of mobility service at layer 3. "Above" means "on the
side away from the user equipment (UE)". There may be more than one anchor point on the path
between the UE and a correspondent entity.
The network within which an anchor point resides.
1) Ability to allow anonymous access to services, which avoid the tracking of users personal
Information and user behavior such as user location, frequency of a service usage, and so on.
2) The quality or state of being anonymous, which is the condition of having a name or identity
that is unknown or concealed.
3) A situation where an entity cannot be identified within a set of entities.Note - Anonymity
prevents the tracing of entities or their behaviour such as user location, frequency of a service
usage, and so on.
A method to inhibit the expansion of user data due to compression encoding.
A logical function for countering spam in IP-based multimedia applications. ASF can be located in
network elements such as proxy server, application server, etc.
Independent system, which contains anti-spam Processing Entity, anti-spam Processing Subentities, Email Servers and Email Clients.
The core in the anti-spam Processing Domain. It collects Information of email spam from entities at
lower level, and then builds a uniform and integrated rule system. Finally, the rule system should be
submitted to all of the entities at lower level.
Connected to one or more email service providers. It receives email spam Information from email
Servers or anti-spam equipments, and reports Information to the high-level entities after analyzing it
periodically. It also receives updating rules from high-level entities periodically and distribute to
these sub-entities.
Computer programs that attempt to identify, thwart and eliminate computer viruses and other
malicious software (maleware).
A small program that is intended not to be run on its own, but rather to be embedded inside another
application
The set of policies and policy sets that govern access for a specific decision request.
1)a A structured set of capabilities, which provide value-added functionality supported by one or
more services.
1)b A structured set of capabilities, which provide value-added functionality supported by one or
more services.
2) A special mobile banking or mobile commerce application uploaded to Clients (users) mobile
device.
3) An application is a service enabler deployed by service providers, manufacturers or users.
Individual applications will often be enablers for a wide range of services.
A co-operative relationship between two application entities, formed by their exchange of application
protocol control information through their use of presentation services.
in a large scale IdM system that identity services and policies are designed to satisfy requirements
for identity providers and relying parties and optimized for the requirements of applications, e.g.,
provisioning users account information. There are an identity provider and a relying party in the
application centric IdM system. When an identity service is provided for the user, the identity
exchange usually takes place between these two entities. Historically, the identity and access
management technologies have focused mainly on authentication of end-users for federated access
to applications and services. Therefore the security requirement is limited to the perimeter of its
application domains.
1)a An explicitly identified set of application-service-elements, related options and any other
necessary information for the interworking of application-entities on an application association.
1)b An explicitly identified set of application service elements, related options, and any other
necessary information for the interworking of application entities on an application association.
The aspects of an application process pertinent to OSI.
Standardized interface used by application/clients to access service capability features.
A protocol-aware device that interconnects two or more network regions which is able to interpret
and modify the application level protocols to provide transport address translations and other
functions. An ALG may provide transport level NAT and firewall functions internally, or may control
them externally.
Interface which provides a channel for interactions and exchanges between applications and NGN
elements. The ANI offers capabilities and resources needed for realization of applications.Note -The ANI supports only a control plane level type of interaction without involving media level (or data
plane) interaction. The ANI is used to provide connectivity to other service providers, and their
applications, also referred to as application providers in this Recommendation. It has to be noted
that a NGN operator can also be an application provider as it may support "in-house" applications.
The set of procedures required by the application.
A general reference to a provider that offers applications to the customers making use of the
services capabilities provided by the NGN.
An individual who has responsibility for the administration of those attributes and capabilities of an
application (sub-) system related to security of the application (e.g., application administrative and
user accounts and authorizations).
Element of service that allows the originator and the recipient to indicate in the heading of the EDI
message application security information in order to support end-to-end security services
An entity that connects to an open network for data communication with mobile terminals.
A service like mobile banking, mobile commerce, and so on.
This is an entity that provides various value-added services to the service requesters.
A mobile network element that performs Application Service Access control on mobile subscribers.
By correlatively reacting with the Security Correlation Server (SCS), it imposes service restrictions
on specified unsafe users based on the Application Service control policy of CRS.
An entity (person or group) which provides application service(s) to mobile users through an
application server.
An individual who has responsibility for the administration of all non-security related attributes and
capabilities of an application (sub-) system (e.g., application features, capabilities, configuration
parameters and monitoring of the application).
A cooperative relationship among application-entity invocations which enables the communication of
information and the coordination of their joint operation for an instance of communication. This
relationship may be formed by the transfer of application-protocol-control-information using the
presentation service.
IdM system that identity provider provides authentication and security token service for relying party
directly. The control for the release of users identity information resides within entities i.e. identity
provider and relying party and the flow of disseminating users identity information moves from IdP
to RP directly.
A term applied to requirements of this Rec. | International Standard that specify the actions to be
taken by an application when the W3C Encryption processing rules do not fully specify the actions
to be taken.
focuses on security of the network-based applications accessed by service provider customers.
These applications are enabled by network services and include basic file transport (e.g., FTP) and
web browsing applications, fundamental applications such as directory assistance, network-based
voice messaging and email, as well as high-end applications such as customer relationship
management, electronic/mobile-commerce, network-based training, video collaboration, etc.
Network-based applications may be provided by third-party Application ServiceProviders (ASPs),
service providers acting also as ASPs, or by enterprises hosting them in their own (or leased) data
centres. At this layer there are four potential targets for security attacks: the application user, the
application provider, the middleware provided by third-party integrators (e.g.,web-hosting services),
and the service provider.
An application-specific field in the IPSec header that along with the destination IP address provides
a unique number for each SA.
Automatic Protection Switch (APS) Channel is used to carry information between the two ends of a
linear protection group to coordinate the head end bridge with the tail end selector for 1:n protection,
and to coordinate the selectors in both directions in the case of bidirectional protection.
A set of rules to define the structure of a system and the interrelationships between its parts.
The sequence of RDNs and associated administrative information common to all entries within a
replicated area .
The set of characters, specified in clause 10, used in the ASN.1 notation.
Rules which specify the representation during transfer of the values of ASN.1 types. Encoding rules
also enable the values to be recovered from the representation, given knowledge of the type. Note For the purpose of specifying encoding rules, the various referenced type (and value) notations,
which can provide alternative notations for built-in types (and values), are not relevant.
A collection of one or more ASN.1 modules.
The ratio of the width to the height of a rectangular area, such as the defined display area.
Formally, the administrative domain that hosts one or more SAML authorities. Informally, an
instance of a SAML authority.
1) A piece of data produced by a SAML authority regarding either an act of authentication
performed on a subject, attribute Information about the subject, or authorization data applying to the
subject with respect to a specified resource.
2) a statement made by an entity without accompanying evidence of its validity. Note - The terms
assertion and claim are agreed to be very similar.
accumulates known rules and criteria for assessing the security level of IT assets, checklists of
configurations, and heuristics including best practices. The CVSS/CWSS formula are two of the
best practices for assessing security levels and are accumulated in this knowledge base. Apart from
that, XCCDF and OVAL can be utilized to describe rules and provide checklists.
Assessment results format (ARF) is an open specification that provides a structured language for
exchanging per-device assessment results data between assessment tools, asset databases, and
other products that manage asset information. It is intended to be used by tools that collect detailed
configuration data about IT assets. ARF also includes an aggregate reporting specification to enable
reporting on information across multiple assets and a tasking and query language to enable
requesting assessment results. The security automation specifications describe an end-to-end
process for delivering assessment content to data stores, requesting assessments against that
content, reporting on the results of those assessments, and aggregating assessment results to an
enterprise level.
1) a device, separately identifiable piece of hardware, application, operating system or instance of
executable code.
2) Anything that has value to the organization, its business, its operations and its continuity.
3) Anything that has value to the organization NOTE: There are many types of assets, including:
a) information; b) software, such as a computer program; c) physical, such as computer; d) services;
e) people, and their qualifications, skills, and experience; and f) intangibles, such as reputation and
image.
Person or an organization who is designated by an asset owner for secure management and
protection of asset.
Person or an organization who has the ownership and a final obligation of asset management such
as asset acquisition, permit of asset use, disposal or discard of asset, etc.
Assets are valuable properties to be protected by mobile terminal or service provider. Assets are
divided into three kinds of assets; Information asset, service asset, and system assert.
Alarms directly related to a given identified trouble.
see application-association
Security state relating to a security association.
1) a measure of confidence that the security features and architecture of the Identity Management
capabilities accurately mediate and enforce the security policies understood between the Relying
Party and the Identity Provider.
2)
The degree of confidence that the process or deliverable meets defined characteristics or
objectives.
3)
see authentication assurance and identity assurance
1) A level of confidence in the binding between an entity and the presented identity information.
2) a quantitative expression of Assurance agreed between a Relying Party and an Identity
Provider.
A method of authentication, in which not all authentication information is shared by both entities.
An algorithm for performing encipherment or the corresponding decipherment in which the keys
used for encipherment and decipherment differ. Note - With some asymmetric cryptographic
algorithms, decipherment of ciphertext or the generation of a digital signature requires the use of
more than one private key.
1) The activities undertaken to bypass or exploit deficiencies in a system's security mechanisms.
By a direct attack on a system they exploit deficiencies in the underlying algorithms, principles, or
properties of a security mechanism. Indirect attacks are performed when they bypass the
mechanism, or when they make the system use the mechanism incorrectly.
2) An attack may either be a known attack or an unknown attack. The known attack means that
the pattern or packet for attack is opened. Although the pattern or packet for attack is not opened for
the unknown attack, it refers to the behavior related to worsening network situation.
accumulates information on attacks such as on attack patterns, attack tools (e.g., malware), and
their trends. Trend information includes, for instance, past attack trends in terms of geography and
attack targets, and statistical information on past attacks. CAPEC and MAEC can be utilized to
describe the contents of the knowledge base.
contains information on attacks derived from analyses of incident records. It describes the attack
sequence; such as how the attack was initiated, which part of IT assets were targeted, and how the
attack's damage was propagated. Note that this record needs to be linked to the incident record.
1) In the context of message handling, an information item, a component of an attribute list, that
describes a user or distribution list and that can also locate it in relation to the physical or
organizational structure of MHS (or the network underlying it).
2) A distinct characteristic of an object. For real world objects, attributes are often specified in
terms of physical traits, such as size, shape, weight, and colour. Objects in cyberspace might have
attributes describing size, type of encoding, network address, and so on. Attributes are often
represented as pairs of "attribute name" and "attribute value(s)", e.g., "foo" has the value 'bar',
"count" has the value 1, "gizmo" has the values "frob" and "2".
3) Characteristic of a subject, resource, action or environment that may be referenced in a
predicate or target.
4) Information bound to an entity that specifies a characteristic of the entity.
5) Descriptive information bound to an entity that specifies a characteristic of an entity such as
condition, quality or other information associated with that entity.
6) Information concerning a managed object used to describe (either in part or in whole) that
managed object. This information consists of an attribute type and its corresponding attribute value
(single-valued) or values(multi-valued).
An assertion that conveys Information about attributes of a subject.
1) An authority which assigns privileges by issuing attribute certificates.
2)a An entity trusted by one or more entities to create and sign attribute certificates. Note - a CA
may also be an AA
2)b An entity trusted by one or more entities to create and sign attribute certificates. Note that a CA
may also be an AA.
3) A system entity that produces attribute assertions.
4) An entity that binds attributes to identities. Such a binding may be expressed using a SAML
attribute assertion with the attribute Authority as the issuer.
A revocation list containing a list of references to attribute certificates issued to AAs that are no
longer considered valid by the issuing authority.
A data structure, digitally signed by an Attribute Authority, that binds some attribute values with
identification information about its holder.
A revocation list containing a list of references to attribute certificates that are no longer considered
valid by the issuing authority.
Indicates whether or not all user attributes are included in an entry-copy.
This is the identity service that provides for attribute interchange and synchronization. This is one of
the most critical service with related to security since attribute is exchanged using a communication
network. Different levels of security mechanisms are required as communication media varying from
wired to wireless.
1) An identifier that denotes a class of information (e.g. personal names). It is a part of an
attribute.
2)a A component of an attribute that indicates the class of information given by that attribute.
2)b The component of an attribute that indicates the class of information given by that attribute.
1) An instance of the class of information an attribute type denotes (e.g. a particular personal
name). It is a part of an attribute.
2)a A particular instance of the class of information indicated by an attribute type.
2)b A particular instance of the class of information indicated by an attribute type.
This service provides a commentary describing the visual events pertinent to the content and
augments the dialog in the content. Note: Audio description is primarily intended to assist users who
are unable to see the video content clearly. The narrative passages fit between the dialogue and
other significant audio content so as not to interfere with it. Ideally, the user can control the volume
and spatial positioning of the audio or derive it from a separate output.
An Audio Server plays informational announcements in IPCablecom network. Media

announcements are needed for communications that do not complete and to provide enhanced
information services to the user. The component parts of Audio Server services are Media Players
and Media Player Controllers.
Characterization of any sound stimulus that can be detected by, affects or is likely to affect or
damage, the human ear or otherwise impair hearing. NOTE 1 The term AUDIOIN is used both
as an adjective applied to a stimulus, but more commonly as a noun referring to an AUDIOIN
stimulus. NOTE 2 AUDIOIN includes quantities and units related to both the effect of loud sounds
on the ear, and the frequency range and possible impairment of human hearing.
Characterization of any sound produced by the vocal chords of a human being, or through activators
for disabled speech, or by mechanical, possibly amplified, production of sound that can be detected
by the human ear or a sensor. NOTE 1 The term AUDIOOUT is used both as an adjective
applied to a specific output, but more commonly as a noun referring to a AUDIOOUT specific
output. NOTE 2 AUDIOOUT includes quantities and units related to the production of sound by
the vocal chords, including musical ranges (alto, tenor, etc.) or production of sound with
amplification and the quantification of the loudness of such output, where it affects the human
physiology or may be used in telebiometrics
See security audit
A function that checks a security audit trail in order to produce, if appropriate, security alarms and
security audit messages.
A function that archives a part of the security audit trail.
The manager responsible for defining those aspects of a security policy applicable to conducting a
security audit.
A function which transfers parts, or the whole, of a distributed security audit trail to the audit trail
collector function.
A function that provides security audit trail records according to some criteria.
A function that generates security audit records and stores them in a security audit trail.
See security audit trail.
A function that gathers records from a distributed audit trail into a security audit trail.
A function that builds security reports out of one or more security audit trails.
A distinguishing identifier of a principal that has been assured through authentication.
1) The process of corroborating an identity. Note -- See principal and verifier and the two
distinguished form of authentication (data origin auth. + entity auth.). Authentication can be
unilateral or mutual. Unilateral authentication provides assurance of the identity of only one
principal. Mutual authentication provides assurance of the identities of both principals.
2) The provision of assurance of the claimed identity of an entity. NOTE The usage of the word
identity is made with the understanding that, in the context of telecommunications, it is an identifier
or set of identifiers that is trusted, meaning it is considered to be reliable for the purposes of a
particular situation to represent a network element, network terminal equipment, or user, after the
completion of a validation process. As the term is used here, one cannot conclude that trusted
identifiers constitute positive validation of a person.
3)a The corroboration of the identity of objects relevant to the establishment of an association.
For example, these can include the AEs, APs, and the human users of applications. NOTE This
term has been defined to make it clear that a wider scope of authentication is being addressed than
is covered by peer-entity authentication in CCITT Rec. X.800.
3)b The corroboration of the identity of objects relevant to the establishment of an association. For
example, these can include the AEs, APs, and the human users of applications. NOTE - This term
has been defined to make it clear that a wider scope of authentication is being addressed than is
covered by peer-entity authentication in CCITT Rec. X.800 | ISO 7498-2.
4)a
4)b
5)a
The process of verifying the claimed identity of an entity to another entity.

The process of verifying the claimed identity of an entity to another entity.
The process intended to allow the system to check with certainty the identification of a party.
5)b
The process intended to allow the system to check with certainty the identification of a party.
6) the process of determining whether someone or something is, in fact, who or what it is
declared to be within a degree of confidence.
7) A process which allows for checking with certainty the identity of a party involved in a
communication, and generally follows identification, establishing the validity of the claimed identity,
providing against fraudulent actions.
8)
See data origin authentication, and peer entity authentication. Note - In Rec. X.800 the term
authentication is not used in connection with data integrity; the term data integrity is used
instead.
9) A process to achieve sufficient confidence in the binding between the entity and the presented
identity. Note - Use of the term authentication in an identity management (IdM) context is taken to
mean entity authentication.
10) A property by which the correct identifier of an entity or party is established with a required
assurance. The party being authenticated could be a user, subscriber, home environment or serving
network.
11) A property by which the correct identity of an entity or party is established with a required
assurance. The party being authenticated could be a user, subscriber, home environment or serving
network.
12) The act of verifying the identity of an entity (e.g., a user, device).
13)a A process by which the verification of the UPT user identity is accomplished.
13)b A process by which the verification of the UPT user identity is accomplished.
14) The network should ensure that a data exchange is established with the addressed peer
entity (and not with an entity attempting a masquerade or a reply of a previous establishment) and
that the data source is the one claimed. Authentication generally follows identification, establishing
the validity of the claimed identity, providing against fraudulent transactions. Identification,
authentication and authorization information should be protected by the network. When this
requirement is requested in a connection-oriented association, it is known as peer entity
authentication; when it supports a connectionless association, it is known as data origin
authentication.
15)a The act or method used to verify a claimed identity.
15)b The act or method used to verify a claimed identity.
16) Authentication involves the verification that the sending and receiving entities are as claimed.
This includes the service source, the receiving device, and the subscriber. Authentication helps
prevent theft of service by validating end devices and users, but it does not prevent content from
being illegally copied or, prevent unauthorized access by 3rd parties who are monitoring the link. It
does do a good job at preventing DoS attacks because traffic can be rejected if it does not come
from a valid source. By itself authentication does not provide any service confidentiality support,
encryption must be used.
17) Method to establish security services by means of simple or strong authentication. There are
two kinds of authentication: data origin authentication and peer entity authentication. Note - See
Recommendation X.509 for more information.
Authentication service is to verify the legitimate users or entities that requests for access to the
system or resources. Authentication is the key service that IdM system provides for relying parties,
Password crack and masquerading should be prevented at all cost.
1) a combined security service, part of the baseline profile that supports message integrity in
conjunction with user authentication. The user may ensure authentication by correctly applying a
shared secret key procedure. Both security services are provided by the same security mechanism.
2) a combined security service that supports message integrity in conjunction with user
authentication. The user authenticates when correctly digitally signing some piece of data by the
private key. In addition to that, the message is protected against tampering. Both security services
are provided by the same security mechanism. Combined authentication and integrity is possible
only on a hop-to-hop basis. Procedure II specifies this security service. NOTE When digital
signatures are applied, a non-repudiation security service may be supported; this depends also on
the settings of the key usage bits of the signing key in the certificate (see also RFC 3280).
An assertion that conveys Information about a successful act of authentication that took place for a
subject.
1) The degree of confidence reached in the authentication process, that the communication
partner is the entity that it claims to be or is expected to be.
2)
See Assurance
A system entity that produces authentication assertions.
Authentication mechanisms supported by a service subscriber or a service provider.
Entity that manages the authentication information related to the MS. The AC may, or may not be
located within, and be indistinguishable from an HLR. An AC may serve more than one HLR.
A security certificate that is guaranteed by an authentication authority and that may be used to
assure the identity of an entity.
Set of data related to authentication. They include authentication parameters and authentication
information.
This function controls and manages the authentication data which include authentication
parameters and authentication information required in the network.
The time interval from the instant the UPT user completes the authentication request (e.g. imputing
the PIN/password) until the UPT user receives the decision (acceptance or rejection) from the
network.
See: claimant, principal, trusted third party and verifier.
1) A mechanism intended to ensure the identity of an entity by means of information exchange..
2) A sequence of one or more transfers of exchange authentication information for the purposes
of performing an authentication
Element designed to authenticate, possibly mutually, the identity of an MTS user to an MTA, an MTA
to an MTA, an MTA to an MTS-user, an MS to a UA, or a UA to an MS; based on the exchange or
use of secret data, either passwords, asymmetrically encrypted tokens, or symmetrically encrypted
tokens. The result of the exchange is corroboration of the identity of the other party, and, optionally,
the transfer of confidential data. Such an authentication is only valid for the instant that it is made
and the continuing validity of the authenticated identity depends on whether the exchange of
confidential data, or some other mechanism, is used to establish a secure communication path. This
security element uses the Initiator Credentials argument and the Responder Credentials result of
the MTS-bind, MSbind, and MTA-bind services. The transferred credentials are either passwords or
tokens. Where passwords are used for authentication, these may be either simple passwords or
protected passwords.
An optional FRCP (Frame Relay Compression and Privacy Protocol) facility used to authenticate
two devices based on a preselected authentication protocol. If desired, the implementation must
perform the initial authentication before invoking the encryption, secure data compression or data
compression facilities. The authentication is peer to peer, both the peers must authenticate each
other before bidirectional traffic can flow across the connection.
A piece of information used to authenticate or verify a person's identity with regard to appearance or
in a procedure for security purposes and with respect to individually granted access rights.
Authentication factors consist of ownership factor, knowledge factor, and inherent factor.
A general framework for the provision of authentication service; two party and (trusted) third party
authentication frameworks.
1) The authentication function provides assurance of the claimed identity of an object. In the
context of authentication, objects fulfil one or more of the following roles: principal; claimant; trusted
third party. Authentication requires use of exchange authentication information. There are two forms
of authentication: peer entity authentication, providing corroboration of the identity of a principal
within the context of a communication relationship; and data origin authentication, providing
corroboration of the identity of the principal responsible for a specific data unit. Any identifiable
object in an ODP system can be the principal for authentication, including both objects that model
people and those that model computer systems. The object initiating an authentication is not
necessarily the claimant. In an authentication involving two objects, either or both objects can have
the role of claimant. Where both objects have the role of claimant the style of authentication is
known as mutual authentication. Exchange authentication information is passed from the initiating
object to the responding object and further exchange authentication information may then be
passed
the reverse
direction. Additional
exchanges
may also
take place:
authentication
2) TheinAuF
(AuF = authentication
function)
is the security
functional
entitydifferent
in the home
domain
that maintains security relationship with the subscribed mobile users and the subscribed mobile
terminals. -- Among further tasks not described in H.530, the AuF shall accomplish at least the
following tasks: a) Evaluate incoming AuthenticationRequest messages from a visited domain,
check the authenticity and integrity of such messages, and particularly, the AuF shall authenticate
the mobile user and optionally also the mobile terminal (MT) if provided and desired. b) Upon
successful authentication of the mobile user/terminal, the AuF shall decide upon granting
authorization. Exactly how the AuF would achieve this decision is outside the scope of this Rec., but
some policy database or certain access rules might be appropriate. c) Further on, the AuF shall
support and assist the visited domain in the key management task; specifically, the AuF shall
authenticate a received Diffie-Hellman half-key and GKID from the visited domain using the
corresponding user shared secret. d) Finally, the AuF shall respond back to the visited domain about
the
with the authenticated
value
Diffie-Hellman
half-key
and
3)a security
An application-function
withintaken,
an application-entity
invocation
that
processes and
exchanges
authentication-values with a peer authentication-function.
Authentication header is an IPSec security protocol that provides message integrity for complete IP
packets, including the IP header.
1) Information used to establish the validity of a claimed identity.
2) Information used for authentication purposes. Note- types of AI are: exchange AI, claim AI,
verification AI
3) Information which is used for user authentication. In a challenge/response based authentication
mechanism, typical authentication information is a set of challenge, response and ciphering key,
referred to as a triplet.
The entity that starts an authentication exchange.
1) Authentication mechanisms are used to provide for encryption, data integrity and digital
integrity.
An identifier that specifies authentication mechanisms between an Service Subscriber (SS) and an
Entity Authorization Centre (EAC), a Service Provider(SP) and an EAC, and authentication
inquiring/derived key generation mechanism/mutual authentication mechanisms between an SS and
an SP.
A procedure that happens during the authentication procedure in which, according to the local
policy, the EAC must choose an authentication mode from the authentication mechanisms
supported by service providers/service subscribers and the network.
A secret data prepared for individual user authentication. A typical permanent user secret data is a
user authentication key. A session user secret data may be used as an authentication parameter,
referred to as shared secret data (SSD).
The process of authentication between a service entity and the EAC, and authentication between
two service entities, i.e. an SS and an SP. Generally, a whole authentication procedure comprises
three independent integral sub-procedures: initial authentication between service entity and EAC;
authentication inquiring and key generation/transportation/negotiation; and mutual authentication
between service entities.
A server, residing on the IPTV service providers side, which is responsible for managing a secure
downloadable SCP message exchange with SM on the IPTV terminals side. It authenticates a
security module (SM) and acts as proxy for downloadable SCP services. The authentication proxy
plays the role of sub-function of the right and key management function.
serves to confirm the identities of communicating entities, and ensures the validity of the claimed
identities of the entities participating incommunication (e.g., person, device, service or application)
and provides assurance that an entity is not attempting a masquerade or unauthorized replay of a
previous communication.
Elements to support authentication and integrity security services: Authentication Exchange Security
Element, Data Origin Authentication Security Elements, Proof of Submission Security Element,
Proof of Delivery Security Element.
1) Authentication servers refer to servers that provide authentication services to users or other
systems. Authentication is generally used as the basis for authorization (determining whether a
privilege will be granted to a particular user or process), privacy (preventing the disclosure of
Information to non-participants), and non-repudiation (not being able to deny having done
something that was authorized to be done based on the authentication).
2) A server that performs the secure downloadable SCP function with SM on the terminal side in
the IPTV context.
The authentication service delivers proof that the identity of an object or subject has indeed the
identity it claims to have. Depending on the type of actor and on the purpose of identification, the
following kinds of authentication may be required: user authentication, peer entity authentication,
data origin authentication. Examples of mechanisms used to implement the authentication service
are passwords and Personal Identification Numbers (PINs) (simple authentication) and
cryptographic-based methods (strong authentication).
A set of entries which is directly accessible by the verifier. The path used to access the table has
integrity protection, and additionally, for symmetric mechanisms, confidentiality protection.
Information conveyed during a strong authentication exchange, which can be used to authenticate
its sender.
1)a The output from an authentication-function to be transferred to a peer ACSE serviceuser for
input to the peers authentication-function.
2)
The authentication-value consists of information used by a pair of authentication-functions to
perform authentication. It can consist of information such as, credentials, a time-stamp, a digital
signature, etc. It can also identify the type and/or name of object to be authenticated (AE, human
user, etc.). An authentication-mechanism may be part of an ASE that provides security facilities to its
service-user and in this situation, the authentication-mechanism name identifies the ASE and the
authentication-value is an APDU of the ASE.
An entity that provides IP-based authentication, authorization, and accounting. The AAA maintains
security associations with peer AAA entities to support intra- and/or inter-administrative domain AAA
functions. - The Authentication Function provides Authentication of users. - The Authorization
Function of AAA provides authorization of service requests based on subscriber profiles, and
network policy. It also generates keys required for establishing security associations between
PDSNs in access provider networks and HAs in home IP networks. - The Accounting Function
gathers accounting data concerning the services used by individual subscribers.
The AAA protocol can be used as transport mechanism for the EAP message; it consists of RADIUS
and Diameter. In general, the terms AAA server and backend authentication server are used
interchangeably.
3)b An application-function within an application-entity invocation that processes and exchanges
authentication-values with a peer authentication-function.
1)a The specification of a specific set of authentication-function rules for defining, processing, and
transferring authentication-values.
1)b The specification of a specific set of authentication-function rules for defining, processing, and
transferring authentication-values.
2) An authentication-mechanism is a particular specification of the processing to be performed by

a pair of application functions for authentication. This specification contains the rules for creating,
sending, receiving and processing information needed for authentication. Annex B of X.227 is an
example, it defines the authentication of the sending AEI based on its AE title and its password,
where the password is contained in the Authentication-value parameter. An authenticationmechanism may be part of an ASE that provides security facilities to its service-user.
An authentication-mechanism name is used to specify a particular authentication-mechanism. For
example, the name of the authentication-mechanism specified in X.227 Annex B, is assigned (i.e.
registered) in that annex. The value has the data type of an OBJECT IDENTIFIER. An
authentication-mechanism name may also be used to specify a more general security mechanism
that includes an authentication-mechanism. An example of a general security mechanism is an ASE
that provides security facilities to its service-user). Authentication-mechanism names and general
security mechanism names are subject to registration within OSI (see 12/X.227). An authenticationmechanism may be part of an ASE that provides security facilities to its service-user and in this
situation, the authentication-mechanism name identifies the ASE.
1) security service offered by the baseline security profile as an option that supports authentication
of selected fields only, but does not provide full message integrity. The authentication-only security
profile is applicable for signalling messages traversing NAT/firewall devices. The user may ensure
authentication by correctly applying a shared secret key procedure. When using symmetric key
techniques, the security services authentication/integrity only apply on a hop-by-hop basis.
2) security service of the signature security profile that supports user authentication where the
user authenticates when correctly digitally signing some piece of data by the private key. Note that
this security service does not provide countermeasures against arbitrary cut and paste, message
manipulation or tampering attacks. Authentication-only may be useful for security proxies that verify
authenticity of the message (data origin authentication) when forwarding the message to another
destination (e.g., Gatekeeper). NOTE The forwarding usually changes certain parts of the
message; thus end-to-end integrity cannot be realized. Nevertheless, authentication-only can be
applied on a hop-by-hop basis as well. Procedure III specifies this security service for an end-to-end
scenario while procedure II specifies this security service for the hop-by-hop case.
1)b The output from an authentication-function to be transferred to a peer ACSE service-user for
input to the peer's authentication-function.
1) a Network Element that facilitates identification and authentication of subscribers, devices or
end-users. For example, Border Elements with B2BUA functionality or P-CSCFs can be
Authenticators of subscribers for SIP-based services.
2) The authenticator refers to the endpoint of the link initiating EAP authentication when a
supplicant wants to access the network.
1)a The ability to ensure that the given information is without modification or forgery and was in
fact produced by the entity who claims to have given the information.
1)b The ability to ensure that the given information is without modification or forgery and was in
fact produced by the entity who claims to have given the information.
2) The property that the claimed data source can be verified to the satisfaction of the recipient.
Protection for mutual authentication and data origin authentication.
An Identity Provider responsible by law, industry practice, or system implementation for the definitive
identity response to a query. For many identities, the authoritative identity provider will be the
registration authority or device that established the identities and their bindings to the entity at a
point in time. The authoritative identity provider may also be the entity itself where appropriate.
1) An entity, responsible for the issuance of certificates. Two types are defined in this
Specification; certification authority which issues public-key certificates and attribute authority which
issues attribute certificates.
2) An entity which provides the assurance of validity to a verifier. This authority is able to ensure a
verifier of the validity of the prover but it might be unable to get this assurance for itself (e.g.
untrusted verifier).
A certificate issued to an authority (e.g. either to a certification authority or to an attribute authority).
A set of managed objects managed by a managing application in the context of a particular authority
relationship set.
The relationship between a managing application and a managed object, in which the managing
application has the authority to manage the managed object.
A set of authority relationships, each authority relationship of the set being defined from some
common standpoint of allocated management responsibility.
1) The granting of rights, which includes the granting of access based on access rights. Note: this
definition implies the rights to perform some activity (such as to access data); and that they have
been granted to some process, entity, or human agent.
2) The granting of permission on the basis of authenticated identification.
3)a The act of giving access to a service or device if one has the permission to have the access
3)b The act of giving access to a service or device if one has the permission to have the access.
4) The process of determining, by evaluating applicable access control Information, whether a
subject is allowed to have the specified types of access to a particular resource. Usually,
authorization is in the context of authentication. Once a subject is authenticated, it may be
authorized to perform different types of access.
5) The granting of rights, and, based on these rights, the granting of access.
6) It presents how, and under what conditions, self-service management actors can use selfservice functions and what self-service actions they are permitted to perform.
7) A property by which the access rights to resources are established and enforced.
8) A prescription that a particular behaviour must not be prevented.
9)a The act of determining if a particular privilege, such as access to telecommunications
resource, can be granted to the presenter of a particular credential.
9)b The act of determining if a particular privilege, such as access to telecommunications
resource, can be granted to the presenter of a particular credential.
A person who is responsible for the management of policy used in authorization.
Authorization service is designed to deal with making decisions regarding the users access rights
and enforcing authorization decisions according to the users privileges. This service is required to
protect the identity system from an unauthorized access and usage.
An entity which issues identification information of CAM and performs authentication process when
CAM requests renewing of CACS.
An authorization certificate is a signed object that empowers the subject. It contains at least an
issuer and a subject. It can contain validity conditions, authorization and delegation Information. In
general, certificates can be grouped into three categories: ID certificate which maps the name and a
public key of a subject, attribute certificate that maps an authorization and a name of the subject,
and authorization certificate that maps an authorization and a public key of subject. An authorization
or attribute certificate can delegate all the permissions it has received from the issuer or it can
delegate along only a portion of that empowerment.
1)a A digital word which describes the personality or service access capability of the subscriber
decoder unit. NOTE This code word, which is based on the service access authorized by the
billing system, determines which keys are distributed to each customer, and is required at the
subscriber decoder to authorize the descrambling of any specific program.
1)b A digital word which describes the personality or service access capability of the subscriber
decoder unit. NOTE - This code word, which is based on the service access authorized by the billing
system, determines which keys are distributed to each customer, and is required at the subscriber
decoder to authorize the descrambling of any specific program
1) The result of evaluating applicable policy, returned by the PDP to the PEP. A function that
evaluates to "Permit", "Deny", "Indeterminate" or "NotApplicable", and (optionally) a set of
obligations.
2) The result of an act of authorization. The result may be negative, that is, it may indicate that
the subject is not allowed any access to the resource.
An assertion that conveys Information about an authorization decision.
An architectural framework for understanding the authorization of Internet resource and service;
single domain and roaming sequence models.
1)a Abstract module that the CMTS can contact to authorize Service Flows and Classifiers. The
authorization module tells the CMTS whether the requesting CM is authorized for the resources it is
requesting.
1)b Abstract module that the CMTS can contact to authorize Service Flows and Classifiers. The
authorization module tells the CMTS whether the requesting CM is authorized for the resources it is
requesting.
An entity that is in charge of authorizing a home subject by controlling access from the home subject
to a home resource.
This element of service enables the originator to indicate to the recipient UA the date and time at
which a message was formally authorized. Depending upon local requirements, this date and time
stamp may vary from the date and time when the message was submitted to the MTS. This element
of service may be used to augment the Authorizing Users Indication Element of service (see B.6) to
provide supplementary information about the authorizing event.
A piece of information, either clear or encrypted, which can be used to validate a request for specific
resources. This information is used as a unique identifier in policy pull mode. The token is generated
by the MGC and may be sent back by the MG to the MGC for the re-authorization of the resource
request in the pull mode. NOTE The authorization token may or may not use H.248 information
elements.
The performance of those activities for which rights have been granted (and not revoked).
A person or an organization authorized to obtain premium privileges and capabilities in national
and/or international emergency situations.
This element of service allows the originator to indicate to the recipient the names of the one or
more persons who authorized the sending of the message. For example, an individual can authorize
a particular action which is subsequently communicated to those concerned by another person such
as a secretary. The former person is said to authorize its sending while the latter person is the one
who sent the message (originator). This does not imply signature-level authorization.
1) The property of being accessible and useable upon demand by an authorized entity.
2) The reliability and timely access to data and resources by authorized individuals.
3)a Ensuring that authorized users have access to information and associated assets when
required.
3)b Ensuring that authorized users have access to information and associated assets when
required.
ensures that there is no denial of authorized access to network elements, stored information,
information flows, services and applications due to events impacting the network. Disaster recovery
solutions are included in this category.
The MS can accept a call delivery (i.e., the MS is in a known location and it is in a state able to
accept call deliveries). The availability of a MS to accept a call delivery is maintained only by the
MSC (see also Active, Inactive and Unavailable).
(in VoIP spam score) the ratio of the number of suspicious calls to the number of all attempting calls
where a suspicious call is a call whose required bandwidth is more than a certain value. For
example, if a sender generates traffic over 10% of average call traffic, the call is considered a
suspicious call.
Back channel refers to direct communications between two system entities without "redirecting"
messages through another system entity such as an HTTP client (e.g., a user agent).
A backend authentication server, i.e., authentication server, pertains to an entity providing

authentication service to an authenticator. A typical backend authentication server is the AAA server.
The backup operations when applied to software managed object causes a copy of the underlying
resources to be made. It has no direct effect on the original software resources. Note: The backup
operation may well be applicable to other classes of managed objects, however as far as X.744 is
concerned, only its use with software is considered.
Feature by which joining members are not allowed to decrypt past data. NOTE This definition is
consistent with RFC 4046.
An unordered collection of values, in which there may be duplicate values.
As in the meaning of word bait, bait spam is a kind of spam on which the senders of spam use
some sort of bait to lure users. The lured user is attacked by the bait spam.
An electronic funds account held by a private individual or a corporate entity in a bank or other
financial institution authorized by the country's national monetary authority (e.g. central bank), which
can be used for payment for goods and services.
A CRL that is used as the foundation in the generation of a dCRL.
A bitstream subset that contains all the NAL units with the nal_unit_type syntax element equal to 1
and 5 of the bitstream and does not contain any NAL unit with the nal_unit_type syntax element
equal to 14, 15, or 20 and conforms to one or more of the profiles specified in Annex A (of X,1192)
One of the classifications of the interaction of a human body with its environment based on the
physical nature of the interaction or on the human sensory system that it affects (see 3.5.1 to
3.5.10). NOTE If the interaction is from the environment to the human body it is described as an
in-modality. If it is from the human body to the environment is described as an out-modality
A unit that cannot be expressed in terms of any other base unit. NOTE 1 Base units are used in
the specification of derived units. NOTE 2 Examples of base units are metre, kilogram, second,
candela, etc. (see ISO 31 and IEC 60027 1).
The Baseline Privacy Interface Plus is the security portion of the J.112 standard that runs on the
MAC layer.
The basic clock rate is the frequency or rate at which a clock increments in the absence of any
modifications resulting from frequency adjustment.
Coverage area served by one access point (AP).
This term is used as a common reference to both bearer services and teleservices
An information transmission path of defined capacity, delay and bit error rate, etc.
A transmission function, which the UE requests to the network.
(UICC) Mechanism by which the ME provides the (U)SIM applications on the UICC with access to
the data bearers supported by the ME and the network.
A type of telecommunication service that provides the capability of transmission of signals between
access points.
The bidirectional information process is a combination of the two types of multimedia information
presentation processes (both download and upload). The ID terminal and the multimedia
information delivery function exchange multimedia information with each other. A simple example is
a video-conference system. In this case, the ID terminal and the video-conference server exchange
audio/video information with each other, after the ID terminal has read all participants' identifiers and
resolved the video conference service.
A protection switching architecture in which, for a unidirectional failure (i.e., a failure affecting only
one direction of transmission), both directions (of the "trail", "subnetwork connection", etc.) including
the affected direction and the unaffected direction, are switched to protection.
A function whereby CDRs generated by the charging function are transformed into bills requiring
payment.
The bits in binary numbers or sequences are numbered from the left, according to engineering
notation. Bit 0 is on the right and is the least significant one; the bit on the left is the most significant
one. Note: an example of engineering notation for an n-bit number: bn1bn2 ... b1b0
1)a An explicit established association, bonding, or tie.

1)b An explicit established association, bonding, or tie.
Generically, a specification of the mapping of some given protocol's messages, and perhaps
message exchange patterns, onto another protocol, in a concrete fashion. For example, the
mapping of the SAML <AuthnRequest> message onto HTTP is one example of a binding. The
mapping of that same SAML message onto SOAP is another binding. In the SAML context, each
binding is given a name in the pattern "SAML xxx binding".
1)a Pertaining to the field of biometrics. NOTE "biometric" should never be used as a noun.
1)b Pertaining to the field of biometrics
1)a Process of confirming an individuals identity, either by verification or by identification
1)b
Process of confirming an individuals identity, either by verification or by identification
Device that collects a signal from a biometric characteristic and converts it to a biometric sample .
Process of collecting or attempting to collect a signal from a biometric characteristics and converting
it to a biometric sample.
1) A data structure binding the users identity and biometric feature and digital signed by the
certificate authority which issued it
2) A signed data structure binding a user to one of his/her BITs, issued by a Biometric Certificate
Authority, and containing the security levels used in the enrolment process. NOTE Examples of
the semantic content of biometric certificates are the data contained in biometric passports,
biometric identity cards or biometric driving licences or stored in equivalent databases. However,
these currently (2008) do not use the standardised formats for a BC defined in X.1089, and do not
currently identify the security level of the enrolment process.
1)
An entity, responsible for the issuance of biometric certificate.
2) One of third trusted party which certifies for an integrity of biometric reference and procedure
of biometric product evaluation report
3) A trusted third party that a user can enrol with and that issues or records a Biometric
Certificate. It certifies the binding relationship between the holder of a BC and his/her BIT, using a
digital signature. NOTE 1 The BCA will normally perform checks on the identity of the user before
issuing a BC containing the BIT of that user. NOTE 2 The BIT may be included in the certificate, or
there may simply be a URI that points to where it is stored.
A Revocation List that includes reference to a Biometric Certificate.
An independent third-party auditing organization, or a member thereof, given the task of protecting
privacy
A person who collects, manages, or utilizes biometric data
An individual who provides his or her biometric data for the purposes of personal identification
Collection of data organized according to a conceptual structure describing the characteristics of
those data and the relationship among their corresponding entities, supporting one or more
applications.
A client or server side device that includes biometric hardware and the associated software and that
processes human biometric data to complete all or part of the authentication of a person. NOTE 1
This forms the first part (or possibly all) of an ACBio BPU. NOTE 2 The BDC is issued to either the
A
signed
structure
(produced
by the
vendor
and authenticated
by a TBA)
storing the
client
sidedata
device
or to the
server side
device,
depending
on which does
the biometric
processing
parameters
and
operation
of
a
secure
part
of
a
biometric
device
NOTE
1
The
TBA authenticates
and comparison.
(after testing etc) that the device can be trusted to provide a given set of security levels in its
operation, related mainly to liveness testing and to its resistance to tampering. NOTE 2 A secure
part of a biometric device normally relates to memory that contains a certificate and performs a
capture or other biometric processing function, returning signed data and that cannot be later
modified in any way (read-only memory).
Digital signature function that performs a signature generation using private key on biometric
message.
Cryptographic encoding function that performs a cryptographic secure encoding and decoding using
public key on biometric message.
Concise representation of Information extracted from a biometric sample by applying a
mathematical transformation
A data structure used in a BC that contains a Biometric Template and metadata. NOTE This is
referred to in [ISO/IEC 19785-1] as a Patron Format.
A detailed specification containing a list of security levels that a biometric device or BPU can
support, and the parameters and actions used by the device or BPU for each level. NOTE
Examples are the dots per inch used for image capture, quality thresholds for acceptance or
rejection of an image, liveness testing to resist spoofing, thresholds applied to produce a
comparison score and the way in which fusion is performed in multi-modal operation. When the
client supports multiple biometric modalities, it needs to be determined which modality to use, and
how fusion is to be performed if multiple modalities are used. Biometric policy and associated
security levels are not standardised in X.1089.
A data structure containing the biometric policy of a biometric device or BPU that has been verified
by and is digitally signed and issued by a TBA. NOTE Verification means ensuring that the
biometric device or BPU has sufficient security mechanisms to ensure that it will reliably perform,
without danger of tampering, to the security levels specified in the security policy.
Automated recognition of individuals based on observation of behavioural and biological
characteristics.
One or more stored biometric samples, biometric templates, or biometric models attributed to a
subject and used for comparison
Information obtained from a biometric device, either directly or after further processing
A biometric sample or combination of biometric samples that is suitable for storage as a reference
for future comparison
Process of comparing a match template against reference based on a claimed identity (e.g. user ID,
account number)
1)a Automated recognition of individuals based on their behavioural and biological characteristics.
NOTE In some other disciplines the meaning of biometrics encompasses counting, measuring
and statistical analysis of any kind of data in the biological sciences including the relevant medical
sciences.
1)b
Automated recognition of individuals based on their behavioral and biological characteristics
2) Automated recognition of living persons based on observation of behavioural and biological

(anatomical and physiological) characteristics.
A biometric sample at any stage of processing, biometric reference, biometric feature, or biometric
property
A 1 m radius sphere surrounding a person. When associated with multimodal security and safety
measures, it is called the Personal Privacy Sphere, and may have human means to protect its
privacy and ensure its safety.
Runtime entity, identified by an endpoint IRI, capable of sending and receiving BIP messages, and
containing either a running generic BIP entity, or a running BIP-enabled framework with one
component registry, zero or one running BioAPI applications, and zero or more running BSPs.
Logical connection between two BIP endpoints, consisting of a mandatory request/response link
channel and an optional notification/acknowledgement link channel, in which one BIP endpoint plays
the role of master and the other plays the role of slave. NOTE At most one BIP link can exist
between any pair of BIP endpoints for either assignment of roles. If a BIP link has two link
channels, one of the two BIP endpoints will be the master endpoint in both link channels, and the
other one will be the slave endpoint in both. A BIP link cannot exist between a pair of BIP endpoints
if both are master-role-capable or both are slave-role-capable.
Message that can be sent from a BIP endpoint to another BIP endpoint through a link channel.
Augmented version of the BioAPI framework that is capable of creating, processing, sending, and
receiving BIP messages in close relationship with BioAPI function calls and callbacks NOTE Not
all implementations of the BIP-enabled framework are BioAPI frameworks fully conforming to
ISO/IEC 19784-1 (see the NOTE to 6.7).
A sequence of bits that forms the representation of coded pictures and associated data forming one
or more coded video sequences. Bitstream is a collective term used to refer either to a NAL unit
stream or a byte stream.
A system observed to produce output in response to input whose inner workings are not known.
An identifications list of persons or sources in communication services, where the identifications of
the list are denied to access particular communication resources.
A BEEP profile for cybersecurity information exchange techniques specifies the BEEP profile for use
within CYBEX. BEEP is a generic application protocol kernel for connection-oriented, asynchronous
interactions described in RFC 3080. At BEEP's core is a framing mechanism that permits
simultaneous and independent exchanges of messages between peers. All exchanges occur in the
context of a channel -- a binding to a well-defined aspect of the application, such as transport
security, user authentication, or data exchange. Each channel has an associated "profile" that
defines the syntax and semantics of the messages exchanged.
A personal online website with list of contents of owners personal interests that are uploaded to be
available for general public.
This element of service allows the originator of the message to provide the recipient with the means
by which the recipient can verify that particular body parts of the message have not been modified
and that their origin can be authenticated (i.e. a signature).
This element of service allows the originator to indicate to the recipient that a particular body part of
the IP-message being sent has been encrypted. Encryption can be used to prevent unauthorized
inspection or modification of the body part. This element of service can be used by the recipient to
determine that some body part(s) of the IP-message must be decrypted. The encrypted body part
may retain the body part type information, or may be sent in a messaging-system independent
format in which there is no information about the type of the information which has been encrypted.
a process performed in a secure context prior to the deployment of the sensor node to establish a
security association between the sensor nodes that may have been initialized with credentials,
enabling a sensor node to communicate securely with other sensor nodes after their deployment.
1) A special mobility functional entity, may be a home border element, a visited border element, or
other.
2) Network element providing functions connecting different security and administrative domains.
1) A shortened word for robot which is a program that operates as an agent for user or another
program to simulate a human activity.
2) An automated software program used to carry out specific tasks designed for malicious
purposes. It is interchangeable with a robot.
An individual responsible for controlling and maintaining a botnet.
Remotely controlled malicious software robots (bots) that are run autonomously or automatically on
compromised computers together with a command&control server owned by botmasters.
1) One-way transmission from one point to two or more other points.
2) A value of the service attribute "communication configuration", which denotes unidirectional
distribution
to all
users.
non-persistent
UUID
that is dynamically generated and assigned by a BIP-enabled framework to a
BSP that is available for loading into a given BIP endpoint (either the local one or a remote one),
and which unambiguously identifies both the BSP and (implicitly) the BIP endpoint. NOTE BSP
access UUIDs are meaningless outside the BIP endpoint in which they have been generated.
persistent UUID that has been assigned to a BSP software product by its vendor NOTE 1 The
BSP product UUID is expected to remain the same across multiple installations of the same BSP on
different systems. NOTE 2 A BSP product UUID can be generated and registered at
http://www.itu.int/ITU-T/asn1/uuid.html --
A buffer overflow is an anomalous condition where a process attempts to store data beyond the
boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory
locations. The overwritten data may include other buffers, variables and program flow data and may
cause a process to crash or produce incorrect results. A buffer overflow can be triggered by inputs
specifically designed to execute malicious code or to make the program operate in an unintended
way. As such, buffer overflows cause many software vulnerabilities and form the basis of many
exploits. Sufficient bounds checking by either programmer, compiler or runtime can prevent buffer
overflows.
Business continuity planning is the process to ensure that recovery of operations will be assured
should any unexpected or unwanted incident occur that is capable of negatively impacting the
continuity of essential business functions and supporting elements. The process should also ensure
that recovery is achieved in the required priorities and timescales, and subsequently all business
functions and supporting elements will be recovered back to normal. The key elements of this
process need to ensure that the necessary plans and facilities are put in place, and tested, and that
they encompass information, business processes, information systems and services, voice and data
communications, people and physical facilities.
A Business Management System is a Business Management Layer [M.3010] operations system
A business relationship between businesses and consumers where the service providers provide
valuable and useful services to the consumers and the consumers use them.
A certificate for one CA issued by another CA.
A functional element that provides security management and translation functions between the HFC
and the Home.
A copy of an entry (or part of an entry) whose consistency with its corresponding entry is maintained
by means outside the scope of this Directory Specification .
The process of creating cache copies. This process is outside the scope of this Directory
Specification .
A logical association between several users (this could be connection-oriented or connectionless).
The part of the CMS that maintains the communication state, and controls the line side of the
communication.
(in VoIP spam score) the ratio of the number of blocked calls to the number of all attempted calls.
1) is to deliver packets to the destined Mobile Terminals (MTs) and paging is used to search the
MTs in dormant mode.
2) The process by which calls directed to the cellular subscriber are delivered to the subscriber
while roaming in a visited system.
Method by which a call is delivered to a subscriber in MSC-V.
The process of requesting the release of a connection between two or more network addresses.
(in VoIP spam score) the ratio of the number of suspicious calls to the number of all attempting calls
where a suspicious call is a call whose time duration is shorter than a certain value. For example,
the call duration of suspicious call would be below 30 seconds because spammers generally make
a call within 30 seconds.
Controls the audio connections. Also called a Call Agent in MGCP/SGCP terminology. This is one
example of an Application Server.
(in VoIP spam score) the ratio of the number of recipients to the number of all attempted calls.
The process of relinquishing the facilities and circuits used for a call.
1) Unwanted, automatically dialed and pre-recorded VoIP phone calls.
2) any commercial message sent via VoIP, a potential venue for large volumes of unsolicited calls
due to the wide array of tools already available to spammers on the Internet. After call
establishment, the spammer sends call spam created by an automatic tool to unspecified recipients.
The process of connecting a subscriber to an incoming call
Characterization of any stimulus that can be detected by thermo sensors (cold receptors and warm
receptors) in the human skin and mucous surfaces and any kind of heat transfer into the human
body. NOTE 1 The term CALORIN is used both as an adjective applied to a stimulus, but more
commonly as a noun referring to a CALORIN stimulus. NOTE 2 CALORIN is a derived
modality. NOTE 3 Heat transfer into the human body can occur by conduction of hot surfaces, by
convection of air above skin temperature, by radiation from the sun, heat bulbs, thermo cameras etc
and by micro-wave radiation.
Characterization of any kind of heat transfer from the human body. NOTE 1 The term
CALOROUT is used both as an adjective applied to a specific output, but more commonly as a
noun referring to a CALOROUT specific output. NOTE 2 CALOROUT is a derived modality.
NOTE 3 Heat transfer from the human body can occur by conduction to cold surfaces, by
convection of air below skin temperature, by infra-red radiation to a cold environment and by
evaporation.
A manager can request the agent to cancel a trouble report. The manager wants to abort this
trouble report (either because it was entered in error or because there is no longer any trouble
condition). Under certain conditions (e.g. the trouble has not been dispatched or tested), the agent
will cancel the trouble report by updating its status to closed-out by customer request.
Cancelling a trouble report may also have business ramifications beyond the scope of X.790 (e.g.
whether the customer must pay for the trouble report).
An access point or network being evaluated as a possible new point of attachment (new serving
access network) after handover.
An algorithm that takes as input an XML infoset (see W3C XML Information Set) or an XPath node
set (see W3C XPath) and generates, as output, a canonical fast infoset document.
A fast infoset document generated by a canonical Fast Infoset algorithm.
An algorithm that takes as input an XML infoset, a well-formed XML document or an XPath node
set, and generates, as output, a well-formed XML document in canonical form. NOTE Canonical
XML algorithms are currently specified by W3C Canonical XML and W3C Exclusive Canonical XML.
A well-formed XML document generated by a canonical XML algorithm.
1) A token used as an identifier for a resource such that possession of the token confers access
rights for the resource.
2) Security tool, database, Web site, advisory, or service that provides a security vulnerability or
exposure identification function.
3) An assessment tool, Integrated Development Environment (IDE), code review tool, code
checking compiler, database, Web site, advisory, or service that provides information about
implementation, design, or architecture-level weaknesses that can lead to an exploitable security
vulnerability in software.
Captions provide a real-time on-screen transcript of the dialogue as well as any sound effects. Note:
This service can be provided by means of either textual or graphical supplementary content. The
captions and the dialogue are usually in the same language. The service is primarily to assist users
having difficulty hearing the sound. Ideally, users may have some control over the position and size
of the presentation. Different speakers are distinguished, usually by different colours.
The numeric relationship between occurrences of the entities on either end of the relationship line.
Cipher-block chaining mode is an option in block ciphers that combine (XOR) the previous block of
ciphertext with the current block of plaintext before encrypting that block of the message.
Radio network object that can be uniquely identified by a user equipment from a (cell) identification
that is broadcasted over a geographical area from one UTRAN or GERAN access point. A Cell in
UTRAN is either FDD or TDD mode.
The physical location of a cell's radio equipment and supporting systems. This term is also used to
refer to the equipment located at the cell site.
1) A set of security-relevant data issued by a security authority or a trusted third party, that,
together with security information is used to provide the integrity and data origin authentication
services for the data.
2) The shorter term "certificate" is also used (in this document) to denote "public key certificate
3) See public key certificate
4) A set of security-relevant data issued by a security authority or trusted third party, together with
security information which is used to provide the integrity and data origin authentication services for
the data (security certificate -- X.810). In H.235 the term refers to "public key" certificates which are
values that represent an owners public key (and other optional information) as verified and signed
by a trusted authority in an unforgeable format.
All services needed for the maintenance of the lifecycle of certificates, including registration,
certification, distribution, and revocation of certificates.
1) A named set of rules that indicates the applicability of a certificate to a particular community
and/or class of application with common security requirements. For example, a particular certificate
policy might indicate applicability of a type of certificate to the authentication of electronic data
interchange transactions for the trading of goods within a given price range.
(e.g., an X.500 Directory) hold user certificates and Certificate Revocation Lists (CRLs). They are
trusted to make that information accessible but are not responsible for the content or accuracy of
the information they receive from the CAs or the RAs.
A database in which the certificates, CRL and other PKI-related Information are stored and which is
accessible online.
1) A signed list indicating a set of certificates that are no longer considered valid by the certificate
issuer. In addition to the generic term CRL, some specific CRL types are defined for CRLs that
cover particular scopes.
2) A CRL includes the serial numbers of certificates that have been revoked (for example,
because the key has been compromised or because the subject is no longer with the company) and
whose validity period has not yet expired.
An integer value, unique within the issuing authority, which is unambiguously associated with a
certificate issued by that authority.
An entity that needs to know, with certainty, the public key of another entity.
The process of ensuring that a certificate was valid at a given time, including possibly the
construction and processing of a certification path, and ensuring that all certificates in that path were
valid (i.e. were not expired or revoked) at that given time.
An implementation of those functions defined in this Directory Specification that are used by a
certificate-user.
The procedure by which an independent party gives assurance that a product, process or service
conforms to specified requirements. The certification process consists mainly of a document review
and a technical evaluation by an impartial certification body. Such a conformity certification of a TTP
will give assurance that the security claimed by a TTP is in fact provided. Entities using TTP
services therefore can use such security TTP conformance certifications as a basis for determining
the level of trust they can place on a TTP.
when used in the context of electronic signature, certify public verification keys by issuing
"Certificates".
1) An authority trusted by one or more users to create and assign public-key certificates.
Optionally the certification authority may create the users keys.
2) An entity that is trusted (in the context of a security policy) to create security certificates
containing one or more classes of security-relevant data.
3)
(In the TMN environment) An Authority (the CA) produces public key certificates for all the
TMN entities that need to have secure communications, as well as for any external entities that
need to communicate securely with TMN entities. A CA also issues certificates to CAs outside the
TMN. The CA issues Certificate Revocation Lists (CRLs) as necessary. The term CA is also used to
refer to an organization (rather than a device) that issues certificates as a service, usually for a fee.
4) A trusted organization that accepts certificate applications from entities, authenticates

applications, issues certificates and maintains status information about certificates.
A revocation list containing a list of public-key certificates issued to certification authorities, that are
no longer considered valid by the certificate issuer.
An ordered sequence of public key certificates of objects in the DIT which, together with the public
key of the initial object in the path, can be processed to obtain that of the final object in the path.
1)
A statement of the practices that a Certification Authority employs in issuing certificates.
The service of creating and assigning certificates performed by a CA and described in X.509
Certified credential is the credential that is authorized by TTP.
A time variant parameter generated by a verifier.
A method of protecting against replay attack. For example, if entity A wants to obtain a new
message from entity B, it can first send a challenge in the form of a nonce (e.g. a cryptographic
value that is used only once) to B. A then receives a response from B, based on the nonce that
proves B was the intended recipient.
Element to allow the credentials of an MTS-user or an MTA to be updated. The security element is
provided by the MTS Change Credentials service.
Service to enable one entity in the MHS to change the credentials concerning it held by another
entity in the MHS. It may be provided using the Change Credentials security element.
1) An information transfer path
2) (In the context of IPTV architecture) Content formatted as a selectable set of data and
transported as part of a data stream.
The act of changing from one channel to another.
The attacker hijacks the session established between the supplicant and the authentication server.
A function whereby information related to a chargeable event is formatted and transferred in order to
make it possible to determine usage for which the charged party may be billed.
Characterization of any stimulus that can be detected by, affects or is likely to affect, the human
sense of taste or smell or to damage these chemo senses.NOTE 1 The term CHEMOIN is used
both as an adjective applied to a stimulus, but more commonly as a noun referring to a CHEMOIN
stimulus. NOTE 2 CHEMOIN includes quantities and units related to the ability of the human
body to smell or taste chemical substances, including both descriptions of tastes and smells (for
example of food and wine) and the lethality of specific chemicals.
Characterization of any chemical emission from the human body that can be detected by the
chemical sensing organs of a human being or by a sensor (including but not limited to the use of
sniffer dogs, sniffer wasps and olfactory chips as sensors). NOTE The term CHEMOOUT is used
both as an adjective applied to a specific output, but more commonly as a noun referring to a
CHEMOOUT specific output.
1) A cryptographic algorithm, a mathematical transform.
2)a An algorithm that transforms data between plaintext and ciphertext.
2)b An algorithm that transforms data between plaintext and ciphertext.
A code used in conjunction with a security algorithm to encode and decode user and/or signalling
data.
1)a A set which must contain both an encryption algorithm and a message authentication
algorithm (e.g. a MAC or an HMAC). In general, it may also contain a key management algorithm,
which does not apply in the context of IPCablecom.
1)b A set which must contain both an encryption algorithm and a message authentication
algorithm (e.g., a MAC or an HMAC). In general, it may also contain a key management algorithm,
which does not apply in the context of IPCablecom.
Data produced through the use of encipherment. The semantic content of the resulting data is not
available. Note - Ciphertext may itself be input to encipherment, such that super-enciphered output
is produced.
A set of criteria established for joining organizations within a federation for the purposes of trusted
access to each other's resources. Note that a circle of trust is also the end result of joining
organizations within a federation.
To state as being the case, without being able to give proof. Note - The terms assertion and claim
are agreed to be very similar.
Information used by a claimant to generate exchange AI needed to authenticate a principal.
1) Entity which is or represents a principal for the purposes of authentication. A claimant includes
the functions necessary for engaging in authentication exchanges on behalf of a principal..
2) The human being seeking a biometric verification of his/her identity in order to claim privileges
or authorization for an interaction with an SP
Initiator-bound ACI that can be compared with security labels of targets.
A service used for the exchange and management of information.
An assertion by an agent that actions which are identified in the trouble report or the repair activity
object instances have been satisfactorily performed to resolve the trouble, or that such actions are
no longer necessary, such that in either case the trouble report is a candidate for closure.
Intelligible data, the semantic content of which is available.
1) A device which requests services from another Device.
2)a Client terminal provides a biometric function for telecommunication service applications
2)b Client terminal provides a biometric function for telecommunication service applications
3) User of a service provided by a system or a network.
4) Private individual or corporate entity that has signed a contractual agreement on the use of
telecommunication services and the system of mobile commerce.
5) Entity that provides a biometric authentication service using a one-time telebiometric template
on a user side in telecommunication environments
Client authentication models a situation in which the server wants to verify the clients identity. The
client responds by sending his/her credentials such as digital certificate, shared secret or password.
Same as PVR except that the recording device is located at the end-user's premises.
A trouble report is considered closed-out when the agent determines that the reported trouble has
either been cleared or no longer exists, and the agent updates the trouble report status to indicate
the trouble report isclosed-out. Only an agent can change the trouble report status to closedOut.
The status of a trouble report might change to closedOutByCustReq as a result of a request to
cancel the trouble report from the manager.
A group with a predefined set of members. Only defined members may participate in a closed
group.
An assertion by an Agent that the trouble is resolved such that the cleared trouble report may only
be processed further to generate a trouble history record and/or be deleted.
Provides information regarding a visited/serving network's authentication capabilities; for example
used in re-authentication during an OTASP session.
Installation of telecommunications facilities on the premises of other telecommunications carriers
Levels (above or below) which a stimulus is known to cause discomfort for most human beings.
A host that allows botmaster to control indirectly a sub-group or a group of bots in the botnet to
forward an attack instruction to launch attacks.
CAPEC is a specification method for the identification, description, and enumeration of attack
patterns. Attack patterns are a powerful mechanism to capture and communicate the attackers
perspective. They are descriptions of common methods for exploiting software. They derive from the
concept of design patterns applied in a destructive rather than constructive context and are
generated from in-depth analysis of specific real-world exploit examples. The objective of CAPEC is
to provide a publicly available catalog of attack patterns along with a comprehensive XML schema
and classification taxonomy.
Data elements and BIR formats specified in ISO/IEC 19785-1.

Common configuration enumeration provides unique identifiers to system configuration issues in
order to facilitate fast and accurate correlation of configuration data across multiple information
sources and tools. For example, CCE Identifiers can be used to associate checks in configuration
assessment tools with statements in configuration best-practice documents.
Common event expression standardizes the way computer events are described, logged, and
exchanged. By using CEEs common language and syntax, enterprise-wide log management,
correlation, aggregation, auditing, and incident handling can be performed more efficiently and
produce better results. The primary goal of the effort is to standardize the representation and
exchange of logs from electronic systems. CEE breaks the recording and exchanging of logs into
four components: the event taxonomy, log syntax, log transport, and logging recommendations.
Common platform enumeration (CPE) is a standardized method to identify and describe the
software systems and hardware devices present in an enterprises computing asset inventory. CPE
provides: a naming specification, including the logical structure of well-formed CPE names and the
procedures for binding and unbinding these names with machine-readable encodings; a matching
specification, which defines procedures for comparing CPE names to determine whether they refer
to some or all of the same products or platforms; and a dictionary specification, which defines the
concept of a dictionary of identifiers and prescribes high-level rules for dictionary curators.
Common vulnerabilities and exposures is a method for identifying and exchanging information
security vulnerabilities and exposures, and provides common identifiers for publicly known
problems. The goal of CVE is to make it easier to share data across separate vulnerability
capabilities (tools, repositories, and services) with this "common enumeration." CVE is designed to
allow vulnerability databases and other resources to be linked together, and to facilitate the
comparison of security tools and services. As such, CVE does not contain information such as risk,
impact, fix information, or detailed technical information. CVE only contains the standard identifier
number with status indicator, a brief description, and references to related vulnerability reports and
advisories. The intention of CVE is to be comprehensive with respect to all publicly known
vulnerabilities and exposures. While CVE is designed to contain mature information, the primary
focus is on identifying vulnerabilities and exposures that are detected by security tools, as well as
identifying any new problems that become public, and then addressing any older security problems
that
validation.
The require
common
vulnerability scoring system process provides for an open framework for
communicating the characteristics and impacts of ICT vulnerabilities. CVSS consists of three
groups: Base, temporal and environmental. Each group produces a numeric score ranging from 0 to
10, and a vector, a compressed textual representation that reflects the values used to derive the
score. The base group represents the intrinsic qualities of a vulnerability. The Temporal group
reflects the characteristics of a vulnerability that change over time. The environmental group
represents the characteristics of a vulnerability that are unique to the environment of the user. CVSS
enables ICT managers, vulnerability bulletin providers, security vendors, application vendors and
researchers to all benefit by adopting a common language of scoring ICT vulnerabilities.
Common weakness enumeration is a process for identifying and exchanging unified, measurable
sets of software weaknesses. CWE enables more effective discussion, description, selection, and
use of software security tools and services that can find these weaknesses in source code and
operational systems. It also provides for better understanding and management of software
weaknesses related to architecture and design. CWE implementations are compiled and updated by
a diverse, international group of experts from business, academia and government agencies,
ensuring breadth and depth of content. CWE provides standardized terminology, allows service
providers to inform users of specific potential weaknesses and proposed resolutions, and allows
software buyers to compare similar products offered by multiple vendors.
The common weakness scoring system provides for an open framework for communicating the
characteristics and impacts of software weakness.
The conveyance of information between two or more objects as a result of one or more interactions,
possibly involving some intermediate objects. NOTEs Every interaction is an instance of a
communication. Any communication can be seen as an interaction by abstracting away intermediate
objects involved in the communication. Any communication (and, hence, any interaction) can be
provided by a wide range of technologies such as remote invocation, message transfer, etc.
Building where facilities for providing telecommunications business are sited.
ensures that information flows only between the authorized end points, that the information is not
diverted or intercepted as it flows between these end points.
1) The relation between two specifications, A and B, that holds when specification A makes
requirements which are all fulfilled by specification B (when B complies with A).
2) Requirements for the necessary consistency of one member of the family of ODP standards
with another (such as the RM-ODP) are established during the standardization process. Adherence
to these requirements is called compliance. If a specification is compliant, directly or indirectly, with
some other standards, then the propositions which are true in those standards are also true in a
conformant implementation of the specification.
Telecommunication organizations need to ensure that they are compliant with the laws and
regulations that apply in the jurisdictions in which they are operating and providing services. This
should include those laws and regulations that particularly apply to information security and the
telecommunication organizations.
A single homogeneous network, which, by itself, may not provide a single end-to-end global
telecommunication infrastructure.
The compound rule is composed of two or more simple rules.
Evidence that was, at one time, satisfactory but which no longer has the confidence of the Trusted
Third Party or adjudicator.
1) An expression of predicates. A function that evaluates to "True", "False" or "Indeterminate".
2) This is an expression of a condition type; its values are used to specify a constraint within a
policy rule. A given condition can be negated using the NOT operator.
1) The function served by a conditional access system; often used as an abbreviation for
conditional access system.
2) The conditional granting of access to cable services and content based upon what service
suite has been purchased by the customer.
An image of conditional access client software code downloaded onto the CRS CAM.
A cryptographic functional module which is located in set-top box with the main function of
entitlement validation, key management, and authentication. Set-top box can have one chip of
secure hardware that includes the functions of CAM and descrambler, or physically separated CAM
in the form of a secure hardware IC or smart-card. The form of CAM can be determined by the
policy of MSO or CAS vendor.
1) The complete system for ensuring that cable services are accessible only to those who are
entitled to receive them, and that the ordering of such services is not subject to modification or
repudiation.
2) A component of a service and content protection system, the purpose of which is to prevent
unauthorized (unentitled) access to a service or to content.
An entity that is trusted in the context of a security policy, but which cannot violate the security policy
without being detected.
A number of nodes that are joined together and that are capable of exchanging audiographic and
audiovisual Information across various telecommunication networks. (T.124)
1) The property that information is not made available or disclosed to unauthorized individuals,
entities, or processes.
2) The property that prevents disclosure of information to unauthorized individuals, entities, or
processes
3)a A way to ensure that information is not disclosed to any one other then the intended parties.
Information is encrypted to provide confidentiality. Also known as privacy.
3)b A way to ensure that information is not disclosed to any one, other than the intended parties.
Information is encrypted to provide confidentiality. Also known as privacy.
4) A security principle that works to ensure that information is not disclosed to unauthorized
subjects.
5)a Ensuring that information is accessible only to those authorized to have access. EMSEC is a
risk to lose this confidentiality. In this Rec. (K.87), if the equipment cannot be mitigated itself, the
emission values of existing electromagnetic compatibility (EMC) requirement show the level of this
confidentiality. The detail is described in Appendix II of Rec. K.84.
5)b Ensuring that information is accessible only to those authorized to have access. EMSEC is a
risk to lose this confidentiality. In this Rec., if the equipment cannot be mitigated itself, the emission
values of existing electromagnetic compatibility (EMC) requirement show the level of this
confidentiality. The detail is described in Appendix II./K.84
6) The avoidance of disclosure of information without the permission of its owner.
This function provides the necessary information (keys or other parameters to calculate the keys)
required for the physical radio channel ciphering and deciphering. Due to the fact that an operator
may not wish to disclose the security algorithms used to other operators, the confidentiality control
should be regarded as a centralised function. The confidentiality control is closely related to the
authentication mechanisms.
The confidentiality function prevents the unauthorized disclosure of information. The confidentiality
function includes the functions hide and reveal. In the context of confidentiality, objects fulfil either or
both of the following roles: confidentiality-protected information originator; confidentiality-protected
information recipient. Confidentiality-protected information is passed from originator to recipient. A
confidentiality-protected information originator supports an interface providing the hide function. A
confidentiality-protected information recipient supports an interface providing the reveal function.
The confidentiality function may use the key management function..
The confidentiality service provides protection against unauthorized disclosure of exchanged data.
The following kinds of confidentiality services are distinguished: selective field confidentiality;
connection confidentiality; data flow confidentiality.
Data within a confidentiality-protected-environment. Note - A confidentiality-protected environment
may also protect some (or all) of the attributes of the confidentiality-protected data.
An environment which prevents unauthorized information disclosure either by preventing
unauthorized data inspection or by preventing unauthorized derivation of sensitive information
through data inspection. Sensitive information may include some or all of the data attributes (e.g.
value, size, or existence).
Information all of whose concrete encodings (i.e. data) are confidentiality protected.
The confidentiality attack is to violate any private conversion or communication that is carried out in
communication line. In the Internet, there are still many cases that confidential information is
transmitted in clear form. Any credential that is obtained through this attack can be reused for
further attacks.
A security configuration item is a specific security configuration requirement of a specific class of
assets, which includes the description of the requirement, the reference method for the
implementation of the requirement, and the conditions to check whether the requirement be
complied or not.
accumulates configuration information on products and services. It includes naming, taxonomy and
enumeration of known configurations of products and services. Regarding service configuration, it
also contains guidelines on service usages. CCE can be utilized to enumerate common
configurations of products.
A group of configuration items suitable for a special class of asset.
1) The relation between a specification and a real implementation, such as an example of a
product. It holds when specific requirements in the specification (the conformance requirements) are
met by the implementation.
2) Conformance relates an implementation to a standard. Any proposition that is true in the

specification must be true in its implementation.
The process through which the relation between a specification and a real implementation is
determined. Conformance assessment is the determination of the relationships either by testing
(conformance) or by specification checking (compliance, refinement verification, consistency
checking and internal consistency checking).Conformance of a real implementation is not always
assessed against the lowest level (i.e. implementation) specification in a products development
process. It is possible for a higher level specification to be used (for example, the one whose
refinement resulted in the implementation specification).
A conformance statement is a statement that identifies conformance points of a specification and
the behaviour which must be satisfied at these points. Conformance statements will only occur in
standards which are intended to constrain some feature of a real implementation, so that there
exists, in principle, the possibility of testing.
A real open system which supports the interoperable interface defined in X.790.
A sequence of predicates combined using the logical 'AND' operation.
A communication channel between two or more end-points (e.g., terminal, server, etc.).
A security service to provide confidentiality of all (N)-user-data on an (N)-connection.
Service not provided by the MHS, however, data for the invocation of such a security service in
underlying layers may be provided as a result of using the Authentication Exchange security
element to provide the Peer Entity Authentication security service.
Service not provided by the MHS, however, data for the invocation of such a security service in
underlying layers may be provided as a result of using the Authentication Exchange security
element to provide the Peer Entity Authentication security service.
A security service to provide the integrity of all (N)-user-data on an (N)-connection and to detect any
modification, insertion, deletion or replay of any data within an entire SDU sequence (with recovery
attempted).
A security service to provide the integrity of all (N)-user-data on an (N)-connection and to detect any
modification, insertion, deletion or replay of any data within an entire SDU sequence (with no
recovery attempted).
A security service to provide confidentiality of all (N)-user-data in a single connectionless (N)-SDU.
In a connectionless bearer, no connection is established beforehand between the source and the
destination entities; the source and destination network addresses need to be specified in each
message. Transferred information cannot be guaranteed of ordered delivery. Connectionless bearer
services lifetime is reduced to the transport of one message.
A security service provided by the (N)-layer to provide integrity assurance to the requesting (N + 1)entity, i.e. to provide the integrity of a single connectionless SDU and may take the form of
determination of whether a received SDU has been modified. Additionally, a limited form of
detection of replay may be provided.
A service, which allows the transfer of information among service users without the need for end-toend call establishment procedures.
Provision of opt-in or opt-out agreement for a data controller to collect, transfer, use, store, archive,
or dispose (of) particular PII, meaning individual, limited agreement.
The relation between two specifications that holds when it is possible for at least one example of a
product to exist that can conform to both of the specifications.
The access point of the shadow consumer .
A person who can provide additional information about the trouble on behalf of the manager or the
agent.
Information created by individuals, institutions and technology to benefit audiences in contexts that
they value. The contents are exchanged over the P2P networks.
The content and metadata sources include content protection rights sources, content sources and
metadata sources for the IPTV services.
1) Prevents the unauthorized disclosure of the content of a message to a party other than the
intended recipient.
2) This element of service allows the originator of a message to protect the content of the
message from disclosure to recipients other than the intended recipient(s). Content Confidentiality is
on a per-message basis, and can use either an asymmetric or a symmetric encryption technique.
Element to provide assurance that the content of the message is protected from eavesdropping
during transmission by use of an encipherment security element. The security element operates
such that only the recipient and sender of the message know the plaintext message content. The
specification of the encipherment algorithm, the key used, and any other initialising data are
conveyed using the Message Argument Confidentiality and the Message Argument Integrity security
elements. The algorithm and key are then used to encipher or decipher the message contents. The
Content Confidentiality security element uses the Content Confidentiality Algorithm Identifier, which
is an argument of the Message Submission, Message Transfer, and Message Delivery services.
Service to provide assurance that the content of a message is only known to the sender and
recipient of a message by the combined use of the Content Confidentiality and the Message
Argument Confidentiality security elements, while the Message Argument security element can carry
the secret key used with the Content Confidentiality security element to encipher the message
content. Using these security elements the service is provided from MTS-user to MTS-user, with the
message content being unintelligible to MTAs.
Encryption of the content under the control of the content protection functional block.
Process of exporting securely the IPTV content from the IPTV terminal to another terminal owned
by the user entitled to use it.
1) Enables the recipient to verify that the original content of a message has not been modified.
2) This element of service allows the originator of the message to provide to the recipient of the
message a means by which the recipient can verify that the content of the message has not been
modified. Content Integrity is on a per-recipient basis, and can use either an asymmetric or a
symmetric encryption technique.
This argument is the result of the application of the cryptographic algorithms and key, sent in the
message envelope to the content of a message. The Content Integrity Check is an argument of the
Message Submission, Message Transfer, and Message Delivery services.
Element to provide protection for the content of a message against modification during
transmission. This security element operates by use of one or more cryptographic algorithms. The
specification of the algorithm(s), the key(s) used, and any other initialising data are conveyed using
the Message Argument Confidentiality and the Message Argument Integrity security elements. The
result of the application of the algorithms and key is the Content Integrity Check, which is sent in the
message envelope. The security element is only available to the recipient(s) of the message as it
operates on the plaintext message contents. If the Content Integrity Check is protected using the
Message Argument Integrity security element then, depending on the prevailing security policy, it
may be used to help provide the Non-repudiation of Origin security service.
Service to provide for the integrity of the contents of a single message in the form of enabling the
determination of whether the message content has been modified. This security service does not
enable the detection of message replay, which is provided by the Message Sequence Integrity
security service. The Content Integrity security service can be provided in different ways. The
Content Integrity security element together with the Message Argument Integrity security element
and, in some cases, the Message Argument Confidentiality security element can be used to provide
the security service to a message recipient, where the Content Integrity security element is used to
compute a Content Integrity Check as a function of the entire message content. A secret key, if
required, can be confidentially sent to the message recipient using the Message Argument
Confidentiality security element. The Content Integrity Check is protected against change using the
Message Argument Integrity security element. The integrity of any confidential message arguments
is provided using the Message Argument Confidentiality security element. The Message Origin
Authentication
securitythe
element
can stream(s).
also be used to provide this security service.
A key used to protect
IPTV data
Content packaging is the selection and combination of multiple items of content into a single item of
content for delivery.
The content pre-processing functional block may perform inter alia the following functions:
Transcoding; Content packaging; Content encryption; Content tracing.
1) Ensuring that an end user can only use the content that he/she already acquired in accordance
with the rights granted to him/her by the rights holder; content protection involves protecting
contents from illegal copying and distribution, interception, tampering, unauthorized use, etc.
2) Ensuring that end-users can only use the content they have already acquired in accordance
with the rights that they have been granted by the rights holder.
The content protection client functional block performs integrity checking, usage rights verification,
content decryption and content tracing.
The content protection functional block controls the protection of the content and is responsible for
the management of the content rights and the keys used to encrypt and decrypt the content. It
acquires the content rights (or content license, originated from the content provider) indication from
the content preparation functions, generates and distributes this security information (rights object or
keys) to the SCP client functions. It can optionally provide keys for content encryption. For example,
when it receives a request for security information from IPTV terminal functions, it interacts with the
application profile functional block for user-related security subscription information (e.g., time
limited, whether fast forward/fast rewind are allowed), generates the rights object and delivers it to
the IPTV terminal functions. It also provides keys for service and content protection to IPTV
application functions, which then deliver the keys to relevant functions, e.g., IPTV terminal functions
and the content encryption function.
Content protection metadata defines the usage rules and rights for protected IPTV content.
The entity that owns or is licensed to sell content or content assets.
A continuous portion of a piece of content, for example, a single topic in a news programme.
1) Process that enables the identification of the (arbitrary) origin of content and/or responsible
party (e.g., end user) to facilitate the subsequent investigation in case of unauthorized use of
content, e.g., content copying or redistribution. NOTE Content-tracing information may be
attached to content as either metadata or forensic watermark.
2) A process to enable the identification of the (arbitrary) origin of content, and/or the responsible
party (e.g., the end-user), to facilitate subsequent investigation in the event of unauthorized content
copying or distribution. Note: Content tracing information may be attached to content either as
metadata, or as a forensic watermark.
1)a In the context of message handling, an identifier, on a message envelope, that identifies the
type (i.e. syntax and semantics) of the message content. This identifier enables the MTS to
determine the messages deliverability to particular users, and enables UAs and MSs to interpret
and process the content.
1)b In the context of message handling, an identifier, on a message envelope, that identifies the
type (i.e. syntax and semantics) of the message content. This identifier enables the MTS to
determine the messages deliverability to particular users, and enables UAs and MSs to interpret
and process the content.
2) An argument of the Message Submission, Message Transfer, and Message Delivery services
and means that the content is itself a message (envelope and content). When delivered to the
recipient named on the outer envelope, the outer envelope is removed and the content is
deciphered, if needed, resulting in an Inner Envelope and its content. The information contained in
the Inner Envelope is used to transfer the content of the Inner Envelope to the recipients named on
the Inner Envelope.
1) The canonical representation of a decision request and an authorization decision.
2) An environment with defined boundary conditions in which entities exist and interact.
A capability to determine or influence a next action in telecommunication or process by referring to
the status of relevant entities, which form a coherent environment as a context.
The system entity that converts decision requests in the native request format to the XACML
canonical form and converts authorization decisions in the XACML canonical form to the native
response format.
In a context-relative naming scheme, multiple naming contexts can apply to entities in different
administrative domains of the ODP system, but these naming contexts can be related to one
another, so that it is possible to refer from one naming context to an entity in another naming
context. In order to achieve this, in addition to associating a name with an entity, a naming action
can also associate a name with another naming context. Since a naming context is something of
interest, it is an entity and can be named. Any large distributed system is likely to comprise a
number of administrative and technology domains. As a result, it is likely that the system also
comprises a number of naming contexts, each relating to a name space and a set of target entities.
At any given time, not all of the names from the name space, and not all of the entities from the set
of target entities will be involved in a naming context. Where a number of naming contexts exist, it
may at times be necessary for an entity in one naming context to name an entity in some other
naming context. Denoting an entity in another naming context requires a name for the entity, and the
identification
of theornaming
in which
to request
the entity.
To support
such of day).
Information about
derivedcontext
from the
contextthe
in name
which resolves
an access
is made
(e.g. time
A logical channel that carries system control information.
the route between one entity and TTP to control the secure data communication path.
The set of functions that controls the operation of entities in the stratum or layer under
consideration, plus the functions required to support this control.
is concerned with protection of the activities that enable the efficient delivery of information, services
and applications across the network. It typically involves machine-to-machine communications of
information that allows the machines (e.g., switches or routers) to determine how best to route or
switch traffic across the underlying transport network. This type of information is sometimes referred
to as control or signalling information. The network carrying these types of messages may be inband or out-of-band with respect to the service provider's user traffic. For example, IP networks
carry their control information in-band, whereas the PSTN carries its control information in a
separate out-of-band signalling network (the SS7 network). Example traffic of this type includes
routing protocols, DNS, SIP, SS7, Megaco/H.248, etc.
The value which is used to scramble and descramble transport streams, and it is refreshed
frequently during the service operation to enhance security.
The mobile station MS controlled by the CRS system. A controlled object may be a single MS or a
group of MSs.
1)a In the context of message handling, a transmittal event in which an MTA transforms parts of a
messages content from one encoded information type to another, or alters a probe so it appears
that the described messages were so modified. This event increases the likelihood that an
information object can be delivered or affirmed by tailoring it to its immediate recipients.
Distinguished conversion are: explicit conversion and implicit conversion
1)b In the context of message handling, a transmittal event in which an MTA transforms parts of a
messages content from one encoded information type to another, or alters a probe so it appears
that the described messages were so modified. This event increases the likelihood that an
information object can be delivered or affirmed by tailoring it to its immediate recipients.
Distinguished conversion are: explicit conversion and implicit conversion
This element of service enables an originating UA to instruct the MTS that implicit encoded
information type conversion(s) shall not be performed for a particular submitted message.
This element of service enables an originating UA to instruct the MTS that encoded information type
conversion(s) shall not be performed for a particular submitted message if such conversion(s) would
result in loss of information. Loss of information is discussed in detail in X.408. Should this and the
Conversion Prohibition Element of Service both be selected, the latter shall take precedence. NOTE
This element of service will not protect against possible loss of information in certain cases where
the recipient is using an I/O device whose capabilities are unknown to the MTA.
1) The time scale maintained by the Bureau International de l'Heure (International Time Bureau)
that forms the basis of a coordinated dissemination of standard frequencies and time signals. Note
1 - The source of this definition is Rec. 460-2 of the Consultative Committee on International Radio
(CCIR). CCIR has also defined the acronym for Coordinated Universal Time as UTC. Note 2 - UTC
and Greenwich Mean Time are two alternative time standards which for most practical purposes
determine the same time.
2) The time reference that is assumed to be universally correct. UTC was adopted by CCIR
Recommendation 470 and described in CCIR Report 517. This is not the ASN.1 representation of
generalized time.
the role which coordinates with the other roles and addresses potential threats based on known
incident-related information. It provides warnings to other organizations and sometimes leads the
collaborative mitigation to handle devastating and large-scale attacks such as DDoS attacks. The
CERT Coordination Center (CERT/CC), be it either commercial or non-commercial, is a typical
instance.
An instance of ASF which identifies and blocks IP multimedia spam. It also has the capabilities to
manage anti-spam policies and to control RASF and SASF.
An architectural term relating to the part of a 3G system, which is independent of the connection
technology of the terminal (e.g., radio, wired).
Operator that offers core network services.
A private network that supports multiple users and may be in multiple locations (e.g., an enterprise,
a campus).
A clock where the absolute value of the error is less than its maximum error.
A mechanism that enables mobile terminals or devices and the network to cooperate together
against potential security threats, such as viruses, worms, Trojan-Horses, user misbehaviour and
other network attacks.
An application layer protocol for CRS message encapsulation and transport between the SCA and
the SCS.
During the process for countering spam, two IGCSs work together to identify and block spam, thus,
one IGCS is a countering spam peer to another.
The protocol is defined to exchange spam alert messages and blacklists between countering spam
gateways.
accumulates information on countermeasures to cybersecurity risks. It is provided by the researcher
and product & service developer, and is then organized and classified by the registrar. The
knowledge base contains assessment and detection/protection knowledge bases.
Digital signature appended to a data unit which has already been signed by a different entity (e.g. a
TTP).
Area over which a 3G system service is provided with the service probability above a certain
threshold.
An area where mobile cellular services are provided by that mobile cellular system to the level
required of that system.
1) A set of data presented as evidence of a claimed identity and/or entitlements.
2) An identifiable object that can be used to authenticate the claimant is what it claims to be and
to authorize the claimants access rights.
3) A credential [such as HMACZZ(GKID) or HMACZZ(W)] is understood as some piece of data to
which the AuF cryptographically has applied its shared secret ZZ that it shares with the mobile user.
The credential is transferred to prove authorization and timeliness in the authorization check.
Credential mapping service is a TTP service that translates an entitys credential for one security
domain to the entitys credential for another security domain.
1) Data that is transferred to establish the claimed identity of an entity.
2) Data that is transferred to establish a claimed principal identity
3) A set of security related information comprising keys, keying materials and cryptographic
algorithm-related parameters that can be used to establish the identity of an entity, or help that entity
communicate securely.
4) Set of security-related information consisting of keys, keying materials, and cryptographic
algorithm-related parameters permitting successful interaction with a security system.
A crisis is a state caused by an event, or the knowledge of a forthcoming event, that may cause
severe negative consequences. During a crisis, one may, in best cases, have the possibility of
taking measures to prevent the crisis from becoming a catastrophe. When a catastrophe occurs, a
Business Continuency Plan (BCP) normally exists as well as a crisis management team to handle
the situation.
actions which include but are not limited to (a) Defining and assigning user privileges; (b) Adding
and deleting user IDs; (c) Disabling the use of specific user IDs as login IDs; (d) Initializing and
resetting login passwords; (e) Initializing and changing cryptographic keys; (f) Setting the system's
aging threshold for login passwords; (g) Setting the system's limit on the number of failed logins for
each login ID; (h) Removing a lockout, or changing the system's lockout timer value; (i) Setting the
system's inactivity timer value; (j) Setting system security logging and alarm configuration; (k)
Managing the security logging processes; (l) Upgrading security software; (m) Terminating any user
or system session.
A directory entry or other distribution source for CRLs; a CRL distributed through a CRL distribution
point may contain revocation entries for only a subset of the full set of certificates issued by one CA
or may contain revocation entries for multiple CAs.
A public-key or attribute certificate where the issuer and the subject/holder are different CAs or AAs
respectively. CAs and AAs issue cross-certificates to other CAs or AAs respectively as a mechanism
to authorize the subject CA's existence (e.g., in a strict hierarchy) or to recognize the existence of
the subject CA or holder AA (e.g., in a distributed trust model). The cross-certificate structure is used
for both of these.
1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential
variables and/or sensitive data including cleartext.
2) The process of recovering the plaintext of a message or the encryption key without access to
the
3) key.
The science of recovering the plaintext of a message without access to the key (to the
electronic key in electronic cryptographic systems).
1) A cryptographic algorithm is the means by which data is altered and disguised in encryption
2)
Mathematical function that computes a result from one or several input values.
A mode of use of a cryptographic algorithm in which the transformation performed by the algorithm
depends on the values of previous inputs or outputs.
Information which is derived by performing a cryptographic transformation (see cryptography) on the
data unit. Note - The derivation of the checkvalue may be performed in one or more steps and is a
result of a mathematical function of the key and a data unit. It is usually used to check the integrity
of a data unit.
The maximum secure capacity of a cryptographic process, based on the total number of bits that
can be securely encrypted before it becomes advisable to change the key
(Part 1:) Cryptographic information management is a service feature which manages the secret
information associated with cryptographic security mechanism including: the enhanced
authentication mechanism, the integrity mechanism, and the encipherment mechanism. This feature
is concerned with the generation, distribution, storage,updating, and deletion of cryptographic
information whose secrecy or integrity must be assured. This feature is strongly related to User
Authentication (UAUT) and Terminal Authentication (TAUT). Associated with each user and terminal
is some information which only that user or terminal and possibly the network knows. Authentication
is based upon the user or terminal convincing the network that it knows the correct secret
information through some cryptographic protocol and vice versa. Unlike simple password
authentication schemes the secret information is never disclosed.
(Part 2:) Furthermore, during the authentication process, the user and service provider can generate
some shared secret information which can be the basis of other security mechanisms. The identity
specific secret information is normally a key for a cryptographic algorithm. These key are classified
either as asymmetric or symmetric keys depending on the type of algorithm used. With symmetric
keys (associated with conventional secret key encryption algorithms) the network needs to know
and assure the confidentiality of the value of the key. Alternatively, if the key is asymmetric
(associated with public key encryption algorithms) then the network only needs a copy of the public
key of the secret/public key pair. Although the public key does not have to be protected from
disclosure, the key must be protected from modification so that the public key really corresponds to
the secret key of the entity in question.
(Part 3:) When public key schemes are used there is only limited security risk in distributing the
authentication information to local service providers and the authentication algorithms could be
standardized. Local authentication is possible. With secret key schemes, the keys could be
distributed to local service providers; however, this greatly increases the risk of disclosure. Again, a
standard authentication algorithm could be used and local authentication is possible. As an option
with secret key schemes, the home service provider may not wish to disclose the secret key
information but only distribute sufficient information for a limited number of authentication.
Authentication in this case is essentially centralized. The type of information distributed depends on
the authentication mechanism which may vary depending on the network involved. For example, the
authentication process may need to proceed with only one message from the user to the service
provider.
(Part 4:) The service provider would either have a list of expected authentication message from the
home service provider and use these to check the identity locally, or the authentication message
may need to be sent to the home service provider for remote authentication. The scheme chosen
has implications for security and worldwide roaming. As another option with secret key schemes, the
home service provider may not wish to disclose thesecret key information but only distribute
sufficient information for a local key being generated. Those local key would be valid for a limited
number of authentication. Authentication in this case is not centralized. This service feature also
provides for the management of cryptographic data associated with encryption. The type of data
which should be encrypted depends on the network and may include: user information, especially
for radio networks; user identity, and signalling data; and terminal identities.
1) A collection of transformations from plain text into ciphertext and vice versa, the particular
transformation(s) to be used being selected by keys. The transformations are normally defined by a
mathematical algorithm..
2) A cryptosystem is simply an algorithm that can convert input data into something
unrecognizable (encryption), and convert the unrecognizable data back to its original form
(decryption). RSA encryption techniques are described in X.509
1)a The discipline which embodies principles, means, and methods for the transformation of data
in order to hide its information content, prevent its undetected modification and/or prevent its
unauthorized use. Note Cryptography determines the methods used in encipherment and
decipherment. An attack on a cryptographic principle, means, or method is cryptanalysis.
1)b The discipline which embodies principles, means, and methods for the transformation of data
in order to hide its information content, prevent its undetected modification and/or prevent its
unauthorized use. NOTE Cryptography determines the methods used in encipherment and
decipherment.
The latest MF or DF selected on the UICC.
The latest EF selected.
This is the cell on which the MS is camped.
The entity to which personally-identifiable Information is entrusted.
a user of telecommunications services provided by a service provider. Specifically, in the context of
X.790, the customer is a user who chooses to use the OS-to-OS (Operations System) OSI interface
for network management across jurisdictions in order to achieve control of the telecommunications
services (or resources) being used. The customer (or customer representative) acts in the manager
role. There is no requirement that the interface be confined to cases where there is a traditional
telecommunication service customer to service provider relationship between the parties. Two
telecommunications service providers (carriers) may use this interface to exchange trouble reports
in situations where their networks interwork in order to provide service to an end user. In that case,
the Customer role may change from situation to situation. However, in any particular situation, one
carrier will be the customer and will act in the manager role, while the other will be the supplier and
will act in the agent role.
One or more devices allowing a user to access services delivered by NGN. NOTE This includes
devices under user control commonly referred to as home gateway (HGW) or terminals (TE), etc.,
but not network controlled entities such as access gateways.
This evaluation form contains a series of questions asking the capabilitys owner to document their
conformance to the compatibility requirements of this Recommendation in text, image or web
references, as well as instructions on where to submit the completed form or to ask the review
authority for clarification on how to complete the evaluation form.
conformance to the effectiveness requirements of this Recommendation in text, image or web
references, as well as instructions on where to submit the completed form, request tests, or to ask
the review authority for clarification on how to complete the evaluation form.
Includes users, networks, devices, all software, processes, Information in storage or transit,
applications, services, and systems that can be connected directly or indirectly to networks.
accumulates cybersecurity risk information. It is provided by the Researcher and Product & Service
Developer, and is then organized and classified by the Registrar. The (Cyber Risk) knowledge base
includes Vulnerability and Threat knowledge bases.
1)a The protection of data and systems in networks that are connected to the Internet.
1)b the collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance and technologies that can be
used to protect the cyber environment and organization and users assets. Organization and users
assets include connected computing devices, personnel, infrastructure, applications, services,
telecommunications systems, and the totality of transmitted and/or stored Information in the cyber
environment. Cybersecurity strives to ensure the attainment and maintenance of the security
properties of the organization and users assets against relevant security risks in the cyber
environment. The general security objectives comprise the following: Availability; Integrity, which
may include authenticity and non-repudiation; Confidentiality.
any entity that is part of an exchange of cybersecurity information, including the information object
itself.
1) Structured information or knowledge concerning (1) The state of equipment, software or

