| Term |
Definition |
| Access Code |
One of two pieces of information required for retrieving a CSOS Certificate. The Access Code is a number provided to the CSOS subscriber via E-mail.
|
| Access Code Password |
One of two pieces of information required for retrieving a CSOS Certificate. The Access Code password is a combination of numbers and letters and is provided to the CSOS Subscriber’s Coordinator via postal mail.
|
| Activation |
See Certificate Retrieval.
|
| Activation Notice |
A communication (E-mail and postal mailed document) from DEA containing information required to retrieve a CSOS Certificate.
|
| Addendum |
A CSOS Application Form attachment (Form DEA-254) allowing a CSOS Applicant to list additional DEA Registration Numbers that he/she is requesting to be associated with for the CSOS Program.
|
| Applicant |
See CSOS Applicant
|
| Application Package |
See Certificate Application Package
|
| Authenticate |
To confirm the identity of an entity when that identity is presented.
Authentication Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of information.
|
| Backup |
Copy of files and programs made to facilitate recovery if necessary.
|
| Certificate |
(Subscriber) certificates identify the individual named in the certificate, bind that person to a particular public/private key pair, and provide sufficient information demonstrating the Subscriber is operating under the authority of the DEA Diversion Control E-Commerce System program.
|
| Certificate Application |
General term for form DEA-251, DEA-252, and DEA-253. A CSOS Certificate Application is the form submitted by an individual requesting enrollment in the CSOS Program.
|
| Certificate Application Package |
A term used for any CSOS Certificate Application with all required supporting documentation.
|
| Certificate Policy (CP) |
An official policy document governing the CSOS Program. The DEA Diversion Control E-Commerce System Certificate Policy specifies:1. The Certification Authorities, the Subscribers, and the Relying Parties authorized to participate in the PKI program described by this Policy, 2. The obligations of the participants governed by this Certificate Policy, and 3. The minimum requirements for the issuance and management of digital certificates used within the EPCS and CSOS programs - and other suitable applications.
|
| Certificate Renewal |
The process of acquiring a new CSOS Certificate once a current CSOS Certificate has been revoked or has expired.
|
| Certificate Retrieval |
The required process of generating a CSOS Certificate via DEA’s secure Web site.
|
| Certificate Revocation |
The processed of invalidating a CSOS Certificate prior to its expiration date.
|
| Certificate Revocation List (CRL) |
A list maintained by a Certification Authority of the certificatesthat have been revoked prior to their stated expiration date.
|
| Certificate Store |
The component of an Internet browser (such as Internet Explorer or Netscape) that provides access to digital certificates. Certificates may be viewed or managed from within a browser’s certificate store.
|
| Certification Authority (CA) |
This term is used to identify both the Root CA role operated by DEA as well as the Subordinate CA that would be operated by other entities in compliance with DEA regulations.
|
| Compromise |
Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.
|
| CSOS Applicant |
An individual requesting enrollment in the CSOS Program who has not yet been approved and issued a CSOS Certificate. Applicant’s include Registrants, Coordinators, and Power of Attorneys.
CSOS Coordinator An individual delegated and authorized by a DEA Registrant to be the administrator for associated DEA Registration numbers.
|
| CSOS Power of Attorney (POA) |
A non-administrative individual enrolling or enrolled in the CSOS Program for signing electronic orders for controlled substances. A POA applicant can be any individual who has been granted ordering Power of Attorney by a Registrant and has been approved by a CSOS Coordinator.
CSOS Subscriber An individual enrolled in the CSOS Program who has been issued a CSOS Certificate by DEA.
|
| Digital Signature |
The use of a digital certificate’s private key to “sign” a digital communication. For electronic ordering of controlled substances, each order must be digitally signed using a CSOS certificate for authentication, order integrity, validation, and non-repudiation (inability to deny placing an order) purposes.
|
| Drug Enforcement Administration (DEA) |
The DEA regulates the manufacture and distribution of controlled substances in the United States.
Enrollment The process of applying with DEA in order to participate in the CSOS Program.
|
| Hash |
A hash value, or message digest, is a unique number generated from a string of text. Since changing any character in the text string results in a new hash value, hash values are used to provide data integrity.
|
| Key Escrow |
A deposit of the private key of a Subscriber and other pertinent information pursuant to an escrow agreement or similar contract binding upon the Subscriber, the terms of which require one or more agents to hold the Subscriber's private key for the benefit of the Subscriber, an employer, or other party, upon provisions set forth in the agreement.
|
| Key Pair |
Two mathematically related keys having the properties that: 1. One key can be used to encrypt a message that can only be decrypted using the other key, and 2. even knowing one key, it is computationally infeasible to discover the other key.
|
| Local Registration Authority (LRA) |
The role of CSOS Coordinator subscribers in verifying the identity and authority of each CSOS Power of Attorney applicant enrolling in the CSOS Program.
|
| Object Identifier(OID) |
An alphanumeric number registered with an internationally recognized standards organization used within PKI to uniquely identify policies and supported cryptographic algorithms.
|
| Power of Attorney Letter |
A formal letter where a Registrant grants an individual the authority to sign controlled substance orders for the indicated DEA Registration number.
|
| Private Key |
The part of a digital certificate known only by the owner:(1) The key of a signature key pair used to create a digital signature. (2) The key of an encryption key pair that is used to decrypt confidential information. In both cases, this key must be kept secret.
|
| Public Key |
The part of a digital certificate that is publicly known:(1) The key of a signature key pair used to validate a digital signature. (2) The key of an encryption key pair that is used to encrypt confidential information. In both cases, this key is made publicly available normally in the form of a digital certificate.
|
| Public Key Infrastructure (PKI) |
A set of policies, processes, server platforms, software andworkstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.
|
| Registrant |
The individual who signed, or is authorized to sign, the most recent application for DEA Registration renewal. The Registrant is typically and owner or officer for the organization.
Registration Authority (RA) The unit within DEA’s CSOS Certification Authority responsible for CSOS Subscriber Enrollment. The CSOS RA processes CSOS Subscriber Application packages and adjudicates the identity and validity of all CSOS Applicants.
|
| Relying Party |
A Relying Party is the entity that, by using a Subscriber’s certificate to verify the integrity of a digitally signed message, identifies the creator of a message, and relies on the validity of the public key bound to the Subscriber’s name. The Relying Party is responsible for checking the validity of the certificate by checking the appropriate certificate status information. The Relying Party must use the certificate to verify the integrity of a digitally signed message and to identify the creator of a transaction.
|
| Renewal |
See Certificate Renewal.
|
| Retrieval |
See Certificate Retrieval.
|
| Root CA |
The DEA Diversion Control E-Commerce System Root CA shall operate in accordance with the provisions of its Certification Practices Statement. The DEA Diversion Control E-Commerce System Root CA shall also perform the following functions: (1) accept and process applications for operations from Subordinate CAs; (2) issue certificates to Subordinate Certificate Authorities approved by the PMA; (3) publish Subordinate CA certificate status information.
|
| Subordinate CA |
A Subordinate CA is an entity authorized by the PMA to create, sign, and issue public key certificates to authorized CSOS Subscribers.
|
| Subscriber |
See CSOS Subscriber.
|
