3.2 Definitions and Abbreviations
For the purposes of the present document, the following abbreviations apply.
3.2.1 Definitions
Anonymity | In case of market requirements, an anonymous identity is required during ownership transfer. EU data privacy or Germany Privacy Regulations may apply. |
Application | Applications (also called end-user programs) are software programs designed to perform a group of coordinated functions or tasks that may vary by installation or model. Examples of IoT applications include a web browser, sensor management, or actuator controller. This contrasts with system software, which executes the operating software of the main processor in the device. |
Authentication | Authentication is the process of recognising an identity. It is the mechanism of associating an incoming request with a set of identifying credentials. The credentials provided are checked with those in the device or within an authentication service. |
Authentication | Authentication is the process of recognising an identity. It is the mechanism of associating an incoming request with a set of identifying credentials. The credentials provided are checked with those in the device or within an authentication service. |
Boot | The initial process used by the device when turned on that prepares the system for operation (normally contains low-level Secure Boot steps). |
Consumer | An end user, and not necessarily a purchaser, in the distribution chain of a good or service who make personal use an IoT device and/or service. |
Deployment | The placing of the product into customer trial or service. |
Encrypted | Data secured using a recognised algorithm and protected keys, so as to be meaningful, only if decoded, and decodable only by those with access to the relevant algorithm and keys. |
Enterprise | An organisation in business for commercial or not-for-profit purposes that share information technology resources. |
Firmware | Computer programs and data stored in hardware – typically in read only memory(ROM) or programmable read-only memory (PROM) – such that the programs and data cannot be dynamically written or modified during execution of the programs. |
IoT Product Class | Class of network products that all implement a common set of IoTSF defined functions for that particular IoT product. |
Interactive Account | Interactive accounts include non-personal accounts such as root, admin, service, batch, super user or privilege accounts that permit system configuration changes. |
Mutual Authentication | Mutual authentication refers to a security process or technology in which two entities in a communications link verify the origin and integrity of each other before any sensitive data is sent over the connection. In a network, the client authenticates the server and vice-versa. It is a default mode of authentication in some protocols, such as: SSH (see https://tools.ietf.org/html/rfc4250) and optional in others, such as TLS (see https://tools.ietf.org/html/rfc8446). |
Nonce | Nonce is an abbreviation of the term "number used once”. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications messages cannot be reused in replay attacks. |
Operating System | An operating system (OS) is system software that manages device hardware and software resources and provides common services for software programs. |
On boarding | The method to register a device into its service or solution to enable device registration [ref 16]1, configuration and data transfer. |
Ownership Transfer | In case a device is transferred through a supply chain and changes owner, this method ensures a reliable and secure transfer of ownership. |
Personal Information | Personal Information is defined by the EU General Data Protection Regulation (GDPR): https://ec.europa.eu/info/law/law-topic/data-protection_en. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified,directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Other jurisdictions may have different definitions. |
Secure Boot | Process that ensures a device only starts software that is trusted by the OEM. |
Secure Protocol | The method of exchanging information that ensures protection and reliability of the data (usually though cryptographic techniques). |
Software | Unless otherwise explicitly stated, for the purposes of this document the term software also includes any firmware elements in the product. |
Strong Authentication | A procedure based on the use of two or more of the following elements, categorised as knowledge, ownership and inherence: i) Something only the user or device knows, e.g. static password, code, personal identification number; ii)Something only the user or device possesses, e.g. token, smart card, mobile phone; iii) Something the user or device is, e.g. biometric characteristic, such as a fingerprint. In addition, the elements selected must be mutually independent, i.e. the breach of one does not compromise the other(s). At least one of the elements should be non-reusable and non-replicable (except for inherence), and not capable of being surreptitiously stolen via the internet. The strong authentication procedure should be designed in such a way as to protect the confidentiality of the authentication data defined other examples include NIST Special Publication 800-63B see [ref 26]2 and European Central Bank: Recommendations For The Security Of Internet Payments http://www.ecb.europa.eu/pub/pdf/other/recommendationssecurityinternetpaymentsoutcomeofpcfinalversionafterpc201301en.pdf?95e6bba1ef875877ad3c35cf3b12399c |
Supply Chain of Trust | Where an IoT system uses device or service components with more than one source, all sources demonstrate assurance with the relevant requirements of this framework. This will lead to the Devices and services in an IoT system exhibiting the following attributes: - Engender robust Root of Trust and secure identities - Safeguard application code at source Inhibit grey-manufacturing and protect IP - Ensure only valid applications are programmed - Integrate robust key structures for ownership delegation - Enable lifecycle updates and patching |
Tamper Evident | The enclosure of the product has measures to ensure that any unauthorised attempt to open it leaves evidence of the attempt, for example, labelling across a product’s enclosure joint that fragments when the joint is disturbed. |
Tamper Resistant | The enclosure of the product has measures to prevent its unauthorised opening. Typically, with specialist fasteners or other features that require the use of specialist tooling, unique to the product. |
3.2.2 Acronyms
CoAP Constrained Application Protocol
DDoS Distributed Denial of Service
DTLS Datagram Transport Layer Security
EAL Evaluation Assurance Level
ERP Effective Radiated Power
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
IP Internet Protocol
MD Message Digest
MQTT Message Queue Telemetry Transport - ISO standard ISO/IEC PRF 20922
OEM Original Equipment Manufacturer
PRNG Pseudo Random Number Generator
ROT Root Of Trust
SHA Secure Hash Algorithm
SSH Secure Socket Shell
TRNG True Random Number Generator
TBC To Be Confirmed
TBD To Be Determined
TCP Transmission Control Protocol
TLS Transport Layer Security
T3P Trusted Third Party
UDP User Datagram Protocol
URL Uniform Resource Locator
WPS Wi-Fi Protected Setup
Footnotes
-
Example of IoT application ID registry and possible privacy profile registry ↩
-
NIST SP800-63b Revision 1” NIST Special Publication 800-63B Digital Identity Guidelines Authentication and Lifecycle Management” June 2017 [https://pages.nist.gov/800-63-3/sp800-63b.html] ↩