network based systems as related to cybersecurity, especially vulnerabilities; (2) Forensics related
to incidents or events; (3) Heuristics and signatures gained from experienced events; (4) Parties
who implement cybersecurity information exchange capabilities within the scope of this framework;
(5) Specifications for the exchange of cybersecurity information, including modules, schemas,
policies and assigned numbers; (6) The identities and trust attributes of all of the above; (7)
Implementation requirements, guidelines and practices.
2) Structured information or knowledge which may include but is not limited to: the "state" of
equipment, software or network systems; forensics related to incidents or events; parties
implementing the information exchange capabilities in terms of cybersecurity; specifications for the
exchange of information in terms of cybersecurity, including modules, schemas and assigned
numbers; identities and trust attributes for all of the preceding and implementation requirements,
guidelines and practices.
3)
Any of the categories of information identified in Rec. X.1500.
a framework to identify and locate the source of cybersecurity information. Finding cybersecurity
information involves three entities: retriever, source, and directory. The retriever retrieves the
information by sending a request, the source provides requested information, and the directory
registers the metadata of the sources information and assists the retriever with finding a proper
source.The discovery process is the communication process of the three entities. It has three stages
information publishing, candidate list reception and information acquisition. The source publishes
its information to cyber society by registering it with the directory in the information publishing stage.
The retriever queries a registrar directory for the list of candidate sources in the candidate list
reception stage. Then it selects a source that seems best suited from the list and receives the
sources information in the source selection stage.
The weakness, vulnerability and state exchange cluster; the event, incident, and heuristics
exchange cluster; the policy exchange cluster; the identification, discovery, and query cluster; the
identity assurance cluster; the exchange protocol cluster
is a unique identifier for identifying cybersecurity information. Any globally unique identifier used for
global cybersecurity information exchange have the following characteristics (a) simplicity, usability,
flexibility, extensibility, scalability, and deployability; (b) distributed management of diverse identifier
schemes; (c) long-term reliability of identifier registrars, and the availability of high-performance
tools for discovering information associated with any given identifier. Two unique identifier
candidates fulfill the requirements: Object IDentifier (OID) and Resource Description Framework
(RDF). These represent two primary paradigms for common service and information discovery.
The cybersecurity information query language (CYIQL) defines a flexible data representation that
provides a framework for requesting information commonly exchanged by computer incident
response teams (CIRTs) about computer security incidents. This specification describes the
information model for CYIQL and provides an associated data model specified with XML Schema.
any information that is needed for cybersecurity entities to run cybersecurity operations
Methods and processes used to monitor and manage security within defined operational limits
including: (1) The collection and analysis of information that may have an effect on security; (2) The
detection of behavior or events which adversely affect security or by which the likelihood of a future
adverse effect can be determined; (3) Action taken as a result of adverse behavior or event taking
place in order to limit, mitigate and/or prevent future incidents; (4) Security-related communications
concerning the status and condition of systems.
Any organizational entity using the model for information exchange specified in Rec X.1500.
a model for describing the abstracted world of cybersecurity operations. The ontology consists of a
set of types, properties, and relationships. In this ontology, a model is used to define domains for
cybersecurity operations, which is then used to identify required cybersecurity entities to support the
operations in each domain
conformance to the compatibility requirements of this Recommendation in text, image or web
references, as well as instructions on where to submit the completed form or to ask the review
authority for clarification on how to complete the evaluation form.
conformance to the effectiveness requirements of this Recommendation in text, image or web
references, as well as instructions on where to submit the completed form, request tests, or to ask
the review authority for clarification on how to complete the evaluation form.
Level above which a stimulus may cause temporary or permanent damage. NOTE Damage
thresholds often depend on the duration of the exposure to a stimulus as well as the level of that
stimulus.
The representation forms of information dealt with by information systems and users thereof.
In-network process that transfers the aggregation value to the sink node by combining the sensed
values sent by a number of sensor nodes into concise digest.
The digital transmission of information (other than voice).
An entity that performs the data compression encoding, decoding, error detection, synchronization
and negotiation.
A specification that describes the format and procedures used by a data compression function to
transport user data and control primitives.
A vocabulary and other information for error detection and synchronization, created and
maintained by peers to encode/decode user data.
An optional FRCP (Frame Relay Compression and Privacy Protocol) facility responsible for enabling
and initiating data compression algorithms on both ends of the link and negotiated between peer
devices. The mode and algorithms are selected independently for each direction of a virtual
connection. The FRCP control protocol provides the following services for data compression:
encapsulation, negotiation and synchronization (including: detection of loss of synchronization,
resynchronization, anti-expansion protection, encoding of user data into compressed user data and
decoding of compressed user data into uncompressed user data).
This service can be used to provide for protection of data from unauthorized disclosure. The data
confidentiality service is supported by the authentication framework. It can be used to protect
against data interception.
protects data from unauthorized disclosure, and ensures that the data content cannot be
understood by unauthorized entities. Encryption, access control lists and file permissions are
methods often used to provide data confidentiality.
Elements, based on the use of encipherment, concerned with the provision of confidentiality of data
passed from one MHS entity to another: Content Confidentiality Security Element and Message
Argument Confidentiality Security Element.
Services to provide for the protection of data against unauthorised disclosure.
An entity linking the object information recorded in the RFID tag to PII, or recording PII in the RFID
tag or collecting PII recorded in the RFID tag.
The property that data has not been altered or destroyed in an unauthorized manner.
ensures the correctness or accuracy of data, that data is protected against unauthorized
modification, deletion, creation, and replication and provides an indication of these unauthorized
activities.
Elements provided to support the provision of data integrity, data authentication, and nonrepudiation services: Content Integrity Security Element, Message Argument Integrity Security
Element and Message Sequence Integrity Security Element.
Services provided to counter active threats to the MHS: Connection Integrity Security Service,
Content Integrity Security Service, Message Sequence Integrity Security Service,
1) Refer to a digital object that is being signed. A data object is referenced inside an <Reference>
element using a URI.
2) Information coded as TLV objects, i.e., consisting of a tag, a length and a value part.
1)a The corroboration that the source of data received is as claimed.
1)b
The corroboration that the source is as claimed.
2) The corroboration of the identity of the principal that is responsible for a specific data unit. Note
- When using data origin authentication, it is also necessary to have adequate assurance that the
data has not been modified (e.g by integrity)
3)
Establishing the proof of identity responsible for a specific data unit.
Elements designed to support data origin authentication services, although they may also be used
to support certain data integrity services.
Services to provide corroboration of the origin of a message, probe, or report to all concerned
entities (i.e. MTAs or recipient MTS-users). These security services cannot protect against
duplication of messages, probes, or reports.
The set of functions used to transfer data in the stratum or layer under consideration.
Security preservation of integrity and availability of data.
In the context of IPTV architecture, "data sources" are defined as particular sources of content,
metadata and content protection information.
An entity who can be identified by one or more pieces of data related to his or her physical,
physiological, mental, financial, cultural, or social attributes
An MHS has a number of data stores within it that must be protected from the following threats:
modification of routing information or preplay.
Software which performs activities on a users computer without: a) first notifying the user as to
exactly what the software will do on the users computer, or, b) asking the user whether they consent
to the software doing these things. Examples of deceptive software include programs which hijack
user configurations, or programs, which cause endless pop-up advertisements which cannot be
easily clicked out of by the user.
The reversal of a corresponding reversible encipherment.
The result of evaluating a rule, policy or policy set.
A logic through which a biometric system provides match / no match decisions, for example through
the setting of the threshold and number of attempts
The request by a PEP to a PDP to render an authorization decision.
1) An entity that decompresses user data.
2) An embodiment of a decoding process.
A SRTP master key used to decrypt and authenticate SRTP packets received by the MG.
See decipherment.
A logical function used to decrypt the Encrypted Session Words, with the help of a key.
A channel dedicated to a specific UE.
A file containing access conditions and, optionally, elementary files (EFs) or other dedicated files
(DFs).
A device that provides dedicated security functions for the network (e.g., firewalls, IDS, security
gateways, and security management servers).
A formatted set of the PII protection rules and policies of an application using tag-based
identification.
To postpone work on, or set aside, a trouble report until such time as when appropriate conditions
are met and it can be progressed further.
1) Conveyance of privilege from one entity that holds such privilege, to another entity.
2) The action that assigns authority, responsibility or a function to another object.
3) An action that assigns authority, responsibility or a function to another entity.
An ordered sequence of certificates which, together with authentication of a privilege asserter's

identity can be processed to verify the authenticity of a privilege asserter's privilege.
the process of getting the resources associated with a software managed object in place on the
system together with the software managed object. NOTE The way in which the delivery of
software is done, and in particular the choice of transfer mechanism, is outside the scope of X.744.
In the context of IPTV architecture, "delivery" is defined as sending contents to the end user.
The role, in which a TTP interacts with the intended recipient of data and attempts to release the
data to the recipient. It then provides evidence that the data was delivered, that the data was not
delivered, or that delivery was attempted but that no confirmation of receipt was received. In the last
case, the evidence user cannot determine whether the data was received by the intended recipient
or not.
A device implementing the DNGF. Note: DNG also is commonly referred to as the residential
gateway (RG).
Set of functions that mediate between the network and service provider domains and the IPTV
terminal function (ITF). Note: A device implementing the DNGF is commonly referred to as the
residential gateway (RG) or delivery network gateway (DNG).
This element of service enables the MTS to indicate to a recipient UA the date and time at which the
MTS delivered a message. In the case of physical delivery, this element of service indicates the
date and time at which the PDAU has taken responsibility for printing and further delivery of the
physical message.
A partial revocation list that only contains entries for certificates that have had their revocation status
changed since the issuance of the referenced base CRL.
A type of telecommunication service in which the communication path is established almost
immediately, in response to a user request effected by means of user-network signalling.
1) The prevention of authorized access to resources or the delaying of time-critical operations.
2) In the context of message handling, when an entity fails to perform its function or prevents
other entities from performing their functions, which may be a denial of access, a denial of
communications, a deliberate suppression of messages to a particular recipient, a fabrication of
extra traffic, an MTA was caused to fail or operate incorrectly, an MTS was caused to deny a service
to other users. Denial of service threats include the following: denial of communications, MTA
failure, MTS flooding.
3) This occurs when an entity fails to perform its function or prevents other entities from
performing their functions. This may include denial of access to TMN and denial of communication
by flooding the TMN. In a shared network, this threat can be recognized as a fabrication of extra
traffic that floods the network, preventing others from using the network by delaying the traffic of
others.
4) An attacker may launch denial of service attacks by spoofing lower-layer indications or
Success/Failure packets, replaying EAP packets, or generating packets with overlapping Identifiers.
Or the attacker may launch denial of service attacks by interfering with the frequency spectrum
through an external radio frequency source or by sending several messages to the network element
in the wireless network with the intention of overloading it and denying other subscribers or devices
further access.
5) Usually an IdM system is the first entrance for a user to visit to use application services.
Therefore IdM systems are very likely to be a target for attack to stop providing services. A broad
variety of attacks are possible for IdM system to deny services. Denial of service attacks are often
very easy to execute and difficult to stop. Many such attacks are designed to consume huge
computing resources, making it difficult or impossible to serve legitimate users.
A performance criterion that describes the degree of certainty (or surety) with which a function is
performed regardless of speed or accuracy, but within a given observational interval.
Constraints covering aspects of availability, reliability, maintainability, security and safety (e.g. mean
time between failures).
The process of deactivating the personalization so that the ME ceases to carry out the verification
checks.
A key, indicated by Ksp, that is generated during the authentication inquiring and key generation /
transportation / negotiation procedure. The key is shared by an SS and an SP, and it is generally
derived using shared keying material Ks, which is the shared key between the EAC and the SS, and
the identity Information of service entities. It can be the base of mutual authentication between SS
and SP, and be used to derive a following session key Kt to protect service communication between
the SS and the SP. The length and lifetime of a derived key will be set according to parameters such
as service type and security degree. Generally, the algorithm to derive the derived key has default
value.
One of the classifications of the interaction of a human body with its environment based on a
property of the human body that is determined or changed using one or more of the base modalities
(see 3.5.11 to 3.5.12). NOTE The temperature of the human body or parts of the human body can
be detected (CALOROUT) by an infrared radiation detector or by conduction to a thermometer and
can be changed by convection, conduction, or various forms of radiation (CALORIN).
A unit that is defined in terms of one or more base units. NOTE Examples of derived units are
coulombs, hertz, watts, etc. (see ISO 31 and IEC 60027-1).
1) The restoration of the characteristics of a vision/sound/data signal in order to allow reception in
a clear form. This restoration is a specified process under the control of the conditional access
system (receiving end).
2) The process of reversing the scrambling function (see "scrambling") to yield usable pictures,
sound, and data services
Entity to which calls to the general packet radio service (GPRS) are directed.
accumulates known rules and criteria for detecting/protecting security threat. It also accumulates
heuristics including best practices.
Level at which a stimulus applied to a conscious human subject just produces a response.
A system acting as either a Client, Server, or both, Local Server.
A device certificate is an X.509 version 3 certificate used for identity authentication of home network
device. It may be issued by CA.
A user interaction sequence composed of tones and announcements that may gather information.
This is an attack wherein an attacker collects a database of commonly used words and passwords
that can be encrypted using all possible salts and compares its database of encrypted terms against
the encrypted passwords found in a password file on the system. If a match is found, the actual
password is known, and access is gained. The dictionary attack can be grouped into two categories:
online dictionary attack and offline dictionary attack. In the online dictionary attack, the attacker
repeatedly attempts authentication with the server using guessed passwords until he or she
succeeds. The online dictionary attack can be detected or prevented by counting the number of
access failures. On the other hand, the offline dictionary attack is normally performed by someone
posing as a legitimate user to gather Information or one eavesdropping on messages between two
parties during a successful protocol run. The attacker uses the captured packets to guess the
password.
Differentiated security service is that the security service is classified with different security levels by
security policy.
A field in every IP packet that identifies the DiffServ Per Hop Behavior. In IP version 4, the TOS byte
is redefined to be the DSCP. In IP version 6, the Traffic Class octet is used as the DSCP. See Annex
C.
A contract made in digital form and signed by two entities between whom an agreement is reached.
A characteristic of a data item, such as a cryptographic checkvalue or the result of performing a
one-way hash function on the data, that is sufficiently peculiar to the data item that it is
computationally infeasible to find another data item that will possess the same characteristics.
1) The digital representation of the information known about a specific individual, group or
organization.
2) A digital representation of the information known about a specific individual, group or
organization
A client program that provides authentication and credential management, identity interchange and
privacy protection service to the user.
A synonym for service and content protection or content protection, depending upon the context of
use. Note: In this Rec., the terms service and content protection are used instead of digital rights
management.
1) Data appended to, or a cryptographic transformation (see cryptography) of a data unit that
allows a recipient of the data unit to prove the source and integrity of the data unit and protect
against forgery e.g. by the recipient.
2) a cryptographic transformation (using an asymmetric cryptographic technique) of the numerical
representation of a data message, such that any person having the signed message and the
relevant public key can determine that: i) the transformation was created using the private key
corresponding to the relevant public key; and ii) the signed message has not been altered since
the cryptographic transformation.
An attack on a system based on deficiencies in the underlying algorithms, principles, or properties of
a security mechanism.
A directly trusted CA is a CA whose public key has been obtained and is being stored by an end
entity in a secure, trusted manner, and whose public key is accepted by that end entity in the
context of one or more applications.
A directly trusted CA key is a public key of a directly trusted CA. It has been obtained and is being
stored by an end entity in a secure, trusted manner. It is used to verify certificates without being
itself verified by means of a certificate created by another CA. Note - If for example the CAs of
several organizations cross-certify each other (see Annex A) the directly trusted CA for an entity may
be the CA of the entity's organization. Directly trusted CAs and directly trusted CA keys may vary
from entity to entity. An entity may regard several CAs as directly trusted CAs.
1)a A collection of open systems cooperating to provide directory services.
1)b A collection of open systems cooperating to provide directory services.
2) General term for the MF and/or a DF on the UICC.
A security exchange based on the authentication exchange used in the Directory protocol (X.511) for
either simple or strong unilateral entity authentication, where credentials data item is used as
defined in the Directory protocol, and the associated semantics are used as defined in Rec. X.509.
This security exchange involves a single SEI transferred from claimant to verifier.
A security exchange based on the authentication exchange used in the Directory protocol (X.511) for
either simple or strong mutual entity authentication, where credentials data item is used as defined
in the Directory protocol, and the associated semantics are used as defined in X.509. This security
exchange involves two security exchange items, the first transferred from initiator to responder. If no
error is detected after the first transfer, the responderCredentials SEI is transferred from responder
to initiator.
A string consisting of one or more of the characters from the set {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, *, #, a, b,
c} associated with a nature of address indicator and number plan indicator. When using the public
MMI for the control of supplementary services however, * and # cannot be part of any SC or SI field.
NOTE 1 No such restriction on the SC and SI fields exists when using other (e.g., menu-driven)
MMI for the control of supplementary services. NOTE 2 When using the public MMI, certain
limitations on the use of one- and two-digit directory numbers may apply. The use of other MMI can
remove these restrictions. NOTE 3 This definition is not intended to require the support of all
these characters in the MMI itself.
The set of information managed by the Directory.
A service to search and retrieve information from a catalogue of well defined objects, which may
contain information about certificates, telephone numbers, access conditions, addresses etc. An
example is provided by a directory service conforming to the X.500.
1)
The act of locating a machine-processable description of a network-related resource that may
have been previously unknown and that meets certain functional criteria. It involves matching a set
of functional and other criteria with a set of resource descriptions. The goal is to find an appropriate
service-related resource.
2)
The act or process of discovering target, i.e. obtaining knowledge of the target for the first time.
These techniques include methods and mechanisms which can be used to identify and locate
sources of cybersecurity information, types of cybersecurity information, specific instances of
cybersecurity information, methods available for access of cybersecurity information as well as
policies which may apply to the access of cybersecurity information.
This is an entity that stores interface Information for application services and related security
policies for access to the application services by clients. Clients can get such Information from the
Discovery Service by sending queries that describe the services they want to access.
A sequence of predicates combined using the logical 'OR' operation.
A service procedure is disrupted by another service procedure if the second service results in
service primitives not being used as specified for the procedure of the first service.
1) Data that uniquely identifies an entity.
2) Data that unambiguously distinguishes an entity (the principal) in the authentication process.
Rec. X.811 requires that such an identifier be unambiguous at least within a security domain. Note examples of distinguishing identifiers: directory names (X.509), network addresses (X.213), object
identifiers (X.208).
In the context of message handling, when an entity fails to perform its function or prevents other
entities from performing their functions, which may be a denial of access, a denial of
communications, a deliberate suppression of messages to a particular recipient, traffic flooding, an
MTA was caused to fail or operate incorrectly, an MTS was caused to deny a service to other users.
DDoS threats include denial of communications, MTA failure, MTS flooding.
A non-standardized medium for interconnecting BSSs within an ESS.
In the context of IPTV architecture, "distribution" is defined as sending the content to appropriate
intermediate locations to enable subsequent delivery.
Service characterized by the unidirectional flow of information from a given point in the network to
other (multiple) locations.
An Administrative Authority in its role as the entity having responsibility for the administration of a
part of the DIT.
An Administrative Authority in its role as the entity responsible for the administration of a DMD
A technique that tricks a Domain Name Server (DNS server) into believing the DNS address of
certain server has changed its address when, in reality, it has not. Once the DNS server has been
poisoned, this Information is generally cached for a certain period of time, spreading the effect of
the attack to the users of the server.
A scheme for countering bot threats that is designed to block communication between the bots and
a command&control server by using the sinkhole scheme; it may render the bots dormant or
inactive.
A scheme for countering bot threats that is designed to block communication between the bots and
a command&control server by using the sinkhole scheme; it may render the bots dormant or
inactive.
1) A set of managed resources subject to a common management policy.
2) [see management domain:] A set of managed resources subject to a common management
policy.
3) The highest-level group of physical entities. Reference points are defined between domains.
Border element under sole control of the provider, providing security functions with other network
domains
The subscription network from which a number is ported in the porting process. This may or may not
be the number range owner network.
A denial of service (DoS) attack or a distributed denial of service (DDoS) attack floods a network
with an overwhelming amount of traffic, slowing its response time for legitimate traffic or causing it to
halt completely. It generally consists of the concerted, malevolent efforts of a person or persons.
Additional protection may be provided to a complete message, including the envelope parameters,
by the ability to specify that the content of a message is itself a complete message, i.e., a Double
Enveloping Technique is available though the use of the Content Type argument which makes it
possible to specify that the content of a message is an Inner Envelope.
Unidirectional radio link for the transmission of signals from a UTRAN access point to a UE. Also in
general the direction from network to UE.
An attacker may attempt to perform downgrading attacks on lower-layer ciphersuite negotiation to
ensure that a weaker ciphersuite is selected subsequently for EAP authentication. An attacker
acting as an authenticator may provide incorrect information to the EAP peer and/or server using
out-of-band mechanisms (e.g., through AAA or lower-layer protocol). This involves impersonating
another authenticator or providing inconsistent information to the peer and EAP server.
The direction from the headend toward the subscriber location.
This entity executes the EAP authentication method with the supplicant. In case no backend
authentication server is used, the EAP server plays the role of the authenticator. In case a backend
authentication server is used, that is, if the authenticator operates in pass-through mode, i.e., the
authenticator forwards the EAP message without any modification to the supplicant or vice versa,
the EAP server is placed on the backend authentication server.
1) A breach of confidentiality by monitoring communication.
2) An attacker may try to obtain useful information by eavesdropping on authentication traffic.
Eavesdropping is a difficult threat to detect. The aim of the attacker here is to listen and most
properly record raw data on the enterprise LAN. This attack uses "promiscuous mode" of the off-theshelf Ethernet adaptors that are sold in the market. This mode allows an attacker to capture every
packet on the network. There are plenty of free network sniffers on the web today that an attacker
can use for eavesdropping [ITU-T X.1205]. IdM system usually communicates with users and
other entities to share credentials and identity information that is often confidential using wired or
wireless network. Therefore any information that is picked up by an eavesdropper can lead to
identity theft.
The intended consequence of a satisfied rule (either "Permit" or "Deny").
The process of determining whether a capability is CWE Effective.
1) Physical constraints to prevent information compromised through signals emanated by a
system, particularly by the application of TEMPEST technology to block electromagnetic radiation.
In Recommendation ITU-T K.84, the term EMSEC is used only for information leakage due to
unintentional electromagnetic emission.
2) Physical constraints to prevent information compromised through signals emanated by a
system, particularly by the application of TEMPEST technology to block electromagnetic radiation.
In this Rec. (K.87), term of EMSEC is used only for information leakage due to unintentional
electromagnetic emission.
The exchange of documents in standardized electronic form, between organizations, in an
automated manner, directly from a computer application in one organization to an application in
another.
The term for data signals which are used to control the descrambling process in subscriber
decoders. NOTE There are at least three types of electronic keys: those used for television signal
streams, those used for protecting control system operations, and those used for the distribution of
electronic keys on the cable system. See also "authorization coding" which is also effectively a key.
A structured set of data, intended to provide information on available content that may be accessed
by end-users.
All the information items in the [children] property of an element information item (and all information
items that are descendents of those information items).
An Element Management System is an Element Management Layer [M.3010] operations system.
Provides a package of end-user functions for management of a set of closely related types of
network elements. These functions can be divided into two main categories.
An element information item (and all information items that are descendents of the element informatio
A file containing access conditions and data and no other files on the UICC.
A generic term for one of the coded video, coded audio or other coded bit stream in PES packet.
A public-key cryptosystem (see section 8.7 of ATM Forum Security Specification Version 1.1).
Elliptic curve digital signature with appendix analog of the NIST Digital Signature Algorithm (DSA)
(see also ISO/IEC 15946-2, chapter 5).
The Diffie-Hellman key agreement scheme using elliptic curve cryptography.
Term mainly used to indicate the electronic mail transmitted over telecommunication network.
Term used to describe unsolicited electronic communications over email, which is usually sent for
specific purposes.
1)a A signal (electromagnetic, acoustic, or other medium) that is emitted by a system (through
radiation or conductance) as a consequence (i.e., by product) of its operation, and that may contain
information. (See: tempest.)
1)b A signal (electromagnetic, acoustic, or other medium) that is emitted by a system (through
radiation or conductance) as a consequence (i.e., by product) of its operation, and that may contain
information. (See: TEMPEST.)
A modified action or procedure to be used when normal activity cannot re-establish the handling of
traffic.
This function will enable the IMT 2000 network to provide priority access to identified emergency
services calls, override the normal access and charging procedures and provide the emergency
services providers with enhanced capabilities (e.g. call back) and information (e.g. location or
geographic position) about the user of such services.
A situation, of serious nature, that develops suddenly and unexpectedly. Extensive immediate
important efforts, facilitated by telecommunications, may be required to restore a state of normality
to avoid further risk to people or property. If this situation escalates, it may become a crisis and/or
disaster.
1)a any emergency related service that requires special handling from the NGN relative to other
services. This includes government authorized emergency services and public safety services.
1)b any emergency related service that requires special handling from the NGN relative to other
services. This includes government authorized emergency services and public safety services.
2)a An umbrella term for telecommunications of an "extraordinary nature" under abnormal and
potentially adverse network conditions.
2)b An umbrella term for telecommunications of an "extraordinary nature" under abnormal and
potentially adverse network conditions.
1) National service, providing authorized priority communications to facilitate the work of
emergency personnel in times of disaster.
2)a A national service providing priority telecommunications to the ETS authorized users in times of
disaster and emergencies.
2)b A national service providing priority telecommunications to the ETS authorized users in times of
disaster and emergencies.
The preparations made to avoid either a malfunction due to a vulnerability caused by high-altitude
electromagnetic pulses (HEMP) or high-power electromagnetic (HPEM) emissions, or the lack of
confidentiality due to an insufficient emanation security (EMSEC). The level of the EM mitigation of
the equipment can be calculated from the threat level and the vulnerability level.
1) The cryptographic transformation of data (see cryptography) to produce ciphertext. Note Encipherment may be irreversible, in which case the corresponding decipherment process cannot
feasibly be performed.
2) Encipherment (encryption) is the process of making data unreadable to unauthorized entities
by applying a cryptographic algorithm (an encryption algorithm). Decipherment (decryption) is the
reverse operation by which the ciphertext is transformed to the plaintext.
In the context of message handling, an identifier, on a message envelope, that identifies one type of
encoded information represented in the message content. It identifies the medium and format (e.g.
T.51 text, group 3 facsimile) on an individual portion of the content.
1) An entity that compresses user data.
2) An embodiment of an encoding process.
The bit-pattern resulting from the application of a set of encoding rules to a value of a specific
abstract syntax.
Each MTS parameter being passed to encryption or hashing algorithms shall be encoded using
ASN.1 encoding rules specified for the purpose of that encryption or hashing. NOTES 1 It cannot
be assumed that the encoding of MTS parameters used in the Submission, Transfer or Delivery
steps will use the encoding rules specified in the algorithm identifier. 2 In the case of the content, it
is only the encoding of the content octets into the Octet String to which the encoding rules specified
in the algorithm identifier should be applied, not the encoding of the content protocol (which remains
unaltered).
A SRTP master key used to encrypt and authenticate SRTP packets sent by the MG.
1)
See encipherment.
2)a A method used to translate information in plaintext into ciphertext.
2)b A method used to translate information in plaintext into ciphertext.
3) The process of scrambling signals to avoid unauthorized access.
and initiating data encryption algorithms on both ends of the link and negotiated between peer
devices. The mode and algorithms are selected independently for each direction of a virtual
connection. Each peer device has an initial key to be used for encryption. Encryption negotiation
must be completed successfully before allowing transfer of data. Once negotiated all data frames
exchanged on a virtual connection must be encrypted.
Either a public key certificate subject that uses its private key for purposes other than signing
certificates, or an attribute certificate holder that uses its attributes to gain access to a resource, or
an entity that is a relying party.
A single or set of consumer devices that support IPTV services (e.g., delivery network gateway,
display).
1)
A natural person who makes use of resources for application purposes.
2) The actual user of the products or services. Note: The end-user consumes the product or
service. An end-user can optionally be a subscriber.
A network-attached terminal generally under the control of a network subscriber, whether hardware
or software based, mobile and/or stationary, and including personal computer (PC)s, multimedia
terminals, and mobile phones.
A revocation list containing a list of attribute certificates issued to holders, that are not also AAs, that
are no longer considered valid by the certificate issuer.
A revocation list containing a list of public-key certificates issued to subjects, that are not also CAs,
that are no longer considered valid by the certificate issuer.
A Terminal, Gateway or MCU.
IRI that unambiguously identifies a BIP endpoint. NOTE There are no constraints on the form of
this IRI. In general (unless a binding specification prescribes otherwise) there is no relationship
between the IRI scheme of the endpoint IRI and the binding(s) supported by the underlying
implementation. This implies that in general, an endpoint IRI may not provide, by itself, sufficient
information for locating the BIP endpoint on a network.
Encipherment of data within or at the source end system, with the corresponding decipherment
occurring only within or at the destination end system. (See also link-by-link encipherment.)
A software application running on a single machine, protecting network traffic into and out of that
machine to permit or deny communications based on an end user-defined security policy.
The end-user security plane addresses security of access and use of the service provider's network
by customers. This plane also represents actual end-user data flows. End-users may use a network
that only provides connectivity, they may use it for value-added services such as VPNs, or they may
use it to access network-based applications.
Process of collecting biometric samples from a person and the subsequent generation and storage
of biometric reference templates associated with that person
The process of inauguration of an entity into a context. Note1: Enrolment may include verification of
the entity's identity and establishment of a contextual identity. Note2: Also, enrolment is a prerequisite to registration. In many cases, the latter is used to describe both processes.
1) Referring to the authorization level(s) including conditional access information that can be used
by a subscriber to access certain IPTV services in his/her IPTV TD.
2) Rights granted to a subscriber by a contract with an IPTV service provider.
An ECM is an encrypted message that contains access criteria to various service tiers and a control
word (CW).
The EMM contains the actual authorization data and shall be sent in a secure method to each CPE
device.
1) A human being, an organisation, a hardware component or a piece of software.
2) Any concrete or abstract thing of interest. While in general the word entity can be used to refer
to anything, in the context of modelling it is reserved to refer to things in the universe of discourse
being modelled
3)
See system entity
4) Something that has separate and distinct existence and that can be identified in context. NOTE
An entity can be a physical person, an animal, a juridical person, an organization, an active or
passive thing, a device, software application, service etc. or a group of these entities. In the context
of telecommunications, examples of entities include access points, subscribers, users, network
elements, networks, software applications, services and devices, interfaces, etc.
5)a Anything that has separate and distinct existence that can be uniquely identified. In the context
of IdM, examples of entities include subscribers, users, network elements, networks, software
applications, services and devices. An entity may have multiple identifiers.
5)b Anything that has separate and distinct existence that can be uniquely identified. In the context
of IdM, examples of entities include subscribers, users, network elements, networks, software
applications, services and devices. An entity may have multiple identifiers.
1) Corroboration of the identity of a principal, within the context of a communication relationship.
Note -- The principals authenticated identity is assured only when this service is invoked. Assurance
of continuity of authentication can be obtained by methods described in .5.2.7/ X.811
2) A process to achieve sufficient confidence in the binding between the entity and the presented
identity. NOTE Use of the term authentication in an identity management (IdM) context is taken to
mean entity authentication.
This standard provides an authentication life cycle framework for managing the assurance of an
entitys identity and its associated identity information in a given context. Specifically it provides
methods to 1) qualitatively measure and assign relative assurance levels to the authentication of an
entitys identities and its associated identity information, and 2) communicate relative authentication
assurance levels
A central network element defined in the authentication architecture, which accomplishes
authentication negotiation and mutual authentication with service entities, establishes shared keying
material between service entities, enquires or responds to the inquiring of authentication status of
service entities, and helps to generate the derived key for the SS and SP, etc. The function of the
EAC may contain other functions, e.g. the Bootstrapping Function in 3GPP and 3GPP2, the
Kerberos servers function or a certificate verification function.
A database-type network element defined in the authentication architecture, which stores service
entitys subscription Information and authentication Information binding with an entitys identifier. In
addition, the ESD may have the function to compute necessary authentication data or to achieve
such authentication data from another network element, e.g. similar to the function of the
Authentication Centre in 3GPP. The ESD may contain a certificate repository, where the certificates
of mobile terminals and network elements in mobile network are stored, and a Certificate
Revocation List (CRL) to perform public key crypto functions.
Loss-less data compression scheme that is independent of the specific characteristics of the
medium; one of the main types of entropy coding creates and assigns a unique prefix code to each
unique symbol that occurs in the input; these entropy encoders then compress data by replacing
each fixed-length input symbol by the corresponding variable-length prefix codeword.
Inverse process of Entropy Coding.
Shadowed information from an entry .
The set of attributes that are relevant to an authorization decision and are independent of a
particular subject, resource or action.
Those aspects of policy required for an authorization decision, that are not contained within static
structures, but are available through some local means to a privilege verifier (e.g. time of day or
current account balance).
Fraudulent use of the telecommunication network involving the abuse of terminal equipment, such
as a payphone.
The time offset between the clocks reading and UTC at a given instant.
Identifiying a trouble report which is to receive urgent and immediate supervisory attention to resolve
the trouble.
Communications whose contents are necessary for the prevention of or relief from calamities, for
maintaining transportation, communications or electric power supply, or for the maintenance of
public order.
User authorized to obtain priority telecommunications in national and/or international emergency
situations.
1) An observable occurrence which is not possible to (completely) predict or control
2)a An instantaneous occurrence that changes the global status of an object. This status change
may be persistent or temporary, thus allowing for surveillance, monitoring, and performance
measurement functionality, etc. Events may or may not generate reports; they may be spontaneous
or planned; they may trigger other events or may be triggered by one or more other events.
2)b An instantaneous occurrence that changes the global status of an object. This status change
may be persistent or temporary, allowing for surveillance, monitoring, and performance
measurement functionality, etc. Events may or may not generate reports, may be spontaneous or
planned, may trigger other events, or may be triggered by one or more other events.
A function which provides initial analysis of a security-related event and, if appropriate, generates a
security audit and/or an alarm.
Message capturing a single portion of a connection.
contains information on computer events including that on packets, files, and their transactions.
Usually computers automatically provide most of the records as computer logs, such as for log-in
time and date as well as terminal information provided when root users log in to a system. The logs
are instances of this record. CEE can be utilized to describe the record.
Information that, either by itself or when used in conjunction with other information, may be used to
resolve a dispute. Note - Particular forms of evidence are digital signatures, secure envelopes and
security tokens. Digital signatures are used with public key techniques while secure envelopes and
security tokens are used with secret key techniques.
The role, in which a TTP cooperates with a Non-repudiation service requester to generate the
evidence.
An entity that produces non-repudiation evidence. Note - This entity may be the non-repudiation
service requester, the originator, the recipient or multiple parties working in conjunction (e.g. a signer
and co-signer).
The role, in which a TTP records evidence that can later be retrieved by an evidence user or an
adjudicator.
The entity whose involvement in an event or action is established by evidence.
An entity that uses non-repudiation evidence.
The role, in which a TTP verifies evidence at the request of an entity.
An entity that verifies Non-repudiation evidence
Information exchanged between a claimant and a verifier during the process of authenticating a
principal.
The transfer of Cybersecurity Information between two or more cybersecurity entities. This transfer
may be uni-directional or bi-directional, multi-directional, i.e., many-to-many.
A set of technical rules and format governing the exchange of information between two or more
entities.
Executable software represents software for which execution may be initiated. It may be possible to
cause executable software to be executed by management command, however it may only be
possible to execute software by local action.
Authentication that requires that the party to be authenticated performs an authentication procedure
(to verify the claimed identification of the party).
An information security exposure is a mistake in software that allows access to information or
capabilities that can be used by a hacker as a stepping-stone into a system or network.
Those subordinate and non-specific subordinate references that would be included as subordinate
knowledge if the replicated area were extended to the lower boundary of the naming context .
A single wireless LAN with BSSs within a single IP subnet
The extended validation certificate framework consists of an integrated combination of technologies,
protocols, identity proofing, lifecycle management, and auditing practices that describe the minimum
requirements that must be met in order to issue and maintain extended validation certificates (EV
Certificates) concerning a subject organization. The framework accommodates a wide range of
security, localization and notification requirements.
This PPP extension providing support for additional authentication methods is part of the IEEE
802.1x specification.
An operating system and language-independent programming interface to general communication
services
The eXtensible configuration checklist description format is a specification language for writing
security checklists, benchmarks, and related kinds of documents. An XCCDF document represents
a structured collection of security configuration rules for some set of target systems. The
specification is designed to support information interchange, document generation, organizational
and situational tailoring, automated compliance testing, and compliance scoring. The specification
also defines a data model and format for storing results of benchmark compliance testing. The
intent of XCCDF is to provide a uniform foundation for expression of security checklists,
benchmarks, and other configuration guidance, and thereby foster more widespread application of
good security practices. XCCDF documents are expressed in XML.
A security association which is established independently of instances of its use, and which has a
globally-unique identifier enabling it to be referenced at the time of use.
The ratio of total (unrequested) extra service data units (SDUs) to total service data units received
by a destination user in a specified sample.
An object interface defined to provide access to a set of managed objects, all of which are of the
same class.
The failure of a biometric system to capture a biometric sample, or to extract biometric data from a
biometric sample, sufficient to generate a biometric template for matching
The failure of a biometric system to capture one or more biometric samples, or to extract data from
one or more biometric samples, in sufficient to generate a biometric template for successful
enrolment
One of the distinguished values of the boolean type (see "true").
Measure of the probability that a biometric comparison process will incorrectly identify an individual
or will fail to reject an impostor
Measure of the probability that a biometric comparison process will incorrectly fail to identify an
individual
The probability that the network will return a decision of rejection to the authentication attempt of a
legitimate UPT user.
Fault Management consists of a set of functions that enable the detection, isolation, and correction
of abnormal operation of the telecommunications network and its environment.
To link or bind two or more entities together.
1) A principal's identity is said to be federated between a set of providers when there is an
agreement between the providers on a set of identifiers and/or attributes to use to refer to the
principal.
2) An identity that can be used to access a group of services or applications that are bounded by
the policies and conditions of a federation.
1) This term is used in two senses: a) The act of establishing a relationship between two entities.
b) An association comprising any number of service providers and identity providers.
2) establishing a relationship between two or more entities or an association comprising any
number of service providers and identity providers.
3) An act of establishing a relationship between two or more entities or an association
compromising any number of service providers and identity providers.
4) An association of users, service providers and identity service providers.
A named and hierarchically-classified data set on the UICC.
The 2-byte name of a file or a directory on the UICC.
An event or condition under the contract between a buyer and a seller to exchange an asset for
payment.
A system or combination of systems that enforces a boundary between two or more networks. A
gateway that limits access between networks in accordance with local security policy
The user rate between IWF and the fixed network.
The FOA feature can take effect immediately prior to the time that an IN capable switch would
authorize call origination, during the call set-up process. A customized algorithm, provided by the
network provider or the subscriber, can then determine whether or not the call should be originated.
If the call is not authorized by the IN customized algorithm, then the call attempt is ended. If the call
is authorized by the IN customized algorithm, then, depending on the feature subscriber profile, call
processing can bypass switch-based authorization, or call processing can continue with switchbased authorization. The FOA feature can be used by personal and terminal mobility services to
provide authorization capability where a switch has restrictions on call origination authorization.
Such restrictions could be a consequence of a switched-based call screening feature, on behalf of
the "home" subscriber of a given access line. There exists the possibility that a mobile user may
roam to such an access line, at wh
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The FTA feature can take effect immediately prior to the time that an IN capable switch would
authorize call termination, during the call set-up process. A customized algorithm, provided by the
network provider or the subscriber, can then determine whether or not the call should be authorized.
If the call is not authorized by the IN customized algorithm, then the call attempt is ended. If the call
is authorized by the IN customized algorithm, then, depending on the feature subscriber profile, call
processing can bypass switched-based authorization, or call processing can continue with switchbased authorization. The FTA feature can be used by personal and terminal mobility services to
provide authorization capability where a switch has restrictions on call termination authorization.
Such restrictions could be a consequence of a switched-based call screening feature, on behalf of
the "home" subscriber of a given access line. There exists the possibility that a mobile user may
roam to such an access line, at
xxxxxxxxxxxxxxxxxxxxxxxxxxx
A set of mechanisms used to prevent the network from becoming overloaded by regulating the input
rate transmissions.
The visited/host networks router that services the mobile node while it is visiting the host network.
This foreign agent handles the tunnelling and delivery between the mobile node and others, and
between the mobiles home network and the host network.
1)a An entity fabricates information and claims that such information was received from another
entity or sent to another entity.
1)b An entity fabricates information and claims that such information was received from another
entity or sent to another entity
Feature by which joining members are not allowed to access to future group data. NOTE This
definition is consistent with RFC 4046.
A compromise of long-term private or pre-shared secret keys does not enable an adversary to
compute the MK generated in previous EAP executions.
FPLMTS user mobility is a feature which enables a FPLMTS user to transfer his/her identity
between FPLMTS mobile terminals.
A framework defines a set of application programming interface (API) classes for developing
applications and for providing system services to those applications.
1) The act of acquiring pecuniary advantage by misrepresentation or unauthorized action. See
also equipment fraud, network fraud, service fraud, subscription fraud, telecommunication fraud.
2) Fraud in telecommunications is the obtaining or procurement of services without correct
payment to the service provider. OR The obtaining of an unjust advantage through false
representations. Advantage gained by unfair means.
A party who commits fraud.
The first derivative of the clocks error. That is, the frequency offset is the actual rate of change of
error of the clock.
Front channel refers to the "communications channel" that can be effected between two
HTTPspeaking servers by employing "HTTP redirect" messages and thus passing messages to
each other via a user agent, e.g., a web browser, or any other HTTP client.
A complete revocation list that contains entries for all certificates that have been revoked for the
given scope.
A subscription service that is always available to subscribers during the operating hours of the
delivery system.NOTE By contrast, other services, such as a pay-per-view feature film, are only
available for a specific period of time
1)a A set of functional entities and the reference points between them used to describe the
structure of an NGN. These functional entities are separated by reference points, and thus, they
define the distribution of functions.
1)b A set of functional entities and the reference points between them used to describe the
define the distribution of functions. Note: The functional entities can be used to describe a set of
reference configurations. These reference configurations identify which reference points are visible
at the boundaries of equipment implementations and between administrative domains.
1)c A set of functional entities and the reference points between them used to describe the
define the distribution of functions. Note1: The functional entities can be used to describe a set of
reference configurations. These reference configurations identify which reference points are visible
at the boundaries of equipment implementations and between administrative domains. Note2: This
definition is taken from Y.2012 and therefore relates to NGN. However, it is also valid for other
this
functional
consists of
two kinds of domains: outbound domain and inbound domain.
networks,
e.g.,architecture
networks supporting
IPTV.
The outbound domain and inbound domain contain senders and recipients, respectively. The
functional architecture consists of four kinds of functional entities: VoIP spam prevention system
(VSPS), VoIP spam prevention policy server (VSPPS), RBL central system for VoIP spam
prevention (VSP-RBL), and user reputation system (URS). Both domains belong to the VoIP service
provider, while VSP-RBL belongs to the trusted third party (TTP), for example CERT, CIRT or
1)
A cluster
of functionality (sub-functions) that are viewed as a single entity from the point of view
national
authority.
of the end-to-end functional architecture.
2)a An entity that comprises an indivisible set of specific functions. Functional entities are logical
concepts, while groupings of functional entities are used to describe practical, physical
implementations.
2)b An entity that comprises an indivisible set of specific functions. Functional entities are logical
concepts, while groupings of functional entities are used to describe practical, physical
implementations.
1) A cluster of functional entities grouped (and named) solely for convenience and architectural
clarity.
2) A set of functions that may be performed by a single equipment.
A clock in which either the frequency offset is within the maximum frequency error of the clock or the
clock is undergoing an adjustment. A functioning clock may be correct or incorrect.
A network able to provide services, capabilities, and facilities difficult to provide using existing
network technologies. A Future Network is either: (a) a new component network or an enhanced
version of an existing one, or (b) a heterogeneous collection of new component networks or of new
and existing component networks that is operated as a single network. Notes - (1) The plural form
Future Networks (FNs) is used to show that there may be more than one network that fits in the
definition of Future Network. (2) A network of type b may also include networks of type a. (3)
The label assigned to the final federation may or may not include the word future, depending on its
nature relative to any preceding network and similarities thereto. (4) Difficult does not preclude
some current technologies are to be used in future networks. (5) In the context of this
Recommendation, the word new applied to a component network means that the component
network is able to provide services, capabilities, and facilities that are difficult or impossible to
provide using existing network technologies.
FPLMTS are third generation mobile systems, which are scheduled to start service around the year
2000 subject to market considerations. They may be utilized as stand alone mobile systems or as
part of the fixed network. They are systems which will provide telecommunication services to mobile
or stationary users by means of one or more radio links. The frequency bands 1885-2025 and 21102200 MHz have been identified by Radio Regulation WARC-92 (Footnote 746A) for use on a
worldwide basis for implementation of FPLMTS. This mobility will be unrestricted in terms of location
within the radio coverage area. FPLMTS will extend the telecommunication services of the fixed
network to these users over wide geographic areas, subject to constraints imposed by spectrum
allocation and radio propagation. In addition, FPLMTS will support a range of services particular to
mobile radio systems (see Recommendation ITU-R M.687-1). Provision of services may be limited
by the capabilities of the involved terminals and network.
1) This is a network node that terminates a message on an inbound interface with the intent of
applying some security processing or message conversions to the message, and presenting it to the
target service through an outbound interface.
2) Devices bridging between the IPCablecom IP Voice Communication world and the PSTN.
Examples are the Media Gateway which provides the bearer circuit interfaces to the PSTN and
transcodes the media stream, and the Signalling Gateway which sends and receives circuit
switched network signalling to the edge of the IPCablecom network.
security threats to IPTV are classified [by X.1191] as content security threats, service security
threats, network security threats, terminal device security threats, and subscriber security threats.
X.1191 identified the following security threats to general IPTV service: Content security threat
[Interception; Unauthorized viewing; Unauthorized reproduction or redistribution]; Service security
threat [Copyrights infringement of programs provided by the IPTV service platform to subscribers;
Masquerading/Spoofing the IPTV service provider; Malicious threats targeting IPTV servers (SCP
servers, media servers, etc.); Theft of subscribers' information]; Network security threat [Intentional
threats targeting network equipment or resources; Security threats to the multicast technique used
in the IPTV bearer network; Malicious attacks (such as DoS, hacking) on nodes in the content
distribution network]; Terminal device security threat [Illegally accessing clear content by tampering
with device hardware or software; Illegally accessing keys or other secret information in devices
using software cracking or hardware tampering; Device malfunction by hardware method;
Unauthorized
(suchmobile
as software
were downloaded,
and stored
in
The ability for applications
the user or other
entitiesprograms)
to communicate
and access run,
services
irrespective
of
changes of the location or technical environment. The degree of service availability may depend on
several factors including the Access Network capabilities, service level agreements between the
user's home network and the visited network (if applicable), etc. Mobility includes the ability of
telecommunication with or without service continuity.
Software entity that is capable of creating, processing, sending, and receiving BIP messages, but
which does not necessarily implement the BioAPI API and the whole functionality of a BioAPI
framework (including access to the component registry and to local BSPs).
An SIO Class in which the data types for one or more of the components are not fully specified.
An MS identifier which is allocated by the serving BSC and is unique within this SBSC. It is allocated
for all MSs having an RRC connection. The G-RNTI is always reallocated when the Serving BSC for
the RRC connection is changed and deallocated when the RRC connection is released. The GRNTI is also used at RLC/MAC during contention resolution.
Set of RBLs which are integrated from local RBLs and managed by VSP-RBL.
An MS capable of GPRS services.
The maximum precision permitted by a representation of time.
1) A set of members allowed to participate in the group call service. The group is defined by a set
of rules that identifies a collection of members implicitly or explicitly. These rules may associate
members for the purpose of participating in a group call, or may associate members who do not
participate in data transfer but do participate in management, security, control, or accounting for the
group.
2) A number of Devices operated on as a single unit.
An agent that is in charge of user and membership authentication, authorization for accessing a
group, group management, etc.
The relationship that exists between the members of a group for the purpose of transferring data.
More than one group call may exist in a group. A group call establishes an active group.
A member (or third party) authorized to initiate a group call. More than one member may initiate
group calls.
A member of a group participating in a particular group call at a given time.
A logical entity that provides the group call service to the members.
A PTM service in which a relationship exists between participants of the group, and in which a single
data unit transmitted by a source participant is received by multiple destination participants; it is a
one-in, many-out service.
The member (or third party) responsible for the group creation and membership control.
Entity and functions that are responsible for issuing and managing cryptographic keys used by a
multicast group
An identifier used to represent a specific group.
The secure distribution and refreshment of keying material.
An agent which has a responsibility for the creation, distribution, renewal and maintenance of group
keys.
a key that is used to protect multicast communications among a set of sensor nodes over a shared
wireless link
A service model which provides highly reliable performance, with little or no variance in the
measured performance criteria.
A common global cybersecurity identifier namespace is described , together with administrative
requirements, as part of a coherent OID arc, and includes identifiers for: Cybersecurity information;
Cybersecurity organization; Cybersecurity policy.
The term used to describe malicious acts of a wide ranging nature such as overcoming access
controls, denial of service, theft of information or installation of malware.
1) the ability to provide services with some impact on their service level agreements to a moving
object during and after movement.
2) The transfer of a user's connection from one radio channel to another (can be the same or
different cell).
3) The process in which the radio access network changes the radio transmitters or radio access
mode or radio system used to provide the bearer services, while maintaining a defined bearer
service QoS.
4) The handover (HOV) service feature enables a mobile terminal tochange network access
areas/points within a network or to an other network, while maintaining the call(s) and/or signalling
relationship(s). Active services should be maintained, within the limits imposed by available radio
and network resources. In the case of a lack of resources, active services could be modified (e.g.
fall back to a lower grade of service quality) or interrupted. Handover is a complex operation
involving four types of entities. They are: the monitoring entity type, the initiating entity type, the
performing entity type and the controlling entity type. There could be more than one entity of the
same type involved in the handover operation, even during the same handover. Handover can be
initiated by the terminal, or network entities. The handover service feature consists of four
processes: the handover monitoring process, the handover decision process, the handover
execution process and the handover completion process.
A delay in delivery of user data during handover due to the use of buffering as part of the handover
procedure.
provide Mobile Terminals (MTs) with session continuity whenever they move into different network
regions and change their point of attachment to the network during a session. The main objective of
seamless handover is to minimize service disruption due to data loss and delay during the
handover. Most MM protocols perform handover management together with an appropriate location
management scheme. According to the handover areas concerned, the handover types can be
classified into "handover within an Access Network (AN)", where the MT moves within a region
covered by the same AN in NGN, and "handover between different ANs or CNs", where the MT
changes its concerned access system for ongoing sessions.
The degree of impairment experienced by the user during the period of handover. This can range
from cut-off (loss of service continuity) to a degree of impairment unnoticeable by most users. The
latter condition is taken as the working definition of seamless handover.
A category of handover procedures where all the old radio links in the UE are abandoned before the
new radio links are established.
1)
(mathematical) function which maps values from a large (possibly very large) domain into a
smaller range. A good hash function is such that the results of applying the function to a (large) set
of values in the domain will be evenly distributed (and apparently at random) over the range.
2)
(mathematical) function that maps values from a (possibly very) large set of values into a
smaller range of values
A message authentication algorithm, based on either SHA-1 or MD5 hash and defined in IETF RFC
2104.
An optional type of <Policy> that can be included in a permission <PolicySet> to allow support
queries asking if a subject "has the privileges of" a specific role.
Protocol control information located at the beginning of a protocol data unit.
An operation that applies confidentiality protection to unprotected data or additional confidentiality

protection to already protected data.
Information that is used to perform the hide operation.
A resource that is organized as a tree or forest (directed acyclic graph) of individual resources called
nodes.
The NACF provides registration at the access level and initialization of CPE for accessing the NGN
services. The NACF provides network level identification and authentication, manages the IP
address space of the access network and authenticates access sessions. The NACF also
announces the contact point(s) of the NGN service stratum components to the CPE. Network
attachment through NACF is based on implicit or explicit user identification and authentication
credentials stored in the NACF. The high level concepts of NACF assumes that the NACF provides
registration at the access level, NACF provides identification and authentication at network level,
and authenticates access sessions.
The type of vocabulary used for data compression.
An entity to whom some privilege has been delegated either directly from the Source of Authority or
indirectly through another Attribute Authority.
A router that services the mobile node while it is visiting other networks, maintaining current location
Information on that mobile node.
A home application service provider (or a home application server) is an entity that connects to the
home network for data communication with home device or remote terminal, stores the multimedia
content, or provides a variety of the application services to the rest of home devices within home or
a remote terminal outside home.
This is a border element (BE, defined as special mobility functional entity) placed within the home
domain.
A home device is an entity (or a home appliance), such as PDA, PC, and TV/VCR, which controls or
is controlled by another home device, or provides a service to home users. There are three types of
home devices from the security point of view: type A, type B and type C. Type A home device, such
as remote controller, PC or PDA, has a controlling capability of the type B home device or type C
home device through the presentation page and rich display. Type B home device is a bridge that
connects type C home devices with no communication interface to the home network; basically it
communicates with the other devices in the home network on one end and uses some proprietary
language on the other end (some examples include proprietary lighting control, etc.). Type C home
device, such as security cameras, A/V devices, etc., only provides some sort of service to the rest of
the home devices. Type A or type C home device is called a security console, if it has a security
ownership of type B home device or type C home device. Any device in the home network can be
classified into type A, type C or type A/type C according to the functionalities of a device.
Responsible for overall provision and control of the personal service environment of its subscribers.
This is a VASP that has an agreement with the home environment to provide services. The home
environment provides services to the user in a managed way, possibly by collaborating with HEVASPs, but this is transparent to the user. The same service could be provided by more than one
HE-VASP and each HE-VASP can provide more than one service.
Gateway between the customer premises network (CPN) and the access network. NOTE A home
gateway may be in its simplest form a bridged or routed modem, and in a more advanced form be
an integrated access device.
1) The mobile network to which the SS subscribes.
2) The network to which a mobile user is normally connected, or the service provider with which
the mobile user is associated, and where the user's subscription information is managed.
3) Home network is the collection of elements that process, manage, transport, and store
information, thus enabling the connection and integration of multiple computing, control, monitoring,
communication
entertainment
devices
in the
PLMN where theand
mobile
country code
(MCC)
andhome.
mobile network code (MNC) of the PLMN identity
are the same as the MCC and MNC of the IMSI.
A home portal is a functional element that provides management and translation functions to
provide the user with home network services such as the control of home devices, multimedia
contents, various applications, etc. In general, a home portal is a web site that provides a gateway
or portal to Information related to various home network services. It also allows the home user to
maintain and set up his/her home using the Internet. Finally, a home portal is designed to use
distributed applications and different numbers and types of middleware and hardware to provide
services from a number of different sources. In other words, a home portal offers Information to
home network services from various home entities in a unified manner.
A resource that provides home network services based on the decision by the authorization server.
A home user or home device that has a profile, i.e., an identifier, that wants to access the home
resource within the home network.
The system which is transmitting the system identifier (SID) (refer to EIA/TIA-553) which is
recognized by the MS as the "Home" SID.
home user is an entity (person) within the home network that uses and operates the remote terminal
for accessing the devices in the home network.
A name which, in a particular context, applies to more than one entity.
A software program that emulates a network so as to attract (and maybe confuse) intruders and
track their actions. The output of these systems can be used to infer the intruders intentions and
evidence gathering
mobility on the same layer as defined in [ITU-R M.1645]. Generally, it is referred to as the mobility
within the same access technology.
A device with generalized functionality where modules containing specialized functionality can be
connected.
A mode of operation whereby the mobile UE takes an active role in the provision of mobility service
at layer 3, in particular by contacting the mobile service provider directly to invoke this service after
gaining network access.
Public places that host mobile IEEE 802.11 users to connect to the Internet.
This is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sub-layer
under regular HTTP application layering.
Telecommunication organizations staff needs to be trained, competent and qualified in many areas
of the business. They need to take charge of roles and responsibilities that are security related.
Combination of post-compression-based and incompression-based selective encryption; in this
approach, selective encryption is carried out at two points during and after encoding for better
content security.
protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted,
and what actions Web servers and browsers should take in response to various commands.
A card holding an integrated circuit containing subscriber, end-user, authentication and/or
application data for one or more applications.
includes cybersecurity operations within each user organization such as installing, configuring, and
managing ICT assets in the organization. It includes both incident preventive operations and
damage controlling operations in each organization. In the ICT asset management domain, two
operation entities exist: Administrator and ICT infrastructure provider. The administrator administers
the system of its organization and possesses information on its own ICT assets. An ICT
administrator inside each organization is a typical instance. The ICT infrastructure provider provides
each organization with ICT infrastructures, which includes the network connectivity, cloud computing
services such as software as a service (SaaS), platform as a service (PaaS) and infrastructure as a
service (IaaS), and identity services. An Internet service provider (ISP) and application service
provider (ASP) are typical instances. In the ICT asset management domain, there are two
databases: a user resource database and a provider resource database. The user resource
database accumulates information on assets within an individual organization and contains
information such as the list of software, hardware, their configurations, status of resource usage,
An ID certificate is a message that, at least, states a name or identifies the issuing authority,
identifies the subject, contains the subject's public key, identifies the validity period of certificate,
contains serial number, and is digitally signed by a CA.
ID resolution is a function to resolve an identifier into associated information. In this Rec. it is
specifically a function to resolve an identifier on/in an ID tag into necessary access information such
as uniform resource locator (URL), Internet Protocol (IP) address, and phone number, which may
indicate a protocol and/or a pointer to access multimedia information services provided by
multimedia information delivery functions. NOTE Since the ID resolution function handles mapping
relationships between identifier and access information, it may have a database for the efficient
management of mapping record.
In an ID resolution process, an ID terminal asks an ID resolution function (see clause 3.2.1) to
resolve an identifier and receives a result from the ID resolution function. This process enables the
ID terminal to find necessary information for accessing the multimedia information delivery service
via wide area public communications. Examples of this information are URLs for a web-based
information service, a content ID for a digital multimedia retrieval service, a phone number for a
voice service, etc. The simplest relationship between the identifier and multimedia information
access may be a static "one-to-one" relationship. However, this relationship may generally be a
"one-to-many" type, and a proper service is selected according to the context of users and
environments. For example, an RFID tag is attached to a signboard of a restaurant, and then a user
puts the ID terminal on the RFID tag. The menu of the restaurant is shown in the user's preferred
language, which is pre-registered in the user profile in the ID terminal. In this example, multiple
information content is associated with a single identifier, and the ID resolution function selects the
most
among
themwhich
according
user's
profile.
An IDsuitable
tag is a content
tiny physical
object
storestoathe
small
amount
of information which is an identifier
or includes an identifier with other additional application data such as name, title, price and address.
An ID tag is attached to or associated with a real-world entity to carry the information or attributes
about the entity. In this Recommendation, an ID tag is used to store an identifier of the real-world
entity with optional application data. Examples are radio frequency identification (RFIDs), barcodes,
2D barcodes, infrared tags, active radio frequency (RF) tags, etc.
An ID terminal is a device with a capability to capture data from ID tags, and other capabilities such
as communication capability and multimedia information presentation capability. The data capture
capability may include a function to obtain an identifier from ID tags even with no communication
capability such as barcodes and two-dimensional barcodes. Examples of equipment that use data
capture techniques are digital cameras, optical scanners, radio frequency (RF) transponders,
infrared data association (IrDA), galvanic wire-line, etc. Sometimes, an ID terminal is called a user
terminal.
1) The process of specifically identifying an object from a large class of objects through reading
identifiers of tag.
2)a A process to identify the UPT user or the UPT service provider
2)b A process to identify the UPT user or the UPT service provider.
3) The process of recognizing an entity by contextual characteristics.
4) The process of verifying the identity of user, process or device, usually as a prerequisite for
granting access to resources in an IT system.
This function will handle the tasks of recognising calls to emergency services by end users (calls
originated from emergency services personnel to the end users may be treated as normal call
processing).
1) A data object (for example, a string) mapped to a system entity that uniquely refers to the
system entity. A system entity may have multiple distinct identifiers referring to it. An identifier is
essentially a "distinguished attribute" of an entity.
2) a series of digits, characters and symbols or any other form of data used to identify
subscriber(s), user(s), network element(s), function(s), network entity(ies) providing
services/applications, or other entities (e.g., physical or logical objects).
3)
One or more attributes used to identify an entity within a context.
4) A series of digits, characters and symbols or any other form of data used to identify
subscriber(s), user(s), network element(s), function(s), network entity(ies) providing
services/applications, or other entities (e.g., physical or logical objects). Identifiers can be used for
registration or authorization. They can be either public to all networks, shared between a limited
number of networks or private to a specific network (private identifiers are normally not disclosed to
third parties).
5) a series of digits, characters and symbols or any other form of data used to identify a realworld entity. It is used to represent the relationship between the realworld entity and its
information/attributes in computers. This relationship enables users to access the
information/attributes of the entity stored in computers via users' ID terminals.
1) The essence of an entity. One's identity is often described by one's characteristics, among
which may be any number of identifiers.
2) Structured representations of an entity in the form of one or more credentials, identifiers,
attributes, or patterns in a relevant context. Such representations can take any physical or electrooptical (digital or analog) form or syntax, and may have associated implicit or explicit time-stamp
and location specifications.
3) Information about an entity that is sufficient to identify that entity in a particular context.
4) Representation of an entity (or group of entities) in the form of one or more information
elements which allow the entity(s) to be uniquely recognised within a context to the extent that is
necessary (for the relevant applications).
5) A representation of an entity in the form of one or more attributes that allow the entity or entities
to be sufficiently distinguished within context. For identity management (IdM) purposes, the term
identity is understood as contextual identity (subset of attributes), i.e., the variety of attributes is
limited by a framework with defined boundary conditions (the context) in which the entity exists and
interacts. NOTE Each entity is represented by one holistic identity that comprises all possible
information elements characterizing such entity (the attributes). However, this holistic identity is a
theoretical issue and eludes any description and practical usage because the number of all possible
attributes is indefinite.
The degree of confidence in the process of identity validation and verification used to establish the
identity of the entity to which the credential was issued, and the degree of confidence that the entity
that uses the credential is that entity or the entity to which the credential was issued or assigned.
A security policy based on the identities and/or attributes of users, a group of users, or entities
acting on behalf of the users and the resources/objects being accessed.
An Identity Provider that acts as a trusted intermediary among other Identity Providers.
The action occurring when Providers agree to stop referring to a principal via a certain set of
identifiers and/or attributes.
The attacker learns the identity of the supplicant by eavesdropping on exchanged messages during
a successful protocol run. This attack can be regarded as one sort of attacks resulting from
eavesdropping and usually takes place as a result of the eavesdropping attack.
The act of creating a federated identity on behalf of a principal.
A crime in which an impostor obtains key pieces of personally identifying information (PII) such as
social security numbers and driver's license numbers and uses them for their own personal gain.
The information identifying a user, including trusted (network generated) and/or untrusted (user
generated) addresses.
This is a process of disseminating users identity information between an identity provider and a
relying party through a digital identity client.
This is the identity service that manages identity that is created, released, updated and terminated.
The data related to this service is stored in a database located in a server or a local machine.
Therefore, access to this database should be preserved by only authorized users.
1) A set of functions and capabilities (e.g., administration, management and maintenance,

discovery, communication exchanges, correlation and binding, policy enforcement, authentication
and assertions) used for assurance of identity information (e.g., identifiers, credentials, attributes);
assurance of the identity of an entity and supporting business and security applications.
2) Set of functions and capabilities (e.g. administration, management and maintenance, discovery,
communication exchanges, correlation and binding, policy enforcement, authentication and
assertions) used for (a) Assurance of identity information (e.g., identifiers, credentials, attributes);
(b) assurance of the identity of an entity (e.g., users/subscribers, groups, user devices,
organizations, network and service providers, network elements and objects, and virtual objects);
and (c) supporting business and security applications.
3) Identity management is a grouping of functions to prevent a permanent user identity from
eavesdropping over radio interface to keep confidentiality of the identity. Temporary user identity is
used to make network access instead of permanent user identity. This consists of functions to (a)
assign a temporary user identity to a mobile terminal in case of network access with a permanent
user identity; (b) update a temporary user identity assigned to a mobile terminal in case of network
access with a temporary user identity or validity time-out; (c) inquire a mobile terminal about its
permanent user identity in the case where a received temporary user identity is unknown, both in a
Visited network domain and another network domain which assigned the temporary user identity; (d)
retrieve a permanent user identity from another network domain in the case where a received
temporary user identity is unknown in a Visited network domain but is known in another network
domain which assigned the temporary user identity.
A structured expression of attributes of an entity (e.g. the behaviour of an entity) that could be used
in some identification processes.
Identity proof refers to a process that a user proves who he/she is. To prove his/her identity in a
digital environment, the user uses a set of security credentials such as user name and password, or
certificates. For identity proof, those credentials shall include the users ID corresponding to the user
secret. In general, when the user can successfully demonstrate possession and control of a secret
token to an authentication system through an authentication protocol, identity proof of the user can
be achieved.
A process which validates and verifies sufficient information to confirm the claimed identity of the
entity.
1) An entity that creates, maintains, and manages trusted identity Information for entities. An
Identity Provider may include a Trusted Third Party, as well as Relying Parties and entities
themselves in different contexts.
2) A kind of service provider that creates, maintains, and manages identity Information for
principals and provides principal authentication to other service providers within a federation, such
as with web browser profiles.
3) An entity that creates, maintains and manages trusted identity information of other entities
(e.g., user/subscribers, organizations, and devices) and offers identity-based services based on
trust, business and other types of relationship.
4) See identity service provider (IdSP). Note: The term "identity provider (IdP)" is used in Y.2720
and in specifications by other organizations. However, to avoid misinterpretation that it could be
construed to mean an entity that provides identities, rather than an entity that manages identities,
the term identity service provider (IdSP) is used in this Rec.
5)
See identity service provider (IdSP).
6) An entity that verifies, maintains and manages, and may create and assign identity information
of other entities.
A kind of service provider that creates, maintains, and manages identity Information for principals
and provides principal authentication to other service providers within a federation, using only
required portions of SAML.
a software component in a digital identity client available to the user through which the user controls
and dispatches her digital identities.
A server that manages the users credential and identity information and provides it to a digital
identity client.
1) An Identity Management offering.

2) Id sevices are: identity lifecycle management; authentication (as identity) service; authorization
(as identity) service; attribute exchange (as identity) service; security token (as identity) service.
An identity service provider that acts as a trusted intermediary among other identity service
providers.
An entity that verifies, maintains, manages, and may create and assign identity information of other
entities.
A process of updating disseminated users identity information to a relying party when the source of
the identity information in an identity provider is changed.
A process of deleting users identity information from a storage when the validity of it is expired.
Identity theft and identity fraud are the terms used to refer to all types of crime wherein a person
wrongfully obtains and uses another person's personal data in a fraudulent or deceptive manner
and usually for economic gain.
This is a high-profile security issue, particularly for organizations that store and manage large
amounts of personal identity information. Not only can compromises resulting in the loss of personal
data undermine customer and institutional confidence and result in costly damage to an
organizations reputation, but data breaches can also be financially costly to organizations.
A data model for the digital identity, which can contain a users PII and credential information.
The process of confirming that a claimed identity is correct by comparing the offered claims of
identity with previously proven information.
The entity that makes the determination as to whether or not the identity asserted by a claimant is
correct in a biometric verification process performed by one or more biometric systems and fusion
processes.NOTE The IDV, supported by biometric devices and processes, is that part of the TAI
that has the primary responsibility for authentication using biometrics. The final decision of the IDV
is based on the TAI certificates and ACBio reports returned from the various parts of the verification
process.
A security policy based on the identities and/or attributes of users, a group of users, or entities
acting on behalf of the users and the resources/objects being accessed.
The state of UE switched on but which does not have any established RRC connection.
The client program that interact with IdM server to retrieve identity information.
The server that manages the lifecycle of identity for a user.
A notation defined to refer to the use of IKE with pre-shared keys for authentication.
Without proper authentication or authorization, the illegal supplicant tries to succeed in the
authentication procedure and gains network access in the process.
Adverse change to the level of business objectives achieved.
A capability that relates to a particular technical domain. Examples a spreading factor of 128 (in the
domain of the physical layer); the A5 algorithm; a 64 bit key length (in the domain of security); a
power output of 21 dBm (in the domain of transmitter performance); support of AMR codec (in the
domain of the codec); support of CHV1 (in the domain of the USIM).
A statement made by the supplier of an implementation or system claimed to conform to a given
specification, stating which capabilities have been implemented. The ICS can take several forms, as
protocol ICS, profile ICS, profile specific ICS, information object ICS, etc.
1) type of authentication without identity proof. Thus, anyone who has the correct secret can
access the services.
2) Authentication based on a trusted relationship already established between two parties, or
based on one or more outputs of an authentication procedure already established between two
parties.
A property of key establishment protocols that provides assurance to one protocol participant that
the other protocol participant is the only other party that could possibly be in possession of the
correct established key.
the probability that the network will return a decision of acceptance to the authentication attempt by
an unauthorized user.
An application residing on the UICC that provides access to IP multimedia services.
The MS is not available for call delivery. The MS may not be registered. The MS may be registered,
but is out of radio contact (e.g., missing autonomous registrations) or is intentionally inaccessible for
periods of time (e.g., slotted mode, paging frame class, or sleep mode). An inactive MS may accept
SMS message deliveries. This state is maintained by the MSC, the VLR and the HLR (see also
Active, Available, and Unavailable).
Inappropriate usage means that a user can use IdM system to process or carry out a certain job that
is not intended originally. An authorized user should have some limitation to use the part of IdM
system without proper privileges. Some services are restricted to authorized users, some to specific
users, and some services are generally forbidden to all but administrators.
Domain where a call is going to.
An event that might have led to an occurrence or an episode which is not serious
contains information on incidents, which is generated based on analysis of the information in the
User Resource database. The Response Team manipulates the information. This database includes
three records: Event Record, Incident Record, and Attack Record.
Incident handling is a service that involves all the processes or tasks associated with addressing an
incident. Incident handling includes multiple functions such as detecting, reporting, triage, analysis
and incident response.
1) (a cybersecurity operation domain, which is) comprised of multiple computer events, and attack
behaviors that caused the incidents. More specifically, it monitors computer events, and when an
anomaly is detected, it produces an incident report. Based on the report, it investigates the incident
in detail so that it can clarify the attack pattern and its countermeasures. Based on the incident
analysis, it may provide alerts and advisories, e.g., early warnings against potential threats, to user
organizations.
2) includes detection and response to cybersecurity incidents by monitoring incidents, computer
events that constitute the incidents, and attack behavior identified in the incidents. For instance, it
detects anomalies through alarms from detectors, and then assembles details by collecting various
logs. Sometimes it provides alerts and advisories, e.g. early warnings against candidate threats to
user organizations. Within the incident handling domain, two entities exist for its operations: the
response team, and the coordinator. The response team is an entity that monitors and analyzes
various kinds of incidents, e.g., unauthorized access, DDoS attacks and phishing, and accumulates
incident information. Based on this information, a response team may implement countermeasures,
e.g., register phishing site addresses on black lists. A coordinator is an entity that coordinates with
the other entities and addresses potential threats based on known incident information. In the
incident handling domain, there exist an incident database and a warning database. An incident
database contains information on incidents provided by a response team. It includes three kinds of
records:
event, incident,
and attack. An
record
includes
computer
events
such asservices
privileged
Incident management
encompasses
theevent
incident
handling
service
and other
proactive
that
help prevent incidents by providing guidance against potential risks and threats.
The incident object description exchange format defines a data representation that provides a
standard format for the exchange of information commonly exchanged by CIRTs about computer
security incidents. IODEF describes an information model and provides an associated data model
specified with XML Schema
contains information on security incidents and provides information such as the current state of user
systems and further risks. It is derived from analyses of several event records and their conjectures,
which are created automatically or manually. For instance, when excessive access to one computer
is detected, the state of the computer (excessive access to one computer) and its expected
consequence (denial of service) should be recorded in the incident record. The harmfulness of the
incident as well as the need for countermeasures can be judged based on this record. Note that an
Incident Record may record false incidents; i.e., incident candidates judged as non-incidents after
an investigation. IODEF can be utilized to describe the record.
Selective encryption performed in the process of encoding
An attack on a system which is not based on the deficiencies of a particular security mechanism
(e.g. attacks which bypass the mechanism, or attacks which depend on the system using the
mechanism incorrectly).
A revocation list that at least contains revocation information about certificates issued by authorities
other than that which issued this CRL.
A key shared between a user and a session manager through group and membership control
(GMC), after a successful user authentication.
Any kind of knowledge, that is exchangeable amongst users, about things, facts, concepts and so
on, in a universe of discourse.Although information will necessarily have a representation form to
make it communicable, it is the interpretation of this representation (the meaning) that is relevant in
the first place.
Any real or suspected adverse event in relation to the security of ICN. This includes: -- intrusion
into ICN computer systems via the network; -- occurrence of computer viruses; -- probes for
vulnerabilities via the network into a range of computer systems; -- PABX call leak-through; -- any
other undesired events arising from unauthorized internal or external actions.
An information asset is defined as a physical or logical (tangible or intangible) entity that is of value
to an organization or institution and characterized by the following: Anything that has value to the
organization.
Rate of the user information, which must be transmitted over the air interface. For example, output
rate of the voice codec.
The information download process enables the ID terminal to retrieve multimedia information from
multimedia information delivery functions. In this process type, the information may be stored in a
server as: fixed data such as in video-on-demand systems; dynamically generated data from
elements in the server; or real-time streaming data such as from broadcasting or a networked
camera.
The terms and conditions associated with the use and sharing of cybersecurity information.
This is an abstraction and representation of the entities in a managed environment as well as their
properties, attributes and operations, and way of relating to each other. It is independent of any
specific repository, application, protocol, or platform.
An instance of some information object class, being composed of a set of fields which conform to
the field specifications of the class. Note: For example, one specific instance of the information
object class OPERATION might be invertMatrix, which has an &ArgumentType field containing the
type Matrix, a &ResultType field also containing the type Matrix, and an &operationCode field
containing the value 7 (see .10.13/X.681).
A set of fields, forming a template for the definition of a potentially unbounded collection of
information objects, the instances of the class. Note: For example, an information object class
OPERATION might be defined to correspond to the operation concept of Remote Operations
(ROS). Each of the various named field specifications would then correspond to some aspect which
can vary from one operation instance to another. Thus, there could be &ArgumentType,
&ResultType, and &operationCode fields, the first two specifying type fields and the third specifying
a value field.
The information presentation process enables the ID terminal to access a multimedia information
function via wide area public communications, such as voice guidance at a museum, video clip
delivery for advertisement, pedestrian navigation using a digital map, restaurant menu, and
pedestrian navigation for persons with visual disability. This information presentation process is
classified into the following three process types: information download process, information upload
process and bidirectional information process.
1) the preservation of information confidentiality, integrity, and availability, and it sometimes also
encompasses accountability, authenticity, and reliability of information.
2) Security preservation of confidentiality, integrity and availability of information.
ISIRT is a team of appropriately skilled and trusted members of the organization, which will handle
security incidents during their lifecycle. At times this team may be supplemented by external experts,
for example from a recognized computer incident response team.
The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby
cause harm to the organization. It is measured in terms of a combination of the likelihood of an
event and its consequence.
The Information structure security system serves to protect users of cyberspace (authors, owners,
sources, recipients and buyers of information) against unwanted intrusions in cyberspace which
disrupt users work. Cyberspace users include both people and machinery (sensing elements,
actuators, automatics etc.). Examples of unwanted intrusions are viruses, worms, spam and
various maleware that exist in cyberspace. An unwanted intrusion may also include a denial of
service in the information and communication infrastructure.
Information system security systems serve to protect the technical processes of these systems and
the information stored and transferred within these systems.
Information used by telecommunication organizations includes that related to customers, staff,
operations and communications, network services, and so on, all of which are at risk. This includes
sensitive and critical information as well as personal data.
The information upload process enables the ID terminal to upload information into multimedia
information delivery functions. In this process type, information uploaded may be temporarily stored
in the ID terminal, manually input by the user, or generated in real-time, such as live data from a
video camera in the ID terminal.
consists of the network transmission facilities as well as individual network elements protected by
the security dimensions. The infrastructure layer represents the fundamental building blocks of
networks, their services and applications. Examples of components that belong to the infrastructure
layer are individual routers, switches and servers as well as the communication links between
individual routers, switches and servers.
The ASN.1 encoding rules used to generate an unprotected bit string from a value of an ASN.1 type,
when that value is to be protected using a security transformation.
1) An entity (e.g. human user or computer-based entity) that attempts to access other entities.
2) The entity that generates confidentiality-protected data either for transmission or for storage.
3) The initiator of the key management protocol, not necessarily the initiator of the
communication.
1)a An On-line TTP which acts as an intermediary in all interactions. Note - When two or more
entities belong to different security domains and do not use the same security mechanisms, these
entities are unable to operate direct, secure exchanges and an in-line TTP is needed, because a
TTP positioned directly in the communication path between the entities can facilitate secure
exchanges between these entities
1)b An On-line TTP which acts as an intermediary in all interactions. Note - When two or more
entities belong to different security domains and do not use the same security mechanisms, these
entities are unable to operate direct, secure exchanges and an in-line TTP is needed, because a
TTP positioned directly in the communication path between the entities can facilitate secure
exchanges between these entities
Modality of interactions from the environment to the human body.
Installation of software puts it into a form suitable for use as opposed to the form in which it may be
transferred between systems (i.e. delivered). Once software is installed, it may be utilized by other
managed objects. NOTE Installation may also involve setting up relationships between software
managed objects.
1) Instant Messaging refers to the transfer of messages between users in near real-time. These
messages are usually, but not required to be short. IMs are often used in a conversational mode,
that is, the transfer of messages back and forth is fast enough for participants to maintain an
interactive conversation.
2) A real-time communication service between two or more users, generally via the network, which
enables the sending of messages and files to other users.
a bulk unsolicited set of instant messages containing the message that the spammer is seeking to
convey. The spammer sends IM spam in a call setup message. In the case of email spam, the
advertisement is displayed when the email is opened, and the recipient might immediately remove it
by checking the title. Since the IM spam in VoIP automatically shows up on the screen in the VoIP
terminal, the recipients will be forced to view the advertisement. In addition, the spammer sends IM
spam at any less cost by putting the phone down even before a call is established.
A coded picture in which all slices are I or SI slices that causes the decoding process to mark all
reference pictures as "unused for reference" immediately after decoding the IDR picture. After the
decoding of an IDR picture all following coded pictures in decoding order can be decoded without
inter prediction from any picture decoded prior to the IDR picture. The first picture of each coded
video sequence is an IDR picture.
A scenario in which the same AAA infrastructure is used to authorize both transport and mobility
service, so that a common set of user credentials is used to gain access to both services.
A scenario in which the same AAA infrastructure is used to authorize both transport and mobility
service, so that a common set of user credentials is used to gain access to both services.
1) See data integrity.
2) The property that data has not been altered in an unauthorized manner.
3)a A way to ensure that information is not modified except by those who are authorized to do so.
3)b A way to ensure that information is not modified except by those who are authorized to do so.
4) The ability of a function to withstand being usurped for unauthorized use, or modified to yield
unauthorized results.
5) A security principle that makes sure that information and systems are not modified maliciously
or accidentally.
6)a Safeguarding the accuracy and completeness of information and processing methods.
6)b Safeguarding the accuracy and completeness of information and processing methods.
7) (in the context of security) The avoidance of unauthorized modification of information.
The integrity function detects and/or prevents the unauthorized creation, alteration or deletion of
data. The integrity function includes all the following functions: shield; validate; unshield. In the
context of integrity, objects fulfil one or more of the following roles: integrity-protected data
originator; integrity-protected data recipient. Integrity-protected data is passed from originator to
recipient. An integrity-protected data originator supports an interface providing the shield function.
An integrity-protected data recipient supports an interface providing the validate or unshield
functions. The integrity function may use the key management function.
The integrity service provides means to ensure the correctness of exchanged data, protecting
against modification, deletion, creation (insertion) and replay of exchanged data. The following kinds
of integrity services are distinguished: selective field integrity; connection integrity without recovery;
connection integrity with recovery.
A communications channel to which an integrity service has been applied. (See connection integrity
and connectionless integrity.)
Data and all relevant attributes within an integrity-protected environment.
An environment in which unauthorized data alterations (including creation and deletion) are
prevented or detectable.
Threats that may range from casual examination using easily available monitoring tools to
sophisticated attacks using special system knowledge. An intentional threat, if realized, may be
considered to be an attack.
(in VoIP spam score) the average time interval between the call attempts of a sender per unit time.
A distinct form of interaction across a biosphere, each of which may have subcategories.NOTE
Examples of interaction modality across the biosphere are chemo-in (smell), audio-in, audio-out,
etc. Music and speech are subcategories of audio. Gesture and facial expression are subcategories
of video-out.
Interactive Agent supports the exchange of electronic data interchange (UN/EDIFACT or ASC X12
EDI) transactions between peer entities. The IA functions as an interface between its direct user
(normally an EDIFACT/ASC X12 EDI translator or a security module) and the transport layer
security (entity). Various implementation approaches may be taken ranging from a simple API
(Application Program Interface) through a stand alone program. The IA is described in Q.814, the
Security Module is described in Q.815.
The interactive gateway system for countering spam is an entity which is responsible for detecting
and blocking spam. It has a pair of functions-sender gateway function (SGF) and receiver gateway
function (RGF). An IGCS should work with other peers to implement full functions for countering
spam.
A service which provides the means for bidirectional exchange of information between users.
Interactive services are divided into three classes of services: conversational services, messaging
services and retrieval services.
A handover between different cells. An intercell handover requires network connections to be
altered.
1) The common boundary between two associated systems.
2) An abstraction of the behaviour of an object that consists of a subset of the interactions of that
object together with a set of constraints on when they may occur. Each interaction of an object
belongs to a unique interface. Thus, the interfaces of an object form a partition of the interactions of
that object. NOTES 1 An interface constitutes the part of an object behaviour that is obtained by
considering only the interactions of that interface and by hiding all other interactions. Hiding
interactions of other interfaces will generally introduce non-determinism as far as the interface being
considered is concerned. 2 The phrase an interface between objects is used to refer to the
binding between interfaces of the objects concerned. 3 An interface of an object may be used by
other objects. Using interfaces provided by other objects may constitute a part of the object's
behaviour.
A temporary identifier for an SP assigned by the EAC during the initial entity authentication of the
Service Provider with the EAC. The identifier can be a local index of the shared keying material
between the EAC and the SP. It has a lifetime that is also set by the EAC. When the SP queries the
authentication status of a service subscriber from the EAC, its IAC-ID is used to establish its identity.
A temporary identifier for an SS assigned by the EAC during the initial entity authentication of a
service subscriber with the EAC. When an SS requests service from a service provider, its ISR-ID is
used to establish the SSs identity. It can also act as an index of shared keying material between the
EAC and the SS.
Inter-message threats arise from unauthorized agents who are external to the message
communication, and can manifest themselves in the following ways: masquerade, message
modification, replay, or traffic analysis.
An emergency situation, across international boundaries, that affects more than one country.
An "International Mobile Station Equipment Identity" is a unique number, which shall be allocated to
each individual mobile station equipment in the PLMN and shall be unconditionally implemented by
the MS manufacturer.
The international mobile user number is a diallable number allocated to a 3GPP system user.
A Registration Authority acting at the international level where the procedures for its operation,
defined in a relevant ITU-T Recommendation and/or International Standard, declare it to operate as
an International Registration Authority.
A key management mechanism used to negotiate and derive keys for SAs in IPSec.
A protocol by which data is sent from one computer to another computer over a network.
Multimedia services such as television/video/audio/text/graphics/data delivered over IP-based
networks managed to support the required level of QoS/QoE, security, interactivity and reliability.
The entity between the SP and SMSC, implementing the transportation of short messages from the
SP to the SMSC and from the SMSC to the SP, while implementing protocol conversion of
interactive information between the SP and the SMSC.
A decryption function that shall be embedded in all units.
Handover between different PLMNs, i.e., having different MCC MNC.
A set of rules or a system that enables establishment of the interaction of various Mobile Bank and
Mobile Commerce systems.
A change of radio access between different radio access technologies such as GSM and UMTS.
Handover between networks using different radiosystems, e.g., UMTS GSM.
see
vertical mobility
A WLAN that interworks with a 3GPP system.

