《BS-ISO-IEC-9798-1-1997.pdf》由会员分享,可在线阅读,更多相关《BS-ISO-IEC-9798-1-1997.pdf(16页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS ISO/IEC 9798-1:1997 Information technology Security techniques Entity authentication Part 1: General ICS 35.040 Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:50 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 9798-1:1997 This British Standard, having been pre
2、pared under the direction of the DISC Board, was published under the authority of the Standards Committee and comes into effect on 15 December 1998 BSI 05-1999 ISBN 0 580 30924 X National foreword This British Standard reproduces verbatim ISO/IEC 9798-1:1997 and implements it as the UK national stan
3、dard. It supersedes BS ISO/IEC 9798-1:1991 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/33, Information technology Security techniques, which has the responsibility to: aid enquirers to understand the text; present to the responsible internatio
4、nal/European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee can be obtained on request to its secr
5、etary. Cross-references The British Standards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Find” facility of the BSI Standard
6、s Electronic Catalogue. A British Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages
7、This document comprises a front cover, an inside front cover, pages i and ii, the ISO/IEC title page, page ii, pages 1 to 8 and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on the inside fron
8、t cover. Amendments issued since publication Amd. No.DateComments Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:50 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 9798-1:1997 BSI 05-1999i Contents Page National forewordInside front cover Forewordii 1 Scope1 2 Normative reference
9、s1 3 Definitions1 4 Notation4 5 Authentication model4 6 General requirements and constraints4 Annex A (informative) Use of text fields6 Annex B (informative) Time variant parameters6 Annex C (informative) Certificates7 Annex D (informative) Bibliography7 Figure 1 Authentication model4 Licensed Copy:
10、 sheffieldun sheffieldun, na, Thu Nov 23 01:33:50 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ii blank Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:50 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:50 GMT+00:00 2006, Uncontrolle
11、d Copy, (c) BSI BS ISO/IEC 9798-1:1997 ii BSI 05-1999 Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the
12、 development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-gov
13、ernmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Pu
14、blication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 9798-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC27, IT Security techniques. This second edition cance
15、ls and replaces the first edition (ISO/IEC 9798-1:1991), which has been technically revised. ISO/IEC 9798 consists of the following part, under the general title Information technology Security techniques Entity authentication mechanisms: Part 3: Entity authentication using a public key algorithm. I
16、SO/IEC 9798 consists of the following parts, under the general title Information technology Security techniques Entity authentication: Part 1: General; Part 2: Mechanisms using symmetric encipherment algorithms; Part 4: Mechanisms using a cryptographic check function; Part 5: Mechanisms using asymme
17、tric zero knowledge techniques. NOTEThe introductory element of the title of part 3 will be aligned with the introductory element of the titles of parts 1, 2, 4 and 5 at the next revision of part 3 of ISO/IEC 9798. Further parts may follow. Annex A, Annex B, Annex C and Annex D of this part of ISO/I
18、EC 9798 are for information only. Descriptors: Data processing, information interchange, protection of information, security techniques, authentication, message authentication codes, models. Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:50 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS
19、 ISO/IEC 9798-1:1997 BSI 05-19991 1 Scope This part of ISO/IEC 9798 specifies an authentication model and general requirements and constraints for entity authentication mechanisms which use security techniques. These mechanisms are used to corroborate that an entity is the one that is claimed. An en
20、tity to be authenticated proves its identity by showing its knowledge of a secret. The mechanisms are defined as exchanges of information between entities, and where required, exchanges with a trusted third party. The details of the mechanisms and the contents of the authentication exchanges are not
21、 specified in this part of ISO/IEC 9798 but in the subsequent parts. Certain of the mechanisms specified in subsequent parts of ISO/IEC 9798 can be used to help provide non-repudiation services, mechanisms for which are specified in ISO/IEC 13888. The provision of non-repudiation services is beyond
22、the scope of ISO/IEC 9798. 2 Normative references The following standards contain provisions which, through reference in this text, constitute provisions of this part of ISO/IEC 9798. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to
23、 agreements based on this part of ISO/IEC 9798 are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. Members of IEC and ISO maintain registers of currently valid International Standards. ISO 7498-2:1989, Information processing systems Op
24、en Systems Interconnection Basic Reference Model Part 2: Security Architecture. ISO/IEC 9594-8:1995, Information technology Open Systems Interconnection The Directory Part 8: Authentication framework. ISO/IEC 10181-2:1996, Information technology Open Systems Interconnection Security frameworks for o
25、pen systems: Authentication framework. ISO/IEC 13888-1:, Information technology Security techniques Non-repudiation Part 1: General1). 3 Definitions 3.1 ISO/IEC 9798 makes use of the following general security-related terms defined in ISO 7498-2: 3.1.1 cryptographic check value information which is
26、derived by performing a cryptographic transformation on the data unit 3.1.2 masquerade the pretence by an entity to be a different entity 3.1.3 digital signature (signature) data appended to, or a cryptographic transformation of, a data unit that allows the recipient of the data unit to prove the so
27、urce and integrity of the data unit and protect against forgery e.g. by the recipient 3.2 ISO/IEC 9798 makes use of the following general security-related terms defined in ISO/IEC 10181-2: 3.2.1 claimant an entity which is or represents a principal for the purposes of authentication. A claimant incl
