IEEE Std 802.1AR-2018 pdf download – Local and Metropolitan Area Networks- Secure Device Identity.
3.18 DevID: A device identifier that is cryptographically bound to the device, and comprises a DevID secret (3.21), a signed DevID certificate (3. 19) that binds possession of that secret to a statement of identity made by the certificate s issuer, and (as required by authenticating systems) a certificate chain (3.7) that links the certificate to a trust anchor (3.43). 3.19 DevID certificate: A data object constructed using cryptographic operations to bind the DevID Name and other data to a DevID secret (3.21) possessed by the device. 3.20 DevID module: A logical security component that securely stores and operates on DevID secret(s) and associated DevID certificate(s). 3.21 DevID secret: The private key portion of a public-private key pair bound to a DevID certificate. 3.22 DevID solution: The systems, protocols, and/or the policies and procedures that support the use of DevID equipped devices in a customer network. 3.23 DevID trust anchor store: The database of trust anchor information for IDevIDs and LDevIDs that is stored and used by a DevID solution. This is equivalent to the common Web browser trust anchor store and can be shipped with the DevID solution (3.22). 3.24 Distinguished En coding Rules (DER): A subset, specified in ISO/IEC 8825-1, of the Basic Encoding Rules (BER, 3.5) that specifies exactly one way of encoding any particular ASN.1 value. 3.25 IDevID: A DevID (3.18) installed in a DevID module (3.20) by the supplier of the device. 3.26 enrollment: The process and protocols used by customer network systems to recognize a device possessing an IDevID (3.25) and authorize it for subsequent network activity, possibly including giving it an LDevID (3.32).
3.35 personal device: A device used by an individual or a small group of people, such that identification of the device or its network activity implies the location or activity of that individual or a group member. 3.36 Public K ey Infrastructure (PKI): A set of network entities and the roles, policies, and procedures that govern the creation, distribution, use, storage, and revocation of X 509 digital certificates. 3.37 PKI hierarchy: A relationship between systems supporting a PKI, where systems with a role associated with a tier in the hierarchy can delegate authority to a system or systems whose role is associated with an immediately lower tier. 3.38 Registration Authority (RA): A PKI entity that verifies requests for X.509 digital certificates before requesting their issuance by a CA. 3.39 Secure Device Identifier: See: DevID (3.18). 3.40 Secure Device Identifier Module: See: DevID Module (3.20). 3.41 signature suite: An asymmetric cryptographic algorithm and associated constraints (e.g.,. restrictions on key types, key sizes, and component functions) that facilitate its implementation and use to generate digital signatures with specific security properties. 3.42 supplier: In this standard, the person, organization, or administrator acting on their behalf, making a claim of conformance in respect of a device that is provided for attachment to a customer network.