ImageVerifierCode 换一换
格式:PDF , 页数:30 ,大小:2MB ,
资源ID:396304      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-396304.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 13888-1-2009 Information technology - Security techniques - Non-repudiation - General《信息技术 安全技术 不可否认性 概述》.pdf)为本站会员(amazingpat195)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 13888-1-2009 Information technology - Security techniques - Non-repudiation - General《信息技术 安全技术 不可否认性 概述》.pdf

1、BS ISO/IEC 13888-1:2009 ICS 35.040 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BRITISH STANDARD Information technology Security techniques Non-repudiation Part 1: GeneralThis British Standard was published under the authority of the Standards Policy and Strategy Committee

2、on 31 August 2009 BSI 2009 ISBN 978 0 580 59843 2 Amendments/corrigenda issued since publication Date Comments BS ISO/IEC 13888-1:2009 National foreword This British Standard is the UK implementation of ISO/IEC 13888-1:2009. It supersedes BS ISO/IEC 13888-1:2004 which is withdrawn. The UK participat

3、ion in its preparation was entrusted to Technical Committee IST/33, IT - Security techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsi

4、ble for its correct application. Compliance with a British Standard cannot confer immunity from legal obligations.BS ISO/IEC 13888-1:2009Reference number ISO/IEC 13888-1:2009(E) ISO/IEC 2009INTERNATIONAL STANDARD ISO/IEC 13888-1 Third edition 2009-07-15 Information technology Security techniques Non

5、-repudiation Part 1: General Technologies de linformation Techniques de scurit Non-rpudiation Partie 1: Gnralits BS ISO/IEC 13888-1:2009 ISO/IEC 13888-1:2009(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed

6、 but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in th

7、is area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for

8、 use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2009 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utili

9、zed in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax +

10、 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2009 All rights reservedBS ISO/IEC 13888-1:2009 ISO/IEC 13888-1:2009(E) ISO/IEC 2009 All rights reserved iii Contents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references . 1 3 Terms and defini

11、tions. 1 4 Symbols and abbreviated terms . 8 5 Organisation of the remainder of this part of ISO/IEC 13888. 8 6 Requirements 9 7 Generic non-repudiation services. 9 7.1 Entities involved in the provision and verification of evidence. 9 7.2 Non-repudiation services. 10 8 Trusted third party involveme

12、nt 10 8.1 General. 10 8.2 Evidence generation phase . 10 8.3 Evidence transfer, storage and retrieval phase. 11 8.4 Evidence verification phase 11 9 Evidence generation and verification mechanisms 12 9.1 General. 12 9.2 Secure envelopes . 12 9.3 Digital signatures 13 9.4 Evidence verification mechan

13、ism . 13 10 Non-repudiation tokens 13 10.1 General. 13 10.2 Generic non-repudiation token . 14 10.3 Time-stamping token 15 10.4 Notarization token. 15 11 Specific non-repudiation services 15 11.1 General. 15 11.2 Non-repudiation of origin. 16 11.3 Non-repudiation of delivery. 16 11.4 Non-repudiation

14、 of submission. 16 11.5 Non-repudiation of transport. 16 12 Use of specific non-repudiation tokens in a messaging environment . 17 Bibliography . 19 BS ISO/IEC 13888-1:2009 ISO/IEC 13888-1:2009(E) iv ISO/IEC 2009 All rights reservedForeword ISO (the International Organization for Standardization) an

15、d IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal wi

16、th particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC ha

17、ve established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the join

18、t technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.

19、 ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 13888-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. This third edition cancels and replaces the second edition (ISO/IEC 1

20、3888-1:2004), which has been technically revised. ISO/IEC 13888 consists of the following parts, under the general title Information technology Security techniques Non-repudiation: Part 1: General Part 2: Mechanisms using symmetric techniques Part 3: Mechanisms using asymmetric techniques BS ISO/IEC

21、 13888-1:2009 ISO/IEC 13888-1:2009(E) ISO/IEC 2009 All rights reserved v Introduction The goal of a non-repudiation service is to generate, collect, maintain, make available and verify evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non occurrence o

22、f the event or action. This part of ISO/IEC 13888 defines a model for non-repudiation mechanisms providing evidence based on cryptographic check values generated using symmetric or asymmetric cryptographic techniques. Non-repudiation services establish evidence; evidence establishes accountability r

23、egarding a particular event or action. The entity responsible for the action, or associated with the event, with regard to which evidence is generated, is known as the evidence subject. Non-repudiation mechanisms provide protocols for the exchange of non-repudiation tokens specific to each non-repud

24、iation service. Non-repudiation tokens consist of secure envelopes and/or digital signatures and, optionally, additional data: Secure envelopes are generated by an evidence generating authority using symmetric cryptographic techniques. Digital signatures are generated by an evidence generator or an

25、evidence generating authority using asymmetric techniques. Non-repudiation tokens can be stored as non-repudiation information that can be used subsequently by disputing parties or by an adjudicator to arbitrate in disputes. Depending on the non-repudiation policy in effect for a specific applicatio

26、n, and the legal environment within which the application operates, additional information may be required to complete the non-repudiation information, for example: evidence including a trusted time-stamp provided by a time-stamping authority, evidence provided by a notary which provides assurance a

27、bout data created or the action or event performed by one or more entities. Non-repudiation can only be provided within the context of a clearly defined security policy for a particular application and its legal environment. Non-repudiation policies are described in ISO/IEC 10181-4. Specific non-rep