28、udes the functions necessary for engaging in authentication exchanges on behalf of a principal 3.2.2 principal an entity whose identity can be authenticated 3.2.3 trusted third party a security authority or its agent, trusted by other entities with respect to security-related activities. In the cont
29、ext of ISO/IEC 9798, a trusted third party is trusted by a claimant and/or a verifier for the purposes of authentication 3.2.4 verifier an entity which is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchange
30、s 1) to be published Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:50 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 9798-1:1997 2 BSI 05-1999 3.3 For the purposes of ISO/IEC 9798 the following definitions apply: 3.3.1 asymmetric cryptographic technique a cryptographic techniqu
31、e that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key). The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformati
32、on NOTEA system based on asymmetric cryptographic techniques can either be an encipherment system, a signature system, a combined encipherment and signature system, or a key agreement system. With asymmetric cryptographic techniques there are four elementary transformations: sign and verify for sign
33、ature systems, encipher and decipher for encipherment systems. The signature and decipherment transformation are kept private by the owning entity, whereas the corresponding verification and encipherment transformation are published. There exist asymmetric cryptosystems (e.g. RSA) where the four ele
34、mentary functions may be achieved by only two transformations: one private transformation suffices for both signing and decrypting messages, and one public transformation suffices for both verifying and encrypting messages. However, since this is not the general case, throughout ISO/IEC 9798 the fou
35、r elementary transformations and the corresponding keys are kept separate. 3.3.2 asymmetric encipherment system a system based on asymmetric cryptographic techniques whose public transformation is used for encipherment and whose private transformation is used for decipherment 3.3.3 asymmetric key pa
36、ir a pair of related keys where the private key defines the private transformation and the public key defines the public transformation 3.3.4 asymmetric signature system a system based on asymmetric cryptographic techniques whose private transformation is used for signing and whose public transforma
37、tion is used for verification 3.3.5 challenge a data item chosen at random and sent by the verifier to the claimant, which is used by the claimant, in conjunction with secret information held by the claimant, to generate a response which is sent to the verifier 3.3.6 ciphertext data which has been t
38、ransformed to hide its information content 3.3.7 cryptographic check function a cryptographic transformation which takes as input a secret key and an arbitrary string, and which gives a cryptographic check value as output. The computation of a correct check value without knowledge of the secret key
39、shall be infeasible 3.3.8 decipherment the reversal of a corresponding encipherment 3.3.9 distinguishing identifier information which unambiguously distinguishes an entity 3.3.10 encipherment the (reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e., to hide th
40、e information content of the data 3.3.11 entity authentication the corroboration that an entity is the one claimed 3.3.12 interleaving attack a masquerade which involves use of information derived from one or more ongoing or previous authentication exchanges 3.3.13 key a sequence of symbols that con
41、trols the operation of a cryptographic transformation (e.g. encipherment, decipherment, cryptographic check function computation, signature generation, or signature verification) 3.3.14 mutual authentication entity authentication which provides both entities with assurance of each others identity 3.
42、3.15 plaintext unenciphered information 3.3.16 private decipherment key private key which defines the private decipherment transformation Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:50 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 9798-1:1997 BSI 05-19993 3.3.17 private key
43、that key of an entitys asymmetric key pair which should only be used by that entity NOTEIn the case of an asymmetric signature system the private key defines the signature transformation. In the case of an asymmetric encipherment system the private key defines the decipherment transformation. 3.3.18
44、 private signature key private key which defines the private signature transformation NOTEThis is sometimes referred to as a secret signature key. 3.3.19 public encipherment key public key which defines the public encipherment transformation 3.3.20 public key that key of an entitys asymmetric key pa
45、ir which can be made public NOTEIn the case of an asymmetric signature system the public key defines the verification transformation. In the case of an asymmetric encipherment system the public key defines the encipherment transformation. A key that is “publicly known” is not necessarily globally av
46、ailable. The key may only be available to all members of a prespecified group. 3.3.21 public key certificate (certificate) the public key information of an entity signed by the certification authority and thereby rendered unforgeable (see also Annex C) 3.3.22 public key information information speci
47、fic to a single entity and which contains at least the entitys distinguishing identifier and at least one public key for this entity. There may be other information regarding the certification authority, the entity, and the public key included in the public key information, such as the validity peri
48、od of the public key, the validity period of the associated private key, or the identifier of the involved algorithms (see also Annex C) 3.3.23 public verification key public key which defines the public verification transformation 3.3.24 random number a time variant parameter whose value is unpredi
49、ctable (see also Annex B) 3.3.25 reflection attack a masquerade which involves sending a previously transmitted message back to its originator 3.3.26 replay attack a masquerade which involves use of previously transmitted messages 3.3.27 sequence number a time variant parameter whose value is taken from a specified sequence which is non-repeating within a certain time period (see also Annex B) 3.3.28 symmetric cryptographic technique a cryptographic technique that uses the same secret key for both the originators and the