The algorithm used in GSM mobile phones. Alex Biryukov and Adi Shamir have shown this algorithm to be insecure (6/12/99). However it is a very efficient stream cipher and the subject of some debate. The main subject of debate has been the key of which ten of the sixty four bits have been replaced with zeroes in most if not all implementations. Only used to encrypt (in most cases) between the mobile phone and its base station. If you want to ensure that your phone isn't tapped or intercepted don't use A5.
A device that is used in conjunction with a password. This provides a user with 'something that he knows' and 'something that he has' as a stronger method of access control to an information system or for physical access to a site or building. An access token may be a small device that plugs into a parallel port or a USB port and has to be present the whole time that the equipment is being operated. Other devices include 'smart cards', magnetic stripe cards, barcode cards, proximity cards.
An authentication device that plugs into a USB port on a Personal Computer.
American National Standards Institute.
Layer Seven of the OSI.
A high level description of methods necessary to allow the processing and exchange of information electronically.
Application Specific Integrated Circuit. A silicon chip usually produced in a lower yield than mass production chips that can execute a specific task at a very high speed.
The wireless equivalent of the X.25 packet transmission protocol.
The Ballista Compartmented War Machine is a special server that can be set up within a network or address an network from outside. It may be configured to conduct a range of scans, either on a random check basis, or in real-time. Unlike traditional network scanners, the CWM is able to conduct multiple scans simultaneously and also permit human directed investigations. This makes it an excellent device to look both for network vulnerabilities and for intruders. The very strong audit and alarm mechanism is an important feature because an attacker would be identified before he was able to penetrate far enough to attack the alarm and audit mechanisms.
Authentication and access control devices that relay on physical human characteristics. Device types include; retina scanners, finger print scanners, image scanners, vein map scanners, palm scanners. These devices depend on a unique of virtually unique human characteristic. Some characteristics may not be truly unique but will be very rare.
The Standards prefix of the British Standards Institute.
An Information Security Code of Conduct developed by the British Standards Institute and expected to form the basis for a new ISO Standard for Information Security. BS 7799 may be regarded as a new Standard in its own right, but it could also be regarded as a component process/methodology within the ISO 9000 quality management Standards.
The British Standards Institute which is a body tasked with the development of standards and methods of measurement to assurance the ability of products and processes.
Command, Control, Communications, Intelligence. This describes the integrated management of information and communication in military operations. This includes logistics control and the monitoring of status of military units.
The Camelot Trusted Enterprise Server employs the same strong protective mechanisms as other members of the GRAIL family of products. It allows high sensitivity information resources to be maintained inside a network. The server is able to support many different levels of sensitivity so that applications, such as financial applications and databases, can be made available to every network user but without allowing any user to access any parts of the information that they are not authorised to access. It is also possible to provide authorisation for selective access so that, for example, an employee could read any information in a specified part of the store, but would only be able to change, copy, or print a designated proportion of that information, or none at all.
CESG Architecture for Secure Messaging. This is a secure mail architecture compatible with the US DOD Defense Messaging System, DMS.
The International Telegraph and Telephone Consultative Committee is part of the International Telecommunications Union (part of the UN). CCITT recommendations are not binding but most of its members endorse CCITT standards.
These are systems (hardware, operating systems, networking, and/or software applications) that have been independently evaluated and certified to an IT security criteria, such as TCSEC, ITSEC, Common Criteria. These criteria only show that a specific product has been tested under a particular criteria to a Target Of Evaluation, TOE. The TOE may have been written by the product developer and may mean that under normally operational conditions, the product does not meet the security standards implied by the certificate. The certificate also provides no reliable evidence that the a system which is built only from certified products will achieve the same level of assurance as that achieved by the lowest certified product.
The UK Communications-Electronic Security Group is a component of GCHQ, responsible for a range of communications and computer security duties in support of UK national needs. CESG was one of the founders of the European ITSEC and provides evaluation and accreditation services to UK Government agencies.
A section of the radio spectrum can be divided up at set intervals the frequency between these intervals is designated a channel and can be referred to either by frequency or number.
US Central Intelligence Agency. This is one of the US intelligence agencies and is descended from the OSS which was established in World War Two. It is tasked with providing intelligence services and covert actions outside US territory. Also, CIA is used as; Confidence, Integrity, Availability.