A handover within one sector or between different sectors of the same cell. An intra cell handover
does not require network connections to be altered.
A prediction derived from the decoded samples of the same decoded slice.
Intra-message threats are those performed by the actual message communication participants
themselves, and can manifest themselves in the following ways: repudiation of messages, and
security level violation.
Handover within the same network, i.e., having the same MCC MNC regardless of radio access
system. NOTE This includes the case of UMTS <> GSM handover where MCC-MNC are the
same in both cases.
direction mode of Intra Prediction.
see horizontal mobility
Process of monitoring the events occurring in a computer system or a network and analyzing them
for intrusions
The ability of a hardware object to deny physical, electrical, or irradiation-based access to internal
functionality by unauthorized parties.
Inverse process of Quantization
Inverse process of Transformation.
A mechanism which enables more transparent connectivity for mobile nodes that visit different IP
sub-networks while travelling. This is a mechanism for mobile management for mobile nodes on
both wired networks and wireless networks.
Realizes a multicast scheme in the IP network with the help of multiple multicast-enabled IP routers.
A text, voice, or video message that is delivered and stored in IP multimedia terminal or server for
the recipient to check afterward. It is similar to voice mail in telephony service but serviced in IP
multimedia service.
1) Unsolicited messages or calls over IP Multimedia applications. To separate from traditional
email spam, IP multimedia spam denotes spam on newly emerging telecommunication methods
over IP, such as Instant Messaging (IM), Presence, or Voice over IP (VoIP).
2) refers to unsolicited messages or calls over real-time IP multimedia applications. Different from
traditional email spam, IP multimedia spam denotes spam on newly emerging communication
methods over IP, such as instant messaging, presence service, voice over IP (VoIP) and so on.
Spam over Internet Telephony (SPIT), Voice Spam or VoIP Spam (VAM) and Spam over Internet
Messaging (SPIM) are current names for specific IP Multimedia spam.
3) Unsolicited messages or calls through IP-based multimedia applications which usually have
special characteristics of spam such as bulkiness. Distinguished from traditional e-mail spam, IP
multimedia spam indicates spam on communication methods over IP, such as instant messaging or
voice over IP services.
IP phone refers to a terminal (e.g., dedicated voice terminal or multipurpose personal computer) that
is connected directly (e.g., through an Ethernet interface or an xDSL line) to an IP network
(Q.Sup49).
The collection of network entities and interfaces that provides the underlying IP transport
connectivity between the UE and the IMS entities. An example of an "IP-Connectivity Access
Network" is GPRS.
The data communications bearer provided by the IP-connectivity access network. When using
GPRS, the IP-connectivity access network bearers are provided by PDP Contexts.
This element of service enables co-operating IPM UAs to convey a globally unique identifier for
each IP-message sent or received. The IP-message identifier is composed of an O/R name of the
originator and an identifier that is unique with respect to that name. IPM UAs and users use this
identifier to refer to a previously sent or received IP-message (for example, in receipt notifications).
(IP = Interpersonal, IPM = Interpersonal Messaging)
This element of service augments the Message Security Labelling service (see B.67/X.400) by
allowing the originator of an IP-message to convey to all recipients an indication of the security
classification of the IP-message content, or optionally, of the component heading and body parts of
an IP-message. This service enables the implementation of security policies in which the security
labels associated with local objects (e.g. files) derived from component parts of the IP-message may
be assigned values provided by the originating IPM user. The integrity of the IP-message Security
Labelling may be provided by the Content Integrity or Body Part Authentication and Integrity security
service, and confidentiality of the IP-message Security Labelling may be provided by the Content
Confidentiality security service. Authentication of the originator of the IP-message Security Labelling
may be provided by the Message Origin Authentication service or the Body Part Authentication and
Integrity service. NOTES 1 Unless both end systems have mutual trust in each end systems
ability to process and separate information based on security labels, this label should not be used to
implement
access
control. 2 Theaudio/text/graphics/data
meaning of the term "security
classification"
in this
Multimedia mandatory
services such
as television/video/
delivered
over IP-based
networks managed to support the required level of QoS/QoE, security, interactivity and reliability.
A terminal device which has ITF functionality, e.g., a STB.
Ensuring that the TD employed by an end user in the reception of a service can reliably and
securely use content, while enforcing the rights of use as granted for such content and in the course
of
physically
electronically
protecting
thereceiving
integrity and
of TD
and confidentiality
of control
the content
and
The
end-userand
function(s)
associated
with a)
responding
to network
channel
critical
security
parameters
(e.g.,
saved
keys)
that
are
not
protected.
messages regarding session set-up, maintenance, and tear-down, and b) receiving the content of
an IP transport from the network and rendering.
(a cybersecurity operation domain, which) runs cybersecurity operations inside user organizations
such as installing, configuring and managing IT assets, and covers both incident prevention and
damage control operations. IT assets include not only an user's own IT assets but also network
connectivity, cloud services, and identity services provided by external entities for the user.
the role which provides the IT infrastructure for an organization. The infrastructure includes the
network connectivity and cloud services such as software as a service (SaaS), platform as a service
(PaaS), and infrastructure as a service (IaaS). The IT Infrastructure Provider possesses information
on inter-organizational networks; e.g., network topology information and specifications of cloud
services. An Internet service provider (ISP), application service provider (ASP), and cloud service
provider (CSP) are typical instances.
The technology deployed by a telecommunication organization for their business and their
customers needs to be reliable, robust and secure.
In a role hierarchy, role A is junior to role B if role B inherits all the permissions associated with role
A.
refers to the functional separation of telecommunications networks. A jurisdiction is one of the
following four types: a) Local Exchange Carrier Network; b) Interexchange Carrier Network; c) End
User Network; d) Some combination of the above.
1)a A secret-key network authentication protocol that uses a choice of cryptographic algorithms
for encryption and a centralized key database for authentication.
1)b A secret-key network authentication protocol that uses a choice of cryptographic algorithms
for encryption and a centralized key database for authentication.
1) A sequence of symbols that controls the operations of encipherment and decipherment.
2)a A mathematical value input into the selected cryptographic algorithm.
2)b A mathematical value input into the selected cryptographic algorithm.
A method for negotiating a key value on-line without transferring the key, even in an encrypted form,
e.g. the Diffie-Hellman technique (see ISO/IEC 11770-1 for more information on key agreement
mechanisms).
the role, in which a TTP provides Non-repudiation certificates related to an evidence generator in
order to assure the validity of a public key to be used for Non-repudiation purposes.
1) A procedure to prove one entity that another entity established the correct secret keying
material as a result of a key establishment.
2) A procedure to provide assurance to one party (the key confirmation recipient) that another
party (the key confirmation provider) actually derived the correct secret keying material as a result of
a key establishment.
The process that derives keys from another key or from a secret output value, called shared secret,
obtained through a key establishment procedure.
The role, in which a TTP provides keys to the evidence generators and/or the evidence verifiers. It
may also place constraints on the use of the keys, in particular when symmetrical techniques are
used.
The service of distributing keys securely to authorized entities performed by a Key Distribution
Center and described in ISO/IEC 11770-1.
1) Process by which cryptographic keys are securely established among sensor nodes using key
transport and/or key agreement procedures
2) A procedure, conducted by two or more participants, which culminates in the derivation of
keying material by all articipants (see keying material). Key establishment can be based on preshared keys or on public keybased schemes.
1)a The swapping of public keys between entities to be used to encrypt communication between
the entities.
1)b The swapping of public keys between entities to be used to encrypt communication between
the entities.
A tree structure that represents the relationship of different keys. In a key hierarchy, a node
represents a key used to derive the keys represented by the descendent nodes. A key can only
have one precedent, but may have multiple descendent nodes.
1) The generation, storage, distribution, deletion, archiving and application of keys in accordance
with a security policy.
2) In conformance with Key Management standard ISO/IEC 11770-1, key management relies on
the basic services of generation, registration, certification, distribution, installation, storage,
derivation, archiving, revocation, deregistration and destruction of keys and possibly access control,
auditing, authentication, cryptographic and time stamping services.
3)a The process of distributing shared symmetric keys needed to run a security protocol.
3)b The process of distributing shared symmetric keys needed to run a security protocol.
4) Hierarchical key derivation mechanism is used for mobility security in NGN. There are several
kinds of key material in NGN, e.g., root key, session key, etc
The key management function provides facilities for the management of cryptographic keys as
defined in ISO/IEC 11770-1, including the administration and use of the generation, registration,
certification, deregistration, distribution, installation, storage, archiving, revocation, derivation and
destruction of keying material in accordance with a security policy. Within the context of key
management, objects can have one or more of the following roles: certification authority; key
distribution centre; key translation centre. A certification authority is a trusted third party which
creates and assigns certificates as defined in ISO/IEC 11770-1. A key distribution centre provides
means to establish key management information securely between objects authorized to obtain it. A
key translation centre is a specific form of key distribution centre which establishes key
management information between objects in different security domains.
Key pairs are matching private and public keys. If a block of data is encrypted using the private key,
the public key from the pair can be used to decrypt it. The private key is never divulged to any other
party, but the public key is available, e.g., in a certificate.
A procedure to deliver a key from one entity to another entity in a protected manner. In this Rec.,
key transport refers to key delivery from the EAP server to another entity, for example, to an
authenticator.
The output of a key derivation function, a segment of which, with the required length, can be used
as a cryptographic key.
(a cybersecurity operation domain, which) collects and generates cybersecurity information and
extracts reusable knowledge for other organizations. To facilitate the reusability, it provides common
naming and taxonomy, with which it organizes and accumulates the knowledge. This domain serves
as the basis of global collaboration beyond organization borders.
includes cybersecurity-related information. Reusable knowledge for other organizations is generated
and accumulated. In the knowledge accumulation domain, three operation entities exist:
Researcher, product & service developer, and registrar. A researcher researches cybersecurity
information, extracting and accumulating knowledge. A product & service developer possesses
information on products and services, e.g., naming, versions, their vulnerabilities, their patches and
configuration information. Software vendors, ASPs and individual software programmers are typical
instances. A registrar is an entity that classifies and organizes cybersecurity knowledge provided by
researchers, developers, and vendors so that the knowledge can be used by another organization.
Three knowledge bases exist in the knowledge accumulation domain: Cyber risk, countermeasure,
and product & service. They accumulate knowledge on cybersecurity provided by the researcher
and product & service developer, which is then organized and classified by the registrar. The cyber
risk knowledge base accumulates cybersecurity risk information and includes vulnerability
knowledge and threat knowledge. The vulnerability knowledge base accumulates known
vulnerability information, including naming, taxonomy and enumeration of known vulnerabilities. It
One of a set of syntactical structures in a non-branching hierarchical relationship. Higher layers
contain lower layers. The coding layers are the coded video sequence, picture, slice, and
macroblock layers.
When information was acquired by an unauthorized party by monitoring transmissions, by
unauthorized access to information stored in any MHS entity, or by masquerade, that might result
from impersonation and misuse of the MTS or through causing an MTA to operate incorrectly.
Leakage of information threats include the following: loss of confidentiality; loss of anonymity;
misappropriation of messages; traffic analysis.
The entirety of the legislative, administrative and technical procedures established by, or by
reference to, public authorities, and implemented on their behalf in order to specify and to ensure, in
a regulatory or contractual manner, the appropriate quality and credibility of measurements related
to official controls.
Agreement between owner of the software and the user of its copy
A process that establishes the identifier of the line based on the trusted configuration.
A television service in which a continuous stream flows in real time from the service provider to the
terminal device and where the user cannot control the temporal order in which contents are viewed.
1) A broadcast TV service similar to the classic form of television services provided by cable,
terrestrial, and direct-to-the-home satellite operators; here, the program content is transmitted
according to a defined schedule and intended for real-time consumption by the end user.
2)
A television service in which a continuous stream flows in real time from the service provider to
the terminal device and where the user cannot control the temporal order in which contents are
viewed.
Logical connection from one BIP endpoint to another BIP endpoint using a specific transport
protocol binding, in which one BIP endpoint plays the role of master and the other plays the role of
slave.
The individual application of encipherment to data on each link of a communications system. (See
also end-to-end encipherment.) Note - The implication of link-by-link encipherment is that data will
be in clear text form in relay entities.
A transport address within a local address realm.
The collection of hardware and software that comprises a local source of time for a system.
This term specifics a database which is used for storing spam information, blacklist, countering
spam rules for local receiver gateway functions and sender gateway functions.
A set of RBL managed by VSPPS in each domain.
A Client acting as a Server node for additional downstream Clients.
Services, which are provided by current roamed to network that are not HE services. The same
service can be provided by a network as a local service to inbound roamers and as a HE service to
the subscribers of this network.
An operator-defined group of cells, for which specific access conditions apply. This may correspond
to an area in which the core network offers specific services. A LSA may be defined within a PLMN
or globally. Therefore, a LSA may offer a non-contiguous radio coverage.
Location management is performed to identify the current network location of a Mobile Terminal
(MT) and to keep track of it as it moves. Location management is used for the control of calls and
sessions terminated at the MT. Location information is given to the call or session manager for
establishing a session. With the help of location management, the correspondent node is able to
locate the MT and establish a session via appropriate signalling. Location management consists of
two basic functions: location registration and call delivery/paging.
1) The UE registers its presence in a registration area, for instance regularly or when entering a
new registration area.
2) the procedure to register the current location when Mobile Terminals (MTs) change the
attachment point to the network.
Location service is a TTP service that provides Information in regard to the current location of an
entity on the network.
A log is a repository for records: it is the OSI abstraction of logging resources in real open systems.
Records contain the information that is logged. For the purpose of many management functions, it is
necessary to be able to preserve information about events that have occurred or operations that
have been performed or attempted by or on various resources. Furthermore, when such
information is retrieved from a log, the manager must be able to determine whether any records
were lost or whether the characteristics of the records stored in the log were modified at any time.
A logical channel is an information stream dedicated to the transfer of a specific type of information
over the radio interface. Logical channels are provided on top of the MAC layer.
A command/response communication context multiplexed on the physical channel between the ME
and the UICC.
A logical model defines an abstract view of a network or network element by means of information
objects representing network element, aggregations of network elements, the topological
relationship between the elements, endpoints of connections (termination points), and transport
entities (such as connections) that transport information between two or more termination points.
The information objects defined in the logical model are used, among others, by connection
management functions. In this way, a physical implementation independent management is
achieved.
The process whereby a user presents credentials to an authentication authority, establishes a
simple session, and optionally establishes a rich session.
The process whereby a user signifies desire to terminate a simple session or rich session.
The integrity of data transferred is compromised by unauthorized deletion, insertion, modification,
re-ordering, replay or delay
A UE may only camp on this cell if the cell belongs to the LSAs to which the user has subscribed.
Nevertheless, if no other cells are available, the UE of non LSA users may originate emergency
calls from this cell.
When LSA only access applies to the user, the UE can only access cells that belong to the LSAs to
which the user has subscribed. Outside the coverage area of the subscribed LSAs, the UE may
camp on other cells and limited services apply.
A LSA preferential access cell is a cell which is part of the LSA. UEs of users that have subscribed
to a LSA of a LSA-preferential-access cell have higher priority to resources than non-LSA users in
the same cell.
"Macro cells" are outdoor cells with a large cell radius.
"Macro diversity" is an operation state in which a user equipment simultaneously has radio links with
two or more UTRAN access points for the sole aim of improving quality of the radio connection or
providing seamless.
1) A generic name for software which intentionally performs actions which can damage data or
disrupt systems.
2) Software instances intended or exhibiting characteristics that harm or threaten computers or
computer systems.
The malware attribution enumeration and characterization format (MAEC) is a formal language that
includes a schema to provide both a syntax for the common vocabulary of enumerated attributes
and behaviors, and an interchange format for structured information about these data elements. The
enumerations are at different levels of abstraction: low-level actions, mid-level behaviors and highlevel mechanisms. At the lowest level, MAEC describes attributes tied to the basic functionality and
low-level operation of malware. At the middle level, MAECs language organizes the aforementioned
low-level actions into groups for the purpose of defining mid-level behaviors. At the more conceptual
and high level, MAECs vocabulary allows for the construction of mechanisms that abstract clusters
of mid-level malware behaviors based upon the achievement of a higher order classification.
An individual who has responsibility to perform specified tasks/activities on a managed element that
are administrative in nature (e.g., backup, patching, surveillance, etc.)
An individual who has responsibility for the administration of those attributes and capabilities of a
managed element related to security of the managed element, regardless of what applications
execute on the managed element (e.g., managed element administrative and user accounts and
authorizations).
An individual who has responsibility for the administration of all non-security related attributes and
capabilities of a managed element (e.g., managed element features, capabilities, configuration
parameters and monitoring of the managed element).
An organization controlling or managing the conditional access system.
A set of managed resources subject to a common management policy
This method of prevention involves authentication and encryption of network management
messages only. Network management messages are used for device configuration, network
monitoring/control, service provisioning, and Quality of Service (QoS) reservations. Management
message security provides a good mechanism to prevent DoS attacks by authenticating and
encrypting management messages. Subscriber's personal and network configuration information is
also protected from confidentiality attacks, but service content is not. Also, management message
security does not prevent theft of service content by unauthorized entities.
The set of functions used to manage entities in the stratum or layer under consideration, plus the
functions required to support this management
Provides a capability to categorize a message, indicating its sensitivity, which determines the
handling of a message in line with the security policy in force
is concerned with the protection of OAM&P functions of the network elements, transmission
facilities, back-office systems (operations support systems, business support systems, customer
care systems, etc.), and data centres. The management plane supports the fault, capacity,
administration, provisioning, and security (FCAPS) functions. It should be noted that the network
carrying the traffic for these activities may be in-band or out-of-band with respect to the service
provider's user traffic.
As defined in X.701, the Systems Management Overview (SMO), but with the following restriction:
with respect to a particular telecommunications service (or resource) instance, it shall be possible to
manage the service with one system playing the manager role, and the other playing the agent role.
Protection countermeasures regarding biometric data protection policies, biometric data protection
organizations, outsider security, Information property classification, Information protection education
& training, and business continuity management. NOTE The biometric data provider must
prepare all the necessary procedures required to access and manage users biometric data, and
enforce relevant employees such that they understand and comply with them. The biometric data
provider must assign a manager with the authorization to access the biometric data, and provide the
ID and password to the manager when processing users biometric Information using computers. In
this case, the service provider, etc., should periodically renew the respective password/s.
Regulatory requirement which is applicable to 3G UEs. It is determined by each country/region and
beyond the scope of 3GPP specification (e.g., spurious emission in UK).
An observed or discovered (i.e., not self-asserted) representation of an entity. (Compare with

assertion.)
1) An attack wherein an attacker intercepts the public or cryptographic keys being exchanged by
two entities and substitutes his/her own public key to impersonate the recipient. This successful
attack results in the compromise of the cryptosystem or SPAK.
2) An attack wherein an attacker intercepts the public key being exchanged by two entities and
substitutes his/her own public key to impersonate the recipient, where the attacker can own the
public key or take a copy of it while being exchanged. This attack compromises the security of the
cryptosystem.
3) An attacker may reside on the path between a supplicant and a server and attempt to convince
the peer to be a legal peer by mounting a man-in-the-middle attack. The attacker may reside in the
path between a supplicant and an authenticator to convince the attacker to be a legal authenticator
or supplicant by intercepting the communication
An attacker subverts the communication stream in order to pose as the sender to receiver and the
receiver to the sender. This kind of attack is serious because it masquerades both a sender and a
receiver. Consequently, many techniques which provide integrity of the communication stream are
insufficient to protect against man-in-the-middle attacks. Man-in-the-middle attacks are possible
whenever a protocol lacks peer entity authentication.
A mechanism which is used to detect whether a data unit has been modified (either accidentally or
intentionally).
1) The specification of relationships between weakness elements in a Repository and the CWE
items that are related to those elements.
2) The specification of relationships between security elements in a Repository and the CVE
names that are related to those elements.
A set of XML elements and XML attributes to be applied to the structure of an XML document for a
specific purpose. A markup language is typically defined by means of a set of XML schemas and
accompanying documentation.
1) The pretence by an entity to be a different entity
2)
A masquerade is where an entity pretends to be a different entity. A masquerade is usually
used with some other forms of active attack, especially replay and modification of messages. For
instance, authentication sequences can be captured and replayed after a valid authentication
sequence has taken place. An authorized entity with few privileges may use a masquerade to obtain
extra privileges by impersonating an entity that has those privileges.
3)..Masquerade refers to the pretence by an entity to be a different entity. That is, the entity
pretends to be another entity that is related to the verifier in a specific way (e.g. through the origin of
data, or through a communications relationship). These types include replay, relay and compromise
of claim AI. A masquerade threat occurs in the context of an activity (e.g. origin of data, a
communication relationship) initiated either by the claimant or the verifier. Protection against a
masquerade threat to an activity requires the use of an integrity service to bind these data items to
an authentication exchange. To counter masquerade-related threats, authentication must be used in
conjunction with some form of integrity service, which binds the authenticated identity to the activity.
4) User, who does not have proof of whom he is talking to can be easily misled by an impostor
into revealing sensitive information.
5) Masquerade occurs when an entity successfully pretends to be a different entity and can take
place in a number of ways. An unauthorized MTS-user may impersonate another to gain
unauthorized access to MTS facilities or to act to the detriment of the valid user, e.g., to discard his
messages. An MTS-user may impersonate another user and so falsely acknowledge receipt of a
message by the "valid" recipient. A message may be put into the MTS by a user falsely claiming the
identity of another user. An MTS-user, MS, or MTA may masquerade as another MTS-user, MS, or
MTA. Masquerade threats include the following: -- a) Impersonation and misuse of the MTS; -- b)
Falsely acknowledge receipt; -- c) Falsely claim to originate a message; -- d) Impersonation of an
MTA to an MTS-user; -- e) Impersonation of an MTA to another MTA. A masquerade usually
consists of other forms of attack and in a secure system may involve authentication sequences from
valid users, e.g., in replay or modification of messages
The DSA which has administrative authority for a naming context. All adds, deletes and
modifications to entries in this naming context are done by the master DSA. The master DSA may
enter into shadowing agreements with other DSAs to provide copies of a subset of a naming context
(see unit of replication ).
BIP endpoint that has been logically connected with a BIP link to the given (slave) BIP endpoint, and
which is capable of sending request BIP messages to the given BIP endpoint and processing
notification BIP messages received from it. NOTE A given BIP endpoint may play both the role of
master and the role of slave at the same time, with any number of other BIP endpoints, provided
that an appropriate set of BIP links are established.
The root directory of the file system hierarchy on the UICC.
1) Top-level keying material is shared between the supplicant and the authentication server to
derive the Master Session Key. In general, a Master Key is different from the Master Session Key.
This is because MK represents a positive access decision for a supplicant by the authentication
server.
2) A key derived from authentication and key management between SM and AP or Authentication
server for the secure downloadable SCP.
The keying material derived between the EAP peer and server and exported to the authenticator
using the EAP method. MSK is at least 64 octets long. In existing implementations, an AAA server
acting as an EAP server transports MSK to the authenticator. It refers to the privilege given to a
supplicant by an authenticator to access the lower layer of a data communication network. In this
Recommendation, MSK is used interchangeably with the Pair-wise Master Key (PMK).
The manufacturers specified maximum value of frequency offset.
The maximum error bound of the absolute value of the error of a clock
A measure of throughput. The average (mean) bit rate available to the user for the given period of
time.
The average transit delay experienced by a (typically) large sample of PDUs within the same service
category.
One or more of audio, video, or data.
It is a sublayer of the Data Link Layer. It normally runs directly over the physical layer.
A device which interconnects two or more network realms and which can be controlled by another
device (e.g., an SG) to provide controlled media flows between realms. The MG is effectively a
programmable NAT/firewall operating at the transport layer and below.
1) A media stream can be of type audio, video or data or a combination of any of them. Media
stream data conveys user or application data (payload) but no control data.
2) A media stream can consist of audio, video, or data, or a combination of any of them. Media
stream data conveys user or application data (i.e., a payload) but not control data.
Services that are based on intermediate service stratum facilities provided by one or more service
providers.
an identification scheme produced by some authority which identifies medical practitioners and
pharmaceutical staff and observers.
A sub-layer of radio interface layer 2 providing unacknowledged data transfer service on logical
channels and access to transport channels.
Mechanism that identifies whether a node is a genuine member of a multicast session group.
A request for a specific action to be performed, e.g. general actions such as Register an Asset as
being of a given version and/or contained components of given versions, Request existing or
future available updates, patches or vulnerability Information, etc. Messages extending the
functionality of this Rec. may be defined outside the scope of this document.
Element to provide for the confidentiality, integrity, and, if required, the irrevocability of recipient data
associated with a message. Specifically, this data will comprise any cryptographic keys and related
data that is necessary for the confidentiality and integrity security elements to function properly, if
these optional security elements are invoked. The security element operates by means of the
Message Token. The data to be protected by the Message Argument Confidentiality security
element constitutes the Encrypted Data within the Message Token. The Encrypted Data within the
Message Token is unintelligible to all MTAs. The Message Token is an argument of the Message
Submission, Message Transfer, and Message Delivery services.
Element to provide for the integrity, and, if required, the irrevocability of certain arguments
associated with a message. Specifically, these arguments may comprise any selection of the
Content Confidentiality Algorithm Identifier, the Content Integrity Check, the Message Security
Label, the Proof of Delivery Request, and the Message Sequence Number. The security element
operates by means of the Message Token. The data to be protected by the Message Argument
Integrity security element constitutes the signed-data within the Message Token. The Message
Token is an argument of the Message Submission, Message Transfer, and Message Delivery
services.
A cryptographic checkvalue that is used to provide data origin authentication and data integrity.
Information provided in support of a given Message. Among an almost infinite number of
possibilities, specific examples defined in this Rec. are data defining version Information,
vulnerability Information pertaining to given versions as well as updates or patches for specific
versions.
1)
Allows the originator of a message to conceal the message flow through MHS.
2) This element of service allows the originator of the message to protect information which might
be derived from observation of the message flow. NOTE Only a limited form of this is supported.
Service to provide for the protection of information which might be derived from observation of
message flow. Only a limited form of this security service is provided by the MHS. The Double
Enveloping Technique enables a complete message to become the content of another message.
This could be used to hide addressing information from certain parts of the MTS. Used in
conjunction with traffic padding this could be used to provide message flow confidentiality. Other
elements of this service are routing control or pseudonyms.
This element of service enables the MTS to provide a UA with a unique identifier for each message
or probe submitted or delivered by the MTS. UAs and the MTS use this identifier to refer to a
previously submitted message in connection with Elements of Service such as Delivery and Nondelivery Notification.
A genuine message which has been modified by an unauthorized agent while it was transferred
through the system can mislead the message recipient.
1) Enables the recipient, or any MTA through which the message passes, to authenticate the
identity of the originator of a message.
2) This element of service allows the originator of a message to provide to the recipient(s) of the
message, and any MTA through which the message is transferred, a means by which the origin of
the message can be authenticated (i.e. a signature). Message Origin Authentication can be provided
to the recipient(s) of the message, and any MTA through which the message is transferred, on a
per-message basis using an asymmetric encryption technique, or can be provided only to the
recipient(s) of the message, on a per-recipient basis using either an asymmetric or a symmetric
encryption technique.
Element to enable anyone who receives or transfers message to authenticate the identity of the
MTS-user that originated the message. This may mean the provision of the Message Origin
Authentication or the Non-repudiation of Origin security service. The security element involves
transmitting, as part of the message, a Message Origin Authentication Check, computed as a
function of the message content, the message Content Identifier, and the Message Security Label. If
the Content Confidentiality security service is also required, the Message Origin Authentication
Check is computed as a function of the enciphered rather than the unenciphered message content.
By operating on the message content as conveyed in the overall message (i.e., after the optional
Content Confidentiality security element), any MHS entity can check the overall message integrity
without the need to see the plaintext message content. However, if the Content Confidentiality
security service is used, the Message Origin Authentication security element cannot be used to
provide the Non-repudiation of Origin security service. The security element uses the Message
Origin
which is
of the arguments
of the
Message
Submission,
Message
ServiceAuthentication
to enable the Check,
corroboration
ofone
the source
of a message
can
be provided,
depending
on the
prevailing security policy, by using either the Message Origin Authentication security element to
provide the security service to any of the parties concerned, or the Message Argument Integrity
security element to provide the security service to MTS-users.
A message argument as specified in the prevailing security policy for use by intermediate MTAs and
protected by the Message Argument Integrity or the Message Origin Authentication security element
or Message Argument Confidentiality security element. Message Security Label may be an
originator-recipient argument different from the Message Security Label in the message envelope.
Messages may be labelled with data as specified in the prevailing security policy. The Message
Security Label is available for use by intermediate MTAs as part of the overall security policy of the
system. A Message Security Label may be sent as a message argument, and may be protected by
the Message Argument Integrity or the Message Origin Authentication security element, in the same
manner as other message arguments. Alternatively, if both confidentiality and integrity are required,
the Message Security Label may be protected using the Message Argument Confidentiality security
element. In this case the Message Security Label so protected is an originator-recipient argument,
and may differ from the Message Security Label in the message envelope.
1) Provides a capability to categorize a message, indicating its sensitivity, which determines the
handling of a message in line with the security policy in force
2) This element of service allows the originator of a message (or probe) to associate with the
message (and any reports on the message or probe) an indication of the sensitivity of the message
(a security label). The message security label may be used by the MTS and the recipient(s) of the
message to determine the handling of the message in line with the security policy in force.
Services to allow Security Labels to be associated with all entities in the MHS, i.e., MTAs and MTSusers. In conjunction with the Security Context security service it enables the implementation of
security policies defining which parts of the MHS may handle messages with specified associated
Security Labels. This security service is provided by the Message Security Label security element.
The integrity and confidentiality of the label are provided by the Message Argument Integrity and the
Message Argument Confidentiality security elements.
1) Allows the originator to provide to a recipient proof that the sequence of messages has been
preserved.
2) This element of service allows the originator of the message to provide to a recipient of the
message a means by which the recipient can verify that the sequence of messages from the
originator to the recipient has been preserved (without message loss, re-ordering, or replay).
Message Sequence Integrity is on a per-recipient basis, and can use either an asymmetric or a
symmetric encryption technique.
Element to provide protection for the sender and recipient of a message against receipt of
messages in the wrong order, or duplicated messages. A Message Sequence Number is associated
with an individual message. This number identifies the position of a message in a sequence from
one originator to one recipient. Therefore each originator-recipient pair requiring to use this security
element will have to maintain a distinct sequence of message numbers. This security element does
not provide for initialisation or synchronisation of Message Sequence Numbers.
Services to protects the originator and recipient of a sequence of messages against re-ordering of
the sequence. In doing so it protects against replay of messages. This security service may be
provided using a combination of the Message Sequence Integrity and the Message Argument
Integrity security elements, where the former provides a sequence number to each message, which
may be protected against change by use of the latter. Simultaneous confidentiality and integrity of
the Message Sequence Number may be provided by use of the Message Argument Confidentiality
security element. These security elements provide the service for communication from MTS-user to
MTS-user, and not to the intermediate MTAs.
This number, associated with an individual message, identifies the position of the message in a
sequence of messages from one originator to one recipient. Each originator-recipient pair will have
to maintain a distinct sequence of message numbers.
When part or all of a message is repeated, time-shifted, or reordered, e.g. to exploit the
authentication information in a valid message and resequence or time-shift valid messages.
Although it is impossible to prevent replay with the MHS security services, it can be detected and
the effects of the threat eliminated. Message sequencing include: replay of messages; reordering of
messages; pre-play of messages; delay of messages.
A combination and association of a universally unique identifier, a Message and the Messages
associated Message Data's definition all defined within an XML schema derived from and extending
Message_Core defined herein.
See MHS-security threat, inter-message threat, intra-message threat and data-store threat.
An argument of the Message Submission, Message Transfer, and Message Delivery services, used
to provide message argument integrity security element and security service.
An interactive service, which offers user-to-user communication between individual users via
storage units with store-and-forward, mailbox and/or message handling (e.g., information editing,
processing and conversion) functions.
Structured, encoded data that describe characteristics of information-bearing entities to aid in the
identification, discovery, assessment, and management of the described entities. Note: EPG
metadata has many applications and may vary in depth from merely identifying the content package
title or information to populate an EPG to providing a complete index of different scenes in a movie
or providing business rules detailing how the content package may be displayed, copied, or sold.
Metadata created to aid subsequent watermarking embedding by downstream devices.
A (U)SIM application that is capable of storing a security certificate that is accessible using standard
mechanisms.
The owner of a subscription who has entered into an agreement with a MExE service provider for
MExE services.
Access threats, inter-message threats, intra-message threats or data-store threats.
"Micro cells" are small cells.
A layer of software between applications and resources, which consists of a set of service enablers
that allow multiple functionalities running on one or more devices in an IPTV system to interact
across a network.
accumulates information on misuses attributed to users' inappropriate usage, be it either benign or

malicious. Benign usage includes mistyping, misrecognition caused by inattentional blindness,
misunderstanding, and being caught in phishing traps. Malicious usages include compliance
violations such as unauthorized service usage and access to inappropriate materials.
A process where handoff measurements are done by the MS under the control of the MSC and
Base Station. The MSC and base station retain the control over when the handoff actually occurs.
An electronic device used for telecommunications over wireless NGN network.
A type of handover triggered by an evaluation made in the mobile. The mobile evaluates the
necessity of handover based on the measured radio environment and based on criteria, defined by
the network. When the evaluation meets the hand-off criteria the necessary information is sent from
the mobile to the network. The network then decides on the necessity of the handover based on the
reported evaluation result and other conditions, e.g., uplink radio environment and/or availability of
network resources; the network may then execute the handover.
A financial transaction initiated and/ or authorized using a mobile device.
IdM client that is installed and used in a mobile device.
A network that provides wireless network access points to mobile terminals.
The ability for a mobile subscriber to change subscription network within the same country whilst
retaining their original MSISDN(s).
Mobile Banking and/or Mobile Commerce Systems.
An entity which relays data communication between a mobile terminal and an application server,
changes security parameters or communication protocol from a mobile network to an open network,
or vice versa, and can perform security policy management functions for mobile end-to-end data
communication.
1) Any mobile device, such as a mobile handset or computer, which is used to access network
services.
2) Entity capable of accessing a set of UMTS services via one or more radio interfaces. This entity
may be stationary or in motion within the UMTS service area while accessing the UMTS services,
and may simultaneously serve one or more users..
Functionality that can automatically perform self-update, patch installation, or SAS updating in
cooperation with the MSOS-US and the SAS-US according to SCS instructions received by the
SCA.
A server that provides service patches, software updates, and upgrading for the MSOS.
1) An entity that has wireless network access function and connects a mobile network for data
communication with application servers or other mobile terminals.
2) For the purposes of this Rec. (F.115) this term includes both the radiocommunication
equipment and specific telecommunication service equipment, e.g. telephone (handset) and fax
machine.
The mobile termination is the component of the mobile station which supports functions specific to
management of the radio interface (Um).
An entity (person) that uses and operates the mobile terminal for receiving various services from
application service providers.
1)a The ability for the user or other mobile entities to communicate and access services
irrespective of changes of the location or technical environment.
1)b The ability for the user or other mobile entities to communicate and access services
1)c The ability for the user or other mobile entities to communicate and access services
2) The ability for the user to communicate whilst moving independent of location.
3) The ability to access services from any point in the network. The degree of service availability
may depend on the access network capabilities, as well as any service level agreements between
the user's home network and the visited network. Types of mobility include personal mobility, service
mobility, and terminal mobility.
Inter-access network mobility allows for users to roam across CS or PS domains using various
network mobility technologies such as Mobile IP or MAP.
Intra-access level mobility (wide area) refers to either the PS domain or CS domain in NGN. Mobility
is provided by the access network technology. For example, mobility at this level might be provided
by GPRS roaming technology for movement between a Serving GPRS Support Node (SGSNs)
within a GGSN.
Intra-access network level mobility (local area) refers to mobility within an access that uses a
particular technology, generally within a limited geographic area, but handled above the radio
resource control layer.
Intra-access network radio level mobility refers to the mobility at radio level (e.g., Radio Resource
Control (RRC) layer in UMTS or cdma2000, Radio Resource (RR) layer in GPRS)
Personal level mobility refers to the mobility at the user level. For example, a user can perform
mobility between terminals, such as an IPv4 MS (Mobile Station) and an IPv6 MS.
Service level mobility is mobility across Circuit-Switched (CS) or Packet-Switched (PS) domains in
NGN. This might be within a single NGN or across NGNs. Service level mobility might for example
exploit E.164 address to Session Initiation Protocol-Uniform Resource Identifier (SIP-URI) resolution
capabilities. Using these capabilities, service level mobility can be provided when a user is roaming
between different administrative domains, which would necessitate inter-domain mobility at session
control level. Service level mobility between different combinations of CS and PS session is possible
for NGN.
horizontal mobility and vertical mobility
mobility classified according to what moves: terminal mobility; network mobility; personal mobility;
service mobility
mobility classified according to network topology: mobility at the service level, mobility at the interaccess network level, mobility at the intra-access level (Wide area), mobility at the intra-access
network level (Local area), mobility at the intra-access network radio level, mobility at the personal
level
mobility classified according to service quality: service continuity, seamless handover, (ordinary)
handover, service discontinuity
1) The set of functions used to provide mobility. These functions include authentication,
authorization, location updating, paging, download of user information and more.
2) A relation between the mobile station and the UTRAN that is used to set up, maintain and
release the various physical channels.
3) The set of functions used to manage a mobile user accessing a network other than that user's
home network. These functions include communication with the home network for purposes of
authentication, authorization, location updating and download of user information.
location management, location registration, call delivery, handover management (within an AN or
between ANs).
The MRP is an optional functional entity that acts as an intermediate functional entity, terminating
the security association of a hop-by-hop link.
A network operator that authenticates a UE and establishes the UE's authorization to receive
mobility service. It is assumed in the network-based case that this authorization covers the affected
components both in the anchoring network and in the access network.
A network operator that provides mobility service. In the case of network-based mobility, this term
refers specifically to the operator of the anchoring network, taking note that the access service
provider is actually the operator of the equipment providing the tunnel lower end.
1)a Refers to Information encoding(s) containing Information perceptible for a human being.
Examples: modality Information includes textual, graphical, audio, video or haptical data used in
human-computer interface; for example voice/audio, text (including a URL/URI), graphic or video.
The multimodal Information can origin from or be targeted to multimodal-devices such as
microphone for voice(sound input, pen for haptic input, keyboard to textual input, mouse for motion
input, speaker for synthesized voice output, screen for graphic/text output vibrating device for haptic
feedback, or a Braille-writing device for people with visual disabilities.
1)b Refers to Information encoding(s) containing Information perceptible for a human being.
Examples: modality Information includes textual, graphical, audio, video or haptical data used in
human-computer interface; for example voice/audio, text (including a URL/URI), graphic or video.
The multimodal Information can origin from or be targeted to multimodal-devices such as
microphone for voice(sound input, pen for haptic input, keyboard to textual input, mouse for motion
input, speaker for synthesized voice output, screen for graphic/text output vibrating device for haptic
feedback, or a Braille-writing device for people with visual disabilities.
2) Modality refers to information encoding(s) containing information perceptible for a human being.
A classification of interactions across the personal privacy sphere based on the direction of the
interaction and on whether it contains security-related information
Occur to any aspect of the message, e.g., its labelling, content, attributes, recipient, or originator,
when information for an intended recipient, routing information, and other management data is lost
or modified without detection. Corruption of routing or other management information, stored in
MTAs or used by them, may cause the MTS to lose messages or otherwise operate incorrectly.
Modification of messages, destruction of messages, Corruption of routing and other management
information.
Unauthorized modification of the directorys contents could lead to messages being misrouted or
even lost while unauthorized modification to the deferred delivery data store or the hold for delivery
data store could mislead or confuse the intended recipient.
An attacker may try to modify or send fake EAP packets. This attack can be regarded as one sort of
the attacks resulting from man-in-the middle attack.
1) One or more instances of the use of the ASN.1 notation for type, value, etc., encapsulated
using the ASN.1 module notation (see clause 12/X.680).
2) A small device, not working by itself, designed to run specialized tasks in association with a
host
Electronic or physical artifact used for payment that is represented and measured in the country's
national currency units, which however is not stored in, or directly linked to a bank account. Note -An example of an electronic monetary token is electronic cash stored in a stand-alone electronic
wallet that is not mirrored by a bank account. Examples of physical monetary tokens include coins,
banknotes, traveler's checks, etc.
The role, in which a TTP monitors the action or the event and is trusted to provide evidence about
what was monitored.
A two-dimensional vector used for inter prediction that provides an offset from the coordinates in the
decoded picture to the coordinates in a reference picture.
Difference between a previous motion vector and a current motion vector.
mobile switching centre (MSC) that is capable of the Intersystem procedures, defined in this
Recommendation, between entities in the network reference model so as to provide service.
The "home" mobile switching centre (MSC) of a mobile station (MS) which is broadcasting the SID
that is recorded in the MS's security and identification memory, and to which the MS's directory
number is assigned.
A "visited" mobile switching centre (MSC) in whose service area a roamer is operating.
An element to allow the establishment of the MS-users permissible security labels. This security
element is provided by the MS-Register service. The MS-Register service enables an MS-user to
change arguments held by the MS relating to the retrieval of messages to that MS-user.
Service to enable the establishment of the security label which are permissible for the MS-user.
A data delivery scheme where the same data unit is transmitted from a single source to multiple
destinations in a single invocation of service.
A communication using multicasting technologies, i.e., IP multicast or overlay multicast.
An IPTV service provided to a sub-group of IPTV users so that content stream is delivered
simultaneously to all TDs belonging to the sub-group when transmitted by the SCP function.
A unidirectional PTM service in which a message is transmitted from a single source entity to all
subscribers currently located within a geographical area. The message contains a group identifier
indicating whether the message is of interest to all subscribers or to only the subset of subscribers
belonging to a specific multicast group.
A downloadable SCP scheme that can download the SCP operating code to multiple TDs belonging
simultaneously to SLAG.
Audio signal with more than two channels.
The combined use of more than one authentication factor. Multi-factor authentication is either twofactor or three-factor. Note, however, that using two types of the same factor is not multi-factor
authentication.
Multimedia information is digital information that uses multiple forms of information content and
information processing, such as text, pictures, audio, video, three-dimensional panoramic pictures
and digital maps, which informs or entertains users.
A multimedia information delivery function is a function to deliver multimedia information to an ID
terminal which is triggered by the tag-based identification.
Refers to a kind of messaging service after SMS which can transfer various multimedia messages
including text, graphics, audio, video and so on through mobile network, wireless network or fixed
network.
Services that handle several types of media such as audio and video in a synchronized way from
the user's point of view. A multimedia service may involve multiple parties, multiple connections, and
the addition or deletion of resources and users within a single communication session.
1) A multimedia message that contains differently encoded Information for interaction via multiple
modalities. Examples: a MMS (Multimedia messaging service) message may convey text, graphic
and audio modalities. A web-page may also contain multimedia modal content such as text and
video. Or an email may contain a graphic attachment together with text. Multimodality enables
thereby the user to select a preferred modality due to environment, convenience or content
2) Refers to a kind of multimedia message containing different encoded Information for
interaction via multiple modalities.
3) refers to the multimedia message containing differently encoded information for interaction via
multiple modalities.
UE that can obtain service from at least one UTRA radio access mode, and one or more different
systems such as GSM bands or possibly other radio systems such as IMT-2000 Family Members.
A value of the service attribute "communication configuration", which denotes that the
communication involves more than two network terminations.
A set of permissions for which a user must hold more than one role simultaneously in order to gain
access.
The term MUST or MUST NOT is used as a convention in J.170 to denote an absolutely mandatory
aspect of the specification.
1) The assurance of the identities of both principals
2) A type of authentication wherein the supplicant authenticates the server and the server
authenticates the supplicant. Mutual authentication can prevent Phishing and Pharming attacks.
3) This means that a client is able to authenticate a server, which is also able to authenticate a
client. In other words, one of two parties proves to the other that it knows the password..
4) Mutual authentication refers to a type of authentication that enables both server authentication
and client authentication
5) A process by which two entities (e.g., a client and a server) authenticate each other such that
each is assured of the other's identity.
A syntax structure containing an indication of the type of data to follow and bytes containing that
data in the form of an RBSP interspersed as necessary with emulation prevention bytes.
1) An expression by which an entity is known addressed or referred to. NOTE A name is used
within a context and cannot be assumed to be unique or unambiguous. For routing purposes, it may
be resolved or translated into an address.
2) A term which, in a given naming context, refers to an entity.
3) the identifier of an entity (e.g., subscriber, network element) that may be resolved/translated into
an address.network address translation The operation by which IP addresses are translated
(mapped) from one address domain to another address domain
4) A name is an alphanumeric label used for identification of end users and may be portable.
Names can be used in a number of ways. These include: (1) a name as a basis for interaction [a
name may be required in the interaction with some entity. The name is used to distinguish the entity
which is the target of an interaction from all other entities. Such a name is known as an invocation
name. An invocation name conveys an opportunity (not a right) to interact with the entity denoted by
that name. In the computational model, for instance, interfaces, operations and terminations are
given invocation names], a name as an attribute [a name that cannot be used to interact with an
entity may be used to denote that entity. An attributive name is used in the interaction between two
entities to refer to a third entity, which is itself kept outside the interaction pattern], a name as an
entity [a name can itself be seen as an entity of interest in a system. In the information viewpoint, for
instance, a customer name is treated as a particular piece of information]. (2) A name can be
used within a predicate; a name may be used as part of a predicate. In query languages, predicates
are formed to specify a set of responses. In constructing the query, names may be used as a
shorthand to determine information about an entity. (3) Names can exist at different levels of
abstraction, e.g. an address is a name, an interface reference is a name, and an identifier is a
name.
A name authority is the controlling object of a naming domain. NOTE Name authorities can form
hierarchies to reflect the authority/sub-authority relationship, a domain may be a sub-domain of
another domain. The sub-domain may have further sub-domains.
A string that disambiguates an identifier that may be used in more than one namespace (in the
federated sense) to represent different principals.
The process by which, given an initial name and an initial naming context, an association between a
name and the entity designated by the initial name can be found. NOTE The name resolution
process does not necessarily provide sufficient information to interact with the designated entity.
A set of terms usable as names.
A specific instance of an attribute, determined by the attribute name and type, the identity of the
attribute holder (which may be of type: subject, resource, action or environment) and (optionally) the
identity of the issuing authority.
An action that associates a term from a name space with a given entity. All naming actions are
relative to a naming context.
1) An authority responsible for the allocation of names.
2) An authority responsible for the allocation of names in some region of the DIT.
3) That which allocated names from a specified naming domain, and which ensures that names
so allocated are unambiguous. Where the naming authority allocates addresses, it is called an
addressing authority.
4) A registration authority which allocates names according to specified rules. Where the namingauthority allocates titles, it is known as a title-authority. Where the naming-authority allocates
addresses, it is known as an addressing-authority.
5) An authority responsible for the allocation of names. Each object whose object entry is located
at a node in the directory information tree is, or is closely associated with, a naming authority. In the
context of public directory services, the Administration directory management domain administers
the part of the directory information tree covered by entries of that domain. It may act as naming
authority for the distinguished names used in the scope of the domain.
A standard record used within the DNS (see RFC 2915). Within RFC 2916, a naming authority
pointer identifies possible URIs and numbers that can be returned from an ENUM query.
A relation between a set of names and a set of entities. The set of names belongs to a single name
space.
To establish a naming context each name is drawn from the same name space (a set of terms
generated by a naming convention) that can be used as names in the context. Each entity is drawn
from a set of target entities that can be named in the context. Any entity, of any type, including
entities external to a system, can be named. In general, not all terms are used, and not all entities
are named in any particular context. Not all names in the name space have to be bound to an entity.
Names that are unbound, but nevertheless used, are unresolveable. Each naming action and each
name resolution is relative to some context. A naming context may specify predicates to be satisfied
by all the entities which are to be named from it (such as a constraint that they be of a certain type).
A naming context may specify constraints on the number of names from that context which can be
associated with a single entity. However, an entity can still be given alternative names in other
contexts. A naming context may specify constraints on the number of entities that can be associated
with a particular name. The constraint that at most one entity can be associated with a single name
is
common.
If more
one entity
is associated
with
a single
thenames
contextand
may
rules
The
specification
of than
the syntax
to generate
a set of
terms
to bename,
used as
of include
the algorithm
to be used to parse those names. A naming convention generates a name space. In general, the
syntax comprises a part called a handle which can be used immediately in resolving the name and a
part called a remainder, the resolution of which depends on the interpretation of the handle. A
naming convention influences the way in which name resolution proceeds with respect to a given
name: left to right (as in "/usr/etc/ping"), right to left (as in "support@iso.org.ch"), no specific order
(as in /S=X/P=SA/A=Telememo/C=AU), or in some other fashion. Individual naming systems may
each impose a different constraint on the symbol set that may be used to construct names. Where
entities in one naming system can be referred to from another naming system, a name translation
might be required.
A subset of a naming context such that all naming actions are performed by the controlling object of
the domain (the name authority object).
A directed graph where each vertex denotes a naming context, and where each edge denotes an
association between name appearing in the source naming context and the target naming context.
NOTE The existence of an edge between two naming contexts in a naming graph means that the
target naming context can be reached (identified) from the source naming context.
A naming system is a naming graph and the set of naming contexts denoted by the vertices of the
naming graph.
The operation of providing network address mapping information and NAPT policy rules to a nearend NAT in the media flow.
Narrow area communication means that an ID terminal and an ID tag have to be located close
together, within a few metres, and the ID terminal captures an identifier written in the ID tag in a
wireless manner. In case of RFID, this is the contactless communication between the RFID tag and
a reader/writer in the ID terminal. In case of infrared tag, it is infrared communication between the
infrared tag and the ID terminal.
The 1.28 Mcps chip rate UTRA-TDD option.
The operation of adapting the IP addresses so that the packets in the media flow can pass through
far-end (remote) NAT.
In response to a QoS request, the network shall negotiate each QoS attribute to a level that is in
accordance with the available network resources. After QoS negotiation, the bearer network shall
always attempt to provide adequate resources to support all of the negotiated QoS profiles.
A mobile network element that provides control of user access to the network. It has the capability to
perform data-bandwidth-access limitation upon a specified unsafe user, according to Network
Access Control policies. The network access device is normally a network gateway, e.g., SGSN in
the mobile network.
The operation by which IP addresses and transport or port identifiers such as TCP and UDP port
numbers are translated (mapped) from one address domain to another address domain.
The operation of mapping network transport addresses from one network realm to another.
An entity that implements network address translation or NAPT functions. It consists of two types of
NATs: near-end NAT that can be controlled by the operators directly, and far-end (remote) NAT that
cannot be controlled by the operators directly.
An addressing authority that assigns and administers Network service access point addresses
within one or more network addressing domains.
Border element under sole control of the provider, providing security functions with terminal
equipment.
MCC and MNC.
Same as "network code".
An association established by a network layer between two users for the transfer of data, which
provides explicit identification of a set of network data transmissions and agreement concerning the
services to be provided by the set.
A discrete telecommunications entity, which can be managed over a specific interface, e.g., the
RNC.
Fraudulent use of the telecommunication network infrastructure involving the abuse of network
technical facilities, sometimes using a terminal equipment.
Functions in the IMT 2000 Network have the capability to provide necessary information for fraud
control, the monitored events being typically call addressing information, geographic position,
subscriber identity, network element address information and supplementary service invocation
events. Determining whether fraud or abuse is taking place may involve a combination of real time
call, mobility and service processing, and non-real time analysis of such processing across multiple
instances of calls and service invocations. Security mechanisms protect the IMT 2000 user, service
provider, and network operator from fraudulent use of the system, and maximise their privacy.
A Network Management System is a Network Management Layer [M.3010] operations system.
Provides a package of end-user functions with the responsibility for the management of a network,
mainly as supported by the EM(s) but it may also involve direct access to the network elements. All
communication with the network is based on open and well standardized interfaces supporting
management of multi-vendor and multi-technology network elements.
The ability of a network, where a set of fixed or mobile nodes are networked to each other, to
change, as a unit, its point of attachment to the corresponding network upon the network's
movement itself.
the ability of a network, where a set of fixed or mobile nodes are networked to each other, to
change, as a unit, its point of attachment to the corresponding network upon the network's
movement itself.
1) An organization which operates a telecommunications network.
2) An operator that manages a telecommunications network. A network operator may be a Service
Provider and vice versa. A Network Operator may or may not provide particular telecommunications
services.
The state of the network operator's information resources and infrastructure protection from random
and deliberate influence, natural or artificial, that can cause damage to the network operator and
users of communication services. It is characterized by the ability to maintain confidentiality, integrity
and accessibility of information during it storage, processing and transmission.
Same as PVR except that the recording device is located at the service provider premises.
Allows the network operator to personalize a ME so that it can only be used with that particular
network operator's (U)SIMs.
1)a The organization that maintains and operates the network components required for IPTV
functionality. NOTE 1 A network provider can optionally also act as service provider. NOTE 2
Although considered as two separate entities, the service provider and the network provider can
optionally be one organizational entity.
1)b The organization that maintains and operates the network components required for IPTV
functionality. Note1: A network provider can optionally also act as service provider. Note2:
Although considered as two separate entities, the service provider and the network provider can
optionally be one organizational entity.
The functional entities and the associated interface reference points that may logically comprise a
cellular network (see clause 6).
A unit of data passed between the user and the GPRS network across a network service access
point (NSAP).
The network services provided by a telecommunication organization need to be delivered in such a
way that they are protected against the risk of being compromised.
A refinement of network personalization, which allows network operators to limit the usage of a ME
to a subset of (U)SIMs.
A functional group on the network side of a user-network interface.
A mode of operation whereby the mobile UE does not take an active role in the provision of mobility
service at layer 3.
A type of application or service which involves at least the elements: identifier, reader/writer, tag and
network(s). An Identifier is stored at tag and an reader/writer reads the identifier from the tag via
optical scanner, camera, IrDA, RF technique or other methods. So NID application or service
provides identifier-based communication with Information systems distributed over global open
networks.
Interface used to provide connectivity to other NGNs (at the service stratum and/or transport stratum
level, other IP-based networks and PSTN/ISDN The NNI supports both a control level type of
interaction and a media level type of interaction.
A packet-based network able to provide telecommunication services and able to make use of
multiple broadband, QoS-enabled transport technologies and in which service-related functions are
independent from underlying transport-related technologies. It enables unfettered access for users
to networks and to competing service providers and/or services of their choice. It supports
generalized mobility which will allow consistent and ubiquitous provision of services to users.
That part of the NGN which provides the user functions that transfer service related data and the
functions that control and manage service resources and network services to enable user services
and applications
That part of the NGN which provides the user functions that transfer data and the functions that
control and manage transport resources to carry such data between terminating entities
An NID security service that provides the profile-based PII protection service for the networked ID
application environment. NPPS manages the owners PII policy on the networked ID service
network and controls the owners PII using the owner-defined PII profile.
An individual resource that is part of a hierarchical resource.
Mode of operation where the terminal is transportable but being operated while stationary and may
in addition require user cooperation (e.g., close to open spaces, antenna set-up, etc.).
Ability of the user to change his network access point after moving; when changing the network
access point, the user's service session is completely stopped and then started again, i.e., there is
no handover possible. It is assumed that the normal usage pattern is that users shutdown their
service session before moving to another access point or changing terminal. This is the mobility
alluded to in the case of fixed mobile convergence.
The ability of the user to change their network access point. When changing the network access
point, the user's service session is completely stopped and then started again, i.e., there is no
service continuity or hand-over used. It is assumed that normal usage pattern is that users shut
down their service session before attaching to a different access point.
the ability of the users to change their network access point on moving. When changing the network
access point, the user's service session is completely stopped and then started again, i.e., there is
no service continuity or hand-over used. It is assumed that normal usage pattern is that users shut
down their service session before attaching to a different access point. NOTE This term is also
intended to cover the situation where the network access point is changed as a result of use of a
different network interface card.
Protocols between UE and the core network that are not terminated in the UTRAN.
In the context of message handling, a transmittal event in which an MTA determines that the MTS
cannot deliver a message to one or more of its immediate recipients, or cannot deliver a report to
the originator of its subject message or probe.
Properties of communications being handled by the persons engaged in the telecommunications
organization should not be disclosed in terms of the existence, the content, the source, the
destination and the date and time of communicated information.
Services that are not based on intermediate service stratum facilities provided by any service
provider.
Electronic or physical artifact used for payment but not represented in national currency units.
Examples of electronic non-monetary tokens are unused 'minutes' or'SMS messages' held in NGN
subscriber accounts that the NGN operators allow to be transferred from one subscriber account to
another.
In the context of message handling services, access to the service through publicly available
telecommunications means by users who have neither been explicitly registered by the service
provider, nor been allocated an O/R address.
1)a The ability to prevent a sender from denying later that he or she sent a message or performed
an action.
1)b The ability to prevent a sender from denying later that he or she sent a message or performed
an action.
2) Protection from denial by one of the entities involved in a communication of having participated
in all or part of the communication.
3) A process by which the sender of a message (e.g. a request on a pay-per-view) cannot deny
having sent the message
4) The ability to protect against denial by one of the entities involved in an action of having
participated in all or part of the action.
5) Non-repudiation requirements provide unforgeable proof of shipment and/or receipt of data to
prevent the sender from disavowing a legitimate message or the recipient from denying receipt. The
network may provide either or both of the following two forms: (a) the recipient of data is provided
with proof of origin of data that will protect against any attempt by the sender to falsely deny sending
the data or its contents; (b) the sender is provided with proof of delivery of data such that the
recipient cannot later deny receiving the data or its contents.
The non-repudiation function prevents the denial by one object involved in an interaction of having
participated in all or part of the interaction. In the context of non-repudiation, objects fulfil one or
more of the following roles: (non-repudiable data) originator; (non-repudiable data) recipient;
evidence generator; evidence user; evidence verifier; non-repudiation service requester; notary;
adjudicator. The non-repudiation function makes use of non-repudiation evidence. In nonrepudiation with proof of origin, the originator has the role of non-repudiation evidence generator for
the origination interaction and includes this evidence in an acknowledgement of participation in the
interaction. The recipient has the role of evidence user and uses the services of an evidence verifier
(which may be itself) to gain confidence in the adequacy of the evidence. In non-repudiation with
proof of delivery, the recipient has the role of non-repudiation evidence generator for the delivery
interaction and includes this evidence in an acknowledgement of participation in the interaction. The
originator has the role of evidence user and uses the services of an evidence verifier (which may be
itself) to gain confidence in the adequacy of the evidence. A notary provides functions required by
This element of service allows an originating VM-UA to provide a recipient VM-UA an irrevocable
proof as to the authenticity and integrity of the content of the message as it was submitted into the
MHS environment. The corresponding proof data can be supplied in two ways depending on the
security policy in force: a) by using the non-repudiation of origin security service applied to the
original message; or b) by using a notarization mechanism. Note At this time, use of a notarization
mechanism requires bilateral agreements, protocol is not provided.
1) This element of service enables a recipient of an IP-message to provide an irrevocable proof
that the original IP-message content was received by the recipient. This service provides irrevocable
proof of the integrity of the content received and irrevocable proof of the authenticity of the recipient
of the IP-message. This service fulfils the same function as the Proof of Content Received Element
of Service, but in a manner which cannot be repudiated. The corresponding irrevocable proof can
be supplied in various ways depending on the security policy in force. The originator of the IPnotification always uses the Non-repudiation of Origin Element of Service when sending the IPnotification in response to the IP-message. One way of providing the irrevocable proof is to
incorporate the following in the IP-notification: A verified copy of the IP-message originators Nonrepudiation of Origin arguments (when present in the IP-message and verified by the recipient of the
IP-message). A verified copy of the complete IP-message content, if the IP-message originators
"Non-repudiation of Origin" arguments are not present in the IP-message. NOTE As an alternative
to
this element
of service,
security
maytobe
by the use
of a notarization
2) invoking
This element
of service
allowsequivalent
an originating
VM-UA
getachieved
from a recipient
VM-UA
an
irrevocable proof that the original subject message content was received by the recipient VM-UA
and the subject voice message was accepted, forwarded or refused. This service provides
irrevocable proof as to the authenticity of the recipient of the message and irrevocable proof as to
the integrity of the content of the message. It will protect against any attempt by the recipient(s) to
subsequently deny having received the message content. Note 1 This service is stronger than the
Proof of Content Received service. The corresponding proof data can be supplied in two ways
depending on the security policy in force: a) by returning a Non-repudiation of Origin of the voice
notification which incorporates the following: aa) the originators Non-repudiation of Origin security
arguments (if present); or ab) the complete original message content, if the originators Nonrepudiation of Origin arguments are not present; b) by using a notarization mechanism. Note 2 At
this time, use of a notarization mechanism requires bilateral agreements, protocol is not provided.
This element of service enables an originating VM-UA to request a recipient VM-UA to provide it with
an irrevocable proof that the original subject message content was received by means of a receipt
or non-receipt notification. Note This element of service requires the receipt notification request
indication or non-receipt notification request indication to also be requested of this recipient.
Protection against an entity's false denial of having created the content of a message (i.e., being
responsible for the content of a message)
1) Provides the originator of a message with proof of delivery of the message which will protect
against any attempt by the recipient(s) to falsely deny receiving the message of its content.
2) This element of service allows the originator of a message to obtain from the recipient(s) of the
message irrevocable proof that the message was delivered to the recipient(s). This will protect
against any attempt by the recipient(s) to subsequently deny receiving the message or its content.
Non-repudiation of Delivery is provided to the originator of a message on a per-recipient basis using
asymmetric encryption techniques.
Service to provide the originator of the message with irrevocable proof that the message was
delivered to its originally specified recipient(s) by using the Proof of Delivery security element in
much the same way as that security element is used to support the (weaker) Proof of Delivery
security service.
This element of service provides the recipient of an IP-notification with irrevocable proof of the
identity of the originator of the IP-notification and with proof that the corresponding IP-message was
received by the recipient. This protects against any attempt by the recipient to deny subsequently
that the IP-message was received or that the IP-notification was returned to the originator of the IPmessage. This element of service fulfils the same service as Proof of IP-notification but in a manner
which cannot be repudiated. This element of service is used only in conjunction with Nonrepudiation of Origin Element of Service applied to the IP-notification. The corresponding
irrevocable proof can be supplied in various ways depending on the security policy in force. One
way of providing the irrevocable proof is by means of the MTS-user to MTS-user Data Origin
Authentication Security Services defined in .10.2.1.1.1/X.402 applied to the IP-notification, when
the security service has non-repudiation properties. The recipient is required to fulfil the request for
this element of service only when the UA is subject to a security policy which mandates the support
of
elementthe
of service.
1) thisProvides
recipient(s) of a message with proof of origin of the message and its content
which will protect against any attempt by the originator to falsely deny sending the message or its
content.
2) This element of service allows the originator of a message to provide the recipient(s) of the
message irrevocable proof of the origin of the message and the integrity of its content. This will
protect against any attempt by the originator to subsequently revoke the message or its content.
Non-repudiation of Origin is provided to the recipient(s) of a message on a per-message basis using
asymmetric encryption techniques.
Service to provide the recipient(s) of a message with irrevocable proof of the origin of the message,
its content, and its associated Message Security Label. The non-repudiation of origin security
service can be provided in different ways. The Content Integrity security element together with the
Message Argument Integrity security element and, in some cases, the Message Argument
Confidentiality security element can be used to provide the security service to a message recipient,
where the Content Integrity security element is used to compute a Content Integrity Check as a
function of the entire message content. A secret key, if required, can be confidentially sent to the
message recipient using the Message Argument Confidentiality security element. The Content
Integrity Check and, if required, the Message Security Label are protected against change and/or
repudiation using the Message Argument Integrity security element. Any confidential message
arguments are protected against change and/or repudiation using the Message Argument
Confidentiality security element. If the Content Confidentiality security service is not required, the
Message Origin Authentication security element may also be used as a basis for this security
service. In this case the security service may be provided to all elements of the MHS.
1) Provides the originator of a message with proof of submission of the message, which will
protect against any attempt by the MTS to falsely deny that the message was submitted for delivery
to the originally specified recipient(s).
2) This element of service allows the originator of a message to obtain irrevocable proof that a
message was submitted to the MTS for delivery to the originally specified recipient(s). This will
protect against any attempt by the MTS to subsequently deny that the message was submitted for
delivery to the originally specified recipient(s). Non-repudiation of Submission is provided to the
originator of a message on a per-message basis, and uses an asymmetric encryption technique.
Service to provide the originator of the message with irrevocable proof that the message was
submitted to the MTS for delivery to the originally specified recipient(s) by using the Proof of
Submission security element in much the same way as that security element is used to support the
(weaker) Proof of Submission security service.
This element of service provides the originator of a message with irrevocable proof that the subject
message was received by the VM-UA and the subject voice message was accepted, forwarded,
refused or that certain requested elements of service were not available to the recipient even though
the message was accepted. This shall protect against any attempt by the recipient VM-UA to deny
subsequently that the message was received and that the subject voice message was not accepted
as indicated. This element of service provides the originator with irrevocable proof of the proof-ofvoice message-notification. Such proof may be provided by means of the Non-repudiation of Origin
security service, defined in .10.2.5.1/X.402, being applied to the notification. Note This service is
stronger than the Proof of Voice Notification service.
This element of service, used in conjunction with non-receipt notification request indication or
receipt notification request indication or voice messaging-service status request notification, enables
an originating VM-UA to request the responding VM-UA to provide it with irrevocable proof of origin
of the Voice notification Note This element of service supersedes the proof of voice notification
request and assumes that a request for at least one of the three voice messaging notifications is
always present.
provides means for preventing an individual or entity from denying having performed a particular
action related to data by making available proof of various network-related actions (such as proof of
obligation, intent, or commitment; proof of data origin, proof of ownership, proof of resource use),
and ensures the availability of evidence that can be presented to a third party and used to prove
that some kind of event or action has taken place.
There are no specific Non-repudiation security elements defined in ITU T Rec. X.411. The
nonrepudiation services may be provided using a combination of other security elements.
Services to provide irrevocable proof to a third party after the message has been submitted, sent, or
delivered, that the submission, sending, or receipt did occur as claimed. Note that for this to function
correctly, the security policy must explicitly cover the management of asymmetric keys for the
purpose of non-repudiation services if asymmetric algorithms are being used.
An entity that requests that non repudiation evidence be generated for a particular event or action.
The non-repudiation services provide means to prove that exchange of data actually took place. It
comes in two forms: non-repudiation: proof of origin; non-repudiation: proof of delivery.
A security service to provide proof of delivery of data. This will protect against any subsequent
attempt by the recipient to falsely deny receiving the data or its contents.
Non-repudiation service which protects against a recipients false denial of having received a
message or its contents. Either the originator or the transfer agents may use the evidence collected
by this service.
A security service to provide proof of the origin of data. This will protect against any attempt by the
sender to falsely deny sending the data or its contents.
Non-repudiation service which protects against a senders false denial of sending the message or its
contents. Either the recipient or the transfer agents may use the evidence collected by this service.
Non-repudiation service which is used to protect against a transfer agents false denial of having
accepted a message for transmission (either from the originator or from another transfer agent). The
originator or other transfer agents may use the evidence collected by this service.
accepted responsibility for delivering a message. This service is used when more than one transfer
agent is involved in the delivery of a message. When the transfer agent which first accepted the
message passes it on to a second transfer agent, the second transfer agent may provide the first
with evidence that it has accepted responsibility for the message. When more than two transfer
agents are involved, this service may also be used between the second and the third agent, and so
on.
transmitted a message (either to the recipient or to another transfer agent). The originator is the
user of the evidence collected by this service.
Relating to general, CHV-related, GSM security-related and subscription-related procedures.
The mode of ACSE operation that results in the transfer of ACSE semantics, using the presentationservice.
The mode of operation into which the ME would have gone if it had no personalization checks to
process.
The registration of data with a trusted third party that allows the later assurance of the accuracy of
its characteristics such as content, origin, time and delivery.
1) A Trusted Third Party with whom data is registered so that later assurance of the accuracy of
the characteristics of the data can be provided.
The role, in which a TTP provides assurance about the properties of the data (such as its integrity,
origin, time or destination) that are communicated between two or more entities and that have been
previously registered with the TTP.
BIP message conveying the notification of an event of interest to the receiving BIP endpoint.
link channel through which notification and acknowledgement BIP messages are transferred.NOTE
A notification/acknowledgement link channel can only exist as part of a BIP link. Its presence in a
BIP link is optional.
A string of decimal digits that uniquely indicates the public network termination point. The number
contains the information necessary to route the call to this termination point. A number can be in a
format determined nationally or in an international format. The international format is known as the
international public telecommunication number which includes the country code and subsequent
digits, but not the international prefix.
1) Where the provision of diallable numbers is independent of home environment and/or serving
network.
2) A mechanism that allows a user to retain the same directory number, regardless of the
subscribed-to service provider. Number portability may be limited to specific geographical areas. In
the context of the All-IP network, the term "number portability" refers specifically to ITU-T E.164
numbers used for telephony.
Standard attribute of an O/R address as a unique sequence of numeric information for identifying a
user.
In the context of message handling, an attribute list that distinguishes one user or DL from another
and identifies the users point of access to MHS or the distribution lists expansion point.
In the context of message handling, an information object by means of which a user can be
designated as the originator, or a user or distribution list designated as a potential recipient of a
message or probe. An O/R name distinguishes one user or distribution list from another and can
also identify its point of access to MHS.
1) A well-defined piece of information, definition, or specification which requires a name in order
to identify its use in an instance of communication.
2) A model of an entity. An object is characterized by its behaviour and, dually, by its state. An
object is distinct from any other object. An object is encapsulated, i.e. any change in its state can
only occur as a result of an internal action or as a result of an interaction with its environment. An
object interacts with its environment at its interaction points. An object is informally said to perform
functions and offer services (an object which makes a function available is said to offer a service).
An object can perform more than one function. A function can be performed by the cooperation of
several objects.
1) As defined in X.680.
2) A value (distinguishable from all other such values) which is associated with an object.
3)b An ordered list of primary integer values from the root of the international object identifier tree
to a node, which unambiguously identifies that node.
3)c An ordered list of primary integer values from the root of the international object identifier tree
to a node, which unambiguously identifies that node
An action that can be invoked on a resource (e.g. a file system may have read, write and execute
object methods).
An operation specified in a policy or policy set that should be performed by the PEP in conjunction
with the enforcement of an authorization decision.
A function required to support open distributed processing. Each ODP function description contains:
an explanation of the use of the function for open distributed processing; prescriptive
statements, about the structure and behaviour of the function, sufficient to ensure the overall
integrity of the Reference Model; and a statement of other ODP functions upon which it depends.
The ODP functions defined in X.903 are those that are either fundamental or widely applicable to
the construction of ODP systems. The specifications for individual ODP functions can be combined
to form specifications for components of ODP systems. ODP functions defined in X.903 are:
management functions, coordination functions, event notification function, checkpointing and
recovery function, deactivation and reactivation function, group function, replication function,
migration function), engineering interface reference tracking function, transaction function),
repository functions, storage function, information organization function, relocation function, type
repository function, trading function), and security functions.
An authentication certificate binding a distinguishing identifier to verification AI, which may be
available to all entities.
In case the password-based EAP method is used, an attacker may attempt to recover the password
by launching an offline dictionary attack on the message obtained during the previous successful
protocol run.
1)a Trusted Third Party (TTP) which supports Non-repudiation service without being actively
involved in each use of the service. Note -. The Off-line TTP does not interact directly with the
entities during the process of secure exchanges between the entities. Instead data generated
previously by the TTP is used by the entities.
1)b Trusted Third Party (TTP) which supports Non-repudiation service without being actively
involved in each use of the service. Note -. The Off-line TTP does not interact directly with the
entities during the process of secure exchanges between the entities. Instead data generated
previously by the TTP is used by the entities.
An ordered list of Unicode labels from the root of the international object identifier tree that
unambiguously identifies the node in that tree.
A password that can be used only once as it is changed every time an OTP user logs into the
computer system and network. It is secure against the passive attacks allowed by the replaying of
captured reusable passwords such as traditional fixed passwords.
Biometric template that is once used, then revoked.
One-time biometric template used in open network environments
The data of the first part include a non-repeating number which is used to detect replay attacks and
to prevent forgery. To avoid to have to store all the used numbers, it is common to use a counter or
a number-including-time information. The second choice also permits to limit the lifetime of the
authentication message, when many authentications could occur in the same laps of time (e.g. large
time windows to take into account imprecise clocks or time transit) a random number is
concatenated. The verifier authenticates the prover after the following two verifications: - The
number has not be used before (e.g. check of counter or time range); - In the case of a symmetric
algorithm, the computation of the first part with the secret key as parameter matched the second
part. In the case of an asymmetric algorithm, the computation of the second part with the public key
as parameter matched the first part. To reduce "Trojan horse" attacks, some contextual data, could
be added to the first part of the message.
1) A (mathematical) function f which is easy to compute, but which for a general value y in the
range, it is computationally difficult to find a value x in the domain such that f(x) = y. There may be a
few values y for which finding x is not computationally difficult.
2) A (mathematical) function that is easy to compute but, when knowing a result, it is com
putationally infeasible to find any of the values that may have been supplied to obtain it.
A mathematical process or algorithm whereby a variable length message is changed into a fixed
length digital word, such that it is very difficult to calculate the original message from the word, and
also very difficult to find a second message with the same word.
A (mathematical) function that is both a one-way function and a hash function.
An authentication certificate for use in an authentication exchange, obtained directly by the claimant
from the authority who guarantees it.
The On-line Certificate Status Protocol (OCSP) enables applications to determine the revocation
state of an identified certificate. OCSP may be used to satisfy some of the operational requirements
of providing revocation information in a more timely way than is possible with CRLs. On-line
certificate status providers can be seen as an alternative to the use of off-line CRLs.
In case the password-based EAP method is used, an attacker may attempt to launch an online
dictionary attack by applying password of the dictionary to pass authentication verification to obtain
the adequate password on the message obtained during the successful protocol being run. As a
form of protection, the failed authentication trials by the server can be taken into account.
Real-time game that is played over the networks.
1)a Trusted Third Party (TTP) which is actively involved in the generation or verification of
evidence. Note - When one or both entities request an on-line TTP to provide or register securityrelated information, the on-line TTP is involved in all first time secure exchanges between the
entities, however, the TTP is not required for follow-up exchanges and is not positioned in the
communication path between the entities.
1)b Trusted Third Party (TTP) which is actively involved in the generation or verification of
evidence. Note - When one or both entities request an on-line TTP to provide or register securityrelated information, the on-line TTP is involved in all first time secure exchanges between the
entities, however, the TTP is not required for follow-up exchanges and is not positioned in the
communication path between the entities.
an explicit specification of a conceptualization
An interface used by USN applications to access USN middleware
An interface that uses open standards.
Concept for introducing a vendor-independent means for introduction of new services.
Capabilities provided by an open service environment to enable enhanced and flexible service
creation and provisioning based on the use of standards interfaces. NOTE Open service
environment capabilities enable services reusability, portability across networks, and accessibility by
application providers and user applications in NGN.
Capabilities provided by open service environment (OSE) to enable enhanced and flexible service
creation and provisioning based on the use of standards interfaces.
Open Standards are standards made available to the general public and are developed (or
approved) and maintained via a collaborative and consensus-driven process.
An architecture for computer communication which provides a number of terms which are used in
this Rec. | International Standard preceded by the abbreviation "OSI". NOTE The meaning of such
terms can be obtained from the ITU-T Rec. X.200 series and equivalent ISO/IEC Standards if
needed. The terms are only applicable if ASN.1 is used in an OSI environment.
Open vulnerability and assessment language is an international specification effort to promote open
and publicly available security content, and to standardize the transfer of this information across the
entire spectrum of security tools and services. OVAL includes a language used to encode system
details, and an assortment of content repositories held throughout the community. The language
standardizes the three main steps of the assessment process: representing configuration
information of systems for testing; analyzing the system for the presence of the specified machine
state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment.
The repositories are collections of publicly available and open content that utilize the language.
OVAL schemas written in XML have been developed to serve as the framework and vocabulary of
the OVAL Language. These schemas correspond to the three steps of the assessment process: an
OVAL System Characteristics schema for representing system information, an OVAL Definition
schema for expressing a specific machine state, and an OVAL Results schema for reporting the
results of an assessment.
Cybersecurity operations principally consist of three domains: Incident handling, ICT asset
management and knowledge accumulation.
The effective action on a managed object as a result of a management request

The operational side of the telecommunication system needs to be efficient, effective and protected
against the risk of being compromised.
This term indicates a generic management system, independent of its location level within the
management hierarchy.
An individuals explicit consent for a PII controller to collect, transfer, use, store, archive, or dispose
(of) particular PII for a specific purpose
An individuals exercise of choice through a request that a particular collection, transfer, usage,
storage, archiving, or disposal of data not occur
Services to provide for the authentication of the identity of communicating peer entities and sources
of data.see Data Origin Authentication Security Services
Biometric template that is created directly from a user's biometric sample and is neither transformed
nor encoded.
The MSC-H or MSC-G that initiates the call delivery procedures defined in this document.
Services or features that affect SMS message originations and are requested on a per message
basis as supported by a particular teleservice, for example, delayed delivery, or message
distribution to a list of destinations.
In the context of data transfer, an entity that originates the data in an action that is subject to a nonrepudiation service.
Standardized interface used by application/clients to access service capability features.
Open service environment (OSE) provides capabilities to enable flexible and agile service creation,
execution and management based on the use of standard interfaces. The use of standard
interfaces will ensure NGN OSE based service reusability and portability across networks, as well as
accessibility by application providers and/or developers.
Threats other than masquerade, message sequencing, modification of information, denial of
service, leakage of information or repudiation: threats that relate to security labelling, e.g., routing
through a node that cannot be trusted with information of particular value, or where systems use
different labelling policies; threats to enforce a security policy based on logical separation using
security labels; threat when an MTS-user may originate a message and assign it a label for which it
is not cleared; threat when an MTS-user or MTA set up or accept an association with a security
context for which it does not have clearance. Other Threats include: originator not cleared for
message label (inappropriate submit), MTA/MTS-user not cleared for context, misrouting, differing
labelling policies.
A system that supports OTP validation for Internet resource access (e.g. login) and other application
service requiring authentication. It consists of OTP validation server(s), protocols, facilities, and
related operational system.
The provider(s) of the OTP validation service offering multi-factor authentication service to other
service
providers,
e.g.,generates
Internet service
provideraortoken
application/contents
service
provider.
A trusted
A physical
device that
OTP, wherein
means that the OTP
user
possesses
and
third
party
would
be
a
good
example
for
OTP
service
provider
to
perform
OTP
validation
more
controls a key or password used to authenticate the OTP users identity. Such physical device
efficiently.
The
OTP showing
service provider
does
necessarily
the role
of identity
provider
as A
embeds
the
display
OTP and
the not
numeric
keypadhave
optionally.
3.2.6
OTP token
identifier:
defined
in X.1141.
unique identifier
assigned to each OTP token for distinguishing from other OTP tokens. It may
consist of alphanumeric characters.
Physical or logical storage device that stores data and information for user authentication and
belongs to a server.
Physical storage device that stores data and information for user authentication and belongs to a
user.
Unavailability of a service or resource.
Domain where a call is coming out.
Modality of interactions from the human body to the environment.
An overlay multicast network pertains to a network wherein legacy IP multicasting schemes are not
fully supported, where multicast application data are delivered using unicast transport such as TCP,
UDP, or IP-in-IP tunnelling schemes.
An overlay network is a virtual network that runs on top of another network. Like any other network,
the overlay network comprises a set of nodes and links between them. Because the links are logical
ones, they may correspond to many physical links of the underlying network.
1) The subject of personally-identifiable Information.
2)a The custodian (real person or company) having responsibility for the capability
2)b The custodian (real person or company) having responsibility for the capability.
Communications on P2P network, whereby each peer communicates with another peer directly for
sharing Information, resource, etc.
A collection of content components that in some combination (either all or a subset) together
provide an end-user experience and are intended to be used together. Note: A package can be
instantiated with or without audiovisual content depending on scenarios, in which audiovisual
content and package can be tightly associated or can be loosely coupled enough to be handled
(generation, delivery, consumption) independently.
An information unit identified by a label at layer 3 of the OSI reference model. A network protocol
data unit (NPDU).
Any protocol, which transmits data as discrete units known as packets, e.g., IP, or X.25.
Also known as "packet mode". A transfer mode in which the transmission and switching functions
are achieved by packet-oriented techniques, so as to dynamically share network transmission and
switching resources between a multiplicity of connections.
One or more bits appended to a message in order to cause the message to contain the required
number of bits or bytes.
The act of seeking a user equipment.
The frame where the UE monitors in FDD or the paging block, which consists of several frames, for
TDD. For paging blocks, the value of paging occasion is equal to the first frame of the paging block.
Level above which a stimulus is known to cause the sensation of pain.
a key that is used to protect unicast communication between a pair of sensor nodes over a single
wireless link
1) The keying material derived between the EAP peer and server and exported to the
authenticator using the EAP method. In this Rec. the PMK is used interchangeably with the master
session key (MSK).
2) A key derived from the master key shared by SM and AP for the secure downloadable SCP.
The keying material derived between the EAP peer and authenticator based on the Pair-wise
master key. This keying material is shared by both the peer and the authenticator.
Informally, one or more principals participating in some process or communication, such as
receiving an assertion or accessing a resource.
1) This is an attack that involves listening, i.e., eavesdropping, without modification or injection of
Information.
2) An attack that involves listening, i.e., eavesdropping, without modifying or supplementing
information.
In a passive security threats, the attacker reads packets off the network but does not write them.
The simplest way to implement such an attack is to simply be on the same LAN as the victim. On
most common LAN configurations, including Ethernet, 802.3, and FDDI, any machine on the wire
can read all traffic destined for any other machine on the same LAN. Wireless communications
channels deserve special consideration, especially with the recent and growing popularity of
wireless-based LANs, such as those using 802.11. Since the data is simply broadcast on wellknown radio frequencies, an attacker simply needs to be able to receive those transmissions. Such
channels are especially vulnerable to passive attacks. Although many such channels include
cryptographic protection, it is often the case that such security technology is not used with proper
configuration. Passive security threats include: confidentiality violations; password sniffing; active
security threats.
The threat of unauthorized disclosure of information without changing the state of the system.
Threats which, if realized, would not result in any modification to any information contained in the
system(s) and where neither the operation nor the state of the system is changed. The use of
passive wire tapping to observe information being transmitted over a communications line is a
realization of a passive threat.
1) Confidential authentication information, usually composed of a string of characters.
2) Referring to a user-entered password string. H.530 uses the term password when a userentered password string is meant. The password in H.530 is understood to be the assigned security
key, which the mobile user shares with his or her home domain. This user password and derived
user shared secret shall be applied for the purpose of user authentication.
The one of the password related threat is due to the use of a weak password. If a user chooses a
weak password guessable password for the authentication, then the password can be subject to
dictionary attack. Another problem occurs when the user keeps using the same weak password to
several websites for login. In this case, any website that has security weakness can be attacked to
reveal its user passwords and the attacker simply tries to login to the other websites using the stolen
passwords.The other one is password sniffing by a spyware in a computer. Any computer can be
infected by a spyware that can hijack user or administrators password.
Password sniffing is to collect user password that is transmitted in the network to obtain
unauthorized use of resources. An attacker who can read this traffic can therefore capture the
password and replay it. In other words, the attacker can initiate a connection to the IdM system to
steal users identity information.
A broadly released fix for a product-specific, security-related vulnerability. A method of updating a file
that replaces only the parts being changed, rather than the entire file.
The structure of a naming graph can be described by a set of vertices, V, each denoting a context,
and a set of edges, E, each denoting a link between two contexts. The edges are directed and
labelled. The label represents the name that an entity in the source context (at the source of the
directed edge) uses to identify a particular context. The link is with the target context (at the
destination of the directed edge). A pathname is a list of names that, taken together, describe a path
through the directed graph G = (E, V) from the context in which the source entity resides to the
target context. In that way, the target context is singled out from amongst all possible target contexts
in the graph. The graph G need not be fully connected. The connection matrix is often sparse, and
in that way it specifies the constraints on the extent to which source and target entity pairs can be
formed.
1)
see identity pattern.
2) A structured expression derived from the behaviour of an entity that contributes to or provides
identification; this may include the reputation of the entity. Patterns may be uniquely associated with
an entity, or a class with which the entity is associated.
A required request parameter that explicitly identifies the payment recipient. Merchant ID and MPS
ID (a unique identifier of a mobile payment system) must be present in the implementation of the
intersystem environment.
1) A payment system whereby the subscriber can pay for an individual program or specified
period of time
A measure of throughput. The maximum bit rate offered to the user for a given time period (to be
defined) for the transfer of a bursty signal. (The maximum user information transfer rate achievable
by a user for a single service data unit transfer.)
Communication node on P2P network that functions simultaneously as both "client" and "server" to
the other nodes on the network.
The peer entity is the entity with which an entity performs secure end-to-end data communication.
A peer user is one who uses a computer system to access the P2P network. A peer user in a P2P
network is similar to a user in the Internet, with slight differences. Specifically, peer users in the P2P
network have a different operational context including personal interests, resource plans, security
considerations, etc.
1)
The corroboration that a peer entity in an association is the one claimed.
2)
Establishing the proof of the identity of the peer entity during a communication relationship.
Service to provide for use at the establishment of a connection by the use of the Authentication
Exchange security element, the confirmation of the identity of the connecting entity and provides
confidence, at the time of usage only, that an entity is not attempting a masquerade or an
unauthorised replay of a previous connection.
In a peer-to-peer relationship, the users may negotiate the characteristics of their interaction and,
afterwards, communicate obeying the rules they have negotiated: both users (an entity and its peer
entity) have potentially equal rights. [b-IETF RFC 4981] indicates that P2P networks are those that
exhibit three characteristics: self-organization, symmetric communication, and distributed control.
(T.180)
The seriousness of the problem as seen by the person reporting the trouble.
Security technology for visual degrading of cipher image (or video) with respect to plain image (or
video); it assumes that the cipher image (or video) can be decoded without decryption.
In cryptography particularly in a key-establishment protocol, the condition wherein the compromise
of a session key or a long-term private key after a given session does not cause the compromise of
any of the earlier sessions. In the context of SPAK, this means that the disclosure of the password
does not result in revealing the previously recoded encrypted conversation by deriving such session
key.
In the cryptography of a key establishment protocol, this pertains to the condition wherein a
compromised long-term private key after a given session does not compromise any earlier session.
The ability to track service and resource usage levels and to provide feedback on the
responsiveness and reliability of the network.
The ability or right to perform some action on some resource, possibly only under certain specified
conditions.
A <PolicySet> that contains the actual permissions associated with a given role.
Existing, and able to be used in services outside the direct control of the issuing assigner, without a
stated time limit.
A privacy-preserving name identifier assigned by a provider to identify a principal to a given relying
party for an extended period of time that spans multiple sessions; can be used to represent an
identity federation.
Information about an individual which can be used to identify that individual. The specific information
used for this identification will be that defined by national legislation.
1) The ability of users to change their association with one or more terminals at any point and time.
The user should continue to receive subscribed and otherwise authorized services as supported by
the current MS and access network.
2) the mobility for those scenarios where the user changes the terminal used for network access at
different locations. The ability of a user to access telecommunication services at any terminal on the
basis of a personal identifier, and the capability of the network to provide those services delineated
in the user's service profile.
3) The ability of a user to access telecommunication services at any terminal on the basis of a
personal identifier [e.g. the UPT number or PUI (Personal User Identity)], and the capability of the
network to provide those services delineated in the users service profile. Personal mobility involves
the network capability to locate the terminal associated with the user for the purposes of addressing,
routing and charging of the UPT users calls.
The biosphere and the individual means to protect its privacy and ensure its safety.
Secure local storage for an entity's private key, the directly trusted CA key and possibly other data.
Depending on the security policy of the entity or the system requirements this may be e. g. a
cryptographically protected file or a tamper resistant hardware token.
Contains personalized information defining how subscribed services are provided and presented
towards the user. Each subscriber of the home environment has her own personal service
environment. The personal service environment is defined in terms of one or more user profiles.
an identity which unambiguously identifies the UPT user but is different from the UPT number
although there is a one-to-one mapping between them. The PUI is an identity by which the UPT
user is known to his UPT service provider, and by which the UPT users service provider is known to
other service providers and networks supporting UPT.
An end-user controlled device that records, stores and plays back multimedia content. PVR is also
known as personal digital recorder (PDR).
The process of storing information in the ME and activating the procedures, which verify this
information against the corresponding information stored in the SIM whenever the ME is powered
up or a SIM is inserted, in order to limit the SIMs with which the ME will operate.
Network, network subset, SP, Corporate or (U)SIM to which the ME is personalized.
The service of storing cryptographic information (especially private keys) to a PSE. Note -The
organizational and physical security measures for a service like this are not in the scope of this
document. For organizational measures refer to ITU-T Rec. X.842 Guidelines on the use and
management of Trusted Third Party services
Services that need access to the subscriber profile and/or are dependent on the overall call/session
state (of the user) for reasons of service interaction. An example: a call termination service such as
TIA/EIA-41's "Call Forward on Busy".
1) the information pertaining to any living person, which makes it possible to identify such
individual (including the information capable of identifying a person when combined with other
information even if the information does not clearly identify the person).
2) Any information a) that identifies or can be used to identify, contact, or locate the person to
whom such information pertains; b) from which identification or contact information of an individual
person can be derived; or c) that is or can be linked to a natural person directly or indirectly.
Whereas phishing involves redirecting the websites traffic to another forged website, pharming
attacks by compromising the Domain Name System (DNS) server. Specifically, pharming modifies
into another addresses the correct IP addresses that corresponds to a domain name in the DNS
server; thus redirecting the user to a hacker's forged website when he/she is asked to enter the
company's Web address.
An entity or a person launching phishing attacks
1) An attempt to criminally and fraudulently acquire sensitive Information, such as usernames,
passwords and financial account details, by masquerading as a trustworthy entity in an electronic
telecommunications.
2) The act of sending an email to a user, falsely claiming to be an established legitimate
enterprise in an attempt to con the user into surrendering private Information that will be used for
identity theft. The email directs the user to a website where he/she is asked to update personal
Information such as passwords and credit card, social security, and bank account numbers,
Information that the legitimate organization already has. Note, however, that the website is bogus,
set up only to steal the users Information.
3) An attempt to fool an individual into going to the wrong website with the intent of stealing that
individual's private information.
4) The criminally fraudulent process of attempting to acquire sensitive information such as
usernames, passwords and credit card details, by masquerading as a trustworthy entity in an
electronic communication.
5) Act of acquiring sensitive or personal information such as username, date of birth, or credit card
details by masquerading as a trustworthy entity.
6) Creating a replica of an existing web page to fool a user into submitting personal, financial, or
password data. OR The act of sending an e-mail to a user falsely claiming to be an established
legitimate enterprise in an attempt to scam the user into surrendering private information that will be
used for identity theft. The e-mail directs the users to visit a website where they are asked to update
personal information, such as passwords and credit card, social security, and bank account
numbers that the legitimate organization already has. The website, however, is bogus and set up
only to steal the users information.
A phishing attacks use both social engineering and technical subterfuge to steal consumers'
personal identity data and financial account credentials. Social-engineering schemes use 'spoofed'
emails to lead consumers to counterfeit websites designed to trick recipients into divulging financial
data such as credit card numbers, account usernames, passwords and social security numbers.
Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince
This is an attempt by a third party to solicit confidential information from an individual, a group, or an
recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials
organization by mimicking, or spoofing, a specific, usually well-known brand, usually for financial
directly, often using Trojan keylogger spyware.
gain. An attacker attempts to trick users into disclosing personal data, such as credit card numbers,
online banking credentials, and other sensitive information, that he/she may then use to commit
fraudulent acts. A phishing web site is a site designed to mimic the legitimate web site of the
organization whose brand is being spoofed. In IdM systems, phishing is a serious threat because
the victims authentication information or other personally identifiable information when captured
by an attacker - can be used in identity theft or other fraudulent activity.
The phishing, fraud, and misuse exchange format extends the incident object description exchange
format (IODEF) to support the reporting of phishing, fraud, and other types of misuse. The
extensions also provide a standard format for exchanging information about widespread spam
incidents. These extensions are flexible enough to support information gleaned from activities
throughout the entire electronic fraud or spam cycle. Both simple reporting and complete forensic
reporting are possible, as is consolidating multiple incidents. Note: This Rec. only describes
techniques for commonly understood, assured means for cybersecurity entities to exchange
cybersecurity information, and does not include the uses of that information.
A dataset of personal or entity attributes. The simplest form is a set of name subscriber phone
number pairs as supported by GSM (U)SIMs.
In FDD mode, a physical channel is defined by code, frequency and, in the uplink, relative phase
(I/Q). In TDD mode, a physical channel is defined by code, frequency, and time-slot.
In the uplink, a data stream that is transmitted on one physical channel. In the downlink, a data
stream that is transmitted on one physical channel in each cell of the active set.
A physical pathname describes a path through a physical naming graph. A physical naming graph is
a naming graph that is isomorphic to the perceived physical structure of a distributed system. A
distributed system consists of a number of interconnected components or nodes. The system is
modelled by a directed graph G = (V, E). Each vertex in V denotes a node in the system. Each edge
in E identifies a connection between two nodes in V. For example, some electronic mail systems
reflect the structure of the network that connects machines in the way in which names are
composed and resolved.
The physical locations, sites, buildings, computer rooms and switching centres need to be physically
secured against the threats.
The measures used to provide physical protection of resources against deliberate and accidental
threats.
"Pico cells" are cells, mainly indoor cells, with a radius typically less than 50 metres.
A syntax structure containing syntax elements that apply to zero or more entire coded pictures as
determined by the pic_parameter_set_id syntax element found in each slice header.
One program is displayed on the full-seized IPTV TD screen, one or more other programs are
simultaneously displayed in inset windows.
The act of acquiring unauthorized access to programs, usually for the purpose of reselling such
access for unauthorized reception
Utilizes PKINIT for establishing the inter-realm keys and associated inter-realm policies to be
applied in issuing cross-realm service tickets between realms and domains in support of
Intradomain and Interdomain CMS-to-CMS signaling (CMSS).
A function which allows subscribers to see the content without placing limitations.
This is a type of SPAK wherein the server stores the plaintext of the users password or passwordequivalent Information. This SPAK is called symmetric SPAK.
The geographical area in which a PLMN provides communication services according to the
specifications to mobile users. In the PLMN area, the mobile user can set up calls to a user of a
terminating network. The terminating network may be a fixed network, the same PLMN, another
PLMN or other types of PLMN. Terminating network users can also set up calls to the PLMN. The
PLMN area is allocated to a PLMN. It is determined by the service and network provider in
accordance with any provisions laid down under national law. In general, the PLMN area is
restricted to one country. It can also be determined differently, depending on the different
telecommunication services, or type of MS. If there are several PLMNs in one country, their PLMN
areas may overlap. In border areas, the PLMN areas of different countries may overlap.
Administrations will have to take precautions to ensure that cross border coverage is minimized in
adjacent countries unless otherwise agreed.
The point where the operator connects users (or other operators) to the data transmission service
with the declared quality.
A service type in which data is sent to "all service subscribers or a predefined subset of all
subscribers" within an area defined by the service requester.
A value of the service attribute "communication configuration", which denotes that the
communication involves only two network terminations.
A service type in which data is sent from a single network termination to another network
termination.
1) A policy defines one or more rules. Each rule binds one or more actions to sets of conditions
describing by whom (users), for what (systems, applications), and under what circumstances (time,
day of the week, date) the actions may be triggered.
2)
3)
A collection of rules applied in CRS to enforce the proper control on MSs.

