Table D-1: Glossary of Terms
Applicability Statement 2. An electronic submission protocol that uses HTTP/HTTPS for communications.
Verification of the identity of a person or process. Authentication confirms that a message truly came from the source that sent it.
Certificate Authority (CA)
An organization that issues digital certificates containing the applicant’s public key and other identification information.
Assurance that a message has been disclosed only to the parties authorized to share the information.
Assurance that the information has not been altered in any way and is precisely true to the source.
An entity that contains all the necessary components for submission: a component that receives and routes submissions (the FDA ESG), and its external (e.g., a member of the regulated industry) and internal (e.g., FDA Center) Transaction Partners.
An attachment to an electronic message that allows the recipient to authenticate the identity of the sender via third party verification from an independent certificate authority. Digital certificates are used to identify encryption and decryption codes between message senders and recipients.
A means to provide proof of the integrity and origin of data, both in an non-forgeable relationship that can be verified by any third party at any time, or, an authentication that, with high assurance can be asserted to be genuine.
The sender of data is provided with proof of delivery and the recipient is assured of the sender's identity, so that neither can later deny having processed the data.
In secure communication, an algorithmic pattern used to encrypt messages that only the corresponding public key can decrypt. The private key is also used to decrypt messages that were encrypted by the corresponding public key. The private key is kept on the user’s system and is protected by a password.
The private key is normally known only to the key owner. Messages are encrypted using the public key (see below) and decrypted using the private key. For digital signatures, however, a document is signed with a private key and authenticated with the corresponding public key.
The public key of a public-private key encryption. This key is used to confirm electronic signatures on incoming messages or to encrypt a message so that only the holder of the private key can decrypt the file or message.
A public key is held in a digital certificate. Public keys are usually published in a directory. Any public key can encrypt information; however, data encrypted with a specific public key can only be decrypted by the corresponding private key, which the key owner keeps secret.
The entity sending submissions/communicating with the receiving and routing component (the FDA ESG) of the community.