《BS-ISO-IEC-13888-3-1997.pdf》由会员分享,可在线阅读,更多相关《BS-ISO-IEC-13888-3-1997.pdf(16页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS ISO/IEC 13888-3:1997 Information technology Security techniques Non-repudiation Part 3: Mechanisms using asymmetric techniques ICS 35.040 Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:27 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 13888-3:1997 This Britis
2、h Standard, having been prepared under the direction of the DISC Board, was published under the authority of the Standards Committee and comes into effect on 15 December 1998 BSI 05-1999 ISBN 0 580 30919 3 National foreword This British Standard reproduces verbatim ISO/IEC 13888-3:1997 and implement
3、s it as the UK national standard. The UK participation in its preparation was entrusted to Technical Committee IST/33, Information technology Security techniques, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/European committee any en
4、quiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The B
5、ritish Standards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Find” facility of the BSI Standards Electronic Catalogue. A Bri
6、tish Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a fro
7、nt cover, an inside front cover, pages i and ii, the ISO/IEC title page, page ii, pages 1 to 8 and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on the inside front cover. Amendments issued si
8、nce publication Amd. No.DateComments Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:27 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 13888-3:1997 BSI 05-1999i Contents Page National foreword Inside front cover Foreword ii 1Scope1 2Normative references1 3Definitions1 4Symbols an
9、d abbreviations1 5Requirements2 6Trusted third party involvement2 7Digital signatures2 8Non-repudiation tokens3 9Mechanisms without delivery authority5 10Mechanisms using a delivery authority6 Annex A (informative) Mechanisms for other non-repudiation services7 Figure 1 Non-repudiation tokens and th
10、eir usage4 Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:27 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ii blank Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:27 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:27 GM
11、T+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 13888-3:1997 ii BSI 05-1999 Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO
12、 or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations
13、, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to nati
14、onal bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 13888-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security technique
15、s. ISO/IEC 13888 consists of the following parts, under the general title Information technology Security techniques Non-repudiation: Part 1: General; Part 2: Mechanisms using symmetric techniques; Part 3: Mechanisms using asymmetric techniques. Annex A of this part of ISO/IEC 13888 is for informati
16、on only. Descriptors: Data processing, information interchange, protection of information, security techniques. Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:27 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 13888-3:1997 BSI 05-19991 1 Scope The goal of the Non-repudiation serv
17、ice is to generate, collect, maintain, make available and validate evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non occurrence of the event or action. This part of ISO/IEC 13888 specifies mechanisms for the provision of some specific, communicati
18、on related non-repudiation services using asymmetric techniques. Non-repudiation mechanisms are specified to establish the following non-repudiation services: non-repudiation of origin, non-repudiation of delivery, non-repudiation of submission, non-repudiation of transport. Non-repudiation mechanis
19、ms involve the exchange of non-repudiation tokens specific for each non-repudiation service. Non-repudiation tokens consist of digital signatures and additional data. Non-repudiation tokens shall be stored as non-repudiation information that may be used subsequently in case of disputes. Depending on
20、 the non-repudiation policy in effect for a specific application, and the legal environment within which the application operates, additional information may be required to complete the non-repudiation information, e.g., evidence including a trusted time stamp provided by a Time Stamping Authority,
21、evidence provided by a notary which provides assurance about the action or event performed by one or more entities. Non-repudiation can only be provided within the context of a clearly defined security policy for a particular application and its legal environment. Non-repudiation policies are descri
22、bed in the multipart Standard of Security Frameworks for open systems Part 4: Non-repudiation Framework, ISO/IEC 10181-4. 2 Normative references The following standards contain provisions which, through reference in this text, constitute provisions of this part of ISO/IEC 13888. At the time of publi
23、cation, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this part of ISO/IEC 13888 are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. Members of IEC and ISO maintain registe
24、rs of currently valid international Standards. ISO 7498-2:1989, Information processing systems Open Systems Interconnection Basic Reference Model, Part 2: Security Architecture. ISO/IEC 9594-8:1995, Information technology Open Systems Interconnection The Directory: Authentication framework. ISO/IEC
25、9796 (all parts), Information technology Security techniques Digital signature schemes giving message recovery. ISO/IEC 10181-1:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Overview. ISO/IEC 10181-4:1997, Information technology Open Systems Intercon
26、nection Security frameworks for open systems Part 4: Non-repudiation framework. ISO/IEC 13888-1:1997, Information technology Security techniques Non-repudiation Part 1: General. ISO/IEC 14888 (all parts), Information technology Security techniques Digital signatures with appendix. 3 Definitions For
27、the purposes of this part of ISO/IEC 13888, the definitions and notation described in ISO/IEC 13888-1 apply. 4 Symbols and abbreviations Athe distinguishing identifier of the message originator A. Bthe distinguishing identifier of the message recipient B. DADelivery Authority, a trusted third party.
