ISO IEC 29191-2012 Information technology - Security techniques - Requirements for partially anonymous partially unlinkable authentication《信息技术 安全技术 部分匿名、部分不可链接.pdf

1、 Reference number ISO/IEC 29191:2012(E) ISO/IEC 2012INTERNATIONAL STANDARD ISO/IEC 29191 First edition 2012-12-15Information technology Security techniques Requirements for partially anonymous, partially unlinkable authentication Technologies de linformation Techniques de scurit Exigences pour lauth

2、entification partiellement anonyme, partiellement non reliableISO/IEC 29191:2012(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including ph

3、otocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in S

4、witzerland ii ISO/IEC 2012 All rights reservedISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Terms and definitions . 1 3 General . 2 4 Framework . 2 5 Requirements . 4 Annex A (informative) Use cases 5 Annex B (informative) Applicatio

5、n of the mechanism for the purpose of data authentication and data protection . 7 Bibliography 9 ISO/IEC 29191:2012(E) iv ISO/IEC 2012 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized sys

6、tem for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees c

7、ollaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Stand

8、ards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publicatio

9、n as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC should not be held responsible for identifying any or all such pa

10、tent rights. ISO/IEC 29191 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT Security techniques. ISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved vIntroduction The current state of the art for entity authentication requires the revelation

11、of the identifiable information of an entity being authenticated. In many types of transactions, the entity would prefer to remain anonymous and unlinkable, which means that when two transactions are performed, it is difficult to distinguish whether the transactions are performed by the same user or

12、 two different users. However, in some circumstances there are legitimate reasons to enable subsequent reidentification (e.g., the interest of accountability). The term partially anonymous, partially unlinkable means that an a priori designated opener, and that designated opener only, can identify t

13、he authenticated entity. For example, a library may need to identify an entity that has not returned a borrowed book in order to send a late notice to the entity. Current cryptographic technologies are available to provide partially anonymous, partially unlinkable authentication. This International

14、Standard defines a framework and requirements for partially anonymous, partially unlinkable authentication. INTERNATIONAL STANDARD ISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved 1Information technology Security techniques Requirements for partially anonymous, partially unlinkable authenticat

15、ion 1 Scope This International Standard provides a framework and establishes requirements for partially anonymous, partially unlinkable authentication. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 authentication provision of assurance in t

16、he claimed identity of an entity SOURCE: ISO/IEC 18014-2 2.2 claimant entity which is or represents a principal for the purposes of authentication SOURCE: ISO/IEC 9798-1:2010 2.3 credential representation of an identity SOURCE: ISO/IEC 24760-1 2.4 designated opener entity who can re-identify the cla

17、imant from the transcript of authentication NOTE The selection of the designated opener should be made in advance of transactions. The entity or entities that make that selection may vary with the implementation. As the designated opener has the capability of identifying the claimant, the selection

18、of the designated opener and the selection of the transcript of authentication to be provided to the designated opener need to be carefully performed. 2.5 identity set of attributes related to an entity SOURCE: ISO/IEC 24760-1 2.6 re-identification identification of a claimant following a partially

19、anonymous, partially unlinkable authentication NOTE Re-identification is also called opening. ISO/IEC 29191:2012(E) 2 ISO/IEC 2012 All rights reserved2.6 transcript of authentication record of sequences of exchanged data from a process of authentication 3 General Many cryptographic mechanisms are av

20、ailable and in use today to improve the security of the authentication process. This leads to greater trust when, following a successful authentication, an entity is given appropriate access to protected resources using some authorization process. Note that the details of authorization are out of sc

21、ope for this standard and thus marked in parentheses. A typical authentication and authorization model includes the following steps (with each step usually including a number of sub-steps, many of which are covered in ISO/IEC 29115): a) Enrollment b) Authentication c) (Authorization) Most cryptograp

22、hic mechanisms in use today require the revelation of the identifiable information and enable tracking of an entity across transactions. For example, the use of public keys could hide an entitys real name. However, if the same public key or pseudonym is used for multiple authentications, it can be u

23、sed to link information about the entity across transactions and so build a profile. But complete anonymity and unlinkability may not always be desirable. For example, an entity could use anonymity to escape punishment for exploiting a system. So, while anonymity and unlinkability may be appropriate

24、 in some situations, there are cases where it may be necessary to give certain parties the ability to re-identify an entity. To achieve the goal of partially anonymous, partially unlinkable authentication, the process steps now look like: a) Registration/enrollment, including setup to achieve anonym

25、ity b) Authentication c) (Authorization) d) Re-identification (when appropriate) 4 Framework For the sake of understanding an overview of the framework, a typical scenario is exemplified, where a claimant begins by enrolling with a service. The service includes an issuer that generates credentials a

26、nd issues them to the claimants. The claimants then use the credentials for authentication. If the authentication is successful, a transcript of authentication is created. Although it may contain other things, this transcript shall include information necessary to enable re-identification by the des

27、ignated opener. If re-identification is required, the transcript of authentication is given to the designated opener who, a priori to any transactions, must be established and provided with the necessary cryptographic components required for re-identification. Each system will have its own set of pr