Cerberus' security
scanner designed to root out security issues on Internet based systems. Update of what used to be NTInfoScan. Runs on Windows NT 4 and Windows 2000.Proprietary specifications promoted by a company or group which remain proprietary specifications that may not be fully documented and where other vendors can only add functionality at an API level.
Commercial Licensed Evaluation Facility. This is a commercial evaluation laboratory licensed by a National ITSEC Scheme Secretariat to evaluate products under the ITSEC Scheme.
This trusted operating system was built to a specification issued by the US Defense Intelligence Agency to provide a trusted client/server environment for highly sensitive Multi-Level Secure environments. CMW stands for Compartmented Mode Workstation which is a misnomer because the same operating system is equally applicable to servers and workstations. Previously restricted for use by designed US defense and intelligence agencies and authorised British Government users, CMW is now available for commercial use and is an ideal base for e-commerce applications. It has been adopted as the base for Armadillo GRAIL trusted network appliances which are used by government and finance organisations.
Hostile code that is un-wittingly loaded into an information processing. The first virus products were not particularly harmful and could be removed without much difficulty. The technique is continually being refined and may be carried covertly in a number of ways. Anti-virus software is effective against many virus products in common circulation but will never be completely effective because a new mutation may either evade detection or require a new elimination product to remove or neutralise it. Even a virus that does not cause serious damage costs money because it will be at least inconvenient and must therefore be removed or neutralised, so introducing labour costs and a need for new anti-virus products.
Constable is a security management system that may be built into the same platform as other GRAIL products, or may be built on its own platform, receiving audit and alarm information from many other GRAIL platforms on many different networks. In addition to collecting and processing audit outputs, Constable provides the means by which a security officer can control a large and complex network, changing privileges and security profiles as the network security policy manager. The unique range of services is designed to reduce work load on security officers so that they are able to respond quickly and effectively to any significant incident, but it also provides a strong audit for any later forensics investigation after an incident on a managed network and maintains a long term record which may be vital to any successful prosecution of an internal or external attacker.
Commercial of the shelf, usually in reference to non trusted systems.
Digital Analogue Converter. Converts digital information into analogue information and vice versa.
Discretionary Access Control. One of the key elements of implementing security in computer-based systems, but can also be employed in any Security or Risk Policy to describe physical access control.
An access token the size of a button cell that sits on a reader attached to a Personal Computer.
A further development of Purple Penelope designed to add security labelling to deficient Operating Systems such as Windows NT.
Specifications or approaches that have resulted from the initiative of particular groups or companies that have become established through popular acceptance.
Data Encryption Standard. A symmetric Block Cipher that can operate in both CBC and EBC modes. Useless with a 40bit key, better with a 56bit key and OK if using the Triple Des implementation. However, key storage, choice and implementation play a huge part in its security, as with any other encryption algorithm.
Standards, especially in a complex area like Risk Management, usually present severe difficulties for vendors who have not started the design of a product with security requirements in mind. This has led to devices, such as the Target Of Evaluation in ITSEC and Common Criteria, which allow a vendor to qualify his claims but which may never be presented to users. Therefore, a product which relies operationally on its ability to link to other products can achieve a high assurance rating but where the TOE says that the product is presented without that capability being part of the evaluation. This leads to Devalued Standards because the assurance rating is meaningless for the environment where the product is normally deployed and where it may have serious vulnerabilities.
US Defense Intelligence Agency. This is one of the US intelligence agencies which collects and analyses defence related intelligence in the US national interest. DIA were also responsible for drafting the specification for the CMW B3 functionality Operating System.
A method of authenticating the source of a message. All current digital signatures rely on public key cryptography. Usually a message is signed with a private key and the messages target uses the corresponding public key to verify the authenticity of the signature. All rely on secret information to sign the signatures and public information to verify the signatures.
An access token that usually attaches to the parallel port on a Personal Computer.
Extended Global System for Mobile Communications. GSM will become saturated eventually and extra frequencies will be required, EGSM phones will take advantage of the new channels.
Extremely High Frequency 30-300 GHz in the radio spectrum.
Electro-Magnetic Pulse. EMP may be generated by a nuclear explosion or by a device such as a HERF gun. It has the capacity to disable or destroy un-screened electronic equipment such as computer and communications equipment.
The Standards prefix of the European Union.