28、udiation mechanisms generic to the various non-repudiation services are first described and then applied to a selection of specific non-repudiation services such as: non-repudiation of origin, non-repudiation of delivery, non-repudiation of submission, non-repudiation of transport. Additional non-re

29、pudiation services mentioned in this part of ISO/IEC 13888 are: non-repudiation of creation, non-repudiation of receipt, non-repudiation of knowledge, non-repudiation of sending. BS ISO/IEC 13888-1:2009BS ISO/IEC 13888-1:2009 INTERNATIONAL STANDARD ISO/IEC 13888-1:2009(E) ISO/IEC 2009 All rights res

30、erved 1 Information technology Security techniques Non-repudiation Part 1: General 1 Scope This part of ISO/IEC 13888 serves as a general model for subsequent parts specifying non-repudiation mechanisms using cryptographic techniques. ISO/IEC 13888 provides non-repudiation mechanisms for the followi

31、ng phases of non-repudiation: evidence generation; evidence transfer, storage and retrieval; and evidence verification. Dispute arbitration is outside the scope of ISO/IEC 13888. 2 Normative references The following referenced documents are indispensable for the application of this document. For dat

32、ed references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 10181-4:1997, Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework ISO/IEC 1

33、8014 (all parts), Information technology Security techniques Time-stamping services 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 accountability property that ensures that the actions of an entity may be traced uniquely to the entity ISO 74

34、98-2 3.2 certificate entitys data rendered unforgeable with the private or secret key of a certification authority BS ISO/IEC 13888-1:2009 ISO/IEC 13888-1:2009(E) 2 ISO/IEC 2009 All rights reserved3.3 certification authority authority trusted by one or more users to create and assign certificates NO

35、TE 1 Adapted from ISO/IEC 9594-8:2001, 3.3.17. NOTE 2 Optionally the certification authority can create the users keys. 3.4 cryptographic check function cryptographic transformation which takes as input a secret key and an arbitrary string, and which gives a cryptographic check value as output 3.5 d

36、ata integrity property that data has not been altered or destroyed in an unauthorized manner ISO 7498-2 3.6 data origin authentication corroboration that the source of data received is as claimed ISO 7498-2 3.7 data storage means for storing information from which data is submitted for delivery, or

37、into which data is put by the delivery authority 3.8 delivery authority authority trusted by the sender to deliver the data from the sender to the receiver, and to provide the sender with evidence on the submission and transport of data upon request 3.9 digital signature data appended to, or a crypt

38、ographic transformation of, a data unit that allows the recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient ISO 7498-2 3.10 distinguishing identifier information which unambiguously distinguishes an entity in the non-repudia

39、tion process 3.11 evidence information which is used, either by itself or in conjunction with other information, to establish proof about an event or action NOTE Evidence does not necessarily prove the truth or existence of something (see proof) but can contribute to the establishment of such a proo

40、f. 3.12 evidence generator entity that produces non-repudiation evidence ISO/IEC 10181-4 BS ISO/IEC 13888-1:2009 ISO/IEC 13888-1:2009(E) ISO/IEC 2009 All rights reserved 3 3.13 evidence user entity that uses non-repudiation evidence ISO/IEC 10181-4 3.14 evidence verifier entity that verifies non-rep

41、udiation evidence ISO/IEC 10181-4 3.15 evidence requester entity requesting evidence to be generated either by another entity or by a trusted third party 3.16 evidence subject entity responsible for the action, or associated with the event, with regard to which evidence is generated 3.17 hash-code s

42、tring of bits that is the output of a hash-function ISO/IEC 10118-1 3.18 hash-function function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties: it is computationally infeasible to find for a given output an input which maps to this output; it is c

43、omputationally infeasible to find for a given input a second input which maps to the same output ISO/IEC 10118-1 3.19 imprint string of bits, either the hash-code of a data string or the data string itself 3.20 key sequence of symbols that controls the operations of a cryptographic transformation (e

44、.g. encipherment, decipherment, cryptographic check-function computation, signature calculation, or signature verification) ISO/IEC 11770-3 3.21 monitoring authority monitor trusted third party monitoring actions and events, and that is trusted to provide evidence about what has been monitored 3.22

45、Message Authentication Code MAC string of bits which is the output of a MAC algorithm ISO/IEC 9797-1 NOTE A MAC is sometimes called a cryptographic check value (see for example ISO 7498-2). BS ISO/IEC 13888-1:2009 ISO/IEC 13888-1:2009(E) 4 ISO/IEC 2009 All rights reserved3.23 Message Authentication

46、Code algorithm MAC algorithm algorithm for computing a function that maps strings of bits and a secret key to fixed-length strings of bits, satisfying the following two properties: for any key and any input string the function can be computed efficiently; for any fixed key, and given no prior knowle

47、dge of the key, it is computationally infeasible to compute the function value on any new input string, even given knowledge of the set of input strings and corresponding function values, where the value of the ith input string may have been chosen after observing the value of the first i 1 function

48、 values NOTE 1 A MAC algorithm is sometimes called a cryptographic check function (see for example ISO 7498-2). NOTE 2 Computational feasibility depends on the users specific security requirements and environment. ISO/IEC 9797-1 3.24 non-repudiation of creation service intended to protect against an

49、 entitys false denial of having created the content of a message (i.e. being responsible for the content of a message) 3.25 non-repudiation of delivery service intended to protect against a recipients false denial of having received a message and recognised the content of a message 3.26 non-repudiation of delivery token data item which allows the originator to establish non-repudiation of delivery for a message 3.27 non-repudiation ex

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1