|“||the process of determining that a model or simulation implementation accurately represents the developer's conceptual description and specifications.||”|
Verification is the process of comparing two levels of system specification for proper correspondence (e.g., security policy model with top-level specification, top-level specification with source code, or source code with object code). This process may or may not be automated.
|“||the process of checking or testing performance information to assess types of errors, such as errors in keying data.||”|
Before a certification authority can issue a digital certificate to a user, it must verify the user’s identity in accordance with the organization’s preset policies. In some cases, the certification authority is set up to perform the identification and authentication of users by itself, but often this function is delegated to separate entities called registration authorities. A user’s identity is verified through one of two means, based on the level of security that is deemed necessary by the organization.
In the first method, the user would need to appear in person at the registration authority and present identity documents such as a birth certificate or passport. A second, less secure method, involves the confirmation of a shared secret through an online application. For example, the user could verify his identity by confirming something that the agency already knows about him but which is not common knowledge, such as tax return information. After verifying the user's identity, the registration authority creates a unique user name. This unique name, which may include the user's given name, ensures that people who rely on the certificate can distinguish between several individuals with similar given names, much like an e-mail address. The certification authority then creates the certificate that irrevocably links that unique name to the user's public key.
|“||[c]onfirmation, through the provision of objective evidence, that specified requirements have been fulfilled (e.g., an entity's requirements have been correctly defined, or an entity's attributes have been correctly presented; or a procedure or function performs as intended and leads to the expected outcome).||”|
|“||[t]he process, using formal methods, of evaluating a system or software component to determine whether it satisfies the requirements imposed at the start of development.||”|
|“||[t]he process whereby law enforcement can adequately demonstrate to a judge or jury that the number or other identifier (e.g., telephone number, electronic mail address) targeted for interception corresponds to the person or persons whose communications are being intercepted.||”|