A third-party instance that issues public-key certificates. The CA guarantees the identity of the certificate owner.

User or component-specific information that allows users or components to access their security information. The credentials may be located, for example, in a protected file in the file system. They often have a limited life span. For example, users’ credentials may be created when they log on to the security product and deleted when they log off.

Security mechanism for protecting digital data.

The digital signature serves the same function for the processing of digital data as a handwritten signature serves for paper documents. Its purpose is to guarantee that the individuals (or components) that sign digital documents really are who they claim to be. It also protects the integrity of signed data; if even one bit in either the signed data or in the signature is changed, the signature is invalid.

The digital signature is based on public-key cryptography. Each signer is provided with a unique key pair consisting of a private key and a corresponding public key. The signer creates his or her digital signature by using his or her private key. He or she distributes the public key as desired. Recipients of signed data use the signer's public key to verify his or her digital signatures.

For example, in electronic commerce, paperless contracts are closed without using handwritten signatures.

Type of security that protects a message from being viewed by anyone other than the intended recipient(s).

A digital envelope is created using hybrid encryption. First, the message itself is encrypted using symmetric encryption (meaning that the same key is used to encrypt and decrypt the message). This key is then encrypted using public-key encryption and sent or saved with the encrypted message. Only the intended recipient of the message can decrypt the key that was used to encrypt the original message, and therefore, decrypt the message.

Secure location where a user or component's public-key information is stored. The PSE for a user or component is typically located in a protected directory in the file system or on a smart card. It contains both the public information (public-key certificate and private address book) as well as the private information (private key) for its owner. Therefore, only the owner of the information should be able to access his or her PSE.

For example, the SAP Security Library (SAPSECULIB) stores the application server's information in a PSE. In this case, the PSE contains both the private address book for the SAP System as well as the SSF profile.

Location in the public-key infrastructure where the users’ and components' public keys are stored. Depending on the security product that you use, it may be identical to the SSF profile.

A system that manages the trust relationships involved with using public-key technology. The PKI's role is to make sure that public-key certificates and CAs can be validated and trusted. The collection of services and components involved with establishing and maintaining these trust relationships is known as the PKI.

Technology used for securing digital documents.

Public-key technology uses key pairs to provide its protection. Each participant receives an individual key pair consisting of a public key and a private key. These keys have the following characteristics:

A digital document that contains the necessary information to identify its owner and verify his or her digital signatures. Typical information contained in a public-key certificate include:

Default security provider provided with the SAP System. The SAPSECULIB is a dynamic link library that is located on each application server. The SAPSECULIB provides the functions for using digital signatures in SAP Systems. It does not support functions for using digital envelopes and encryption.

Information in the SAP System where a user or component's private part of the public-key information is stored (the private key). The SSF profile may be a file or any other information specifying the public-key information. The exact form of the profile depends on the security product that you use.

The Personal Security Environment (PSE) for the SAP System. The system PSE is created by the SAPSECULIB during the installation process and contains the private address book and the SSF profile for the SAP System. In Release 4.5A, each application server receives its own system PSE; as of Release 4.5B, the system creates a single system PSE and distributes it to all of the application servers.