A set of rules defined locally by a network element or other network management authority.
4)
Overall intention and direction as formally expressed by management.
5)
See security policy
An expression or statement of the technical, operational, and legal systems and practices
concerning the structured creation, capture, syntactical expression, storage, tagging, maintenance,
retrieval, use and destruction of identities.
It defines the actions of two rules contradicting each other. The entity implementing the policy will
not be able to determine which action to perform. To prevent this situation, the implementers of
policy systems must provide conflict detection and avoidance or resolution mechanisms.
A policy database refers to a list of policy needs to be created in a file. In the user authentication
context, this file defines the rules required for user authentication protocol.
1) The point where policy decisions are made (synonymous with ADF). .
2) A system entity that makes authorization decisions for itself or for other system entities that
request such decisions. For example, a SAML PDP consumes authorization decision requests, and
produces authorization decision assertions in response. A PDP is an "authorization decision
authority"
The policy determination service is a TTP service that determines security protocols and/or
algorithms that are used for data confidentiality and/or data integrity in data transmission phase.
1) The point where the policy decisions are actually enforced (synonymous with AEF). .
2) A system entity that requests and subsequently enforces authorization decisions. For example,
a SAML PEP sends authorization decision requests to a PDP, and consumes the authorization
decision assertions sent in response.
The system entity that acts as a source of attribute values.
Recognizing that, when a CA in one domain certifies a CA in another domain, a particular certificate
policy in the second domain may be considered by the authority of the first domain to be equivalent
(but not necessarily identical in all respects) to a particular certificate policy in the first domain.
The specified document specifies policy requirements relating to certification authorities (CAs)
issuing public key certificates, including extended validation certificates (EVC). It defines policy
requirements on the operation and management practices of certification authorities issuing and
managing certificates such that subscribers, subjects certified by the CA and relying parties may
have confidence in the applicability of the certificate in support of cryptographic mechanisms.
1) This is an entity that manages security policies related to the security processing of messages
and access control policies for the messages.
2) Entity and functions that are responsible for creating and managing security policies specific to
a multicast group.
A set of policies, other policy sets, a policy-combining algorithm and (optionally) a set of obligations.
May be a component of another policy set.
the ability of a user identifier or address to be allocated to different systems when the user moves
from one location to another.
A MSISDN that has undergone the porting process.
The subscriber of a ported number.
A description of the transfer of a number between network operators.
Selective encryption performed after encoding.
The quality of service experienced after any transient conditions due to handover have passed.
Billing arrangement between customer and operator/service provider where the customer
periodically receives a bill for service usage in the past period.
Refers to various forms of deceptive software, including malicious software such as viruses, worms,
and Trojans, and non-malicious software that exhibit the characteristics of deceptive software and
spyware.
The general threat model for a mobile network can be applied to the threat model of X.1121. In
addition, there are several practical threats exclusively associated with the wireless access networ
(like DOS, man in the middle, etc.)
The smallest value by which a clock changes.
A statement about attributes whose truth can be evaluated.
Use of a predictor to provide an estimate of the sample value or data element currently being
encoded.
A service model which provides reliable performance, but allowing a specified variance in the
measured performance criteria.
Combination of specified values or previously encoded sample values or data elements used in the
encoding process of subsequent sample values or data elements.
A category of services for which premium access to, and/or use of telecommunications network
resources is provided.
Billing arrangement between customer and operator/service provider where the customer deposits
an amount of money in advance, which is subsequently used to pay for service usage.
An unauthorized agent could make a copy of a deferred delivery message and send this copy to the
intended recipient while the original was still being held for delivery in the MTA. This could fool the
message recipient into replying to the message originator before the originator was expecting a
reply or simply mislead or confuse the original intended message recipient.
A set of attributes that characterizes an entity relating to current status.
Presence service is a TTP service that provides availability Information of an entity.
A security association which is established in conjunction with the establishment of a protecting

presentation context, and which applies to all presentation data values sent in one direction in that
protecting presentation context; attributes of the security association are indicated explicitly along
with the encoding of the first presentation data value in the protecting presentation context.
A key shared in advance by SM and AP or authentication server for the secure downloadable SCP.
A primary value of type integer used to unambiguously identify an arc of the international object
identifier tree.
Shadowing where the shadow supplier is the master DSA .
A value of a specified type assigned to an arc of the OID tree that can provide an unambiguous
identification of that arc within the set of arcs from its superior node.
1) An entity whose identity can be authenticated.
2) An entity represented by a claimant which has a specific communications relationship with the
verifier (entity authentication), or the entity that is the source of a data item available to the verifier
(data origin authentication). Note - A principal has one or more distinguishing identifiers associated
with it. Authentication services can be used by entities to verify purported identities of principals. A
principals identity which has been so verified is called an authenticated identity.
3) This is an entity whose identity can be authenticated. Examples of principals include an enduser or an organization.
A representation of a principal's identity, typically an identifier.
The degree of urgency with which the manager requires resolution of the problem.
Telecommunications made by specific terminals in the event of emergencies, which should be
handled with priority by restricting public calls. The specific terminals may span different services
(VoIP, PSTN voice, IP data traffic, etc.) for wired and wireless networks.
Apabilities that provide priority in the use of telecommunications network resources, allowing a
higher probability of end-to-end telecommunications and use of telecommunication applications.
1)a The right of individuals to control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed. Note - Because
this term relates to the right of individuals, it cannot be very precise and its use should be avoided
except as a motivation for requiring security.
1)b The right of individuals to control or influence what information related to them may be
collected or stored and by whom and to whom that information may be disclosed.
2) A mode of communication in which only the explicitly enabled parties can interpret the
communication. This is typically achieved by encryption and shared key(s) for the cipher.
3)a A way to ensure that information is not disclosed to any one other than the intended parties.
Information is usually encrypted to provide confidentiality. Also known as confidentiality.
3)b A way to ensure that information is not disclosed to any one, other than the intended parties.
Information is usually encrypted to provide confidentiality. Also known as confidentiality.
4) The act of acquiring unauthorized access to programs, usually for the purpose of reselling such
access for unauthorized reception
5) a) A mode of communication in which only the explicitly enabled parties can interpret the
communication. This may be achieved, e.g., by encryption and shared key(s) for the cipher.
b)
See X.800. NOTE Because this term relates to the right of individuals, it cannot be very precise
and its use should be avoided except as a motivation for requiring security
6) the protection of Personally Identifiable Information.
7) The right of individuals to control or influence what personal information related to them may be
collected, managed, retained, accessed and used or distributed.
A policy that defines the requirements for protecting access to, and dissemination of, personally
identifiable information (PII) and the rights of individuals with respect to how their personal
information is used.
The policy statement that defines the rules for protecting access to and dissemination of personal
privacy information.
provides for the protection of information that might be derived from the observation of network
activities. Examples of this information include web-sites that a user has visited, a user's geographic
location, and the IP addresses and DNS names of devices in a service provider network.
For H.235 a private channel is one that is a result of prior negotiation on a secure channel. In this
context it may be used to handle media streams.
A permanent identifier that represents the real identity of an SS. It should be defined to be unique
and can be used by the network operator to authenticate, account and manage the SS. The private
Information of the SS can only be obtained by the EAC and the ESD. An example of PID is
International Mobile Subscriber Identity (IMSI) in 3rd Generation Partnership Project (3GPP)
network.
The key used in public key cryptography that belongs to an individual entity and must be kept
secret.
1) (In a public key cryptosystem) that key of a users key pair which is known only by that user.
2) A key that is used with an asymmetric cryptographic algorithm and whose possession is
restricted (usually to only one entity).
3) The key used in public key cryptography that belongs to an individual entity and must be kept
secret.
1) A right that, when granted to an entity, permits the entity to perform an action.
2) An attribute or property assigned to an entity by an authority.
A privilege holder using their attribute certificate or public-key certificate to assert privilege.
The infrastructure able to support the management of privileges in support of a comprehensive
authorization service and in relationship with a Public Key Infrastructure.
The policy that outlines conditions for privilege verifiers to provide/perform sensitive services to/for
qualified privilege asserters. Privilege policy relates attributes associated with the service as well as
attributes associated with privilege asserters.
1)
An entity verifying certificates against a privilege policy.
2) An entity that validates an AC containing a PMI extension (see X.509) and a biometric
extension. NOTE A PV verifies that the claimant (holder of the AC) will have access to the
requested privileges once an IDV is satisfied that the claimed identity in the AC has been
established, using biometric verification at an appropriate security level (which can be extracted
from the biometric extension in the AC).
A recipient of a document that in addition to being an intended recipient, has the right to perform
certain security-related operations intended for that particular recipient, such as to interpret specified
enciphered parts of the document, and to perform integrity and authenticity checks on specified
parts of the document.
Reservation of QoS resources in advance of handover.
A SIM which is capable of issuing commands to the terminal. Part of SIM application toolkit.
1) Enables any MTA through which the probe passes to authenticate the origin of the probe.
2) This element of service allows the originator of a probe to provide to any MTA through which
the probe is transferred a means to authenticate the origin of the probe (i.e. a signature). Probe
Origin Authentication is on a per-probe basis, and uses an asymmetric encryption technique
Element to enable any MTA to authenticate the identity of the MTS-user which originated a probe.
This security element uses the Probe Origin Authentication Check, which is one of the arguments of
the Probe Submission service.
Service to enable the corroboration of the source of a probe can be provided by using the Probe
Origin Authentication security element to provide the security service to any of the MTAs through
which the probe is transferred.
Data that are processed from raw sensed data by sensor network or USN middleware.
the role which develops products and services and accumulates their information, such as their
versions, configurations, vulnerabilities and patches.It publishes many of the reusable information
through Registrar so that, as with Researcher, individual organizations may implement needed
countermeasures. A software vendor and individual private software programmer are typical
instances.
accumulates information on products and services. It is provided by the researcher and product &
service developer, and is then organized and classified by the registrar. The knowledge base
includes the version and configuration knowledge bases.
A set of rules for one of several purposes; each set is given a name in the pattern "xxx profile of
SAML" or "xxx SAML profile": 1) Rules for how to embed assertions into and extract them from a
protocol or other context of use. 2) Rules for using SAML protocol messages in a particular context
of use. 3) Rules for mapping attributes expressed in SAML to another attribute representation
system. Such a set of rules is known as an "attribute profile".
1) This element of service enables a recipient of an IP-message to provide proof that the original
IP-message content was received by the recipient. This service provides proof of the integrity of the
content received and proof of the authenticity of the recipient of the IP-message. This element of
service is used only in conjunction with Content Integrity or Message Origin Authentication Elements
of Service applied to the subject IP-notification. The corresponding proof can be supplied in various
ways depending on the security policy in force. The originator of the IP-notification always uses the
Content Integrity or Message Origin Authentication Elements of Service when sending the receipt
IP-notification in response to the IP-message. One way of providing the proof is to incorporate the
following in the IP-notification: A verified copy of the IP-message originators Content Integrity or
Message Origin Authentication arguments (when present in the IP-message and verified by the
recipient of the IP-message). A verified copy of the complete original IP-message content, if the IPmessage originators Content Integrity or Message Origin Authentication arguments are not present
in
IP-message.
The
recipient
is required
to fulfilVM-UA
the request
thisa element
service
onlythat
when
2) theThis
element of
service
allows
an originating
to getfor
from
recipientofVM-UA
proof
the original subject message content was received by the recipient VM-UA and that the subject
voice message was accepted, forwarded or refused. The corresponding proof is obtained by
returning a proof of origin of the voice message notification which incorporates the originators
message origin authentication and/or content integrity arguments, if present, or the complete
original message content otherwise.
This element of service allows an originating VM-UA to request the recipient VM-UA to provide it
with proof that the original subject message content was received by use of voice messaging receipt
or non-receipt notification. Note This element of service requires the receipt notification request
indication or non-receipt notification request indication to also be requested of this recipient.
1) Enables the originator of a message to authenticate the delivered message and its content,
and the identity of the recipient(s).
2) This element of service allows the originator of a message to obtain from the recipient(s) of the
message the means to authenticate the identity of the recipient(s) and the delivered message and
content. Message recipient authentication is provided to the originator of a message on a perrecipient basis using either symmetric or asymmetric encryption techniques.
Element to provide the originator of a message with the means to establish that a message was
delivered to the destination by the MHS. The security element is made up of a number of
arguments. The message originator includes a Proof of Delivery Request with the submitted
message, and this request is delivered to each recipient with the message. A recipient may then
compute the Proof of Delivery as a function of a number of arguments associated with the message.
The proof of delivery is returned by the MTS to the message originator, as part of a report on the
results of the original Message Submission. The Proof of Delivery can be used to support the Proof
of Delivery security service. Depending on the security policy in force, it may also be able to support
the (stronger) Non-repudiation of Delivery security service. The Proof of Delivery Request is an
argument of the Message Submission, Message Transfer, and Message Delivery services. The
Proof of Delivery is both one of the results of the Message Delivery service and one of the
arguments of the Report Transfer and Report Delivery services.
Service to enable the originator of a message to obtain corroboration that it has been delivered by
the MTS to its intended recipient(s) by using the Proof of Delivery security element.
This element of service provides the originator of an IP-message with proof that the IP-message
was received by its recipient, and that the recipient was the originator of the received IP-notification.
This protects against any attempt by the recipient IPM UA to deny subsequently that the IPmessage was received and that the IP-notification was returned to the originator. This element of
service is used only in conjunction with Content Integrity and/or the Message Origin Authentication
Elements of Service applied to the IP-notification. The corresponding proof can be supplied in
various ways depending on the security policy in force. One way of providing the proof is by means
of the MTS-user to MTS-user Data Origin Authentication Security Services, defined in
.10.2.1.1.1/X.402, applied to the IP-notification. The recipient is required to fulfil the request for this
element of service only when the UA is subject to a security policy which mandates the support of
this element of service.
1) Enables the originator of a message to authenticate that the message was submitted to the
MTS for delivery to the originally specified recipient(s).
2) This element of service allows the originator of a message to obtain from the MTS the means
to authenticate that the message was submitted for delivery to the originally intended recipient.
Message submission authentication is provided on a per-message basis, and can use symmetric or
asymmetric encryption techniques
Element to provide the originator of a message with the means to establish that a message was
accepted by the MHS for transmission, made up of two arguments: a request for Proof of
Submission, sent with a message at submission time, and the Proof of Submission, returned to the
MTS-user as part of the Message Submission results. The Proof of Submission is generated by the
MTS, and is computed as a function of all the arguments of the submitted message, the Message
Submission Identifier, and the Message Submission Time. The Proof of Submission argument can
be used to support the Proof of Submission security service. Depending on the security policy in
force, it may also be able to support the (stronger) Non-repudiation of Submission security service.
The Proof of Submission Request is an argument of the Message Submission service. The Proof of
Submission is one of the results of the Message Submission service.
Service to enable the originator of a message to obtain corroboration that it has been received by
the MTS for delivery to the originally specified recipient(s) by using the Proof of Submission security
element.
This element of service allows an originator of a message to obtain the means to corroborate that
the subject message was received by the recipient VM-UA and that the voice message was
accepted, forwarded or refused. Such corroboration is provided by means of the MTA user-tomessage transfer system-user Message Origin Authentication security service defined in
10.2.1.1.1/X.402, being applied to the voice messaging notification.
This element of service, used in conjunction with non-receipt notification request indication or
receipt notification request indication or voice messaging service status request notification, enables
an originating VM-UA to request the responding VM-UA to provide it with a corroboration of the
source voice notification. Note This element of service requires the voice messaging notification
request to also be present.
The verification and validation of information when enrolling new entities into identity systems.
1)a A presentation context that associates a protecting transfer syntax with an abstract syntax.
1)b
A presentation context that associates a protecting transfer syntax with an abstract syntax.
1) A transfer syntax based on encoding/decoding processes that employ a security

transformation.
2)a A transfer syntax which employs a security transformation. Note - A protecting transfer syntax
is a context-sensitive
2)b A transfer syntax which employs a security transformation. Note - A protecting transfer syntax
is a context-sensitive
A specification which relates a protection requirement, identified by name in an abstract syntax
specification, to a specific security transformation to be used to satisfy that requirement.
A formal set of procedures that are adopted to ensure communication between two or more
functions within the same layer of a hierarchy of functions.
See "Binding".
A mechanism provided to allow systems with a common bilateral agreement to extend the
TIA/EIA
41way
protocol.
is aidentity
range providers
of reserved
Error
Codes,
Operation Codes, Parameter
A generic
to referThere
to both
and
service
providers.
Identifiers (in addition to PRIVATE Parameter Identifiers), and ranges of values in enumerated
accumulates
information
assets
outside
individual organizations.
In orderuses
to run
parameter types
and dataon
fields.
The
only mechanism
to resolve conflicting
of effective
protocol and
efficient
cybersecurity
operations,
the database
needsExtension
to be linked
to a user is
resource
extension
is to standardize
their usage.
The Protocol
mechanism
used atdatabase
the risk of the
since
the border Protocol
between Extensions
internal andshould
external
unclear,isespecially
implementation.
notITbeassets
used becomes
unless theincreasingly
message recipient
known to in
cloud
computing.
The IT Infrastructure Provider manipulates such information. The database mainly
support
them.
contains information on provider networks and cloud services. Provider network information is on
networks with which each organization is connected with other organizations, such as topology,
routing information, access control policies, traffic status, and security levels. Cloud service
information includes the service specifications, workload information, and security policy information
of each cloud service. Note that user organization specific information such as the local
configuration of each cloud service is stored in the User Resource database.
1) A facility that indirectly provides some service or acts as a representative in delivering
information there by eliminating a host from having to support the services themselves.
2) an intermediate H.323 entity similar to a gatekeeper. The proxy may be a separate network
node or may be collocated with the functionality of an H.323 entity such as of the gatekeeper. The
proxy may perform security tasks such as signature and certificate verification and access control.
An identifier whose binding to an entity is not known or is known to only a limited extent, within the
context in which it is used. NOTE A pseudonym can be used to avoid or reduce privacy risks
associated with the use of identifier bindings which may reveal the identity of the entity.
The identifier of an SP that is used for public access of the SP by the EAC and the SS.
1) (In a public key cryptosystem) that key of a users key pair which is publicly known.
2) A key that is used with an asymmetric cryptographic algorithm and that can be made publicly
available.
3)a The key used in public key cryptography that belongs to an individual entity and is distributed
publicly. Other entities use this key to encrypt data to be sent to the owner of the key.
3)b The key used in public key cryptography that belongs to an individual entity and is distributed
publicly. Other entities use this key to encrypt data to be sent to the owner of the key.
1) The public key of a user, together with some other information, rendered unforgeable by digital
signature with the private key of the certification authority which issued it.
2) values that represent an owners public key (and other optional information) as verified and
signed by a trusted authority in an unforgeable format.
3) A binding between an entity's public key and one or more attributes relating to its identity, also
known as a digital certificate.
3)b A binding between an entitys public key and one or more attributes relating to its identity. Also
known as a digital certificate.
1)a Procedure that uses a pair of keys, a public key and a private key for encryption and
decryption, also known as asymmetric algorithm. A user's public key is publicly available for others
to use to send a message to the owner of the key. A user's private key is kept secret and is the only
key which can decrypt messages sent encrypted by the users public key
1)b Procedure that uses a pair of keys, a public key and a private key, for encryption and
decryption; also known as a asymmetric algorithm. A users public key is publicly available for others
to use to send a message to the owner of the key. A users private key is kept secret and is the only
key which can decrypt messages sent encrypted by the users public key.
2) An encryption system utilizing asymmetric keys (for encryption/decryption) in which the keys
have a mathematical relationship to each other - which cannot be reasonably calculated.
3) A cryptographic technique based upon a two-key algorithm, private and public, wherein a
message is encrypted with the public key but can only be decrypted with the private key. Also known
as a Private-Public Key (PPK) system. NOTE Knowing the public key does not reveal the private
key. Example: Party A would devise such a private and public key, and send the public key openly to
all who might wish to communicate with Party A, but retain the private key in secret. Then, while any
who have the public key can encrypt a message for Party A, only Party A with the private key can
decrypt the messages.
A directory containing a well defined (sub)set of public key certificates. This directory can contain
certificates from different Certification Authorities.
1) The infrastructure able to support the management of public keys able to support
authentication, encryption, integrity or non-repudiation services.
2) The system consisting of TTPs, together with the services they make available to support the
application (including generation and validation) of digital signatures, and of the persons or technical
components, who use these services. Note -Sometimes the persons and the technical components
participating in a PKI by using the services of TTPs, but not being TTPs themselves, are referred as
end entities. An example of a technical equipment used by an end entity is a smart card which may
be used as a storage and or processing device.
3) A process for issuing public key certificates, which includes standards, Certification Authorities,
communication between authorities and protocols for managing certification processes.
A telecommunications network providing mobile cellular services.
The entity which offers telecommunications services over an air interface.
In the context of telecommunications, public policy is policy that is made by regulators in their
determination of public good and which they may implement by regulations that are imposed on
telecommunication entities.
Term used for conciseness to include telecommunication administrations, recognized operating
agencies, private (customer and third party) administrations and/or other organizations that operate
or use a Telecommunications Management Network (TMN).
A TV service where multimedia content is packaged and delivered at the discretion of the service
provider to the end-user's storage system.
A QoS profile comprises a number of QoS parameters. A QoS profile is associated with each QoS
session. The QoS profile defines the performance expectations placed on the bearer network.
Lifetime of PDP context. The period between the opening and closing of a network connection
whose characteristics are defined by a QoS profile. Multiple QoS sessions may exist, each with a
different QoS profile.
1) The collective effect of service performance which determine the degree of satisfaction of a user
of the service. NOTE 1 - The quality of service is characterized by the combined aspects of service
support performance, service operability performance, serveability performance, service security
performance and other factors specific to each service. NOTE 2 - The term quality of service is not
used to express a degree of excellence in a comparative sense nor is it used in a quantitative sense
for technical evaluations. In this case a qualifying adjective (modifier) should be used.
2) The collective effect of service performances, which determine the degree of satisfaction of a
user of a service. It is characterized by the combined aspects of performance factors applicable to
all services, such as service operability performance; service accessibility performance; service
retainability performance; service integrity performance; and other factors specific to each service.
Quality of Service constraints include: temporal constraints (e.g. deadlines); volume constraints (e.g.
throughput); and dependability constraints.
Loose compression technique applied by compressing a range of values to a single quantum value;
when the number of discrete symbols in a given stream is reduced, the stream becomes more
compressible.
The service that the access stratum provides to the non-access stratum for transfer of user data
between user equipment and CN.
The network that connects radio base stations to the core network. The RAN provides and
maintains radio-specific functions, which may be unique to a given radio access technology, that
allow users to access the core network.
Operator that offers radio access to one or more core network operators.
UTRAN, GERAN, etc.
The "radio interface" is the tetherless interface between user equipment and a UTRAN access
point. This term encompasses all the functionality required to maintain such interfaces.
A "radio link" is a logical association between single user equipment and a single UTRAN access
point. Its physical realization comprises one or more radio bearer transmissions.
A sublayer of radio interface layer 2 providing transparent, unacknowledged and acknowledged data
transfer service.
This equipment in the RNS is in charge of controlling the use and the integrity of the radio
resources.
Either a full network or only the access part of a UTRAN offering the allocation and the release of
specific radio resources to establish means of connection in between an UE and the UTRAN. A
radio network subsystem is responsible for the resources and transmission/reception in a set of
cells.
Characterization of any stimulus from external sources of radiation (except those covered by
VIDEOIN and AUDIOIN) that can affect or damage the human body or implanted devices. NOTE
1 The term RADIOIN is used both as an adjective applied to a stimulus, but more commonly as
a noun referring to a RADIOIN stimulus. NOTE 2 An implanted device may be any of (not
exclusive): a cochlear-Implant that activates ear nerves directly by signals from a signal processor
-- a pacemaker to control the heart beat -- an implanted cardioverter-defibrillator to provide
immediate defibrillation of the heart -- a transcutaneous electrical nerve stimulator (an electronic
pain reducer) -- a muscle activator -- an implanted Radio Frequency Identification tag (RFid tag).
Characterization of any output from the human body (or from implanted devices) that is a source of
radiation (except those covered by VIDEOOUT and AUDIO-OUT). NOTE 1 The term
RADIOOUT is used both as an adjective applied to a specific output, but more commonly as a
noun referring to a RADIOOUT specific output. NOTE 2 RADIOOUT is concerned with the
measurement of all sources of radiation from the human body, for example after exposure to or
ingestion of radio-active material, except those radiations covered by VIDEOOUT and
AUDIOOUT. NOTE 3 The base modalities do not encompass non-ionising electromagnetic
radiation from and to the human body that is outside the visible spectrum.
Two or more CN operators share the same RAN, i.e., a RAN node (RNC or BSC) is connected to
multiple CN nodes (SGSNs and MSC/VLRs) belonging to different CN operators.
A point in the content from which playback can begin. Note: For example, in MPEG encoding, this
would be an I-frame, as opposed to a P-frame or B-frame.
The state when the local clock is correct and the maximum error of the clock is within the user
specified maximum error.
An entity that creates and manages the global RBL.
A variable key length stream cipher offered in the ciphersuite, used to encrypt the media traffic in
IPCablecom.
Time, typically in number of seconds, to perform the online mechanism used for fraud control and
cost control.
A network region which shares a common network address space; by presumption, different realms
use incompatible, conflicting, or private address spaces.
A list of IP addresses or domain names that can be a basis to block immediately during VoIP call
setup.
Real-time inter-network defense (RID) provides a framework for the exchange of incident
information. The RID standard provides the set of incident coordination message necessary to
communicate IODEF documents securely between entities. RID is a wrapper for IODEF documents,
including any extensions of IODEF. The standard messages and exchange formats include security,
privacy and policy options/considerations that are necessary in a global incident coordination
scheme. RID is the security layer between IODEF document and the transport protocol. The
transport selected is decided upon by the entities communicating incident information. The transport
may be the specified RID transport (HTTP/TLS), BEEP, SOAP, or a protocol specified in the future.
A real-world entity is a physical and logical entity which mainly acts or is used in the real world, such
as a physical object, logical object, place and person. Examples of physical objects include water
bottle, book, desk, wall, chair, tree, animal, cloth, food, television, light and so on. Examples of
logical objects include digital content such as video, movie, music and story. Examples of places
include room, corridor, road, gate, garden and so on. The real-world entity concept includes both
networked entities and non-networked entities.
a server which receives messages for message receivers. In email applications, a POP server acts
as a receiver agent.
a function of receiver party for countering spam, which detects and blocks spam during receiving
process.
An agent assuming responsibility for the corresponding security functions of the sender security
agent (SSA), the group and membership control (GMC) agent and the group key management
(GKM) agent such as a membership authentication and group key update.
In the context of data transfer, an entity that receives the data in an action that is subject to a nonrepudiation service. Note - In the logical model of non-repudiation, other entities may be considered.
E.g. the owner is the entity that makes an original message and a transfer agent is the entity that
transfers the message; in this context, entities are modeled as originators or recipients.
The network which receives the number in the porting process. This network becomes the
subscription network when the porting process is complete.
An instance of ASF which identifies and blocks IP multimedia spam being delivered to spam
recipients through the boundary of internal network. RASF can be located in the network elements
where inbound communication requests to spam recipients are sent as the last hop.
A string of bytes within an EF handled as a single entity (see clause 6).
The device which collects and correlates the various Event Messages.
The number which identifies a record within an EF.
The pointer which addresses one record in an EF.
A combination of functional groups and reference points that shows possible network arrangements.
1) A conceptual point at the conjunction of two non-overlapping functional entities that can be used
to identify the type of information passing between these functional entities. NOTE A reference
point may correspond to one or more physical interfaces between pieces of equipment.
2) A conceptual point at the conjunction of two non-overlapping functional groups.
A protection mechanism to detect when a protocol data unit has been sent back to the originator.
An element to allow the establishment at an MTA of an MTS-users permissible security labels, and
is provided by the Register service. The Register service enables an MTS-user to change
arguments, held by the MTS, relating to delivery of messages to that MTS-user.
Service to enable the establishment at an MTA of the Security Labels which are permissible for one
particular MTS-user. It may be provided using the Register security element.
The HLR has a pointer to a system serving an MS. A registered MS may be active or inactive.
This is the PLMN on which the UE has performed a location registration successfully.
the role which classifies, organizes, and accumulates cybersecurity knowledge provided by the
Researcher and Product & Service Developer so that the knowledge can be reutilized by other
organizations. NIST and the Information-Technology Promotion Agency, Japan are typical instances.
In some cases, an entity serving as Researcher or Product & Service Developer may also serve as
Registrar and publish information.
1) the process in which a person proves their identity by presenting credentials to the biometric
service provider before prior to being allowed to enrol, and the assignment of an electronic identifier
2) The process in which an entity requests and is assigned privileges to use a service or resource.
Note - enrolment is a pre-requisite to registration. Enrolment and registration functions may be
combined or separate.
3) The assignment of an unambiguous name to an object in a way which makes the assignment
available to interested parties.
4) This is the process of camping on a cell of the PLMN and doing any necessary LRs.
5) The procedure by which a MS becomes listed as being present in the service area of an MSC.
A (NAS) registration area is an area in which the UE may roam without a need to perform location
registration, which is a NAS procedure.
act as intermediaries between users and CAs. They receive requests from users and transmit them
to the CAs in an appropriate form.
1) An entity who is responsible for identification and authentication of subjects of certificates, but
is not a CA or an AA, and hence does not sign or issue certificates. Note - an RA may assist in the
certificate application process, revocation process, or both.
2) Authority entitled and trusted to perform the registration service.
3) An administrative role which ensures that OR-addresses are unambiguous, i.e. that each ORaddress is allocated to one and only one user.
4) A Registration Authority (RA) verifies (in a TMN environment) the authenticity of every entity
(NE, OS, WS, employee, customer, supplier, etc.) that should receive a public key certificate from
the TMN's CA. The RA typically consists of a small number of security administrators with access to
the CA. An RA typically publishes a Certification Policy Statement (CPS) that specifies under what
conditions (e.g. identity check) it would issue a certificate.
5) An entity such as an organization, a standard or an automated facility that performs registration
of one or more types of objects.
6) An entity such as an organization, a standard or an automated facility that performs registration
of one or more types of objects. NOTE - Within Rec. X.660 | IS 9834-1, the above definition of
Registration Authority extends the term to cover registration by organizations acting at international,
regional and national levels, and by other means.
7)
An identifier specifying a particular registration authority as designated by ISO/IEC JTC1/SC29
The specified procedures for performing registration and amending (or deleting) existing
registrations.
The service of identifying entities and registering them in a way that allows the secure assignment of
certificates to these entities.
Regulatory authorities define general policy in the telecommunication field. In particular, they
support the development of standards and regulations, control of realization of laws and standards
and use international standards while supporting development of national standards.
A process to change the SCP key so as to limit the amount of data encrypted with the same SCP
key.
An association between two or more domains of entities. In RM-ODP, relations can be defined for, at
least, objects, interfaces and actions.
An association between two or more entities. NOTE Relationships are instances of relations.
Terminal devices capable of ODMA relay communications.
An attack on authentication in which exchange AI is intercepted and then immediately forwarded.
Relay or seed that communicates with the UTRAN, in either TDD or FDD mode.
Relaylink is a communications link between two ODMA relay nodes.
A particular version of the 3G System standards produced by the 3GPP project. Also Release 4,
Release 5, Release 6, Release 7, Release 8, etc.
The ITU-T Question(s) responsible for the maintenance of this Rec. X.1500.1. Note: At the time of
approval of this Rec, the relevant Question is ITU-T Q4/17 (Study Period 2009-2012).
1) A user or agent that relies on the data in a certificate in making decisions.
2) A system entity that decides to take an action based on Information from another system entity.
For example, a SAML relying party depends on receiving assertions from an asserting party (a
SAML authority) about a subject.
3)a An entity that relies on an identity representation or claim by a Requesting/Asserting entity
within some request context
3)b An entity that relies on an identity representation or claim by a Requesting/Asserting entity
within some request context
4) An entity that relies on an identity representation or claim by a Requesting/ Asserting entity.
determination of which local BSPs, which local BFPs, and which BioAPI units (managed by those
BSPs and BFPs) a BIP endpoint makes available for use by another BIP endpoint.
A terminating directory number supporting service profile modification.
A protocol that one program can use to request a service from a program located in another
computer in a network without having to understand network details.
Remote terminal is an entity that has network access function and an Internet interface to connect
or control the home devices in the home network.
Remote user is an entity (person) outside the home network that uses and operates the remote
terminal for accessing the devices in the home network.
A radio transceiver used to extend the transmission of a base station beyond its normal range.
1) A message, or part of a message, is repeated to produce unauthorized effect. For example, a
valid message containing authentication information may be replayed by another entity in order to
authenticate itself (as something that it is not).
2) Messages whose originators and contents are genuine can be monitored by an unauthorized
agent and could be recorded to be replayed to the messages intended recipient at a later date. This
could be done in order to either extract more information from the intended recipient or to confuse
him.
Breach of security in open networks wherein a biometric template from a client is stored without
authorization and retransmitted to a server to gain illegal access
In this attack, the attacker records a sequence of messages off the wire and plays them back to the
corresponding party which originally received them. Note that the attacker does not need to be able
to understand the messages. He merely needs to capture and retransmit them.
A subtree of the DIT for purposes of shadowing .
The process by which copies of entry and operational information are held by DSAs other than the
master DSA .
The distinguished name of the root vertex of a replicated area .
1) Allows the originator to authenticate the origin of a delivery/non-delivery report.
2) This element of service allows the originator of a message (or probe) to authenticate the origin
of a report on the delivery or non-delivery of the subject message (or probe), (a signature). Report
Origin Authentication is on a per-report basis, and uses an asymmetric encryption technique.
Element to enable any MTA or MTS-user who receives a report to authenticate the identity of the
MTA which originated the report. This security element uses the Report Origin Authentication Check,
which is one of the arguments of the Report Delivery service.
Service to enable the corroboration of the source of a report can be provided by using the Report
Origin Authentication security element to provide the security service to to the originator of the
subject message or probe, as well as to any MTA through which the report is transferred.
2)a An implicit or explicit collection of security elements that supports a capability, e.g., a
vulnerability database, advisory archive, the set of signatures in an intrusion detection system (IDS),
or Web site.
2)b An implicit or explicit collection of security-related software weakness elements that supports
a capability, e.g., a database of security weaknesses, the set of patterns in a code analyzer, or a
Web site.
1) Denial by one of the entities involved in a communication of having participated in all or part of
the communication.
2) Denial in having participated in all or part of an action by one of the entities involved.
3) When an MTS-user or the MTS may later deny submitting, receiving, or originating a message,
and include: denial of origin, denial of submission, denial of delivery.
4) an entity involved in a communication exchange subsequently denies the fact.
One of the actual communication participants can deny involvement in the communication. This
could have serious implications if financial transactions were being performed via MHS.
BIP message conveying a request for an action to be performed by the receiving BIP endpoint.
This element of service enables the originator of an IP-message to request the recipient of the IPmessage to provide an irrevocable proof of the received IP-message content by means of an IPnotification. This element of service may be subscribed to only if the Receipt Notification Request
Indication Element of Service is subscribed to. If this element of service is requested, the Request
for Proof of Content Received Element of Service shall not be requested. This element of service
provides only an indication of the originators request. Fulfillment of the request requires support of
the Non-repudiation of Content Received Element of Service.
This element of service enables the originator of an IP-message to request the recipient of the IPmessage to provide irrevocable proof of the origin of an IP-notification generated in response to the
IP-message. This element of service may be subscribed to only if the Receipt Notification Request
Indication Element of Service is subscribed to. If this element of service is requested, the Request
for Proof of IP-notification Element of Service shall not be requested. This element of service
provides only an indication of the originators request. Fulfilment of the request requires support of
the Non-repudiation of IP-notification Element of Service.
This element of service enables the originator of the IP-message to request the recipient of the IPmessage to provide proof of the received IP-message content by means of an IP-notification. This
element of service may be subscribed to only if the Receipt Notification Request Indication Element
of Service is subscribed to. This element of service provides only an indication of the originators
request. Fulfilment of the request requires support of the Proof of Content Received Element of
Service.
This element of service enables the originator of the IP-message to request the recipient of the IPmessage to provide proof of the origin of an IP-notification generated in response to the IPmessage. This element of service may be subscribed to only if the Receipt Notification Request
Indication Element of Service is subscribed to. This element of service provides only an indication of
the originators request. Fulfilment of the request requires support of the Proof of IP-notification
Element of Service.
link channel through which request and response BIP messages are transferred and which is
always present in a BIP link .NOTE A request/response link channel can only exist as part of a BIP
link.
A QoS profile is requested at the beginning of a QoS session. QoS modification requests are also
possible during the lifetime of a QoS session.
A system entity that utilizes the SAML protocol to request services from another system entity
(a SAML authority, a responder). The term "client" for this notion is not used because many system
entities simultaneously or serially act as both clients and servers. In cases where the SOAP binding
for SAML is being used, the SAML requester is architecturally distinct from the initial SOAP sender.
An entity making an identity representation or claim to a relying party within some request context.
An Entity making an identity representation or claim to a relying party within some request context.
the role which researches cybersecurity issues including vulnerabilities and attacks, extracts
knowledge from the research, and accumulates it. It publishes many of the reusable information
through Registrar so that individual organizations may implement needed countermeasures. Note:
X-force within International Business Machines Corp. (IBM), the Risk Research Institute of Cyber
Space (RRICS) at the Little eArth Corporation Co., Ltd. (LAC), and McAfee Lab within McAfee, Inc.
are typical instances.
The decoded difference between a prediction of a sample or data element and its decoded value.
A parameter describing service accuracy. The frequency of lost SDUs and of corrupted or duplicated
network SDUs delivered at the user-network interface.
Ability to recover from security compromises or attacks
1) Data contained in an Information system (for example, in the form of files, Information in
memory, etc.), as well as: a) A service provided by a system. b) An item of system equipment (in
other words, a system component such as hardware, firmware, software, or documentation).
2) Data, service or system component
1) A system entity (a SAML authority) that utilizes the SAML protocol to respond to a request for
services from another system entity (a requester). The term "server" for this notion is not used
because many system entities simultaneously or serially act as both clients and servers. In cases
where the SOAP binding for SAML is being used, the SAML responder is architecturally distinct from
the ultimate SOAP receiver.
2) The responder in the key management protocol.
BIP message conveying a response to a prior request BIP message.
the role which monitors and analyzes assorted incidents in cyber societies, e.g., unauthorized
access, distributed denial of service (DDoS) attacks and phishing, and accumulates incident
information. Based on the information, it may implement countermeasures, e.g., blocking traffic and
registering phishing site addresses on black lists. The incident response team inside an MSSP is a
typical instance.
The restore operation may be used to replace the resources associated with a software managed
object with a copy made by an earlier backup. NOTE As with backup, the restore operation may
well be applicable to other classes of managed objects, however as far as X.744 is concerned, only
its use with software is considered.
A service in which content is provided from various broadcasting environments including, but not
limited to, terrestrial, satellite and cable, and re transmitted into IP network simultaneously or
otherwise.
An interactive service which provides the capability of accessing information stored in database
centres. The information will be sent to the user on demand only. The information is retrieved on an
individual basis, i.e., the time at which an information sequence is to start is under the control of the
user.
An entity retrieving cybersecurity information
An operation that removes some or all of previously applied confidentiality protection.
Information that is used to perform the reveal operation.
The revert operation reverses the effect of a previous install operation, or cause one or more
applied patches to be removed.
1)a The process of determining whether a capability is CVE-compatible.
1)b The process of determining whether a capability is CWE-Compatible.
1) Any entity that performs a Review. (MITRE is the only Review Authority at this time.)
2) An entity that performs a Review or effectiveness Testing and is authorized to grant CWECompatible or CWE-Effective status (MITRE is the only Review Authority at this time).
The date of the CVE content that is being used for determining CVE compatibility of a capability.
The set of security elements in the capability's repository that is used by the Review Authority for
evaluating accuracy.
The dated version of CWE that is being used for determining CWE compatibility or CWE
effectiveness of a capability.
The annulment by someone having the authority, of something previously done.
A security certificate issued by a security authority to indicate that a particular security certificate has
been revoked.
A security certificate that identifies a list of security certificates that have been revoked.
The permanent invalidation of verification authentication information.
Any entity manufacturing and selling RFID chips/ tags or manufacturing(including processing or
packaging) and selling objects with built-in attached RFID tags
Any entity offering a service based on objects that have built-in or attached RFID tags
Automatic identification system and data capture system comprising one or more RFID
readers/interrogators and one or more RFID tags wherein data transfer is achieved by means of
suitably modulated inductive or radiating electromagnetic carriers
Any transponder plus the information storage mechanism attached to the object.
1) Referring to the ability to perform a predefined set of utilization functions for a content item;
these utilization functions include permissions (e.g., to view/hear, copy, modify, record, excerpt,
sample, keep for a certain period, distribute), restrictions (e.g., play/view/hear for multiple number of
times, play/view/hear for certain number of hours), and obligations (e.g., payment, content tracing)
that apply to the content and provide the liberty of use as granted to the end user.
2)a One or more legal or business entitlements to use or employ Content, e.g., to view, record,
redistribute Content.
2)b One or more legal or business entitlements to use or employ content, e.g. to view, record,
redistribute content.
2)c One or more legal or business entitlements to use or employ content, e.g., to view, record,
redistribute content.
1) Syntactic embodiment of rights in concrete, formal form.
2) The syntactic embodiment of rights in a concrete form.
The relative impact that an exploited vulnerability would have to a user's environment.
Risk categories may include information systems risk, human resources risk, operational risk,
network services risk, IT services risk, physical risk, and compliance risk.
Coordinated activities to direct and control an organization with regard to risk
Likelihood of a threat being able to expose one or more system vulnerabilities.
A set of information describing one of the risks identified by a telecommunication organization.
A terminating directory number supporting call delivery to mobile stations.
The specific set of features, capabilities and/or operating restrictions, other than financial
accountability, associated with the subscriber.
That aspect of roamer service qualification dealing with financial accountability. Also, the general
procedure by which a roamer's financial accountability is established.
1) The ability for a user to function in a serving network different from the home network. NOTE
This is the ability of the users to access services according to their user profile while moving outside
of their subscribed home network, i.e., by using an access point of a visited network. This requires
the ability of the user to get access to the visited network, the existence of an interface between
home network and visited network, as well as a roaming agreement between the respective network
operators.
2) he ability for a user to function in a serving network different from the home network.
3) Action whereby users access services while outside of their subscribed home network.
Without the authentication of the supplicant by the authenticator or the authentication server, the
rogue network access server can pretend to be a legal node; thus giving rise to major security
concerns.
1) The description of an individuals sphere of responsibility. Note - It may be used for enforcing
access control in accordance with the principle of least privilege (see: managed element
operator(s), managed element system administrator, managed element security administrator,
application system administrator, application security administrator above).
2) A job function within the context of an organization that has associated semantics regarding the
authority and responsibility conferred on the user assigned to the role.
3) Dictionaries define a role as "a character or part played by a performer" or "a function or
position". System entities do various types of roles serially and/or simultaneously, for example,
active roles and passive roles. The notion of an Administrator is often an example of a role.
4) This is a string characterizing a particular function of a network element or an interface that can
be used to identify particular behaviors associated with the element. It is a selector for policy rules to
determine the applicability of the rule to a particular network element. Roles abstract the capabilities
and/or use of network devices and resources.
5) A set of properties or attributes that describe the capabilities or the functions performed by an
entity. NOTE Each entity can have/play many roles. Capabilities may be inherent or assigned.
A <PolicySet> that associates holders of a given role attribute and value with a Permission
<PolicySet> that contains the actual permissions associated with the given role.
A certificate that contains the role attribute, assigning one or more roles to the certificate
subject/holder.
A model for controlling access to resources where permitted actions on resources are identified with
roles rather than with individual subject identities.
An entity that assigns role attributes and values to users or enables role attributes and values during
a user's session.
A certificate that contains the assignment of privileges to a role.
The IT asset management domain has administrator and IT infrastructure provider, the incident
handling domain has response team and coordinator, and the knowledge accumulation domain has
researcher, product & service developer, and registrar for their operations respectively. Note that the
roles are defined from the viewpoint of functions; therefore one entity may take several roles
depending on the context.
one kind of long-term credential stored securely (e.g., shared secret key or password). Both UE and
authentication entity in NGN (e.g. TAA-FE/TUP-FE) store shared root key.
1)a The private signing key of the highest level Certification Authority. It is normally used to sign
public key certificates for lower-level Certification Authorities or other entities.
1)b The private signing key of the highest level Certification Authority. It is normally used to sign
public key certificates for lower-level Certification Authorities or other entities.
1)a The public key of the highest level Certification Authority, normally used to verify digital
signatures that it generated with the corresponding root private key.
1)b The public key of the highest level Certification Authority, normally used to verify digital
signatures that it generated with the corresponding root private key.
The application of rules during the process of routing so as to chose or avoid specific networks, links
or relays.
An association among a set of participants communicating with RTP. The distinguishing feature of
an RTP session is that each maintains a full, separate space of SSRC identifiers.
1) A policy component that binds an action to the conditions governing whether or not the action
is performed. When controlling network resources, the action is usually intended to provide a
service. The following is a simplified expression for a rule: IF condition, THEN action.
2 ) A target, an effect and a condition. A component of a policy.
3) The rule is a set of conditions and basic actions. Rules include many forms such as
behaviours, filters, and so on.
A security policy based on global rules imposed for all users. These rules usually rely on a
comparison of the sensitivity of the resources being accessed and the possession of corresponding
attributes of users, a group of users, or entities acting on behalf of users.
The procedure for combining decisions from multiple rules.

Telebiometric device that is harmless to human physiology, culture, psychology, and meets public
information rights requirements and privacy requirements NOTE 1 The Telebiometric Multimodal
Model (see [ITU-T Rec. X.1081]) provides a framework for the identification of safety aspects of
biometric devices, and for the specification of limits (safety thresholds) by analysing and
categorising the interactions between a human body and its environment. NOTE 2 Safe
telebiometric devices meet a specified set of conditions derived from identified safety thresholds.
Property of a physical device or procedure that determines (and limits through mechanisms,
procedures, regulations and permitted operating thresholds) the extent of the damage that the
device can cause to one or more human beings. NOTE Examples of mechanisms, procedures,
regulations, and permitted operating thresholds are permitted electronic emissions from devices, the
temperature of surfaces on operating devices, the volume of sounds in public entertainment, and
mechanisms to ensure the shut-down of nuclear power plants in the event of some failure. In many
cases the operation of a device within these limits can be both sensed and controlled by
telecommunications.
Level at which a stimulus changes from being safe to not being safe. NOTE In many cases a
stimulus is safe below a safety threshold (a maximum safe level) and unsafe above (for example a
hot object), but there are cases where the stimulus is safe above a safety threshold (a minimum
safe level) and unsafe below (for example a cold object).
A small, fixed-size, structured data object pointing to a typically larger, variably-sized SAML protocol
message. SAML artifacts are designed to be embedded in URLs and conveyed in HTTP messages,
such as HTTP response messages with "3xx Redirection" status codes, and subsequent HTTP GET
messages. In this way, a service provider may indirectly, via a user agent, convey a SAML artifact to
another provider, who may subsequently dereference the SAML artifact via a direct interaction with
the supplying provider, and obtain the SAML Protocol message.
An abstract system entity in the SAML domain model that issues assertions. See also attribute
authority, authentication authority, and policy decision point (PDP).
The term is used to describe the email that is received from email servers according to certain rules.
The percentage and/or the number of security elements to be examined by the review authority.
The method by which the Review Authority identifies the set of security elements in the Review
Sample.
A relative ranking based on spatiotemporal size and scope of influence, often reflected in the
duration in time of phenomena (longer for higher-scale entities) or of periods between events
(longer for events coming out of processes at a higher scale).
An ordered set of derived units that are related by successive units being a power-of-ten multiple of
the preceding unit.
A combination of service protection and content protection.
Service and content protection (SCP) operating mode wherein two or more service and content
protection systems are operational on a single device acting as a bridge between these service and
content protection systems; content acquired via one service and content protection system can be
accessed via another service and content protection system on the bridge according to the granted
rights.
The software code that performs the SCP client function. It can be downloaded to IPTV TD if the
downloadable SCP is deployed.
Service and content protection operating mode wherein content is accessed or exchanged by end
devices according to the granted rights using a single service and content protection system.
The service and content protection (SCP) functions control the protection of the services and
content. Content protection includes control of accessing the content and the protection of content
using methods such as encryption. Service protection includes authentication and authorization to
access the services and optionally protection of the services using methods such as encryption.
A more general service and content protection operating mode involving two or more devices, with
each device having one or more operational service and content protection systems; the content
acquired by one device through one of its service and content protection systems can be securely
transferred to and accessed on another device through a different service and content protection
system according to the granted rights.
General SCP interoperable operation including SCP bridging and SCP interchange
Overall mechanisms required to meet the DVB-CSA specification.
1) The alteration of the characteristics of a vision/sound/data signal in order to prevent
unauthorized reception in a clear form. This alteration is a specified process under the control of the
conditional access system (sending end).
2) The process of using an encryption function to render television and data signals unusable to
unauthorized parties.
3) Process designed to protect multimedia content; scrambling usually uses encryption technology
to protect content.
Algorithm used in a scrambling or a descrambling process.
The ratio of total incorrect service data units (SDUs) to total successfully transferred service data
units plus incorrect service data units in a specified sample. NOTE The source document term
"user information unit" has been replaced by the term "service data unit".
The ratio of total lost service data units (SDUs) to total transmitted service data units in a specified
sample. NOTE The source document term "user information unit" has been replaced by the term
"service data unit".
The ratio of total misdelivered service data units (SDUs) to total service data units transferred
between a specified source and destination user in a specified sample. NOTE The source
document term "user information unit" has been replaced by the term "service data unit".
The value of elapsed time between the start of transfer and successful transfer of a specified
service data unit (SDU). NOTE The source document term "user information unit" has been
replaced by the term "service data unit".
The total number of successfully transferred service data units (SDUs) in a transfer sample divided
by the input/output time for that sample. The input/output time is the larger of the input time or the
output time for the sample. NOTE The source document term "user information unit" has been
replaced by the term "service data unit".
1)a A cryptographic checkvalue that supports integrity but does not protect against forgery by the
recipient (i.e., it does not provide non-repudiation). When a seal is associated with a data element,
that data element is said to be sealed. Note - Although a seal does not by itself provide nonrepudiation, some non-repudiation mechanisms make use of the integrity service provided by seals,
e.g. to protect communications with trusted third parties.
1)b A cryptographic checkvalue that supports integrity but does not protect against forgery by the
1)c A cryptographic checkvalue that supports integrity but does not protect against forgery by the
2) The seal (noun) consists of data associated with a specified part of a document by an
originator, which a privileged recipient may use to verify the integrity and authenticity of the specified
part.
3) To seal (verb) = to associate a seal with a specified part of a document.
1) a special case of mobility with service continuity since it preserves the ability to provide services
without any impact on their service level agreements to a moving object during and after movement.
2) A handover without perceptible interruption of the radio connection.
A service that is implemented such that it will ensure that users will not experience any service
disruptions while changing the point of attachment.
A secondary value restricted to the characters forming an (ASN.1) identifier (X.680]), assigned
either in an ITU-T Rec., an IS or by some other Registration Authority to an arc of the OID tree.
Note: An arc of the international object identifier tree can have zero or more secondary identifiers.
Shadowing where the shadow supplier is not the master DSA .
A value of some type associated with an arc that provides additional identification useful for human
readers, but that does not in general unambiguously identify that arc, and is not normally included in
computer communications.
A key that is used with a symmetric cryptographic algorithm. Possession of a secret key is restricted
(usually to two entities).
A subarea of a cell. All sectors within one cell are served by the same base station. A radio link
within a sector can be identified by a single logical identification belonging to that sector.
1) Provides for authentication between adjacent components, and the setting up of the security
context.
2) This element of service enables an MTS-user to establish an association with the MTS, or the
MTS to establish an association with an MTS-user, or an MTA to establish an association with
another MTA. It also establishes the strong credentials of the objects to interact, and the context
and security-context of the association. Secure Access Management can use either an asymmetric
or a symmetric encryption technique. When access security is achieved through strong credentials,
they can be periodically updated.
Elements designed to support the Secure Access Management security service and the security
management services by the use of Security Context Security Element, Register Security Element
and MS-Register Security Element
Service to provide protection for resources against their unauthorised use. It has two components:
the Peer Entity Authentication and the Security Context security services.
A feature by which the service subscriber/user requires that incoming calls cannot be answered
unless the answering party first successfully authenticates himself as the wanted subscriber. The
use of this feature is strictly related to the privacy requirements from a service subscriber/user;
although it has been considered only in the UPT description, it could be useful also for other
services, e.g. freephone, VPN, and UMTS. (This feature is currently included in the list of UPT Set 1
optional features in Recommendation F.851 "UPT - Service description", with the name "called party
specific secure answering of incoming UPT calls")
Data aggregation that ensures the integrity of the results in the presence of a small number of
malicious aggregation nodes that may be attempting to influence the result
Secure data communication path is the route between two entities to exchange application data
between two entities with no eavesdropping, injection and modification of data, unauthorized access
and repudiation.
and initiating secure data compression algorithms on both ends of the link and negotiated between
peer devices. The mode and algorithms are selected independently for each direction of a virtual
connection. The FRCP provides support for loss-of-synchronization detection and resynchronization
procedures.
The secure hash algorithm, revision 1 is a 160-bit hash function, mandated by the National Institute
for Standards Technology (NIST-USA), with security mechanisms similar to MD5. SHA-1 is defined
by the United States Government in FIPS 180-1. It is a mechanism to reduce a lengthy text
message to a short digest of 160 bits that is both one-way (i.e. non-reversible) and not susceptible
to collisions from multiple different texts. Because SHA generates a 160-bit hash (message digest) it
is much safer from brute-force cryptographic attacks than MD5. Digests (see hash value) are best
thought of as the digital fingerprint of a message. It is a relatively fast, low-overhead and secure
algorithm. SHA-1 can be used to support integrity protection (by itself), or for non-repudiation (in
conjunction with public key encryption). The SHA-1 Message Digest Algorithm is described in
Appendix II/Q.815
A secure home gateway is a kind of residential gateway seen from the point of view of security, and
a point or an entity which forwards data packets from open network to internal home network or vice
versa, changes security parameter or communication protocol from home network to open network
or vice versa, and can perform security-related functions, such as packet filtering, intrusion
detection, and policy management function and so on, according to a given security policy. That is, a
secure home gateway comprises more than only firewall.
1)
Security policy rules that regulate interactions between security domains.
2) Common aspects of the rules necessary in order for interactions to take place between
security domains.
The capabilities in this subclause cover the application of security features to protect messages in
the message handling system in accordance with a defined security policy. This includes elements
of service enabling various components to verify the origin of messages and the integrity of their
content, and elements of service to prevent unauthorized disclosure of the message content.
A system to realize secure mobile end-to-end data communication between mobile user and ASP or
between mobile users.
In this simple authentication protocol, using a memorable password between a client and the server
results in mutual authentication and shared secret that can be used as session key for the next
session.
1)a A mathematical process by which the origin and integrity of a transmitted message can be
ascertained. NOTE If a secure signature system is used, the originator cannot deny having sent
the message, and the receiver can determine if the message has been modified.
1)b A mathematical process by which the origin and integrity of a transmitted message can be
ascertained. NOTE If a secure signature system is used, the originator cannot deny having sent
the message, and the receiver can determine if the message has been modified.
A reliable non-volatile place where stored information survives any type of recoverable failure within
the real open system.
A kind of a security scheme that enables the intermediate network node to perform transcoding
without decryption while preserving end-to-end security; this scheme can be executed by combining
scalable coding, progressive encryption, and packetizing. The secure transcodable scheme can
provide both the confidentiality and message integrity/authentication.
A mechanism to provide for the transfer of application-protocol-data-units (APDUs) between open
systems in a secure manner.
The information flow on top of which the level of required security has been applied. An application
message is transformed with respect to a chosen transport layer and chosen level of security into
one or more secured packets.
1) The term security is used in the sense of minimizing the vulnerabilities of assets and
resources. An asset is anything of value. A vulnerability is any weakness that could be exploited to
violate a system or the information it contains. A threat is a potential violation of security.
2) Protection of a human being's activities (particularly those involving privileges and financial
activities) from attack by other human or computer activities, usually achieved by the use of
mechanical or electronic devices or mechanisms associated with the protected human being. NOTE
Examples of security devices and mechanisms are physical door-locks, the use of PINs or
biometrics to protect credit cards or passports, and the use of biometrics for access control. In
many cases these devices and mechanisms use telecommunications as an essential part of their
operation.
3) A collection of safeguards that ensure the confidentiality of Information, protect the systems or
networks used to process it, and control access to them. Security typically encompasses the
concepts of secrecy, confidentiality, integrity, and availability. It is intended to ensure that a system
resists potentially correlated attacks.
4) The ability to prevent fraud as well as the protection of information availability, integrity and
confidentiality.
5) The protection of information availability, integrity and confidentiality.

The role that tracks security-related actions or events that can be included as resources in the
security audit function.
1) A person who is responsible for the definition or enforcement of one or more parts of a security
policy.
2) An authority (a person or group of people) responsible for implementing the security policy for
a security domain.
1) A message generated when a security-related event that is defined by security policy as being
an alarm condition has been detected. A security alarm is intended to come to the attention of
appropriate entities in a timely manner.
2) A security-related event that has been identified by a security policy as a potential breach of
security
An individual or process that determines the disposition of security alarms.
Software that provides a specific class of security function for a terminal or device within the network
system. For example: anti-virus software.
A server which is located on the network side to provide security files or profile updating and other
online security services to terminals or devices.
The measures provided to ensure continuity of service of the signalling system in the event of the
failure of one or both of the data channels.
An assertion that is scrutinized in the context of security architecture.
1) A relationship between two or more entities for which there exist attributes (state information
and rules) to govern the provision of security services involving those entities.
2) The relationship between lower layer communicating entities for which there exists
corresponding security association attributes.
3) A set of policy and cryptographic keys that provide security service to network traffic that
corresponds to that policy
4) A security relationship between communicating lower layer entities for which there exists
corresponding SA-Attributes.
5) The relationship between communicating entities for which there exists corresponding SAAttributes.
6) a simplex "connection" that affords security services to the traffic carried by it. Security services
are afforded to a SA by the use of the authentication protocols
1)a The collection of information required to control the security of communications between an
entity and its remote peer(s).
1)b The collection of information required to control the security of communications between an
entity and its remote peer(s).
1)a Baseline Privacy security identifier between a CMTS and a CM
1)b Baseline Privacy security identifier between a CMTS and a CM
An independent review and examination of system records and activities in order to test for
adequacy of system controls, to ensure compliance with established policy and operational
procedures, to detect breaches in security, and to recommend any indicated changes in control,
policy and procedures.
The security audit control function is a systems management function describing the notification for
collection of security events. The security alarm notification defined by this systems management
function provides information regarding the operational condition pertaining to security.
The security audit function provides monitoring and collection of information about security-related
actions, and subsequent analysis of the information to review security policies, controls and
procedures. The security audit function includes each of the following elements: alarm collector
function; alarm examiner function; audit trail analyser function; audit trail archiver function; audit
recorder function; audit trail examiner function; audit trail collector function.
A message generated as a result of an auditable security-related event.
A single record in a security audit trail.
Data collected and potentially used to facilitate a security audit.
An individual or a process allowed to have access to the security audit trail and to build audit
reports.
1) An entity that is responsible for the definition, implementation or enforcement of security policy.
The entity accountable for the administration of a security policy within a security domain.
2)a The administrator responsible for the implementation of a security policy.
2)b
The administrator responsible for the implementation of a security policy.
3)
See also security domain authority
1) In the context of message handling, the mechanisms that protect against various security
threats.
2) Capabilities of a directory system to provide protection against security threats. Note 1 - These
directory system capabilities are considered to be additional optional user facilities in the service
context. Note 2 - See X.509 for explanation of security capabilities.
A set of security-relevant data issued by a security authority or trusted third party, together with
security information which is used to provide the integrity and data origin authentication services for
the data. Note - All certificates are deemed to be security certificates. The term security certificate in
the X.800 series is adopted in order to avoid terminology conflicts with X.509.
An ordered sequence of security certificates, in which the first security certificate contains securityrelevant information, and each subsequent security certificate contains security information which
can be used in the verification of previous security certificates
A function supporting the transfer of security-related information between open systems.
Security console is a device which offers a user interface for administration of access control on
other devices from the security point of view.
1) An argument of the MTS-bind and MTA-bind services, and may be temporarily altered for
submitted or delivered messages. The Security Context consists of one or more Security Labels
defining the sensitivity of interactions that may occur in line with the security policy in force.
2) One or more security-labels that define the sensitivity of interactions that may occur between
the MTS-user and the MTS for the duration of the association, in line with the security-policy in
force. The security-context shall be one that is allowed by the registered user-security-labels of the
MTS-user and by the security-labels associated with the MTA of the MTS.
3) With respect to an individual SAML protocol message, the message's security context is the
semantic union of the message's security header blocks (if any) along with other security
mechanisms that may be employed in the message's delivery to a recipient. With respect to the
latter, an example is security mechanisms employed at lower network stack layers such as HTTP,
TLS and IPSec.
4) a set of security parameters including identifier, key material, key algorithm, etc.
Attribute type to identify the security-context within which members of a connection-group interact
An element identifying the context of the connection specified by the bind operation when an MTSuser or an MTA binds to an MTA or MTS-user to limit the scope of passage of messages by
reference to the labels associated with messages. .
Service to limit the scope of passage of messages between entities by reference to the Security
Labels associated with messages supported by the Security Context and the Register security
elements,.and closely related to the Message Security Labelling security service, which provides for
the association of messages and Security Labels.
Protocol Control Information (PCI) exchanged by a security protocol for the purpose of establishing
or maintaining a security association.
The management, operational, and technical controls (i.e., safeguards or countermeasures)
prescribed for an information system to protect the data confidentiality, data integrity, and availability
of the system and its information. NOTE This definition is intended to include controls that provide
accountability, access control, authentication, non-repudiation, communication security, and privacy,
which are sometimes considered as distinct from data confidentiality, data integrity and availability.
A module embedded in mobile terminals to collect the security-related environmental Information, to
communicate with the Security Correlation Server (SCS) in the mobile network for security
evaluation, and to provide the terminal or device with updated security Information. .
Information correlated with the security environment for a mobile terminals or devices, such as the
version control of the operating system and anti-virus software used in the mobile terminal or device
A server in a mobile network that communicates with the Security Correlation Agent (SCA), for
evaluating the security degree and environment of mobile terminals or devices.
An identifier (e.g. number) that represents a set of security parameters including at least one
authentication mechanism, the crypto algorithms and related parameters to reflect the security
requirement of a certain service. It is defined to profile the security requirement of each service.
a set of security measures designed to address a particular aspect of the network security. Properly
designed and implemented security dimensions support security policy that is defined for a
particular network and facilitate the rules set by the security management. X.805 identifies eight
such sets that protect against all major security threats. These dimensions are not limited to the
network, but extend to applications and end user information as well. In addition, the security
dimensions apply to service providers or enterprises offering security services to their customers.
The security dimensions are: (1) access control, (2) authentication, (3) non-repudiation, (4) data
confidentiality, (5) communication security, (6) data integrity, (7) availability, and (8) privacy.
1) The set of resources subject to a single security policy.
2) A set of elements, a security policy, a security authority and a set of security relevant activities
in which the set of elements are subject to the security policy, administered by the security authority,
for the specified activities.
3) A set of elements, a security policy, a security authority and a set of security relevant activities
in which the set of elements are subject to the security policy for the specified activities, and the
security policy is administered by the security authority, for the security domain.
4) A collection of users and systems subject to a common security policy.
5) A domain in which the members are obliged to follow a security policy established and
administered by a security authority. NOTE The security authority is the controlling object for the
security domain.
6) A set of dimensions, a security policy, a security authority and a set of security relevant
activities in which the set of dimensions are subject to the security policy for the specified activities,
and the security authority administers the security policy. It is a collection of users and systems
subject to a common security policy.
7) An environment or context that is defined by security models and security architecture,
including a set of resources and set of system entities that are authorized to access the resources.
One or more security domains may reside in a single administrative domain. The traits defining a
given security domain typically evolve over time.
8) A set of elements, a security policy, a security authority, and a set of security-relevant activities
in which the elements are managed in accordance with the security policy.
9) The set of entities and parties that are subject to a single security policy and a single security
administration. There are inter-security domain and intra-security domain relationships.
10) A set of elements, a security policy, a security authority and a set of security-relevant activities
in which the elements are managed in accordance with the security policy. The policy will be
administered by the security authority. A given security domain may span multiple security zones.
A security domain administrator is a party with the authority to manage a specific P2P network. An
administrative body may have a security policy and the appropriate enforcement mechanism to
ensure the security of the P2P network under its management. Such policy and enforcement
mechanism are completely application-dependent.
1) A security authority that is responsible for the implementation of a security policy for a security
domain.
2) An entity responsible for the implementation of a security policy
3)
See also security authority
1) A database record, email message, security advisory, assessment probe, signature, etc., which
is related to a specific vulnerability or exposure.
2) A database record, assessment probe, signature, etc., that is related to a specific security
weakness.
Elements of the MHS services described in ITUT Rec. X.411 and classified as Authentication
Security Elements, Secure Access Management Security Elements, Data Confidentiality Security
Elements, Data Integrity Security Elements, Non-repudiation Security Elements, Security Label
Security Elements, Security Management Security Elements.
1) An abstract-error to report that the requested abstract-operation could not be provided by the
MTS or MTSuser because it would violate the security-policy in force.
This will be displayed with one of the following reason values whenever the operation requested has
detected a problem for security reasons (see Table B-5/F.500).
A security-related event (X.736)
A transfer or sequence of transfers of application-protocol-control-information between open
systems as part of the operation of one or more security mechanisms.
A security communication function, located in the Application Layer, that provides the means for
communicating security information between AE-invocations.
A logically-distinct piece of information corresponding to a single transfer (in a sequence of
transfers) in a security exchange.
An ASE (application service element) which allows the communication of security information to
support the provision of security services within the Application Layer, i.e. which provides for the
communication of information associated with any security exchange, where this service is typically
used for the transfer of authentication, access control, non-repudiation or security management
information.
An optional extension to the MHS that can be, independently from the communications services
provided by other lower or higher (layer) entities, used to minimise the risk of exposure of assets
and resources to violations of a security policy (threats).
1)a functions that address requirements for confidentiality, integrity, availability and accountability.
They comprise: the access control function; the security audit function; the authentication function;
the integrity function; the confidentiality function; the non-repudiation function; and the key
management function.
1)b
functions that address requirements for confidentiality, integrity, availability and accountability.
They comprise: the access control function; the security audit function; the authentication function;
the integrity function; the confidentiality function; the non-repudiation function; and the key
management function.
1) an entity which relays data traffic between security domains, configures security parameter or
communication protocol and can performs security policy management function.
2) A device installed between two or more IP network regions in order to perform security functions
such as the validation or restriction of packet flows and the mapping of transport addresses
between network regions. For this Recommendation, it is assumed that the Security Gateway is an
ALG knowledgeable of H.323 signalling protocols.
any adverse event whereby some aspect of security could be threatened.
Information needed to implement security services.
An instance of a Security Information Object (SIO) Class. Note - The specification of each SIO in
X.841 contains: a description of the SIO, an explanation of the usage of the SIO, and a description
of the components of the SIO including the ASN.1 specification and the object identifier of the object
class being defined.
An Information Object Class that has been tailored for security use.
Those aspects of the security policies of different security domains that are necessary in order for
interactions to take place between those domains.
Generated by LMFp, it is sent to the mobile terminal, visited PSCF, and PSGCF for support of
encryption and security association between these entities.
1) A marking of a document, which specifies the handling of the document according to the
security policy in force.
2) (The set of resources to) define the sensitivity of interactions that may occur between the MTSuser and the MTS for the duration of the association, in line with the security-policy in force
3)a The marking bound to a resource (which may be a data unit) that names or designates the
security attributes of that resource. Note - The marking and/or binding may be explicit or implicit
3)b The marking bound to a resource (which may be a data unit) that names or designates the
security attributes of that resource. Note - The marking and/or binding may be explicit or implicit
These elements exist to support security labelling in the MHS.
1) In order to provide an end-to-end security solution, the security dimensions described must be
applied to a hierarchy of network equipment and facility groupings, which are referred to as security
layers. X.805 defines three security layers a) the Infrastructure Security Layer; b) the Services
Security Layer and; c) the Applications Security Layer, which build on one another to provide
network-based solutions. These security layers are a series of enablers for secure network
solutions: the infrastructure layer enables the services layer and the services layer enables the
applications layer. The security architecture addresses the fact that each layer has different security
vulnerabilities and offers the flexibility of countering the potential threats in a way most suited for a
particular security layer.
2) A hierarchy of network equipment and facility groupings to which the security dimensions must
be applied. There are three security layers identified: Infrastructure security layer, Services security
layer, and Application security layer. . (X.805)
1) Security level is the application of a network system to process Information with different
sensitivities, permit simultaneous access by users with different security clearances and needs-toknow.
2) The security level is an index to a description (in a BPC) of the resistance capability of a
biometric system to attacks due to spoofing, masquerade, false matches or false enrolments. NOTE
1 The higher the security level, the higher the confidence is of the enrolment process or the
verification result of a users identity. NOTE 2 X.1089 does not define specific security levels, but it
is recorded in certificates as an integer in the range 1 (lowest) to 100 (highest).
3) Security specification of the system which defines effectiveness of risk protection.
If a management domain within MHS employs different security clearance levels (e.g. public,
personal, private and company confidential), then users must be prevented from sending or
receiving any messages for which they have an inadequate security clearance level if the
management domains security is not to be compromised.
1) Security management comprises all activities to establish, maintain and terminate the security
aspects of a system. Topics covered are: management of security services; installation of security
mechanisms; key management (management part); establishment of identities, keys, access control
information, etc.; management of security audit trail and security alarms.
2) A set of TMN management functions which enable a TMN to change passwords and alter the
identifications and security classes of communication channels.
See Change Credentials Security Element.
A number of security management services are needed by the MHS, but ITU T Rec. X.411 is
concerned only with changing credentials and registering MTS-user security labels.
A logical collection of management functionality used to perform Operations, Administration,
Maintenance and Provisioning (OAM&P) of security mechanisms, policies and services within a
services and communications infrastructure.
Security manager is a person or entity that determines the security service level, manages the
configuration of security policy, and performs security policy-related tasks at mobile terminal or
service provider.
a framework for describing the security services that counter potential threats to the MTS and the
security elements that support those services.
A hardware or software module with tamper resistance to perform the download SCP protocol,
generate and store keys, and store SCP client data and code. The security module acts as a subfunction of the SCP client on the IPTV terminal.
a certain type of network activity protected by security dimensions. X.805 defines three security
planes to represent the three types of protected activities that take place on a network. The security
planes are: 1) the Management Plane; 2) the Control Plane; and 3) the End-User Plane.These
security planes address specific security needs associated with network management activities,
network control or signalling activities, and end-user activities correspondingly.
1)
The set of rules laid down by the security authority governing the use and provision of security
services and facilities.
2)a The set of criteria for the provision of security services. Note - See identity-based and rulebased security policy. A complete security policy will necessarily address many concerns which are
outside of the scope of OSI.
2)b The set of criteria for the provision of security services. Note - See identity-based and rulebased security policy. A complete security policy will necessarily address many concerns which are
outside of the scope of OSI.
3) The set of rules that specify the procedures and services required to maintain the intended
level of security of a set of resources.
4) A set of rules that constrains one or more sets of activities of one or more sets of objects.
A mapping of principal identities and/or attributes thereof with allowable actions. Security policy
expressions are often essentially access control lists.
A construct that conveys domain-specific security policy information. Note - The Security Policy
Information File is a signed object to protect it from unauthorized changes.
A function to manage or negotiate a set of rules to provide classified security services which can be
implemented on the mobile security gateway or other server.
A representation of a security policy for a security domain within a real system.
Security policy server is an entity that connects to security gateway. It manages security policy and
uses the security policy to control the negotiation of security levels among network security
domains.
An identifier for the cause of the violation of the security-policy.
A (sub)set of consistent, interoperable procedures and features out of H.235 useful for securing
H.323 multimedia communication among the involved entities in a specific scenario.
Actions that are taken and procedures that are carried out when a violation of security is either
detected or suspected to have taken place.
A report that results from the analysis of the security audit trail and that can be used to determine
whether a breach of security has occurred.
1) Local information which, given the security services selected specify the underlying security
mechanisms to be employed, including all parameters needed for the operation of the mechanism.
Note - Security rules are a form of secure interaction rules as defined in the Upper Layers Security
Model
2) Local information which, given security services selected, specify the security mechanisms to
be used including all parameters needed for the operation of the mechanisms. NOTE - This
information may form a part of a Security Interaction Rules as defined in CCITT Recommendation
X.803 | ISO 10745.
1) A service, provided by a layer of communicating open systems, which ensures adequate
security of the systems or of data transfers.
2) Security service is a service provided by service provider, ensures adequate security of the
systems or of data transfers. It includes not only eight security dimensions, but also on-line virus
scan, content filter that service provider can provide.
The broad classes of Message Transfer security services in MHS are: origin authentication security
services, secure access management security services, data confidentiality security services, data
integrity security services, non-repudiation security services, message security labelling security
service, security management services.
State information that is held in an open system and that is required for the provision of security
services.
A variety of interrelating elements (certain principles, organization and technical measures for
security provision) that minimize vulnerability of assets and resources.
Security systems of neighboring telecommunication networksperform functions to protect these
networks and information transmitted via these networks against security threats. Neighboring
telecommunication networks (including networks in other countries) perform traffic exchange with
the telecommunication network under consideration.
Security systems of user terminal systems perform functions of protection for terminal devices and
home/corporate networks against security threats. These threats may emanate either from the
telecommunication network itself or from internal sources (e.g. user terminal systems). Besides,
security systems of user terminal systems employ mechanisms to protect user information
transmitted to the telecommunication network.User terminal systems may contain some terminal
devices (telephone apparatus, television sets, computers and other sort of terminals) and relevant
home/corporate network connections.
These are the threats that are particularly concerned with related to IdM system. The threats listed
are the main security weaknesses that any IdM system should provide proper countermeasures to
cope with: password related threats; unauthorized access; eavesdropping; phishing; and identity
theft
1) A set of data protected by one or more security services, together with security information
used in the provision of those security services, that is transferred between communicating entities.
2) This is a cryptographic key stored in a special hardware device or a general-purpose
computing device.
Security token service is required to share security or identity information between entities. Security
token is usually protected by security and cryptographic mechanisms since it always contains highly
confidential information that should not be released.
1) A set of functions (system security functions and security communication functions) which, in
combination, operate upon user data items to protect those data items in a particular way during
communication or storage.
2) A security function (or combination of security functions) applied to user data to protect that
data during communication or storage, which involves an encoding process applied prior to
communication or storage, and a decoding process which may be (but need not always be) applied
upon receipt or retrieval.
1) A protected area defined by operational control, location, and connectivity to other
device/network elements.
2) A security zone is defined by operational control, location, and connectivity to other
device/network elements. NOTE: Rec. Y.2701 defines 3 security zones: trusted; trusted but
vulnerable; and un-trusted.
1) Any event that has been defined by security policy to be a potential breach of security, or to
have possible security relevance. Reaching a pre-defined threshold value is an example of a
security-related event.
2) An event which is considered to have relevance to security.
(In the context of a directory the) security attribute types are: User password; User certificate;
Authority revocation list; Certificate revocation list; Certification authority (CA) certificate.
A security service to provide confidentiality of selected fields within the (N)-user-data on an (N)connection or in a single connectionless (N)-SDU.
A security service to provide the integrity of selected fields within the (N)-user data of an (N)-SDU
transferred over a connection and takes the form of determination of whether the selected fields
have been modified, inserted, deleted or replayed.
A security service to provide the integrity of selected fields within a single connectionless SDU and
takes the form of determination of whether the selected fields have been modified.
The protection of specific fields within a message which is to be transmitted.
An identity that an entity declares to be its own.
An attribute certificate where the issuer and the subject are the same Attribute Authority. An Attribute
Authority might use a self-issued AC, for example, to publish policy information. .
A public-key certificate where the issuer and the subject are the same CA. A CA might use selfissued certificates, for example, during a key rollover operation to provide trust from the old key to
the new key. .
The user of the self-service management service with authorization obtained from the self-service
manager, limited to the use of Self-service management. The authorizations may be for services or
content, provided independently of the service provider defined in the contract.
A special case of self-issued certificates where the private key used by the CA to sign the certificate
corresponds to the public key that is certified within the certificate. A CA might use a self-signed
certificate, for example, to advertise their public key or other information about their operations.
NOTE Use of self-issued certificates and self-signed certificates issued by other than CAs are
outside the scope of this Recommendation | International Standard. .
The study of the use of signs and symbols in human communication.
a server which sends messages for message senders. In email applications, a SMTP server acts as
a sender agent.
a function of sender party for countering spam, which detects and blocks spam during message
sending process.
An agent which is to perform contents protection and the corresponding security functions of the
receiver security agent (ReSA), the group and membership control (GMC) agent and the group key
management (GKM) agent.
An instance of ASF which identifies and blocks IP multimedia spam being delivered from spammers
to the boundary of external network. SASF can be located in the network elements where outbound
communication requests from spammers are sent as the first hop.
In a role hierarchy, role A is senior to role B if role A inherits all the permissions associated with role
B.
Data sensed by a sensor that is attached to a specific sensor node.
1) Characteristic of a resource that implies its value or importance.
2) The characteristic of a resource which implies its value or importance, and may include its
vulnerability.
This element of service allows the originator of an IP-message to specify guidelines for the relative
sensitivity of the message upon its receipt. It is the intent that the sensitivity indication should control
such items as: 1) Whether the recipient should have to prove his identity to receive the IPmessage. 2) Whether the IP-message should be allowed to be printed on a shared printer. 3)
Whether an IPM UA should allow the recipient to forward the received IP-message. 4) Whether the
IP-message should be allowed to be auto-forwarded. The sensitivity indication can be indicated to
the recipient or interpreted directly by the recipients IPM UA. If no sensitivity level is indicated, it
should be assumed that the IP-messages originator has advised no restriction on the recipients
further disposition of the IP-message. The recipient is free to forward, print, or otherwise do as he
chooses with the IP-message. Three specific levels of sensitivity above the default are defined: 1)
Personal, the IP-message is sent to the recipient as an individual, rather than to him in his role.
There is no implication that the IP-message is private, however. 2) Private, the IP-message
contains
information
that senses
should be
seen (orcondition
heard) only
by the recipient,
andand
not delivers
by anyone
An electronic
device that
a physical
or chemical
compound
an else.
electronic signal proportional to the observed characteristic.
A network comprised of interconnected sensor nodes exchanging sensed data by wired or wireless
communication.
An interface used between USN middleware and a sensor network/radio frequency identificvtion
(RFID) reader.
Information about a sensor network, such as description of the sensor network, sensor node
identifier, supported sensor type, the number of attached sensors for each sensor node, and the
number of sensor nodes connected to the specific sensor network, etc.
A directory service that provides sensor network metadata.
A device consisting of sensor(s) and optional actuator(s) with capabilities of sensed data processing
and networking.
A syntax structure containing syntax elements that apply to zero or more entire coded video
sequences as determined by the content of a seq_parameter_set_id syntax element found in the
picture parameter set referred to by the pic_parameter_set_id syntax element found in each slice
header.
1) A Device used to service requests from other Devices.
2) Entity that provides a biometric authentication service using a one-time telebiometric template
at the request of a user or a client in telecommunication environments
Server authentication models a situation in which the client wants to verify the servers identity. The
server answers by sending its credentials such as digital certificate or shared secret.
For the password-based EAP method, the attacker is unable to impersonate the supplicant by
obtaining a user password even after obtaining the hidden password file. Once the attacker
compromises the server, he/she can obtain the hidden password file, i.e. hashed password file, and
perform the offline dictionary attack against the hidden password file to obtain the password which
can be used to impersonate the supplicant. However, this kind of attack can be prevented by
encrypting the hidden password file by the secret key which is stored in the external hardware token
or using some sophisticated cryptographic schemes, secret sharing schemes between the server
and the hardware token. The resistance to the server compromised-based dictionary can be
regarded as a way to mitigate the server-compromised attack. As a conclusion, this capability can
be obtained by using a hardware token to store the servers secret materials
For a password-based EAP method [RFC 5433], the attacker is unable to impersonate the
supplicant by obtaining a user password even after obtaining the password file. When the attacker
compromise the server, he/she can obtain the hidden password file, i.e. hashed password file, and
perform the offline dictionary attack against the hidden password file to obtain the password which
can be used to impersonate the supplicant. However, this kind of attack can be prevented by
encrypting the hidden password file by the secret key which is stored in the external hardware token
or using some sophisticated cryptographic schemes, i.e. the secret sharing scheme between the
server and the hardware token. As a conclusion, this capability may be obtained by using a
hardware token to store the servers secret materials.
This is an attack wherein an attacker obtains verifier Information from the server and launches a
dictionary attack on the password file.
In the case of a server-compromised attack, the password may be obtained by performing a
dictionary attack on the compromised verifier. If the server uses a tamper-free token such as smart
card to store additional Information or other cryptographic methods to prevent a servercompromised attack, a password can still not be derived even if a dictionary attack is launched on
the verifier.
1) term representing telecommunications capabilities that the customer buys or leases from a
service provider. Service is an abstraction of the network-element-oriented or equipment-oriented
view. Identical services can be provided by different network elements, and different services can be
provided by the same network elements.
2)a A set of functionality enabled by a provider for end-users; for example, providing IP connectivity
with managed quality of service, providing an IPTV Service, providing a content on demand service,
etc.
2)b A set of functionality enabled by a provider for end users; for example, providing IP
connectivity with managed quality of service, providing an IPTV service, providing a content-ondemand service, etc.
2)c A set of functionalities enabled by a provider for end-users. Note: Example provisioned
functionalities include IP connectivity with managed quality of service, video on-demand.
3)a A set of functions and facilities offered to a user by a provider.
3)b A set of functions and facilities offered to a user by a provider.
A combination of service protection and content protection or the system or implementation thereof.
The SCP functions control the protection of the services and content. Content protection includes
control of access to contents and the protection of contents using methods such as encryption.
Service protection includes authentication and authorization of access to services and optionally
protection of the services using methods such as encryption.
The service and content protection (SCP) client functions interact with SCP functions to provide
service protection and content protection. The SCP client functions verify the usage rights and
decrypt and optionally watermark the content.
The service area is defined in the same way as the service area according to Q.1001. In contrast to
the PLMN area, it is not based on the coverage of a PLMN. Instead, it is based on the area in which
a fixed network user can call a mobile user without knowing his location. The service area can
therefore change when the signalling system is being extended, for example.
A network element that is deployed to transmit the authentication Information between the visited
SP and the SS home EAC when an SS uses the service provided by an SP in the visited network
which has had a subscription relationship with the SSs home network.
Bearers defined by parameters, and/or mechanisms needed to realize services. These are within
networks and under network control.
Functionality offered by service capabilities that are accessible via the standardized application
interface.
Network functionality providing open interfaces towards the functionality offered by 3G System
service capabilities.
A set of coordinated services that occur in a specific sequence.
Service composition is the capability of creating new services from other existing services.
The ability for a moving object to maintain ongoing service over including current states, such as
user's network environment and session for a service.
the ability for a moving object to maintain ongoing service over including current states, such as
user's network environment and session for a service. This category includes Seamless Handover
and Handover.
The ability of the user, home environment or serving environment to determine what a particular
service does, for a specific invocation of that service, within the limitations of that service.
The ability to manage the relationships and interactions among services to provide a "service chain"
as well as among services and applications.
A language for the specification of event-driven systems, in particular telecommunication systems,
and an object-oriented formal language intended for the specification of complex, event-driven, realtime, and interactive applications involving many concurrent activities that communicate using
discrete signals.
Service development support provides an environment for service creation, development and
maintenance.
the ability to provide services irrespective of environment changes of a moving object, but not to be
able to maintain ongoing service. This category includes Nomadism and Portability.
Service discovery performs a search against all registered services and provides the related service
information.
A capability which may be used, either by itself or in conjunction with other service enablers, to
provide a service to the end user.
A service subscriber or a service provider.
Fraudulent use of telecommunication services, sometimes involving the expected or unexpected
interaction of two or more services.
Data which describes programs and services.
Formal agreement between two or more parties that is reached after a negotiating activity with the
scope to define service characteristics, responsibilities and priorities of every part. A SLA may
include statements about security, performance, tariffing and billing, service delivery and
compensations.
Service management provides the overall service managing functions such as service monitoring,
service tracking and unexpected failure control
A Service Management System is a Service Management Layer (M.3010) operations system
the mobility, applied for a specific service, i.e., the ability of a moving object to use the particular
(subscribed) service irrespective of the location of the user and the terminal that is used for that
purpose. Note that this service mobility is different from the service level mobility which is defined in
Y.2012 and related Recommendations.
an interface which provides a channel for interactions and exchanges between a NGN and other
service providers (such as a content provider). The SNI supports both a control plane level type of
interaction and a media level (or data plane) type of interaction.
1) Ensuring that an end user can only acquire a service and the content hosted therein by
extension as what he/she is entitled to receive; service protection includes protecting service from
unauthorized access as IPTV contents traverse through the IPTV service connections.
2) Ensuring that an end-user can only acquire a service, and, by extension, the content contained
therein, that he or she is entitled to receive.
The service protection client functional block performs the authentication and authorization of
access to services and, optionally, protection of the services using methods such as encryption.
The service protection functional block controls the protection of services. Service protection
includes authentication and authorization of access to services and the protection of the services
using methods such as encryption.
1) A role donned by a system entity where the system entity provides services to principals or
other system entities.
2)
a business that provides service to customers over a network, includes not only network
service provider but also application service provider.
3) A network entity that is capable of providing services for mobile users. It may be an application
server in operator network or in open network. It may also be a mobile user that has the facilities to
provide services to other mobile users.
4) Any entity or system on a network that provides a service to a remote client. NOTE Examples
are a Web server, a social network provider, a store selling books or electronic goods over a
network, a bank providing access to an account, and many others.
5) An entity that offers services to users involving the use of network resources.
6) A general reference to an operator that provides telecommunication services to customers and
other users either on a tariff or contract basis. A service provider can optionally operate a network. A
service provider can optionally be a customer of another service provider.
7)a
A general reference to an operator that provides telecommunication services to customers
and other users either on a tariff or contract basis. A service provider may or may not operate a
network. A service provider may or may not be a customer of another service provider. Note:
Typically, the service provider acquires or licenses content from content providers and packages this
7)b
A general
reference
to anby
operator
that provides telecommunication services to customers
into a service
that
is consumed
the end-user.
and other users either on a tariff or contract basis. A service provider can optionally operate a
network. A service provider can optionally be a customer of another service provider. Note: Typically,
the service provider acquires or licenses content from content providers and packages this into a
8)
A system
a networkbythat
service
that is or
consumed
theprovides
end-user.a telecommunication service to a customer. In the context
of X.790, a service provider is specifically a provider of telecommunications services who offers the
OS-to-OS OSI interface to allow a customer the capability for network management across
jurisdictions in order to control the services (or resources) being provided (See Customer). A service
provider acts in the agent role. There is no requirement that the interface be confined to cases
where there is a traditional telecommunication service customer to telecommunication service
provider relationship between the parties. It is certainly possible that two telecommunications
carriers, whose networks interwork to provide a telecommunications service to an end user, may
use this interface. In that case, the customer and service provider roles may change from situation
to situation. However, in any particular situation, one carrier will be the customer and have the
manager role, while the other will be the supplier, and will have the agent role.
9) A general reference to an operator that provides telecommunication services to customers and

