1、IECInternationalStandardISO/IEC11770-3Fourthedition2021-10AMENDMENT12025-04ISO/IEC2025InformationsecurityKeymanagement一Part3:MechanismsusingasymmetrictechniquesAMENDMENT1:TFNSidentity-basedkeyagreementSecuritedeinformationGestiondeclesPartie3:MecanismesUtilisantdestechniquesasymetriquesAMENDEMENT1:A
2、ccorddeclebaseesurUidentiteTFNSReferencenumberISO/IEC11770-3:2021/Amd.l:2025(en)COPYRIGHTPROTECTEDDOCUMENTISO/IEC2025Allrightsreserved.Unlessotherwisespecified,orrequiredinthecontextofitsimplementation,nopartofthispublicationmaybereproducedorutilizedotherwiseinanyformorbyanymeans,electronicormechani
3、cal,includingphotocopying,orpostingontheinternetoranintranet,withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOattheaddressbeloworISO,smemberbodyinthecountryoftherequester.ISOcopyrightofficeCP401Ch.deBlandonnet8CH-1214Vernier,GenevaPhone:+41227490111Email:copyrightiso.orgWebsite:www
4、iso.orgPublishedinSwitzerlandForewordISO(theInternationalOrganizationforStandardization)andIEC(theInternationalElectrotechnicalCommission)formthespecializedsystemforworldwidestandardization.NationalbodiesthataremembersofISOorIECparticipateinthedevelopmentofInternationalStandardsthroughtechnicalcomm
5、itteesestablishedbytherespectiveorganizationtodealwithparticularfieldsoftechnicalactivity.ISOandIECtechnicalcommitteescollaborateinfieldsofmutualinterest.Otherinternationalorganizations,governmentalandnon-governmental,inliaisonwithISOandIEC,alsotakepartinthework.Theproceduresusedtodevelopthisdocumen
6、tandthoseintendedforitsfurthermaintenancearedescribedintheISO/IECDirectives,Part1.Inparticular,thedifferentapprovalcriterianeededforthedifferenttypesofdocumentshouldbenoted.ThisdocumentwasdraftedinaccordancewiththeeditorialrulesoftheISO/IECDirectives,Part2(seeWWW.iso.org/directivesorwww.iec.ch/membe
7、rsexpvrts/refdocs).ISOandIECdrawattentiontothepossibilitythattheimplementationofthisdocumentmayinvolvetheuseof(八)patent(三),ISOandIECtakenopositionconcerningtheevidence,validityorapplicabilityofanyclaimedpatentrightsinrespectthereof.Asofthedateofpublicationofthisdocument,ISOandIEChadreceivednoticeof(
8、八)patent(三)whichmayberequiredtoimplementthisdocument.However,Implementersarecautionedthatthismaynotrepresentthelatestinformation,whichmaybeobtainedfromthepatentdatabaseavailableatWWW.isdorg/PatentSandhttps:/patents.iec.ch.ISOandIECshallnotbeheldresponsibleforidentifyinganyorallsuchpatentrights.Anytr
9、adenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.Foranexplanationofthevoluntarynatureofstandards,themeaningofISOspecifictermsandexpressionsrelatedtoconformityassessment,aswellasinformationaboutISOsadherencetotheWorldTradeOrganization(WTO)principles
10、intheTechnicalBarrierstoTrade(TBT)seeWWW.iso.org/iso/foreword.html.IntheEC,seeWWW.iec.ch/UndVrStanding-standards.ThisdocumentwaspreparedbyTechnicalCommitteeISO/IECJTC1,Informationtechnology,SubcommitteeSC27,Informationsecurity,cybersecurityandprivacyprotection.AlistofallpartsintheISO/IEC11770seriesc