Electronic serial number. Commony used in mobile phones and smartcards to denote a part of an ID.
A grounded cage structure designed to electrically screen an area. This device can be used to screen out emitted signals from information systems and can also be employed to protect against lighting strikes and other high energy emissions.
US Federal Bureau of Investigation. This organisation was originally established primarily to address criminal activity beyond the capability of State, County, and Town Police departments. It also performs some duties that other countries address with Secret Police departments and military intelligence agencies. The FBI has been one organisation pioneering computer crime detection.
Federal Criteria - Federal Information Processing Standards. This was an attempt by the US to develop a trusted system evaluation criteria to replace the US TCSEC and become an element in a suite of Information Processing Standards under the management of NIST.
Field programmable gate array. A programmable chip that can execute repetitive tasks very quickly. Whilst not as fast as ASIC chips they are cheap and plentiful. Now sold in kits and often used to build home key search systems.
A two man trench is that is a metre deep, half a metre wide and two metres long. Fire trenches should be provided with overhead protection. This should not be more that a third to half a metre above the height of the ground. If over head protection is added to a fire trench, a gap must be left uncovered for access, to fire anti-tank weapons with a back-blast, and to throw grenades.
A co-operative of security professionals offering the most cost effective and flexible services on the Internet. Named after the military 'Fire Trench' to denote maximum achievable security without diminishing functionality.
An Opensource Berkley Software Division Unix operating system. It has proven reliability, used by Yahoo! and the largest internet site in the world CDROM.COM.
The Gargoyle Trusted Mail Gateway is an advanced high assurance system that employs B3 functionality. It may be positioned at any portal, between private networks of differing trust, or between private and public networks. It will only permit mail traffic to pass between domains and is able to transparently support any popular mail environment, including smtp and X.400. A typical Gargoyle would include hostile code scanners, the ability to perform content scanning, sanitation and quarantine compartments, and a rule table configured to meet the needs of specific Risk or Security Policies.
UK Government Communications Headquarters. This organisation is descended from the famous Bletchley Park encryption/decryption group that broke German codes during World War Two and was responsible for the modern computer through design of the Colossus electronic processing engine or mainframe computer. GCHQ is primarily a signal intelligence agency of which CESG is a part.
The GRAIL programme began in 1989 as part of the Secure Engineering Environment initiative. It was begun as an initiative to provide the means whereby sensitive government networks could be linked to untrusted public networks, such as the Internet. As the original objective was to provide high assurance 'black boxes' for government use on classified systems, it was possible to employ restricted technology that has only recently become available for commercial use. As many sensitive government systems were also 'mission critical' systems, it was essential that these high assurance network appliances also had to offer high integrity and high availability.
Although the development of the products, which form the GRAIL Suite, began development over ten years ago and were intended originally for military, intelligence and police applications, they provide today a unique family of systems to enable commercial and government users to link sensitive private networks to the Internet and other public networks for e-commerce without exposing the private resources to significant and growing threats.
The great strength of the GRAIL Suite of products is that they are designed to operate transparently through Pre-Planned Product Integration, P3I, so that a complex range of functionality can be achieved by assembling a selection of GRAIL products together and configuring them to address specific needs. This means that all existing services will function without modification and the GRAIL products will add the necessary assurance and integrity. Each GRAIL solution is built, configured and tested before despatch so that it can be treated as a 'Black Box' and added to existing networks without any special knowledge. Network and system elements on either side of a GRAIL product can be changed at will.
The primary consideration in developing the GRAIL Suite was to produce a family of network appliances that were truly transparent and able to support new technologies, techniques, protocols, standards and architectures. This was considered to be an essential capability in the globalisation of communications and information where different approaches and cultures must be supported in the interests of interoperability, and where technology is changing at an increasing rate.
The GRAIL Suite comprises a number of products that are designed to address specific network security requirements. The very strong high assurance capability does allow several groups of GRAIL product to be mounted on the same hardware platform without any reduction in assurance. This allows very cost effective solutions to be employed. All products feature the same very high assurance Path and Audit mechanisms and the same highly configurable alarm systems. As these products will be used in what may be regarded as a mission critical environment, resilience is an important requirement which is provided through automatic configuration changing which allows a number of platforms to be linked by 'heart-beat' software. If one platform suffers a problem, one of the other linked platforms will assume the faulty unit's identity, in addition to its normal identity, until the fault has been dealt with. A range of hardware options allows a user to decide on the level of durability to be provided by the hardware.