other users either on a tariff or contract basis. A service provider may or may not operate a network.
A service provider may or may not be a customer of another service provider.
A role donned by a system entity where the system entity provides services to principals or other
system entities using only required portion of SAML protocol.
The service capabilities, features and privileges to which an MS is entitled. Also, the general
procedure by which such service capabilities, features, and privileges become established in an
MSC.
References an established security association between two functional entities, assuming that at
least a shared key is present. H.530 uses the term service relationship to reference an established
security association between two functional entities, such as between a visited border element (VBE) and a home border element (H-BE). Among other parameters of such a service relationship, it
is essential that at least a shared key ZZn be present, by which traffic between both functional
entities is secured (e.g. IPSEC or Annex D/H.235).
1) Means either a connection establishment or a connectionless service request.
2) This is defined as being one invocation of the service through a service request primitive.
The entity which requests the initiation of a GPRS operation, through a service request.
A set of automated or manual methods, invoked after a network failure, to enhance the ability of
successful communications reroute and completion around the failed network element(s).
name that identifies a particular wireless access point.
1) Is the legal entity, which has subscribed to a certain service type. It is not necessarily a different
party from the service user. (The calling and called parties of a service transaction are service
users).
2) A network entity that is capable of requesting subscribed services from an SP. Generally, the SS
is a mobile user but it may also be an application server that acts as a retailer to obtain service
resources for mobile users.
3) The entity which subscribes to the general packet radio service (GPRS) service.
Combines usage metering records, which pertain to a particular service transaction, into a single
record. In addition it contains charging information. NOTE The term service transaction is used in
its usual English meaning to denote things like a telephone call or the sending of an electronic mail
message.
The particular kind or category of service provided by the SP and consumed by the SS. There are
several kinds of service and each service belongs to one service type, e.g. in 3GPP, there are
service types of Unspecific service, PKI-Portal, Presence and MBMS etc.
A process to provide telecommunication services to every individual or group of people irrespective
of social, geographical, and economical status.
The set of functions that the mobile cellular system can make available to the user.
addresses security of services that service providers provide to their customers. These services
range from basic transport and connectivity to service enablers like those that are necessary for
providing Internet access (e.g., AAA services, dynamic host configuration services, domain name
services, etc.) to value-added services such as freephone service, QoS, VPN, location services,
instant messaging, etc. The services security layer is used to protect the service providers and their
customers, both of which are potential targets of security threats. For example, the attackers may
attempt to deny the service provider's ability to offer the services, or they may attempt to disrupt
service for an individual customer of the service provider (e.g., a corporation).
The access point (or network) providing service to the UE before handover.
The MSC which currently has the MS obtaining service at one of its cell sites within its coverage
area.
The serving network provides the user with access to the services of home environment.
A lasting interaction between system entities, often involving a Principal, typified by the maintenance
of some state of the interaction for the duration of the interaction.
A role donned by a system entity when it maintains state related to sessions.
A mechanism of stealing valid user session to gain unauthorized access to Information or services.
An application-layer control (signaling) protocol for creating, modifying, and terminating sessions
with one or more participants.
one kind of short-term key material that is generated based on root key. Usually session key
material is generated based on root key and other key generation parameters such as negotiation
information
procedure.
Sessiondata
keyfor
material
is used
to protect
traffic
The sessionduring
key is authentication
a temporary key
used to encrypt
the current
session
only.signalling
The use of
and userkeys
traffic.
Session
key can
be even
derived
further.
The
key derivation
depends
on the
session
keeps
the secret
keys
more
secret
because
they aremechanism
not used directly
to encrypt
specific
cryptographic
algorithm
protocol.
the
data.
Secret
are
used
toorwhen
derive
session keys
using various
that combine
A role
donned
bykeys
a system
entity
it the
participates
in a session
with atmethods
least a session
authority.
random numbers from either the client or server or both.
The word assigned during a transmission by the Management Centre.
Payment of amounts resulting from the accounting process.
A DSA that receives shadowed information .
The relationship between two DSAs, one acting as a supplier of replicated information and the other
as its consumer .
The service provided to perform shadowing between two DSAs that have entered into one or more
shadowing agreements .
A DSA that provides shadowed information. This DSA may or may not be the master DSA .
A unit of shadowed information which is associated with a specific name; it represents the
information taken from a DSE which is shadowed .
The complete set of information associated with a unit of replication. Shadowed information is
conceptually held both by the shadow supplier and the shadow consumer for the purposes of the
shadow protocol and comprises a tree shaped structure of shadowed DSEs .
Replication between two DSAs whereby shadowed information is copied and maintained using the
Directory Information Shadowing Protocol .
The terms specific to a particular agreement required for shadowing to occur between a pair of
DSAs .
Key data which is generated during mutual authentication procedure of the SS (or SP) and the EAC,
and which is used to protect the security communication of the reference point connecting the EAC
and the SS (or SP). The shared keying material between the SS and the EAC is denoted by Ks and
the shared keying material between the SP and the EAC is denoted by Kp. Its key length,
generation algorithm and lifetime are set according to some other parameters, such as service type
and security degree.
When two or more network operators share network elements.
Refers to the security key for the cryptographic algorithms; it may be derived from a password. This
Rec. uses the term shared secret for a security key that is part of the security parameters for the
cryptographic algorithms; it can be derived from a password (see H.235 procedure 10.3.5) or it can
be assigned per configuration or by other means. Likewise, the mobile terminal may have been
assigned a separate security shared secret by the home domain for the purpose of terminal
authentication.
The conversion of data into integrity-protected data.
Information that is conveyed from a sending user to a receiving user via an SMSC.
1) Refers to the entity that composes and decomposes short messages. A SME may or may not
be, located within, and be indistinguishable from, a home location register (HLR), Message Centre
(MC), Visitor Location Register (VLR), Mobile Station (MS), or Mobile Switching Centre (MSC).
(Q.1742.3)
2) The SME is an entity that composes and decomposes short messages. A SME may or may not
be located within, and be indistinguishable from, an HLR, MC, VLR, MS, or MSC.
1) Refers to a kind of message services, which provides mobile phones, telephones and other
SMEs to transfer and receive text messages through a device named service centre implementing
the functions such as saving and delivering.
2) The services in telecommunication networks, which provide mobile phones, telephones and
other SMEs to transfer and receive text messages through SMSCs that store messages if the
receiving terminal cannot be contacted.
Function unit, which is responsible for the relaying and store-and-forwarding of a short message
(SM) between two SM-TEs or SME and an MS. The SMSC can functionally be separated from or
integrated in the network.
A security threat which collects Information in busy places by watching keystroke, reading mobile
terminal's screen, or listening to sound from a mobile terminal.
A video service showing an interpreter who uses hand gestures and facial expression to convey the
main audio content and dialogue to sign language and lip readers. Note: This service comes in the
form of supplementary video content, usually smaller in image size to that of the main video content.
Ideally, the user can control the position, size and background properties (solid or transparent and
the colour, if solid). It is of sufficient temporal and spatial quality to enable sign reading and lip
reading.
The information exchanged between the mobile station and the network, or within the network, for
the purposes of service provision (e.g., connection establishment).
An SG is a signalling agent that receives/sends SCN native signalling at the edge of the IP network.
In particular the SS7 SG function translates variants ISUP and TCAP in an SS7-Internet Gateway to
a common version of ISUP and TCAP.
An architecture and set of protocols for performing out-of-band call signaling with a telephone
network.
See digital signature.
The role, in which a TTP is trusted to provide evidence in the form of a digital signature on behalf of
the evidence subject. Note - The Signature Generation role is a particular case of the Evidence
Generation role.
The role, in which a TTP is trusted by the evidence user to verify evidence in the form of a digital
signature. Note - The Signature Verification role is a particular case of the Evidence Verification role.
See "logout".
See "login".
Enables a user to personalize a ME so that it may only be used with particular SIM(s).
Authentication by means of simple password arrangements.
A way for a program executing in one kind of operating system to communicate with a program
executing in the same or another kind of operating system by using the World Wide Webs
Hypertext Transfer Protocol (HTTP) and its Extensible Markup Language (XML) as the mechanisms
for information Exchange.
SOAP is a lightweight protocol for exchange of information in a decentralized, distributed
environment. It is an XML based protocol that consists of three parts: an envelope that defines a
framework for describing what is in a message and how to process it; a set of encoding rules for
expressing instances of application-defined datatypes; and a convention for representing remote
procedure calls and responses. SOAP can potentially be used in combination with a variety of other
protocols; however, the only bindings defined in this document describe how to use SOAP in
combination with HTTP and HTTP Extension Framework
1) a network capability that enables a user to log in once and obtain access to the multiple
application services of a network without being repeatedly requested to provide her or his
authentication credentials for each individual application service. This capability significantly
improves user experience by enabling a user to receive various services without having to maintain
multiple authentication credentials (e.g., username/password pairs). Because the SSO allows a user
to have one set of the authentication credentials for accessing multiple application services, it
makes it easier for the service providers to enforce more strict rules for establishing the credentials.
This helps to improve the network security.
2) The ability to use an authentication assertion from one network operator/service provider to
another operator/provider for a user either accessing a service or roaming into a visited network.
A security association applying to a single independently-protected presentation data value which is
not associated with a presentation context; attributes of the security association are indicated
explicitly along with the presentation data value encoding.
Session Initiation Protocol Plus. An extension to SIP.
An informal term for an administrative domain in geographical or DNS name sense. It may refer to a
particular geographical or topological portion of an administrative domain, or it may encompass
multiple administrative domains, as may be the case at an ASP site.
A customized graphical appearance (the visual aspect of a graphical user interface (GUI)) applied to
certain software and websites for aesthetic reasons or ease of use.
BIP endpoint to which the given (master) BIP endpoint has been logically connected with a BIP link,
and which is capable of processing request BIP messages received from the given BIP endpoint
and sending notification BIP messages to it.NOTE A given BIP endpoint may play both the role of
master and the role of slave at the same time, with any number of other BIP endpoints, provided
that an appropriate set of BIP links are established.
A mobile phone that offers more advanced computing ability and connectivity than a contemporary
feature phone. Note: Smartphones and feature phones are handheld computers integrated with a
mobile telephone.
Spam sent via SMS.
Short message transfer protocol data unit containing user data (the short message), being sent from
an SC to an MS.
Short message transfer protocol data unit informing the receiving MS of the status of a mobile
originated short message previously submitted by the MS, i.e., whether the SC was able to forward
the message or not, or whether the message was stored in the SC for later delivery.
Short message transfer protocol data unit containing user data (the short message), being sent from
an MS to an SC.
An Attribute Authority that a privilege verifier for a particular resource trusts as the ultimate authority
to assign a set of privileges.
Secure Password-based Authentication protocol with Key exchange. In this simple authentication
protocol, using a memorable password between a client and the server results in mutual
authentication and shared secret that can be used as session key for the next session.
1) The meaning of the word spam depends on each national perception of privacy and what
constitutes spam, from the national technological, economic, social and practical perspective. In
particular, its meaning evolves and broadens as technologies develop, providing novel opportunities
for misuse of electronic communications. Although there is no globally agreed definition on spam,
this term is commonly used to describe unsolicited electronic bulk communications over email or
mobile messaging for the purpose of marketing commercial products or services.
2) Although there is no universally agreed definition of spam, the term is commonly used to
describe unsolicited electronic bulk communications over e-mail or mobile messaging (SMS, MMS).
3) The abuse of electronic messaging systems to indiscriminately send unsolicited bulk of
messages. (Spam affects e-mail, short message systems, IP multimedia systems and other
communication systems.)
4) The electronic information delivered from senders to recipients by terminals such as computers,
mobile phones, telephones, etc., which is usually unsolicited, unwanted, and harmful for recipients.
5) Spam is unwanted, unsolicited and usually invasive Internet advertising.
A spam targeting users of Instant Messaging Service.
Spam targeting users of Internet Telephony Service
An entity or a person that receives spam.
An ASF whose role is to identify and block IP multimedia spam arrived to spam recipients. SRF can
be located in the home-network or terminals of spam recipients.
1) An entity or a person creating and sending spam
2) Refers to the entity or the person creating and sending spam
3) Sender of spam
4)
Term used to describe the entity or the person creating and sending email spam.
1) A chain of activities which spammers do to send spam such as collection of target list, creation
of spam, delivery of spam, and so on.
2) A denial-of-service attack when sending unauthorized data in excess to a system. A special
case is media spamming when sending RTP packets on UDP ports. Usually the system is flooded
with packets; the processing consumes precious system resources.
3) Spamming is the practice of posting unwanted duplicate articles (spam) to large number of
network users.
In the context of message handling, the involvement of specialized access units providing
intercommunication between message handling services and other telecommunication services.
An SIO Class in which the data types for all components are fully specified.
A performance criterion that describes the time interval required to perform a function or the rate at
which the function is performed. (The function may or may not be performed with the desired
accuracy.)
Sender of SPIM.
Sender of SPIT.
1)a A scenario in which mobility service is authorized by a separate AAA infrastructure from that
which authorizes transport service. Thus in general two sets of user credentials are required to
complete the authorization process. This Rec. assumes that the credentials for mobility service are
obtained from the UE during the network attachment process, but leaves the details to other
Recommendations.
1)b A scenario in which mobility service is authorized by a separate AAA infrastructure from that
which authorizes transport service. Thus, in general two sets of user credentials are required to
complete the authorization process. This Rec. assumes that the credentials for mobility service are
obtained from the UE during the network attachment process, but leaves the details to other Rec.s.
An organization recognized to receive proposals for registration and to submit applications to an
International Registration Authority as defined by a given ITU-T Recommendation and/or
International Standard.
An activity wherein a forged (spoofed) source (e.g., a person or a computer program) successfully
masquerades as a legitimate source by falsifying data and for the purpose of obtaining information
and/or obscuring the true source so that the forged source can carry out unauthorized activities
such as spreading computer malware (e.g., virus), etc.
Is defined in this Rec. as a particular type of deceptive software that collects personal Information
from a computer user. The personal Information may include matters such as web sites most
frequently visited or more sensitive Information such as passwords.
A UE identifier which is allocated by the serving RNC and unique within this SRNC. It is allocated for
all UEs having a RRC connection. SRNTI is reallocated always when the serving RNC for the RRC
connection is changed and deallocated when the RRC connection is released.
The set of cryptographic state information that an SRTP sender or receiver must maintain per SRTP
session participant. Note: This term is often abbreviated as "crypto context".
The stage that has been reached by a trouble report since its instantiation/creation while the trouble
is being resolved.
SC informing the originating MS of the outcome of a short message submitted to an SME.
Grouping of protocols related to one aspect of the services provided by one or several domains.
A flow of real-time information of a specific media type (e.g., audio) and format (e.g., G.722]) from a
single source to one or more destinations.
Authentication by means of cryptographically derived credentials.
1) A principal in the context of a security domain. SAML assertions make declarations about
subjects.
2) An actor whose attributes may be referenced by a predicate.
When used this term indicates that the H.248 profile template section requires further specification
by a profile specification.
A multicast group consisting of many TDs that reside in the same physical area or belong to the
same logical area.
This element of service enables the MTS to indicate to the originating UA and each recipient UA the
date and time at which a message was submitted to the MTS. In the case of physical delivery, this
element of service also enables the PDAU to indicate the date and time of submission on the
physical message.
Set of functions that are related to a network model for a set of network elements constituting a
clearly defined sub-network, which may include relations between the network elements. This model
enables additional functions on the sub network level (typically in the areas of network topology
presentation, alarm correlation, service impact analysis and circuit provisioning).
Indicates whether or not subordinate knowledge is complete for an entry-copy .
The network will not grant a QoS greater than the subscribed QoS. The QoS profile subscription
parameters are held in the HLR. An end user may have several QoS subscriptions. For security and
the prevention of damage to the network, the end user cannot directly modify the QoS subscription
profile data.
1) An entity (associated with one or more users) that is engaged in a subscription with a service
provider. The subscriber is allowed to subscribe and unsubscribe services, to register a user or a list
of users authorized to enjoy these services, and also to set the limits relative to the use that
associated users make of these services.
2) The subscriber is responsible for concluding contracts for the services subscribed to and for
paying for these services.
Allows the subscriber to change security parameters (e.g. password).
1)a A subscription describes the commercial relationship between the subscriber and the service
provider.
1)b A subscription describes the commercial relationship between the subscriber and the service
provider.
Fraudulent use of the telecommunication network by a party who has no intention of paying their
due bill.
The Information that reflects the subscribing relationship among an SS, an SP and the relying
mobile network. Subscription Information between a service subscriber and its home network
contains the subscribers private identifier (e.g. PID), the basic key material (e.g., a shared secret or
a public-key certificate) and its lifetime, entity service permission flag (i.e. whether it is allowed to
request a specific service), the supported authentication mechanism(s) (e.g. HTTP Authentication
and Key Agreement, Diffie-Hellman based authentication mechanisms, a biometric authentication
mechanism etc.), and the authentication inquiring and key generation mechanism (e.g. GBA,
Kerberos, Mediation) etc. Subscription Information between service provider and mobile network
contains the providers identity Information and public identifier (e.g. UID) according to the service,
optionally the basic key material (e.g., a shared secret or a public-key certificate) and its lifetime,
entity service permission flag (e.g. whether it is allowed to provide a specific service), the supported
authentication mechanisms (e.g. certificate-based TLS authentication mechanism, PSK-TLS,
IPSec),
and the authentication
inquiringservice
and keyproviders,
generation
mechanism
(e.g. GBA, Kerberos,
Set of capabilities
that allow operators,
and
indirectly subscribers,
to provision,
control, monitor the subscription profile.
Subtitles provide a real-time on-screen transcript of dialogue for the purpose of language translation
or to clarify speech that is unclear. ote: This service can be provided by means of either textual or
graphical supplementary content. The subtitles and the dialogue are usually in different languages.
The assumed audience for subtitling is hearing people who do not understand the language of the
dialogue.
A successful exchange of EAP messages wherein the authentication server decides to allow the
supplicant access and the supplicant decides to use such access.
This is a cell on which an UE may camp. It must satisfy certain conditions.
A super-peer is a node in a P2P network to help routing and connectivity of nodes distributed in the
Internet. The super-peer is less powerful than ordinary servers, but it is strong enough (in terms of,
for example, computing power and storage) to act as a server of route resolution and connection
request.
Video, audio, textual, graphical or other forms of content that can be optionally accessed by the
end-user and rendered by the terminal. It has the following features: a) It only works in conjunction
with the main content. b) It is synchronous with the main content.
A service which modifies or supplements a basic telecommunication service. Consequently, it
cannot be offered to a user as a stand-alone service. It must be offered together with or in
association with a basic telecommunication service. The same supplementary service may be
common to a number of basic telecommunication services.
The endpoint responding to the authenticator. In this Rec. the supplicant is used interchangeably
with the peer. The peer pertains to the end of the link responding to the authenticator. In [ISO/IEC
8802-11], this end is also known as the supplicant.
The access point of the shadow supplier .
Stimulus greater than the detection threshold.
A number uniquely identifying a particular switch (i.e., a group of cell sites and the associated switch
resources) within a group of switches associated with a common MarketID.
A method of authentication in which both entities share common authentication information.
An algorithm for performing encipherment or the corresponding algorithm for performing

decipherment in which the same key is required for both encipherment and decipherment.
The set of local clocks involved in the exchange of time information for the purposes of coordination.
This includes local clock and clock coordination resources. The members of this set are defined by
administrative, platform, or environmental considerations.
Non-biometric data that is used to keep transformation consistent between a client (or user) and a
server
The source chosen by an algorithm of policy for time synchronization.
A member of a set of names which all resolve to the same entity.
Something of interest as a whole or as comprised of parts. Therefore a system may be referred to
as an entity. A component of a system may itself be a system, in which case it may be called a
subsystem. NOTE For modelling purposes, the concept of system is understood in its general,
system-theoretic sense. The term system can refer to an information processing system but can
also be applied more generally.
The group of PLMN areas accessible by MSs. Interworking of several PLMNs and interworking
between PLMNs and fixed network(s) permit public land mobile communication services at
international level.
An active element of a computer/network system. For example, an automated process or set of
processes, a subsystem, a person or group of persons that incorporates a distinct set of
functionality.
A capability of an open system to perform security-related processing.
An object that represents a set of related system security functions.
In general, systems security is concerned with protecting user's hardware and data. The intention is
that hardware should be accessed only by authorized users and for the purposes that the owners
intend. Furthermore, the system should be utilized for those purposes. Attackers should not be able
to dispossess legitimate users of resources. Systems security includes: unauthorized access and
usage; inappropriate usage; and denial of service
the current status of a system or entity, including such information as its configuration, memory
usage, or other data relevant to cybersecurity.
A type denotation which is associated with every ASN.1 type.
Tag-based identification is the process of specifically identifying a real-world entity by capturing its
identifier from an ID tag storing the identifier. This identification process consists of two steps. The
first step is to read an identifier from an ID tag. The second step is to resolve the identifier into
associated information such as a uniform resource locator (URL), an Internet Protocol (IP) address,
a telephone number, an e-mail address, and/or a content address for audio/video data. For tagbased identification, the identifier, ID tag and ID terminal are mandatory elements. NOTE
Resolved results indicate the identification of a real-world entity. Thus, the identification process
selects proper information from multiple associated information with the identifier according to the
condition of applications, services and system implementations. For example, in the identification for
telephone applications, a person's identifier may be resolved into a telephone number. On the other
hand, in the identification for multimedia messaging applications, the identifier may be resolved into
an e-mail address.
The tag-based identifier-reading process enables the ID terminal to start identifying real-world
entities by using the identifier stored in the ID tag. When this identifier is read, it is transferred to the
ID terminal via narrow area communication. Hence, this identifier-reading process works only when
the ID tag and ID terminal are in a narrow area together.
A type defined by referencing a single existing type and a tag; the new type is isomorphic to the
existing type, but is distinct from it.
Replacing the existing (possibly the default) tag of a type by a specified tag.
An application or service using the TAI to provide user authentication, authorisation and verification
using biometrics and associated certificates. NOTE Associated certificates refers to biometric
certificates, biometric device certificates and biometric policy certificates.
A cryptographic modules automatic determination that an attempt has been made to compromise
the physical security of the module.
The external indication that an attempt has been made to compromise the physical security of a
cryptographic module. (The evidence of tamper attempt should be observable by an operator
subsequent to the attempt.)
The automatic action taken by a cryptographic module when tamper detection has occurred (the
minimum response action is the zeroization of plaintext keys and CSPs).
Resistance to tampering by either the personal users/attackers of a product, package, or system
with physical/software access to it.
a device designed to make it difficult for attackers to gain access to sensitive information contained
in the module
Characterization of any stimulus that can be detected by nerve endings in the human body, other
than by the specialised nerves active in seeing, hearing, tasting and smelling, or that affects or
damages human cells. NOTE 1 The term TANGOIN is used both as an adjective applied to a
stimulus, but more commonly as a noun referring to a TANGOIN stimulus. NOTE 2 The human
body is sensitive to the impact of objects or to irritation by (for example) nano-particles or abrasion
or chemical substances related to the use of telebiometric devices, and this forms part of the safety
levels associated with TANGOIN. NOTE 3 Safety levels for TANGOIN also include the pain
caused by pressure to activate a telebiometric device (or other mechanical effects of a device on the
body) or by chemical substances.
Characterization of any force or other non-sound effect produced by a part of the human body,
including but not limited to blows with or without an associated instrument or tool, that can be
detected by a sensor or another human being. NOTE 1 The term TANGOOUT is used both as
an adjective applied to a specific output, but more commonly as a noun referring to a TANGOOUT
specific output. NOTE 2 TANGOOUT includes quantities and units related to the ability of the
human body to produce a force or physical effect, including measurements of both muscular and
lung capability. This also includes quantities and units used in measurements of obesity and of
general fitness.
1) An entity to which access may be attempted.
2) The set of decision requests, identified by definitions for resource, subject and action, that a
rule, policy or policy set is intended to evaluate
An access point or network which has been selected as the intended new point of attachment (new
serving access network) after handover
The mobile switching centre (MSC) which was selected from the candidate list as having the cell site
with the best signal quality value for the MS during the location request function.
1)a A Tool's probe, check, signature, etc., which performs some action that produces security
information (i.e., the security element).
1)b A tool's probe, check, signature, etc., that performs some action that produces security
information (i.e., the security element).
Transaction Capabilities Application Protocol. A protocol within the SS7 stack that is used for
performing remote database transactions with a Signaling Control Point.
Human security, physical security, system development security, code control, access control,
operation management, electronic transaction security, security accident administration, control of
reviewing, monitoring & auditing. NOTE 1 Prevention of computer viruses by installing and
operating a vaccine program. NOTE 2 Security countermeasures used to safely transmit personal
Information over a network by use of encoded algorithms, etc. NOTE 3 Installation and operation
of an access control device, such as an entry blocking system NOTE 4 Other technological
measures required to secure safety
1)
Verifying that an application for registration of an OID arc is in accordance with Rec. X.660.
2) Verifying that an application for registration of an OID arc is in accordance with the ITU-T
Recommendation and/or International Standard defining the form of the application.
A trusted third party, responsible for issuing a Biometric Device Certificate and/or a Biometric Policy
Certificate, after appropriate inspection of the operation of the device and/or BPU and the
associated statement of Biometric Policy.
Sensor or actuator interacting remotely with a human being, using telecommunication means.
Telebiometric system function that performs a one-to-many search to obtain a candidate list using
telecommunications to access one or more biometric systems.
Model of the interactions of a human being with its environment using modalities based on the
human senses.
Security obtained through the use of telebiometric devices for authentication of a human being,
using one or more of the modalities of interaction between a human body and its environment,
meeting public information rights requirements and privacy requirements. NOTE The "out"
modalities specified in the Telebiometric Multimodal Model (see [ITU-T Rec. X.1081]) provide a
framework for the identification of devices that can provide telebiometric acquisition and processing.
Telebiometric system function that performs a one-to-one comparison to show true or false, using
telecommunications to access one or more biometric systems.
1) Application of biometrics to telecommunications and of telecommunications to remote
biometric sensing.
2)
The application of biometrics to telecommunications.
An infrastructure supporting the management and use of Biometric Certificates, Biometric Device
Certificates, Biometric Policy Certificates and possibly, Public Key Certificates and Privilege
Management certificates, to provide biometrics-based authentication and possibly authorization
services.
The study of the use of measurement, the measurement process, the classification of Standards
and the SI system of units, applied to telebiometrics (see also legal metrology).
The study of the use of automatic measurement and transmission of data from remote sources
related to life-science measurements.
Fraud which is committed directly against the telecommunication network or its subscribers.
Security system used in a telecommunication IP-based network.
Telecommunication network internal objects are the Transport stratum and the Service stratum,
which determine the nomenclature of provided telecommunication services, as well quantitative and
qualitative characteristics of these services. These objects directly affect TNSS.
Information concerning the parties in a communication excluding the contents of the
communication, and the time, and duration of the telecommunication took place.
What is offered by a PLMN operator or service provider to its customers in order to satisfy a specific
telecommunication requirement. Telecommunication services are divided into two broad families
bearer services and teleservices.
Applications such as e-mail that are accessed by end-users and are built upon the network-based
services.
Business to provide telecommunications services in order to meet the demand of others.
A part of general building such as a room where equipment for providing telecommunications
business are sited.
Machines, equipment, wire and cables, physical buildings or other electrical facilities for the
operation of telecommunications.
an international and national telecommunications capability for purposes of disaster relief. It can
make use of international permanent, shared network facilities already in place and operational,
temporary network facilities that are provisioned specifically for TDR, or a suitable combination of
the two.
An architecture for management, including planning, provisioning, installation, maintenance,

operation and administration of telecommunications equipment, networks and services.
Business entities who provide telecommunications services in order to meet the demand of others.
Any real or suspected adverse event in relation to the security of telecommunications. This includes:
(a) Intrusion into telecommunication systems via the network; (b) Occurrence of computer viruses;
(c) Probes for vulnerabilities via the network into one or more computer systems; (c) PABX call leakthrough; (d) Any other undesired events arising from unauthorized internal or external actions.
Person or organization who enters into a contract with telecommunications organizations to be
offered telecommunications services by them.
A TSP infrastructure includes all managed elements deployed by a TSP that provide Management,
Application/Services, Service Control or Transport Strata functionality.
Person or organization who utilizes telecommunications services.
Communications using telecommunications facilities, or any other means of providing
communications either between telecommunications service users or telecommunications service
customers.
A type of telecommunication service that provides the complete capability, including terminal
equipment functions, for communication between users according to standardized protocols and
transmission capabilities established by agreement between operators.
1)a A nickname for specifications and standards for limiting the strength of electromagnetic
emanations from electrical and electronic equipment and thus reducing vulnerability to
eavesdropping.
1)b A nickname for specifications and standards for limiting the strength of electromagnetic
emanations from electrical and electronic equipment and thus reducing vulnerability to
eavesdropping.
The keying materials for the encryption and integrity of messages during later data sessions. TK
generally resides in the part of PTK
A network address temporarily assigned for call set-up.
A number used to identify a unique terminal or fixed network access point on a network.
The TAUT feature is initiated within the mobility processes of location management (i.e. terminal
location registration), call origination, call delivery and at other times as initiated by the network or
terminal. In support of security, the feature ensures the validity of the terminal and the network. Also,
the feature enables the establishment of a private control and communications channel between the
network and a terminal. Authentication process should occur when a terminal authenticates either in
its home network or visited network.
An end-user device which typically presents and/or processes the content, such as a personal
computer, a computer peripheral, a mobile device, a TV set, a monitor, a VoIP terminal or an
audiovisual media player.
1) Ensuring that a terminal device employed by an end user in the reception of a service can
reliably and securely use content while enforcing the rights of use granted for that content, and while
physically and electronically protecting the integrity of the terminal device, and the confidentiality of
the content and critical security parameters (e.g. saved keys) not otherwise protected.
2) Ensuring that a terminal device employed by an end-user in the reception of a service can
reliably and securely use content while enforcing the rights of use granted for that content, and while
physically and electronically protecting the integrity of the terminal device, and the confidentiality of
the content and critical security parameters not otherwise protected by encryption or watermarking.
Border element providing security functions between customer premises equipment and service
provider network.
A unique identifier of a terminal equipment.
Telecommunications facilities which are to be connected to one end of telecommunications circuit
facilities and part of which is to be installed on the same premises (including the areas regarded as
the same premises) or in the same building where any other part thereof is also to be installed.
1) the mobility for those scenarios where the same terminal equipment is moving or is used at
different locations. The ability of a terminal to access telecommunication services from different
locations and while in motion, and the capability of the network to identify and locate that terminal.
1)a The ability of the terminal to access telecommunication services from different locations and
while in motion, and the capability of the network to identify and locate that terminal
1)b The ability of the terminal to access telecommunication services from different locations while
in motion, and the capability of the network to identify and locate that terminal.
An object (such as a SIM card) which may have a relationship to a network terminal device (such as
a mobile phone).
Services or features that affect SMS message terminations, for example, screening, forwarding,
delivery to an MS, delayed delivery while roaming, or distribution to a group based upon a
destination address.
One or more digits, as determined by the Home System, which identify the Terminating Party. This
could include Speed Call Codes (when supported by the Home Service Provider), other Mobile
Telephone Numbers or any valid World Telephone Number.
Data representing the outcome of effectiveness testing.
Real-time transfer of text between users in at least two locations.
An audiovisual conversation service providing bidirectional real-time transfer of text and optionally
audio between users in two locations. Audio may be transmitted alternating with text or
simultaneously with text.
Sign of residual data generated by the intra-prediction process.
Metadata provided by an entity (which may be a person) not directly tied to the primary service
provider by whom the end-user is being served.
1) A potential violation of security.
2) see MHS-security threat, access threat, inter-message threat, intra-message threat and datastore threat.
3) A potential cause of an unwanted incident that may result in harm to a system or organization
4) The likelihood or frequency of a harmful event occurring.
5) The risk of a lack of proper function due to intentional. The risk of the lack of vulnerability due to
HEMP or HPEM. And the risk of the lack of confidentiality due to electromagnetic emanations
security (EMSEC). The level of threat is defined by the intrusion area, portability, and availability.
6) A potential security violation which could lead to a lack of confidentiality due to an insufficient
electromagnetic emanation security (EMSEC).
Indicative rather than definitive list of forms of threats in an MHS: masquerade, message
sequencing, modification of information, denial of service, leakage of information, repudiation, other
MHS threats.
accumulates known cybersecurity threat information. It includes attack and misuse knowledge
bases.
Use of physical security, computer security (COMPUSEC), or security services provided by the MHS
Origin authentication security services, secure access management security services, data
confidentiality security services, data integrity security services, non-repudiation security services,
message security labelling security service, security management services,
1) Boundary between two identifiable regions of the stimulus to response curve for human
sensors.
2) A predefined value which establishes the degree of similarity or correlation, (i.e., score),
necessary for a biometric sample to be deemed an accurate comparison with a biometric reference
template
A parameter describing service speed. The number of data bits successfully transferred in one
direction between specified reference points per unit time.
A sub-system of the KDC used to grant Kerberos tickets.
The algebraic difference between the readings of two clocks at a given instant in time
A function which allows playback of content after its initial transmission.
are mandatory for non-repudiation in case of key loss or key compromise. In practice, they provide a
counter-signature to anyone, including a reliable time, over a hash and a hash identifier.
TTP to create time stamp tokens in order to indicate that a message existed at a particular point in
time, to provide a "proof-of-existence" for this particular message at an instant in time. A TSA may
also be used when a trusted time reference is required and when the local clock available cannot be
trusted by all entities. The TSA's role is to time stamp the imprint of a message to establish
evidence indicating the time before which the message was generated.
The role, in which a TTP is trusted to provide evidence which includes the time when the time
stamping request was received.
1) TTP service to seal a digital document by cryptographically binding a trusted time to it (typically
to hash representation of it called message digest or message imprint), thus providing a means
to detect any modification, such as backdating and avoid replay attacks or other forgeries. Time
stamping service relies on the authenticity of the clock that is used, therefore, the TTP needs a time
stamping service which uses a clock of very high reliability, availability and trustworthiness.
2) A service which attests the existence of electronic data at a precise instant of time. Note -Time
stamping services are useful and probably indispensable to support long term validation of
signatures. They will be defined in a separate document.
A data item used by an entity to verify that a message is not a replay.
A period of time after which some condition becomes true if some event has not occurred. For
example, a session that is terminated because its state has been inactive for a specified period of
time is said to "time out".
A time value used to indicate when a particular activity, action or an occurrence of an event took
place.
Layer in the TMM taxonomy that identifies the SI units used to describe an IN or OUT interaction.
Layer in the TMM taxonomy that identifies the scientific discipline that investigates the properties
and thresholds of an IN or OUT interaction.
Layer in the TMM taxonomy that identifies the human senses involved in producing or detecting an
IN or OUT interaction.
TMN access control can be divided into three types: Management association access control;
Management notification access control; Managed resource access control.
1) A software application or device that either examines a host or network and produces
information that is related to vulnerabilities or exposures or aggregates this type of information, e.g.,
a vulnerability scanner, intrusion detection system, risk management, security information
management, or compliance reporting tool or service.
2) A software application or device that examines a piece of software, binary, or other artifact and
produces information about security weaknesses, e.g., a source code security analyzer, a code
quality assessment tool, code checking compiler or a development environment.
Information that indicates the structure of a network. It contains the network address and routing
information.
(in VoIP spam score) the average call time when a caller makes certain number of calls. For
example, the certain number should be bigger than 100.
An audiovisual conversation service providing bidirectional symmetric real-time transfer of motion

video, text and voice between users in two or more locations.
A process to ensure that the communication of past activities can be checked.
Techniques used to discover technical information concerning the ingress points, paths, partial
paths or sources of a packet or packets causing a problematic network event, generally for the
purposes of applying mitigation measures.
The information generated by the subscriber that is transported on the network (i.e., user voice or
data).
1) Analysis of message traffic between MH users can reveal to an eavesdropper how much data
(if any) is being sent between users and how often. Even if the eavesdropper cannot determine the
actual contents of the messages, he can still deduce a certain amount of information from the rate
of traffic flow (e.g. continuous, burst, sporadic or none).
2) The inference of information from observation of traffic flows (presence, absence, amount,
direction and frequency).
A logical channel, which carries user information.
Adjustment of traffic amount for communications.
A confidentiality service to protect against traffic analysis, i.e. a security service to provide the
protection of the information which might be derived from observation of traffic flows.
The traffic light protocol (TLP) was created to encourage greater sharing of sensitive information.
The originator signals how widely they want their information to be circulated beyond the immediate
recipient. The TLP provides a simple method to achieve this. It is designed to improve the flow of
information between individuals, organizations or communities in a controlled and trusted way. The
TLP is based on the concept of the originator labeling information with one of four colors to indicate
what further dissemination, if any, the recipient can undertake. The recipient must consult the
originator if wider dissemination is required. The TLP is accepted as a model for trusted information
exchange among security communities in over 30 countries. The four "information sharing levels"
for the handling of sensitive information are: RED Personal. This information is for named
recipients only. In the context of a meeting, for example, RED information is limited to those present.
In most circumstances RED information will be passed verbally or in person. AMBER - Limited
distribution. The recipient may share AMBER information with others within their organization, but
only on a "need-to-know" basis. GREEN - Community wide. Information in this category can be
circulated widely within a particular community. However, the information may not be published or
posted on the Internet, nor released outside of the community. WHITE - Unlimited. Subject to
standard copyright rules, WHITE information may be distributed freely, without restriction.
The generation of spurious instances of communication, spurious data units and/or spurious data
within data units.
1) In order to achieve bandwidth efficiency, content encoded in one compression format is
recommended to be encoded into a more efficient format.
2) Process of transforming multimedia content such as images, text, audio, and video from the
original format to a different format or quality.
depending on the parameters of the compressed bitstream modified during the transcoding process
transcoding types include: Quality (i.e., bit rate) transcoding; Spatial resolution transcoding; Frame
rate transcoding; Format transcoding (e.g., MPEG-4 bitstream to H.264 bitstream); and/or their
combinations..
1) Process of distorting or converting a biometric template into another domain to protect and
conceal its original value
2) Scalar quantity considered to be in a frequency domain associated with a particular onedimensional or two-dimensional frequency index in a transform part of the encoding process.
Non-biometric data that is used for transformation of a biometric template
Biometric template that is created through transformation
A privacy-preserving identifier assigned by an identity provider to identify a principal to a given
relying party for a relatively short period of time that need not span multiple sessions.
A parameter describing service speed. The time difference between the instant at which the first bit
of a protocol data unit (PDU) crosses one designated boundary (reference point), and the instant at
which the last bit of the PDU crosses a second designated boundary.
Translated credential is a kind of certified credential that belongs to a security domain and is
translated from another credential, which belongs to another security domain, by credential mapping
service.
A set of rules used along with IP to send data in the form of message units between computers over
the Internet.
The inter-arrival time of transport block sets, i.e., the time it shall take to transmit a transport block
set.
The basic data unit exchanged between L1 and MAC. An equivalent term for transport block is
"MAC PDU".
A set of transport blocks that is exchanged between L1 and MAC at the same time instance using
the same transport channel. An equivalent term for transport block set is "MAC PDU Set".
The number of bits in a transport block set.
The size (number of bits) of a transport block.
The channels offered by the physical layer to Layer 2 for data transport between peer L1 entities are
denoted as transport channels. Different types of transport channels are defined by how and with
which characteristics data is transferred on the physical layer, e.g., whether using dedicated or
common physical channels.
A format offered by L1 to MAC for the delivery of a transport block set during a transmission time
interval on a transport channel. The transport format constitutes of two parts one dynamic part
and one semi-static part.
The combination of currently valid transport formats on all transport channels of an UE, i.e.,
containing one transport format from each transport channel.
A representation of the current transport format combination.
A set of transport format combinations to be used by an UE.
A label for a specific transport format within a transport format set.
A label for a specific transport format within a transport format set.
A set of transport formats. For example, a variable rate DCH has a transport format set (one
transport format for each rate), whereas a fixed rate DCH has a single transport format.
The TLS protocol optionally provides communications privacy. The protocol allows client/server
applications to communicate in a way that is designed to prevent eavesdropping, tampering, and
intrusion. The TLS protocol also provides strong peer authentication and data flow integrity.
This mechanism specifies the transport of real-time inter-network defense (RID) messages within
HTTP Request and Response messages transported over TLS
physical realization of a link channel, specifying what transport protocol to use, how to encode BIP
messages, how to compose transport-level messages carrying the encoded BIP messages, and
other details about the usage of the transport protocol.
An MPEG-2 Transport Stream
The result of an action, in which an entity of a system is altered to allow an attacker to produce an
unauthorized effect on command or at a predetermined event or sequence of events. For example,
a password validation could be modified so that, in addition to its normal effect, it also validates an
attacker's password.
The ability to pause, rewind or forward stored content.
1) When introduced to the system, the Trojan horse has an unauthorized function in addition to its
authorized function. A relay that also copies messages to an unauthorized channel is a Trojan
Horse.
2) A piece of software which appears benign or even useful. This conceals the real purpose of the
software which is to disrupt the system or to steal information.
Any cause that may lead to or contribute to a manager perceiving a degradation in the quality of
service of one or more network services or one or more network resources being managed.
Trouble Administration consists of a set of functions that enable troubles to be reported and their
status tracked. Trouble Administration services include request trouble report format, enter trouble
report, add trouble information, cancel trouble report, request trouble report status, review trouble
history, attribute value change notification (e.g. trouble report status/commitment time), object
creation/deletion (trouble report), verify trouble repair completion, and modify trouble administration
information.
A record of selected information from a trouble report that is retained for historical purposes after the
trouble report is closed.
The trouble reporting and tracking between CMEs interoperating co-operatively towards resolution
of a trouble. (No distinction is made between inter-jurisdictional or intra-jurisdictional interfaces.)
The act of communicating that a trouble has been detected so that trouble management may be
used in its resolution.
It is the process of diagnosis and repair action required to clear a problem. It includes the process of
assigning specific work items or overall responsibility for clearing and closing the trouble report.
The ability to follow the progress of a trouble report from its creation through to its closure.
The description or category of the trouble that was detected.
One of the distinguished values of the boolean type (see "false").
1) Generally, an entity can be said to trust a second entity when it (the first entity) assumes that
the second entity will behave exactly as the first entity expects. This trust may apply only for some
specific function. The key role of trust in this framework is to describe the relationship between an
authenticating entity and a authority; an entity shall be certain that it can trust the authority to create
only valid and reliable certificates.
2)a Entity X is said to trust entity Y for a set of activities if and only if entity X relies upon entity Y
behaving in a particular way with respect to the activities.
2)b Entity X is said to trust entity Y for a set of activities if and only if entity X relies upon entity Y
behaving in a particular way with respect to the activities.
3)a A measure of reliance on the character, ability, strength, or truth of someone or something.
3)b
A measure of reliance on the character, ability, strength, or truth of someone or something.
4) The firm belief in the reliability and truth of information or in the ability and disposition of an
entity to act appropriately, within a specified context.
A trust anchor is a set of the following information in addition to the public key: algorithm identifier,
public key parameters (if applicable), distinguished name of the holder of the associated private key
(i.e., the subject CA) and optionally a validity period. The trust anchor may be provided in the form
of a self-signed certificate. A trust anchor is trusted by a certificate using system and used for
validating certificates in certification paths. .
A set of information and associated resources consisting of users, networks, data repositories, and
applications that manipulate the data in those data repositories. Different trust domains may share
the same physical components. Also, a single trust domain may employ various levels of trust,
depending on what the users need to know and the sensitivity of the Information and associated
resources.
A consistent, quantifiable measure of reliance on the character, ability, strength, or truth of someone
or something.
entity, which can be used by other entities as a trusted intermediary in a communication or

verification process, or as a trusted information service provider.
From the viewpoint of a NGN provider, a security zone where the network elements/devices are
operated (provisioned and maintained) by the NGN provider. The equipment may be under the
control by either the customer/subscriber or the NGN provider. In addition, the equipment may be
located within or outside the NGN provider's domain. They communicate with elements both in the
trusted zone and with elements in the un-trusted zone, which is why they are "vulnerable". Their
major security function is to protect the NEs in the trusted zone from the security attacks originated
in the un-trusted zone in a fail-safe manner.
An entity that can violate a security policy, either by performing actions which it is not supposed to
do, or by failing to perform actions which it is supposed to do.
Functionality perceived to be correct with respect to some criteria, e.g., as established by a security
policy.
is a term referring to the available common mechanisms through which protected, trusted identity
capabilities can be supported in a structured fashion across network layers and management at
well-defined interfaces.
is an open architecture for network access control. Its aim is to enable network operators to provide
endpoint integrity at every network connection, thus enabling interoperability among multi-vendor
network endpoints. ICT security operations often desire to discover the state of operating system
(OS)-level and the application software used by the supporting network. For example, when
systems lack OS security patches or antivirus signatures, reliable notification is crucial to containing
the damage associated with network- based attacks. Making this appraisal requires reliable
information that a connected system is in a particular state. In order to prevent systems (e.g. hacked
systems) from falsifying information, successful appraisal requires a hardware basis on the system
to be appraised. Trusted platforms are embedded in the hardware to record certain facts about the
boot process and deliver them in digitally signed form. Furthermore, major chip manufacturers are
now supplementing the trusted platforms with a late launch capability that allows for execution of
trusted code later in the boot sequence. This, in turn, allows events to be reliably recorded after the
hardware-specific boot process. Network configuration management is effectively a deployment of
system attestation: software agents on enterprise machines that periodically send configuration
reports to a central repository, which evaluates and flags non-compliant systems. Data from these
software agents, while valuable, is easily modified by an attacker. Using the widespread deployment
of trusted platforms to enable a more trustworthy evaluation of system state would greatly increase
an enterprises confidence in its configuration management data.
Computing and communications products with embedded trusted platform modules (TPMs)
advance the ability of businesses, institutions, government agencies, and consumers to conduct
trustworthy information exchange; therefore, TPMs are relevant to most CYBEX implementations.
TPMs are special-purpose integrated circuits (ICs) built into a variety of platforms to enable strong
user authentication and machine attestation - essential to prevent inappropriate access to
confidential and sensitive information and to protect against compromised networks. Trusted
platform module technology is based on open standards to ensure interoperability of diverse
products in mixed-vendor environments. The prevalent TPM standard consists of a set of
specifications developed and maintained by the Trusted Computing Group (TCG), alongside with a
protection profile for security evaluation against the Common Criteria. The design principles give the
basic concepts of the TPM and generic information relative to TPM functionality. A TPM designer
must review and implement the information in the TPM main specification (parts 1-3) and review the
platform specific document for the intended platform. The platform specific document contains
normative statements that affect the design and implementation of a TPM. A TPM designer must
review and implement the requirements, including testing and evaluation, as set by the TCG
Conformance Workgroup. The TPM must comply with the requirements and pass any evaluations
set by the Conformance Workgroup.
1) A security authority or its agent that is trusted (by other entities) with respect to some securityrelevant activities (in the context of a security policy).
2) In the context of a security policy, a security authority or its agent that is trusted with respect to
some security relevant-activities.
3) An organisation or its agent that provides one or more security services, and is trusted by other
entities with respect to activities related to these security services. A TTP is used to offer valueadded services to entities wishing to enhance the trust and business confidence in the services that
they receive and to facilitate secure communications between business trading partners. TTPs need
to offer value with regard to confidentiality, integrity and availability of the services and information
involved in the communications between business applications TTPs should be able to choose the
entities to which they will provide services.
The entity which distributes either hiding-confidentiality-information or revealing-confidentialityinformation to the entities exchanging confidentiality-protected-data.
From the viewpoint of a NGN provider, a security domain where a NGN provider's network elements
and systems reside and never communicate directly with customer equipment. The common
characteristics of NGN network elements in this domain are that they are under the full control of the
related NGN provider, are located in the NGN provider premises (which provides physical security),
and they communicate only with elements in the "trusted" domain and with elements in the "trustedbut-vulnerable" domain.
An IP-in-IP tunnel as provided by the various varieties of mobile IP.
The end of the tunnel closest to the UE.
The end of the tunnel furthest from the UE, coinciding with the anchor point.
TV service with trick mode functionality.
Several scenarios could be selected depending on the number of involved entities (commonly 2 or
3).
A named set of values.
The method by which two type expressions are "unified". The type expressions are matched along
their structure. Where a type variable appears in one expression it is then "unified" to represent the
corresponding structure element of the other expression, be it another variable or subexpression. All
variable assignments must remain consistent in both structures. Unification fails if the two
expressions cannot be aligned, either by having dissimilar structure, or by having instance conflicts,
such as a variable needs to represent both "xs:string" and "xs:integer".
see u-Museum (multimedia information retrieval service for visitors)
A conceptual network built over existing physical networks which makes use of sensed data and
provides knowledge services to anyone, anywhere and at anytime, and where the information is
generated by using context awareness.
Capabilities that can be used either singly or in combination to deliver services to the user. The
characteristic of UE service capabilities is that their logical function can be defined in a way that is
independent of the implementation of the 3GPP System (although all UE service capabilities are of
course constrained by the implementation of the 3GPP System). Examples a data bearer of 144
kbit/s; a high-quality speech teleservice; an IP teleservice; a capability to forward a speech call.
u-Museum (ubiquitous museum) provides a multimedia information retrieval service for visitors, such
as guidance of exhibited art pieces, navigation in the gallery, and advertisement information for
museum shops. This service is implemented by RFID tags, active infrared tags, mobile terminals
with an RFID reader and infrared receiver, multimedia database of exhibits, wired/wireless networks,
and so on. In the u-Museum, an active infrared tag is put at the entrance gate of an exhibition room,
and sends the identifier of the room. When a visitor with a mobile terminal walks through the gate,
the terminal receives the identifier, retrieves the information of the exhibition in this room, and shows
the information to the visitor. The exhibition room shows several pieces of fine art and a tiny RFID
tag is embedded in the explanation plate of each exhibit. The user can get precise information on
the exhibits by touching the mobile terminal on the plate. When the visitor wants to go to the next
exhibit, the system navigates the route according to the art tour route. If the visitor takes a wrong
turn, the mobile terminal receives an unexpected location identifier from an infrared tag. Then the
mobile
terminal
gives
a warning
visitor. of the security policy in force
An entity
attempts
to access
datatointhe
violation
Unauthorized access is a term that can refer to a number of different kinds of attacks. The ultimate
goal of the attacker is to gain access to some resource illegitimately [ITU-T X.1205]. IdM system
providing authentication and identity services has to be available and accessed by all the parties
that need to consume users identity to provide application services. Therefore fine-grained access
control mechanism is necessary to protect the IdM system from unauthorized accesses.
Most IdM systems should not be accessed and used by unauthorized users. IdM system should be
very strict to prevent this type of security vulnerability since any unauthorized access to identity in
IdM system can lead to further security threats such as identity theft and masquerading.
The MS cannot accept a normal call delivery (i.e., the MS is in an unknown location or it is in a state
unable to accept call deliveries). The availability of an MS to accept a call delivery is maintained only
by the MSC (see also Active, Available, and Inactive).
A trusted entity that can violate a security policy without being detected.
Those processing activities performed by a biometric device or by a BPU that result in the
presentation of TAI certificates that can be used to provide authentication or privilege authorisation.
A service provided to a single TD so that content stream is delivered to a single TD in the IPTV
context when transmitted by the SCP function.
A downloadable SCP scheme that can download SCP operating code to a single TD.
A character from the Unicode character set.
The set of coded characters specified in [ISO/IEC 10646]. Note: This is the same character set as
that specified in the Unicode Standard.
A primary value that consists of an unbounded sequence of Unicode characters that does not
contain the SPACE character [ITU-T X.660] used to unambiguously identify an arc of the OID tree.
A protection switching architecture in which, for a unidirectional failure (i.e., a failure affecting only
one direction of transmission), only the affected direction (of the "trail", "subnetwork connection",
etc.) is switched to protection.
Assurance of the identity of only one principal.
A time variant parameter generated by a claimant.
Relates to a device for which J.96 might apply.
A specification of the information to be shadowed, including (optionally) subordinate knowledge
information .
The unit of measure used to qualify the usage.
A physically secure device, an IC card (or 'smart card'), that can be inserted and removed from the
terminal equipment. It may contain one or more applications. One of the applications may be a
USIM.
It is the design of the products and environments to be useable by all people, to the greatest extent
possible by including accessibility features in the original design to prevent the need for adaptation
after deployment. Note: The intent of universal design is to simplify life for everyone by making
products, communications, and the built environment more usable by as many people as possible at
little or no extra cost. Universal design benefits people of all ages and abilities.
1) UPT enables access to telecommunication services while allowing personal mobility. It enables
each UPT user to participate in a user-defined set of subscribed services and to initiate and receive
calls on the basis of a personal, network-transparent UPT number across multiple networks on any
fixed or mobile terminal, irrespective of geographical location, limited only by terminal and network
capabilities and restrictions imposed by the network operator.
2) UPT enables access to telecommunication services while allowing personal mobility. It enables
each UPT user to participate in a user-defined set of subscribed services and to initiate and receive
calls on the basis of a personal, network-transparent, UPT number across multiple networks at any
terminal, fixed or mobile, irrespective of geographic location, limited only by terminal and network
capabilities and restrictions imposed by the network operator (see F.850).
An application residing on the UICC used for accessing services provided by mobile networks,
which the application is able to register on with the appropriate security.
An action which removes the relationship between an entity and a name in a given context.
A state where the MS is unavailable for any type of termination event and the HLR pointer is not
directed to any visited system.
The conversion of integrity protected data into the data originally shielded.
From the viewpoint of a NGN provider, a zone that includes all network elements of customer
networks or possibly peer networks or other NGN provider zones outside of the original domain,
which are connected to the NGN provider's border elements
A unidirectional radio link for the transmission of signals from a UE to a base station, from a mobile
station to a mobile base station or from a mobile base station to a base station.
1)a A feature by which the UPT user can verify that the UPT service entity is the one claimed. With
some authentication procedures, it will be provided automatically together with the user identity
authentication. Refer to 4.4.2 (F.851 (95)) and to 6.5.3 (F.852 (00)) "Authentication" for additional
information.
1)b A feature by which the UPT user can verify that the UPT service entity is the one claimed. With
some authentication procedures, it will be provided automatically together with the user identity
authentication. Refer to 4.4.2 (F.851 (95)) and to 6.5.3 (F.852 (00)) "Authentication" for additional
information.
A feature by which the user identifies himself to the service providers as a specific UPT user. This
allows after the authentication of the user, his connection to his service profile. For the identity, the
user may use the PUI or the UPTN. The procedure is used only once at the connection of the user
but is valid during all the session. Refer to 6.3/F.852 for additional information on identities.
1)a A feature by which the UPT service provider verifies that the identity of the UPT user is the one
claimed. It protects the UPT user and the UPT service provider against unauthorized and fraudulent
use. This feature may be used in each UPT procedure. The authentication of the UPT user should
not rely solely on something the UPT user possesses that could be used by a third party if stolen or
lost. Refer to 4.4.2 (F.851 (95)) and to 6.5.3 (F.852 (00)) "Authentication" for additional information.
1)b A feature by which the UPT service provider verifies that the identity of the UPT user is the one
claimed. It protects the UPT user and the UPT service provider against unauthorized and fraudulent
use. This feature may be used in each UPT procedure. The authentication of the UPT user should
not rely solely on something the UPT user possesses that could be used by a third party if stolen or
lost. Refer to 4.4.2 (F.851 (95)) and to 6.5.3 (F.852 (00)) "Authentication" for additional information.
A value expressed in terms of a unit of usage, quantifying the utilization of a resource from which
information may be derived for the purpose of accounting.
The usage environment description includes the description of end-user characteristics, terminal
capabilities, network characteristics and natural environment characteristics. Note: These various
dimensions of the usage environment description, which originate from end-users, can be used for
accommodating, for example, the adaptation of contents for transmission, storage and
consumption.
The abstraction of activities that monitor the utilization of resources, for the purpose of accounting
and controlling the recording of usage data.
Usage metering functionality dedicated to controlling the activities of gathering and reporting data
concerning the utilization of resources.
Data which represents usage from which usage metering records may be derived.
A data item containing usage information relating to a specific period of resource utilization by a
specific user.
An attacker may attempt to disrupt EAP negotiation to cause a weak authentication method to be
selected. This attack can be regarded as one sort of attacks resulting from downgrading attack and
usually takes place as a result of the downgrading attack as below.
0) A person or process applying management services for the purpose of fulfilling management
operations.
1) A user includes end user, person, subscriber, system, equipment, terminal (e.g., FAX, PC),
(functional) entity, process, application, provider, or corporate network
2)a The receiver of the telecommunication service using the client.
2)b The receiver of the telecommunication service using the client.
3) A person who purchases an object with built-in or attached RFID tags or makes use of the
service based on an object with built-in or attached RFID tag
4) Any entity that makes use of a resource e.g. system, equipment, terminal, process, application,
or corporate network.
5) Person or organization who utilizes information processing facilities or systems, e.g., employee,
contractor or third party user.
6) Receiver of a biometric authentication service through a client and a server
7)a A consumer or potential consumer of the capability.
7)b A consumer or potential consumer of the capability.
8) An entity, not part of the 3G System, which uses 3G System services. Example a person using
a 3G System mobile station as a portable telephone.
The end user of the Directory, i.e. the entity or person which accesses the Directory.
The means by which a user is connected to a telecommunication network in order to use the
services and/or facilities of that network.
1) Establishing proof of the identity of the human user or application process.
2) The corroboration that a user of peer entity in an association is the one claimed.
3) This feature confirms the identity of a user with the network and the identity of the network with
a user. UAUT takes place during interactions between the network and a user. UAUT assumes that
appropriate information is exchanged between the network and a user. A user has to provide his
authentication data through the terminal or via an access device, which transmits the data to the
network as well as establish a connection between the network and a user. UAUT implies the use of
security algorithms to check the validity of the information provided by a user. Once the
authentication has been performed, the visited network might keep the track of the authenticated
user to avoid multiple use of UAUT.
Based on parameters received from the Authentication data management function, this function will
initiate and control the user authentication procedure and process the results. Mutual authentication
supports functions for the verification between networks (including service providers) and users
(including User Identity Modules). This includes the function for a network to verify the user, (i.e. the
network determines if the user is indeed who the user claims to be) and the function for users to
verify the network (i.e. the user determines if the network is indeed the network it states to be). From
the user authentication procedure it is possible to invoke IN services and the user authentication
procedure can be modified according to the service logic of the invoked IN services. This capability
does not include the generation of authentication parameters (e.g. triplets).
Any form of content such as video, blog, images, audio, etc. that was created by the end-users
(average public) to be available for general public.
A user database pertains to a list of users and their secrets as created in a file. For security reasons,
this file should not be in clear text format. The file consists of a list of usernames and a secret for
each user.
A device allowing a user access to network services. For the purpose of 3G specifications, the
interface between the UE and the network is the radio interface. A user equipment can be
subdivided into a number of domains, the domains being separated by reference points. Currently
defined domains are the USIM and ME Domains. The ME Domain can further be subdivided into
several components showing the connectivity between multiple functional groups. These groups can
be implemented in one or more hardware devices. An example of such a connectivity is the TE-MT
interface. Further, an occurrence of a user equipment is an MS for GSM.
Equivalent to UCC.
A type of password, image, or pseudonym associated with a user, assigned by and exchanged
between operators and service providers to identify a user, to authenticate her/his identifier and/or
authorize the use of service. Examples are identifiers such as SIP URI, etc.
A private network consisting of terminal equipment that may have multiple users.
A sequence of characters to identify a user.
A synonym for data plane.
1) Ensuring that information considered to be private (or confidential) by an end user is kept
confidential while remaining subject to mandatory disclosure due to legal processes.
2) Ensuring that information considered to be private (or confidential) by an end-user be
maintained in confidence, while remaining subject to mandatory disclosure due to legal processes.
The set of information necessary to provide a user with a consistent, personalized service
environment, irrespective of the user's location or the terminal used (within the limitations of the
terminal and the serving network).
An entity that calculates the VoIP spam score.
accumulates information on assets inside individual organizations and contains information, such as
lists of software/hardware, their configurations, status of resource usage, security policies including
access control policies, security level assessment results, and intranet topology. It also contains
external resource information that individual user organizations utilize, such as lists of subscribing
cloud services (e.g., data centers and SaaS) and their usage records. Administrator manipulates
such information. The ARF and CRF can be utilized for describing the IT asset assessment results
while the CVSS and CWSS scores can be utilized for scoring the security level of the IT asset. The
scores are useful for Administrators in prioritizing the urgency of security operations on IT assets
A user secret is a secret key generated by a user itself. User secret is generally used for providing
evidence of the user identity in authentication mechanism.
User security agent is an entity embedded in mobile terminals to collect the security related
environmental Information, and to communicate with security gateway in the mobile network for
execution of security policy.
The protocol is defined for message receivers to report the spam to gateway.
The logical entity in the mobile terminal containing the permanent keys and the functions required to
perform the mobile user authentication to the mobile network. For example, UUIM can be one or
more IMSI/USIM applications in 3GPP. UUIM is technically equivalent to UICC in 3GPP
specifications or UIM in 3GPP2 specifications.
This element of service enables a UA to indicate to its MTA, through registration, the categories of
message it is capable of handling, and which the MTA may deliver to it. A message category is
defined as a combination of various properties: 1) the content-type(s) of messages which may be
delivered; 2) the encoded information type(s) of messages which may or may not be delivered; 3)
additional properties, including the maximum message length, and the security labels present.
NOTE It is possible to register certain encoded information types such that they cause a message
to be delivered regardless of the other encoded information types present. A user may declare
certain encoded information types undeliverable to cause the MTS to perform implicit conversion.
The UA may specify different sets of registration information to control the delivery of different
categories of message. The MTA will not deliver to a UA a message that does not match, or
exceeds, the capabilities registered.
1) An identity management (IdM) system that provides the user with the ability to control and
enforce various privacy and security policies governing the exchange of identity information,
including the users' personally identifiable information (PII), between entities.
2) IdM system that can provide a user with explicit control to enforce various privacy and security
policies when identity information is exchanged between entities. A policy can be defined by entities
or a user and it can be negotiated to reach an agreement. The flow of disseminating users identity
information moves from IdP to RP by going through a user.
The User-centric IdM system is mainly focused on end-users and optimized for the requirement of
those end-users. It means that the main objective of an IdM system is to provide convenient and
comprehensive identity services for users. Main feature is to give the user full control over his
identity. When user identity information is disseminated, it must pass through the user explicitly to
give the user a chance to enforce some personal policy if necessary. In the user-centric IdM system,
a client program has to be installed in user computing environment. Therefore easy and
comprehensive security guideline is required to guide the user to securely install and deploy any
relevant software. The software must manage some of users security-related information. Usercentricity distinguishes itself from other models of IdM by emphasizing that the user and not some
authority maintains control over how a users identity attributes are created, disseminated, updated
and terminated. It means that the user has a full authority for the lifecycle of her identity. The level of
control can be determined by users privacy requirements.
Interface used to provide connectivity to terminal equipments, user networks and corporate
networks. The UNI supports both a control level type of interaction and a media level type of
interaction
An entity that uses the sensed data provided by USN applications and services. This end-user may
be a system or a human.
A node which interconnects sensor networks with other networks.
A set of logical functions to support USN applications and services. NOTE 1 The functionalities of
USN middleware include sensor network management and connectivity, event processing, sensor
data mining, etc. NOTE 2 In the NGN environment, functions of the USN middleware may be
provided by the NGN open service environment (OSE) capabilities [Y.2234] and/or by other NGN
capabilities. However, some of the USN middleware functions (e.g., those for supporting interface to
sensor networks) may not be provided by the NGN OSE capabilities or other NGN capabilities.
Utilization is represented by relationships between some active processes and software resources.
It represents the fact that the processes are using the software. Software may only be utilized when
it is has an Operational state of ENABLED and an Administrative state of UNLOCKED. There may
well be constraints as to how many things and what things may utilize a software resource. When
software is utilized its Usage state will be either ACTIVE or BUSY..
A conceptual point within the UTRAN performing radio transmission and reception. A UTRAN
access point is associated with one specific cell, i.e., there exists one UTRAN access point for each
cell. It is the UTRAN-side endpoint of a radio link.
The U-RNTI is a unique UE identifier that consists of two parts, an SRNC identifier and a C-RNTI.
U-RNTI is allocated to an UE having a RRC connection. It identifies the UE within UTRAN and is
used as an UE identifier in cell update, URA update, RRC connection reestablishment and (UTRAN
originated) paging messages and associated responses on the radio interface.
An area covered by a number of cells. The URA is only internally known in the UTRAN.
Time division duplex UTRA radio access mode.
The checking of integrity-protected data to detect loss of integrity.
The validate operation is used to check the integrity of software resources. NOTE How the
validation check is carried out is a local matter.
An authority that provides an online service of verification of a certificate's validity. It establishes a
verification certificate path from a signer to a user who wishes to confirm the validity of the signature
of the signer, and confirms whether all the certificates contained in the verification certificate path
are reliable or not revoked. It also verifies if a certificate has been revoked.
A distinguished member of a set of values.
A name associated uniquely with a value within some context.
A collection of values of a type. Semantically equivalent to a subtype.
Provides services other than basic telecommunications service for which additional charges may be
incurred.
A type of telecommunication service characterized by a service bit rate specified by statistically
expressed parameters which allow the bit rate to vary within defined limits.
The process or instance of establishing the authenticity of something. NOTE Verification of
(identity) information may encompass examination with respect to validity, correct source, original,
(unaltered), correctness, binding to the entity, etc.
Information used by a verifier to verify an identity claimed through exchange AI.
1) An entity which is or represents the entity requiring an authenticated identity. A verifier includes
the functions necessary for engaging in authentication exchanges.
2) The entity that retrieves information from confidentiality protected data.
3) The verifier is the Information computed from the password. Whereas computing the verifier
from the password is easy, the reverse is infeasible in polynomial time. The verifier is used in the
server to prove that a client knows the password. It is similar to a public key in public-key
cryptography. On the other hand, the password looks like a private key but has limited entropy and
relies on the memory of the user. The verifier must be kept confidential by the server.
4)a The service provider based on a biometric authentication on telecommunication
environments.
4)b The service provider based on a biometric authentication on telecommunication
environments.
5) An entity that validates identity information.
This is a type of SPAK wherein the server stores only the verifier of a password. The password is
different from the verifier of a password. This SPAK is called asymmetric SPAK
accumulates version information on products and services, which includes naming and enumeration
of their versions. Regarding the product, security patches are also included here. CPE can be
utilized to enumerate common platforms.
mobility between different layers as defined in [ITU-R M.1645]. Generally, it is referred to as the
mobility between different access technologies.
Metadata (or visual feature) for identifying a video content; unlike watermark embedded by
manipulating original video contents, video signature is extracted from a video content itself without
the risk of quality deterioration.
Characterization of any stimulus that can be detected by, affects or is likely to affect or damage, the
human eye. NOTE 1 The term VIDEOIN is used both as an adjective applied to a stimulus, but
more commonly as a noun referring to a VIDEOIN stimulus. NOTE 2 VIDEOIN includes
quantities and units related to the sensing by the eye of (non-ionizing) electromagnetic radiation at
various wavelengths and at various intensities.
1)a A service in which the end user can, on demand, select and view video content and where the
end user can control the temporal order in which the video content is viewed (e.g., the ability to start
the viewing, pause, fast forward, rewind, etc.). Note: The viewing may occur some time after the
selection of the video content.
1)b A service in which the end-user can, on demand, select and view a video content and where
the end-user can control the temporal order in which the video content is viewed (e.g., the ability to
start the viewing, pause, fast forward, rewind, etc.). Note: The viewing may occur some time after
the selection of the video content.
Characterization of any output from a human being that can be detected by the human eye or an
image sensor, including but not limited to behaviour or signs produced by a human being that can
be observed by another human being or a sensor. NOTE The term VIDEOOUT is used both as
an adjective applied to a specific output, but more commonly as a noun referring to a VIDEOOUT
specific output.
A form of abstraction achieved using a selected set of architectural concepts and structuring rules,
in order to focus on particular concerns within a system.
A concept for personal service environment portability across network boundaries and between
terminals.
A software program that simulates a hypothetical computer central processing unit. The programs
executed by a virtual machine are represented as byte codes, which are primitive operations for this
hypothetical computer.
A computer program that can copy itself and infect a computer without permission or knowledge of
the user. OR A program or code that replicates, that infects another program, boot sector,
partition sector or document that supports macros by inserting itself or attaching itself to that
medium. Most viruses just replicate, a lot also do damage.
An illegal act of gaining access to private personal and financial Information through the Voice over
IP (VoIP) service. The term Vishing is a combination of Voice and Phishing.
This is a border element (BE, defined as special mobility functional entity) placed within the visited
domain.
1) A mobile network, to which an SS does not subscribe, and which has a roaming relationship
with the SS home network. A visited network can also provide services for the SS.
2) The network outside a home network that provides service to a mobile user. This term is more
business significant than geographically significant.
3) The visited network is a carrier's network where a subscriber currently is roaming. The term
visited network is more business significant, than geographically significant.
This is a PLMN, different from the home PLMN, where the MCC part of the PLMN identity is the
same as the MCC of the IMSI.
From the MS's perspective, a system which is transmitting a SID which is not recognized by the MS
as the "Home" SID. From a network perspective, the system in which an MS is currently registered.
A spam emerging over VoIP services.
An entity that creates and manages the local RBL.
An entity that detects and blocks VoIP spam during call process.
a quantitative value that reflects how malicious senders are. A sender with a higher score is most
likely to be a spammer. To calculate the VoIP spam score, six factors (described in clause 7.5 of
X.1246) are used as quantitative values. They will be minimized or changed according to the antispam policy of service providers.
call spam and instant messaging (IM) spam
The general threat model for data communication and mobile data communication can be applied to
the threat models of X.805 and X.1121. Note, there are several practical vulnerabilities associated
with the EAP protocol (like eavesdropping, modification or fabrication, etc.)
1)a any weakness that could be exploited to violate a system or the information it contains.
1)b any weakness that could be exploited to violate a system or the information it contains.
1)c any weakness that could be exploited to violate a system or the information it contains.
2) Any weakness, administrative process or act, or physical exposure that makes a computer or
network of computers susceptible to exploit by a threat.
3)a Any weakness in software that could be exploited to violate a system or the information it
contains.
3)b Any weakness in software that could be exploited to violate a system or the information it
contains.
4)a The possibility that equipment will function falsely with HEMP, HPEM or EMSEC
4)b The possibility that equipment will function falsely with EMSEC.
accumulates known vulnerability information, which includes naming, taxonomy, and enumeration of
known software and system vulnerability. It also includes information on human vulnerabilities,
which are vulnerabilities human IT users are exposed to. The National Vulnerability Database (NVD)
and Open Source Vulnerability Database (OSVDB) are practical instances of this database, and
CVE and CWE can be utilized to describe the contents of the knowledge base.
contains information on cybersecurity warnings. The information is designed for either general
public or specific organization. The one for general public usually contains statistical information and
alerts while the one for specific organization contains security advices customized for the
organization. The information is generated based on the information in the Incident database and
cyber risk knowledge base. The coordinator and response team manipulate such information.
Based on the warnings, user organizations may implement countermeasures against warned
cybersecurity risks.
An attacker may attempt to take advantage of weak ciphersuites subsequently used after the EAP
conversation is completed. If the conversation is completed, the attacker can exploit the weakness
of the negotiated weak cipher suites to compromise the supplicant or the authentication server.
An attacker may attempt to recover keys by taking advantage of weak key derivation techniques
used within the EAP methods.
1) A shortcoming or imperfection that, while not itself being recognized as a vulnerability, could, at
some point become a vulnerability, or could contribute to the introduction of other vulnerabilities.
2) A shortcoming or imperfection in the software code, design, architecture, or deployment that,
could, at some point become a vulnerability, or could contribute to the introduction of other
vulnerabilities.
An XML based general purpose language for describing interfaces, protocol bindings, and
deployment details of network services.
Web Services is a set of protocols based on eXtensible Markup Language (XMLe). The base Web
Services protocols are:. a) Simple Object Access Protocol (SOAP ), defines the message format in
XML containing the service request and response, where SOAP is independent of any particular
transport and implementation technology; b) Web Services Description Language (WSDL ) to
describe Web Services; provides a programmatic way of describing what a service does, thereby
paving the way for automation; c) Universal Discovery, Description, and Integration (UDDI ), a cross
industry initiative to create a standard for service discovery together with a registry facility that
facilitates the publishing and discovery processes. Because Core Web Services technologies -such as SOAP, WSDL, and UDDI -- do not directly provide the security mechanism, a
comprehensive security model for Web Services has been developed by the industry. The Web
Services security model introduces a collection of individual, inter-related specifications describing
the approach of layering security facilities into a Web Service environment. The architecture is
designed to allow the mixing and matching of the specifications, thereby enabling implementers to
deploy only the specific parts they need.
That physical aspect of a human being that is affected by or affects telebiometric devices. NOTE
This term is not used in the normative text, but it is extensively used in Appendix I and the definition
is provided here for completeness.
An identifications list of persons or sources in communication services, where the identifications of
the list are known, trusted, or explicitly permitted.
Wide area public communication means public communication to support data exchanges among
the ID terminal, multimedia information delivery function and ID resolution function. Examples are
the Internet, a mobile telephone network and NGN.
The characteristics of a wireless network expressed in terms of the current available bandwidth,
packet loss and possibly other wireless network information parameters for a specific wireless link
type, e.g., WLAN, cellular, WPAN or WMAN.
A UE (equipped with UICC card including (U)SIM) utilized by a subscriber capable of accessing a
WLAN network. A WLAN UE may include entities whose configuration, operation and software
environment are not under the exclusive control of the 3GPP system operator, such as a laptop
computer or PDA with a WLAN card, UICC card reader and suitable software applications
A self-replicating computer program. Unlike a virus, it does not need to attach itself to an existing
program. Worms always harm the network (if only by consuming bandwidth), whereas viruses
always infect or corrupt files on a targeted computer. OR A program that makes copies of itself,
for example from one disk drive to another, or by copying itself using e-mail or some other transport
mechanisms. It may damage and compromise the security of a computer. It may arrive in the form
of a JOKE program or software of some sort.
1)a
A public key certificate specification developed as part of the ITU-T X.500 standards directory.
1)b A public key certificate specification developed as part of the X.500-series standards
directory.
Any of the various types of digital subscriber lines technologies.
An XML data structure that is embedded in the start-tag of an XML element and that has a name
and a value.
An XML data structure that is hierarchically arranged among other such structures in an
XML document and is indicated by either a start-tag and end-tag or an empty tag.
An abstract data set describing the information in a namespace-well-formed XML document, as
specified in W3C XML Information Set
Rec#
Clause
Date
Referred source
X.1034
3.1.1
(2011-02) RFC 4017
X.1142
X.1521
3.2.1
3.2.1
(2006-06)
(2011-04)
X.800
3.3.1
(1991-03)
J.170
3(1)
(2005-11)
X.1142
X.1252
3.2.2
6.1
(2006-06)
(2010-04)
F.500
H.2
(1992-08)
J.160
I.1.1
(2005-11)
X.812
3.4.1
(1995-11)
X.812
3.4.3
(1995-11)
X.812
3.4.2
(1995-11)
X.812
3.4.4
(1995-11)
X.903
15.2
(2009-10)
X.812
3.4.5
(1995-11)
X.800
3.3.2
(1991-03)
X.1244
3.1.1
(2008-09)
X.1111
3.4.7
(2007-02)
X.812
X.812
3.4.6
3.4.7
(1995-11)
(1995-11)
X.805
6.1
(2003-10)
M.3016
6.1.2.2
(1998-06)
X.812
3.4.8
(1995-11)
Q.1742.9 3.1
(2011-11)
X.400
B.1
(1999-06)
Q.1742.9 3.2
(2011-11)
J.170
3(2)
(2005-11)
X.1205
X.812
X.1141
3.2.1
3.4.9
3.2.1
(2008-04)
(1995-11)
(2006-06)
E.776
(1996-10)
Y.2018
3.2.1
(2009-09)
Y.2018
3.2.2
(2009-09)
X.400
15.2.1
(1999-06)
X.1193
Y.1901
3.1.4
3.2.1
(2011-10) X.800
(2009-01)
X.800
A.2.4.1
(1991-03)
X.1141
3.2.2
(2006-06)
X.1141
3.2.3
(2006-06)
X.800
X.742
3.3.3
3.7.6
(1991-03)
(1995-04)
F.110
A5 3.1.2
(1996-07)
X.743
X.1520
3.7.2
3.2.1
(1998-06)
(2011-04)
X.1524
3.2.1
(2012-03)
X.1083
3.1
(2007-11)
X.1191
Y.1901
3.2.1
3.2.2
(2009-02)
(2009-01)
X.1193
3.1.5
(2011-10) X.1191
X.1142
X.1036
3.2.3
3.1.1
(2006-06)
(2007-02)
Q.1742.9 3.3
(2011-11)
X.1151
3.1
(2007-11)
X.1141
3.2.4
(2006-06)
X.1253
8.3
(2011-09)
X.800
3.3.4 +
A.2.4.4
(1991-03)
X.743
3.7.1
(1998-06)
Y.2018
3.2.3
(2009-09)
X.1252
Y.2091
X.813
6.2
16
5.1
(2010-04)
(2011-03)
(1996-10)
X.743
3.7.3
(1998-06)
X.1141
3.2.5
(2006-06)
X.1500.1 3.2.1
(2012-03) X.660
X.660
3.5.3
(2011-07)
X.1141
3.2.6
(2006-06)
X.1570
I.2 (a)
(2011-09)
X.1111
3.4.12
(2007-02)
Y.2171
3.1
(2006-09)
X.1141
3.2.7
(2006-06)
X.1206
3.1.1
(2008-04)
X.1252
X.790
6.3
3.1
(2010-04)
(1995-11)
X.1311
X.816
3.8.1
3.5.1
(2011-02)
(1995-11)
Y.2205
Y.2205
J.93
3.1.5
3.1.6
3.1
(2011-05) X.674
(2011-05) X.674
(1998-03)
X.790
3.2
(1995-11)
X.1252
6.4
(2010-04)
Y.2018
3.2.4
(2009-09)
Y.2018
X.1121
3.2.5
3.2.1
(2009-09)
(2004-04)
X.1141
3.2.8
(2006-06)
X.1252
6.5
(2010-04)
X.272
X.1245
3.1
3.2.1
(2000-03)
(2010-12)
X.1241
3.2.1
(2008-04)
X.1241
3.2.2
(2008-04)
X.1241
3.2.3
(2008-04)
X.Sup2
3.2.1
(2007-09)
Q.1741.7 3.2
(2011-11)
X.1142
X.1191
3.2.4
3.1.2
(2006-06)
(2009-02) Y.101
Y.2020
3.1.1
(2011-05) Y.101
Y.2741
3.2.1
(2011-01)
Q.1741.7 3.3
(2011-11)
X.790
3.4
(1995-11)
X.1253
7.1.1
(2011-09)
X.217
6.1
(1995-04)
X.790
3.5
(1995-11)
X.790
3.3
Q.1741.7 3.4
H.235.9 3.1
(1995-11)
(2011-11)
(2005-09)
Y.2012
3.2.1+6.2 (2010-04)
Q.1741.7 3.5
Y.2012
3.2.2
(2011-11)
(2010-04)
M.3410
3.2.1
(2008-08)
F.435
B.1
(1999-06)
X.1121
X.1121
X.1143
3.2.7
3.2.6
3.2.5
(2004-04)
(2004-04)
(2007-11)
X.1125
3.2.1
(2008-01)
X.1121
3.2.8
(2004-04)
M.3410
3.2.2
(2008-08)
X.217
3.5.1
(1995-04)
X.1251
3.2.1
(2009-09)
X.893
3.2.1
(2007-05)
X.805
7.3
(2003-10)
J.170
4.1(33)
(2005-11)
G.870/
Y.1352
3.2.8
(2012-02)
X.902
6.6
(2009-10)
X.525
3.4.1
(2008-11)
X.680
X.680
3.8.3
3.8.23
(2008-11)
(2008-11)
X.680
Y.1901
X.1141
3.8.4
3.1.1
3.2.9
(2008-11)
(2009-01) T.101
(2006-06)
X.1141
3.2.10
(2006-06)
X.1252
6.6
(2010-04)
X.1570
I.3.6 (a)
(2011-09)
X.1500
Table I.1
(2011-04)
X.1206
3.1.2
(2008-04)
Y.2701
X.1057
3.2.1
3.1.1
(2007-04)
(2011-05) ISO/IEC
27000:2009
X.1057
3.2.1
(2011-05)
X.1057
3.2.2
(2011-05)
X.1123
3.2.4
(2007-11)
X.790
X.217
X.803
3.6
3.5.1
3.8(1)
(1995-11)
(1995-04)
(1994-07)
Y.2720
3.3.1
(2009-01)
X.1500
3.2.1
(2011-04)
X.1252
X.1252
Y.2720
6.7
6.8
3.3.3
(2010-04)
(2010-04)
(2009-01)
X.811
3.1
(1995-04)
X.810
3.3.1
(1995-11)
H.235.0
3.4
(2005-09)
X.1036
3.1.2
(2007-02)
X.1570
I.3.5 (b1)
(2011-09)
X.1570
I.3.3 (c)
(2011-09)
X.400
A.7
(1999-06)
X.1141
3.2.11
(2006-06)
X.1142
3.2.5
(2006-06)
X.1252
Y.2720
6.9
3.2.1
(2010-04)
(2009-01) ETSI TS 102 042
X.790
3.7
(1995-11)
X.1141
X.509
X.841
3.2.12
3.4.2
3
(2006-06)
(2008-11)
(2000-10)
X.842
3.1
(2000-10)
X.1141
X.1142
3.2.13
3.2.6
(2006-06)
(2006-06)
X.509
3.4.3
(2008-11)
X.509
3.4.1
(2008-11)
X.509
3.4.4
(2008-11)
X.525
3.4.2
(2008-11)
X.1253
7.2.4
(2011-09)
X.400
A.9
(1999-06)
X.1252
X.790
X.400
6.10
3.8
A.10
(2010-04) X.501
(1995-11)
(1999-06)
X.1252
X.790
Y.1901
6.11
3.9
3.2.3
(2010-04) X.501
(1995-11)
(2009-01)
J.170
3(3)
(2005-11)
X.1082
3.5.5
(2007-11)
X.1082
3.5.6
(2007-11)
X.800
X.816
3.3.5
3.5.3
(1991-03)
(1995-11)
X.816
X.816
3.5.4
3.5.2
(1995-11)
(1995-11)
X.816
3.5.5
(1995-11)
X.816
X.816
X.800
X.816
X.816
X.811
X.811
3.5.8
3.5.7
3.3.6
3.5.9
3.5.6
3.2
Int.; 5.1;
5.2.4
(1995-11)
(1995-11)
(1991-03)
(1995-11)
(1995-11)
(1995-04)
(1995-04)
X.811
3.3
(1995-04)
X.217
3.5.9
(1995-04)
X.217 bis 3.5.8
(1998-09)
J.170
J.160
J.93
3(4)
I.1.3
3.2
(2005-11)
(2005-11)
(1998-03)
J.95
4.2
(1999-09)
X.1141
3.2.14
(2006-06)
Y.140.1
3.1
(2004-03)
X.800
3.3.7
(1991-03)
X.1252
6.12
(2010-04)
Y.2014
3.2.1
(2010-03)
Q.1741.7 3.6
(2011-11)
Q.1742.9
F.851
F.852
M.60
3.6
1.3.1
3.1
2030
(2011-11)
(1995-02)
(2000-03)
(1993-03)
J.260
Y.1271
J.191
3.2
4.2
C.2.1
(2005-01)
(2004-10)
(2004-03)
F.500
H.13
(1992-08)
X.1253
7.2.2
(2011-09)
H.235.1
3.1
(2005-09)
H.235.2
3.10
(2005-09)
X.1141
3.2.15
(2006-06)
X.1252
6.13
(2010-04)
Y.2720
3.3.2
(2009-01)
X.1141
3.2.16
(2006-06)
X.1124
3.2.1
(2007-11)
Q.1742.9 7.2
(2011-11)
X.811
3.4
(1995-04)
Q.1711
3.2.9
(1999-03)
Q.1711
4.10.2(a)
(1999-03)
E.776
3.1
(1996-10)
X.811
X.800
5.1.2
3.3.9
(1995-04)
(1991-03)
X.811
3.5
(1995-04)
X.402
10.3.1.1
(1999-06)
X.272
(2000-03)
X.1153
3.2.1
(2011-02)
X.1153
3.1.1
(2011-02) X.811
X.903
15.4
(2009-10)
H.530
3 + 4.1
(2002-03)
X.217
3.5.10
(1995-04)
J.170
4.1(32)
(2005-11)
X.800
3.3.8
(1991-03)
X.811
3.6
(1995-04)
Q.1711
3.2.11
(1999-03)
X.811
F.500
3.7
H.14
(1995-04)
(1992-08)
X.1124
3.2.2
(2007-11)
X.1124
3.2.3
(2007-11)
Q.1711
3.2.10
(1999-03)
X.1124
3.2.4
(2007-11)
X.1193
3.2.1
(2011-10)
X.805
6.2
(2003-10)
X.402
10.3.1
(1999-06)
X.1113
3.4.1
(2007-11)
X.1193
3.2.2
(2011-10)
M.3016
6.1.2.1
(1998-06)
X.811
6.1.2
(1995-04)
X.509
3.4.5
(2008-11)
X.217
3.5.11
(1995-04)
X.217
6.2.1.4
(1995-04)
Q.1742.9 7.1 + 7.38 (2011-11)
X.1034
3.1.2
(2011-02) RFC 4017
X.217 bis 3.5.9
(1998-09)
X.217
3.5.12
(1995-04)
X.217 bis 3.5.11
(1998-09)
X.217
6.2.1.2
(1995-04)
X.217
6.2.1.3
(1995-04)
H.235.1
3.2
(2005-09)
H.235.2
3.9
(2005-09)
X.217 bis 3.5.10
(1998-09)
Y.2704
3.2
(2010-01)
X.1034
3.1.3
(2011-02) RFC 4017
J.170
3(5)
(2005-11)
J.160
I.1.4
(2005-11)
T.411
3.8
(1993-03)
X.641
6.3.3.39
(1997-12)
X.1250
3.1
(2009-09)
X.509
3.4.6
(2008-11)
Q.1229
7.2.2.4.1.1 (1999-03)
X.509
3.4.7
(2008-11)
M.60
2031
(1993-03)
M.60
2032
(1993-03)
M.60
2033
(1993-03)
X.800
3.3.10+A (1991-03)
.2.5
H.235.0
J.170
3.3
3(6)
(2005-09)
(2005-11)
J.160
I.1.5
(2005-11)
X.1141
3.2.17
(2006-06)
X.1252
M.3345
6.14
3.2.1
(2010-04) X.800, Y.2720

(2009-05)
Q.1531
X.911
J.260
3.2.1
6.4.2
3.3
(2000-06)
(2005-05)
(2005-01)
Y.1271
4.3
(2004-10)
X.1114
3.2.1
(2008-11)
X.1253
7.2.3
(2011-09)
J.1001
3.1.1.
(2012-01)
X.1111
3.4.6
(2007-02)
J.93
3.3
(1998-03)
J.95
4.3
(1999-09)
X.1142
3.2.7
(2006-06)
X.1141
3.2.18
(2006-06)
X.1141
3.2.19
(2006-06)
X.1153
3.1.2
(2011-02) RFC 2904
J.112AnB B.3.1.6
(2004-03)
J.122
3.2.8
(2007-12)
X.1114
3.2.2
(2008-11)
X.400
B.5
(1999-06)
H.248.55 3.2.1
(2008-06)
X.800
Y.1271
A.2.5
4.4
(1991-03)
(2004-10)
X.400
B.6
(1999-06)
X.800
X.1521
K.87
3.3.11
3.2.2
3.1.2
(1991-03)
(2011-04)
(2011-11) ISO/IEC 27001
K.84
(3.1.1)
(2011-01) ISO/IEC 27002
X.805
6.7
(2003-10)
Q.1742.9 3.7
(2011-11)
X.Sup11 7.5.1
(2011-09)
X.1141
(2006-06)
3.2.20
X.1034
3.1.4
(2011-02) RFC 4017
X.744
3.7.1
(1996-10)
X.1101
3.2.1
(2010-05)
X.1142
X.1244
3.2.8
3.2.1
(2006-06)
(2008-09)
Y.2741
3.2.2
(2011-01)
X.509
X.1192
3.4.8
3.1.1
(2008-11)
(2011-05) H.264
X.1082
3.2.1
(2007-11)
X.1081
3.2.1
(2004-04)
J.170
4.1(34)
(2005-11)
X.743
3.7.4
(1998-06)
X.1205
3.2.2
Q.1741.7 3.9
(2008-04)
(2011-11)
Q.1741.7 3.10
Q.1741.7 3.11
Q.1741.7 3.12
(2011-11)
(2011-11)
(2011-11)
Q.1741.7 3.13
(2011-11)
F.771
6.2.3.3
(2008-08)
G.780/
Y.1351
3.2.18
(2010-07)
Q.1741.7 3.14
(2011-11)
J.96
(2002-07)
RFC 4046
X.1250
X.1252
X.1141
3.2
6.15
3.2.21
(2009-09)
(2010-04)
(2006-06)
X.1081
X.1090
X.1084
3.2.2.
3.1.1
3.2.1.
(2004-04)
(2011-05) ISO/IEC 19785-1
(2008-05)
X.1090
3.1.3
(2011-05) ISO 19092
X.1088
3.2.1.
(2008-05)
X.1088
3.2.2.
(2008-05)
X.1088
3.2.3.
(2008-05)
X.1089
3.2.1.
(2008-05)
X.1088
3.2.4.
(2008-05)
X.1084
3.2.10.
(2008-05)
X.1089
3.2.2.
(2008-05)
X.1089
3.2.3.
(2008-05)
X.1086
3.2.5.
(2008-11)
X.1086
3.2.4.
(2008-11)
X.1086
3.2.3.
(2008-11)
X.1088
3.2.6.
(2008-05)
X.1089
3.2.4.
(2008-05)
X.1089
3.2.5.
(2008-05)
X.1088
3.2.7.
(2008-05)
X.1088
3.2.8.
(2008-05)
X.1086
3.2.6.
(2008-11)
X.1089
3.2.6.
(2008-05)
X.1089
3.2.7.
(2008-05)
X.1089
3.2.8.
(2008-05)
X.1252
6.16
(2010-04) ISO/IEC 2382-37
X.1086
3.2.7.
(2008-11)
X.1090
X.1090
3.1.5
3.1.6
(2011-05) ISO/IEC 19785-1