28、 fia data item (flag) indicating the kind of non-repudiation service in effect. Imp(y) the imprint of the data y, consisting of data y or the hash-code of y. mthe message which is sent from entity A to entity B in respect of which non-repudiation services are provided. NRDNon-repudiation of Delivery
29、. NRDT Non-repudiation of Delivery Token. NRONon-repudiation of Origin. NROT Non-repudiation of Origin Token. NRSNon-repudiation of Submission. NRSTNon-repudiation of Submission Token. NRTNon-repudiation of Transport. NRTTNon-repudiation of Transport Token. Polthe distinguishing identifier of the no
30、n-repudiation policy (or policies) which apply to the evidence. Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:27 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 13888-3:1997 2 BSI 05-1999 5 Requirements Depending on the basic mechanism used for generating non-repudiation tokens,
31、 and independent of the non-repudiation service supported by the non-repudiation mechanisms, the following requirements hold for the entities involved in a non-repudiation exchange in this part of ISO/IEC 13888: 5.1 The entities of a non-repudiation exchange shall trust the same trusted third party
32、(TTP), which may be composed of several independent TTPs bound by non-repudiation agreements. 5.2 The signature key belonging to an entity must be kept secret by that entity. 5.3 The digital signature mechanism used shall satisfy the security requirements specified by the policy. 5.4 Prior to the ge
33、neration of evidence, the evidence generator must know which non-repudiation policies the evidence shall be generated in accordance with, what type of evidence is to be generated, and which mechanisms are to be used to verify the evidence. 5.5 The mechanisms for generating or verifying evidence must
34、 be available to the entities of the particular non-repudiation exchange, or a trusted authority must be available to provide the mechanisms. 5.6 The evidence generator and verifier may need access to a trusted time stamping or notary facility. 6 Trusted third party involvement Trusted third parties
35、 may be involved in the provision of non-repudiation services, depending on the mechanisms used and the non-repudiation policy in force. A single trusted third party may act in one or more of these roles, namely: A Delivery Authority (DA) is trusted to deliver the message to the intended recipient a
36、nd to provide the non-repudiation of submission or transport token. The use of asymmetric cryptographic techniques may require the involvement of at least a trusted third party to guarantee the authenticity of the public verification keys, as described in, e.g., ISO 9594-8. The non-repudiation polic
37、y in force may require that the evidence be generated partly or totally by a trusted third party. A Time Stamp Authority (TSA) may be involved to provide trusted time stamping. TSA may also be used to ensure that a non-repudiation token remains valid even after the key used to sign the token has bee
38、n compromised or revoked. A Notary Authority may be involved to certify the entities involved, to certify the data communicated and to extend the life of an existing token beyond its expiry or beyond subsequent revocation. An Evidence Recording Authority may be involved to record evidence that can l
39、ater be retrieved in case of dispute. Trusted third parties may be involved to differing degrees in the phases of non-repudiation. When exchanging evidence, the parties must either have the knowledge, or be informed, or agree which non-repudiation policy is to be applicable to the evidence. 7 Digita
40、l signatures Non-repudiation tokens are created by using digital signatures. There are two types of digital signatures specified by ISO/IEC 9796 and ISO/IEC 14888, namely, signature giving message recovery, where the verification process reveals the message together with its specific redundancy, sig
41、nature with appendix, where the verification process requires the message as part of the input. The choice of the signature mechanism is specified by the policy applied and is beyond the scope of this standard. Qan optional data item that may contain additional information, e.g., the distinguishing
42、identifiers of the message m, signature mechanism, or hash-function. SXthe signature operation using a signature algorithm and the private key of entity X. Tidate and time the event or action took place. Tgdate and time the evidence was generated. textan optional data item that may contain additiona
43、l information, e.g., key identifier and/or the message identifier. TSATime Stamp Authority. TSTTime Stamp Token. yzthe result of the concatenation of y and z in that order. Licensed Copy: sheffieldun sheffieldun, na, Thu Nov 23 01:33:27 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO/IEC 13888-3:1
44、997 BSI 05-19993 Signature algorithms and keys may have a pre-defined lifetime that is stated in the keys certificate issued by the certification authority. Therefore, the tokens defined in this standard may also have a definite lifetime specified by non-repudiation policy. The mechanisms described
45、in A.2 can be used to extend the lifetime of a token. 8 Non-repudiation tokens The usage of each non-repudiation token is depicted in Figure 1. 8.1 Non-repudiation of origin (NRO) token An NRO token is used to provide protection against the originators false denial of having originated the message.
46、The NRO token is generated by the originator A of the message m (or authority C), sent by A to the recipient B, stored by the recipient B after verification. The structure of the NRO token is: The information z1 necessary for an NRO token consists of the following data items: 8.2 Non-repudiation of
47、delivery (NRD) token An NRD token is used to provide protection against the recipients false denial of having received and recognised the content of the message m. The NRD token is generated by the recipient B (or authority C), sent by B to one or more entities including the message originator A, if
48、 known, stored by these entities after verification. The structure of an NRD token is: The information z2 necessary for an NRD token consists of the following data items: NRO token = text1 z1 SA(z1),with z1 = Pol f1 A B C Tg T1 Q Imp(m). Polthe distinguishing identifier of the non-repudiation policy
49、 (or policies) which apply to the evidence, f1a flag indicating non-repudiation of origin, Athe distinguishing identifier of the originator of the message m, Bthe distinguishing identifier(s) of the intended recipient(s) of the message m (optional), Cthe distinguishing identifier of the authority involved (optional); if the token is generated by authority C then this data item is mandatory and the signature SA(z1) in the NRO token should be replaced by SC(z1),