28、actices and principles for determining when re-identification is appropriate or necessary. Those details are not within the scope of this standard. Principles such as openness, transparency and notice are explained in ISO/IEC 29100. Every application will have its own requirements so any particular

29、implementation may have variations from the flow described above. For example, the cryptographic-based credentials could be generated by the claimant, rather than the issuer; or credentials may be issued electronically or in person. But such variations do not change the fundamental aspects of the fr

30、amework. ISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved 3This framework defines a set of roles and operations, which are shown in Figure 1. The four roles are: a) Issuer the entity who issues credentials to claimants b) Claimant the entity who will be authenticated by a verifier c) Verifier

31、an entity that checks whether the claimant possesses credentials that are valid d) Designated opener the entity that can re-identify the claimant Among the above four roles, there are four basic operations in this framework. 1) A process between an issuer and a claimant to perform a credential issui

32、ng process. After this process a claimant has a credential. 2) A process for the designated opener to setup the cryptographic information necessary for re- identification. 3) A process between a claimant and a verifier to perform authentication, which produces a transcript of authentication. Authent

33、ication is successful if the verifier can determine that the claimant possesses a valid credential. 4) A process by a designated opener to identify the claimant from the transcript of authentication, called re-identification. In this process, a designated opener uses the transcript of authentication

34、 and may use other information, where appropriate, to enable re-identification Cryptographic information necessary for re- identification Issuer Claimant Verifier Designated opener 1) Credential issuing process 3) Authentication process 4) Re-identification process Identity of claimant Transcript of

35、 authenti cation Credential 2) Setup processFigure 1 Framework of partially anonymous, partially unlinkable authentication ISO/IEC 29191:2012(E) 4 ISO/IEC 2012 All rights reserved5 Requirements Partially anonymous, partially unlinkable authentication shall satisfy all requirements described below. a

36、) A claimant shall be authenticated by a verifier without being identifiable by the verifier. For a claimant to remain anonymous to a verifier, the transaction shall not provide any information to identify the claimant, while allowing the verifier to corroborate that the claimant possesses a valid c

37、redential. b) The transcript of authentication shall not by itself provide information that can link multiple authentication transactions by the same claimant. For a claimant to remain unlinkable to verifiers, the transaction shall not provide any information to link multiple transactions performed

38、by the same claimant. c) The transcript of an authentication shall contain information necessary for the designated opener to re- identify the claimant. For the designated opener to be capable of later re-identifying the claimant, the transcript resulting from a successful transaction shall provide

39、information to identify the claimant. Note, the designated opener may use other information, where appropriate, to enable re-identification. d) The designated opener shall be able to provide evidence that the claimed identity is correct. In order to avoid fraudulent claim(s) by the designated opener

40、, the designated opener shall be able to provide evidence that the procedure for re-identification was properly performed. ISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved 5Annex A (informative) Use cases A.1 Library use case In some countries, the list of books that an individual has borrowed

41、 from a library is considered to be sensitive because the list can reveal the individuals thoughts, conscience, or religion. Due to this sensitivity, borrowers may not want their name linked to the list of books they have borrowed. At the same time, the library may need to associate the title of a b

42、orrowed book with the name of the borrower (e.g., if the book is not returned by the due date). Partially anonymous, partially unlinkable authentication can be applied to this scenario. The registration desk librarian (issuer) at the library will provide a membership card and rules for re- identific

43、ation to an individual (claimant) who would like to borrow books. When the individual wants to borrow a book, he/she will present the membership card to the librarian (verifier) who will check that the individual is a member of the library and will perform the book checkout procedure. A transaction

44、record is created and stored in a database so the library can manage and track books on loan. All individuals remain anonymous in this database, and checkout transactions cannot be linked together. If the individual keeps a book for longer than the allowed borrowing period, the database will notify

45、the head librarian (designated opener) who can determine the name of the borrower for the overdue book and use it to send the individual an appropriate notice. Registration Desk Librarian (issuer) Borrower (claimant) Librarian (verifier) Head Librarian (designated opener) Issuance of membership card

46、 Registered name, address, etc. Authentication Identity of borrower Re- identification Membership Card List of overdue booksFigure A.1 Library use case ISO/IEC 29191:2012(E) 6 ISO/IEC 2012 All rights reservedA.2 Intelligent Traffic System use case Precise measurements, real-time analysis, and predic

47、tions of traffic densities and flows on intercity highways are important contributors to improve traffic flow, safety, and sustainability. A precise trace of the cars on the highway is of great importance. On the other hand, being able to track the real-time location of each car in a continuous mann

48、er has potential privacy implications. Partially anonymous, partially unlinkable authentication can be used in this scenario to support the needs of the intelligent traffic management system while preserving the privacy of the drivers. The frequent users of a route are issued a tag that can be read

49、in a contactless manner. At the entrance of the intercity highway, the tag authenticates itself using partially anonymous, partially unlinkable authentication and receives a temporary identifier that is used until the car exits the highway. By logging this temporary identifier, an intelligent traffic control center can create a list of each car, the time of entry onto the highway, and time of exit, without knowing a permanent identifier of any car. The list can be used to perform real-time analysis of the tra