(2011-05) ISO/IEC 19784-1
X.1090
3.1.7
(2011-05) ISO 19092
X.1082
3.2.6.
(2007-11)
X.1090
3.1.2
(2011-05) ISO/IEC 19785-1
X.1081
3.2.3.
(2004-04)
X.1090
3.1.4
(2011-05) ISO/IEC 19785-1
X.1081
3.2.4.
(2004-04)
X.1083
3.3.
(2007-11)
X.1083
3.4.
(2007-11)
X.1083
3.5.
(2007-11)
X.1083
3.2.
(2007-11)
X.1192
3.1.2
(2011-05) H.264
X.1081
X.1245
3.2.5.
3.2.2
(2004-04)
(2010-12)
X.1500
Table I.6
(2011-04) RFC 3080
X.1244
3.2.2
(2008-09)
X.400
B.23
(1999-06)
X.400
B.24
(1999-06)
X.1311
3.8.2
(2011-02)
H.530
3 + 4
(2002-03)
Y.2701
3.2.2
(2007-04)
X.1244
3.2.3
(2008-09)
X.Sup8
3.1
(2010-12)
X.Sup8
X.Sup8
3.4
3.2
(2010-12)
(2010-12)
Y.1901
3.1.2
Q.1741.7 3.15
X.1083
3.6.
(2009-01) M.60
(2011-11) I.113
(2007-11)
X.1083
(2007-11)
3.7.
X.1056
3.2.3
(2009-01)
X.1056
3.1.5
(2009-01) ISO/IEC TR
18044
M.3410
3.2.3
(2008-08)
X.1171
3.2.2
(2009-02)
X.509
J.191
3.4.9
3.
(2008-11)
(2004-03)
X.525
3.4.3
(2008-11)
X.525
3.4.4
(2008-11)
Q.1741.7 3.17
(2011-11)
J.170
(2005-11)
4.1(37)
X.Sup11 7.5.1
(2011-09)
Y.2801
(2006-11)
6.4.1
Q.1742.9 3.9
(2011-11)
Q.1742.9 3.10
Q.1742.9 3.11
X.Sup11 7.5.1
(2011-11)
(2011-11)
(2011-09)
J.170
4.1(40)
(2005-11)
X.Sup11
Q.1742.9
X.Sup11
X.Sup11
7.5.1
3.12
3.2.1
6.2.1
(2011-09)
(2011-11)
(2011-09)
(2011-09)
Q.1742.9 3.13
(2011-11)
X.1082
3.5.11.
(2007-11)
X.1082
3.5.12.
(2007-11)
X.790
3.10
(1995-11)
Y.2018
3.2.6
(2009-09)
X.893
3.2.2.
(2007-05)
X.893
3.2.3.
(2007-05)
X.893
3.2.4.
(2007-05)
X.893
3.2.5.
(2007-05)
X.800
3.3.12
(1991-03)
X.1520
3.2.2
(2011-04)
X.1524
3.2.2
(2012-03)
Y.1901
3.2.4
(2009-01)
Y.2012
3.2.3
(2010-04)
J.170
4.1(35)
(2005-11)
Q.1741.7 3.18
(2011-11)
Q.1742.9 3.15
(2011-11)
X.1252
6.17
(2010-04) X.810
X.843
X.509
H.235.0
3
3.4.48
3.5
(2000-10)
(2008-11)
(2005-09)
X.843
3.1
(2000-10)
X.509
3.4.10
(2008-11)
H.235.2
3.2
(2005-09)
X.1122
3.5.2.
(2004-04)
X.509
3.4.12
(2008-11)
Q.817
(2001-01)
X.509
3.4.14
(2008-11)
X.509
X.509
3.4.13
3.4.16
(2008-11)
(2008-11)
X.509
3.4.15
(2008-11)
X.842
5.4.6.2
(2000-10)
H.235.2
3.1
(2005-09)
X.509
3.4.17
(2008-11)
X.810
3.3.2
(1995-11)
Q.817
(2001-01)
J.170
4.1(36)
(2005-11)
X.509
3.4.18
(2008-11)
X.509
3.4.19
(2008-11)
X.509
3.4.11
(2008-11)
X.843
X.1152
X.811
X.1124
3.2
3.2.1
3.8
3.2.5.
(2000-10)
(2008-05)
(1995-04)
(2007-11)
X.402
10.3.7.1
(1999-06)
X.402
10.2.7.1
(1999-06)
X.800
Y.1901
3.3.13
3.2.5
(1991-03)
(2009-01)
Y.1901
X.1034
3.2.6
7.1(m)
(2009-01)
(2011-02)
Q.1741.7 3.20
(2011-11)
X.1082
3.5.7.
(2007-11)
X.1082
3.5.8.
(2007-11)
H.235.0
J.170
J.160
Q.1741.7
3.6
3(7)
I.1.8
3.22
(2005-09)
(2005-11)
(2005-11)
(2011-11)
J.170
3(8)
(2005-11)
J.160
I.1.9
(2005-11)
X.800
3.3.14
(1991-03)
X.1251
3.2.2
(2009-09)
X.1252
6.18
(2010-04) OED
X.811
3.9
(1995-04)
X.811
3.10
(1995-04)
X.1089
3.2.9.
(2008-05)
X.812
3.4.13
Q.1742.9 3.16
X.790
3.11
(1995-11)
(2011-11)
(1995-11)
X.800
X.1206
X.1088
X.1084
X.790
Y.2741
3.3.15
3.1.3
3.2.10.
3.2.9.
3.12
3.2.3
(1991-03)
(2008-04)
(2008-05)
(2008-05)
(1995-11)
(2011-01)
X.1090
3.2.1
(2011-05)
X.1113
3.4.2.
(2007-11)
Y.1901
3.2.7
(2009-01)
X.790
3.13
(1995-11)
Q.1741.7 3.23
(2011-11)
X.790
3.14
(1995-11)
Q.1721
13.25
(2000-xx)
X.1051
X.1082
3.1.1
3.3.4.
(2008-02)
(2007-11)
X.Sup8
3.3
(2010-12)
X.1500
Table I.2
(2011-04)
X.1083
3.8.
(2007-11)
X.1500
Table I.1
(2011-04)
X.1500
Table I.2
(2011-04)
X.1500
Table I.1
(2011-04)
X.1500
Table I.1
(2011-04) X.1520
X.1500
Table I.1
(2011-04) X.1521
X.1500
Table I.1
(2011-04)
X.1500
Table I.1
(2011-04)
X.902
8.9
(2009-10)
X.1051
3.1.2
(2008-02)
X.805
6.5
(2003-10)
X.901
9.2
(1997-08)
X.902
15.1
(2009-10)
X.1055
6.2.7
(2008-11)
Y.3001
3.2.1
(2011-05)
X.1241
X.813
3.2.4
3.4.1
(2008-04)
(1996-10)
X.1142
X.1036
3.2.9.
3.1.3.
(2006-06)
(2007-02)
X.1193
3.1.6
(2011-10) X.1191
J.1001
3.2.1.
(2012-01) J.193
J.1001
3.1.3.
(2012-01)
J.1001
3.1.2.
(2012-01)
J.93
3.4
(1998-03)
X.1193
3.1.7
(2011-10) X.1191
X.810
3.3.3
(1995-11)
X.1244
3.1.3
(2008-09)
X.800
3.3.16
(1991-03)
H.235.0
3.7
(2005-09)
J.170
3(9)
(2005-11)
J.160
I.1.10
(2005-11)
X.1521
3.2.3
(2011-04)
K.87
3.3.1
(2011-11)
K.84
(3.2.1)
(2011-01)
Q.1741.7 3.24
Q.1711
4.10.1
(2011-11)
(1999-03)
X.903
15.6
(2009-10)
M.3016
6.1.2.3
(1998-06)
X.814
3.4.2
(1995-11)
X.814
3.4.1
(1995-11)
X.814
3.4.3
(1995-11)
X.1253
8.2.1
(2011-09)
X.1052
3.1.1
(2011-05)
X.1570
I.3.7(b)
(2011-09)
X.1052
X.901
3.1.2
9.2
(2011-05)
(1997-08)
X.902
15.1
(2009-10)
X.901
9.2
(2009-10)
X.902
15.1
(2009-10)
X.790
3.15
(2009-10)
X.1142
3.2.10.
(2006-06)
Q.1741.7 3.25
X.800
5.2.3.1
(2011-11)
(1991-03)
X.402
10.2.3.1
(1999-06)
X.402
10.2.4.1
(1999-06)
X.800
5.2.4.1
(1991-03)
X.800
5.2.4.2
(1991-03)
X.800
5.2.3.2
(1991-03)
Q.1741.7 3.26
(2011-11)
X.800
(1991-03)
5.2.4.4
Q.1741.7 3.27
(2011-11)
X.1275
3.2.1
(2010-12)
X.901
9.2
(1997-08)
X.525
X.790
3.4.5
3.16
(2008-11)
(1995-11)
X.1161
3.2.2
(2008-05)
I.113
Y.1901
9.7.1
(2009-01)
X.400
15.4.8
(1999-06)
X.400
B.26
(1999-06)
X.402
10.3.3.1
(1999-06)
X.402
10.2.3.2
(1999-06)
Y.1901
X.1191
10.3.1.5.4 (2009-01)
3.2.2
(2009-02)
X.400
X.400
15.4.7
B.27
(1999-06)
(1999-06)
X.402
10.3.4.1
(1999-06)
X.402
10.3.4.1
(1999-06)
X.402
10.2.4.2
(1999-06)
X.1193
Y.1901
3.2.3
(2011-10)
10.3.1.5.4 (2009-01)
Y.1901
10.3.1.5.4 (2009-01)
X.1191
3.2.3
(2009-02)
Y.1901
3.2.8
(2009-01)
Y.1901
10.3.2.5.1 (2009-01)
Y.1901
10.3.1.2.1 (2009-01)
Y.1901
10.3.5.1
(2009-01)
Y.1910
3.2.1
(2008-09)
Y.1901
3.2.9
(2009-01)
X.1191
3.2.4
(2009-02)
Y.1901
3.2.10
(2009-01)
X.400
A.16
(1999-06)
X.402
8.1
(1999-06)
X.402
10.3.8
(1999-06)
X.1142
X.1252
Y.2221
3.2.11.
6.20
3.1.1
(2006-06)
(2010-04)
(2010-01) Y.2201
X.1142
3.2.12.
(2006-06)
X.910
5.1 + 5.2 (1998-09)
X.812
3.4.14
(1995-11)
Q.1741.7 3.28
X.1152
3.2.2
Y.2012
3.1.3
(2011-11)
(2008-05)
(2010-04) Y.2011
X.805
8.2
(2003-10)
J.1001
3.1.4.
(2012-01)
X.1125
3.2.2.
(2008-01)
X.400
A.17
(1999-06)
X.402
9.4.6
(1999-06)
X.400
B.29
(1999-06)
X.400
B.30
(1999-06)
X.680
3.8.17
(2008-11)
X.743
3.7.5
(1998-06)
X.1570
I.2 (d)
(2011-09)
X.1245
3.2.3
(2010-12)
Q.1741.7 3.29
(2011-11)
Q.1741.7 3.30
(2011-11)
Y.2701
3.2.3
(2007-04)
X.743
X.1125
3.7.6
3.2.3.
(1998-06)
(2008-01)
X.1125
3.2.4.
(2008-01)
X.1243
3.2.6
(2010-12)
X.1243
3.2.7
(2010-12)
X.1570
I.3.6
(2011-09)
X.813
3.4.2
(1996-10)
Q.1741.7 3.35
(2011-11)
Q.1741.7 3.34
(2011-11)
X.1252
Y.2720
6.21
3.3.4
(2010-04)
(2009-01)
H.530
4.2
(2002-03)
X.1152
3.2.3
(2008-05)
X.800
X.1141
X.1034
3.3.17
3.2.22.
3.2.1
(1991-03)
(2006-06)
(2011-02)
X.1311
3.8.3
(2011-02)
E.409
1.2.5
(2004-05)
M.3016.1 3.1
(2005-04)
X.509
3.4.20
(2008-11)
X.509
3.4.21
(2008-11)
X.800
3.3.18
(1991-03)
J.170
J.93
3(10)
3.5
(2005-11)
(1998-03)
X.1205
3.2.3
(2008-04)
H.235.0
3.8
(2005-09)
X.810
3.3.4
(1995-11)
X.800
3.3.19
(1991-03)
J.93
3.6
(1998-03)
Q.1221
I.3.3.2.9
(1997-09)
Q.1221
I.3.3.2.9
(1997-09)
Q.1221
I.3.3.2.9
(1997-09)
Q.1221
I.3.3.2.9
(1997-09)
X.509
3.4.22
(2008-11)
Q.815
3.6
(2000-02)
X.800
3.3.20
(1991-03)
E.800
3.1.3.20
(2008-09)
Q.1741.7
Q.1741.7
Q.1741.7
X.1142
X.790
3.36
3.37
3.38
3.2.13.
3.17
(2011-11)
(2011-11)
(2011-11)
(2006-06)
(1995-11)
Y.2014
3.2.2
(2010-03)
X.1524
3.2.3
(2012-03)
X.1524
3.2.4
(2012-03)
X.1205
3.2.4
(2008-04)
X.1570
I.3.5
(2011-09)
E.800
X.1205
3.1.3.23
3.2.5
(2008-09)
(2008-04)
X.1500
Apx.II
(2011-04)
X.1570
3.1.1
(2011-09) X.1500
X.1209
3.2.1
(2010-12)
X.1500.1 3.2.2
(2012-03) X.1500
X.1570
(2011-09)
X.1500
Apx.I.
(2011-04)
X.1570
(2011-09)
X.1500
Table I.4
(2011-04)
X.1500
Apx.II
(2011-04)
X.1500
Apx.II
(2011-04)
X.1500.1 3.2.3
(2012-03) X.1500
X.1500
Apx.II
(2011-04)
X.1524
3.2.3
(2012-03)
X.1524
3.2.4
(2012-03)
X.1082
3.3.7.
(2007-11)
X.902
X.1311
3.2.1
3.8.4
(2009-10)
(2011-02)
Q.1742.9 3.17
X.272
3.3
(2011-11)
(2000-03)
X.272
3.4
(2000-03)
X.272
3.2
(2000-03)
X.272
11
(2000-03)
X.509
3.4.23
(2008-11)
X.805
6.4
(2003-10)
X.402
10.3.3
(1999-06)
X.402
10.2.3
(1999-06)
X.1275
3.2.2
(2010-12)
X.800
X.805
3.3.21
6.6
(1991-03)
(2003-10)
X.402
10.3.4
(1999-06)
X.402
10.2.4
(1999-06)
X.1142
3.2.14.
(2006-06)
Q.1741.7 3.39
X.800
3.3.22
(2011-11)
(1991-03)
Q.1290
2.74
(1998-xx)
X.811
5.1
(1995-04)
M.3016
6.2.1.2
(1998-06)
X.402
10.3.1.2
(1999-06)
X.402
10.2.1.1
(1999-06)
Y.2012
E.800
Y.1901
3.1.4
3.1.3.3
5
(2010-04) Y.2011
(2008-09)
(2009-01)
X.1275
3.2.3
(2010-12)
X.400
15.2.4
(1999-06)
X.1207
3.1
(2008-04)
X.800
X.1142
X.1084
3.3.23
3.2.15.
3.2.2.
(1991-03)
(2006-06)
(2008-05)
X.1142
X.272
X.1192
H.248.77
3.2.16.
3.5
3.1.4
3.2.1
(2006-06)
(2000-03)
(2011-05) H.264
(2010-09)
X.800
J.96
Q.1741.7
Q.1741.7
3.3.24
3.5.
3.40
3.42
(1991-03)
(2002-07)
(2011-11)
(2011-11)
X.1125
3.2.5.
(2008-01)
X.1171
3.2.3
(2009-02)
X.790
3.18
(1995-11)
X.509
Y.2720
X.1252
3.4.24
3.1.5
6.22
(2008-11)
(2009-01) X.911
(2010-04)
X.509
3.4.25
(2008-11)
X.744
3.7.2
(1996-10)
Y.1910
X.813
3.2.2
5.2
(2008-09)
(1996-10)
Y.1901
3.2.12
(2009-01)
Y.1901
3.2.11
(2009-01)
X.400
B.40
(1999-06)
X.509
3.4.26
(2008-11)
Q.1741.7 3.44
(2011-11)
X.800
3.3.25
(1991-03)
X.402
D.4
(1999-06)
M.3016
(1998-06)
X.1034
7.1(d) +
8.1(b)
(2011-02)
X.1253
8.1.3
(2011-09)
Q.1741.7 3.45
(2011-11)
X.902
(2009-10)
11.2.3
Q.1741.7 3.41
(2011-11)
I.112
I.350
X.1124
3.2.6.
(2007-11)
X.1082
3.2.2.
(2007-11)
X.1081
3.2.6.
(2004-04)
J.96
3.2
(2002-07)
J.93
3.7
(1998-03)
Q.1741.7 3.46
X.1570
I.3.6 (b)
(2011-11)
(2011-09)
X.1082
X.1206
X.1111
(2007-11)
(2008-04)
(2007-02)
3.3.2.
3.1.6
3.4.5.
Q.1742.9 3.18
(2011-11)
X.1151
3.2
(2007-11)
X.1123
3.2.7
(2007-11)
J.170
4.1(44)
(2005-11)
X.1251
3.2.3
(2009-09)
X.810
3.3.5
(1995-11)
X.1251
3.2.4
(2009-09)
X.1252
6.23
(2010-04)
X.1251
3.2.5
(2009-09)
X.1193
3.1.12
(2011-10) X.1191
X.800
3.3.26
(1991-03)
H.235.2
3.3
(2005-09)
X.814
3.4.8
(1995-11)
X.843
3.4
(2000-10)
X.843
3.5
(2000-10)
X.400
X.500
Q.1741.7
X.830
A.22
3.5.1
3.47
C.1
(1999-06)
(2008-11)
(2011-11)
(1995-04)
X.830
C.2
(1995-04)
Q.1741.7 3.48
(2011-11)
X.500
3.5.2
(2008-11)
X.843
3.6
(2000-10)
Y.2720
3.3.5
(2009-01)
X.1570
3.2.1
(2011-09)
X.1500
Table I.4
(2011-04)
X.1143
3.2.2
(2007-11)
X.1142
X.217
3.2.17.
3.5.15
(2006-06)
(1995-04)
X.810
3.3.6
(1995-11)
X.811
3.11, 5.1.1 (1995-04)
X.Sup2
3.2.2
(2007-09)
X.1205
Y.1910
3.2.6
3.2.3
(2008-04)
(2008-09)
Q.1741.7 3.49
(2011-11)
X.501
11.1.6
(2008-11)
X.501
11.1.8
(2008-11)
X.1244
3.2.4
(2008-09)
X.Sup8
3.6
(2010-12)
X.Sup8
3.6
(2010-12)
I.113
X.Sup10 3.1.2
X.Sup10 3.1.2
(2011-09) M.3010
(2011-09) M.3010
Q.1741.7 3.50
(2011-11)
Y.2701
3.2.4
(2007-04)
Q.1741.7 3.51
(2011-11)
X.1056
(2009-01)
3.2.2
X.402
10.3.8
(1999-06)
Q.1741.7 3.52
(2011-11)
X.1034
7.1(k)
(2011-02)
J.170
X.1034
3(11)
3.1.5
(2005-11)
(2011-02) RFC 4017
M.3016
X.1034
X.1253
5
7.1(b)
8.4.3
(1998-06)
(2011-02)
(2011-09)
X.1142
X.1524
K.84
3.2.18.
3.2.5
(3.2.2)
(2006-06)
(2012-03)
(2011-01)
K.87
3.3.2
(2011-11)
Q.815
3.3
(2000-02)
J.93
3.8
(1998-03)
Y.1901
3.2.13
(2009-01)
X.893
3.2.7.
(2007-05)
M.3410
3.2.4
(2008-08)
Q.1741.7 3.54
(2011-11)
X.893
3.2.6.
Q.1741.7 3.55
(2007-05)
(2011-11)
X.1191
H.235.0
3.1.10
3.8 ter
(2009-02)
(2005-09)
H.235.0
3.8 bis
(2005-09)
H.235.0
3.8 quat
(2005-09)
X.1241
X.1241
3.2.5
3.2.6
(2008-04)
(2008-04)
K.87
3.1.6
(2011-11)
K.84
(3.1.2)
(2011-01) RFC 2828
M.60
2066
(1993-03) M.3010
Q.1711
4.11(b)
(1999-03)
J.260
3.4
(2005-01)
Y.2721
3.1.15
(2010-09) Y.2205
Y.2205
3.2.1
(2011-05)
Y.2171
3.2
(2006-09)
Y.2172
3.1
(2007-06)
E.107
3.1.
(2007-02)
Y.2721
3.1.16
(2010-09) E.107
RFC 2828
H.248.81 3.1.1
(2011-05) E.107
K.87
3.3.3
(2011-11)
X.800
3.3.27
(1991-03)
H.235.0
3.9
(2005-09)
X.400
A.33
(1999-06)
X.272
X.1192
X.680
3.6
3.1.5
3.8.22
(2000-03)
(2011-05) H.264
(2008-11)
X.402
10.3.9
(1999-06)
H.248.77
X.800
J.170
J.160
J.93
X.272
3.2.2
3.3.28
3(12)
I.1.12
3.9
10
(2010-09)
(1991-03)
(2005-11)
(2005-11)
(1998-03)
(2000-03)
X.509
3.4.27
(2008-11)
Y.1901
3.2.14
(2009-01)
X.1141
Y.1910
3.2.23.
3.2.4
(2006-06)
(2008-09)
X.Sup9
3.2.1
(2011-09)
X.509
3.4.28
(2008-11)
X.509
3.4.29
(2008-11)
J.170
X.1083
3(13)
3.9.
(2005-11)
(2007-11)
X.800
3.3.29
(1991-03)
X.Sup9
3.2.2
(2011-09)
X.805
8.3
(2003-10)
X.1090
3.1.8
(2011-05) ISO 19092
X.1252
6.24
(2010-04)
X.1191
3.2.5
(2009-02)
X.1193
J.1001
3.1.14
3.2.3
(2011-10) X.1191
(2012-01) J.290
J.1001
3.2.4.
(2012-01) J.290
X.842
X.902
3
6.1
(2000-10)
(2009-10)
X.1141
X.1252
3.2.24.
6.25
(2006-06)
(2010-04)
X.1251
3.1.1
(2009-09)
Y.2720
3.3.6
(2009-01)
X.811
5.1
(1995-04)
X.1252
6.26
(2010-04)
X.1500
Table I.5
(2011-04)
X.1124
3.2.7.
(2007-11)
X.1124
3.2.8.
(2007-11)
X.1192
3.2.1
(2011-05)
X.1192
X.525
X.1142
3.2.2
3.4.6
3.2.19.
(2011-05)
(2008-11)
(2006-06)
X.509
3.4.30
(2008-11)
Y.140.1
3.4.3.
(2004-03)
X.743
X.790
3.7.8
3.20
(1998-06)
(1995-11)
X.1051
3.1.3
(2008-02)
E.107
3.2.
(2007-02)
E.409
X.790
1.2.1
3.19
(2004-05)
(1995-11)
X.Sup10 3.1.1
(2011-09) M.2140
X.816
3.5.10
(1995-11)
J.170
X.1570
3(14)
I.3.3 (a)
(2005-11)
(2011-09)
X.813
3.4.3,7.13 (1996-10)
X.813
5.2
(1996-10)
X.813
3.4.4
(1996-10)
X.813
5.2
(1996-10)
X.813
X.813
X.813
3.4.5
3.4.6
5.2
(1996-10)
(1996-10)
(1996-10)
X.813
X.811
3.4.7
3.12
(1996-10)
(1995-04)
X.1570
3.1.2
(2011-09) X.1500
X.1500
3.2.2
(2011-04)
X.744
3.7.3
(1996-10)
Y.2014
3.2.3
(2010-03)
X.1520
3.2.3
(2011-04)
X.525
3.4.7
(2008-11)
X.1205
X.1500
3.2.8
Table I.5
(2008-04)
(2011-04)
X.1205
3.2.7
(2008-04)
T.180
Summary
(1998-06)
X.1500
Table I.1
(2011-04)
X.830
3.8.3
(1995-04)
Q.1741.7 3.59
(2011-11)
X.780.1
(2001-08)
3.3.1
X.140
X.1084
3.2.5.
(2008-05)
X.1084
3.2.6.
(2008-05)
X.680
X.1084
3.8.38
3.2.3.
(2008-11)
(2008-05)
X.1084
3.2.4.
(2008-05)
E.776
3.2
(1996-10)
X.790
3.21
(1995-11)
X.1141
X.1141
3.2.25.
3.2.27.
(2006-06)
(2006-06)
Y.2720
3.3.8
(2009-01)
X.1141
3.2.26.
(2006-06)
Y.2720
3.3.7
(2009-01)
X.1251
3.1.2
(2009-09) Y.2720
X.1252
Q.1741.7
Q.1741.7
Y.2741
6.27
3.60
3.61
3.2.4
(2010-04)
(2011-11)
(2011-11)
(2011-01)
X.1205
3.2.9
(2008-04)
Q.1741.7 3.62
(2011-11)
Q.1221
(1997-09)
I.3.3.1.5
Q.1221
I.3.3.1.6
(1997-09)
Q.1741.7 3.63
(2011-11)
X.1205
3.2.10
(2008-04)
E.800
3.1.3.17
(2008-09)
M.3016
(1998-06)
X.1101
3.2.2
(2010-05)
X.1193
3.1.15
(2011-10) SP 800-120
F.115
4.3
(1996-10)
RFC 4046
Q.1741.7 3.65
(2011-11)
Y.140.1
3.4.1.
(2004-03)
E.800
3.1.3.16
(2008-09)
Y.140.1
X.743
3.4.2.
3.7.7
(2004-03)
(1998-06)
X.1141
3.2.28.
(2006-06)
X.509
3.4.31
(2008-11)
J.93
3.10.
(1998-03)
X.1191
3.1.11
(2009-02) Y.2012
Y.2012
3.2.4
(2010-04)
Y.1910
3.1.2
(2008-09) Y.2012
X.Sup11 7.1
(2011-09)
M.3410
3.2.5
(2008-08)
X.1191
3.1.12
(2009-02) Y.2012
Y.2012
3.2.5
(2010-04)
M.3410
3.2.6
(2008-08)
Q.1741.7 3.66
X.743
3.7.9
(2011-11) I.112
(1998-06)
Y.3001
3.2.2
(2011-05)
F.115
4.1
(1996-10)
X.1143
3.2.1
(2007-11)
J.170
3(15)
(2005-11)
X.1192
7.1
(2011-05)
Y.2001
3.2
(2004-12)
X.1083
3.10.
(2007-11)
X.841
3.2
Q.1741.7 3.68
(2000-10)
(2011-11)
X.Sup11
Q.1741.7
X.743
Q.1741.7
3.2.4
3.69
3.7.10
3.70
(2011-09)
(2011-11)
(1998-06)
(2011-11)
X.1206
X.1101
3.1.7
3.2.3
(2008-04)
(2010-05)
Q.1741.7 3.71
(2011-11)
Q.1741.7 3.72
(2011-11)
Q.1741.7 3.73
(2011-11)
Q.1741.7 3.74
Q.1741.7 3.75
(2011-11)
(2011-11)
Q.1741.7 3.76
X.1193
3.1.16
(2011-11)
(2011-10) RFC 3740
X.1101
X.1101
3.2.4
3.2.5
(2010-05)
(2010-05)
X.1101
3.2.5
(2010-05)
X.1311
3.8.5
(2011-02)
Q.1741.7 3.82
(2011-11)
X.1500
Table I.4
(2011-04)
E.800
3.1.3.11
(2008-09)
Y.2801
6.2.2
(2006-11)
Q.1741.7 3.84
(2011-11)
Q.1741.7 3.85
(2011-11)
Q.1221
I.3.3.2.2
(1997-09)
Y.2018
3.2.7
(2009-09)
Y.2801
6.4.2
(2006-11)
Y.2018
3.2.8
(2009-09)
Q.1741.7 3.86
(2011-11)
X.509
3.4.32
(2008-11)
X.810
3.3.7
(1995-11)
J.170
4.1(50)
(2005-11)
X.1142
3.2.20.
(2006-06)
J.170
3(16)
(2005-11)
X.814
3.4.4
(1995-11)
X.814
3.4.6
(1995-11)
X.1142
3.2.21.
(2006-06)
Y.2014
6.2
(2010-03)
X.272
X.509
3.7
3.4.33
(2000-03)
(2008-11)
X.1205
3.2.12
(2008-04)
X.1111
3.4.3.
(2007-02)
H.530
4.3
(2002-03)
X.1111
3.4.2.
(2007-02)
Q.1741.7 3.87
(2011-11)
Q.1741.7 3.88
(2011-11)
Y.2014
3.2.4
(2010-03)
X.1124
Y.2801
3.2.9.
3.1
(2007-11)
(2006-11)
Y.1901
3.1.6
(2009-01) H.622
Q.1741.7 3.89
(2011-11)
X.1113
3.4.3.
(2007-11)
X.1114
3.2.3
(2008-11)
X.1114
3.2.4
(2008-11)
Q.1742.9 3.20
(2011-11)
X.1111
3.4.10.
(2007-02)
X.910
X.1205
6.7
3.2.11
(1998-09)
(2008-04)
Y.2801
6.2.3
(2006-11)
J.93
3.11
(1998-03)
Y.2018
3.2.9
(2009-09)
X.1205
J.380.7
3.2.13
3.2.4
(2008-04)
(2011-11)
X.1055
6.2.2
(2008-11)
X.1192
3.2.3
(2011-05)
J.380.7
3.2.5
(2011-11)
Q.1741.7 3.90
(2011-11)
X.1500
(2011-04)
Apx.II.
X.1111
3.4.4.
(2007-02)
F.771
3.2.1
(2008-08)
F.771
6.2.2
(2008-08)
F.771
3.2.2
(2008-08)
F.771
3.2.3
(2008-08)
X.1171
3.2.4
(2009-02)
F.851
F.852
X.1252
X.1114
1.3.4
3.4
6.28
3.1.11
(1995-02)
(2000-03)
(2010-04)
(2008-11) NIST SP800-47
Q.1711
4.11(a)
(1999-03)
X.1141
3.2.29.
(2006-06)
Y.2720
3.1.6
(2009-01) Y.2091
X.1252
6.29
(2010-04)
Y.2091
16
(2011-03)
F.771
3.2.4
(2008-08)
X.1141
3.2.30.
(2006-06)
X.1250
3.3
(2009-09)
Y.2720
X.1251
3.3.9
3.2.6
(2009-01)
(2009-09)
X.1252
6.30
(2010-04)
X.1252
6.31
(2010-04)
X.800
3.3.30
(1991-03)
X.1250
3.7
(2009-09)
X.1141
3.2.31.
(2006-06)
X.1034
7.1(l)
(2011-02)
X.1141
X.1251
3.2.32.
3.2.13
(2006-06)
(2009-09)
X.1251
3.2.8
(2009-09)
X.1251
3.2.7
(2009-09)
X.1253
7.2.1
(2011-09)
X.1252
6.34
(2010-04) Y.2720
Y.2720
3.3.11
(2009-01)
Q.1711
4.10.4
(1999-03)
X.1252
6.35
(2010-04)
X.1113
3.4.4.
(2007-11)
X.1252
6.36
(2010-04)
X.1250
3.6
(2009-09)
X.1141
3.2.33.
(2006-06)
Y.2720
3.3.10
(2009-01)
Y.2721
3.1.24
(2010-09)
X.1252
X.1153
6.37
3.1.3
(2010-04)
(2011-02) X.1252
X.1141
3.2.34.
(2006-06)
X.1251
3.2.9
(2009-09)
X.1251
3.2.14
(2009-09)
X.1250
X.1253
3.4
7.2
(2009-09)
(2011-09)
X.1252
6.33
(2010-04)
X.1252
6.38
(2010-04)
X.1251
3.2.10
(2009-09)
X.1251
X.1151
3.2.11
3.3
(2009-09)
(2007-11)
X.1253
8.4.5
(2011-09)
X.1251
X.1252
3.2.12
6.39
(2009-09)
(2010-04)
X.1089
3.2.10.
(2008-05)
X.800
3.3.30
(1991-03)
Q.1741.7
X.1253
X.1253
J.170
X.1034
3.91
3.2.1
3.2.2
4.1(52)
8.1(e)
(2011-11)
(2011-09)
(2011-09)
(2005-11)
(2011-02)
X.1055
3.1.1
Q.1741.7 3.92
(2008-11) ISO/IEC 27005

(2011-11)
Q.1741.7 3.93
(2011-11)
X.1113
3.4.5.
(2007-11)
Y.2014
3.2.5
(2010-03)
X.1193
3.1.17
(2011-10) SP 800-120
E.776
3.3
(1996-10)
Q.1741.7 3.94
(2011-11)
Q.1742.9 3.21
(2011-11)
X.1253
8.1.2
(2011-09)
X.Sup11 3.2.2
E.409
1.2.2
X.1570
I.3.3
(2011-09)
(2004-05)
(2011-09)
X.1056
3.1.6
(2009-01)
X.1570
I.1(c)
(2011-09)
X.1500
Apx.II.
(2011-04)
X.1056
3.1.7
(2009-01)
X.1500
Table I.2
(2011-04) RFC 5070
X.1570
I.3.3 (b)
(2011-09)
X.1192
3.2.4
(2011-05)
X.814
3.4.9
(1995-11)
X.509
3.4.34
(2008-11)
X.1101
3.2.6
(2010-05)
X.902
3.2.6
(2009-10)
E.409
1.2.4
(2004-05)
X.Sup3
3.2
(2008-04) ISO/IEC 13335-1
Q.1741.7 3.95
(2011-11)
F.771
6.2.3.1
(2008-08)
X.1500
3.2.3
(2011-04)
X.1036
3.1.4.
(2007-02)
X.681
3.4.8
(2008-11)
X.681
3.4.9
(2008-11)
F.771
6.2.3
(2008-08)
X.1570
I.1(a)
(2011-09)
E.800
X.1056
3.1.3.2
3.1.8
(2008-09)
(2009-01) ISO/IEC TR
18044
X.1055
3.1.2
(2008-11) ISO/IEC 27005
X.1032
7.2.2
(2010-12)
X.1032
7.2.1
(2010-12)
X.1055
6.2.1
(2008-11)
F.771
6.2.3.2
(2008-08)
X.805
7.1
(2003-10)
X.830
3.8.4
(1995-04)
X.812
3.4.15
(1995-11)
X.814
X.1193
X.813
E.1.1
3.1.18
5.2
(1995-11)
(2011-10) RFC 3830
(1996-10)
X.842
4.2.1
(2000-10)
X.1082
X.744
3.2.3.
3.7.4
(2007-11)
(1996-10)
X.1231
3.2.2
(2008-04)
X.Sup9
3.2.3
(2011-09)
X.Sup11 6.2.2
(2011-09)
X.1192
3.1.6
(2011-05) H.264
Y.2018
3.2.10
(2009-09)
Y.2091
19
(2011-03) Y.2018
X.800
H.235.0
J.170
J.160
J.93
3.3.31
3.10
3(17)
I.1.18
3.12
(1991-03)
(2005-09)
(2005-11)
(2005-11)
(1998-03)
X.1521
3.2.4
(2011-04)
K.87
K.84
Q.1741.7
X.903
3.1.9
(3.1.3)
3.98
15.5
(2011-11) ISO/IEC 27001

(2011-01) ISO/IEC 27002
(2011-11)
(2009-10)
M.3016
6.1.2.4
(1998-06)
X.815
3.5.1
(1995-11)
X.815
3.5.3
(1995-11)
X.815
3.5.2
(1995-11)
X.800
A.2.4.2
(1991-03)
X.Sup11 7.5.1
(2011-09)
X.1081
3.2.7.
(2004-04)
Q.814
3.3
(2000-02)
X.1243
3.2.3
(2010-12)
Q.1741.7 3.99
(2011-11)
Q.1741.7 3.100
(2011-11)
Q.1741.7 3.101
X.902
8.5
(2011-11) I.112
(2009-10)
X.1124
3.2.10.
(2007-11)
X.1124
3.2.11.
(2007-11)
X.400
15.2.2
(1999-06)
J.260
3.5
(2005-01)
Q.1741.7 3.102
(2011-11)
Q.1741.7 3.103
(2011-11)
X.660
3.5.6
(2007-11)
J.170
4.1(51)
(2005-11)
J.380.7
Y.1901
3.2.6
3.2.15
(2011-11)
(2009-01)
X.1242
3.2.1
(2009-02)
J.96
3
Q.1741.7 3.104
Y.2741
3.2.5
(2002-07)
(2011-11)
(2011-01)
I.113
Q.1741.7 3.106
Q.1741.7 3.107
(2011-11)
(2011-11)
Y.2760
3.2.1
(2011-05)
Q.1741.7 3.108
Q.1741.7 3.109
(2011-11)
(2011-11)
X.1192
X.400
(2011-05) H.264
(1999-06)
3.1.7
15.2.3
Q.1741.7 3.110
(2011-11)
X.1192
Y.2760
3.2.5
3.2.2
(2011-05)
(2011-05)
X.1311
3.8.7
(2011-02)
J.93
3.13
(1998-03)
X.1192
X.1192
3.2.6
3.2.7
(2011-05)
(2011-05)
X.1205
3.2.14
(2008-04)
X.1101
3.1.11
(2010-05) X.603
X.1244
3.2.5
(2008-09)
X.1244
3.2.6
(2008-09)
X.1231
3.2.1
(2008-04)
X.1245
3.2.4
(2010-12)
X.1231
3.1.2
(2008-04)
Q.1741.7 3.111
(2011-11)
Q.1741.7 3.112
(2011-11)
X.400
B.59
(1999-06)
X.400
B.60
(1999-06)
Y.2012
3.1.6
(2010-04) Y.1901
Y.1901
3.2.17
(2009-01)
X.1191
3.2.6
(2009-02)
Y.1901
3.2.16
(2009-01)
X.1570
I.1(b)
(2011-09)
X.1570
I.2 (b)
(2011-09)
X.1055
6.2.5
(2008-11)
X.1142
3.2.22.
(2006-06)
X.790
3.22
(1995-11)
J.170
3(18)
(2005-11)
J.160
I.1.22
(2005-11)
X.800
J.170
J.160
X.509
3.3.32
3(19)
I.1.23
3.4.35
(1991-03)
(2005-11)
(2005-11)
(2008-11)
X.813
5.2
(1996-10)
X.1034
3.2.2
(2011-02)
X.1193
3.1.21
3.2.4
(2011-10) SP 800-120
X.1193
3.1.22
(2011-10) SP 800-120
X.813
5.2
(1996-10)
X.843
3.7
(2000-10)
X.1311
3.8.6
(2011-02)
X.1193
3.1.23
(2011-10) SP 800-120
J.170
3(20)
(2005-11)
J.160
I.1.24
(2005-11)
X.1193
3.1.24
3.2.5
(2011-10) SP 800-120
X.800
3.3.33
(1991-03)
X.842
7.3
(2000-10)
J.170
J.160
Y.2760
3.(21)
I.1.25
7.1
(2005-11)
(2005-11)
(2011-05)
X.903
15.8
(2009-10)
Q.1741.7 3.120
(2011-11)
X.1193
3.1.27
(2011-10) SP 800-120
X.1193
3.1.26
(2011-10) SP 800-120
X.1570
I.1(d)
(2011-09)
X.1500
Apx.II.
(2011-04)
X.1192
3.1.8
(2011-05) H.264
X.402
D.6
(1999-06)
X.1081
3.2.8.
(2004-04)
X.Sup2
Y.2014
Y.1910
3.2.3
3.2.6
3.2.5
(2007-09)
(2010-03)
(2008-09)
X.1191
3.2.7
(2009-02)
Y.1901
3.2.18
(2009-01)
X.1083
3.11.
(2007-11)
X.800
3.3.34
(1991-03)
H.235.9
X.743
X.1243
3.2
3.7.11
3.2.9
(2005-09)
(1998-06)
(2010-12)
X.Sup11 3.2.5
X.1206
3.1.8
Q.1741.7 3.121
(2011-09)
(2008-04)
(2011-11)
Q.1741.7 3.122
(2011-11)
Y.2801
6.4.1
(2006-11)
Q.1741.7 3.123
(2011-11)
Y.2801
6.4.1
(2006-11)
X.1152
3.2.4
(2008-05)
M.3016
6.1.2.6.1
(1998-06)
Q.1741.7 3.124
(2011-11)
Q.1741.7 3.125
(2011-11)
Q.1741.7 3.126
(2011-11)
X.1141
3.2.35.
(2006-06)
X.1141
M.3016
3.2.36.
5
(2006-06)
(1998-06)
Q.1741.7 3.128
(2011-11)
Q.1741.7 3.129
(2011-11)
Q.1741.7 3.130
(2011-11)
Q.1741.7 3.131
Q.1741.7 3.132
(2011-11)
(2011-11)
E.800
3.1.3.10
(2008-09)
X.Sup9
3.2.4
(2011-09)
X.1500
Table I.2
(2011-04)
M.3410
3.2.7
(2008-08)
M.3410
3.2.8
(2008-08)
M.3410
3.2.9
(2008-08)
J.96
M.3010
J.191
3
3.13
C.2.5
(2002-07)
(2000-02)
(2004-03)
Y.2012
3.1.7
(2010-04) Y.2011
F.400/X.4 15.4.14
00
X.805
8.1
(1999-06)
X.790
3.23
(1995-11)
X.1086
3.2.1.
(2008-11)
Q.1741.7 3.134
(2011-11)
(2003-10)
X.1252
6.40
(2010-04)
X.1151
3.4
(2007-11)
X.1034
3.1.6
(2011-02) X.1151
X.1034
7.1(g) +
8.1(c)
(2011-02)
X.1253
8.3.2
(2011-09)
X.800
3.3.35
(1991-03)
X.1524
3.2.6
(2012-03)
X.1520
3.2.4
(2011-04)
X.1141
3.2.37.
(2006-06)
X.800
X.800
3.3.36
A.2.5.1
(1991-03)
(1991-03)
X.811
5.2.1
(1995-04)
X.400
15.2.2
(1999-06)
X.402
D.1
(1999-06)
X.525
3.4.8
(2008-11)
X.1083
3.12.
(2007-11)
Q.1741.7 3.135
X.1034
3.2.3
(2011-11)
(2011-02)
X.1193
3.2.6
(2011-10)
X.1034
3.1.7
(2011-02) RFC 4017
X.743
3.7.12
(1998-06)
X.743
3.7.13
(1998-06)
Q.1741.7 3.139
(2011-11)
Q.1741.7 3.140
(2011-11)
Y.2012
J.170
3.2.6
4.1(58)
(2010-04)
(2005-11)
H.235.9
3.3
(2005-09)
H.235.0
3.12
(2005-09)
Y.2012
3.2.7
(2010-04)
Y.2012
3.2.8
(2010-04)
I.210
X.1080.1 3.2.1
(2011-10)
Q.1741.7 3.141
(2011-11)
X.1101
3.2.7
(2010-05)
X.1206
3.1.4
(2008-04)
X.402
10.3.3.2
(1999-06)
X.402
10.3.4.2
(1999-06)
X.813
3.4.8
(1996-10)
X.1206
3.1.5
(2008-04)
X.400
15.4.9
(1999-06)
X.400
B.64
(1999-06)
X.402
10.2.3.3
(1999-06)
X.400
B.65
(1999-06)
X.400
15.2.2
(1999-06)
X.400
15.4.1
(1999-06)
X.400
B.66
(1999-06)
X.402
10.3.1.2.1 (1999-06)
X.402
10.2.1.1.1 (1999-06)
X.402
10.3.6.1
(1999-06)
X.402
10.3.6.1
(1999-06)
X.400
15.4.14
(1999-06)
X.400
B.67
(1999-06)
X.402
10.2.6
(1999-06)
X.400
15.4.10
(1999-06)
X.400
B.68
(1999-06)
X.402
10.3.4.3
(1999-06)
X.402
10.2.4.3
(1999-06)
X.402
10.3.4.3
(1999-06)
X.402
D.2
(1999-06)
X.1206
3.1.6
(2008-04)
X.400
X.402
15.2
10.3.4.2
(2007-04)
(1999-06)
Q.1741.7 3.142
(2011-11)
Y.1901
3.2.19
(2009-01)
X.1191
3.2.8
(2009-02)
Q.1741.7 3.148
(2011-11)
Q.1741.7 3.149
(2011-11)
X.400
15.2
Q.1741.7 3.150
Y.1901
3.2.20
(1999-06)
(2011-11)
(2009-01)
I.113
X.1570
I.3.5 (b2)
(2011-09)
Q.1742.9 3.23
(2011-11)
Y.2741
3.2.7
Q.1741.7 3.152
(2011-01)
(2011-11)
Y.2741
3.2.6
(2011-01)
X.1253
3.2.3
X.1121
3.2.4.
Q.1741.7 3.153
(2011-09)
(2004-04)
(2011-11)
Y.2741
3.2.8
(2011-01)
X.1121
3.2.9.
(2004-04)
X.1125
3.2.6.
(2008-01)
X.1242
3.1.1
(2009-02) ETSI TR 125 990
X.1125
3.2.7.
(2008-01)
X.1125
3.2.8.
(2008-01)
X.1121
3.2.3.
(2004-04)
F.115
4.6
(1996-10)
Q.1741.7 3.154
(2011-11)
X.1121
3.2.5.
(2004-04)
Y.2012
3.1.8
(2010-04) Q.1706
Y.2801
3.2
(2006-11)
Y.1901
3.1.7
(2009-01) Q.1706
Q.1741.7 3.155
(2011-11)
Q.1742.9 3.24
(2011-11)
Y.2801
Apx I
(2006-11)
Y.2801
Apx I
(2006-11)
Y.2801
Apx I
(2006-11)
Y.2801
Apx I
(2006-11)
Y.2801
Apx I
(2006-11)
Y.2801
Apx I
(2006-11)
Y.2801
6.2.3
(2006-11)
Y.2801
6.2.1
(2006-11)
Y.2801
Apx I
(2006-11)
Y.2801
6.2.2
(2006-11)
Y.2801
3.3
(2006-11)
Q.1741.7 3.156
(2011-11)
Q.1742.9 3.25
(2011-11)
Y.2801
6.4
(2006-11)
H.530
4.4
(2002-03)
Y.2018
3.2.11
(2009-09)
Y.2018
3.2.12
(2009-09)
X.1244
3.2.7
(2008-09)
X.1231
3.2.3
(2008-04)
X.1243
3.2.10
(2010-12)
X.1081
3.2.9.
(2004-04)
X.402
D.3
(1999-06)
X.400
15.2.4
(1999-06)
X.1034
7.1(c)
(2011-02)
X.680
3.8.42
(2008-11)
J.93
3.14
(1998-03)
Y.2741
3.2.9
(2011-01)
X.813
5.2
(1996-10)
X.1192
3.1.9
(2011-05) H.264
X.1192
3.2.8
(2011-05)
Q.1742.9 3.26
(2011-11)
Q.1742.9 3.27
(2011-11)
Q.1742.9 3.28
X.402
10.3.2.3
(2011-11)
(1999-06)
X.402
(1999-06)
10.2.7.1
X.1101
3.1.18
(2010-05) X.603
X.1101
3.2.8
(2010-05)
X.1193
3.2.7
(2011-10)
Q.1741.7 3.157
(2011-11)
X.1193
3.2.8
(2011-10)
Y.1901
X.1153
3.2.21
3.2.2
(2009-01)
(2011-02)
F.771
3.2.5
(2008-08)
F.771
3.2.6
(2008-08)
X.1231
3.2.5
(2008-04)
Q.1741.7 3.160
(2011-11)
X.1244
3.2.8
(2008-09)
X.1231
3.2.4
(2008-04)
X.1243
3.2.11
(2010-12)
Q.1741.7 3.159
(2011-11)
Q.1741.7 3.158
(2011-11)
X.1142
3.2.23.
(2006-06)
J.170
3(24)
(2005-11)
X.811
X.1034
5.2.4
3.1.8
(1995-04)
(2011-02) X.1151
X.1151
3.5
(2007-11)
X.1113
3.4.6.
(2007-11)
I.113
X.1252
6.41
(2010-04)
X.1192
3.1.10
(2011-05) H.264
X.1252
6.42
(2010-04) Y.2091
X.902
Y.2091
12.1
16
(2009-10)
(2011-03) Y.2111
Q.1741.7 3.161
X.910
6.1
(2011-11)
(1998-09)
X.910
6.11
(1998-09)
X.1141
3.2.38.
(2006-06)
X.902
12.8
(2009-10)
X.902
X.1142
12.3
3.2.24.
(2009-10)
(2006-06)
X.902
12.5
(2009-10)
X.400
X.501
X.213
A.67
9.1.7
3.4.8
(1999-06)
(2008-11)
(2001-10)
X.650
3.4.15
(1996-10)
F.500
H.57
(1992-08)
E.Sup3
3.4.8
(2004-xx)
X.902
12.4
(2009-10)
X.910
6.5
(1998-09)
X.910
6.4
(1998-09)
X.902
12.6
(2009-10)
X.902
12.7
(2009-10)
X.910
6.14
(1998-09)
Y.2091
16
(2011-03) Y.2111
F.771
6.1.5
(2008-08)
Q.1741.7 3.162
Y.2091
16
(2011-11)
(2011-03) Y.2111
Q.1741.7 3.163
(2011-11)
X.1125
3.2.9.
(2008-01)
Y.2091
16
(2011-03) Y.2111
H.235.9
3.4
(2005-09)
Y.2091
16
(2011-03) Y.2111
X.213
3.4.9
(2001-10)
Y.2701
3.2.5
(2007-04)
Q.1741.7 3.164
Q.1741.7 3.165
Q.1741.7 3.166
(2011-11)
(2011-11)
(2011-11)
Q.1741.7 3.167
(2011-11)
Y.140.1
3.4.4.
(2004-03)
Q.1711
4.10.3
(1999-03)
M.3410
3.2.10
(2008-08)
Q.1741.7 3.168
(2011-11)
Y.2221
3.1.2
(2010-01) Q.1703
Y.2801
6.2.1
(2006-11)
X.Sup2
Y.2012
3.2.4
3.1.9
(2007-09)
(2010-04) M.1400
X.Sup2
3.2.5
(2007-09)
X.213
Y.1901
3.2.22
(2009-01)
Q.1741.7 3.170
(2011-11)
X.1191
3.1.17
(2009-02) Q.1290
Y.1910
3.2.6
(2008-09)
Q.1742.9 3.29
(2011-11)
Q.1741.7 3.172
(2011-11)
X.1055
6.2.4
(2008-11)
Q.1741.7 3.174
(2011-11)
Q.1741.7 3.175
Y.2018
3.2.13
(2011-11) I.112
(2009-09)
X.1171
3.2.5
(2009-02)
Y.2012
6.2
(2010-04)
Y.2001
3.1
(2004-12)
Y.2012
3.1.10
(2010-04) Y.2011
Y.2012
3.1.11
(2010-04) Y.2011
X.1171
3.2.6
(2009-02)
X.1142
3.2.25.
Q.1741.7 3.176
(2006-06)
(2011-11)
Y.2014
(2010-03) Q.1761
3.1.2
Y.2012
3.1.12
(2010-04) Y.2201
Y.2801
6.2.2
(2006-11)
Q.1741.7 3.178
X.400
A.68
(2011-11)
(1999-06)
X.1051
3.1.4
(2008-02)
Y.2012
3.2.9
(2010-04)
Y.2741
3.2.10
(2011-01)
X.400
A.69
(1999-06)
J.170
3(22)
(2005-11)
J.160
I.1.27
(2005-11)
H.235.0
3.13
(2005-09)
J.93
3.15
(1998-03)
X.1252
6.43
(2010-04)
M.60
2120
(1993-03) M.3010
X.903
15.7
(2009-10)
F.440
G.1
(1992-08)
X.400
B.74
(1999-06)
F.440
G.2
(1992-08)
F.440
G.3
(1992-08)
X.843
3.8
(2000-10)
X.400
15.4.12
(1999-06)
X.400
B.75
(1999-06)
X.402
10.2.5.3
(1999-06)
X.400
B.76
(1999-06)
X.400
15.4.11
(1999-06)
X.400
B.77
(1999-06)
X.402
10.2.5.1
(1999-06)
X.400
15.4.13
(1999-06)
X.400
B.78
(1999-06)
X.402
10.2.5.2
(1999-06)
F.440
G.4
(1992-08)
F.440
G.5
(1992-08)
X.805
6.3
(2003-10)
X.402
10.3.5
(1999-06)
X.402
10.2.5
(1999-06)
X.813
3.4.9
(1996-10)
M.3016
6.1.2.5
(1998-06)
X.800
5.2.5.2
(1991-03)
X.813
C(2)
(1996-10)
X.800
5.2.5.1
(1991-03)
X.813
C(1)
(1996-10)
X.813
C(3)
(1996-10)
X.813
C(5)
(1996-10)
X.813
C(4)
(1996-10)
Q.1741.7 3.179
(2011-11)
X.217
3.5.13
(1995-04)
Q.1741.7 3.180
(2011-11)
X.800
(1991-03)
3.3.37
X.813
3.4.10
(1996-10)
X.813
5.2
(1996-10)
X.1083
3.13.
(2007-11)
X.1083
3.14.
(2007-11)
Q.1741.7 3.181
(2011-11)
Q.1741.7 3.182
(2011-11)
Q.1742.9 3.30
(2011-11)
X.400
A.71
(1999-06)
X.400
A.72
(1999-06)
X.400
A.73
(1999-06)
X.680
3.8.44
(2008-11)
X.902
8.1
(2009-10)
X.841
3.5
X.680
3.8.46
X.1500.1 3.1.1
(2000-10)
(2008-11)
(2012-03) X.660
X.1570
3.1.3
(2011-09) X.660
X.509
3.4.36
(2008-11)
X.1142
3.2.26.
(2006-06)
X.903
4.3.1 +
4.3.2
(2009-10)
X.903
11
(2009-10)
X.811
3.13
(1995-04)
X.1034
7.1(f)
(2011-02)
X.813
5.2
(1996-10)
X.842
4.2.3
(2000-10)
X.1500.1 3.1.2
(2012-03) X.660
X.1153
3.1.4
(2011-02) RFC 2289
X.1090
3.2.2
(2011-05)
X.1090
3.2.4
(2011-05)
Q.1229
7.2.2.4.1.1 (1999-03)
X.509
3.4.37
(2008-11)
X.810
3.3.8
(1995-11)
J.93
3.16
(1998-03)
X.810
3.3.9
(1995-11)
X.811
3.14
(1995-04)
H.235.2
3.4
(2005-09)
X.1034
7.1(e)
(2011-02)
X.1244
X.813
3.2.9
5.2
(2008-09)
(1996-10)
X.842
4.2.2
(2000-10)
X.1570
F.744
3.1.4
3.2.1
(2011-09)
(2009-12)
Y.2801
3.4
Q.1741.7 3.183
(2006-11)
(2011-11)
Y.2012
3.1.13
(2010-04) Y.2234
Y.2221
3.1.3
(2010-01) Y.2234
Y.2801
3.5
(2006-11)
X.680
3.6.50
(2008-11)
X.1500
Table I.1
(2011-04)
X.1500
Apx.II.1
(2011-04)
X.741
X.1055
3.11.2
6.2.3
(1995-04)
(2008-11)
Q.1741.7 3.184
(2011-11)
X.1275
3.2.5
(2010-12)
X.1275
3.2.6
(2010-12)
X.402
10.2.1
(1999-06)
X.1090
3.2.5
(2011-05)
Q.1742.9 3.31
Q.1742.9 3.32
(2011-11)
(2011-11)
X.813
(1996-10)
3.4.11
Q.1741.7 3.185
Y.2012
6
(2011-11)
(2010-04) Y.2234
X.402
D.7
(1999-06)
X.1153
3.2.3
(2011-02)
X.1153
X.1153
3.2.4
3.2.2
(2011-02)
(2011-02)
X.1090
3.2.3
(2011-05)
X.1090
3.2.6
(2011-05)
X.790
X.Sup11
X.1082
X.1101
3.24
3.2.3
3.2.4.
3.2.9
(1995-11)
(2011-09)
(2007-11)
(2010-05)
X.1162
3.2.1
(2008-05)
X.1142
X.1520
X.1524
X.1161
3.2.27.
3.2.5
3.2.7
3.2.3
(2006-06)
(2011-04)
(2012-03)
(2008-05)
Y.1901
3.2.23
(2009-01)
Q.1741.7 3.186
(2011-11)
I.113
Q.1741.7 3.187
Q.1741.7 3.188
(2011-11)
(2011-11)
I.113
Q.1741.7 3.189
(2011-11)
Q.1741.7 3.190
Q.1741.7 3.191
(2011-11)
(2011-11)
X.1082
X.1311
3.3.6.
3.8.8
(2007-11)
(2011-02)
X.1034
3.1.9
(2011-02) ISO/IEC 8802-11
X.1193
X.1034
3.2.10
3.1.10
(2011-10)
(2011-02) ISO/IEC 8802-11
X.1141
3.2.39.
(2006-06)
X.1151
3.6
(2007-11)
X.1034
3.1.11
(2011-02) X.1151
X.1253
8.2
(2011-09)
X.800
3.3.38
(1991-03)
X.800
A.2.4.3
(1991-03)
X.800
H.530
3.3.39
3 + 4.5
(1991-03)
(2002-03)
X.1253
8.4.1
(2011-09)
X.1253
8.2.2
(2011-09)
X.1206
3.1.9
(2008-04)
X.910
6.12
(1998-09)
X.1252
Y.2720
6.44
3.3.12
(2010-04)
(2009-01)
Y.2741
3.2.11
(2011-01)
J.93
3.17.
(1998-03)
Q.1741.7 3.192
(2011-11)
X.1161
3.2.4
(2008-05)
X.1152
3.2.5
(2008-05)
X.1162
3.2.2
(2008-05)
X.800
3.3.40
(1991-03)
I.210
M.3016
6.2.1.2
(1998-06)
X.402
10.2.2.1
(1999-06)
X.1244
3.1.6
(2008-09)
X.790
X.1192
3.25
3.2.9
(1995-11)
(2011-05)
X.1151
3.7
(2007-11)
X.1034
3.1.12
(2011-02) X.1151
Q.1741.7 3.193
(2011-11)
X.1142
3.2.28.
(2006-06)
X.1142
3.2.29.
(2006-06)
X.1252
6.45
(2010-04)
X.1141
3.2.40.
(2006-06)
X.1051
3.1.5
(2008-02)
Q.1742.9 3.33
(2011-11)
Y.2801
6.2.1
(2006-11)
F.852
3.6
(2000-03)
X.1081
3.2.10.
(2004-04)
X.843
3.9
(2000-10)
Q.1741.7 3.194
(2011-11)
F.852
3.22
(2000-03)
Y.1901
3.2.25
(2009-01)
Q.1741.7 3.195
(2011-11)
Q.1741.7 3.196
X.843
3.10
(2011-11)
(2000-10)
Q.1742.9 3.34
(2011-11)
Y.2720
3.3.13
(2009-01)
X.1252
6.46
(2010-04)
X.1151
3.8
(2007-11)
X.1240
X.1244
3.4
3.2.10
(2008-04)
(2008-09)
X.1151
3.9
(2007-11)
X.Sup6
3.1
(2009-02)
X.1251
3.2.15
(2009-09)
X.1191
3.2.9
(2009-02)
E.800
3.1.3.12
(2008-09)
X.1240
3.3
(2008-04)
X.1253
8.4.4
(2011-09)
X.1500
Table I.2
(2011-04) RFC 5901
Q.1741.7 3.197
(2011-11)
Q.1741.7 3.199
(2011-11)
Q.1741.7 3.198
(2011-11)
X.910
6.12
(1998-09)
X.1055
6.2.6
(2008-11)
X.800
3.3.41
(1991-03)
Q.1741.7 3.201
X.1192
3.1.11
(2011-11)
(2011-05) H.264
Y.1901
3.2.26
(2009-01)
J.93
3.18.
(1998-03)
J.170
4.1(71)
(2005-11)
Y.1901
X.1151
3.2.27
3.10
(2009-01)
(2007-11)
Q.1741.7 3.202
(2011-11)
X.Sup2
3.2.6
(2007-09)
Q.1741.7 3.203
(2011-11)
Q.1741.7 3.204
(2011-11)
Q.1741.7 3.205
(2011-11)
X.1036
3.1.5.
(2007-02)
X.1125
X.1124
3.2.10.
3.2.12.
(2008-01)
(2007-11)
X.1057
3.1.2
X.800
X.1250
3.3.42
3.10
(2011-05) ISO/IEC
27000:2009
(1991-03)
(2009-09)
X.1036
3.1.6.
(2007-02)
X.1113
3.4.7.
(2007-11)
X.509
X.1141
3.4.38
3.2.41.
(2008-11)
(2006-06)
X.1152
3.2.6
(2008-05)
X.509
3.4.39
(2008-11)
X.1141
3.2.42.
(2006-06)
X.1142
3.2.30.
(2006-06)
X.509
3.4.40
(2008-11)
X.1500
Table I.5
(2011-04) TS 102042
X.1143
3.2.3
(2007-11)
X.1193
3.1.30
(2011-10) RFC 3740
X.1142
3.2.31.
(2006-06)
Y.2801
6.2.2
(2006-11)
Q.1741.7
Q.1741.7
Q.1741.7
X.1192
3.206
3.207
3.208
3.2.10
(2011-11)
(2011-11)
(2011-11)
(2011-05)
Y.2018
3.2.14
(2009-09)
Q.1741.7 3.209
(2011-11)
X.1207
3.3
(2008-04)
X.1034
8.1(a)
(2011-02)
X.743
X.1142
X.1192
3.7.14
3.2.32.
3.2.11
(1998-06)
(2006-06)
(2011-05)
Q.1741.7 3.211
(2011-11)
X.1192
3.2.12
(2011-05)
Y.2205
3.1.4
(2011-05) J.260
Q.1741.7 3.212
(2011-11)
X.400
15.2.4
(1999-06)
Y.2720
X.1152
3.3.14
3.2.7
(2009-01)
(2008-05)
X.830
3.8.1
(1995-04)
X.1193
3.2.11
(2011-10)
X.1500.1 3.1.3
(2012-03) X.660
X.525
3.4.9
X.1500.1 3.1.4
(2008-11)
(2012-03) X.660
X.811
X.811
3.15
5.1,5.1.1
(1995-04)
(1995-04)
X.1143
3.2.4
(2007-11)
X.1141
X.790
X.1051
3.2.43.
3.26
3.1.6
(2006-06)
(1995-11)
(2008-02)
E.107
3.3.
(2007-02)
X.800
3.3.43
(1991-03)
F.115
4.5
(1996-10)
H.235.0
3.14
(2005-09)
J.170
3(23)
(2005-11)
J.160
I.1.28
(2005-11)
J.93
3.18
(1998-03)
Y.140.1
3.7
(2004-03)
Y.2720
X.1252
3.3.15
6.48
(2009-01)
(2010-04)
X.1252
6.49
(2010-04)
X.1251
3.2.16
(2009-09)
X.805
6.8
(2003-10)
H.235.0
3.15
(2005-09)
X.1124
3.2.13.
(2007-11)
J.160
I.1.29
(2005-11)
X.509
3.4.41
(2008-11)
X.810
3.3.10
(1995-11)
J.170
3(24)
(2005-11)
X.1252
X.509
X.509
X.509
6.50
3.4.42
3.4.43
3.4.44
(2010-04)
(2008-11)
(2008-11)
(2008-11)
X.509
3.4.45
(2008-11)
X.509
3.4.46
(2008-11)
X.1089
3.2.11.
(2008-05)
T.411
3.164
(1993-03)
Y.2018
3.2.15
(2009-09)
Q.1741.7 3.213
X.400
15.4.3
(2011-11)
(1999-06)
X.400
B.93
(1999-06)
X.402
10.3.1.2.2 (1999-06)
X.402
10.2.1.1.2 (1999-06)
F.744
3.2.2
(2009-12)
X.1570
I.2 (f)
(2011-09)
X.1570
I.3.7
(2011-09)
X.1141
3.2.44.
(2006-06)
X.400
B.94
(1999-06)
F.440
G.6
(1992-08)
F.440
G.7
(1992-08)
X.400
15.4.4
(1999-06)
X.400
B.95
(1999-06)
X.402
10.3.1.4
(1999-06)
X.402
10.2.1.3
(1999-06)
X.400
B.96
(1999-06)
X.400
15.4.5
(1999-06)
X.400
B.97
(1999-06)
X.402
10.3.1.3
(1999-06)
X.402
10.2.1.2
(1999-06)
F.440
G.8
(1992-08)
F.440
G.9
(1992-08)
X.1252
X.803
6.51
3.8(2)
(2010-04)
(1994-07)
X.830
3.8.5
(1995-04)
X.803
3.8(3)
(1994-07)
X.830
3.8.6
(1995-04)
X.833
(1995-04)
X.830
3.8.7
(1995-04)
Q.1741.7 3.214
(2011-11)
X.1141
3.2.45.
Q.1742.9 3.35
X.1141
3.2.46.
(2006-06)
(2011-11)
(2006-06)
X.1570
I.3.2
(2011-09)
J.170
3(25)
(2005-11)
H.235.2
3.5
(2005-09)
X.1252
6.52
(2010-04)
X.1124
X.509
X.810
3.2.14.
3.4.47
3.3.11
(2007-11)
(2008-11)
(1995-11)
J.170
3(26)
(2005-11)
J.160
I.1.31
(2005-11)
X.509
3.4.48
(2008-11)
H.235.0
3.5
(2005-09)
J.170
3(27)
(2005-11)
J.160
I.1.32
(2005-11)
J.170
3(28)
(2005-11)
J.160
I.1.33
(2005-11)
H.235.0
3.16
(2005-09)
J.93
3.19
(1998-03)
X.843
3.11
(2000-10)
X.509
3.4.49
(2008-11)
X.843
3.12
(2000-10)
J.170
4.1(70)
(2005-11)
Q.1741.7 3.215
(2011-11)
Q.1741.7 3.216
(2011-11)
Y.140.1
3.8.
(2004-03)
M.3010
3.24
(2000-02)
Y.1901
3.2.28
(2009-01)
Q.1741.7 3.217
(2011-11)
Q.1741.7 3.218
(2011-11)
X.1031
(2008-03) E.800
3.1.1.
Q.1741.7 3.219
(2011-11)
X.902
11.2.3
(2009-10)
X.1192
3.2.13
(2011-05)
Q.1741.7 3.220
(2011-11)
Q.1742.9 3.36
(2011-11)
Q.1741.7 3.223
(2011-11)
Q.1741.7 3.224
(2011-11)
Q.1741.7 3.225
(2011-11)
Q.1741.7 3.226
(2011-11)
Q.1741.7 3.227
(2011-11)
Q.1741.7 3.228
(2011-11)
Q.1741.7 3.229
(2011-11)
X.1082
3.5.9.
(2007-11)
X.1082
3.5.10.
(2007-11)
Q.1741.7 3.231
(2011-11)
Y.1901
3.2.29
(2009-01)
X.743
3.7.15
(1998-06)
X.Sup11 3.2.6
(2011-09)
J.170
(2005-11)
4.1(75)
Q.1741.7 3.232
(2011-11)
H.235.9
(2005-09)
3.6
X.Sup11 3.2.7
(2011-09)
X.1500
Table I.6
(2011-04) RFC 6045
F.771
3.2.7
(2008-08)
X.1243
3.2.2
(2010-12)
X.1243
3.2.5
(2010-12)
X.1101
3.2.10
(2010-05)
X.813
3.4.12
(1996-10)
Q.1741.7 3.237
(2011-11)
X.1245
(2010-12)
3.2.5
Q.1741.7 3.238
J.170
4.1(77)
(2011-11)
(2005-11)
Q.1741.7 3.239
Q.1741.7 3.240
Q.1741.7 3.241
(2011-11)
(2011-11)
(2011-11)
Y.2012
(2010-04)
3.2.10
I.112
Q.1741.7 3.242
X.802
3.4.1
X.402
10.3.2.2
(2011-11) I.112
(1995-04)
(1999-06)
X.402
(1999-06)
10.2.7.1
Q.1742.9 3.37
Q.1741.7 3.245
(2011-11)
(2011-11)
X.1570
I.2 (g)
(2011-09)
X.1084
3.2.7.
(2008-05)
X.1252
6.53
(2010-04)
X.1500.1 3.1.5
(2012-03) X.660
Q.1741.7 3.244
Q.1742.9 3.38
(2011-11)
(2011-11)
Q.1741.7 3.246
(2011-11)
H.235.2
3.6
(2005-09)
X.842
(2000-10)
X.843
X.404
3.13
3.6.11
(2000-10)
(1999-06)
Q.817
(2001-01)
X.1500.1 3.1.6
(2012-03) X.660
X.660
3.5.17
(2011-07)
T.86
3.1.7
(1998-06)
X.1500.1 3.1.7
(2012-03) X.660
X.843
3.14
(2000-10)
X.1032
9.2.1
(2010-12)
X.1193
3.2.9
(2011-10)
X.902
8.13
(2009-10)
X.902
8.13
Q.1741.7 3.247
X.811
5.8.2
(2009-10)
(2011-11)
(1995-04)
Q.1741.7 3.248
Q.1741.7 3.249
(2011-11)
(2011-11)
Q.1741.7 3.250
(2011-11)
X.1500.1 3.2.4
(2012-03)
X.509
X.1141
3.4.50
3.2.47.
(2008-11)
(2006-06)
X.1250
3.9
(2009-09)
X.1252
6.54
(2010-04) Y.2720
Y.2720
X.1083
3.3.16
3.15.
(2009-01)
(2007-11)
Q.1742.9 3.39
(2011-11)
J.380.7
3.2.7
(2011-11)
X.1111
3.4.8.
(2007-02)
X.1111
3.4.9.
(2007-02)
Q.1741.7 3.251
X.800
A.2.5.2
(2011-11)
(1991-03)
X.400
15.2.2
(1999-06)
X.1090
3.2.7
(2011-05)
X.1253
8.3.1
(2011-09)
X.525
X.525
3.4.10
3.4.11
(2008-11)
(2008-11)
X.525
X.400
3.4.12
15.4.2
(2008-11)
(1999-06)
X.400
B.105
(1999-06)
X.402
10.3.1.2.3 (1999-06)
X.402
10.2.1.1.3 (1999-06)
X.1520
3.2.6
(2011-04)
X.1524
3.2.8
(2012-03)
X.800
3.3.44
(1991-03)
X.1252
X.402
6.55
D.5
(2010-04)
(1999-06)
M.3016
X.400
5
15.2.3
(1998-06)
(1999-06)
X.1083
3.16.
(2007-11)
X.400
B.107
(1999-06)
X.400
B.108
(1999-06)
X.400
B.109
(1999-06)
X.400
B.110
(1999-06)
X.1083
3.17.
(2007-11)
Q.1741.7 3.252
(2011-11)
X.1141
3.2.48.
(2006-06)
X.1252
6.56
(2010-04)
X.1250
3.8
(2009-09)
X.1570
I.2 (e)
(2011-09)
X.1192
3.1.12
Q.1741.7 3.254
(2011-05) H.264
(2011-11)
X.1311
X.1141
3.8.9
3.2.49.
(2011-02)
(2006-06)
X.1142
X.1141
3.2.33.
3.2.50.
(2006-06)
(2006-06)
X.1193
X.1083
3.1.33
3.18.
(2011-10) RFC3830
(2007-11)
X.1570
I.2 (c)
(2011-09)
X.744
3.7.5
(1996-10)
Y.1901
3.2.31
(2009-01)
Q.1741.7 3.255
(2011-11)
X.1570
X.814
X.814
3.2.2
3.4.5
3.4.7
(2011-09)
(1995-11)
(1995-11)
X.744
3.7.6
(1996-10)
X.1520
X.1524
X.1520
X.1524
3.2.7
3.2.9
3.2.9
3.2.10
(2011-04)
(2012-03)
(2011-04)
(2012-03)
X.1520
3.2.8
(2011-04)
X.1520
3.2.10
(2011-04)
I.113
X.1524
3.2.11
(2012-03)
X.1252
X.810
6.57
3.3.12
(2010-04) Y.2701
(1995-11)
X.810
3.3.13
(1995-11)
X.811
5.2.6.
(1995-04)
X.1275
3.2.7
(2010-12)
X.1275
3.2.8
(2010-12)
X.1275
3.1.2
(2010-12) ISO/IEC 19762-3
X.1275
X.1191
3.1.3
3.2.10
(2010-12) ISO/IEC 19762-3

(2009-02)
X.1195
3.1.4
(2011-02) X.1191
X.1193
3.1.34
(2011-10) X.1191
Y.1901
3.2.30
(2009-01)
X.1191
X.1195
X.1521
X.1055
3.2.11
3.1.5
3.2.5
6.2
(2009-02)
(2011-02) X.1191
(2011-04)
(2008-11)
X.Sup2
X.1055
X.1055
Q.1742.9
Q.1742.9
3.1.1
3.2.2
3.2.1
3.40
3.41
(2007-09) ISO/IEC 27001

(2008-11)
(2008-11)
(2011-11)
(2011-11)
Q.1742.9 3.42
(2011-11)
Y.2801
(2006-11) Q.1741.1
3.6
Q.1741.7 3.256
Q.1742.9 3.43
X.1034
8.1(d)
(2011-11)
(2011-11)
(2011-02)
M.3410
3.2.11
(2008-08)
X.1142
3.2.34.
(2006-06)
X.1141
3.2.51.
(2006-06)
X.1036
3.1.7.
(2007-02)
X.1252
6.58
(2010-04) ETSI TS 132 140

V6.3.0
X.1142
3.2.37.
(2006-06)
X.509
3.4.51
(2008-11)
X.1142
3.2.35.
(2006-06)
X.1142
3.2.36.
(2006-06)
X.509
3.4.52
(2008-11)
X.1570
I.2
(2011-09)
Y.2760
7.1
(2011-05)
J.170
3(29)
(2005-11)
J.160
I.1.34
(2005-11)
J.170
3(31)
(2005-11)
J.160
I.1.35
(2005-11)
X.800
3.3.45
(1991-03)
H.248.77 3.1.1
(2010-09) RFC 3550
X.1036
3.1.8.
(2007-02)
X.1142
X.1241
3.2.39.
3.2.7
(2006-06)
(2008-04)
X.800
3.3.46
(1991-03)
X.1142
3.2.40.
(2006-06)
X.1082
3.4.3.
(2007-11)
X.1082
3.4.1.
(2007-11)
X.1082
3.3.5.
(2007-11)
X.1141
3.2.52.
(2006-06)
X.1141
3.2.53.
(2006-06)
X.1241
3.2.8
(2008-04)
X.1520
3.2.12
(2011-04)
X.1520
3.2.11
(2011-04)
X.1081
3.2.11.
(2004-04)
X.1081
3.2.12.
(2004-04)
Y.1901
X.1191
3.2.32
3.2.13
(2009-01)
(2009-02)
X.1193
3.2.13
(2011-10)
X.1191
3.2.12
(2009-02)
Y.1901
10.3.1.2
(2009-01)
X.1191
3.2.14
(2009-02)
X.1195
J.96
J.96
3.2.1
3.1
3.1
(2011-02)
(2002-07)
(2002-07)
J.93
3.20
(1998-03)
X.1191
3.2.15
(2009-02)
X.1191
3.2.16
(2009-02)
Q.1741.7 3.258
(2011-11)
X.140
Q.1741.7 3.259
(2011-11)
X.140
Q.1741.7 3.260
(2011-11)
X.140
Q.1741.7 3.261
(2011-11)
X.140
Q.1741.7 3.262
(2011-11)
X.140
X.810
3.3.14
(1995-11)
X.803
3.8(4)
(1994-07)
X.841
3.6
(2000-10)
T.411
3.182
(1993-03)
T.411
Y.2801
3.183
6.2.2
(1993-03)
(2006-11)
Q.1741.7 3.263
(2011-11)
Y.2801
3.7
(2006-11)
X.1500.1 3.1.8
(2012-03) X.660
X.525
(2008-11)
3.4.13
X.1500.1 3.1.10
(2012-03) X.660
X.810
3.3.15
(1995-11)
Q.1741.7 3.264
(2011-11)
X.400
15.4.6
(1999-06)
X.400
B.114
(1999-06)
X.402
10.3.2
(1999-06)
X.402
10.2.2
(1999-06)
Q.1221
I.3.3.1.3
(1997-09)
X.1311
3.8.10
(2011-02)
X.1152
3.2.8
(2008-05)
X.272
12
(2000-03)
Q.815
3.7
(2000-02)
X.1111
3.4.1.
(2007-02)
X.810
3.3.24
(1995-11)
X.803
3.8(11)
(1994-07)
X.400
15.3.2
(1999-06)
X.1122
3.5.1.
(2004-04)
X.1151
3.11
(2007-11)
J.93
3.21
(1998-03)
J.95
4.21
(1999-09)
X.860
3.2.45
(1997-12)
X.1191
3.2.17
(2009-02)
Q.813
3.8
(1998-06)
Q.1741.7 3.265
(2011-11)
X.800
A.2.1
(1991-03)
X.1082
3.4.2.
(2007-11)
X.1141
3.2.54.
(2006-06)
Q.1741.7 3.266
(2011-11)
Y.140.1
Y.2703
3.9
3.2
(2004-03)
(2009-01)
X.810
3.3.16
(1995-11)
M.3410
3.2.12
(2008-08)
X.816
3.5.11
(1995-11)
X.736
3.8.1
(1992-01)
X.816
3.5.12
(1995-11)
X.1125
3.2.11.
(2008-01)
X.1125
3.2.12.
(2008-01)
Glos.
VI.3
(1988-00) ITU T&DEF DB
X.1141
X.803
3.2.55.
3.8(5)
(2006-06)
(1994-07)
X.802
3.4.3
(1995-04)
X.1193
3.1.39
(2011-10) RFC 3740
X.273
3.9.5
(1994-07)
X.274
3.2.6
(1994-07)
Y.1281
3.34
(2003-09)
X.802
3.4.2
(1995-04)
X.274
3.2.7
(1994-07)
J.112An
C
J.122
C3.1.96
(2002-02)
3.2.121
(2007-12)
X.800
3.3.47
(1991-03)
M.3016
6.1.2.6.2
(1998-06)
X.903
15.3
(2009-10)
X.816
3.5.14
(1995-11)
X.816
X.800
X.816
3.5.15
3.3.48
3.5.16
(1995-11)
(1991-03)
(1995-11)
X.810
3.3.17
(1995-11)
X.841
X.903
X.903
X.400
F.500
3.7
15.1.2
15.1.2
A.113
H.82
(2000-10)
(2009-10)
(2009-10)
(1999-06)
(1992-08)
X.810
3.3.18
(1995-11)
X.810
3.3.19
(1995-11)
X.803
3.8(6)
(1994-07)
X.1111
3.4.11.
(2007-02)
X.402
10.3.2.1
(1999-06)
X.411
8.1.1.1.1.3 (1999-06)
X.1141
3.2.56.
(2006-06)
Y.2760
X.412
3.2.3
7.2.3.5
(2011-05)
(1999-06)
X.402
10.3.2.1
(1999-06)
X.402
10.2.2.2
(1999-06)
X.273
3.9.3
(1994-07)
X.1031
3.1.2
(2008-03
X.1125
3.2.13.
(2008-01)
X.1125
3.2.14.
(2008-01)
X.1125
3.2.15.
(2008-01)
X.1124
3.2.20.
(2007-11)
X.805
(2003-10)
X.411
X.803
3.184
3.8(7)
(1999-06)
(1994-07)
X.810
3.3.20
(1995-11)
X.841
X.903
3.8
15.1.3
(2000-10)
(2009-10)
X.1123
3.2.10.
(2007-11)
X.1141
3.2.57.
(2007-04)
X.1252
6.60
M.3016
2.2
(2010-04) X.810 Y.2701

Y.2720
(1998-06) Y.2720
ISO/IEC TR
19791
Y.2701
3.2.6
(2007-04)
X.1162
3.2.3
(2008-05)
X.810
3.3.21
(1995-11)
X.741
3.11.1
(1995-04)
X.903
15.1.2
(2009-10)
X.1520
3.2.13
(2011-04)
X.1524
3.2.12
(2012-03)
X.402
10.3
(1999-06)
X.411
8.2.2.8
(1999-06)
F.500
B.6
(1992-08)
M.3410
X.803
3.2.13
3.8(8)
(2008-08)
(1994-07)
X.803
3.8 (10)
(1994-07)
X.803
3.8 (9)
(1994-07)
X.831
1.2, 6
(1995-04)
X.402
10
(1999-06)
X.901
8.8.4
(1997-08)
X.903
11
(2009-10)
X.1123
3.2.8.
(2007-11)
H.235.9
3.7
(2005-09)
E.409
X.810
X.841
1.2.3
3.3.22
3.9, 5.3
(2004-05)
(1995-11)
(2000-10)
X.841
3.10
(2000-10)
X.903
15.1.4
(2009-10)
Q.1721
13.92
(2000-xx)
T.411
3.185
(1993-03)
X.411
8.1.1.1.1.3 (1999-06)
X.800
3.3.49
(1991-03)
X.841
3.11
(2000-10)
X.402
10.3.6
(1999-06)
X.805
(2003-10)
X.1031
3.1.4.
(2008-03) X.805
X.1123
3.2.1.
(2007-11)
X.1089
3.2.12.
(2008-05)
Y.2740
X.400
3.2.1
15.2.3
(2011-01)
(1999-06)
M.3016
6.5
(1998-06)
M.60
2153
(1993-03)
X.402
10.3.7
(1999-06)
X.402
10.2.7
(1999-06)
M.3410
3.2.14
(2008-08)
X.1123
3.2.5.
(2007-11)
X.402
10
(1999-06)
X.1193
3.2.12
(2011-10)
X.805
(2003-10)
X.509
3.4.55
(2008-11)
X.800
3.3.50
(1991-03)
X.841
3.12
(2000-10)
T.411
3.186
(1993-03)
X.903
X.1141
15.1.1
3.2.58.
(2009-10)
(2006-06)
X.841
3.13, 6.2.1 (2000-10)
X.1121
3.2.10.
(2004-04)
X.810
X.1123
3.3.25
3.2.2.
(1995-11)
(2007-11)
X.411
H.235.0
8.2.2.8
3.17
(1999-06)
(2005-09)
X.810
3.3.23
(1995-11)
X.816
3.5.17
(1995-11)
X.802
3.4.4
(1995-04)
X.273
3.9.9
(1994-07)
X.800
3.3.51
(1991-03)
X.1123
3.2.6.
(2007-11)
X.402
10.2
(1999-06)
X.803
3.8(12)
(1994-07)
X.1032
3.2.1
(2010-12)
X.1032
8.2.3
(2010-12)
X.1032
8.2.2
(2010-12)
X.1253
8.4
(2011-09)
X.810
3.3.26
(1995-11)
X.1113
3.4.8.
(2007-11)
X.1253
7.2.5
(2011-09)
X.803
3.8(15)
(1994-07)
X.830
7.1
(1995-04)
X.1252
6.61
(2010-04) Y.2701
Y.2701
3.2.7
(2007-04)
X.816
3.5.13
(1995-11)
X.736
F.500
3.8.2
D k)
(1992-01)
(1992-08)
X.800
5.2.3.3
(1991-03)
X.800
5.2.4.3
(1991-03)
X.800
5.2.4.5
(1991-03)
X.800
3.3.52
(1991-03)
X.1252
X.509
6.63
3.4.56
(2010-04)
(2008-11)
X.509
3.4.57
(2008-11)
M.3345
3.2.2
(2009-05)
X.509
3.4.58
(2008-11)
X.1081
X.1243
3.2.13.
3.2.1
(2004-04)
(2010-12)
X.1243
3.2.4
(2010-12)
X.1101
3.2.11
(2010-05)
X.1245
3.2.6
(2010-12)
X.1142
3.2.38.
(2006-06)
F.744
X.509
3.2.3
3.4.53
(2009-12)
(2008-11)
X.800
3.3.53
(1991-03)
X.400
B.115
(1999-06)
Y.2221
3.2.1
(2010-01)
Y.2221
3.2.2
(2010-01)
F.744
3.2.4
(2009-12)
F.744
3.2.5
(2009-12)
F.744
3.2.6
(2009-12)
Y.2221
3.2.3
(2010-01)
X.1192
3.1.14
(2011-05) H.264
X.1206
X.1090
3.1.10
3.2.8
(2008-04)
(2011-05)
X.1113
3.4.9.
(2007-11)
X.1034
3.1.13
(2011-02) X.1151
X.1034
7.1(n)
(2011-02)
X.1151
3.12
(2007-11)
X.1151
3.13
(2007-11)
X.790
3.27
(1995-11)
X.1195
3.1.9
(2011-02) X.1191
X.1193
3.1.40
(2011-10) X.1191
Y.1901
3.2.33
(2009-01)
Y.2221
Y.2020
X.1191
3.2.4
3.1.10
3.2.19
(2010-01)
(2011-05) Y.2091
(2009-02)
Y.1901
9.2.4
(2009-01)
Y.1901
9.1.1.2
(2009-01)
Q.1741.7 3.267
(2011-11)
X.1124
(2007-11)
3.2.15.
Q.1741.7 3.268
(2011-11)
Q.1741.7 3.269
(2011-11)
Q.1741.7 3.270
(2011-11)
Y.2020
(2011-05) Y.2234
3.1.11
Y.2020
Y.2012
3.1.12
3.1.15
(2011-05) Y.2234
(2010-04) Q.1706
Y.2801
6.2.2
(2006-11)
Q.1741.7 3.271
(2011-11)
Y.2020
3.1.13
(2011-05) Y.2234
Y.2221
3.2.5
(2010-01)
Y.2020
3.1.14
(2011-05) Y.2234
Y.2801
6.2.2
(2006-11)
Y.2020
3.1.15
(2011-05) Y.2234
Q.1741.7 3.272
(2011-11)
X.1124
Y.140.1
3.2.16.
3.4.5.
(2007-11)
(2004-03)
Y.1901
Y.2702
3.1.9
3.
(2009-01) J.200
(2008-09)
Y.2020
3.1.16
(2011-05) Y.2234
M.3410
3.2.15
(2008-08)
Y.2801
6.2.1
(2006-11)
Y.2012
6.2
(2010-04) Y.1910
X.1191
3.2.18
(2009-02)
Y.1901
3.2.34
(2009-01)
Y.1901
10.3.2.5.2 (2009-01)
Y.1901
10.3.1.2.2 (2009-01)
X.1141
3.2.59.
(2006-06)
X.1123
3.2.3.
(2007-11)
X.1124
3.2.17.
(2007-11)
X.1089
3.2.13.
(2008-05)
X.Sup2
X.1191
3.2.7
3.1.23
(2007-09)
(2009-02) M.1400
Y.1901
3.1.10
(2009-01) M.1400
Y.1910
3.1.5
(2008-09) M.1400
X.790
3.28
(1995-11)
Y.2012
3.1.16
(2010-04) M.1400
X.1141
3.2.60.
(2006-06)
Q.1742.9 3.44
(2011-11)
H.530
3+4.6
(2002-03)
X.800
Q.1741.7
Q.1741.7
Y.2172
6.2.1.1
3.273
3.274
3.2
(1991-03)
(2011-11)
(2011-11)
(2007-06)
X.Sup9
X.742
3.2.5
3.7.1
(2011-09)
(1995-04)
X.1124
3.2.18.
(2007-11)
Q.1741.7 3.275
X.742
3.7.2
(2011-11)
(1995-04)
X.1124
3.2.21.
(2007-11)
Y.3001
3.2.3
(2011-05)
Q.1741.7 3.276
(2011-11)
X.805
7.2
(2003-10)
Y.2018
3.2.16
(2009-09)
Q.1742.9 3.45
(2011-11)
Q.1741.7 3.277
X.1141
3.2.61.
(2011-11)
(2006-06)
X.1141
X.1244
3.2.62.
3.2.11
(2006-06)
(2008-09)
J.170
4.1(85)
(2005-11)
Y.2760
7.1
(2011-05)
X.1113
3.4.10.
(2007-11)
X.1141
3.2.63.
(2006-06)
J.96
Q.1741.7
X.525
X.525
3.2.
3.278
3.4.14
3.4.15
(2002-07)
(2011-11)
(2008-11)
(2008-11)
X.525
3.4.16
(2008-11)
X.525
X.525
3.4.17
3.4.18
(2008-11)
(2008-11)
X.525
3.4.19
(2008-11)
X.525
3.4.20
(2008-11)
X.525
3.4.21
(2008-11)
X.1124
3.2.22.
(2007-11)
Q.1741.7 3.279
H.530
3+4.7
(2011-11)
(2002-03)
X.815
X.1242
X.1231
3.5.4
3.1.2
3.1.3
(1995-11)
(2009-02) ETSI TS 102 507
(2008-04)
X.1242
3.1.3
(2009-02) Q.1742.3
X.1231
3.2.6
(2008-04)
X.1242
3.2.2
(2009-02)
X.1242
3.1.4
(2009-02) ETSI ES 201 986
X.1121
3.2.2.
(2004-04)
Y.1901
3.2.35
(2009-01)
Q.1742.9 3.46
(2011-11)
J.170
4.1(83)
(2005-11)
J.170
4.1(84)
(2005-11)
X.800
3.3.54
(1991-03)
X.813
5.2
(1996-10)
X.813
5.2
(1996-10)
X.1141
X.1141
Q.1741.7
X.509
J.380.7
3.2.64.
3.2.65.
3.280
3.4.54
3.2.8
(2006-06)
(2006-06)
(2011-11)
(2008-11)
(2011-11)
X.1500
Table I.6
(2011-04)
Y.2722
6.9
(2011-01)
Y.2091
19
(2011-03) Y.2201
X.830
3.8.2
(1995-04)
J.170
X.1141
4.1(86)
3.2.66.
(2005-11)
(2006-06)
Y.1901
3.2.36
(2009-01)
X.1083
3.19.
(2007-11)
X.Sup9
3.2.6
(2011-09)
X.1242
X.1242
3.2.4
3.1.5
(2009-02)
(2009-02) ETSI TS 100 901
X.1242
3.1.6
(2009-02) ETSI TS 100 901
X.1242
3.1.7
(2009-02) ETSI TS 100 901
X.509
3.4.59
(2008-11)
X.1151
3.11
(2007-11)
X.1240
3.1
(2008-04)
X.Sup6
3.2
(2009-02)
X.Sup2
3.2.8
(2007-09)
X.1242
3.2.3
(2009-02)
E.800
X.1244
3.1.3.18
3.2.12
(2008-09)
(2008-09)
X.1244
3.2.13
(2008-09)
X.1245
X.1245
3.2.7
3.2.8
(2010-12)
(2010-12)
X.1240
X.1231
X.1244
X.1241
X.1244
3.2
3.2.7
3.2.14
3.2.9
3.2.15
(2008-04)
(2008-04)
(2008-09)
(2008-04)
(2008-09)
H.235.0
3.18
(2005-09)
E.800
3.1.3.19
(2008-09)
X.400
A.114
(1999-06)
X.841
3.14
Q.1741.7 3.281
(2000-10)
(2011-11) I.350
X.1244
X.1244
(2008-09)
(2008-09)
3.2.16
3.2.17
Y.2091
19
(2011-03) Y.2018
Y.2018
3.2.17
(2009-09)
X.660
3.5.24
(2011-07)
X.1191
3.2.20
(2009-02)
X.1207
3.2
(2008-04)
Q.1741.7 3.282
(2011-11)
H.248.77 3.1.2
(2010-09) RFC 3711
X.790
(1995-11)
3.29
X.1242
3.1.8
Q.1741.7 3.284
Y.2012
3.2.11
(2009-02) ETSI TS 100 901

(2011-11)
(2010-04)
X.509
X.1141
3.4.60
3.2.67.
(2008-11)
(2006-06)
X.1142
3.2.41.
H.248.81 3.2.1
(2006-06)
(2011-05)
X.1193
3.2.14
(2011-10)
X.400
B.130
(1999-06)
Q.1741.7 3.285
(2011-11)
X.525
3.4.22
(2008-11)
Q.1741.7 3.286
(2011-11)
Q.1741.7 3.287
(2011-11)
Y.1910
3.1.6
(2008-09) M.3050.1
Q.1221
I.4.3.4.3
(1997-09)
Y.1901
3.1.12
(2009-01) Q.1741.3
Q.1741.7 3.288
(2011-11)
Y.140.1
3.4.6.
(2004-03)
X.1124
3.2.23.
(2007-11)
Q.1741.7 3.289
(2011-11)
Y.1901
3.2.37
(2009-01)
X.1034
3.1.15
(2011-02) RFC 4017
Q.1741.7 3.290
X.1162
3.2.4
(2011-11)
(2008-05)
Y.1901
3.2.38
(2009-01)
Q.1741.7 3.291
(2011-11)
X.1034
3.1.16
(2011-02) RFC 4017
X.525
X.1082
3.4.23
3.3.3.
(2008-11)
(2007-11)
Q.1742.9 3.47
(2011-11)
X.811
3.16
(1995-04)
X.810
3.3.27
(1995-11)
X.743
3.7.16
(1998-06)
X.1090
3.2.9
(2011-05)
X.743
3.7.17
(1998-06)
X.910
X.902
6.6
6.5
(1998-09)
(2009-10)
Q.1741.7 3.292
(2011-11)
X.1141
3.2.68.
(2006-06)
X.803
3.8 (13)
(1994-07)
X.803
3.8 (14)
(1994-07)
X.1253
8.1
(2011-09)
X.1500
3.2.4
(2011-04)
X.680
F.771
3.8.63
3.2.8
(2008-11)
(2008-08)
F.771
6.2.1
(2008-08)
X.680
3.8.64
(2008-11)
X.680
X.1089
3.8.65
3.2.14.
(2008-11)
(2008-05)
X.1153
3.1.5
(2011-02) FIPS PUB 140-2
X.1153
3.1.6
(2011-02) FIPS PUB 140-2
X.1153
3.1.7
(2011-02) FIPS PUB 140-2
X.1191
3.2.21
(2009-02)
X.1311
3.8.11
(2011-02)
X.1082
3.5.1.
(2007-11)
X.1082
3.5.2.
(2007-11)
X.812
X.1142
3.4.23
3.2.42
(1995-11)
(2006-06)
Y.2018
3.2.18
(2009-09)
Q.1742.9 3.48
(2011-11)
X.1520
3.2.14
(2011-04)
X.1524
3.2.13
(2012-03)
J.170
4.1(88)
(2005-11)
X.1086
3.2.2.
(2008-11)
X.1500.1 3.2.5
(2012-03) X.660
X.660
3.5.26
(2011-07)
X.1089
3.2.16.
(2008-05)
X.1082
X.1082
3.2.8.
3.4.5.
(2007-11)
(2007-11)
X.1082
3.2.9.
(2007-11)
X.1082
3.4.4.
(2007-11)
X.1082
3.4.6.
(2007-11)
X.1082
3.2.7.
(2007-11)
X.1081
X.1089
3.2.14.
3.2.15.
(2004-04)
(2008-05)
X.1081
3.2.15.
(2004-04)
X.1081
3.2.16.
(2004-04)
Y.140.1
3.4.7.
(2004-03)
X.1032
3.2.2
(2010-12)
X.1032
8.2.1
(2010-12)
X.1051
3.1.12
(2008-02)
Q.1741.7 3.293
(2011-11)
X.1051
3.1.7
(2008-02)
X.1051
3.1.8
(2008-02)
X.1051
3.1.9
(2008-02)
X.1051
3.1.10
(2008-02)
Y.2205
3.1.2
(2011-05) E.TDR
I.112, I.210
M.3010
3.30
(2000-02)
X.1051
3.1.11
(2008-02)
X.1056
3.2.1
(2009-01)
X.1051
3.1.14
(2008-02)
M.3410
3.2.16
(2008-08)
X.1051
3.1.15
(2008-02)
X.1051
3.1.13
(2008-02)
Q.1741.7 3.294
(2011-11)
K.87
3.1.18
(2011-11)
K.84
(3.1.4)
(2011-01) RFC 2828
X.1034
3.1.17
(2011-02) ISO/IEC 8802-11
RFC 2828
Q.1742.9 3.49
(2011-11)
F.851
Q.1221
1.3.7
I.3.3.2.1
(1995-02)
(1997-09)
Y.1901
3.2.39
(2009-01)
X.1193
3.1.43
(2011-10) X.1191
Y.1901
3.2.40
(2009-01)
Y.2701
3.2.8
(2007-04)
Y.2091
16
(2011-03) Y.2201
X.1051
3.1.16
(2008-02)
Y.2801
6.2.1
(2006-11)
F.115
4.2
(1996-10)
F.852
3.9
(2000-03)
X.1250
3.11
(2009-09)
Q.1742.9 3.50
(2011-11)
Q.1742.9 3.51
(2011-11)
X.1524
3.2.14
Q.1741.7 3.295
Q.1741.7 3.296
(2012-03)
(2011-11)
(2011-11) F.703
X.1192
Y.1901
3.2.14
3.2.41
(2011-05)
(2009-01)
X.800
X.400
3.3.55
15.2
(1991-03)
(2007-04)
X.Sup3
3.1
(2008-04) ISO/IEC 13335-1
X.1521
K.87
3.2.6
3.3.4
(2011-04)
(2011-11)
K.84
(3.2.3)
(2011-01)
X.402
Annex D
(1999-06)
X.1570
I.3.5 (b)
(2011-09)
X.402
10
(1999-06)
X.402
10
(1999-06)
X.1082
3.3.1.
(2007-11)
X.1084
3.2.8b.
(2008-05)
Q.1741.7 3.297
(2011-11)
J.170
X.743
Y.1901
H.235.2
4.1(89)
3.7.18
3.2.42
3.7
(2005-11)
(1998-06)
(2009-01)
(2005-09)
X.842
7.1.1
(2000-10)
X.813
5.2
(1996-10)
X.842
7.1
(2000-10)
X.843
3.15
(2000-10)
X.811
3.17
(1995-04)
X.1141
3.2.69.
(2006-06)
X.790
3.30
(1995-11)
X.1082
X.1082
3.2.10.
3.2.11.
(2007-11)
(2007-11)
X.1082
3.2.12.
(2007-11)
M.3016
6.1.2.2
(1998-06)
X.1520
3.2.15
(2011-04)
X.1524
3.2.15
(2012-03)
Y.2012
3.2.12
(2010-04)
X.Sup11 7.5.1
(2011-09)
I.113
Q.1741.7 3.299
(2011-11)
X.1161
3.2.5
X.Sup10 3.2.1
(2008-05)
(2011-09)
Q.1742.9 3.52
(2011-11)
X.400
15.2.2
(1999-06)
X.800
3.3.56
(1991-03)
Q.1741.7 3.301
X.1161
3.2.6
X.800
3.3.57
(2011-11)
(2008-05)
(1991-03)
X.1500
Table I.3
(2011-04)
X.800
3.3.58
(1991-03)
Y.1901
10.3.1.5.4 (2009-01)
X.1191
3.2.22
(2009-02)
X.1192
6.1
(2011-05)
X.1090
3.2.10
(2011-05)
X.1192
3.2.15
(2011-05)
X.1090
3.2.11
(2011-05)
X.1090
X.1141
3.2.12
3.2.70.
(2011-05)
(2006-06)
F.703
Q.1741.7 3.302
(2011-11)
I.113
X.1152
3.2.9
(2008-05)
J.380.7
3.2.9
(2011-11)
Q.1741.7 3.303
(2011-11)
Q.1741.7 3.305
(2011-11)
Q.1741.7 3.306
(2011-11)
Q.1741.7 3.307
(2011-11)
Q.1741.7 3.308
Q.1741.7 3.309
(2011-11)
(2011-11)
Q.1741.7 3.310
(2011-11)
Q.1741.7 3.311
(2011-11)
Q.1741.7 3.313
(2011-11)
Q.1741.7 3.312
(2011-11)
Q.1741.7 3.314
(2011-11)
Q.1741.7 3.314
(2011-11)
Q.1741.7 3.315
(2011-11)
Q.814
3.4
(2000-02)
X.1500
Table I.6
(2011-04) RFC 6046
X.1083
3.20.
(2007-11)
J.93
X.800
3.22.
A.2.5.7
(1998-03)
(1991-03)
Y.1901
3.2.43
(2009-01)
X.800
A.2.5.8
(1991-03)
E.800
3.1.3.15
(2008-09)
X.790
3.31
(1995-11)
X.790
3.32
(1995-11)
X.790
3.33
(1995-11)
X.790
3.34
(1995-11)
X.790
3.35
(1995-11)
X.790
3.36
(1995-11)
X.790
X.790
X.680
X.509
3.37
3.38
3.8.66
3.4.61
(1995-11)
(1995-11)
(2008-11)
(2008-11)
X.810
3.3.28
(1995-11)
Y.2701
3.2.9
(2007-04)
X.1250
3.13
(2009-09)
Y.2720
3.3.17
(2009-01)
X.1252
6.64
(2010-04)
X.509
3.4.62
(2008-11)
M.3410
3.2.17
(2007-04)
X.1252
6.65
(2010-04)
H.235.2
3.8
(2005-09)
Y.2701
3.2.10
(2007-04)
X.810
3.3.29
(1995-11)
X.800
3.3.59
(1991-03)
X.1250
3.12
(2009-09)
X.1500
Table I.5
(2011-04)
X.1500
Table I.5
(2011-04)
X.810
3.3.30
(1995-11)
X.1252
6.66
X.842
(2010-04) X.800 X.810