The GRAIL platforms are supplied on a variety of popular hardware platforms. SPARC and Intel options are available in standard commercial casings for low cost, or industrial grade floor standing and rack mounted casings. A typical industrial strength system will employ rack mounted rugged casings that are equipped with locking access doors and panels, cable protectors, hot-swop fans and power units, UPS, and tamper alarms to warn of any attempt to interfere with the equipment.
The Grymoire Trusted Directory Server is an X.500-based director system that is able to provide key management services for reliable encryption. A unique feature of this system is the ability in a single platform to maintain a number of directories at different levels of access. This means that any authorised interrogation will produce the required information but any interrogator not authorised to receive selected information will receive a neutral response to avoid any breach of the security policy.
Global System for mobile communications. An internationally accepted standard for digital cellular telephony. Uses TDMA to share each available radio channel between 8 to 16 users. The UK usually has one of these 'slots' reserved as a control channel. GSM uses 935-960 MHz for the communications to mobile phones and 890-915 MHz for communications to the nearest base station within a cell. Channel spacing is set at 200 kHz. Uses the A5 algorithm for encryption and usually uses the COMP128 suite for key set up; they have both been compromised.
The Herald Trusted Web Server is an advanced multi-assurance system that employs B3 functionality. Unlike traditional web server products, the Herald is able to offer a range of access controls so that low sensitivity information can be made freely available to any site visitor, but where more sensitive information can be restricted to authorised users. There is no limit to the number of levels of access and each level can require a different type of access control authorisation, making it practical to safely place much more information on the web server than would otherwise be advisable.
A device that is intended to disable or destroy electronic systems by high energy radiation discharge. This device is easy to build provided that it does not need to be man portable and self powered. A vehicle mounted unit could be used to disable or destroy information systems over a radius of several hundred metres or more. Continuing development may produce more portable devices with greater range and an ability to be more selective in targeting.
Short-wave radio. 3-30 MHz in the radio spectrum.
Identity. May be an identity card that contains personal information including a photograph, or an entry required by an information system as part of the loggon process.
Specifications that are established by agreement between companies within an industry.
The International Standards Organisation (ISO) which adopts and publishes Standards that have been agreed by nations but which may be based on Standards previously developed at a national level and promoted by the Standards Body of that nation. Included in the process of international Standards agreement are the means by which evaluations may take place so that a product evaluated in one country may be confidently accepted in any country. The primary force in developing the OSI architecture, ISO works closely with CCITT when developing communications standards.
The European Information Technology evaluation and certification criteria. This was the first criteria to be specifically designed to provide the means to evaluate products commercially and make them available almost without restriction to commercial and government users alike. The criteria was developed in 1990 jointly by the Governments of the United Kingdom, the Netherlands, Germany and France. In important part of the programme was to provide for mutual recognition of certificates and to make ITSEC available to any country prepared to accept mutual recognition.
Under the ITSEC Scheme, any subscribing country has been able to establish its own National Scheme Secretariat to license evaluation facilities and to issued certificates to successfully evaluated products.
The ITSEC evaluation manual produced to assist in the preparation of products for evaluation and to guide the evaluation process.
Light-weight Directory Access Protocol. A reduced specification in comparison to X.500 in an attempt to add directory services standards to the Internet. It is likely that LDAP will not prove sufficiently extensible to support adequately the world-wide addressing and public key infrastructure requirements.
Low Frequency 30-300 kHz in the radio spectrum.
Laser Programmable Gate Array. A cheaper alternative to ASIC chips that are nearly as fast and provide nearly as higher gate count.
An Opensource operating system that is highly adaptable and can be configured to suit most applications.
Mandatory Access Control. This is a key element of trusted system specification, but can also be used to describe physical access control within a Security or Risk Policy.
Commonly used to describe an access token that relies on a magnetic stripe to hold necessary information. Also used to describe magnetic media used by information processing systems. Now a rare device, that predated devices such as 3.5 inch floppy disks, the magnetic card is still used for security purposes and is the size of an 80 column punch card with a capacity of less than 25,000 characters.
