set of well-defined methods, functions, routines, or commands for application software to facilitate the programming languages use of cryptographic or protected resources from an SE that is used as trust anchor

[SOURCE: ISO/IEC TS 30168]

set of trusted information and cryptographic key material that is used by an application in a specific security context

Note 1 to entry: A personality typically includes the device's own cryptographic material like private keys, secret keys, own public key certificates. A personality can also include information required to establish trust towards partners.

Note 2 to entry: A personality is used within the scope of a specific application. A device can use different personalities in different application contexts.

Note 3 to entry: A personality may make use of secret storage (confidentiality and integrity protected), trusted storage (integrity protected), and general storage (unprotected).

[SOURCE: ISO/IEC TS 30168]

digitally signed data structure that contains a public key and the identity of a Client or Server. [SOURCE: OPC 10000-1]

component capable of securely hosting functionalities, or confidential and cryptographic data, or both in accordance with well-defined rules and security requirements

Note 1 to entry: A typical solution for a SecureElement is a one chip microcontroller.

Note 2 to entry: Cryptographic keys are an example of confidential and cryptographic data.

Note 3 to entry: A SecureElement can be realized as pure software component to support future migration to a hardware SecureElement.

Note 4 to entry: A SecureElement can provide special physical protection features such as tamper protection.

[SOURCE: ISO/IEC TS 30168]

An essential security capability that, by definition, must be trusted

Note 1 to entry: A TrustAnchor can provide provisions to protect the integrity and confidentiality of functions and related information that are required by an application.

Note 2 to entry: The security capability to achieve protection can be provided with an SecureElement. The SecureElement can provide functionality for, for example, secure generation and use of cryptographic key material, and tamper-protected storage of public key certificates.

Note 3 to entry: Data sets, for example, certificates starting a certification path, require additional protection against manipulation to be considered as trust anchor. This additional protection can be achieved by, for example, storage in a shielded location.

Note 4 to entry: A certificate protected against unauthorized tampering and which is accepted as termination of a certification path is an example for a TrustAnchor.

[SOURCE: ISO/IEC TS 30168]