Y.2702
(2000-10)
X.814
E.1.3
(1995-11)
Y.2701
3.2.11
(2007-04)
Y.2018
Y.2018
Y.2018
Y.1901
Q.1229
3.2.19
3.2.20
3.2.21
3.2.44
7.2.2.4.1.1
(2009-09)
(2009-09)
(2009-09)
(2009-01)
(1999-03)
X.680
X.1142
3.8.67
3.2.43.
(2008-11)
(2006-06)
F.771
Y.2221
I.1
3.2.6
(2008-08)
(2010-01)
Q.1741.7 3.316
(2011-11)
F.771
I.1
(2008-08)
M.3016
(2007-04)
X.1253
8.4.2
(2011-09)
X.1253
8.1.1
(2011-09)
Q.1742.9 3.53
(2011-11)
X.810
3.3.31
(1995-11)
X.1089
3.2.17.
(2008-05)
X.1193
3.2.16
(2011-10)
X.1193
3.2.15
(2011-10)
X.1500.1 3.1.12
X.1500.1 3.1.13
(2012-03) X.660
(2012-03) X.660
X.1500.1 3.1.14
(2012-03) X.660
G.780/
Y.1351
3.2.143
(2010-07)
X.811
5.2.4
(1995-04)
X.811
J.96
X.525
3.18
3.3.
3.4.24
(1995-04)
(2002-07)
(2008-11)
X.742
3.7.8
Q.1741.7 3.317
(1995-04)
(2011-11)
Y.1901
3.2.45
(2009-01)
F.851
1.3.10
(1995-02)
F.115
4.4
(1996-10)
Q.1741.7 3.318
(2011-11)
X.910
6.9
Q.1742.9 3.54
(1998-09)
(2011-11)
X.815
Y.2701
3.5.5
3.2.12
(1995-11)
(2007-04)
Q.1741.7 3.319
(2011-11)
F.851
3.2.20
(1995-02)
F.852
5.2.15
(2000-03)
F.852
5.1.1
(2000-03)
F.851
3.1.1
(1995-02)
F.852
5.1.2
(2000-03)
X.742
3.7.9
(1995-04)
Y.1901
3.2.46
(2009-01)
X.742
3.7.3
(1995-04)
X.742
3.7.4
(1995-04)
X.742
3.7.5
(1995-04)
X.742
3.7.7
(1995-04)
X.1034
7.1(h)
(2011-02)
M.3010
3.36
(2000-02)
Y.2701
3.1.2
(2007-04) Y.2091
X.1088
X.1084
X.1275
3.2.11.
3.2.11.
3.2.8a
(2008-05)
(2007-04)
(2010-12)
X.1252
6.67
(2010-04)
X.1051
3.1.17
(2008-02)
X.1090
X.1520
X.1524
Q.1741.7
3.2.13
3.2.16
3.2.16
3.321
(2011-05)
(2011-04)
(2012-03)
(2011-11)
X.500
3.5.3
Q.1741.7 3.322
(2008-11)
(2011-11) I.112
M.3016
X.1161
Q.1221
6.2.1.2
3.2.7
I.3.3.1.1
(1998-06)
(2008-05)
(1997-09)
Q.1711
4.10.2(b)
(1999-03)
X.1244
3.2.18
(2008-09)
X.1113
3.4.11.
(2007-11)
Q.1741.7 3.323
(2011-11)
X.1244
3.2.19
(2008-09)
Y.2091
16
(2011-03) Y.2201
Y.2701
F.500
Y.2012
X.1191
3.2.13
H.104
3.1.17
3.2.23
(2007-04)
(1992-08)
(2010-04) Y.2011
(2009-02)
Y.1901
3.2.47
(2009-01)
Q.1741.7 3.324
(2011-11)
X.Sup11 3.2.8
(2011-09)
X.1570
I.3.1
(2011-09)
X.1113
3.4.12.
(2007-11)
X.1123
3.2.9.
(2007-11)
X.1243
3.2.8
(2010-12)
X.1124
3.2.24.
(2007-11)
X.400
B.134
(1999-06)
X.1252
6.68
(2010-04)
X.1251
3.2.17
(2009-09)
X.1253
7.1.2
(2011-09)
Y.2012
6.2
(2010-04)
Y.2221
3.2.7
(2010-01)
Y.2221
Y.2221
3.2.8
3.2.9
(2010-01)
(2010-01)
X.744
3.7.7
(1996-10)
Q.1741.7 3.326
(2011-11)
Q.1741.7 3.327
(2011-11)
Q.1741.7 3.328
(2011-11)
Q.1741.7 3.329
X.815
3.5.6
X.744
3.7.8
(2011-11)
(1995-11)
(1996-10)
X.1122
3.5.3.
(2004-04)
X.680
X.680
3.8.71
3.8.72
(2008-11)
(2008-11)
X.680
3.8.73
Q.1741.7 3.332
(2008-11)
(2011-11)
Q.1741.7 3.333
(2011-11)
X.1252
6.69
(2010-04)
X.811
3.19
(1995-04)
X.811
3.20
(1995-04)
X.814
X.1151
E.1.2
3.14
(1995-11)
(2007-11)
X.1084
3.2.8c.
(2008-05)
X.1088
3.2.9.
(2008-05)
X.1252
X.1151
7 (73)
3.15
(2010-04)
(2007-11)
X.1570
I.3.7(a)
(2011-09)
Y.2801
6.2.3
(2006-11)
X.1191
3.2.24
(2009-02)
X.1082
3.5.3.
(2007-11)
I.113
Y.1910
3.2.7
(2008-09)
Y.1901
3.2.48
(2009-01)
X.1082
3.5.4.
(2007-11)
X.902
3.2.7
(2009-10)
Q.1741.7 3.334
(2011-11)
Q.1741.7 3.335
(2011-11)
E.800
3.1.3.13
(2008-09)
X.1244
3.2.20
(2008-09)
H.530
4.8
(2002-03)
X.1124
3.2.25.
(2007-11)
Y.2801
3.8
(2006-11)
Q.1742.9 3.55
(2011-11)
Q.1741.7 3.336
(2011-11)
Q.1742.9 3.56
(2011-11)
X.Sup11 3.2.9
X.Sup11 3.2.10
(2011-09)
(2011-09)
X.Sup11 3.2.11
(2011-09)
X.Sup11 7.5.1
(2011-09)
X.Sup11 6.2
X.1034
7.1(a)
(2011-09)
(2011-02)
X.800
(1991-03)
A.2.1
X.Sup3
X.1500
X.1206
3.3
3.2.5
3.1.11
(2008-04) ISO/IEC 13335-1

(2011-04) X.800
(2008-04)
X.1520
3.2.17
(2011-04) X.1500
X.1524
3.2.17
(2012-03) X.1500
K.87
K.84
X.1570
3.3.5
(3.2.4)
I.3.5 (a)
(2011-11)
(2011-01)
(2011-09)
X.1570
I.3.4
(2011-09)
X.1034
7.1(j)
(2011-02)
X.1034
7.1(i)
(2011-02)
X.1500
3.2.6
(2011-04)
X.1524
3.2.18
(2012-03)
J.380.7
3.2.10
(2011-11)
X.1143
(2007-11)
X.1082
3.2.5.
(2007-11)
X.1245
3.2.9
(2010-12)
F.771
6.1.7
(2008-08)
Y.1901
3.2.49
(2009-01)
Q.1741.7 3.338
(2011-11)
E.800
3.1.3.14
(2008-09)
J.170
3(30)
(2005-11)
J.160
I.1.38
(2005-11)
Y.2801
X.1141
3.9
3.2.71.
(2006-11) G.992.3
(2006-06)
X.1141
3.2.72.
(2006-06)
X.893
3.1.(d)
(2007-05) X.891
Term
Abbreviation
2D
2G
3D
3DES
3DES
3G
3G
3GPP
3GPP2
3GPP-2
A
a, b, e, d
AA
AAA
AAA
AAA protocol
AAC
AAHA
AAIC
AARL
ABG-FE
ABMF
AC
AC
AC
AC
ACC
ACF
ACI
ACK
ACL
ACRL
ACTR
ACS
ACS
ACS
ACSE
ACSP
ACTR
AD
ADDMD
ADF
ADI
ADSL
ADSL
ADSP
AE
AEF
AES
AES
AF
AFI
AICOB
AGC-FE
AG-FE
AGW
AH
AI
AI
AAIC
AID
AIS
AKA
AKA
AKI
AKMP
ALE
ALG
ALG
ALM
AMF
AMF
AM-FE
AMG-FE
A-MMCF
AMP
AMR
AN
AN-FE
ANI
ANI
ANI
ANMS
ANOC
ANSI
AP
AP
APD
APDU
APEC
APEC TEL
API
API
APL-GW-FE
APL-SCM-FE
APNIC
App
APP-FE
APP-SA
ARF
APR
APS
APS
AQM
AR
ARC
ARF
ARF
AR-FE
ARIN
ARJ
ARP
ARQ
ARS
AS
AS
AS/WS
ASA
ASAP
ASC
ASC
ASCII
ASCM-FE
ASD
ASE
ASF
ASF
ASF&SSF
AS-FE
ASIC
ASN
ASN.1
ASO
ASP
ASP
ASUP-FE
ATM
ATM
AT
AU
Au
AuC
AuF
AUTC
AUTOSEVOCOM
AUTZ
AV
AV
AVC
AVL
B2B
B2BUA
B2C
B2C
BC
BCA
BCA
BCP
BCRL
BDB
BDC
BE
BEEP
BES
BFP
BGCF
BGC-FE
BioAPI
BioAPI
BIP
BIR
BISS
BIT
BMS
BNG
BPC
BPI+
BPU
BRAS
BRJ
BRQ
BS
BS
BSC
BSE
BSF
bslbf
BSP
BSR
BSS
BSS
B-TID
C
C&C
CA
CA
CA
CA
CA
CA
CAC
CAC
CACS
CAF
CAM
CAN-SPAM
CAO
CAP
CAPEC
CARL
CAS
CAS
CASF
CASF
CAT
CATV
CATV
CAVE
CB
CBC
CBC
CBEFF
CBEFF
CBR
CBR
CC
CCA
CCC
CCE
CCF
CCR
CCTV
CD&LCF
CD&LC-FE
CD&SF
CDC-FE
CDF
CDMA
CDN
CDN
CDP-FE
CDR
CDR
CEE
CEEE
CEF
CEK
CERT
CERT
Cert
CERT/CC
CFB
CFB
cFD
CGCM-FE
CGF
CGI
CGK
CGNA-FE
CGPD-FE
CGPE-FE
CGPM
CGSC-FE
CHAP
CHn
CHV
CI
CIICS
CIM
CIM
CIPM
CIR
CIRT
CK
CK
CK
CL
claim AI
CLEC
cLink
CM
CM
CMC
CME
CMIP
CMIS
CMISE
C-MMCF
CMP
CMS
CMS
CMS
CMTS
CN
CN
CNM
CNP
CNSA
CNv_AUTHCAP
CO
CO
COA
Conf
COPS
COPS
CORBA
CoS
COS
COS
CoT
CP
CP
CP
CP/C
CPE
CPE
CPF
CPN
CPR-FE
CPS
CPU
cPVR
CR
CR
CRF
CRL
C-RNTI
CRR
CRS
CRS
CRSAP
CS
CS
CS
CSA
CSA
CSB
CSB
CSCF
CSCF
CSC-FE
CSE
CSI
CSIRT
cSN
CSO
CSP
CSP
CSP
CSP
CSP
CSPP
CSV
CT
CTA
CTB
CTF
CTP
CTP
CTR
CVE
CVSS
CW
CW
CWE
CWSS
CYBEX
CYIQL
DAC
DAM
DAP
DASECOM
DB
DBE
DBMS
DCA
DCCP
DCE
DCN
dCRL
dCRL
DDDS
DdoS
DDoS
DDoS
DDoS
DES
DeviceID
DF
DH
DHA
DHB
DHCP
DHCP
DIB
DIC
DIIF
DIOA
DISA
DISP
DIT
DKIM
DLEC
DLL
DMA
DMA
DMD
DMI
DMTF
DMZ
DN
DNG
DNGF
DNS
DNS
DNS
DOCSIS
DOP
DoS
DoS
DQoS
DRC
DRC1
DRM
DRS&F
DS-3
DSA
DSA
DSA
DSB
DSCP
DSD
DSE
DSG
DSL
DSLAM
DSN
DSNG
DSP
DSS
DS-TE
DTLS
DTMF
DTMF
DTMF
DTMF
DTMF
DTS
DTS
DUA
DVB
DVBSTP
DVD
DVMPR
E
E1
E2
E3
EAA
EAC
EAC
EAG
EAL
EAN
EAP
EAP-TLS
EAP-TLS
EARL
EAS
EAS
ECB
ECB
ECC
ECC and EC
EC-FE
ECG
EC-GDSA
ECKAS-DH
ECMs
ECN
ECP
EDGE
EDI
EDS
EF
EF
EF-FE
EFT/B
EIT
EKAG
EKBH
EKE
EKGH
EM
Email
EMC
EMI
EML
EMM
EMMs
EMS
EMSEC
EMSEC
EMSK
E-MTA
ENCk(x)
ENCK; S, IV(M)
EN-FE
ENI
ENISA
ENNI
env_key
EOFB
EOFB
EP
EPG
EPID
EPRL
ESC
ESD
ESM
ESMTP
ESP
ESP
ESS
ESSID
ESW
ET
ETH
eTOM
ETS
EUD
EUD
EUT
E-UTRAN
EVC
EVCERT
EV-DO
EW
F8
FA
FAR
FB
FC
FC
FCAPS
FCAPS
FCC
FD
FDD
FDDI
FDF
FDFr
FDN
FE
FEC
FF
FFS
FG
FGS
FID
FIRST
fLink
FLUTE
FM
FMC
FMD
FMR
FN
FOA
FP
FPLMTS
FPP
FQDN
FRA
FRCP
FRR
FS
FT
FTA
FTA
FTC
FTP
FTS
FTTX
FU
FW
G2C
G3
G3Fax
G4
ga, gb
GAA
GBA
GBA
GCA
GCAF
GCF
GCI
GCKS
GDMO
ge, gd
GERAN
GGSN
GII
GIOP
GK
GKID
GKID
GKM
GM
GMC
G-MPLS
GNM
GPRS
GPRS MS
GPS
GRJ
G-RNTI
GRQ
GSC-FE
GSM
GSS
GSS
GSSBI
GTP
GUI
GUID
GULS
GW
gx, gy
HA
HAS
H-ASC
HAVi
HAZMAT
HBAC
HBE
H-BE
HCF
HCPN
HD
HD_A
HD_B
HD_C
HDC-FE
HDD
HDF
HDR
HE
HE-AAC
HEMP
HE-VASP
HFC
H-GK
HGW
HGWC-FE
HLEG
HLR
HLF
HLR
HMAC
HMAC
HMAC
HMAC
HMAC
HMAC-SHA1
HMACZ
HMIPv6
HN
H-NAC
HN-TD
HOB
HOV
HPEM
HR
HS
H-SCS
HSDPA
HSS
HSS
HT
HTML
HTML
HTTP
HTTP
HTTPS
HTTPS
HTTPS
HTTPS
HTTPS
HTTPS
HV
I
IA
IA
IaaS
IAC-ID
IAD
IAI
IANA
IATP
IBC-FE
IBGC-FE
IBG-FE
IBIA
Ic
IC
IC
Ica
ICC
ICMP
ICN
ICN security
incident
iCRL
ICRU
ICS
ICT
ICT
ICT
ICT
ICT
ICV
Ics
ICS
I-CSCF
I-CSC-FE
I-CSC-FE
ID
Id
ID
ID
ID
ID
ID
IDA
IdA
IDB
ID-FF
IDL
IdM
IdMCC-FE
IdP
IdP Lite
IDPS
IDR
IdS
IDS
IDS
IdSP
IDV
ID-WSF
IEC
IEEE
IEEE
IEMI
IEPS
IETF
IGCS
IGMP
IGS
IHS
IIOP
IK
IKE
IKE
ILO
IM
IM
IM
IMAP4
IMEI
IMPI
IMPI
IMPU
IMS
IMS
IMS
Imsg
IMSI
IMSI
IMT-2000
IMUN
IN
INAP
Ind
INNI
INSEC
IODEF
IOR
IP
IP-CAN
IP-CAN bearer
IPCGF
IPM
IPS
IPSec
IPSec
IPsec
IPSEC
IPsec
IPTV
IPTV
IPTV TD
IPv4
IPv6
IR
IR
IRA
IRA
IRC
IrDA
IRI
IRP
IRT
IS
ISAC
ISAKMP
ISAKMP
ISC
ISCO
ISDN
ISec
ISIM
ISIM
ISIM
ISIRT
ISMF
ISMG
ISMS
ISMS-T
ISO
ISP
ISR-ID
ISSA
ISSO
ISTP
ISUP
ISV
IT
ITA
ITF
ITF
ITSEC
ITSP
ITUEHP
ITU-T
IUT
IV
IVR
IVR
IW
IWF
I-WLAN
IWSCE-FE
IXIT
JEAG
JIDM
Jini
JVN
K
KAB
KAG
KB
KBH
KDC
KDC
KDR
KEMAC
KGH
KMF
KPSP
KPT
KPU
KRA/EA
KS
Ks
KSAG
KSBH
KSGH
Ksp
KSSP
KST
KSU
KT
Kt
KU
L1
L1
L2
L2
L2HCF
L2HE-FE
L2TP
L3HCF
L3HEF
LABR
LAC
LAES
LAN
LAP
LC
LCF
LcsDB
LDAP
LDAP
LDAP
LF
LF
LLA
LMC
LNS
LR
LRJ
LRQ
LS
LSA
LSB
lsb
LSP
LTE
LUAD
LV
Lx
Ma
MA
MAAWG
MAC
MAC
MAC
MAC
MAC(k, x)
MAEC
MAHO
MAID
MAPDU
MAXSECOM
MBMS
MC
MC
MC
MC
MCC
McCPF
MCF
McRf
MCU
MCS
MCS
MCS
MD
MD5
MD5
MDF
MDF
MDN
ME
Me
ME
MEC
MEHO
ME-SA
META
MExE
MExE
MF
MF
MFD
MG
MGC
MGCF
MGC-FE
MGCP
MHS
MIB
MIC
MIC
MICS
MIDS
MIKEY
MIKEY
MIM
MIME
MIN
MIP
MIP
MIPv4
MIPv4
MIPv6
MIPv6
MITM
MK
MKI
MLD
MLD
MLM-FE
MLM-FE(C)
MLM-FE(P)
MLPP
MM
MMA
MMC
MMCF
MMDS
MMI
MMPS
MMR
MMS
MMS
MN
MNC
MNE
MNO
MO
MOBIKE
MOC
MOCS
MOSPF
MOSS
MPEG
MPLS
MPLS
MPLS
MPLS-TE
MPM
MPS
MPS
MPS
MR
MRB-FE
MRC-FE
MRCS
MRF
MRFC
MRP
MRP-FE
MS
MS
MS
MS
MS
MSB
msb
MSB
MSC
MSC
MSC-G
MSCM
MSISDN
MSISDN
MSISDN
MSISDN
MSISDN
MSK
MSL
MSO
MSOS
MSOS-US
MSP
MSS
MSSP
MT
MT
MTA
MTA
MTA
MTA
MTK
MTN
MTNM
MTOM
MTS
MTTM
MTU
MU
MUI
MV
MVD
N/A
NA
NA
NAC
NAC
NACF
NACF
NAC-FE
NAC-FE
NAF
NAK
NAL
NAP
NAPT
NAPT
NAPTR
NAS
NAS
NAT
NBE
NC
n/cPVR
NCS
ND
N-D
NDAC
NDP
NE
NE/MS
NEBS
NEF
NEL
NF
NGN
NGN-SIDE
NHOB
N-I
NIC
NID
NID
NID-FE
NIR-FE
NML
NMS
NNI
NNI
NNI
NNP
NOAA
NOC
NP
NPDU
NPF
NPPS
nPVR
NRA
NSA
NSAP
NSDU
NSIS
NSIW-FE
NSP
NSSR
NT
NTDD
NTP
NTPv3
NV pair
NVD
NVL pair
NVS pair
OAM&P
OAM&P
OAM&P
OAM&P
OAM&P
OAM&P
OAMP
OAMP
OASIS
OCF
OCN
OCSP
ODMA
ODP
ODUk
OECD
OED
OEM
OFB
OFB
OID
OID
OID
OID-IRI
OLC
OLT
OMCI
OMG
ONT
ONU
OP25B
OP25B
ORB
OS
OS
OSA
OSA
OSE
OSF
OSI
OSI
OSP
OSP
OSS
OSS
OSS
OSVDB
OTN
OTP
OTT
OTT DB
OVAL
P2P
P2P
P2P
P2P
P3P
PAA
PaaS
PaC
PAC
PAC
PA-DSS
PAK
PAK
PANA
PAOS
PAP
PAP
PBAC
PBNM
PC
PCC
PCI DSS
PCIM
PCIMe
PCS
P-CSCF
P-CSC-FE
PDA
PDA
PDCA
PDF
PD-FE
PDG
PDN
PDN
PDP
PDP
PDR
PDU
PEAP
PE-FE
PEP
PER
PES
PES
PF
PFS
PFS
PGP
PHB
PHY
PIA
PIA
PIB
PICS
PID
PID
PII
PIM
PIN
PIP
PIXIT
PK
PK
PKC
PKC
PKCS
PKCS
PKCS
PKD
PKE
PKI
PKINIT
PKIX
PLD
PLMN
PLMN operator
PLU
PM
PMI
PMIPv6
PMK
PMK
PMP
PMT
POA
POAS
POC
POC
PON
POP
POP
POP3
POSIX
POTS
POTS
PP
PP
PPII
PPK
PPP
PPPoE
PPS
PPS
PPS
PPS
PPV
PRDMD
PRF
PRF
PS
PS
PSAP
PSE
PSK
PSK
PSK-TLS
PSTN
PTK
PTM
P-TMSI
PTN
PTNO
PTO
PTP
PTR
PTR
PUC
PUI
PV
PVC
PVR
PW
PW
Q&A
QAM
QoE
QoS
QoSM
R1
R&R
RA
RA
RACF
RACF
RACF
RACF
RAC-FE
RADIUS
RAN
Rand
rand()
RAS
RAS
RAS
RAS
RASF
RBAC
RBAC
RBAC
RBL
RBL
RBL
RC
RC
RCAI
RCF
RDF
RDN
REGAUT
REL
Req
REQ
RES
ReSA
RESu
RF
RF
RFC
RFC port
RFID
RFID
RFID
RFID
RG
RGF
RID
RIP
RIPE
RKS
RL
RLC/MAC
RLF
RLP
RLP
RMA
RMCP
RM-ODP
Rmsg
RMT
RNC
RNS
RNTI
ROA
ROC
ROC
RoE
RP
RP
RPC
RPH
RPH
RPLMN
RPS
RRC
RRJ
RRP
RRQ
RSA
RSA
RSA
RSA
RSA
RSA
RSA
RSA
Rsp
RSVP
RSVP
RT
RTCP
RTCP
RTCP
RTCP
RTO
RTP
RTP
RTP
RTSP
RTSP
RuBAC
RVM
Rx
S/MIME
S&C
SA
SA
sa
SA
SA
SAA-FE
SaaS
SADS
SAFER
SAGE
SAID
SAID
SAL
SAME
SAML
SAN
SANSW
SAP
SAP
SAS
SAS
SASET
SASET
SASF
SASF
SASL
SAS-S
SAS-US
sb
SBC
SBSC
SC
SC
SC
SC&CDF
SC&DF
SCA
SCAP
SCATANA
SCF
SCF
SCF
SCF
SCI
SCI
SCI
SCI
SCK
SCM
SCM
SCM-FE
SCN
SCP
SCP
SCP-B
SCP-EE
SCP-FE
SCP-IX
SCR-FE
SCTP
SCS
SCS
S-CSCF
S-CSC-FE
SD
SDA
SDB
SD-FE
SDH
SDL
SDO
SDO
SDP
SDSE
SDS-FE
SDU
SEC
SEC
SEI
SEI
SEISMED
SEPM
SEQ
SEPP
SER
SESE
SET
SEVOCOM
SG
SG
SGF
SG-FE
SGR
SGSN
SGW
SEISMED
SEPP
SESE
SET
SEVOCOM
SHA
SHA1
SHA1
SHA-1
SHA-1
SHE
SHG
SHS
SI
SI
SI
SI
SI
SID
SIM
SIM
SIM
SIO
SIP
SIP+
SKI
sl
SLA
SLAG
SLF
SL-FE
SLN
SM
SM
SM MO
SM MT
SMA
SMAE
SMAP
SMAPM
SMASE
SMATV
SME
SM-FE
SMI
SMIB
SML
SMO
SMPP
SMS
SMS
SMSC
SMTP
SN
SN
SN
SNC
SNCP
SNFr
SNI
SNI
SNMP
SNMPv3
SNTP
SO
SOA
SoA
SOA
SOA
SOAP
SOAP
SOC
SOF
SONET
S-OSF
SP
SP
SP
SP
SP
SP
SP-Domain
SP Lite
SP1
SPA
SPAI
SPAR
SPDF
SP-Domain
SPEF
SPE-FE
SPEKE
SPF
SPF
SPI
SPIF
SPIM
SPIM
SPIT
SPKI
SPS
SPS
SQL
SQL
SR
SR
SRF
SR-FE
SRNC
S-RNTI
SRTCP
SRTP
SRTCP
SRTP
SRTP
SRTP
SRTP
SS
SS
SS7
SS7
SSA
SSC
SSC
SSCU
SSD
SSF
SSF
SS-FE
SSFM
SSFS
SSH
SSID
SSID
SSL
SSL
SSL
SSM
SSO
SSO
SSO
SSOS
SSRC
SSRC
SSS
ST
STA
STA
STASE
STB
STP
STS
STT
SUB
SuM
SUP-FE
SUS
SVC
SVIP
SVS
SW
SWNO
T
TA
TAA-FE
TACACS
TAI
TAUT
TBA
TCA
TCAC
TCAP
TCAPP
TCP
TCP
TCP/IP
TCT
TD
TD
TD
TD
TDD
TDM
TDM
TDM
TDR
TDR
TE
TE-BE
TE-BE
TEK
TEM
TEOS
TF
TF
TFCI
TFI
TFIN
TFP
TFTP
TGK
TGS
TI
TIA
TIK
TK
TK
TKIP
TL1
TLDN
TLM-FE
TLP
TLS
TLS
TLS
TLS-CERT
TLSP
TLS-PSK
TLV
TLX
TMG-FE
tML
TMM
TMN
TMN
T-MPLS
TMSI
Tn
TNC
TNSS
TP
TP
TPM
TPM
TRC-FE
TRE-FE
TRIP
TS
TS
TS
TSA
TSAP
TSM
TSN
TSP
TSP
TSP
TSSR
TTLS
TTP
TTP
TTP
TTP
TTR
TTS
TTX
TUP-FE
TV
TVS
TWM
Tx
UA
UAI
UAUT
UCC
UCC
UCI
U-D
UDDI
UDP
UE
UFATN
UGC
UI
U-I
UICC
UICC
UID
UID
UID
UII
UIM
uimsbf
ULS
UMF
UML
UMTS
UN/ISDR
UNG
UNI
UNI
UNI
UNI
UPA
UPnP
UPS
UPT
UPTN
URA
URD
URI
URL
URN
U-RNTI
URS
USA
USB
UserID
USI
USIM
USIM
USIW-FE
USMM
USN
UT
UTC
UTC
UTC
UTF
UTF-8
UTRA
UTRA-FDD
UTRAN
UTRA-TDD
UUID
UUID
UUIM
V
VA
VAM
V-ASC
VASP
V-BE
V-BE
VBI
VC
VC
VCI
VCR
VDSL
VDU
VESA
V-GK
VHE
VHO
VLAN
VLF
VLR
V-NAC
VoD
VoD
VoIP
VoIP
VP
VPI
VPLS
VPN
VPWS
VR
V-SCS
VSO
VSP
VSPPS
VSP-RBL
VSPS
VT
W
W3C
WAG
WAN
WAS
W-CDMA
WCDMA
WDM
WebDAV
WEP
Wi-Fi
WiMAX
WLAN
WLAN
WLAN
WLAN UE
WM
WMAN
WMN
WPA
WPAN
WPS
WS
WS
WSDL
WSF
WSG
WSH
WSN
WSS
WT
WTLS
X || Y
XACML
XAPI
XCCDF
xDSL
xDSL
xDSL
xDSL
XKMS
XML
XML
XML
XOR
XPath
XRES
XSD
XSLT
XT
ZZ
ZZAB
ZZMT
ZZn
Explanation of the abbreviation

Bitwise XOR
Two Dimensional
Second Generation
Three Dimensional
Triple DES
Triple Data Encryption Standard
3rd Generation
Third Generation
3rd-Generation Partnership Project
3rd Generation Partnership Project 2
3rd-Generation Partnership Project 2
Availability Impact
private DH key of EP A, EP B, GK E, GK D
Attribute Authority
Authentication, Authorization, Accounting
Authentication, Authorization, and Accounting
authentication, authorization and accounting protocol
authentication and access control
awaiting action higher authority
accounting authority identification code
Attribute Authority Revocation List
Access Border Gateway Functional Entity
Account Balance Management Function
Access Complexity
Attribute Certificate
authentication center
Authorization Center
Access Control Certificate
Admission Confirm
Access Control Information
ACKnowledgement
Access Control List
Attribute Certificate Revocation List
Average Call Traffic Rate
Access Control Server
Auto-Configuration Server
Auto Calling System
Association Control Service Element
Application and Contents Service Provider
average call traffic rate
Authorized Domain
Administration Directory Management Domain
Access Control Decision Function
Access Control Decision Information
Asymmetric Digital Subscriber Line
Asymmetrical Digital Subscriber Loop
Author Domain Sending Practices
Authentication Extension
Access Control Enforcement Function
Advanced Encryption Algorithm
Advanced Encryption Standard
Application Function
authority and format identifier

authentication, identification, collaboration
Access Gateway Control Functional Entity
Application Gateway Functional Entity
Access Gateway
Authentication Header
Adapted Information
Authentication Information
accounting authority identification code
Alarm Identifier
Alarm Indication Signal
Authentication and Key Agreement
Authentication Key Agreement
Authority Key Identifier
Authentication and Key Management Protocol
Annualized Loss Expectancy
Application Layer Gateway
Application Level Gateway
Alarm notification
authentication management field
authentication management function
Access management functional entity
Access Media Gateway Functional Entity
MMCFs as they relate to the network providing access to the UE and to the lower tunnel end-point
Asset Management Process
Adaptive Multi-Rate
Access Network
Access Node Functional Entity
Application Network Interface
Application to Network Interface
Application-to-Network Interface
Access Node Management System
authorized notice of change
American National Standards Institute
Authentication Proxy
Access Point
Active Position Down
application-protocol-data-unit
Asia-Pacific Economic Cooperation
Asia-Pacific Economic Community Telecommunication and Information Working Group
Application Program Interface
Application Programming Interface
Application GateWay Functional Entity
Application Service Coordination Manager Functional Entity
Asia Pacific Network Information Centre
Application
Application Provisioning Functional Entity
Application process security associations
Assessment Results Format
Active Position Return
Automatic Protection Switching
Automatic Protection Switch
Active Queue Management
Availability Requirement
Alarm Reporting Control

Assessment Results Format
Asset Reporting Format
Access Relay Functional Entity
American Registry for Internet Numbers
Admission Reject
Address Resolution Protocol
Admission Request
Automated Response System
Application Server
Authorization Server
Application Server/Web Server
Alarm Severity Assignment
Alarm Severity Assignment Profile
Application Service Control
application service controller
American Standard Code for Information Interchange
Application Service Coordination Manager Functional Entity
application-specific data
application-service-element
Application Support Functions
Anti-Spam Functions
Application Support functions and Service Support functions
Application Support Functional Entity
Application-Specific Integrated Circuit
Access Service Network
Abstract Syntax Notation One
application-service-object
application service (provider)
Application Service Provider
Application Support User Profile Functional Entity
Asynchronous Transfer Mode
Automatic Teller Machine
terminal authentication algorithm
user authentication algorithm
Authentication
Authentication Center
Authentication Function
authentication service feature
automatic secure voice network
authorization *code
Access Vector
Authentication Vector
Attribute Value Change notification
Asset Value Level
Business to Business
Back-to-Back User Agent
Business to Consumer
Business-to-Customer
Biometric Certificate
Biometric Certificate Authority
Biometric Certification Authority
Business Continuency Plan
Biometric Certificate Revocation List
Biometric Data Block

biometric device certificate
Border Element
Blocks Extensible Exchange Protocol
Back-end Server
Biometric Function Provider
Breakout Gateway Control Function
Breakout Gateway Control Functional Entity
Biometric Application Program Interface
Biometric Application Programming Interface
BioAPI Interworking Protocol
Biometric Information Record
Basic Interoperable Scrambling System
Biometric Information Template
Business Management System
Broadband Network Gateway
Biometric Policy Certificate
Baseline Privacy Interface Plus
Biometric Processing Unit
Broadband Remote Access Server
Bandwidth Reject
Bandwidth Request
Backspace
Base Station
Base Station Controller
Backup Status Event notification
Bootstrapping Server Function
Bit String, Left Bit First
Biometric Service Provider
Base Station Server
Basic Service Set
Business Support System
Bootstrapping Transaction Identifier
Confidentiality Impact
Command and control
Call Agent.
Certificate Authority
Certification Authority
Conditional Access
Conditional Access System
certification authorities
Call Admission Control
Connection Admission Control
Conditional Access Client Software
Charging and Accounting Functions
Conditional Access Module
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (U.S.)
communication authorization order
Common Alerting Protocol
Common Attack Pattern Enumeration and Classification
Certification Authority Revocation List
Conditional Access System
Core Anti-Spam
core ASF
Core Anti-Spam Functions

Conditional Access Table
Cable Television
Community Antenna TeleVision
Cellular Authentication and Voice Encryption
Citizen Band
Cipher Block Chaining
Cipher-block chaining mode (CBC mode)
Common Biometric Exchange File Format
Common Biometric Exchange Formats Framework
Call Barring Rate
call blocking rate
Common Criteria
country certification authority
Cyber Clean Center
Common Configuration Enumeration
Charging Collection Function
Coverage Claim Representation
Closed-Circuit Television
Content Distribution and Location Control Function
Content Distribution & Location Control Functional Entity
Content Delivery and Storage Function
Content Delivery Control Functional Entity
Content Delivery Functions
Code Division Multiple Access
Content Delivery Network
Content Distribution Network
Content Delivery Processing Functional Entity
Call Duration Rate
Collateral Damage Potential
Common Event Expression
Common Event Expression Exchange
Content Encryption Function
Content Encryption Key
Computer Emergency Response Teams
Computer Emergency Response Team
digital certificate (see RFC 3830)
CERT Coordination Center
Cipher Feedback
Cipher Feedback mode
component Flow Domain
CPN Gateway Configuration and Management Functional Entity
Charging Gateway Function
Common Gateway Interface
CK Generation Key
CPN Gateway Network Attachment Functional Entity
CPN Gateway Policy Decision Functional Entity
CPN Gateway Policy Enforcement Functional Entity
General Conference on Weights and Measures (Confrence Gnrale des Poids et Mesures)
CPN Gateway Service Control Functional Entity
challenge handshake authentication protocol
Challenge number n
Card holder verification information
Characteristic Information
CORBA-based Interface Implementation Conformance Statement

Common Information Model
cryptographic information management
International Committee for Weights and Measures (Comit International des Poids et Mesures)
Charging Information Record
Computer Incident Response Team
Cipher Key
Ciphering Key
Content Encrypting Key
ConnectionLess
claim authentication information
Competitive Local Exchange Carrier
component Link
Cable Modem
Counter Mode
Certificate Management over CMS
Conformant Management Entity
Common Management Information Protocol
Common Management Information Services
Common Management Information Service Element
MMCFs as they relate to the mobile subscriber's home network and to the upper tunnel end-point
Certificate Management Protocol
Call Management Server.
Cryptographic Message Syntax
Cryptographic Message Syntax
Cable Modem Termination System
Common Name
Core Network
Customer Network Management
Client to Network Protocol
Contact Network of Spam Authorities (European Union)
CNv authentication capabilities
Central Office
Connection-Oriented
certificate of authenticity / digital certificate
Confirmation
Common Open Policy Service
Common Open Policy Service protocol
Common Object Request Broker Architecture
Class of Service
Common Object Services
Current Operational Status
Circle of Trust
Connection Point
Contents Provider
Content Protection
CallProceeding-to-Connect
Common Platform Enumeration
Customer Premises Equipment
Content Provider Function
Customer Premises Network
Content Preparation Functional Entity
certification practice statement
Central Processing Unit
Client PVR
Carriage Return
Confidentiality Requirement
Common Result Format
Certificate Revocation List
Cell radio network temporary identity
Call Recipient Rate
CACS Remote Renewable Security System
Correlative Reacting System
Correlative Reacting System Application Protocol
Circuit-Switched
Clear Screen
Crypto Session
Common Scrambling Algorithm (DVB)
communications service authorization
Crypto Session Bundle (see RFC 3830)
Crypto Session Bundle
Call Session Control Function
Call Session Control Function
Call Session Control Functional Entity
communication security establishment
Common Secure Interoperability
Computer Incident Response Team
component SubNetwork
chief security officer
cable security portal
cloud service provider
Communications Service Provider
Cryptographic Service Provider
IPCable2Home security portal
Countering Spam Peering Protocol
Certified Server Validation
ClearToken
ClearToken for endpoint A (see H.235.4)
ClearToken for endpoint B (see H.235.4)
Charging Trigger Function
Connection Termination Point
Connectivity Termination Point
Counter Mode (see NIST SP 800-38A)
Common Vulnerabilities and Exposures
Common Vulnerability Scoring System
Continuous Wave
Control Word
Common Weakness Enumeration
Common Weakness Scoring System
Cybersecurity Information Exchange
Cybersecurity Information Query Language
Discretionary Access Control
DECT authentication module
Directory Access Protocol
data security communication
Database
Domain Border Element
Database Management System
dynamic channel allocation

Data Congestion Control Protocol
Distributed Computing Environment
Data Communication Network
delta-CRL
Delta Certificate Revocation List
Dynamic Delegation Discovery System
Distributed Denial of Service
Distributed Denial of Service
Distributed Denial-of-Service
Distributed Deny of Service
Data Encryption Standard
Device Identity
dedicated file
Diffie-Hellman
DH half-key of endpoint A
DH half-key of endpoint B
Dynamic Host Configuration Protocol
Dynamic Host Control Protocol
Directory Information Base
Digital Identity Client
Digital Identity Interchange Framework
Distributed Interface-Oriented Architecture
Direct Inward System Access
Directory Information Shadowing Protocol
Directory Information Tree
Domain Keys Identified Mail
Data Local Exchange Carrier
Data Link Layer
Dedicated Multicast Agent
Direct Memory Access
Directory Management Domain
Definition of Management Information
Distributed Management Task Force
Demilitarized Zone
Distinguished Name
Delivery Network Gateway
Delivery Network Gateway Function
Domain Name Server
Domain Name Service
Domain Name System
Data-Over-Cable Service Interface Specification
Directory Operational Binding Management Protocol
Denial of Service
Denial-of-Service
Dynamic Quality of Service
Direct-Routed Call
Direct-routed Call (see H.235.4)
Digital Rights Management
disaster recovery, security and fraud management
Digital Signal level 3
data subscriber authentication
Digital-Signature-Algorithm
Directory System Agent
dedicated security device

DiffServ Code Point.
Dedicated Security Device
DSA-Specific Entry
DOCSIS Set-Top box Gateway
Digital Subscriber Line
Digital Subscriber Line Access Multiplexer
Delivery Status Notification
Digital Satellite News Gathering
Directory System Protocol
Digital Signature Standard
DiffServ-Aware MPLS-Traffic Engineering
Datagram Transport Layer Security
Dial Tone Multi Frequency
Dual Tone Multi-Frequency
Dual Tone Multiple Frequency
Dual-tone Multi Frequency (tones)
Dual-Tone Multi-Frequency
Digital Theatre System
Distributed Time Service
Directory User Agent
Digital Video Broadcasting
Digital Video Broadcast Service discovery and selection Transport Protocol
Digital Versatile Disk
Distance Vector Multicast Routing Protocol
Exploitability Impact
Early time high altitude electromagnetic pulse electric field
Intermediate time high altitude electromagnetic pulse electric field
Late time high altitude electromagnetic pulse electric field
entity authentication assurance
entity authentication centre
Entity Authentication Centre
External Application Gateway
Evaluation Assurance Level
Emergency Alert Notification
Extensible Authentication Protocol
Extensible Authentication Protocol - Transport Layer Security
Extensible Authentification Protocol - Transport Layer Security
End-entity Attribute certificate Revocation List
Emergency Alert System
Weather radio and the Emergency Alert System
Electronic Code Book
Electronic Codebook
Elliptic Curve Cryptography (ECC)
Elliptic Curve Cryptosystem (see section 8.7 of ATM Forum Security Specification Version 1.1). A
public-key cryptosystem.
Elementary Control Functional Entity
Electrocardiogram
Elliptic curve digital signature with appendix analog of the NIST Digital Signature Algorithm (DSA)
Elliptic Curve Key Agreement Scheme Diffie-Hellman. The Diffie-Hellman key agreement scheme
using elliptic curve cryptography
entitlement control messages
Explicit Congestion Notification
Enhanced Client/Proxy
enhanced data GSM environment

electronic data interchange
Enterprise Directory Service
Elementary File
Expedited Forwarding
Elementary Forwarding Functional Entity
Electrical Fast Transient/Burst
encoded information type
The encryption key shared between EP A and GK G
The encryption key shared between EP B and GK H
Encrypted Key Exchange
The encryption key shared between GK G and GK H
ElectroMagnetic
Electronic Mail
ElectroMagnetic Compatibility
ElectroMagnetic Interference
Element Management Layer
Entitlement Management Message
entitlement management messages
Element Management System
electromagnetic emanations security
ElectroMagnetic emanation SECurity
Extended Master Session Key
Embedded Muti-terminal adapter
Encryption of X using key k
EOFB Encryption of M using secret key K and secret salting key S and initial vector IV
Edge Node Functional Entity
ETS National Implementation
European Network and Information Security Agency
External Network-Network Interfaces
Envelope key (RFC 3830) between endpoint B and endpoint A
Enhanced OFB mode
Enhanced Output Feedback Mode
Endpoint
Electronic Program Guide
Endpoint Identifier
End-entity Public-key certificate Revocation List
H.245 EndSessionCommand
Entity Subscription Database
Enterprise Security Management
Extended Simple Mail Transfer Protocol
Encapsulating Security Payload
IPSec Encapsulating Security
Extended Service Set
Extended Service Set Identifier
Encrypted Session Word
Emergency Telecommunications
Ethernet Layer Network
Enhanced Telecom Operations Map
Emergency Telecommunications Service
end user device
End-User Device
Equipment Under Test
Evolved UMTS Terrestrial Radio Access Network
Extended Validation Certificates

Extended Validation Certificate
Evolution Data Optimized
Early Warning
UMTS Encryption Algorithm
Foreign Agent
false accept rate
Functional Block
flow control
Functional classes
Fault, Configuration, Accounting, Performance, and Security
Fault, Configuration, Accounting, Provisioning, and Security management
Federal Communications Commission (U.S.)
Flow Domain
Frequency Division Duplex
Fibre Distributed Data Interface
Flow Domain Flow
Flow Domain Fragment
Full Distinguished Name
Functional Entity
Forward Error Correction
Form Feed
For Further Study
Functional Group
Fine Granularity Scalability
file identifier
Forum of Incident Response and Security Team
fibre Link
File Delivery over Unidirectional Transport
Fault Management
Fixed-Mobile Convergence
Filtered Messages Database
False Match Rate
Future Network
flexible (call) origination authorization
Flow Point
Future Public Land Mobile Telecommunication Systems
Flow Point Pool
Fully Qualified Domain Name. (Refer to IETF RFC 821 for details.)
Functional Requirements and Architecture
Frame Relay Compression and Privacy Protocol
false reject rate
Further Study
File Transfer
flexible (call) termination authorization
Free To Air
Federal Trade Commission (U.S.)
File Transfer Protocol
File Transfer Status notification
Fibre-To-The-X
Functional Unit
Firewall
Government to Consumer
Group 3
Group 3 Facsimile Type

Group 4
Diffie-Hellman half-key of EP A, EP B
Generic Authentication Architecture
Generic Bootstrap Architecture
Generic Bootstrapping Architecture
general certification authority
Global Certificate Authority Forum
Gatekeeper Confirm
Gateway Communication Interface
Group Controller and Key Server
Guidelines for the Definition of Managed Objects
Diffie-Hellman half-key of GK E, GK D
GSM/EDGE Radio Access Network
Gateway GPRS Support Node
Global Information Infrastructure
General Interoperability Protocol
Gatekeeper
Visited Gatekeeper identifier
Gatekeeper Identifier
Group Key Management
multicast Group Member
Group and Membership Control
Generalized Multi-Protocol Label Switching
General Network Model
General Packet Radio Service
An MS capable of GPRS services
Global Positioning System
Gatekeeper Reject
GERAN radio network temporary identifier
Gatekeeper Request
General Services Control Functional Entity
Global System for Mobile communications
General Security Service
generic security service
Generation of Security Service Billing Information
GPRS Tunnelling Protocol
Graphical User Interface
Globally Unique IDentifier
generic upper layer security
Gateway
Diffie-Hellman half-key of GK G, GK H
Home Agent
Home Application Server
Home ASC
Home Audio/Video Interoperability
Hazardous Materials
History-based Access Control
HeartBeat Event notification
home border element
Handover Control Functions
Hybrid Circuit/Packet Network
High Definition
Type A device
Type B device
Type C device
Handover Decision and Control Functional Entity
Hard Disk Drive
Handover Decision Function
MIKEY header payload (see RFC 3830)
home environment
High-Efficiency Advanced Audio Coding
High-altitude ElectroMagnetic Pulse
home environment value-added service provider
Hybrid Fibre Coax
Home GK
Home GateWay
Home GateWay Configuration Functional Entity
high-level experts group on cybersecurity
Home Location Register
Home Location Function
Home Location Register
Hash function based MACs
Hashed Message Authentication Code
Keyed-Hash Message Authentication Code
Hash Message Authentication Code (HMAC)
keyed-hashing for message authentication
Hashed Message Authentication Code with Secure Hash Algorithm 1
Key Hashed message authentication code/response with shared secret Z, if Z is not shown then the
next-hop secret is applied
Hierarchical Mobile IP for IP version 6. See [b-IETF RFC 4140].
Home Network
Home NAC
Home Network Terminal Device
Hierarchical Operational Binding
Handover
High Power ElectroMagnetic
Home Resource
Home Subject
Home SCS
High Speed Downlink Packet Access
Home Subscriber Server
Home Subscriber System
Horizontal Tabulation
HyperText Markup Language
Hypertext Markup Language
HyperText Transfer Protocol
Hypertext Transfer Protocol
HTTP over SSL
HTTP Secure
Hypertext Transfer Protocol over Secure Socket Layer
Hypertext Transfer Protocol Secure
Secure HyperText Transfer Protocol
Secure HyperText Transfer Protocol (HTTP over SSL)
High Voltage
Integrity Impact
Interactive Agent
International Alphabet
infrastructure as a service
Interim Authentication Check Identifier
Integrated Access Device
Issuers ACs Identifiers
Internet Assigned Numbers Authority
Interactive Agent Transfer Protocol
Interconnection Border Gateway Control Functional Entity
Interconnection Border Gateway Control Functional Entity
Interconnection Border Gateway Functional Entity
International Biometric Industry Association (http://www.ibia.org)
CRS communication Interface between SCA and SCS
Integrated Circuit
Integrated Circuit
Interface between SCA and other SAS
Integrated Circuit Card
Internet Control Message Protocol
Information and Communication Networks
information and communication networks security incident
Indirect Certificate Revocation List
International Commission on Radiation Units and Measurement
implementation conformance statement
information and communication technologies
Information and Communication Technologies
Information and Communication Technology
Information and Communications Technology
Inter Call Time
Integrity Check Value
CRS communication Interface between SCS and NAC/ASC
Implementation Conformance Statement
Interrogating Call Session Control Function
Interrogating Call Session Control Functional Entity
Interrogating Call Session Control Functional Entity
Identification
Identification or identifier
Identifier
Identifier
Identity
Identity - as defined by the network, service, or entity being accessed
Identity or Identifier
Identity (i.e., endpoint ID) of endpoint A
Identity Assurance
Identity (i.e., endpoint ID) of endpoint B
Identity Federation Framework
Interface Definition Language
Identity Management
IdM Coordination and Control Functional Entity
Identity Provider
Identity Provider Lite
Intrusion Detection and Prevention Systems
Instantaneous Decoding Refresh
Identity Server
Intrusion Detection System
Intrusion Detection Systems
Identity Service Provider

Identity Verifier
Identity Web Services Framework
International Electrotechnical Commission
Institute of Electrical & Electronics Engineers
Institute of Electrical and Electronics Engineers
Intentional ElectroMagnetic Interference
International Emergency Preference Scheme
Internet Engineering Task Force
Interactive Gateway system for Countering Spam
Internet Group Management Protocol
Identify Graphic Subrepertoire
incident handling system
Internet Interoperability Protocol
Integrity Key
Internet Key Exchange
A notation defined to refer to the use of IKE with pre-shared keys for authentication.
International Labor Organization
Instant Messaging
Instant Message
IP Multimedia
Internet Message Access Protocol v4
International Mobile Equipment Identity
IP Multimedia Private user Identity
IP Multimedia Private Identity
IP Multimedia Public User identity
Internet Protocol Multimedia Subsystem
IP Multimedia Service
IP Multimedia Subsystem
MIKEY message of the initiator (see RFC 3830)
International Mobile Station Identity
International Mobile Subscriber Identity
International Mobile Telecommunications-2000
international mobile user number
Intelligent Network
Intelligent Network Application Protocol
Indication
Internal Network-Network Interface
in-codestream security marker
Incident Object Description Exchange Format
Interoperable Object Reference
Internet Protocol
IP-connectivity access network
IP-connectivity access network bearer
Inter-Provider Charging Gateway Function
Intra-Prediction Mode
Intrusion Prevention System
IP Security Protocol
Internet Protocol Security.
IP Security
IP SECurity protocol
Internet Protocol Security
Internet Protocol Television
IP Television
Internet Protocol Television Terminal Device

Internet Protocol version 4
Internet Protocol version 6
Infrared
Integrity Requirement
Impulse Radiating Antenna
International Registration Authority
Internet Relay Chat
Infrared Data Association
Internationalized Resource Identifier
Integration Reference Point
Incident Response Team
Information system
Information Sharing and Analysis Centre
Internet Security Association and Key Management Protocol
Internet Security Association Key Management Protocol
IMS Service Control
International Standard Classification of Occupations
Integrated Services Digital Network
Information Security Department
IP Multimedia Services Identity Module
IMS Subscriber Identity Module
IMS-SIM
Information Security Incident Response Team
Information Security Management Framework
Internet Short Message Gateway
Information Security Management System
ISMS Requirements for Telecommunications
International Organization for Standardization (www.iso.int)
Internet Service Provider
Interim Service Request Identifier
International Social Security Association
information system security officer
Internet Signaling Transport Protocol
ISDN User Part
Independent Software Vendor
Information Technology
International Telegraph Alphabet
IPTV Terminal Function
Internet Protocol Television Terminal Functions
Information Technology Security Evaluation Criteria
Internet Telephony Service Provider
ITU-T E-Health Protocol
International Telecommunication Union Telecommunication Standardization Sector
Implementation Under Test
Initialization Vector
Interactive Voice Response
Interactive Voice Response System
Interworking
Interworking Function
interworking WLAN
InterWorking with Service Creation Environments Functional Entity
Implementation Extra Information for Testing
Japan Email Anti-abuse Group (Japan)
Joint Inter-Domain Management

Java Intelligent Network Infrastructure
Japan Vulnerability Notes
Dynamic session/link key
The encryption key shared between EP A and EP B
Shared secret (H.235.1, H.235.3) between EP A and GK G
Knowledge Base
Shared secret (H.235.1, H.235.3) between EP B and GK H
Key Distribution Center
Key Distribution Centre
Key Derivation Rate
MIKEY KEMAC payload message (see RFC 3830)
Secret, secret (H.235.1, H.235.3) between GK G and GK H
Key Management Function
public service provider authentication key (public key schemes)
public terminal authentication key (public key schemes)
public user authentication key (public key schemes)
key recovery authority/escrow authority
Salting Key in EOFB mode
shared Key between SS and EAC
Secret, shared salting key between EP A and GK G
Secret, shared salting key between EP B and GK H
Secret, shared salting key between GK G and GK H
shared Key between SS and SP
secret service provider authentication key (public key schemes)
secret terminal authentication key (public key schemes)
secret user authentication key (public key schemes)
terminal authentication key (secret key schemes)
denote Key for session communication
user authentication key (secret key schemes)
Layer 1 (of the Open Systems Interconnection model the physical layer)
Layer one, i.e. physical layer
Layer 2 (of the Open Systems Interconnection model the data link layer)
Layer two, i.e. data link layer
Layer 2 Handover Control Function
Layer 2 Handover Execution Functional Entity
Layer 2 Tunnelling Protocol
Layer 3 Handover Control Function
Layer 3 Handover Execution Function
lowest authentication bit rate
L2TP Access Concentrator
Lawfully Authorized Electronic Surveillance
Local Area Network
London Action Plan
Link Connection
Location Confirm
Local Countering Spam Database
Light Weight Directory Access Protocol
Lightweight Directory Access Protocol
Light-weight Directory Access Protocol
Line Feed
Link Flow
Logical Layered Architecture
Local Mobility Controller
L2TP Network Server

Location Reject
Location Request
Location Server
localized service area
Least Significant Byte
Least Significant Bit
Label Switched Path
Long Term Evolution
Liberty enabled User Agent or Device
Low Voltage
Layer number
MIKEY authentication key (see RFC 3830)
Multicast Agent (including HA and FA)
Messaging Anti-Abuse Working Group
Mandatory Access Control
Media Access Control
Medium Access Control
Message Authentication Code
Keyed MAC on x using key k
Malware Attribute Enumeration and Characterization
mobile assisted handoff
Multicast Agent IDentifier
Management Application Protocol Data Unit
maximum security communications
Multimedia Broadcast / Multicast Service
Management Centre
Message Centre
Multicast Controller
Multipoint Controller
mobile country code
Multicast Control Point Functional block
Media Control Function
Multicast Replication Functional block
Multipoint Control Unit
Management Conformance Statement
Management Conformance Summary
Multicast Contents Server
Message Digest
Message Digest 5.
Message Digest algorithm 5
Media Distribution Function
Main Distribution Frame
Mobile Directory Number
Managed Element
MIKEY encryption key (see RFC 3830)
Mobile Equipment
mechanism
mobile evaluated handover
Managed Element Security Association
Message Enhancements for Transmission Authorization
Mobile station application Execution Environment
Mobile Execution Environment
master file
Mediation Function
Matrix Flow Domain
Media Gateway
Media Gateway Controller.
Media Gateway Control Function
Media Gateway Control Functional Entity
Media Gateway Control Protocol.
Message Handling System
Management Information Base
Message Integrity Check
Message Integrity Code
Management Information Conformance Statement
Management Information Definition Statement
Multimedia Internet Keying
Multimedia Internet KEYing
Man-in-the-middle
Multipurpose Internet Mail Extensions
Mobile Identification Number
Mobile Internet Protocol
Mobile IP
Mobile IP for IP version 4. See [b-IETF RFC 3220]
Mobile IPv4
Mobile IP for IP version 6. See [b-IETF RFC 3775]
Mobile IPv6
Man-in-the-middle Attack
Master Key
Master Key Identifier
Multicast Listener and Discovery
Multicast Listener Discovery protocol
Mobile Location Management Functional Entity
An instance of the MLM-FE performing the Central mobile location management role.
An instance of the MLM-FE performing the proxy mobile location management role
Multi Level Precedence and Pre-emption
Mobility Management
Mobile Multicast Agent
Mobile Multicast Communications
Mobility Management and Control Functions
Multichannel Multipoint Distribution Systems
Man-Machine Interface
Multimedia Priority Service
Mobility Management Requirements
Multimedia Message Service
Multimedia Messaging Service
Mobile Node
mobile network code
Managed Network Element
Mobile Network Operator
Managed Object
IKEv2 Mobility and Multihoming Protocol. See [b-IETF RFC 4555]
Managed Object Class
Managed Object Conformance Statement
Multicast Open shortest Path First
minimum operating security standards
Moving Picture Expert Group

Multi Protocol Label Switching
Multi-Protocol Label Switching
Multiprotocol Label Switching
MPLS Traffic Engineering
Management of Performance Measurement
Mobile Payment System
Multimedia Priority Service
Multiple Payload Stream
Multicast-enabled Router
Media Resource Broker Functional Entity
Media Resource Control Functional Entity
Managed Relationship Conformance Statement
Multicast Replication Function
Multimedia Resource Function Controller
Mobility Routing Proxy
Media Resource Processing Functional Entity
Management System
Management System; any EMS, NMS, or OSS
Media Server
Mobile Station
Multiplex Section
Most Significant Bit
Most Significant Bit
Most Significant Byte
Mobile Switching Centre
Mobile-services Switching Centre
gateway MSC
Mobile Service Commercial Messages
Mobile Station Integrated Services Digital Network
Mobile Station International ISDN Number
Mobile Station International ISDN Number(s)
Mobile Subscriber Integrated Service Director Number
Mobile Subscriber ISDN number
Master Session Key
Management of Security Level
Multiple System Operator
Mobile Station Operating System
Mobile Station Operating System Updating Server
managed security provider
managed security services
Managed Security Service Provider
Mobile Terminal
mobile terminated/termination
Mail Transport Agent
Media Terminal Adapter.
Message Transfer Agent
Mail Transfer Agent
MBMS Traffic Key
Multi-Technology Network
Multi-Technology Network Management
Message Transmission Optimization Mechanism
Message Transfer System
Multi-Technology Telecommunications Management
Maximum Transmission Unit

Mobile Unit
Management of User Information
Medium Voltage
Motion Vector Difference
Not Applicable
naming authority
notary authority
Network Access Control
Network Access Controller
Network Attachment Control Function
Network Attachment Control Functions
Network Access Configuration Functional Entity
Network Access Control Functional Entity
Network Application Function
Negative AcKnowledgement
Network Abstract Layer
Network Access Point
Network Address and Port Translation
Network Address Port Translation
Naming Authority PoinTeR
Network Access Server
Non-access-stratum
Network Address Translation
Network Border Element
Network Connection
Network and Client PVR
Network Call Signaling
Not Defined
Network security controls - Dependent on UNI
Non-Discretionary Access Control
Neighbor Discovery Protocol
Network Element
NE or MS
Network Equipment Building Systems
Network Element Function
Network Element Layer
Network Flow
Next Generation Network
NGN Service Integration and Delivery Environment
Non-specific Hierarchical Operational Binding
Network security controls - Independent from UNI
Network Interface Card
Network Interface Device
Networked ID
Network Information Distribution Functional Entity
Network Information Repository Functional Entity
Network Management Layer
Network Management System
Network to Network Interface
Network-Network Interface
Network-to-Network Interface
Network to Network Protocol
National Oceanic and Atmospheric Administration
Network Operations Center

Network Provider
Protocol Data Unit
NAPT Proxy Function
NID PII Protection Service
Network PVR
national regulatory authority
Non-Service Affecting
Network Service Access Point
network service data unit
Next Steps in Signalling
Network Signalling Interworking Functional Entity
Network to Server Protocol
Non-specific Subordinate Reference
Network Termination
narrow TDD
Network Time Protocol
NTP version 3
Name/Value pair with name being a string and with a "name=value" semantics
National Vulnerability Database
Name/Value pair with value being a list of strings
Name/Value pair with value being a string
Operation Administration Maintenance and Provision
Operation, Administration, Maintenance and Provisioning
Operations Administration Maintenance and Provisioning
Operations, Administration, Maintenance & Provisioning
Operations, Administration, Maintenance, and Provisioning
Operations, Administration, Management and Provisioning
Operations, Administration, Maintenance and Provisioning
Operate, Administer, Maintain, and Provision
Organization for the Advancement of Structured Information Standards
Online Charging Function
Object Creation Notification
Online Certificate Status Protocol
Open Distributed Management Architecture
Open Distributed Processing
Optical Channel Data Unit k
Organization for Economic Co-operation and Development
Oxford English Dictionary
Original Equipment Manufacturer
Output FeedBack
Output Feedback Mode
Object Identifier
Object IDentifier
Object Identification
OID Internationalized Resource Identifier
Open Logical Channel
Optical Line Termination
ONT Management and Control Interface
Object Management Group
Optical Network Termination
Optical Network Units
Outbound Port 25 Blocking
Outbound Port 25 Blocking
Object Request Broker

Operating System
Operations System
Open Service Access
Open Service Architecture
Open Service Environment
Operation System Function
Open System Interconnection
Open Systems Interconnection
Outside Plant
OTP Service Provider
Operations Support System
Operations Support System, same as OS
Operations Systems Support.
Open Source Vulnerability Database
Optical Transport Network
One Time Password
One-time Telebiometric Template
OTT Database
Open Vulnerability and Assessment Language
peer to peer
Peer to Peer
peer-to-peer
Peer-to-Peer
Platform for Privacy Preferences
PANA Authentication Agent
platform as a service
PANA Client
Privilege Attribute Certificate
Privilege Attribute Certificates
Payment Application Data Security Standard
Password Authenticated Key
Password-Authenticated Key Exchange
Protocol for Carrying Authentication for Network Access
Reverse SOAP
password authentication protocol
Policy Administration Point
Purpose-based Access Control
Policy-Based Network Management
Personal Computer
Policy and Charging Control
Payment Card Industry Data Security Standard
Policy Core Information Model
PCIM extension
Probabilistic Clock Synchronization
Proxy Call Session Control Function
Proxy Call Session Control Functional Entity
Personal Data Assistant
Personal Digital Assistant
Plan Do Check Act
Portable Document Format
Policy Decision Functional Entity
Packet Data Gateway
Packet Data Network
Public Data Network

Packet Data Protocol
Policy Decision Point
Personal Digital Recorder
Protocol Data Unit
Protected EAP protocol
Policy Enforcement Functional Entity
Policy Enforcement Point
Packed Encoding Rules
Packetized Elementary Stream
PSTN/ISDN Evolution Service
Policy Function
Page Format Selection
Perfect Forward Secrecy
Pretty Good Privacy
Per Hop Behaviour
physical layer
Persistent IP Address
Privacy Impact Assessment
Policy Information Base
Protocol Implementation Conformance Statement
Packet Identification number
Private Identifier
Personally Identifiable Information
Protocol Independent Multicast
Personal Identification Number
Policy Information Point
Protocol Implementation eXtra Information for Testing
Public-Key
Public Key
Public Key Certificate
Public-Key Cryptography
Public Key Cryptography Standards
Public-Key Crypto System
Public-Key Cryptosystem
Public Key Directory
MIKEY PKE payload message (see RFC 3830)
Public Key Infrastructure
public key cryptography initial authentication
Public Key Infrastructure X.509
Partial Line Down
public land mobile network
public land mobile network operator
Partial Line Up
Performance Management
Privilege Management Infrastructure
Proxy mobile IP
Pairwise Master Key
Pair-wise Master Key
Performance Monitoring Point
Programme Map Table
Portable Object Adapter
Platform/Operating System/Application/Service
Point of Contact
Point-of-Contact
Passive Optical Network
Proof of Possession
Post Office Protocol
Post Office Protocol v3
Portable Operating System Interface
Plain Old Telephone Service
Plain Old Telephone System
Profile Proforma
Protection Profile
Protection of Personal Identifiable Information
Private-Public Key
Point-to-Point Protocol
PPP over Ethernet
Permission <Policy Set>
Personal Privacy Sphere
Picture Parameter Set
PII Protection Service
Pay Per View
Private Directory Management Domain
Pseudo-Random Function
Pseudo-Random Function (MIKEY-PRF, see RFC 3830 sections 4.1.2-4.1.4)
Packet-Switched
Presence Server
Public Safety Answering Point
Personal Security Environment
Pre-Shared Key
Pre-shared Keys
Pre-Shared Key Ciphersuites for Transport Layer Security
Public Switched Telephone Network
Pair-wise Transient Key
point to multipoint
Packet TMSI
Public Telecommunication Network
Public Telecommunication Network Operator
Public Telecommunication Operator
Physical Termination Point
Pointer Record
Provider Trouble Report
Public Utilities Commission
personal user identity
Privilege Verifier
Permanent Virtual Circuit
Personal Video Recorder
Password
Mobile User Password
Question and Answer
Quadrature Amplitude Modulation
Quality of Experience
Quality of Service
Quality of Service Measurement
Random number
Role & Responsibility
Registration Authority
Receiver Agent
Resource Access Control Function
Resource Admission and Control Functions
Resource and Admission Control Function
Resource and Admission Control Functions
Resource and Admission Control Functional Entity
Remote Authentication Dial-In User Service
Radio Access Network
random nonce (see RFC 3830)
random value
Registration, Admission and Status
Registration, Admission, Status
Remote Access Server
Recipient-side Anti-Spam
Recipient-side Anti-Spam Functions
Role Based Access Control
Role-Base Access Control
Role-based Access Control
(The term is commonly used to describe) Real-time Blacklist
Real-time Blocking List
Realtime Blackhole List
Report Confidence
Rivest Cipher
Root Cause Alarm Indication
Registration Confirm
Resource Description Framework
Relative Distinguished Name
REGistration AUThority
Rights Expression Language
Request
requirement
a 3GPP authentication parameter
Receiver Security Agent
result of authentication algorithm on RND
Radio Frequency
Rating Function
Request for Comments
remote feature control port
Radio Frequency Identification
Radio Frequency Identification Device
Radio-Frequency Identification
Radio-Frequency IDentification
Residential Gateway
Receiver Gateway Function
Real-time Inter-network Defense
Request in Progress
Rseaux IP Europens
Record Keeping Server
Remediation Level
Radio Link Control/Media Access Control
Reverse Line Feed
Radio Link Protocol
Roaming Location Protocol
Receiver Multicast Agent
Relayed MultiCast Protocol

Reference Model of Open Distributed Processing
MIKEY message of the responder (see RFC 3830)
Reliable Multicast Transport
Radio Network Controller
Radio Network Subsystem
radio network temporary identity
Recognition of Authority
Rollover Counter
Roll-over Counter
Risk of Exposure
Reference Point
Relying Party
Remote Procedure Call
Resource Priority Header
Resource-Priority Header
registered PLMN
Role <PolicySet>
radio resources control (non normative)
Registration Reject
Registration Reply
Registration Request
Rivest Shamir Adleman public key algorithm
Rivest, Shamir and Adleman
Rivest, Shamir and Adleman (public key algorithm)
Rivest, Shamir, Adleman
Rivest, Shamir, Adleman (algorithm for public-key cryptography)
Rivest, Shamir, Adleman (public key algorithm)
Rivest-Shamir-Adleman
RSA public key algorithm
Response
Resource Reservation Protocol
Resource ReSerVation Protocol
Remote Terminal
Real --Time Control Protocol
Real-Time Control Protocol
Real-time Transport Control Protocol
RTP Control Protocol
Retransmission Timeout
Real Time Protocol
Real-Time Protocol
Real-time Transport Protocol
Real-Time Streaming Protocol
Real Time Streaming Protocol
Rule-based Access Control
Reference Validation Mechanism
Receive side of unidirectional transmission (sink)
Secure MIME
Signalling and Control
Security Association.
Service Affecting
shared secret among endpoint A and GK
Sender Agent
Service Agreement
Service Authentication and Authorization Functional Entity

software as a service
Service and Application Discovery and Selection
secure and fast encryption routine
Security Algorithms Group of Experts
security association identifier
Identifier of Security Association
Security Assurance Level
Specific Area Message Encoding
Security Assertion Markup Language
Subject Alternative Name
secure answering
Service Access Point
Service Authentication Proxy
Security Application Software
Sender-side Anti-Spam
secure simple audio endpoint type
Secure Audio Simple Endpoint Type
sender-side ASF
Sender-side Anti-Spam Functions
Simple Authentication and Security Layer
Security Application Software Server
Security Application Software Updating Servers
shared secret among endpoint B and GK
Session Border Controller
serving BSC
Service Centre
service code
Service Control
Service Control and Content Delivery Functions
Service Control and Delivery Function
Security Correlation Agent
Security Content Automation Protocol
security control of air traffic and air navigation aids
security client function
security communication function
Service Control Function
Service Control Functions
security control information
Security Correlation Information
Security Correlative Information
Server Communication Interface
SCP KeySDP Session Description Protocol
Service Control Module
Supply Chain Management
Service CoMposition Functional Entity
State Change Notification
Service and Content Protection
Service Control Point
SCP Bridge
SCP End-to-End
Service and Content Protection Functional Entity
SCP Interchange
Service CooRdination Functional Entity
Stream Control Transport Protocol

Secure Communication Service
Security Correlation Server
Serving Call Session Control Function
Serving Call Session Control Functional Entity
Standard Definition
security domain authority
Security Data Base
Service Discovery Functional Entity
Synchronous Digital Hierarchy
Specification and Description Language
Standard Development Organisation
Standards Development Organization
Session Description Protocol.
Shadowed DSA Specific Entry
Service Development Support Functional Entity
Service Data Unit
main security marker
security screening
security exchange item
Supplemental Enhancement Information
Secure Environment for Information Systems in Medicine
Security Exchange Protocol Machine
Sequence number
secure electronic payment protocol
service;
security exchange service element
secure electronic transaction
secure voice communications
Security Gateway
Signalling Gateway
Sender Gateway Function
Signalling Gateway Functional Entity
Select Graphic Rendition
Serving GPRS Support Node
Security Gateway
Secure Environment for Information Systems in Medicine
secure electronic payment protocol
security exchange service element
secure electronic transaction
secure voice communications
Secure Hash Algorithm
Secure Hash Algorithm 1
Secure Hash Algorithm 1 (ISO/IEC 10118-3)
Secure Hash Algorithm 1
Secure Hashing Algorithm, Revision 1
Super Head End
Secure Home Gateway
Select Horizontal Spacing
Service Information
INternational System of Units
Security Information
supplementary information
Synchronization Information
SIlence Descriptor
GSM Subscriber Identity Module
Subscriber Identification Module
Subscriber Identity Module
Security Information Object
Session Initiation Protocol
Session Initiation Protocol Plus.
Subject Key Identifier
shared secret among gatekeepers
Service Level Agreement
Sub Local Area Group
Subscriber Locator Function
Subscription Locator Functional Entity
Security Level Negotiation
Security Module
Session Manager
Short Message Mobile Originated Point-to-Point
Short Message Mobile Terminated Point-to-Point
Sender Multicast Agent
Systems Management Application Entity
Security Management Application Process
Systems Management Application Protocol Machine
Systems Management Application Service Element
Satellite Master Antenna Television
Short Message Entity
Service Management Functional Entity
Security Management Information FG
Security Management Information Base
Service Management Layer
Systems Management Overview
Short Message Point-to-Point
Security Management System
Short Message Service
Short Message Service Centre
Simple Mail Transfer Protocol
Service Node
Subnetwork
Sensor Network
Subnetwork Connection
SubNetwork Connection Protection
Subnetwork Fragment
Server-to-Network Interface
Service Network Interface
Simple Network Management Protocol
Simple Network Management Protocol version 3
Simple Network Time Protocol
Service-Oriented
Service-Oriented Approach/Architecture
Service-oriented Architecture
Source of Authority
Statement of Applicability
Simple Object Access Protocol
service oriented architecture protocol
security operation center
Service-Oriented Faade
Synchronous Optical Network
Service Management Layer Operations System Function block
security policy
Security Policy (see RFC 3830)
Service Platform
Service Protection
Service Provider
Space
security proprietary domain
Service Provider Lite
security profile
Service Provider Access
Service Provider Access Interface
Service Provider Access Requirement(s)
Security Policy Decision Function
security proprietary domain
Security Policy Enforcement Function
Service Policy Enforcement Functional Entity
Simple Password Exponential Key Exchange
security portal function
Sender Policy Framework
Service Platform Interface
security policy information file
SPam over Instant Messaging
Spam over Internet Messaging
Spam over Internet Telephony
Simple Public Key Infrastructure
Security Policy Server
Sequence Parameter Set
ANSI Structured Query Language
Structured Query Language
Service Resource
Spam Recipient
Spam Recipient Functions
Service Registration Functional Entity
Serving Radio Network Controller
SRNC radio network temporary identifier
Secure RTCP
Secure RTP
Secure Real-time Transport Control Protocol
Secure Real Time Protocol
Secure Real-Time Transport Protocol
Secure Real-time Transport Protocol
Secure Real-time Transport Protocol (see RFC 3711)
Secretary Station
Service Subscriber
Signaling System number 7
Signalling System No. 7
Sender Security Agent
subscriber security control
security service circuit
Security Service Control Unit
shared secret data
security server function

Service Support Functions
Service Switching Functional Entity
SMS Spam Filtering Module
SMS Spam Filtering Service
Secure Shell
Service set identification
Service set identifier
Secure Socket Layer
Secure Socket Layer (Encryption and authentication protocol)
Secure Sockets Layer
security and systems manageme
Single Sign On
Single Sign-On
system security object
Single-Sign-On Service
Synchronization Source
Synchronization source (RTP)
security Sun sensor
Security Target
special temporary authority
station
security transformations application service element
Set Top Box
Spanning Tree Protocol
Secure Transcodable Scheme
secure transaction technology
Substitute Character
subscription management
Service User Profile Functional Entity
Security Updating Server
Scalable Video Coding
Security Voice Improvement Project
Select Vertical Spacing
Session Word
switch number
Timestamp (see RFC 3830)
Trust Authority
Transport Authentication and Authorization Functional Entity
Terminal Access Controller Access-Control System
Telebiometrics Authentication Infrastructure
terminal authentication
Telebiometric Authority
Threshold Crossing Alert notification
Temporal Constraints Access Control
Transaction Capabilities Application Protocol.
Threshold Crossing Alert Parameter Profile
Termination Connection Point
Transmission Control Protocol
Transmission Control Protocol/Internet Protocol
Total Call Time
IPTV-compliant Terminal Device
Target Distribution
Terminal Device
Timeout for Disconnect

Time Division Duplex
Time Division Multiplex
Time Division Multiplexing
Time-Division Multiplexing
Telecommunication for Disaster Relief
Telecommunications for Disaster Relief
Terminal Equipment
Terminal Equipment Border Element
Terminal Equipment Border Element
Transient Encryption Key
Transverse ElectroMagnetic
Trusted Email Open Standard
Transformation Function
Transport Functions
transport format combination indicator
transport format identification (in UTRAN)
transport format identification (in GERAN)
Termination Flow Point
Trivial File Transfer Protocol
Traffic Generating Key (see RFC 3830) between endpoint A and endpoint B
Ticket Granting Server
Transformation Information
Temporary IP Address
Transient Integrity protection Key
temporal key
Transient Key
Temporal Key Integrity Protocol
Transaction Language 1
temporary local directory number
Transport Location Management Functional Entity
Traffic Light Protocol
Transport Layer Security
Transport Layer Security Protocol
transport level security
Transport Layer Security based on Certificate
transport layer security protocol
Transport Layer Security based on Pre-Shared Key
tag length value
Telex Type
Trunking Media Gateway Functional Entity
telecommunications Markup Language
Telebiometric Multimodal Model
Telecommunication Management Network
Telecommunications Management Network
Transport MPLS
Temporary Mobile Station Identity
Timestamp number n
Trusted Network Connect
Telecommunication Network Security System
Termination Point
Transaction Processing
Trusted Platform Module
trusted platforms
Transport Resource Control Functional Entity

Transport Resource Enforcement Functional Entity
Telephony Routing over IP
Technical Specification
Telecommunication System
Transport Stream
Time Stamping Authority
Transport Service Access Point
Telebiometrics System Mechanism
Technology-Specific Network
Telecommunication Service Priority
Telecommunication Service Providers
Telecommunications Service Provider
Technology Specific Security Requirements
Tunneled Transport Layer Security
Third-party Trust Provider
Trail Termination Point
trusted third party
trusted third party for confidentiality facilities
Telecommunications Trouble Report
Text To Speech
Teletex Type
Transport user profile functional entity
Television
Time Varying Stripe (pattern)
Threshold Watermark
Transmit side of unidirectional transmission (source)
User Agent
User Application Interface
user authentication
User Created Content
User Created Contents
User Communication Interface
User security controls - Dependent on UNI
Universal Discovery, Description, Integration
User Datagram Protocol
User Equipment
Unified Functional Approach/Architecture for Transport Networks
User Generated Contents
User Interface
User security controls - Independent from UNI
Universal Integrated Circuit Card
Universal IC Card
public entity identifier
Public Identifier
Universal Identifier
Unique Item Identifier
User Identity Module
Unsigned Integer, Most Significant Bit First
User Level Set
Uniform Media Formats
Unified Modelling Language
Universal Mobile Telecommunications System
United Nations International Strategy for Disaster Reduction
User Network Gateway

