Glossary of Key Information Security Terms (NIST) part 42 N-O

Nonce –

A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge-response authentication protocols generally must not be repeated until authentication keys are changed. Otherwise, there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable. A random or non-repeating value that is included in data exchanged by a protocol, usually for the purpose of guaranteeing the transmittal of live data rather than replayed data, thus detecting and protecting against replay attacks.

NSA-Approved Cryptography –

Cryptography that consists of: an approved algorithm; animplementation that has been approved for the protection of classified information in a particular environment; and a supporting key management infrastructure.

Null –

Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes.

Object –

A passive entity that contains or receives information. Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object implies access to the information it contains. Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See Subject.

Object Identifier –

A specialized formatted number that is registered with an internationally recognized standards organization. The unique alphanumeric/numeric identifier registered under the ISO registration standard to reference a specific object or object class. In the federal government PKI, they are used to uniquely identify each of the four policies and cryptographic algorithms supported.

Object Reuse –

Reassignment and reuse of a storage medium containing one or more objects after ensuring no residual data remains on the storage medium.

Off-Card –

Refers to data that is not stored within the PIV card or computation that is not done by the Integrated Circuit Chip (ICC) of the PIV card.

Off-line Attack –

An attack where the Attacker obtains some data (typically by eavesdropping on an authentication protocol run, or by penetrating a system and stealing security files) that he/she is able to analyze in a system of his/her own choosing.

Off-line Cryptosystem –

Cryptographic system in which encryption and decryption are performed independently of the transmission and reception functions.

Official Information –

All information in the custody and control of a U.S. government department or agency that was acquired by U.S. government employees as a part of their official duties or because of their official status and has not been cleared for public release.

On-Card –

Refers to data that is stored within the PIV card or computation that is done by the ICC of the PIV card.

Online Attack –

An attack against an authentication protocol where the Attacker either assumes the role of a Claimant with a genuine Verifier or actively alters the authentication channel. The goal of the attack may be to gain authenticated access or learn authentication secrets.

Online Certificate Status Protocol (OCSP) –

An online protocol used to determine the status of a public key certificate.

Online Cryptosystem –

Cryptographic system in which encryption and decryption are performed in association with the transmitting and receiving functions.

One-part Code –

Code in which plain text elements and their accompanying code groups are arranged in alphabetical, numerical, or other systematic order, so one listing serves for both encoding and decoding. One-part codes are normally small codes used to pass small volumes of low-sensitivity information.

One-time Cryptosystem –

Cryptosystem employing key used only once.

One-time Pad –

Manual one-time cryptosystem produced in pad form.

One-time Tape –

Punched paper tape used to provide key streams on a one-time basis in certain machine cryptosystems.

One-Way Hash Algorithm –

Hash algorithms which map arbitrarily long inputs into a fixed-size output such that it is very difficult (computationally infeasible) to find two different hash inputs that produce the same output. Such algorithms are an essential part of the process of producing fixed-size digital signatures that can both authenticate the signer and provide for data integrity checking (detection of input modification after signature).

Open Checklist Interactive Language (OCIL) –

SCAP language for expressing security checks that cannot be evaluated without some human interaction or feedback.