Asymmetric algorithm - A cryptographic algorithm using different, mathematically-related keys for encryption and decryption. A common use of asymmetric algorithms is key management.
Authentication and digital signature functions include their associated key management function. Authentication includes all aspects of access control where there is no encryption of files or text except as directly related to the protection of passwords, Personal Identification Numbers (PINs) or similar data to prevent unauthorized access.
Encryption component - Any encryption commodity or software (except source code), including encryption chips, integrated circuits, application specific encryption toolkits, or executable or linkable modules that alone are incapable of performing complete cryptographic functions, and is designed or intended for use in or the production of another encryption item.
Fixed data compression or coding techniques - Fixed means the coding or compression algorithm cannot accept externally supplied parameters (e.g., cryptographic or key variables) and cannot be modified by the user.
Generally available to the public - Must meet
all of the following:
a.) Generally available to the public by
being sold, without restriction, from stock at retail selling points by means of
any of the following :
1.Over-the-counter transactions;
2. Mail order transactions;
3. Electronic transactions;
4. Telephone call transactions;
b.) The cryptographic functionality cannot easily be changed by the user;
c.) Designed for installation by the user without further substantial support by
the supplier.
Open cryptographic interface - A mechanism which is designed to allow a customer or other party to insert cryptographic functionality without the intervention, help or assistance of the manufacturer or its agents, e.g., manufacturer's signing of cryptographic code or proprietary interfaces. If the cryptographic interface implements a fixed set of cryptographic algorithms, key lengths or key exchange management systems, that cannot be changed, it will not be considered an "open" cryptographic interface. All general application programming interfaces (e.g., those that accept either a cryptographic or non-cryptographic interface but do not themselves maintain any cryptographic functionality) will not be considered "open" cryptographic interfaces.
Personalized smart card - A smart card containing a microcircuit, in accordance with ISO/IEC 7816, that has been programmed by the issuer and cannot be changed by the user.
Symmetric algorithm - A cryptographic algorithm using an identical key for both encryption and decryption. A common use of "symmetric algorithms" is confidentiality of data.
Techniques that are used to protect against
decompilation and misuse -
a)
Symbolic Obfuscation – Scrambling of the symbolic table or scrambling
of the byte code.
b) Structural
Obfuscation – Using techniques to make the code less readable. For example changing the function names,
i.e., “Encrypt with DES” becomes “Process Block”.
c)
XOR Masking - For vendors that write their own Java Virtual Machine (VM)’s,
this provides load time obfuscation. The
code has an XOR mask over all the byte code.
Classes reside on the computer in XOR form. When they are loaded, they are XOR’d back to the original
class. Mask is hidden.
d)
Mark classes final - A final class means that features cannot be extended
or inherited to other classes – cannot be subclassed.
e) Rename
attributes and function variables - Attributes and function variables to the
encryption classes have been renamed to hide their true function.