Message Digest 5, an improved version of MD4. Produces a Message Digest (a 128bit hash) of a plaintext message that can only be produced in one direction and using the input plaintext. Ron Rivest is responsible for this algorithm. Commonly used as a one way function to verify that data has not been tampered with.
Medium Frequency 300-3000 kHz in the radio spectrum
Minstrel protects data in transit, preventing interception, reading and changing of passwords and content.
The Moate & Baillie Trusted Enterprise Gateway is an advanced high assurance system that employs B3 functionality. It may be employed at any portal and provides a range of filtering capabilities. This enables it to be used in any position that a 'firewall' might be used but to provide much higher assurance and a wider range of portal management functionality.
A device that operates at layer four and above of the OSI reference model which allows interconnection of dissimilar networks.
US National Computer Security Centre and daughter organisation of NSA which has been responsible for evaluation and certification of trusted computer systems "in the (US) national interest" to the TCSEC.
The National Institute for Standards and Technologies.
The ability to prove that an action took place without a object been able to deny that the action took place or the object denying the source of the action.
US National Security Agency tasked with a range of intelligence duties, including signal intelligence and encryption. Parent organisation of NCSC.
A mathematical function that is very difficult or nearly impossible to work backwards from. So the input is very difficult or nearly impossible to guess from the output of the function and it should be very difficult or nearly impossible to produce the same output twice with differing input
Standards which are freely published, allowing any user, developer, supplier, or service provider to work to a common and agreed format.
The term defined by the International Standards Organisation (ISO) as a basis for standards to enable different vendor systems to inter-operate without modification.
Open Systems Vendors - Vendors who have the courage to present products that are designed to published Standards in the interests of good user practise and interoperability between products. The OSV aims to achieve business by presenting a capable and professional ability to provide products and solutions that meet the real needs of the user.
Packet Assembly/Disassembly device. A PAD allows devices that do not have a direct interface to packet switched networks to communicate with and access such a network.
One of the oldest security measures. It relies on a piece of information known to at least two people, but which is confidential between them, and serves to identify one person to another. This ancient technique was adopted from the early days of computing but has limited effectiveness. Most passwords used in modern information systems can be broken very quickly (less than 10 seconds) using typical Personal Computer equipment and cracking software that is readily available. Most passwords consist of less than 8 characters. To provide any reasonable protection, a password should be at least 18 characters long, and subject to a password policy that governs frequency of changing, and specifies minimum characteristics of construction.
PGP (Pretty good privacy) is an email security program that provides digital signatures, key submission and public key encryption.
a very popular compression product. Whilst the standard of compression is good, the built in security features are not good and can be broken within hours on a standard PC.
The Post Office Code Standardisation Advisory Group pager standard. The most common pager type currently in use.
A description of functionality that is peculiar to one company or a group, where the technical details are hidden from view and where the design is a protected and guarded secret.
The set of software procedures necessary to allow communications between two or more computer systems.
An access device that is worn or carried and does not have to be inserted in a reader. Some cards have to lay on top of the reader, but most can be read at various distances from the reader. Some devices are active transmitters and may hold a dialogue with the reader device. Other devices are passive and are scanned by the reader. This can include cards which are normally attached to a vehicle windshield and can be read from a distance while the vehicle is travelling towards the reader.
A security labelling system developed by DERA.
Quill provides PGP and RIPEM secure electronic mail using Public Key Encryption.
A radio scanner is a radio receiver capable of recording and searching radio frequencies.
Role Based Access Control. This is a method of allocating privilege on the basis of the role of an individual or a job function. Also, RBAC can mean Rule Based Access Control. In this meaning, it is used to describe a flexible access control system that allows rules to be changed at any time and apply to individual security profiles.
An encryption algorithm developed by CESG as a low level algorithm for use by Local and Central Government users in the United Kingdom and for commercial use. Designed to provide confidentiality, and often regarded by commercial users as a very strong encryption algorithm - which it is if compared to some commercial products that claim to be strong.
A specification produced through the desire of users and vendors not to abandon their work in implementing TCP-IP. This standard specifies an implementation of the ISO/OSI interconnect over the TCP-IP protocol.
There is no specification to provide a Standard for network portals. The partial exception is in X.400 where a number of security capabilities are described and are optional under the Standard.
Standards including TCSEC, ITSEC, Common Criteria that provide a specification and test methodology against which the assurance and functionality of products and systems can be evaluated and certified.
