The following words and terms, when used in this chapter, shall have the following meanings, unless the context clearly indicates otherwise.
(1) Asymmetric cryptosystem--A computer-based system that employs two different but mathematically related keys with the following characteristics:
(A) one key encrypts a given message;
(B) one key decrypts a given message; and
(C) the keys have the property that, knowing one key, it is computationally infeasible to discover the other key.
(2) Certificate--A message which:
(A) identifies the certification authority issuing it;
(B) names or identifies its subscriber;
(C) contains the subscriber's public key;
(D) identifies its operational period;
(E) is digitally signed by the certification authority issuing it; and
(F) conforms to ISO X.509 Version 3 standards.
(3) Certificate Manufacturer--A person that provides operational services for a Certification Authority or PKI Service Provider. The nature and scope of the obligations and functions of a Certificate Manufacturer depend on contractual arrangements between the Certification Authority or other PKI Service Provider and the Certificate Manufacturer.
(4) Certificate Policy--A document prepared by a Policy Authority that describes the parties, scope of business, functional operations, and obligations between and among PKI Service Providers and End Entities who engage in electronic transactions in a Public Key Infrastructure.
(5) Certification Authority--A person who issues a certificate.
(6) Certification practice statement--Documentation of the practices, procedures, and controls employed by a Certification Authority.
(7) Digital signature-- An electronic identifier that currently provides higher levels of security and universal acceptance. Digital signatures are based on Public Key Infrastructure (PKI) technology, and guarantee signer identity and intent, data integrity, and the non-repudiation of signed records. The digital signature cannot be copied, tampered with or altered.
(8) Digitally signed communication--A message that has been processed by a computer in such a manner that ties the message to the individual that signed the message.
(9) Electronic--Relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
(10) Electronic record--A record created, generated, sent, communicated, received, or stored by electronic means.
(11) Electronic signature--An electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. Digital signatures are a subset of electronic signatures.
(12) End Entities--Subscribers or Signers and Relying Parties.
(13) Escrow agent--A person who holds a copy of a private key at the request of the owner of the private key in a trustworthy manner.
(14) Expert--A person with demonstrable skill and knowledge based on training and experience who would qualify as an expert under Rule 702 of the Texas Rules of Evidence.
(15) Handwriting measurements--The metrics of the shapes, speeds and/or other distinguishing features of a signature as the person writes it by hand with a pen or stylus on a flat surface.
(16) Key pair--A private key and its corresponding public key in an asymmetric cryptosystem. The keys have the property that the public key can verify a digital signature that the private key creates.
(17) Local government--A county, municipality, special district, or other political subdivision of this state or another state, or a combination of two or more of those entities, but excluding an agency in the judicial branch of local government.
(18) Message--A digital representation of information.
(19) Person--An individual, state agency, institution of higher education, local government, corporation, partnership, association, organization, or any other legal entity.
(20) PKI--Public Key Infrastructure; A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.
(21) PKI Service Provider--A Certification Authority, Certificate Manufacturer, Registrar, or any other person that performs services pertaining to the issuance or verification of certificates.
(22) Policy Authority--A person with final authority and responsibility for specifying a Certificate Policy.
(23) Private key-- The secret part of an asymmetric key pair that is used to digitally sign or decrypt data.
(24) Proof of Identification--The document or documents or other evidence presented to a Certification Authority to establish the identity of a subscriber.
(25) Public key-- The public part of an asymmetric key pair that is used to verify signatures or encrypt data.
(26) Public Key Cryptography--A type of cryptographic technology that employs an asymmetric cryptosystem.
(27) Record--Information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.
(28) Registrar--A person that gathers evidence necessary to confirm the accuracy of information to be included in a Subscriber's certificate.
(29) Relying Party--A state agency, including an institution of higher education, that has received an electronic message that has been signed with a digital signature and is in a position to rely on the message and signature.
(30) Role-based key--A key pair issued to a person to use when acting in a particular business or organizational capacity.
(31) Signer--The person who signs a digitally signed communication with the use of an acceptable technology to uniquely link the message with the person sending it.
(32) Subscriber--A person who:
(A) is the subject listed in a certificate;
(B) accepts the certificate; and
(C) holds a private key which corresponds to a public key listed in that certificate.
(33) Technology--The computer hardware and/or software-based method or process used to create digital signatures.
(34) Transaction--An action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs, where one of the persons is a state agency, including an institution of higher education.
(35) Written electronic communication--A message that is sent by one person to another person.
Source Note: The provisions of this §203.1 adopted to be effective November 28, 2004, 29 TexReg 10710; amended to be effective September 20, 2011, 36 TexReg 6143; amended to be effective November 23, 2015, 40 TexReg 8191; amended to be effective November 23, 2017, 42 TexReg 6505