11、anbefoundontheISOwebsite.Anyfeedbackorquestionsonthisdocumentshouldbedirectedtotheusersnationalstandardsbody.Acompletelistingofthesebodiescanbefoundatwww.iso.org/mDmbers.htmlandwww.iec.ch/national-committees.InformationsecurityKeymanagement一Part3:MechanismsusingasymmetrictechniquesAMENDMENT1:TFNSide
12、ntity-basedkeyagreementAnnexBAtthebottomofTableB.I1insertthesecondrowofthefollowingtable:Mechanism#passesImplicitkeyauthenticationKeyconfirmationEntityauthenticationPublickeyoperationsForwardsecrecyKeyfreshnessUnlinkableF.62A,BOptNo(5F1FPA,BA,BNoAnnexFAddnewClauseF.6asfollows:F.6TFNSidentity-basedke
13、yagreementTFNSProtOCoIW,52jsa11exampleofthekeyagreementmechanism15,whichisidentity-basedinthefollowingsense: theprivatekeyofanentitycanbecomputedfromsomecombinationofitsidentityandaprivatekeyofatrustedthirdparty;theentitygetsitsprivatekeyfromthethirdparty; thepublickeyofanentitycanbecomputedfromsome
14、combinationofitsidentityandapublickeyofatrustedthirdparty; theauthenticityofthepublickeyisnotdirectlyverified,butthethirdpartyonlyissuestheprivatekeytotheentityifitsidentityisvalid.ThiskeyagreementmechanismestablishesasharedsecretbetweenentitiesAandBintwopasses,asshowninFigure12.Inthefollowing,disti
15、ncthashfunctionshash7(mforj=1,2,3mapaconcatenationofmessagestoanintegerintherange0v.ln-l.Priortotheprocessofagreeingonasharedsecretkey,inadditiontothecommoninformation,thefollowingshallbeestablished: foratrustedthirdpartyT,aprivatekeydandapublickeyPip(G1),whichisanellipticcurvepointsatisfyingP=dG1.S
16、eeISO/IEC15946-1foradescriptionofhowtogeneratethiskeypair; foreachentityX(4,B),anidentityrepresentationi,即hichisanintegercomputedasix=hash1(X),andaprivatekey-agreementkey,whichiscomputedasDx=(d7i)1modn)G2in(G2); foreachentityorB,accesstoanauthenticcopyofthepublickeyofthethirdpartyandtheidentityofthe
17、otherparty.Thefollowingkeytokenconstructionsshallapply: Keytokenconstruction(Al):EntityAgeneratesasecretvaluer40,1Zselecteduniformlyatrandom,thencomputesthekeytokenKTAlasfollows:xi=hash2iDa,rA),KTAl=xAi(P+鬲Gl)andsendsKTitoentityB.Keytokenconstruction(Bl):EntityBgeneratesasecretvaluerB0,lselectedunif
18、ormlyatrandom,thencomputesthekeytokenKTBlasfollows:XBl=hash2D,r),KTBl=XBl(P+春GI)andsendsKTBlt0entityA.Keyconstruction(A2):EntityAcomputesthesharedkeyKABasfollows:eA=hash3(rT41,A,B)fe=hash3(CTl,A,B),KAB=Pairing(X4i+%)(K71bi+%(P+筋GI),以). Keyconstruction(B2):EntityBcomputesthesharedkeyKABasfollows:eA=h
19、ash3(rT41fA,BeB=hash3(logn,whereweusekeyderivationfunctionkdf(seeAnnexCandISc)/IECIl770-6),0S2IP(seeISO/IEC15946-1:2016,7.3J,andI20SP(y,1)=001ifj=1;002ifj=2;003ifj=3;otherwiseundefined.NOTE4ThesessionkeysharedbetweenAandBiscomputedbySK=kdf(A,B,KTBl,IbBibliography:Addnewbibliographicentriesasfollows:
20、51 TomidaJ.,Fujioka,A”NagatAvSuzuki,K.:StronglySecureIdentity-BasedKeyExchangewithSinglePairingOperation.IEICETransactions,2021lE104-A(l)pp.58-68.52 Tomidal.,Fujioka,A”NagatAvSuzuki,K.:StronglySecureIdentity-BasedKeyExchangewithSinglePairingOperation.InESORICS2019,pp.484-503.ICS35.030iso.orgPricebasedon2pagesISO/IEC2025Allrightsreserved