These are systems (hardware, operating systems, networking, and/or software applications) that have been developed from popular commercial products to include security features. They may have been independently evaluated and certified to an IT security criteria, such as TCSEC, ITSEC, Common Criteria, or they may be vendor assured which means that performance claims have not been substantiated independently. The security genuinely offered may not be much higher than that provided by standard products and may be present only if certain configurations have been adopted.
A security profile sets out the privileges assigned and authorised to an individual, a job holder, or other entity. It may also be used to described an assessment file that contains all research information and details of decisions that justify the set of privileges authorised to a subject.
Super High Frequency 3-30 GHz in the radio spectrum
A device that contains a processor chip that may be self-powered or powered by a reader device. Usually the same size as a credit card, although sometimes thicker.
Simple Mail Transfer Protocol, from the Internet Protocol Suite.
Secure MIME. This is a belated attempt to address multi-part messages which was not done for MIME but was catered for early in the development of X.400.
A method of defining in a specifications document any object, procedure, design, or methodology, so that all processes are repeatable, of known behaviour, and include common interfaces.
The US criteria for evaluation and certification of trusted computer systems. See Rainbow Series and Orange Book.
Talleyman provides the central management of operations as the direct counterpart of Constable. This provides the means to implement segmented control even over servers and workstations that normally allow super-user access. It is essential to effective risk management that no individual is able to access and management every part of an information resource and rewrite audits. However, it is operationally important in most networks to be able to add and delete users and applications, correct operational errors, restart stalled services, and monitor resource utilisation and costing. Talleyman provides the means to manage these essential functions without subverting security.
Trusted Applications Programming Interface. Unlike APIs that provide a base on which a third party can develop an application to run on a proprietary base (that is not disclosed by the proprietary vendor), a TAPI provides a point at which a third party developer can confidently build an application on a Trusted Base without introducing vulnerabilities in the Trusted Base that would negate the trust in the platform.
A classified specification detailing the methods of preventing the reception or transmission of radio signals emitted by equipment including computers. Techniques employed to achieve this include spraying plastic equipment cases with a material that blocks or reduces radiation transfer, encasing equipment in an anti-radiation cage, and constructing buildings around Faraday Cages. The objectives can also be achieved by active devices that in effect jam transmissions.
Hostile code that aims to open a 'back door' into the target computer. This code is not a virus and may not be detected by popular anti-virus software. This type of hostile code is becoming increasingly common and can be addressed with products such as The Cleaner www.moosoft.com
Also used to describe a covert penetration technique similar to the original Trojan Horse. This technique is based on hiding personnel in an object, such as a fuel tanker or a freight container, that has been equipped with a concealed compartment. The object is admitted to the target site, allowing the covert penetration team to pass through the outer barriers and evade detection
Trusted Systems - These are systems (hardware, operating systems, networking, and/or software applications) that have either been designed specifically as secure systems, or are heavily re-engineered and re-documented popular untrusted systems that have had the traditional low reliability and insecurity removed. A trusted system may have been independently evaluated and certified to an IT security criteria, such as TCSEC, ITSEC, Common Criteria, but may include additional functionally that provides operational benefits beyond the narrow scope of any current criteria.
Ultra High Frequency 300-3000 MHz in the radio spectrum.
The ITSEC product catalogue produced by the UK ITSEC Scheme Secretariat. This catalogue includes both products under evaluation, and certified products that have successfully completed evaluation.
Very High Frequency 30-300 MHz in the radio spectrum.
A form of network where communication and access is achieved without a need of knowledge of the underlying network structure and location of a resource.
A Virtual Network that uses features such as access control and encryption to maintain privacy from public networks.
Very Low Frequency 3-30 kHz in the radio spectrum.
Microsoft's flagship 32bit operating system.
The CCITT Recommendation defining interfaces to packet switched networks. Commonly used interconnecting systems, particularly in low bandwidth environments or high availability environments.
An international standard in electronic messaging protocol specification that allows the exchange of electronic information between dissimilar systems. Development was begun to produce a more reliable and less bug ridden electronic mail environment than that provided by SMTP. Although it is often assumed that X.400 is incompatible with the Internet, it does in fact run reliably over TCP-IP and includes a wealth of security functionality that has yet to be added to SMTP.
An Open Standard for directory systems including X.509 recommendations to process
addresses and public keys.