User Network Interface
User to Network Interface
User-Network Interface
User-to-Network Interface
unauthorized precedence announcement
Universal Plug and Play
Uninterruptible Power Supply
Universal Personal Telecommunication
UPT Number
UTRAN/user registration area
User-specified Rules Database
Uniform Resource Identifier
Uniform Resource Locator
Uniform Resource Name
UTRAN radio network temporary identifier
User Reputation System
User Security Agent
Universal Serial Bus
User Identity
Universal Services Interface
Universal SIM
Universal Subscriber Identity Module
User Signalling Interworking Functional Entity
User Service Management Module
Ubiquitous Sensor Network
User Terminal
Universal Time Clock
Universal Time Coordinated
Coordinated Universal Time
Universal Transformation Format
Universal Transformation Function 8-bit
Universal Terrestrial Radio Access
Universal Terrestrial Radio Access Frequency Division Duplex
Universal Terrestrial Radio Access Network
Universal Terrestrial Radio Access Time Division Duplex
Universal Unique IDentifier
Universally Unique Identifier
User Universal Identification Module
Verification message field (see RFC 3830)
Validation Authority
Voice Spam or VoIP Spam
Visited ASC
value-added service provider
Visited BE
Visited Border Element
Vertical Blank Interval
Virtual Channel
Virtual Connection/Circuit
Virtual Channel Identifier
Video Cassette Recorder
Very High Speed Digital Subscriber Line
Video Display Unit / Visual Display Unit
Video Electronics Standards Association
Visited GK
Virtual Home Environment
Video Hub Office
Virtual LAN
Visitor Location Function
Visitor Location Register
Visited NAC
Video on Demand
Video-on-Demand
Voice over Internet Protocol
Voice over IP
Virtual Path
Virtual Path Identifier
Virtual Private LAN Service
Virtual Private Network
Virtual Private Wire Service
Virtual Router
Visited SCS
Video Serving Office
Vertical Stripe Pattern
Voice Spam Prevention Policy Server
RBL central system for VoIP Spam Prevention
Voice Spam Prevention System
Vertical Tabulation
Compound value with arithmetic combination of Diffie-Hellman half-keys
World Wide Web Consortium
WLAN Access Gateway
Wide Area Network
Web Application Server
Wideband Code Division Multiple Access
Wideband CDMA
Wavelength Division Multiplexing
Web-based distributed authoring and versioning
Wired Equivalent Privacy
Wireless Fidelity
Worldwide Interoperability for Microwave Access
Wireless LAN
Wireless Local Access Network
Wireless Local Area Network
WLAN user equipment
Watermark(ing)
Wireless Metropolitan Area Network
Wireless Mesh Network
Wi-fi Protected Access
Wireless Personal Area Network
Wireless Priority Service
Web Server
Web Services
Web Services Description Language
WorkStation Function
Web Services Gateway
Window Size Hint
Wireless Sensor Network
Web Services Security
Mobility ClearToken
Wireless Transport Layer Security
Concatenation of X and Y
eXtensible Access Control Markup Language
eXtensive Application Programming Interface
eXensible Configuration Checklist Description Format
Any of the various types of Digital Subscriber Lines (DSL)
Any variant of Digital Subscriber Line
x Digital Subscriber Line
x Digital Subscriber Loop
XML Key Management Specification
eXtensible Markup Language
eXtensible Mark-up Language
Extensible Markup Language
Exclusive OR
XML Path Language
a 3GPP authentication parameter
XML Schema Definition
eXtensible Stylesheet Language
CryptoToken for MT authentication
Shared secret/password of the mobile user, which is shared with the corresponding AuF
dynamic shared H.323 secret ZZAB
Shared secret of the mobile terminal MT, which is shared with the corresponding AuF
Shared-secret number n
Rec#
H.530
F.771
M.3410 etc
F.771
H.235.0 etc.
X.1205
Y.2701 etc.
M.3410 etc.
X.1034 etc.
X.1124
X.1034
X.1521
H.235.7
X.1122 etc.
Y.2703 etc.
X.805 etc.
Clause
5
Date
Referred rec
(2002-03)
(2008-08)
(2008-08)
(2008-08)
(2005-09)
(2008-04)
(2007-04)
(2008-08)
(2011-02)
(2007-11)
(2011-02)
(2011-04)
(2005-09)
(2004-04)
(2009-01)
(2003-10)
T&D-DB_NN
T&D-DB_NN
T&D-DB_NN
F.110
X.509
Y.2012 etc.
Y.2012
X.1521
X.1089
Q.1742.9
J.1001
X.741
H.235.5
X.525 etc.
X.1101
X.1244 etc.
X.509
X.Sup11
M.3016.1
X.1193
X.Sup11
X.832
X.1153
X.Sup11
X.1191
X.500 etc.
X.812 etc.
X.812
X.1034 etc.
X.Sup10
X.Sup6
Y.2760
X.812 etc.
H.235.0 etc.
J.170 etc.
Y.2205
A5 3.1.2
3.4.3
4
4
4
7.2
3.1.1.
3.1.1
3.4.4
4
4
4
7.5.1
3.4.3
3.4.2
4
4
3.4.4
(1996-07)
(2008-11)
(2010-04)
(2010-04)
(2011-04)
(2008-05)
(2011-11)
(2012-01)
(1995-04)
(2005-09)
(2008-11)
(2010-05)
(2008-09)
(2008-11)
(2011-09)
(2005-04)
(2011-10)
(2011-09)
(1995-04)
(2011-02)
(2011-09)
(2009-02)
(2008-11)
(1995-11)
(1995-11)
(2011-02)
(2011-09)
(2009-02)
(2011-05)
(1995-11)
(2005-09)
(2005-11)
(2011-05)
X.741
T&D-DB_NN
T&D-DB_NN
Y.2012
Y.2012
Y.2701
Y.2704 etc.
X.780.2
X.800 etc.
F.110
X.780.2
X.780.2
X.1124 etc.
X.1123
X.1112
X.1034
M.3016.1
H.235.0 etc.
H.235.9
X.780.2
4
4
3.3.8
A5 3.1.2
3.1.1
3.1
(2010-04)
(2010-04)
(2007-04)
(2010-01)
(2007-03)
(1991-03)
(1996-07)
(2007-03)
(2007-03)
(2007-11)
(2007-11)
(2007-11)
(2011-02)
(2005-04)
(2005-09)
(2005-09)
(2007-03)
T&D-DB_NN
T&D-DB_NN
Y.2703 etc.
Y.2012
Y.2018
X.1057
Y.2012 etc.
Y.2014 etc.
Y.2012 etc.
Y.2012 etc.
Y.2703
Y.2701 etc.
Y.2205
4
4.3
4
4
4
4
4
(2009-01)
(2010-04)
(2009-09)
(2011-05)
(2010-04)
(2010-03)
(2010-04)
(2010-04)
(2009-01)
(2007-04)
(2011-05)
T&D-DB_NN
M.3410 etc.
X.1193
X.780.2 etc.
X.408
X.832
X.1244
X.Sup6
M.3410
X.1206 etc.
Y.2012 etc.
Y.2012 etc.
X.1570
X.1152
Y.2012
M.3410
X.1570
X.408
Y.2205
G.873.1
Y.2205
X.1521
4
4
4
4
App.I
4
4
4
(2008-08)
(2011-10)
(2007-03)
(1988-11)
(1995-04)
(2008-09)
(2009-02)
(2008-08)
(2008-04)
(2010-04)
(2010-04)
(2011-09)
(2008-05)
(2010-04)
(2008-08)
(2011-09)
(1988-11)
(2011-05)
(2006-03)
(2011-05)
(2011-04)
X.780.2
X.1500
X.1500
Y.2012 etc.
X.1570
H.235.5
X.1083 etc.
H.235.2 etc.
X.1245
Y.2271 etc.
X.1114
Y.2704
X.780.2
X.780.2
X.1125 etc.
X.1125
X.1244 etc.
Y.2012
J.170
X.832
Y.2020
X.1245
Y.2012 etc.
Y.2012 etc.
M.3410
Y.2205
X.680 etc.
X.832
X.1143
X.805 etc.
Y.2012
X.805 etc.
X.1250
Table I.1
4
4
4
3.2.1
4
4.1(33)
4
3.2.1
4
4
4
3.2.5
4
(2007-03)
(2011-04)
(2011-04)
(2010-04)
(2011-09)
(2005-09)
(2007-11)
(2005-09)
(2010-12)
(2006-09)
(2008-11)
(2010-01)
(2007-03)
(2007-03)
(2008-01)
(2008-01)
(2008-09)
(2010-04)
(2005-11)
(1995-04)
(2011-05)
(2010-12)
(2010-04)
(2010-04)
(2008-08)
(2011-05)
(2008-11)
(1995-04)
(2007-11)
(2003-10)
(2010-04)
(2003-10)
(2009-09)
T&D-DB_NN
T&D-DB_NN
X.1521
Y.2704
H.530
X.1521
Y.2722
X.780.2
X.1057
F.771
Y.2701
F.771
X.1171
X.1080 ser.
X.1080 ser.
X.1080 ser.
E.409
X.1089
3 + 4.1
3.2.2
3.2.3.
(2011-04)
(2010-01)
(2002-03)
(2011-04)
(2011-01)
(2007-03)
(2011-05)
(2008-08)
(2007-04)
(2008-08)
(2009-02)
(2008-05)
(2007-11)
(2007-11)
(2004-05)
(2008-05)
H.510
T&D-DB_NN
T&D-DB_NN
T&D-DB_NN
X.1083
X.1089
Y.2701 etc.
X.1500
H.235.0
X.1084
Y.1910
Y.2012
X.1088
X.1089
X.1083
X.1083
J.96
X.1089
M.3410
Y.2205
X.1089
J.170
X.1084 etc.
Y.2012
H.235.3
H.235.3
X.408
Y.2205
Q.1741.7
X.780.2
Y.2702 etc.
J.96
X.1084 etc.
Y.2704
X.1205
Y.2720 etc.
Y.2702
X.1521
X.Sup.8
J.170
H.235.0 etc.
X.1088 etc.
J.1001 etc.
J.93
H.235.2
Y.2205
Y.2171
J.1001
Y.2012
J.1001
X.Sup6
3.2.5.
3.2.2
4
3.2.6.
3.2.3
4
3.2.8.
4.1(34)
4
4
4
3.2.2
3.2.1.
3.4
3.1
4
4
3.1.3.
4
3.1.2.
(2007-11)
(2008-05)
(2007-04)
(2011-04)
(2005-09)
(2008-05)
(2008-09
(2010-04)
(2008-05)
(2008-05)
(2007-11)
(2007-11)
(2002-07)
(2008-05)
(2008-08)
(2011-05)
(2008-05)
(2005-11)
(2008-05)
(2010-04)
(2005-09)
(2005-09)
(1988-11)
(2011-05)
(2011-11)
(2007-03)
(2008-09)
(2002-07)
(2008-05)
(2010-01)
(2008-04)
(2009-01)
(2008-09)
(2011-04)
(2010-12)
(2005-11)
(2005-09)
(2008-05)
(2012-01)
(1998-03)
(2005-09)
(2011-05)
(2006-09)
(2012-01)
(2010-04)
(2012-01)
(2009-02)
T&D-DB_NN
X.1303 etc.
X.1500
X.509
X.1193 etc.
X.1245
X.1245
Table I.2
3.4.18
4
3.2.3
(2007-09)
(2011-04)
(2008-11)
(2011-10)
(2010-12)
(2010-12)
X.1245
J.96
X.1055
X.1051
X.1124
K.87
H.235.0 etc.
J.170
X.1088 etc.
X.1089
X.Sup11
X.Sup11
X.1084
4
4.1(35)
4
7.5.1
(2010-12)
(2002-07)
(2008-11)
(2008-02)
(2007-11)
(2011-11)
(2005-09)
(2005-11)
(2008-05)
(2008-05)
(2011-09)
(2011-09)
(2008-05)
T&D-DB_NN
X.Sup.8
X.1500 etc.
Y.2012
X.1524 etc.
X.1114 etc.
Y.1910
Y.2012
Y.1910
Y.2012
Y.2012 etc.
X.1034 etc.
X.1191 etc.
Y.3001
Y.2012
X.Sup11
X.1521
X.1500
X.1500
X.1193
H.235.8
X.1570
X.1200 ser
H.235.7
X.1570
H.235.6
H.235.0
X.780.2
Y.2012
Y.2012
X.1524 etc.
X.1193
Y.2012
Y.2012
Y.2012
X.1082
Y.2012
Table I.1
4
4
4
4
4
4
4
7.5.1
4
Table I.2
4
4
4
App.I
4
4
4
4
4
4
4
4
(2010-12)
(2011-04)
(2010-04)
(2012-03)
(2008-11)
(2008-09
(2010-04)
(2008-09
(2010-04)
(2010-04)
(2011-02)
(2009-02)
(2011-05)
(2010-04)
(2011-09)
(2011-04)
(2011-04)
(2011-04)
(2011-10)
(2005-09)
(2011-09)
(2008-04)
(2005-09)
(2011-09)
(2005-09)
(2005-09)
(2007-03)
(2010-04)
(2010-04)
(2012-03)
(2011-10)
(2010-04)
(2010-04)
(2010-04)
(2007-11)
(2010-04)
T&D-DB_NN
H.530
M.1224.1
X.780.2
5
4.2.2.2
(2002-03)
(2012-03)
(2007-03)
ITU-R
X.781
X.1036
Q.1221
X.1082
Y.2012
X.1207 etc.
X.1124
Y.2721 etc.
X.1193
X.780.2
X.811
M.3410
X.780.2
J.122
X.1193
X.1122
X.790
X.530 etc.
X.740 etc.
X.790
Y.2018
X.1205 etc.
J.170
H.235.8 etc.
J.170 etc.
X.1057 etc.
X.1112
X.1125 etc.
X.790
X.1123
X.Sup6
Q.1721
M.3016.1
X.780.2
(2001-08)
(2007-02)
I.3.3.2.9 (1997-09)
(2007-11)
4
(2010-04)
(2008-04)
(2007-11)
(2011-01)
4
(2011-10)
(2007-03)
3.9
(1995-04)
(2008-08)
(2007-03)
3.1
(2007-12)
4
(2011-10)
(2004-04)
(1995-11)
(2008-11)
(1992-09)
(1995-11)
4.3
(2009-09)
(2008-04)
(2005-11)
(2005-09)
(2005-11)
4
(2011-05)
(2007-11)
(2008-01)
(1995-11)
(2007-11)
(2009-02)
13.25
(2000-xx)
(2005-04)
(2007-03)
T&D-DB_NN
X.740 etc.
X.1125 etc.
X.1036
X.780 etc.
Y.2014 etc.
X.780 etc.
X.780.2
X.1251
X.780.2
X.1101
X.1193 etc.
H.235.7
X.1500 etc.
Y.2014 etc.
Y.1910
Y.2012 etc.
Y.2012
X.509
X.1112
4
Table I.1
3.2.2
4
4
3.4.11
(1992-09)
(2008-01)
(2007-02)
(2001-01)
(2010-03)
(2001-01)
(2007-03)
(2009-09)
(2007-03)
(2010-05)
(2011-10)
(2005-09)
(2011-04)
(2010-03)
(2008-09
(2010-04)
(2010-04)
(2008-11)
(2007-11)
Y.1901
X.408
X.1521
X.1570
X.509 etc.
M.1224.1
X.Sup11
J.1001
X.1125
X.1125
X.780.2
X.408
X.1193
J.96
3.2.7
4
App.I
3.4.12
4.2.2.2
7.5.1
4
3.2.3.
3.2.4.
(2009-01)
(1988-11)
(2011-04)
(2011-09)
(2008-11)
(2012-03)
(2011-09)
(2012-01)
(2008-01)
(2008-01)
(2007-03)
(1988-11)
(2011-10)
(2002-07)
ITU-R
T&D-DB_NN
H.235.7
X.1193
Y.2702 etc.
Y.1910
Y.2701
(2005-09)
(2011-10)
(2008-09)
(2008-09
(2007-04)
T&D-DB_NN
M.3016.1
E.409 etc.
X.780.2
(2005-04)
(2004-05)
(2007-03)
T&D-DB_NN
J.191
X.1570
Y.2721
X.1088
3.
App.I
(2004-03)
(2011-09)
(2010-09)
(2008-05)
T&D-DB_NN
X.1243
X.1240
H.235.4
H.235.7
H.235.7
Y.2012
X.780.2
X.780.2
H.235.5
X.1500 etc.
X.1500 etc.
K.87
J.96 etc.
X.1500 etc.
X.1500 etc.
X.1500 etc.
X.1500
X.1114 etc.
Table I.1
Table I.1
4
Table I.1
Table I.1
4
4
(2010-12)
(2008-04)
(2005-09)
(2005-09)
(2005-09)
(2010-04)
(2007-03)
(2007-03)
(2005-09)
(2011-04)
(2011-04)
(2011-11)
(2002-07)
(2013-03)
(2011-04)
(2011-04)
(2011-04)
(2008-11)
T&D-DB_NN
X.500 etc.
(2008-11)
X.1244
Y.2701
X.1057 etc.
(2008-09)
(2007-04)
(2011-05)
T&D-DB_NN
M.1224.1
Y.2205
M.3410 etc.
M.3016.0
X.509
X.509
X.1141
X.1051 etc.
X.1209 etc.
M.3410 etc.
Y.2760
J.170 etc.
Y.2721
Q.1741.7
X.1151 etc.
H.235.7
H.235.7
X.805 etc.
X.1250 etc.
X.500 etc.
X.1251
X.1251
X.780.2
X.1205
X.525 etc.
X.530 etc.
X.Sup6
M.3410
M.3410
X.1101
X.1521
X.500 etc.
X.780.2
X.1036
X.Sup3
X.780.1 etc.
Y.1901 etc.
Y.1901 etc.
J.170 etc.
X.805 etc.
Y.2701 etc.
J.170 etc.
X.530 etc.
X.1034 etc.
X.805 etc.
J.170
H.235.4
H.235.7
X.1193 etc.
4.2.2.2
4
3.4.26
3.42
3.5.2
3.2.12
3.2.11
7.1(d)
(2012-03)
(2011-05)
(2008-08)
(2005-05)
(2008-11)
(2008-11)
(2006-06)
(2008-02)
(2010-12)
(2008-08)
(2011-05)
(2005-11)
(2010-09)
(2011-11)
(2007-11)
(2005-09)
(2005-09)
(2003-10)
(2009-09)
(2008-11)
(2009-09)
(2009-09)
(2007-03)
(2008-04)
(2008-11)
(2008-11)
(2009-02)
(2008-08)
(2008-08)
(2010-05)
(2011-04)
(2008-11)
(2007-03)
(2007-02)
(2008-04)
(2001-08)
(2009-01)
(2009-01)
(2005-11)
(2003-10)
(2007-04)
(2005-11)
(2008-11)
(2011-02)
(2003-10)
(2005-11)
(2005-09)
(2005-09)
(2011-10)
ITU-R
T&D-DB_NN
X.805
(2003-10)
J.93
X.525 etc.
(1998-03)
(2008-11)
T&D-DB_NN
X.1125
J.170 etc.
X.1125
X.530 etc.
Y.1910
M.3410 etc.
Y.2205
X.1240
J.96
X.500 etc.
H.235.0
Y.2172
M.3410
Y.2012
H.235.0
H.235.6
J.170
Y.2704
Y.1901
X.743
X.530 etc.
J.96
Y.1910
F.771 etc.
X.1101
X.1521
K.87
K.87
K.87
X.1500
X.1124
X.1124
Y.2721 etc.
X.1084
Y.1901
X.1205 etc.
3.2.5.
4.1(44)
4
4
4
4
4
4
Table I.5
3.2.7.
(2008-01)
(2005-11)
(2008-01)
(2008-11)
(2008-09
(2008-08)
(2011-05)
(2008-04)
(2002-07)
(2008-11)
(2005-09)
(2007-06)
(2008-08)
(2010-04)
(2005-09)
(2005-09)
(2005-11)
(2010-01)
(2009-01)
(1998-06)
(2008-11)
(2002-07)
(2008-09
(2008-08)
(2010-05)
(2011-04)
(2011-11)
(2011-11)
(2011-11)
(2011-04)
(2007-11)
(2007-11)
(2010-09)
(2008-05)
(2009-01)
(2008-04)
T&D-DB_NN
T&D-DB_NN
X.509
Y.2205
X.1303
H.235.0 etc.
J.96 etc.
Y.2704
H.235.0
3.4.28
4
(2008-11)
(2011-05)
(2007-09)
(2005-09)
(2002-07)
(2010-01)
(2005-09)
Y.2012
F.744
H.235.0
H.235.0
(2010-04)
(2009-12)
(2005-09)
(2005-09)
J.1001 etc.
Y.2205
X.1142 etc.
3.2.3
4
3.8 bis
(2012-01)
(2011-05)
(2006-06)
ISO/IEC 15946-2
M.1224.1
Q.815 etc.
Y.2721
Q.1741.7
Y.2205
Y.2012
K.87
X.400
H.235.4
H.235.4
H.235.5
H.235.4
K.87
X.1231 etc
K.87
K.87
X.780.2
J.96 etc.
J.1001
M.3410 etc.
K.87
K.84
X.1034
Y.2205
H.235.7
H.235.4
Y.2012 etc.
E.107 etc.
4.2.3
3.55
4
4
4
A.33
4
4
4
3.2.4.
3.2.4
3.3.2
(3.2.2)
4
(2012-03)
(2000-02)
(2010-09)
(2011-11)
(2011-05)
(2010-04)
(2011-11)
(1999-06)
(2005-09)
(2005-09)
(2005-09)
(2005-09)
(2011-11)
(2008-04)
(2011-11)
(2011-11)
(2007-03)
(2002-07)
(2012-01)
(2008-08)
(2011-11)
(2011-01)
(2011-02)
(2011-05)
(2005-09)
(2005-09)
(2010-04)
(2007-02)
ITU-R
T&D-DB_NN
M.3410
H.235.7
H.235.0 etc.
H.235.6
H.235.0 etc.
Y.1901 etc.
H.235.1 etc.
X.509
H.235.7
X.1124
X.1057
X.1241
M.3410 etc.
J.170
X.1205
X.1205
J.96
Y.2721 etc.
Y.2205
M.3410
Y.2721 etc.
X.Sup9
X.Sup9
K.87
Y.2012
3.2.13
3.4.29
3.2.8.
4
3.1.15
4
3.1.16
3.2.1
4
4
4
(2008-08)
(2005-09)
(2005-09)
(2005-09)
(2005-09)
(2009-01)
(2005-09)
(2008-11)
(2005-09)
(2007-11)
(2011-05)
(2008-04)
(2008-08)
(2005-11)
(2008-04)
(2008-04)
(2002-07)
(2010-09)
(2011-05)
(2008-08)
(2007-04)
(2011-09)
(2011-09)
(2011-11)
(2010-04)
X.1500
X.1500
Y.2721
Y.2205
H.235.8
X.1101 etc.
X.1084
Y.2012 etc.
Q.1741.7
M.3016.0
Y.1901
M.3410
X.Sup6
X.780.2
Q.1741.7
X.1253
X.780.2
X.780.2
X.780.2
M.3410 etc.
H.235.6 etc.
X.408
H.235.8
M.3410
X.1192
Q.1741.7
4
Table I.5
4
3.2.3.
4
3.63
4
4
4
3.2.5
3.2.6
4
3.61
(2011-04)
(2011-04)
(2010-09)
(2011-05)
(2005-09)
(2010-05)
(2008-05)
(2010-04)
(2011-11)
(2005-05)
(2009-01)
(2008-08)
(2009-02)
(2007-03)
(2011-11)
(2011-09)
(2007-03)
(2007-03)
(2007-03)
(2008-08)
(2005-09)
(1988-11)
(2005-09)
(2008-08)
(2011-05)
(2011-11)
T&D-DB_NN
X.780.2
Y.1910
X.780.2
Y.2012
X.1242
X.1089
Y.3001
Q.1221
X.780.2 etc.
F.115
X.780.2
J.170 etc.
Y.2720
X.272
X.1084
X.408
X.780.2
Q.1221
Y.1901
X.Sup6
X.805 etc.
X.780.2
Y.2721
X.790
Y.2012
F.771
X.408
3.2.2
I.3.3.1.5
4.1
3.2.4.
I.3.3.1.6
4
(2007-03)
(2008-09
(2007-03)
(2010-04)
(2009-02)
(2008-05)
(2011-05)
(1997-09)
(2007-03)
(1996-10)
(2007-03)
(2005-11)
(2009-01)
(2000-03)
(2008-05)
(1988-11)
(2007-03)
(1997-09)
(2009-01)
(2009-02)
(2003-10)
(2007-03)
(2010-09)
(1995-11)
(2010-04)
(2008-08)
(1988-11)
X.408
X.408
H.235.7
Y.2702
Y.2702
X.1124 etc.
(1988-11)
(1988-11)
(2005-09)
(2008-09)
(2008-09)
(2007-11)
T&D-DB_NN
T&D-DB_NN
H.235.5 etc.
X.1123
X.1193
X.780 etc.
H.235.7
Q.1741.7
X.1125 etc.
Y.2001
X.780
H.235.0 etc.
H.530
H.235.1 etc.
X.1101
X.1101
X.1101
Y.2172
X.790
Y.2001 etc.
Q.1741.7
M.3410 etc.
H.235.5 etc.
Q.1741.7
H.235.2 etc.
Y.2012
Y.2001 etc.
M.3410
5
3.2.5
3.69
3.68
4
(2005-09)
(2007-11)
(2011-10)
(2001-01)
(2005-09)
(2011-11)
(2008-01)
(2004-12)
(2001-01)
(2005-09)
(2002-03)
(2005-09)
(2010-05)
(2010-05)
(2010-05)
(2007-06)
(1995-11)
(2004-12)
(2011-11)
(2008-08)
(2005-09)
(2011-11)
(2005-09)
(2010-04)
(2004-12)
(2008-08)
H.225.0
T&D-DB_NN
X.1123
Y.2014
X.1520 etc.
X.1206
4
4
(2007-11)
(2010-03)
(2011-04)
(2008-04)
T&D-DB_NN
H.235.0 etc.
H.235.4
X.1101 etc.
X.1113
X.1125
X.1113
M.3016.1
X.1245
X.780.2
H.530
Y.2018
X.780.2
Y.1901
X.1113
4.3
4.1
4
4
(2005-09)
(2005-09)
(2010-05)
(2007-11)
(2008-01)
(2007-11)
(2005-04)
(2010-12)
(2007-03)
(2002-03)
(2009-09)
(2007-03)
(2009-01)
(2007-11)
X.1113
X.1113
Y.2012 etc.
X.1193 etc.
Y.2018
H.235.7
Q.1741.7
Y.1901
K.87
Q.1741.7
Y.1910
H.530
Y.2014 etc.
Y.2012 etc.
4
4
4
4
4.1
3.87
4
4
3.88
5
3.2.4
4
(2007-11)
(2007-11)
(2010-04)
(2011-10)
(2009-09)
(2005-09)
(2011-11)
(2009-01)
(2011-11)
(2011-11)
(2008-09
(2002-03)
(2010-03)
(2010-04)
T&D-DB_NN
X.1125 etc.
H.530
Q.1741.7
X.1205
J.170 etc.
H.235.8
Y.2704
5
4
4.1(50)
(2008-01)
(2002-03)
(2011-11)
(2008-04)
(2005-11)
(2005-09)
(2010-01)
T&D-DB_NN
H.530
H.530
5
5
Y.2018
X.1191
X.1125
X.1191
X.530
Q.1221
K.87
X.1114
X.1114
X.1125
X.1311
Y.2012
Y.2702
X.408
X.1520 etc.
X.780
M.3016.1 etc.
M.3410 etc.
J.380.7
J.380.7
X.1162
M.3410 etc.
X.1141
X.1209
K.87
X.1521
Q.814
X.408
4.4
(2002-03)
(2002-03)
(2009-09)
(2009-02)
(2008-01)
(2009-02)
(2008-11)
I.3.3.2.2 (1997-09)
4
(2011-11)
(2008-11)
(2008-11)
(2008-01)
(2011-02)
4
(2010-04)
(2008-09)
(1988-11)
4
(2011-04)
(2001-01)
(2005-04)
(2008-08)
3.2.4
(2011-11)
3.2.4
(2011-11)
(2008-05)
(2008-08)
(2006-06)
(2010-12)
4
(2011-11)
4
(2011-04)
3.3
(2000-02)
(1988-11)
X.1570
X.1124
Y.2702
X.509
App.I
3.2.10.
(2011-09)
(2007-11)
(2008-09)
(2008-11)
T&D-DB_NN
Q.814
Y.2012
Y.2721
Y.2012 etc.
X.1089
X.1125
X.1500
Y.3001
X.1125
Q.1741.7
X.1036 etc.
E.409
4
4
4
4
4
(2000-02)
(2010-04)
(2010-09)
(2010-04)
(2008-05)
(2008-01)
(2011-04)
(2011-05)
(2008-01)
(2011-11)
(2007-02)
(2004-05)
T&D-DB_NN
X.509
X.1082
Q.1741.7
X.1032
X.1521
X.1207 etc.
X.1250 etc.
X.Sup11
H.235.0 etc.
X.1125
X.781 etc.
Y.2702
Y.2012
Y.2701 etc.
X.1171 etc.
X.Sup9
X.744
X.780 etc.
Y.2704 etc.
Y.2703
X.1113
H.235.7
X.1250
H.235.7
Y.2702
X.781 etc.
X.Sup7 etc.
Y.2721 etc.
Y.2702 etc.
X.1141
Y.2704 etc.
X.1192
X.1251
M.3410 etc.
X.1056 etc.
3.4.34
3.93
9.2.3
4
7.5.1
4
3.2.4
4
(2008-11)
(2007-11)
(2011-11)
(2010-12)
(2011-04)
(2008-04)
(2009-09)
(2011-09)
(2005-09)
(2008-01)
(2001-08)
(2008-09)
(2010-04)
(2007-04)
(2009-02)
(2011-09)
(1996-10)
(2001-01)
(2010-01)
(2009-01)
(2007-11)
(2005-09)
(2009-09)
(2005-09)
(2008-09)
(2001-08)
(2009-02)
(2010-09)
(2008-09)
(2006-06)
(2010-01)
(2011-05)
(2009-09)
(2008-08)
(2009-01)
X.1252 etc.
X.1089
Y.2702 etc.
X.790 etc.
X.1034
X.1311 etc.
K.87
E.107 etc.
M.3410 etc.
X.1243
X.1101 etc.
X.408
E.409
X.780 etc.
X.1124
J.170 etc.
J.170
X.1080.1
X.1231 etc.
X.1243
Q.1741.7
X.1241
Q.1741.7
Y.2722
X.1124
Y.2722
Y.1910
Y.2702
Y.2701 etc.
H.235.7
Q.1741.7
X.1250 etc.
X.1121
Q.1741.7
Y.2012 etc.
Y.2012
X.740 etc.
M.3410 etc.
6.38
3.2.10.
4.1(51)
4
3.2.2
4
3.102
3.103
4
4
(2010-04)
(2008-05)
(2008-09)
(1995-11)
(2011-02)
(2011-02)
(2011-11)
(2007-02)
(2008-08)
(2010-12)
(2010-05)
(1988-11)
(2004-05)
(2001-01)
(2007-11)
(2005-11)
(2005-11)
(2011-10)
(2008-04)
(2010-12)
(2011-11)
(2008-04)
(2011-11)
(2011-01)
(2007-11)
(2011-01)
(2008-09
(2008-09)
(2007-04)
(2005-09)
(2011-11)
(2009-09)
(2004-04)
(2011-11)
(2010-04)
(2010-04)
(1992-09)
(2008-08)
T&D-DB_NN
X.1500
X.780 etc.
X.805 etc.
Q.1741.7
Q.1741.7
Y.2012
X.1192
M.3410 etc.
X.Sup11
X.805 etc.
M.3410 etc.
X.1142 etc.
Y.2012
X.1250 etc.
Y.2012 etc.
Table I.2
3.111
3.112
4
4
4
4
4
(2011-04)
(2001-08)
(2003-10)
(2011-11)
(2011-11)
(2010-04)
(2011-05)
(2008-08)
(2011-09)
(2003-10)
(2008-08)
(2006-06)
(2010-04)
(2009-09)
(2010-04)
Y.1901
X.1244 etc.
X.1244 etc.
F.771
X.1521
K.87
X.660
X.1244
F.771 etc.
X.1083
X.780.2
X.Sup2
Y.2741
X.1051
M.3410
H.235.0
Y.2721
X.1080.1
M.3410 etc.
E.409
X.1124
Y.2722
Q.1741.7
X.1056 etc.
X.1052
X.1242
X.1207 etc.
X.1207
M.3410 etc.
X.1200 ser
X.1124
4
4
3.5.6
3.94
3.1.8
4
3.2.1
3.2.11.
(2009-01)
(2008-09)
(2008-09)
(2008-08)
(2011-04)
(2011-11)
(2007-11)
(2008-09)
(2008-08)
(2007-11)
(2007-03)
(2007-09)
(2011-01)
(2008-02)
(2008-08)
(2005-09)
(2010-09)
(2011-10)
(2008-08)
(2004-05)
(2007-11)
(2011-01)
(2011-11)
(2009-01)
(2011-05)
(2009-02)
(2008-04)
(2008-04)
(2008-08)
(2008-04)
(2007-11)
ISO/IEC TR 18044
T&D-DB_NN
T&D-DB_NN
J.170
E.107
X.1207
X.1055 etc.
X.408
Y.1901
Y.1910
3.2.16
(2005-11)
(2007-02)
(2008-04)
(2008-11)
(1988-11)
(2009-01)
(2008-09
T&D-DB_NN
X.1244
X.1080.1
X.780 etc.
X.781
H.235.0 etc.
X.1244 etc.
J.170
Y.1910
Y.2702
Q.1741.7
Y.2020
X.781
X.Sup6
3.108
4
(2008-09)
(2011-10)
(2001-01)
(2001-08)
(2005-09)
(2008-09)
(2005-11)
(2008-09
(2008-09)
(2011-11)
(2011-05)
(2001-08)
(2009-02)
X.780
X.1113
X.1521
H.530
H.235.4
H.235.4
X.1570
H.235.4
J.170 etc.
Y.2721
H.235.8
H.235.7
H.235.4
X.1193
4
5
App.I
(2001-01)
(2007-11)
(2011-04)
(2002-03)
(2005-09)
(2005-09)
(2011-09)
(2005-09)
(2005-11)
(2010-09)
(2005-09)
(2005-09)
(2005-09)
(2011-10)
T&D-DB_NN
T&D-DB_NN
T&D-DB_NN
T&D-DB_NN
H.235.6
X.1124
H.235.4
H.235.4
H.235.4
X.1124
(2005-09)
(2007-11)
(2005-09)
(2005-09)
(2005-09)
(2007-11)
T&D-DB_NN
T&D-DB_NN
T&D-DB_NN
T&D-DB_NN
X.1124
(2007-11)
T&D-DB_NN
H.248.77
X.1125
H.248.77
X.1125
Y.2018
Y.2012 etc.
X.1205 etc.
Y.2012 etc.
Y.2012 etc.
Y.2012
M.3016.1
Y.2701 etc.
X.Sup6
X.780.2
H.235.5 etc.
X.1243
M.3410
X.1142 etc.
H.235.2
X.408
X.780.2
M.3016.0
X.1101
4
4.1
4
4
4
(2010-09)
(2008-01)
(2010-09)
(2008-01)
(2009-09)
(2010-04)
(2008-04)
(2010-04)
(2010-04)
T&D-DB_NN
(2010-04)
(2005-04)
(2007-04)
(2009-02)
(2007-03)
(2005-09)
(2010-12)
(2008-08)
(2006-06)
(2005-09)
(1988-11)
(2007-03)
(2005-05)
(2010-05)
Y.2012
Q.1741.7
H.235.5
H.235.1 etc.
Y.2721 etc.
Q.1741.7
J.96
J.96
Y.2205 etc.
Y.2721
Y.2702
K.87
H.248.81
H.235.7
X.1101
X.Sup6
X.1114 etc.
X.1244 etc.
X.1083 etc.
H.235.0 etc.
H.235.7
X.1500 etc.
Q.1742.9
X.1101
X.740 etc.
4
3.123
3.122
4
4
Table I.2
3.23
(2010-04)
(2011-11)
(2005-09)
(2005-09)
(2010-09)
(2011-11)
(2002-07)
(2002-07)
(2011-05)
(2010-09)
(2008-09)
(2011-11)
(2011-05)
(2005-09)
(2010-05)
(2009-02)
(2008-11)
(2008-09)
(2007-11)
(2005-09)
(2005-09)
(2011-04)
(2011-11)
(2010-05)
(1992-09)
T&D-DB_NN
X.1124
J.96
X.1231
H.235.0
H.235.6
Q.1741.7
Y.1910
X.1193
Y.1910
H.235.0 etc.
X.741
X.744 etc.
X.1101
Q.814
J.170 etc.
X.1205 etc.
X.1193
Y.2205
X.1250
M.3410
H.235.7
Q.1741.7
M.3016.4
Q.1741.7
M.3410
X.1240
Q.1741.7
Q.1741.7
3.89
4
4
4
4
3.152
4
4
(2007-11)
(2002-07)
(2008-04)
(2005-09)
(2005-09)
(2011-11)
(2008-09
(2011-10)
(2008-09
(2005-09)
(1995-04)
(1996-10)
(2010-05)
(2000-02)
(2005-11)
(2008-04)
(2011-10)
(2011-05)
(2009-09)
(2008-08)
(2005-09)
(2011-11)
(2005-04)
(2011-11)
(2008-08)
(2008-04)
(2011-11)
(2011-11)
Q.1741.7
M.3016.0
X.780.2
H.235.9 etc.
J.170
Y.1910
Y.2012
J.170
X.408
J.170 etc.
X.1205
X.1034
X.744 etc.
X.741 etc.
H.235.7 etc.
Y.1901
H.235.5
X.1303 etc.
X.1250
Y.2014
Y.2760
Y.2760
X.1244 etc.
Y.2760
X.1244 etc.
X.1113
X.1034 etc.
H.235.8
X.1101
Y.1910
Y.2012 etc.
Y.2018
Y.2014 etc.
H.248.81
Y.2801
X.1101
X.1101
Y.2012 etc.
J.93
Q.1741.7
Y.2205
Y.2801
X.1240
X.1231 etc.
X.1124 etc.
Q.1741.7
M.3410
Y.2721
X.780 etc.
Y.2760
X.780.2
X.741 etc.
X.1101
3.135
4
4
4
4
3.2.3
4
4.4
4
4
4
4
4
4
4
3.2.5
3.89
(2011-11)
(2005-05)
(2007-03)
(2005-09)
(2005-11)
(2008-09
(2010-04)
(2005-11)
(1988-11)
(2005-11)
(2008-04)
(2011-02)
(1996-10)
(1995-04)
(2005-09)
(2009-01)
(2005-09)
(2007-09)
(2009-09)
(2010-03)
(2011-05)
(2011-05)
(2008-09)
(2011-05)
(2008-09)
(2007-11)
(2011-02)
(2005-09)
(2010-05)
(2008-09
(2010-04)
(2009-09)
(2010-03)
(2011-05)
(2006-11)
(2010-05)
(2010-05)
(2010-04)
(1998-03)
(2011-11)
(2011-05)
(2006-11)
(2008-04)
(2008-04)
(2007-11)
(2011-11)
(2008-08)
(2010-09)
(2001-01)
(2011-05)
(2007-03)
(1995-04)
(2010-05)
T&D-DB_NN
X.1192 etc.
Y.2701 etc.
Y.2014 etc.
X.1205 etc.
Y.2171
Y.2012
Y.2740 etc.
Y.2205
H.235.0 etc.
X.1101
Y.2012
Y.2012
X.741 etc.
Y.2012
Y.1910
H.530
Y.2701 etc.
M.3016.2
M.3016.1 etc.
Y.2702
X.1242 etc.
Y.2205
J.170
J.96
J.96
X.1231 etc.
Q.1741.7
Q.1742.9
X.Sup6
X.1250
Y.2740
Q.1741.7
Y.2721
Q.1741.7
X.1034
X.1123
J.1001
X.1125
X.1125
4
4
4
4
4
4
4
4
4.4
3.1.1
4
4
3.19
4
4
3.1.7
4
3.2.7.
3.2.8.
(2011-05)
(2007-04)
(2010-03)
(2008-04)
(2006-09)
(2010-04)
(2011-01)
(2011-05)
(2005-09)
(2010-05)
(2010-04)
(2010-04)
(1995-04)
(2010-04)
(2008-09
(2002-03)
(2007-04)
(2005-04)
(2005-04)
(2008-09)
(2009-02)
(2011-05)
(2005-11)
(2002-07)
(2002-07)
(2008-04)
(2011-11)
(2011-11)
(2009-02)
(2009-09)
(2011-01)
(2011-11)
(2010-09)
(2011-11)
(2011-02)
(2007-11)
(2012-01)
(2008-01)
(2008-01)
T&D-DB_NN
T&D-DB_NN
X.1570
Y.2801 etc.
M.1224.1
X.1240
J.170
X.Sup2 etc.
X.1245
X.1124
X.780.2
X.780.2
X.1083
X.Sup2 etc.
X.780.2
App.I
4
4.2.2.2
(2011-09)
(2006-11)
(2012-03)
(2008-04)
(2005-11)
(2007-09)
(2010-12)
(2007-11)
(2007-03)
(2007-03)
(2007-11)
(2007-09)
(2007-03)
ITU-R
X.1034
X.1205
X.1123
K.87
X.1192
H.248.81
X.400
4
3.2.8
4
(2011-02)
(2008-04)
(2007-11)
(2011-11)
(2011-05)
(2011-05)
(1999-06)
T&D-DB_NN
X.1125
X.1125
Y.2702 etc.
Y.2012 etc.
Y.2012 etc.
Y.2701 etc.
Y.2702 etc.
X.1101
X.1192
Y.2702 etc.
Y.2701 etc.
Y.2001 etc.
X.1141
X.1034 etc.
Q.1741.7
Y.2701 etc.
Y.2701 etc.
X.780.2
Y.1901
J.170
X.1521
X.1031
X.1245
X.1244
X.780 etc.
M.3016.1 etc.
K.87
M.3016.0
M.3410
X.780.2
Y.2001 etc.
Y.2020
X.530
X.1031
X.1205
Y.2205
X.1171
Y.2012 etc.
Y.2012 etc.
X.780.2
M.3410 etc.
Y.2760
M.3410 etc.
Y.2701 etc.
X.1123
Y.2205
3.2.9.
4
4
10.3.48
4
4
3.1
4
4
3.2.5
4
4
3.2.10
4
(2008-01)
(2008-01)
(2008-09)
(2010-04)
(2010-04)
(2007-04)
(2008-09)
(2010-05)
(2011-05)
(2008-09)
(2007-04)
(2004-12)
(2006-06)
(2011-02)
(2011-11)
(2007-04)
(2007-04)
(2007-03)
(2009-01)
(2005-11)
(2011-04)
(2008-03)
(2010-12)
(2008-09)
(2001-01)
(2005-04)
(2011-11)
(2005-05)
(2008-08)
(2007-03)
(2004-12)
(2011-05)
(2008-11)
(2008-03)
(2008-04)
(2011-05)
(2009-02)
(2010-04)
(2010-04)
(2007-03)
(2001-01)
(2011-05)
(2008-08)
(2007-04)
(2007-11)
(2011-05)
M.3410 etc.
Y.2703
Q.1741.7
Y.2012
X.1171
Y.1901
3.186
4
3.2.6
3.2.22
(2008-08)
(2009-01)
(2011-11)
(2010-04)
(2009-02)
(2009-01)
T&D-DB_NN
X.780.2
X.500 etc.
Q.1741.7
Y.2012
Y.2012
X.1123
X.530
Y.2801
Q.1741.7
M.3410 etc.
M.3016.3
X.780.2
X.1521
X.780.2
X.780.2
Y.2703
Y.2721
X.Sup3
X.1205 etc
X.780 etc.
M.3410 etc.
Y.2701 etc.
Y.1901
M.3016.1
Y.2012
X.780.2
M.3410 etc.
X.703
X.902 etc.
Y.2205
X.1244 etc.
X.1252
M.3016.1
X.1191 etc.
H.235.0 etc.
X.841 etc.
X.1141 etc.
J.170
X.1500.1 etc.
H.235.6 etc.
Y.2205
Y.2205
X.780 etc.
Y.2205
Y.2704
X.Sup6
X.Sup6
3.172
4
4
4
3.162
4
4
4
4
3.5
4
4
4
4
(2007-03)
(2008-11)
(2011-11)
(2010-04)
(2010-04)
(2007-11)
(2008-11)
(2006-11)
(2011-11)
(2008-08)
(2005-04)
(2007-03)
(2011-04)
(2007-03)
(2007-03)
(2009-01)
(2010-09)
(2008-04)
(2008-04)
(2001-01)
(2008-08)
(2007-04)
(2009-01)
(2005-04)
(2010-04)
(2007-03)
(2008-08)
(1997-10)
(1995-11)
(2011-05)
(2008-09)
(2010-04)
(2005-04)
(2009-02)
(2005-09)
(2000-10)
(2006-06)
(2005-11)
(2012-03)
(2005-09)
(2011-05)
(2011-05)
(2001-01)
(2011-05)
(2010-01)
(2009-02)
(2009-02)
X.780 etc.
X.1200 ser
X.780.2 etc.
Y.2001
Y.2012 etc.
Y.2221 etc.
M.3016.0
M.3016.0 etc.
X.680 etc.
M.3410
X.1153
M.3016.1 etc.
M.3410
J.170
X.1570
Y.2205
X.1153 etc.
X.1090
X.1090
X.1500 etc.
X.1191
X.Sup11
X.1161 etc.
Y.3001 etc.
X.1143
Y.2014
X.1570
Y.2014
X.741
X.1141
Y.2740
Y.2704
X.1035
Y.2014
X.1141
3.6.50
App.I
4
3.1.4
4
4
Table I.1
4
4
4
App.I
4
(2001-08)
(2008-04)
(2007-03)
(2004-12)
(2010-04)
(2010-01)
(2005-05)
(2005-05)
(2008-11)
(2008-08)
(2011-02)
(2005-04)
(2008-08)
(2005-11)
(2011-09)
(2011-05)
(2011-02)
(2011-05)
(2011-05)
(2011-04)
(2009-02)
(2011-09)
(2008-05)
(2011-05)
(2007-11)
(2010-03)
(2011-09)
(2010-03)
(1995-04)
(2006-06)
(2011-01)
(2010-01)
(2007-02
(2010-03)
(2006-06)
T&D-DB_NN
X.1142
X.1245
X.1036
X.1112 etc.
Y.2205
Y.2740
X.1036
X.1036
X.743
Y.2702 etc.
Y.2701 etc.
X.1121 etc.
X.1191 etc.
X.1057
X.1520 etc.
Y.2012 etc.
Y.2012
X.1125
4
4
4
4
(2006-06)
(2010-12)
(2007-02)
(2007-11)
(2011-05)
(2011-01)
(2007-02)
(2007-02)
(1998-06)
(2008-09)
(2007-04)
(2004-04)
(2009-02)
(2011-05)
(2011-04)
(2010-04)
(2010-04)
(2008-01)
Q.1741.7
X.1125 etc.
X.509 etc.
Y.1901
X.780 etc.
X.1205
Y.2012 etc.
X.509 etc.
X.1083
Y.1901
Y.2702
Y.2205
X.408
X.1034 etc.
X.1205 etc.
Y.2205 etc.
X.1311 etc.
Y.2014
X.1275
X.1036
X.832 etc.
J.96
X.1124
X.1252 etc.
X.1101 etc.
M.3410 etc.
X.1142
X.834 etc.
X.1193
X.1112 etc.
X.1089
X.1151
J.170 etc.
H.235.2
X.509
X.843
H.235.7
X.509
4
3.4.38
4
4
3.4.39
4
4
3.1.12
4
4
6.46
3.2.30.
4
3.11
3.4.49
(2011-11)
(2008-01)
(2008-11)
(2009-01)
(2001-01)
(2008-04)
(2010-04)
(2008-11)
(2007-11)
(2009-01)
(2008-09)
(2011-05)
(1988-11)
(2011-02)
(2008-04)
(2011-05)
(2011-02)
(2010-03)
(2010-12)
(2007-02)
(1995-04)
(2002-07)
(2007-11)
(2010-04)
(2010-05)
(2008-08)
(2006-06)
(1996-10)
(2011-10)
(2007-11)
(2008-05)
(2007-11)
(2005-11)
(2005-09)
(2008-11)
(2000-10)
(2005-09)
(2008-11)
T&D-DB_NN
X.1205
X.408
Q.1741.7 etc.
Q.1741.7
X.408
X.780.2
X.509
Y.2018 etc.
X.1193
X.1034
X.780.2
J.96
X.780.1
X.1206
X.1520 etc.
3.215
3.216
3.4.44
4.4
3.2.10
3.1.9
(2008-04)
(1988-11)
(2011-11)
(2011-11)
(1988-11)
(2007-03)
(2008-11)
(2009-09)
(2011-10)
(2011-02)
(2007-03)
(2002-07)
(2001-08)
(2008-04)
(2011-04)
IETF RFC 5213
E.409
M.3410 etc.
X.1142 etc.
X.1243
X.1241
X.744
Y.2701 etc.
Y.2721
M.3016.4
X.1084
Y.2702
J.93
X.1205 etc.
Y.2012
X.1142
X.1081
X.1192
X.1171
Y.1901
X.500 etc.
H.235.0 etc.
H.235.7
X.780.2
Y.2721 etc.
Y.2205
X.843
X.1193
Y.2702
X.1124
X.805 etc.
X.1034
M.1224.1
X.1125
Y.140.1
Y.140.1
M.3010
X.780.2
X.1240
X.790
M.3410
F.852
X.1089 etc.
X.805
Y.1901 etc.
X.1035
H.530
H.235.0
Y.1910
Y.2720 etc.
Q.1741.7 etc.
Y.1901
H.530
X.1057
X.660 etc.
4
3.2.29.
4
4
4
3.9
3.2.11
3.1.10
4.2.2
3.24
3.22
3.2.11.
3.2.25
5
3.219
4
5
4
3.5.17
(2004-05)
(2008-08)
(2006-06)
(2010-12)
(2008-04)
(1996-10)
(2007-04)
(2010-09)
(2005-04)
(2008-05)
(2008-09)
(1998-03)
(2008-04)
(2010-04)
(2006-06)
(2004-04)
(2011-05)
(2009-02)
(2009-01)
(2008-11)
(2005-09)
(2005-09)
(2007-03)
(2010-09)
(2011-05)
(2000-10)
(2011-10)
(2008-09)
(2007-11)
(2003-10)
(2011-02)
(2012-03)
(2008-01)
(2004-03)
(2004-03)
(2000-02)
(2007-03)
(2008-04)
(1995-11)
(2008-08)
(2000-03)
(2008-05)
(2003-10)
(2009-01)
(2007-02
(2002-03)
(2005-09)
(2008-09
(2009-01)
(2011-11)
(2009-01)
(2002-03)
(2011-05)
(2011-07)
ITU-R
X.1243
Y.2703
Y.2018
Y.2702 etc.
Y.2721 etc.
Y.2701 etc.
M.3410 etc.
Y.2701 etc.
H.235.7
H.235.7
H.235.1 etc.
H.235.0 etc.
X.1057
X.1245
X.1245
X.1142 etc.
M.3410
X.1245
X.1241
X.Sup11
X.1243
X.1521
H.235.6
X.780.2
H.235.5
X.1570
X.525 etc.
T.86
X.1191
X.743 etc.
M.3016.4
X.1124
X.1101
4.3
4
3.2.5
3.2.35.
3.2.7
4
4
3.1.7
3.2.10
(2010-12)
(2009-01)
(2009-09)
(2008-09)
(2010-09)
(2007-04)
(2008-08)
(2007-04)
(2005-09)
(2005-09)
(2005-09)
(2005-09)
(2011-05)
(2010-12)
(2010-12)
(2006-06)
(2008-08)
(2010-12)
(2008-04)
(2011-09)
(2010-12)
(2011-04)
(2005-09)
(2007-03)
(2005-09)
(2011-09)
(2008-11)
(1998-06)
(2009-02)
(1992-09)
(2005-04)
(2007-11)
(2010-05)
T&D-DB_NN
X.1171 etc.
Y.2012
M.3016.1 etc.
Q.1742.9
X.520 etc.
X.1250
Y.2721
X.1311
Y.1901
X.1243
X.1500
H.530
X.1570
J.170
X.1521
Q.1741.7
X.408
Q.1741.7
Q.1741.7
X.1101
4
3.39
4
Table I.6
5
4
4.1(77)
4
4
4
4
(2009-02)
(2010-04)
(2005-04)
(2011-11)
(2008-11)
(2009-09)
(2010-09)
(2011-02)
(2009-01)
(2010-12)
(2011-04)
(2002-03)
(2011-09)
(2005-11)
(2011-04)
(2011-11)
(1988-11)
(2011-11)
(2011-11)
(2010-05)
X.1101
X.904 etc.
H.235.7
X.1101
Q.1741.7
Q.1741.7
M.1224.1
X.509
H.248.77
H.235.6 etc.
X.1055
X.780.2
X.509
J.380.7
Y.2205 etc.
Y.2702
Q.1741.7
X.1142
Q.1741.7
H.235.5
Y.2760 etc.
H.235.5 etc.
X.1205
H.235.6
H.235.0 etc.
H.235.2
X.1112
X.1142 etc.
J.93
X.1122
X.740 etc.
J.170 etc.
Y.2205
X.1113
J.170
H.235.6
H.235.0 etc.
H.248.77
J.170
E.107
H.235.1 etc.
H.235.8 etc.
X.1193
Y.2701 etc.
X.1245
M.3410
X.780.2
3.228
4
4.2.2
4
3.2.2
3.4.50
3.2.7
4
3.245
3.2.37.
4
4
(2010-05)
(1997-12)
(2005-09)
(2010-05)
(2011-11)
(2011-11)
(2012-03)
(2008-11)
(2010-09)
(2005-09)
(2008-11)
(2007-03)
(2008-11)
(2011-11)
(2011-05)
(2008-09)
(2011-11)
(2006-06)
(2011-11)
(2005-09)
(2011-05)
(2005-09)
(2008-04)
(2005-09)
(2005-09)
(2005-09)
(2007-11)
(2006-06)
(1998-03)
(2004-04)
(1992-09)
(2005-11)
(2011-05)
(2007-11)
(2005-11)
(2005-09)
(2005-09)
(2010-09)
(2005-11)
(2007-02)
(2005-09)
(2005-09)
(2011-10)
(2007-04)
(2010-12)
(2008-08)
(2007-03)
ITU-R
T&D-DB_NN
M.3410
X.802
X.780.2
H.235.7
X.1243
X.1153
3.4.3
(2008-08)
(1995-04)
(2007-03)
(2005-09)
(2010-12)
(2011-02)
Y.2701 etc.
X.1570
Y.2012 etc.
App.I
4
(2007-04)
(2011-09)
(2010-04)
T&D-DB_NN
T&D-DB_NN
J.122
X.1113
X.1113
X.1303 etc.
Y.2702 etc.
X.1112
Q.1221
Y.2801
X.1124
X.1125
X.1245
3.2.121
I.3.3.1.3
4
3.2.15.
3.2.11.
(2007-12)
(2007-11)
(2007-11)
(2007-09)
(2008-09)
(2007-11)
(1997-09)
(2006-11)
(2007-11)
(2008-01)
(2010-12)
T&D-DB_NN
H.235.0
X.1245
X.1245
X.1241 etc.
X.1125
X.1125
H.235.7
Y.2702 etc.
Q.1741.7
X.1242
M.1224.1
M.3410
Y.2012
Y.1910
X.1125
X.1500 etc.
3.2.6
3.2.12.
3.68
4.2.2
4
3.2.13.
4
(2005-09)
(2010-12)
(2010-12)
(2008-04)
(2008-01)
(2008-01)
(2005-09)
(2008-09)
(2011-11)
(2009-02)
(2012-03)
(2008-08)
(2010-04)
(2008-09
(2008-01)
(2011-04)
ITU-R
T&D-DB_NN
T&D-DB_NN
X.803
Y.2172 etc.
Y.2012 etc.
X.273
X.1125
X.1125
X.1123
X.1193
X.1242
X.1171
Y.2020
X.780.2
X.1191 etc.
Y.2012
X.1191 etc.
X.1191 etc.
Y.2012
X.1191 etc.
Y.2020
3.8(6)
4
4
3.9.3
3.2.14.
4
3.2.19
4
4
4
(1994-07)
(2007-06)
(2010-04)
(1994-07)
(2008-01)
(2008-01)
(2007-11)
(2011-10)
(2009-02)
(2009-02)
(2011-05)
(2007-03)
(2009-02)
(2010-04)
(2009-02)
(2009-02)
(2010-04)
(2009-02)
(2011-05)
Y.2703 etc.
X.1152
X.1125
Y.2702
Y.2701 etc.
Y.1901
X.810
X.1125
Y.2020
Y.2012 etc.
X.904 etc.
H.248.81
Y.2001 etc.
J.170 etc.
X.525
Y.2020
M.3410 etc.
3.2.15.
4
3.3.21
4
4
4
(2009-01)
(2008-05)
(2008-01)
(2008-09)
(2007-04)
(2009-01)
(1995-11)
(2008-01)
(2011-05)
(2010-04)
(1997-12)
(2011-05)
(2004-12)
(2005-11)
(2008-11)
(2011-05)
(2008-08)
T&D-DB_NN
T&D-DB_NN
X.803 etc.
X.1192
3.8 (9)
4
(1994-07)
(2011-05)
T&D-DB_NN
X.832
H.235.6
(1995-04)
(2005-09)
M.3016.4
X.831 etc.
(2005-04)
(1995-04)
T&D-DB_NN
1.2, 6
T&D-DB_NN
T&D-DB_NN
H.235.9
J.170
X.1243
Y.2012
X.408
X.1125
X.1123
4.1(83)
4
(2005-09)
(2005-11)
(2010-12)
(2010-04)
(1988-11)
(2008-01)
(2007-11)
T&D-DB_NN
T&D-DB_NN
T&D-DB_NN
T&D-DB_NN
T&D-DB_NN
X.1112 etc.
H.235.0 etc.
H.235.7
X.1141 etc.
Q.815
Y.1910
X.1113
X.408
Y.1901
X.1081
X.810
M.1224.1
X.1090
3.7
4
3.3.22
4.2.2
4
(2007-11)
(2005-09)
(2005-09)
(2006-06)
(2000-02)
(2008-09
(2007-11)
(1988-11)
(2009-01)
(2004-04)
(1995-11)
(2012-03)
(2011-05)
ITU-R
Q.1741.7
Q.1741.7
Y.1901
X.1250 etc.
X.841
X.805 etc.
J.170
X.1112
H.235.7
Y.2701 etc.
X.1193
Y.2702
Y.2701 etc.
X.1123
Q.814 etc.
X.1101
X.1242
X.1242
X.1101
X.741
M.3410
X.740
X.742
J.93
X.1231 etc.
Y.2020
M.3410
M.3410
M.3410
X.790
X.1242
M.3410
X.1231 etc.
X.1242
X.805 etc.
Y.2721
X.780.2
X.1311
X.780.2 etc.
Y.2205
X.780.2
Y.2721
Y.2012 etc.
X.805 etc.
M.3016.3
H.530
X.780.2
X.780.2
Y.3001
X.509
X.1051
Y.2702 etc.
J.380.7
4
4
4
3.9, 5.3
3.2.14
3.1.3
4
3.2.14
3.2.6
3.1.4
6.2
4
3.4.59
3.2.8
(2011-11)
(2011-11)
(2009-01)
(2009-09)
(2000-10)
(2003-10)
(2005-11)
(2007-11)
(2005-09)
(2007-04)
(2011-10)
(2008-09)
(2007-04)
(2007-11)
(2000-02)
(2010-05)
(2009-02)
(2009-02)
(2010-05)
(1995-04)
(2008-08)
(1992-09)
(1995-04)
(1998-03)
(2008-04)
(2011-05)
(2008-08)
(2008-08)
(2008-08)
(1995-11)
(2009-02)
(2008-08)
(2008-04)
(2009-02)
(2003-10)
(2010-09)
(2007-03)
(2011-02)
(2007-03)
(2011-05)
(2007-03)
(2010-09)
(2010-04)
(2003-10)
(2005-04)
(2002-03)
(2007-03)
(2007-03)
(2011-05)
(2008-11)
(2008-02)
(2008-09)
(2011-11)
T&D-DB_NN
X.780.2
X.805
M.3410
X.509
H.235.7
Y.2801
X.1193 etc.
X.1141 etc.
X.408
3.4.55
4
4
3.2.59.
(2007-03)
(2003-10)
(2008-08)
(2008-11)
(2005-09)
(2006-11)
(2011-10)
(2006-06)
(1988-11)
T&D-DB_NN
X.1141
H.235.0
Y.140.1
Y.140.1 etc.
Y.140.1
M.3410
3.17
(2006-06)
(2005-09)
(2004-03)
(2004-03)
(2004-03)
(2008-08)
T&D-DB_NN
M.3410
Y.2020
H.235.5
(2008-08)
(2011-05)
(2005-09)
T&D-DB_NN
X.1240 etc.
Y.2801
(2008-04)
(2006-11)
T&D-DB_NN
X.Sup11
X.1244 etc.
X.1244 etc.
X.1141
X.1123
X.1192
M.3410
X.1244 etc.
Y.2703
X.1245
X.1245
Y.2020
Q.1741.7
Q.1741.7
H.248.77
X.1193 etc.
H.235.7 etc.
Y.2704
H.235.0
H.235.8
H.235.7
X.1242
X.1124
J.170
X.805 etc.
X.1101
Q.1221
4
3.2.12
3.2.13
3.2.11
I.4.3.4.3
(2011-09)
(2008-09)
(2008-09)
(2006-06)
(2007-11)
(2011-05)
(2008-08)
(2008-09)
(2009-01)
(2010-12)
(2010-12)
(2011-05)
(2011-11)
(2011-11)
(2010-09)
(2011-10)
(2005-09)
(2010-01)
(2005-09)
(2005-09)
(2005-09)
(2009-02)
(2007-11)
(2005-11)
(2003-10)
(2010-05)
(1997-09)
3.2.10
(2007-11)
(1999-03)
3.2.8
4
4
3.282
4
4
4.1(84)
T&D-DB_NN
X.1123
Q.1711
T&D-DB_NN
Y.2020
Y.2012 etc.
X.1242
X.1242
M.3410 etc.
X.1205
X.Sup9
X.1151 etc.
X.805
J.380.7
4
4
3.2.5
3.2.4
(2011-05)
(2010-04)
(2009-02)
(2009-02)
(2008-08)
(2008-04)
(2011-09)
(2007-11)
(2003-10)
(2011-11)
T&D-DB_NN
X.1205 etc.
Y.2722
X.803
Y.2702
H.235.8 etc.
H.235.7
6.9
3.8 (14)
(2008-04)
(2011-01)
(1994-07)
(2008-09)
(2005-09)
(2005-09)
T&D-DB_NN
X.1084
(2008-05)
T&D-DB_NN
X.1205
3.2.1
(2008-04)
T&D-DB_NN
X.1192 etc.
Y.2012
X.1191 etc.
4
4
(2011-05)
(2010-04)
(2009-02)
T&D-DB_NN
X.408
Q.1741.7
Y.2721 etc.
X.1125
X.1192
3.289
(1988-11)
(2011-11)
(2010-09)
(2008-01)
(2011-05)
T&D-DB_NN
X.408
J.96
Q.1742.9
H.235.7
X.1193
Y.2701 etc.
M.3410
X.1089
Q.1221
X.1089
X.780.2
X.1245
J.170
X.780.2
X.780.2
H.235.1 etc.
Y.2801
X.Sup11
X.1191 etc
X.1521
Y.1901 etc.
(1988-11)
(2002-07)
3.47
(2011-11)
(2005-09)
4
(2011-10)
(2007-04)
(2008-08)
3.2.15.
(2008-05)
I.3.3.2.1 (1997-09)
3.2.16.
(2008-05)
(2007-03)
(2010-12)
(2005-11)
(2007-03)
(2007-03)
(2005-09)
4
(2006-11)
7.5.1
(2011-09)
(2009-02)
4
(2011-04)
3.2.39
(2009-01)
J.170
Q.1741.7
E.107 etc.
H.248.77
M.3410
Y.2702
E.107 etc.
Y.2701 etc.
Y.2702
Y.2701 etc.
X.1034
K.87
X.1240
M.3016.0
Y.2018
Q.1741.7
Q.1741.7
Q.1741.7
X.780.2
M.3410 etc.
H.235.7
J.170 etc.
X.1090
Y.2014
X.1034
X.1034
X.1034
X.1205
M.3410
Q.1742.9
Y.2012 etc.
X.1500
Q.814 etc.
X.1205 etc.
4
4
4.3
3.313
3.314
3.314
4.1(89)
4
4
3.1.17
3.49
4
Table I.3
(2005-11)
(2011-11)
(2007-02)
(2010-09)
(2008-08)
(2008-09)
(2007-02)
(2007-04)
(2008-09)
(2007-04)
(2011-02)
(2011-11)
(2008-04)
(2005-05)
(2009-09)
(2011-11)
(2011-11)
(2011-11)
(2007-03)
(2008-08)
(2005-09)
(2005-11)
(2011-05)
(2010-03)
(2011-02)
(2011-02)
(2011-02)
(2008-04)
(2008-08)
(2011-11)
(2010-04)
(2011-04)
(2000-02)
(2008-04)
T&D-DB_NN
X.1124
(2007-11)
X.1124
M.1224.1
X.408
Y.2012
Y.2001
X.1082
Y.2701 etc.
M.3010 etc.
Y.2205
X.1125
H.530
X.1500
X.1032
X.780.2
X.902
X.1500
X.1500
(2007-11)
(2012-03)
(1988-11)
(2010-04)
(2004-12)
(2007-11)
(2007-04)
(2002-02)
(2011-05)
(2008-01)
(2002-03)
(2011-04)
(2010-12)
(2007-03)
(1995-11)
(2011-04)
(2011-04)
T&D-DB_NN
4.2.2
4
3.30
4
5
4
4
Table I.5
ITU-R
Y.2012 etc.
Y.2012 etc.
Y.2704
X.780.2
X.1081
Y.1901
X.842
H.235.0 etc.
X.1084
X.780.2
X.790
X.1207
M.3410
X.Sup3
Y.2760
X.1193
X.780
X.842 etc.
X.814
X.790
X.1245
X.408
Y.2703 etc.
Y.1901
K.87
X.780.2
X.780.2
Y.2701 etc.
Y.2702
Q.1221
Y.1901
X.1244
X.1123
X.1031
X.1143
H.235.0 etc.
Y.2702 etc.
X.780.2
X.1244
Y.1901
X.1031
X.1124 etc.
Q.1741.7
X.1124
X.1124
X.780 etc.
X.520
X.1122
J.96
X.1123
Y.1901
X.780 etc.
X.1124 etc.
Y.2205
4
4
(2010-04)
(2010-04)
(2010-01)
(2007-03)
(2004-04)
4
(2009-01)
7.1.1
(2000-10)
(2005-09)
(2008-05)
(2007-03)
(1995-11)
(2008-04)
(2008-08)
(2008-04)
4
(2011-05)
4
(2011-10)
(2001-01)
4
(2000-10)
E.1.3
(1995-11)
(1995-11)
(2010-12)
(1988-11)
(2009-01)
4
(2009-01)
4
(2011-11)
(2007-03)
(2007-03)
(2007-04)
(2008-09)
I.3.3.1.1 (1997-09)
4
(2009-01)
3.2.18
(2008-09)
(2007-11)
(2008-03)
(2007-11)
(2005-09)
(2008-09)
(2007-03)
3.2.19
(2008-09)
4
(2009-01)
(2008-03)
(2007-11)
3.317
(2011-11)
3.2.14.
(2007-11)
(2007-11)
(2001-01)
(2008-11)
(2004-04)
(2002-07)
(2007-11)
4
(2009-01)
(2001-01)
(2007-11)
4
(2011-05)
Y.2012
Y.2012
Y.2703 etc.
Y.2012 etc.
M.3410 etc.
4
4
6.2
(2010-04)
(2010-04)
(2009-01)
(2010-04)
(2008-08)
T&D-DB_NN
X.1113
X.1051 etc.
F.851 etc.
F.852
M.1224.1
X.1242
X.1303 etc.
Y.2704 etc.
X.520 etc.
Q.1741.7
X.Sup11
X.1123
X.1088 etc.
Y.2721
Y.2205
X.1125
X.1124 etc.
Y.2012
X.1242
Y.2221 etc.
Y.2012
H.235.1
X.780.1
X.743 etc.
X.1112
X.893
Q.1741.7
Q.1741.7
Q.1741.7
Q.1741.7
X.1141
X.1083 etc.
X.1124
H.235.7
X.1122
X.1231
X.1125
Q.1741.7
H.530
H.530
Y.1901
Y.2014
X.780.2
Y.2014
Y.2012 etc.
X.1034
K.87
K.87
1.3.10
6.2
4.2.2
3.327
3.2.8
4
3.2.6
4
3.7.5
4
4
4
4
3.2.24.
3.88
5
4.8
4
4
4
4
4
4
(2007-11)
(2008-02)
(1995-02)
(2000-03)
(2012-03)
(2009-02)
(2007-09)
(2010-01)
(2008-11)
(2011-11)
(2011-09)
(2007-11)
(2008-05)
(2010-09)
(2011-05)
(2008-01)
(2007-11)
(2010-04)
(2009-02)
(2010-01)
(2010-04)
(2005-09)
(2001-08)
(1998-06)
(2007-11)
(2007-05)
(2011-11)
(2011-11)
(2011-11)
(2011-11)
(2006-06)
(2007-11)
(2007-11)
(2005-09)
(2004-04)
(2008-04)
(2008-01)
(2011-11)
(2002-03)
(2002-03)
(2009-01)
(2010-03)
(2007-03)
(2010-03)
(2010-04)
(2011-02)
(2011-11)
(2011-11)
ITU-R
H.530
Y.2001
Y.1910
Y.2701 etc.
H.530
X.1231 etc.
X.1125
Y.1910 etc.
Y.1901 etc.
H.235.1 etc.
Y.2012 etc.
Y.2205
Y.2014
X.1205
X.1152 etc.
X.1205
Y.2012
X.1125
Y.1910
K.87
X.Sup11
X.Sup11
X.Sup11
X.408
H.530
X.893
Y.2012
Q.814 etc.
X.1057
Y.2701 etc.
X.1311 etc.
Y.2012
3.2.7
3.2.48
4
4
4
4
3.2.10
3.2.6
3.2.11
5
4
4
(2002-03)
(2004-12)
(2008-09
(2007-04)
(2002-03)
(2008-04)
(2008-01)
(2008-09)
(2009-01)
(2005-09)
(2010-04)
(2011-05)
(2010-03)
(2008-04)
(2008-05)
(2008-04)
(2010-04)
(2008-01)
(2008-09
(2011-11)
(2011-09)
(2011-09)
(2011-09)
(1988-11)
(2002-03)
(2007-05)
(2010-04)
(2000-02)
(2011-05)
(2007-04)
(2011-02)
(2010-04)
T&D-DB_NN
X.1205
F.771
X.1125 etc.
Y.2701 etc.
M.3410 etc.
X.1125 etc.
Q.1741.7
X.1195 etc.
Y.1901
Y.2221
X.1205
Y.2221 etc.
Y.2205
Y.2702 etc.
X.1143
J.380.7
M.3016.0
Y.2721 etc.
H.235.8
X.1311 etc.
Y.2722
3.338
4
3.2.10
(2008-04)
(2008-08)
(2008-01)
(2007-04)
(2008-08)
(2008-01)
(2011-11)
(2011-02)
(2009-01)
(2010-01)
(2008-04)
(2010-01)
(2011-05)
(2008-09)
(2007-11)
(2011-11)
(2005-05)
(2010-09)
(2005-09)
(2011-02)
(2011-01)
H.530
X.1143 etc.
H.235.0
X.1143 etc.
T.180
X.1500 etc.
Y.1901
Y.2205
Y.2704 etc.
Y.2721
X.1143
X.1251 etc.
Y.1901
M.3016.1 etc.
H.235.0 etc.
X.1142
X.1124
X.1303 etc.
X.1142 etc.
H.530
H.530
H.235.7
H.530
H.530
Summary
Table I.1
4
4
5
5
5
5
(2002-03)
(2007-11)
(2005-09)
(2007-11)
(1998-06)
(2011-04)
(2009-01)
(2011-05)
(2010-01)
(2010-09)
(2007-11)
(2009-09)
(2009-01)
(2005-04)
(2005-09)
(2006-06)
(2007-11)
(1995-04)
(2006-06)
(2002-03)
(2002-03)
(2005-09)
(2002-03)
(2002-03)
Rec.#
Date
Temporary #
E.106
E.107
E.408
E.409
F.400/ X.400
F.440
F.744
F.771
F.851
G.780/ Y.1351
G.808.1
G.827
G.841
G.842
G.870/ Y.1352
G.873.1
G.873.2
G.911
G.8001/ Y.1354
G.8031/ Y.1342
G.8032/ Y.1344
G.8081/ Y.1353
G.8101/ Y.1355
G.8131/ Y.1382
G.Sup51
H.225.0
H.233
H.234
H.235.0
H.235.1
H.235.2
H.235.3
H.235.4
H.235.5
H.235.6
H.235.7
H.235.8
H.235.9
H.245
H.248.77
H.248.81
H.320
H.323
H.350
H.350.1
H.350.2
H.350.3
H.350.4
H.350.5
H.350.6
(2003-10)
(2007-02)
(2004-05)
(2004-05)
(1999-06)
(1992-08)
(2009-12)
(2008-08)
(1995-02)
(2010-07)
(2010-02)
(2003-09)
(1998-10)
(1997-04)
(2012-02)
(2011-07)
(2012-04)
(1997-04)
(2012-06)
(2011-06)
(2012-02)
(2012-02)
(2010-07)
(2007-02)
(2012-05)
(2009-12)
(2002-11)
(2002-11)
(2005-09)
(2005-09)
(2005-09)
(2005-09)
(2005-09)
(2005-09)
(2009-03)
(2005-09)
(2005-09)
(2005-09)
(2011-05)
(2010-09)
(2011-05)
(2004-03)
(2009-12)
(2011-05)
(2011-05)
(2011-05)
(2011-05)
(2011-05)
(2011-05)
(2011-05)
E.ieps
E.ETS
F.USN-MW
G.gps.1
I.35x
G.SHR-1
G.SHR-2
G.termOTN, G.vocotn
G.otnprot.1
G.otnprot.2
G.vcoeth
Y.17ethps
G.termASON
H.248.SRTP
H.248.ETS
H.350.7
H.460.17
H.460.18
H.460.19
H.460.22
H.510
H.530
H.621
H.Imp235
H.Sup 9
J.89
J.91
J.93
J.95
J.96
J.112
J.125
J.160
J.170
J.190
J.191
J.197
J.222.3
J.360
J.366.7
J.366.8
J.366.9
J.1001
K.87
L.20
M.3010
M.3016.0
M.3016.1
M.3016.2
M.3016.3
M.3016.4
M.3020
M.3208.2
M.3210.1
M.3320
M.3350
M.3400
M.3410
Q.293
Q.761
Q.762
Q.763
Q.764
Q.767
Q.813
Q.814
Q.815
Q.816
Q.816.1
(2007-01)
(2005-09)
(2005-09)
(2005-09)
(2007-01)
(2002-03)
(2002-03)
(2008-08)
(2005-08)
(2008-05)
(1999-09)
(1994-08)
(1998-03)
(1999-09)
(2002-07)
(1998-03)
(2007-12)
(2005-11)
(2005-11)
(2007-07)
(2004-03)
(2005-11)
(2007-11)
(2006-11)
(2010-08)
(2006-11)
(2006-11)
(2012-01)
(2011-11)
(1996-10)
(2000-02)
(2005-05)
(2005-04)
(2005-04)
(2005-04)
(2005-04)
(2011-07)
(1999-03)
(2001-01)
(1997-04)
(2004-05)
(2000-02)
(2008-08)
(1988-11)
(1999-12)
(1999-12)
(1999-12)
(1999-12)
(1991-02)
(1998-06)
(2000-02)
(2000-02)
(2001-01)
(2001-08)
J.mpp
J.ca
J.cp
J.encryp
J.isc
J.bpi
J.arch
J.sec
J.hna
J.drm
J.ss
J.ims.7
J.ims.8
J.ims.9
J.rcas-req
K.sec
L.fsc
M.ets
Q.816.2
Q.817
Q.834.3
Q.834.4
Q.1531
Q.1701
Q.1702
Q.1703
Q.1706/ Y.2801
Q.1741.1
Q.1741.2
Q.1741.3
Q.1741.4
Q.1741.5
Q.1741.6
Q.1741.7
Q.1742.1
Q.1742.2
Q.1742.3
Q.1742.4
Q.1742.5
Q.1742.6
Q.1742.7
Q.1742.8
Q.1742.9
Q.1902.1
Q.1902.2
(2007-03)
(2001-01)
(2001-11)
(2003-07)
(2000-06)
(1999-03)
(2002-06)
(2004-05)
(2006-11)
(2002-04)
(2002-12)
(2003-09)
(2005-10)
(2008-10)
(2009-10)
(2011-11)
(2002-12)
(2003-07)
(2004-01)
(2005-04)
(2006-09)
(2007-08)
(2008-10)
(2010-06)
(2011-11)
(2001-07)
(2001-07)
Q.1902.3
(2001-07)
Q.1902.4
Q.1950
Q.2630.3
Q.2761
Q.2762
(2001-07)
(2002-12)
(2003-10)
(1999-12)
(1999-12)
Q.2763
Q.2764
Q.2931
Q.3201
Q.3202.1
Q.Sup47
Q.Sup52
Q.Sup53
Q.Sup56
Q.Sup57
Q.Sup58
T.4
T.30
T.36
T.37
T.38
T.123 AxB
T.180
(1999-12)
(1999-12)
(1995-02)
(2007-10)
(2008-05)
(2003-11)
(2004-12)
(2005-09)
(2007-04)
(2008-01)
(2008-01)
(07/2003)
(2005-09)
(1997-07)
(1998-06)
(2010-09)
(2007-01)
(1998-06)
Q.FIN
Q.LTVN
Q.snfb
Rec.mmr
Q.REF-1
Q.REF-2
Q.CBC
Q.NGN-nacf.sec
Q.nacf.auth1
T.Ifax1
T.Ifax2
T.411
T.503
T.563
T.611
T.807
X.217
X.227
X.237
X.257
X.272
X.273
X.274
X.400/F.400
X.402
X.404
X.408
X.411
X.412
X.413
X.419
X.420
X.421
X.435
X.440
X.500
X.501
X.509
X.511
X.518
X.519
X.520
X.521
X.525
X.530
X.680
X.681
X.682
X.683
X.690
X.691
X.692
X.693
X.694
X.695
X.711
X.733
X.734
X.735
X.736
X.737
X.738
X.739
X.740
X.741
(1993-03)
(2000-02)
(1996-10)
(1994-11)
(2006-05)
(1995-04)
(1995-04)
(1995-04)
(1995-04)
(2000-03)
(1994-07)
(1994-07)
(1999-06)
(1999-06)
(1999-06)
(1988-11)
(1999-06)
(1999-06)
(1999-06)
(1999-06)
(1999-06)
(1999-06)
(1999-06)
(1999-06)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(2008-11)
(1997-10)
(1992-02)
(1992-09)
(1992-09)
(1992-01)
(1995-11)
(1993-11)
(1993-11)
(1992-09)
(1995-04)
X.742
X.743
X.744
X.780
X.780.1
X.780.2
X.781
X.790
X.800
X.802
X.803
X.805
X.810
X.811
X.812
X.813
X.814
X.815
X.816
X.830
X.831
X.832
X.833
X.834
X.835
X.841
X.842
X.843
X.893
X.901
X.902
X.903
X.904
X.910
X.1031
X.1032
X.1034
X.1035
X.1036
X.1051
X.1052
X.1055
X.1056
X.1057
X.1080.1
X.1081
X.1082
X.1083
X.1084
X.1086
X.1088
X.1089
X.1090
X.1091
(1995-04)
(1998-06)
(1996-10)
(2001-01)
(2001-08)
(2007-03)
(2001-08)
(1995-11)
(1991-03)
(1995-04)
(1994-07)
(2003-10)
(1995-11)
(1995-04)
(1995-11)
(1996-10)
(1995-11)
(1995-11)
(1995-11)
(1995-04)
(1995-04)
(1995-04)
(1995-04)
(1996-10)
(1996-10)
(2000-10)
(2000-10)
(2000-10)
(2007-05)
(1997-08)
(2009-10)
(2009-10)
(1997-12)
(1998-09)
(2008-03)
(2010-12)
(2011-02)
(2007-02)
(2007-11)
(2008-02)
(2011-05)
(2008-11)
(2009-01)
(2011-05)
(2011-10)
(2011-10)
(2007-11)
(2007-11)
(2008-05)
(2008-11)
(2008-05)
(2008-05)
(2011-05)
(2012-04)
X.sio
X.ttp1
X.ttp2
X.905
X.805+
X.interfaces
X.akm revised
X.pak
X.spn
X.ism
X.ismf
X.rmg
X.sim
X.amg
X.th1
X.tb
X.physiol
X.bip
X.tsm-1
X.tpp-1
X.tdk
X.tai
X.ott
X.gep
X.1101
X.1111
X.1112
X.1113
X.1114
X.1121
X.1122
X.1123
X.1124
X.1125
X.1141
X.1142
X.1143
X.1151
X.1152
X.1153
X.1161
X.1162
X.1171
X.1191
X.1192
X.1193
X.1195
X.1197
X.1205
X.1206
X.1207
X.1209
X.1231
X.1240
X.1241
X.1242
X.1243
X.1244
X.1245
X.1250
X.1251
X.1252
X.1253
X.1275
X.1303
X.1311
X.1312
X.1500
X.1500.1
X.1520
X.1521
X.1524
X.1570
X.Sup2
X.Sup3
X.Sup6
X.Sup7
X.Sup8
(2010-05)
(2007-02)
(2007-11)
(2007-11)
(2008-11)
(2004-04)
(2004-04)
(2007-11)
(2007-11)
(2008-01)
(2006-06)
(2006-06)
(2007-11)
(2007-11)
(2008-05)
(2011-02)
(2008-05)
(2008-05)
(2009-02)
(2009-02)
(2011-05)
(2011-10)
(2011-02)
(2012-04)
(2008-04)
(2008-04)
(2008-04)
(2010-12)
(2008-04)
(2008-04)
(2008-04)
(2009-02)
(2010-12)
(2008-09)
(2010-12)
(2009-09)
(2009-09)
(2010-04)
(2011-09)
(2010-12)
(2007-09)
(2011-02)
(2011-02)
(2011-04)
(2012-03)
(2011-04)
(2011-04)
(2012-03)
(2011-09)
(2007-09)
(2008-04)
(2009-02)
(2009-02)
(2010-12)
X.mcsec-1
X.homesec-1
X.homesec-2
X.homesec-3
X.homesec-4
X.msec-1
X.msec-2
X.msec-3
X.msec-4
X.crs
X.websec-1
X.websec-2
X.websec-3
X.sap-1
X.sap-2
X.sap-3
X.p2p-1
X.p2p-2
X.nidsec-1
X.iptvsec-1
X.iptvsec-2
X.iptvsec-3
X.iptvsec-5
X.iptvsec-7
X.cso
X.vds
X.sds
X.sisfreq
X.csreq
X.gcs
X.fcs
X.ssf
X.tcs-1
X.ocsip
X.fcsip
X.idmreq
X.idif
X.idmdef
X.idmsg
X.rfpg
X.cap
X.usnsec-1
X.usnsec-2
X.cybex
X.cybex.1
X.cve
X.cvss
X.cwe
X.cybex-disc
X.Sup9
X.Sup10
X.Sup11
X.Sup12
Y.140.1
Y.1271
Y.1342/ G.8031
Y.1344/ G.1344
Y.1351/ G.780
Y.1352/ G.870
Y.1353/ G.8081
Y.1354/ G.8001
Y.1355/ G.8101
Y.1382/ G.8131
Y.1720
Y.1901
Y.1910
Y.2001
Y.2012
Y.2014
Y.2016
Y.2018
Y.2020
Y.2091
Y.2171
Y.2172
Y.2201
Y.2205
Y.2213
Y.2221
Y.2701
Y.2702
Y.2703
Y.2704
Y.2720
Y.2721
Y.2722
Y.2740
Y.2741
Y.2760
Y.2801/ Q.1706
Y.3001
(2011-09)
(2011-09)
(2011-09)
(2012-03)
(2004-03)
(2004-10)
(2006-06)
(2008-06)
(2010-07)
(2012-02)
(2012-02)
(2012-06)
(2012-02)
(2007-02)
(2006-12)
(2009-01)
(2008-09)
(2004-12)
(2010-04)
(2010-03)
(2009-08)
(2009-09)
(2011-05)
(2011-03)
(2006-09)
(2007-06)
(2009-09)
(2011-05)
(2008-09)
(2010-01)
(2007-04)
(2008-09)
(2009-01)
(2010-01)
(2009-01)
(2010-09)
(2011-01)
(2011-01)
(2011-01)
(2011-05)
(2006-11)
(2011-05)
X.1211; X.tb-ucc
X.1246; X.tcs-2
X.oacms
Y.poif
Y.roec
Y.17ethps
G.termOTN, G.vocotn
G.termASON
G.vcoeth
G.termASON
Y.iptv-req
Y.iptvarch
Y.NGN-FRA
Y.NACF R1
Y.MMCF
Y.OSE-arch
Y.term
Y.CACPriority
Y.RestPriority
Y.NGN-ET-Tech
Y.idserv-reqts
Y.USN-reqts
Y.NGN Security
Y.NGN Authentication
Y.NGN AAA
Y.secMechanism
Y.NGNIdMframework
Y.NGN IDM Requirements
Y.NGN IDM Mechanisms
Y.NGN mobile financial requirments
Y.NGN mobile financial architecture
Y.mobSec
Rec.mmr
Y.FNvision
Title of Recommendations searched for security related definitions and abbreviations
International Emergency Preference Scheme (IEPS) for disaster relief operations

Emergency Telecommunications Service (ETS) and interconnection framework for national implementations of ETS
Telecommunication networks security requirements
Incident Organization and Security Incident Handling: Guidelines for Telecommunications Organizations
see X.400
Message Handling Services: The Voice Messaging (VM-) Service.
(Audiovisual services) Service description and requirements for ubiquitous sensor network middleware
Service description and requirements for multimedia information access triggered by tag-based identification
Universal Personal Telecommunication (UPT) - Service description (service set 1)
Terms and definitions for synchronous digital hierarchy (SDH) networks
Generic protection switching Linear trail and subnetwork protection
Availability performance parameters and objectives for end-to-end international constant bit-rate digital paths
Types and characteristics of SDH network protection architectures
Interworking of SDH network protection architectures
Terms and definitions for optical transport networks (OTN)
Optical Transport Network (OTN) Linear protection
ODUk Shared Ring Protection (SRP)
Parameters and calculation methodologies for reliability and availability of fiber optic systems
Terms and definitions for Ethernet frames over transport
Ethernet linear protection switching
Ethernet ring protection switching
Terms and definitions for automatically switched optical networks
Terms and definitions for MPLS transport profile
Linear protection switching for transport MPLS (T-MPLS) networks
Passive optical network (PON) protection considerations
Call signalling protocols and media stream packetization for packet-based multimedia communication systems
Confidentiality system for audiovisual services
Encryption key management and authentication system for audiovisual services
H.323 security: Framework for security in H-series (H.323 and other H.245-based) multimedia systems
H.323 security: Baseline security profile
H.323 security: Signature security profile
H.323 security: Hybrid security profile
H.323 security: Direct and selective routed call security
H.323 security: Framework for secure authentication in RAS using weak shared secrets
H.323 security: Voice encryption profile with native H.235/H.245 key management
H.323 security: Usage of the MIKEY key management protocol for the Secure Real Time Transport Protocol (SRTP) within
H.323 security: Key exchange for SRTP using secure signalling channels
H.323 security: security gateway support for H.323
Control protocol for multimedia communication
Gateway Control Protocol: Secure real-time transport protocol (SRTP) package and procedures
Gateway Control Protocol: Guidelines on the use of the International Emergency Preference Scheme (IEPS) Call Indicator
Narrow-band visual telephone systems and terminal equipment
Packet-based multimedia communications system
Directory services architecture for multimedia conferencing
Directory services architecture for H.323
Directory services architecture for SP
Directory services architecture for non-standard protocols
Directory services architecture for call forwarding and preferences
Directory services architecture for XMPP

Using H.225.0 call signalling connection as transport for H.323 RAS messages
Traversal of H.323 signalling across network address translators and firewalls
Traversal of H.323 media across network address translators and firewalls
Negotiation of security protocols to protect H.225.0 Call Signalling Messages
Mobility for H.323 multimedia systems and services
Security for H.510 in H.323 Multimedia Mobile Environments
Architecture of a system for multimedia information access triggered by tag-based identification
Implementors Guide for H.235 V3: "Security and encryption for H-series (H.323 and other H.245-based) multimedia termin
Gateway control protocol: Operation of H.248 with H.225, SIP, and ISUP in support of emergency telecommunications serv
Transport Mechanism for component-coded digital television signals using MPEG-2 4:2:2 P@ML including all service elem
Technical methods for ensuring privacy in long-distance international television transmission
Requirements for conditional access in the secondary delivery of digital television or cable television systems
Copy protection of intellectual property for content delivered on cable television systems
Technical Method for Ensuring Privacy in Long-Distance International MPEG-2 Television Transmission Conforming to Rec
Transmission systems for interactive cable television services
Link privacy for cable modem implementations
Architectural framework for the delivery of time-critical services over cable television networks using cable modems
IPCablecom security specification
Architecture of MediaHomeNet that supports cable-based services
IP feature package to enhance cable modems
High level requirements for a Digital Rights Management (DRM) bridge from a cable access network to a home network
Third-generation transmission systems for interactive cable television services - IP cable modems Security services
IPCablecom2 architecture framework
IPCablecom2 Access Security for IP-based Services
IPCablecom2 IP Multimedia Subsystem (IMS): Network domain security specification
IPCablecom2 IP Multimedia Subsystem (IMS): Generic authentication architecture specification (3GPP TS 33.220)
Requirements for conditional access client software remote renewable security system
Guide for the application of electromagnetic security requirements - Basic Recommendation
Creation of a fire security code for telecommunication facilities
Principles for a telecommunications management network
Security for the management plane: Overview
Security for the management plane: Security requirements
Security for the management plane: Security services
Security for the management plane: Security mechanisms
Security for the management plane: Profile proforma
Management interface specification methodology
TMN management services for dedicated and reconfigurable circuits network: Connection management of pre-provisioned
TMN management services for IMT-2000 security management (M.IMTSEC)
Management requirements framework for the TMN X interface
TMN service management requirements for information interchange across the TMN X-interface to support provisioning of
TMN management functions
Guidelines and Requirements for Security Management Systems to Support Telecommunications Management
Intervals at which security measures are to be invoked
Signalling System No. 7 ISDN User Part functional description with Amendments on the Support for the International Em
Signalling System No. 7 ISDN User Part general functions of messages and signals with Amendments on the Support fo
Signalling System No. 7 ISDN User Part formats and codes with Amendments on the Support for the International Eme
Signalling System No. 7 ISDN User Part signalling procedures with Amendments on the Support for the International Em
Application of the ISDN User Part of signalling system No. 7 for international ISDN interconnections -- Amendments on th
Security transformations application service element for remote operations service element (STASE-ROSE)
Specification of an electronic data interchange interactive.
Specification of a security module for whole message protection
CORBA-based TMN services
CORBA-based TMN services: Extensions to support coarse-grained interfaces
CORBA-based TMN services: Extensions to support service-oriented interfaces

TMN PKI Digital certificates and certificate revocation lists profiles
A UML description for management interface requirements for broadband Passive Optical Networks
A CORBA interface specification for Broadband Passive Optical Networks based on UML interface requirements
UPT security requirements for service Set 1
Framework for IMT-2000 networks
Long-term vision of network aspects for systems beyond IMT-2000
Service and network capabilities framework of network aspects for systems beyond IMT-2000
Mobility management requirements for NGN
IMT-2000 references to release 1999 of GSM evolved UMTS core network with UTRAN access network
IMT-2000 references to release 4 of GSM evolved UMTS core network with UTRAN access network
IMT-2000 references to release 5 of GSM evolved UMTS core network
IMT-2000 references to release 6 of GSM evolved UMTS core network
IMT-2000 references to Release 7 of GSM-evolved UMTS core network
IMT2000 references to Release 8 of GSM-evolved UMTS core network
IMT-2000 references to Release 9 of GSM-evolved UMTS core network
IMT-2000 references to ANSI-41 evolved core network with cdma2000 access network
IMT-2000 references (approved as of 11 July 2002) to ANSI-41 evolved core network with cdma2000 access network
IMT-2000 references (approved as of 30 June 2003) to ANSI-41 evolved core network with cdma2000 access network
IMT-2000 references (approved as of 30 June 2004) to ANSI-41 evolved core network with cdma2000 access network
IMT-2000 references (approved as of 31 December 2005) to ANSI-41 evolved core network with cdma2000 access networ
IMT-2000 references (approved as of 31 December 2006) to ANSI-41 evolved core network with cdma2000 access networ
IMT 2000 references (approved as of 30 June 2008) to ANSI-41 evolved core network with cdma2000 access network
IMT2000 references (approved as of 31 January 2010) to ANSI-41 evolved core network with cdma2000 access network
IMT2000 references (approved as of 31 December 2010) to ANSI-41 evolved core network with cdma2000 access networ
Bearer Independent Call Control protocol (Capability Set 2): Functional description with Amendments on the Support for th
Bearer Independent Call Control protocol (Capability Set 2) and Signalling System No.7 ISDN User Part: General functions
the International Emergency Preference Scheme
Bearer Independent Call Control protocol (Capability Set 2) and Signalling System No.7 ISDN User Part: Formats and cod
Preference Scheme
Bearer Independent Call Control protocol (Capability Set 2): Basic call procedures with Amendments on the Support for th
Bearer independent call bearer control protocol
AAL type 2 signalling protocol Capability Set 3
Functional description of the B-ISDN user part (B-ISUP) of signalling system No. 7 with Amendments on the Support for th
General functions of messages and signals of the B-ISDN User Part (B-ISUP) of Signalling System No. 7 with Amendment
Scheme
Signalling System No. 7 B-ISDN User Part (B-ISUP) Formats and codes with Amendments on the Support for the Intern
Signalling System No. 7 B-ISDN User Part (B-ISUP) Basic call procedures with Amendments on the Support for the Inte
Digital Subscriber Signalling System No. 2 User-Network Interface (UNI) layer 3 specification for basic call/connection co
EAP-based security signalling protocol architecture for network attachments
Authentication protocols based on EAP-AKA for interworking among 3GPP, WiMax, and WLAN in NGN
Emergency services for IMT-2000 networks - Requirements for harmonization and convergence
NNI mobility management requirements for systems beyond IMT-2000
Signalling requirements to support the International Emergency Preference Scheme (IEPS)
Organization of NGN service user data
Signalling requirements to support the emergency telecommunications service (ETS) in IP networks
Organization of NGN transport user data
Standardization of Group 3 facsimile terminals for document transmission
Procedures for document facsimile transmission in the GSTN
Security capabilities for use with Group 3 facsimile terminals
Procedures for the transfer of facsimile data via store-and-forward on the Internet
Procedures for real-time Group 3 facsimile communication over IP networks
Extended Transport Connections
Homogeneous access mechanism to communication services
Information technology Open Document Architecture (ODA) and interchange format: Introduction and general principles
A document application profile for the interchange of Group 4 facsimile documents
Terminal Characteristics for Group 4 facsimile apparatus
Programming Communication Interface (PCI) APPLI/COM for Facsimile Group 3, Facsimile Group 4, Teletex, Telex, E-mai
Information technology - JPEG 2000 image coding system: Secure JPEG 2000
Information technology - Open Systems Interconnection - Service definition for the Association Control Service Element
Information technology - Open Systems Interconnection - Connection-oriented protocol for the Association Control Service
Information technology Open Systems Interconnection - Connectionless protocol for the ACSE: Protocol specification
Information technology - Open Systems Interconnection - Connectionless protocol for the ACSE: PICS proforma
Data compression and privacy over frame relay networks
Information technology - Open Systems Interconnection - Network layer security protocol
Information technology - Telecommunications and information exchange between systems Transport layer security proto
Message handling system and service overview
Information technology - Message Handling Systems (MHS): Overall architecture
Information technology - Message Handling Systems (MHS): MHS Routing Guide for messaging system managers
Message handling systems: Encoded information type conversion rules
Information technology - Message Handling Systems (MHS): Message transfer system Abstract service definition and pr
Information technology - Message Handling System (MHS) MHS Routing
Information technology - Message Handling Systems (MHS): Message Store Abstract service definition
Information technology - Message Handling Systems (MHS): Protocol specifications
Information technology - Message Handling Systems (MHS): Interpersonal messaging system
Message handling systems: COMFAX use of MHS
Information technology - Message Handling Systems (MHS): Electronic data interchange messaging system
Message handling systems: Voice messaging system
Information technology - Open Systems Interconnection - The Directory: Overview of concepts, models and services
Information technology - Open Systems Interconnection - The Directory: Models
Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks (th
Information technology - Open Systems Interconnection - The Directory: Abstract service definition
Information technology - Open Systems Interconnection - The Directory: Procedures for distributed operation
Information technology - Open Systems Interconnection - The Directory: Protocol specifications
Information technology - Open Systems Interconnection - The Directory: Selected attribute types
Information technology - Open Systems Interconnection - The Directory: Selected object classes
Information technology - Open Systems Interconnection - The Directory: Replication
Information technology - Open Systems Interconnection - The Directory: Use of systems management for administration o
Information technology - OSI networking and system aspects Abstract Syntaxn Notation One (ASN.1): Specification of b
Information technology - OSI networking and system aspects Abstract Syntaxn Notation One (ASN.1): Information object
Information technology - Abstract Syntax Notation One (ASN.1): Constraint specification
Information technology - Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications
Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (
Information technology - ASN.1 encoding rules: Specification of Packed Encoding Rules (PER)
Information technology - ASN.1 encoding rules: Specification of Encoding Control Notation (ECN)
Information technology - ASN.1 encoding rules: XML encoding rules
Information technology - Open Systems Interconnection - Systems Management: Alarm reporting function
Information technology - Open Systems Interconnection - Systems Management: Log control function
Information technology - Open Systems Interconnection - Common management information protocol: Specification
Information technology - Open Systems Interconnection - Systems Management: Alarm reporting function
Information technology - Open Systems Interconnection - Systems Management: Event report management function
Information technology - Open Systems Interconnection - Systems Management: Log control function
Information technology - Open Systems Interconnection - Systems Management: Security alarm reporting function
Information technology - Open Systems Interconnection - Systems Management: Confidence and diagnostic test categorie
Information technology - Open Systems Interconnection - Systems management: Summarization function
Information technology - Open Systems Interconnection - Systems Management: Metric objects and attributes
Information technology - Open Systems Interconnection - Systems Management: Security audit trail function
Information technology - Open Systems Interconnection - Systems Management: Objects and attributes for access contro
Information technology - Open Systems Interconnection - Systems management: Usage metering function for accounting p
Information technology - Open Systems Interconnection - Systems Management: Time Management Function
Information technology - Open Systems Interconnection - Systems Management: Software management function
TMN guidelines for defining CORBA managed objects
TMN guidelines for defining coarse grained CORBA managed object interfaces
TMN guidelines for defining service-oriented CORBA managed objects and faade objects
Requirements and guidelines for Implementation Conformance Statements proformas associated with CORBA-based syst
Trouble management function for ITU-T applications
Security architecture for Open Systems Interconnection for CCITT applications
Information technology - Lower layers security model
Information technology - Open Systems Interconnection - Upper layers security model
Security architecture for systems providing end-to-end communications
Information technology - Open Systems Interconnection - Security frameworks for open systems: Overview
Information technology - Open Systems Interconnection - Security frameworks for open systems: Authentication framewo
Information technology - Open Systems Interconnection - Security frameworks for open systems: Access control framewo
Information technology - Open Systems Interconnection - Security frameworks for open systems: Non-repudiation framew
Information technology - Open Systems Interconnection - Security frameworks for open systems: Confidentiality framewor
Information technology - Open Systems Interconnection - Security frameworks for open systems: Integrity framework
Information technology - Open Systems Interconnection - Security frameworks for open systems: Security Audit and Alarm
IInformation technology - Open Systems Interconnection - Generic upper layers security (GULS): Overview, models and n
Information technology - Open Systems Interconnection - GULS: Security Exchange Service Element (SESE) service def
Information technology - Open Systems Interconnection - GULS: Security Exchange Service Element (SESE) protocol spe
Information technology - Open Systems Interconnection - GULS: Protecting transfer syntax specification
Information technology - Open Systems Interconnection - GULS: Security Exchange Service Element (SESE) PICS profo
Information technology - Open Systems Interconnection - GULS: Protecting transfer syntax PICS proforma
Information technology - Security techniques Security Information Objects for access control
Information technology - Security techniques Guidelines for the use and management of Trusted Third Party services
Information technology - Security techniques Specification of TTP services to support the application of digital signatures
Fast infoset security
Information technology - Open distributed processing Reference Model: Overview
Information technology - Open distributed processing Reference Model: Foundations.
Information technology - Open distributed processing Reference Model: Architecture.
Information technology - Open distributed processing Reference Model: Architectural semantics.
Information technology Open Distributed Processing Naming framework
Security architecture aspects of end users and networks in telecommunications
Architecture of external interrelations for a telecommunication network security system
Guideline on extensible authentication protocol based authentication and key management in a data communication netwo
Password authenticated key exchange protocol (PAK)
Framework for creation, storage, distribution and enforcement of policies for network security
Information technology - Information security management guidelines for telecommunications based on ISO/IEC 27002
Information security management framework
Risk management and risk profile guidelines for telecommunication organizations
Security incident management guidelines for telecommunications organizations
Asset management guidelines in telecommunication organizations
e-Health and world-wide telemedicines - Generic telecommunication protocol
The telebiometric multimodal model (TMM) A framework for the specification of security and safety aspects of telebiomet
Telebiometrics related to human physiology
BioAPI interworking protocol
Telebiometrics system mechanism - Part 1: General biometric authentication protocol and system model profiles for teleco
Telebiometrics Protection Procedures - Part 1: A Guideline to Technical and Managerial Countermeasures for Biometric Da
Telebiometrics Digital Key Framework (TDK) - A Framework for Biometric Digital Key Generation and Protection
Telebiometrics Authentication Infrastructure (TAI)
Authentication framework with one-time telebiometric template
A guideline for evaluating telebiometric template protection techniques
Security requirements and framework for multicast communication

Framework of security technologies for home network
Device certificate profile for the home network
Guideline on user authentication mechanism for home network services
Authorization framework for home networks
Framework of security technologies for mobile end-to-end data communications
Guideline for implementing secure mobile systems based on PKI
Differentiated security service for secure mobile end-to-end data communication
Authentication architecture for mobile end-to-end communication
Correlative Reacting System in Mobile Data Communication
Security Assertion Markup Language (SAML 2.0)
eXtensible Access Control Markup Language (XACML)
Security Architecture for message security in mobile web services
Guideline on secure password-based authentication protocol with key exchange
Secure end-to-end data communication techniques using TTP services
A management framework of the one time password-based authentication service
Framework for secure peer-to-peer communications
Security architecture and operations for peer-to-peer network
Threats and requirements for protection of personally identifiable information in applications using tag-based identification
Functional requirements and architecture for IPTV security aspects
Functional requirements and mechanisms for the secure transcodable scheme of IPTV
Key management framework for secure internet protocol television (IPTV) services
(Secure applications and services IPTV security) Service and content protection (SCP) interoperability scheme
Guidelines on criteria for selecting cyptographic algorthms for IPTV service and content protection
Overview of Cybersecurity
A vendor-neutral framework for automatic notification of security related information and dissemination of updates
Guidelines for telecommunication service providers for addressing the risk of spyware and potentially unwanted software
Capabilities and their context scenarios for cybersecurity information sharing and exchange
Technical strategies on countering spam
Guideline on countering email spam
Technical framework for countering email spam
Short message service (SMS) spam filtering system based on user-specified rules
(Cyberspace security Countering spam) Interactive gateway system for countering spam
Overall aspects of IP multimedia application spam
Framework for countering IP-based multimedia spam
Baseline capabilities for enhanced global identity management trust and interoperability
A framework for user control of digital identity
Baseline identity management terms and definitions
Security guidelines for identity management systems
Guidelines on protection of PII in the application of RFID technology
Common alerting protocol
(Secure applications and services Ubiquitous sensor network security) Security framework for ubiquitous sensor network
(Secure applications and services Ubiquitous sensor network security) Ubiquitous sensor network (USN) middleware sec
Overview of cybersecurity information exchange (CYBEX)
Procedures for the registration of arcs under the object identifier (OID) arc for cybersecurity information exchange
Common vulnerabilities and exposures
Common vulnerability scoring system
Common weakness enumeration (CWE)
Discovery mechanisms in the exchange of cybersecurity information
Supplement to X.800-X.849 series: on security baseline for network operators
Supplement to X.800-X.849 series: on guidelines for implementing system and network security
Supplement to X.1240 series: on countering spam and associated threats
Supplement to X.1250 series: on overview of identity management in the context of cybersecurity
Supplement to X.1205: on best practices against botnet threats
Guidelines for reducing malware in ICT networks

Usability of network traceback
Framework based on real-time blocking lists for countering VoIP spam
Supplement to X.1240-series Overall aspects of countering mobile messaging spam
Guideline for attributes and requirements for interconnection between public telecommunication network operators and ser
Framework(s) on network requirements and capabilities to support emergency telecommunications over evolving circuit-sw
Ethernet linear protection switching
Ethernet ring protection switching
Terms and definitions for synchronous digital hierarchy (SDH) networks
Terms and definitions for optical transport networks (OTN)
Terms and definitions for Ethernet frames over transport
Linear protection switching for transport MPLS(T-MPLS) networks
Protection switching for MPLS networks
(Internet protocol aspects - IPTV over NGN) Requirements for the support of IPTV services
(Internet protocol aspects IPTV over NGN --) IPTV functional architecture
General overview of NGN
Next Generation Networks --Frameworks and functional architecture models -- Functional requirements and architecture o
Network attachment control functions in next generation networks
Functional requirements and architecture of the NGN for applications and services using tag-based identification
Mobility management and control framework and architecture within the NGN transport stratum
Open service environment functional architecture for NGN
(Next Generation Networks - Frameworks and functional architecture models) Terms and definitions for Next Generation N
Admission control priority levels in Next Generation Networks
Service restoration priority levels in Next Generation Networks
NGN release 1 requirements
Next Generation Networks - Emergency telecommunications - Technical considerations
NGN service requirements and capabilities for network aspects of applications and services using tag-based identification
Requirements for support of ubiquitous sensor network (USN) applications and services in the NGN environment
Security requirements for NGN release 1
NGN authentication and authorization requirements
The application of AAA service in NGN
NGN security mechanisms and procedures
NGN identity management framework
NGN identity management requirements and use cases
(Next Generation Networks Security) NGN identity management mechanisms
Security Requirements for Mobile Remote Financial Transations in the Next Generation Networks (NGN)
Architecture of Secure Mobile Financial Transactions in the Next Generation Networks (NGN)
Mobility security framework in NGN
Mobility management requirements for NGN
Future Networks: Objectives and Design goals

T0A0D00000A0004XLSE

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

T0A0D00000A0004XLSE

Încărcat de

Drepturi de autor:

Formate disponibile

Term

access control list

access control list

access control policy

access control service

access control token

actual clock rate

administrative role (of

administrator [role for

attack record [of

average call traffic

BSP product UUID

client personal video

closed user group

common vulnerability CVSS

content and metadata

coordinated universal UTC

coordinated universal UTC

coverage area (of a

CRL distribution point

delivery time stamp

encrypting master key

extended service set

false reject rate

false rejection rate

future public land

generic BIP entity

generic SIO class

home border element H-BE

identity based security

identity service bridge

identity theft (in IdM)

information data rate

initial encoding rules

inter call time

interim authentication IAC-ID

IP-connectivity access IP-CAN

key certification role

localized service area LSA

login, logon, sign-on

master endpoint (of a

master session key

message store threat

mobility at the interaccess network level

naming context (use

network address port NAPT

network management NMS

NGN service stratum

numeric user identifier

open vulnerability and OVAL

pairwise master key

password sniffing (in

personally identifiable PII

phishing (in IdM)

phishing, fraud, and

product & service

public entity identifier UID

public key directory

public land mobile

radio access bearer

radio access network

real-time blocking list RBL

registrar [role for