ImageVerifierCode 换一换
格式:PDF , 页数:32 ,大小:724.79KB ,
资源ID:804501      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-804501.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T X 1113-2007 Guideline on user authentication mechanisms for home network services (Study Group 17)《家庭网络业务的用户认证机制的指南 17号研究组》.pdf)为本站会员(syndromehi216)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T X 1113-2007 Guideline on user authentication mechanisms for home network services (Study Group 17)《家庭网络业务的用户认证机制的指南 17号研究组》.pdf

1、 International Telecommunication Union ITU-T X.1113TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2007) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security Guideline on user authentication mechanisms for home network services ITU-T Recommendation X.1113 I

2、TU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.180X.199 OPEN S

3、YSTEMS INTERCONNECTION Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Layer Managed Objec

4、ts X.280X.289 Conformance testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Efficiency X.630X.

5、639 Quality of service X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems Management framework and architecture X.700X.709 Management Communication Service and Protocol X.710X.719 Structure of Management Information X.720X

6、.729 Management functions and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, Concurrency and Recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 TELECOMMUNICATIO

7、N SECURITY X.1000 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. X.1113 (11/2007) i ITU-T Recommendation X.1113 Guideline on user authentication mechanisms for home network services Summary Some environments necessitate the authentication of the human user rather

8、than a process or a device. In authenticating human users, the authentication system requires human users to prove their uniqueness. Such uniqueness is generally based on various authentication means such as something known, something possessed or some immutable characteristics for each human user.

9、In this Recommendation, a guideline on user authentication mechanism for home network services is provided. It also considers various security issues according to ITU-T Recommendation X.1111, which specifies the framework of security technologies for home network. Finally, the security assurance lev

10、el and authentication model are defined according to authentication service scenarios. Source ITU-T Recommendation X.1113 was approved on 13 November 2007 by ITU-T Study Group 17 (2005-2008) under the ITU-T Recommendation A.8 procedure. Keywords Authenticated key exchange, client authentication, mut

11、ual authentication, security assurance level, server authentication, user authentication, user secrets. ii ITU-T Rec. X.1113 (11/2007) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication t

12、echnologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Te

13、lecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some

14、 areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized

15、 operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “s

16、hall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the

17、practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation de

18、velopment process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are the

19、refore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2008 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. X.1113 (11/2007) iii CONTENTS Page 1 Scope 1 2 Refer

20、ences. 1 3 Terms and Definitions 2 3.1 Terms defined elsewhere 2 3.2 Terms defined in this Recommendation. 2 4 Abbreviations and acronyms 3 5 Conventions 4 6 Home network architecture. 5 6.1 General model 5 6.2 Service architecture for user authentication . 5 7 Classification of home entities for us

21、er authentication. 6 8 Consideration for user authentication between home entities 7 8.1 Remote terminal (RT) and application server (AS) . 8 8.2 Remote terminal (RT) and secure home gateway (SHG). 8 8.3 Remote terminal (RT) and home application server (HAS). 8 8.4 Remote terminal (RT) and type A de

22、vice (HD_A) 8 8.5 Remote terminal (RT) and type B device (HD_B). 8 8.6 Remote terminal (RT) and type C device (HD_C). 8 8.7 Type A device (HD_A) and application server (AS) . 8 8.8 Type A device (HD_A) and secure home gateway (SHG) 9 8.9 Type A device (HD_A) and home application server (HAS) 9 8.10

23、Type A device (HD_A) and type B device (HD_B) 9 8.11 Type A device (HD_A) and type C device (HD_C) 9 9 Security threats and security requirements for user authentication mechanisms . 9 9.1 Security threats . 9 9.2 Resistance against security threats . 10 9.3 Security requirements. 10 10 User authent

24、ication mechanism 11 10.1 Scope of user authentication mechanism . 11 10.2 Security components of the user authentication mechanism 12 10.3 Set-up for the user authentication mechanism 14 10.4 Required security services for user authentication between home entities 15 10.5 Security association 16 10

25、.6 Security assurance level . 16 10.7 Protection level of SALs 18 10.8 Authentication models 18 10.9 Relationship between SAL and home network security requirement 20 iv ITU-T Rec. X.1113 (11/2007) Page Appendix I Security association used in IPsec . 21 Appendix II Existing authentication mechanisms

26、 22 Bibliography. 23 ITU-T Rec. X.1113 (11/2007) 1 ITU-T Recommendation X.1113 Guideline on user authentication mechanisms for home network services 1 Scope The goal of this work is to provide a guideline for user authentication mechanisms to enable secure home network services. To this end, this Re

27、commendation first identifies the home entities and their relationships, security threats to the home network and security components to protect the home network from such threats. Likewise, it defines security assurance level and specifies authentication models classified by service access flow to

28、the home network. Finally, the appropriate security assurance level is applied to each authentication model. Specifically, this Recommendation: defines the service architecture for the user authentication mechanisms between the home entities based on the general security framework defined in ITU-T X

29、.1111; describes the classes of home entities applicable to user authentication mechanisms; describes the considerations between classes of home entities for user authentication mechanisms; identifies the security threats and the functional requirements related to user authentication mechanisms; def

30、ines the security components of user authentication mechanisms; defines the security assurance levels for user authentication, and; describes the authentication models. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, con

31、stitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the

32、Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T J.190 ITU-T Recommendation J.190 (2

33、002), Architecture of MediaHomeNet that supports cable-based services. ITU-T J.192 ITU-T Recommendation J.192 (2004), A residential gateway to support the delivery of cable data services. ITU-T X.800 ITU-T Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for CCITT

34、applications. ITU-T X.803 ITU-T Recommendation X.803 (1994), Information technology Open Systems Interconnection Upper layers security model. ITU-T X.810 ITU-T Recommendation X.810 (1995), Information technology Open Systems Interconnection Security frameworks for open systems: Overview. ITU-T X.811

35、 ITU-T Recommendation X.811 (1995), Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework. 2 ITU-T Rec. X.1113 (11/2007) ITU-T X.814 ITU-T Recommendation X.814 (1995), Information technology Open Systems Interconnection Security frameworks

36、 for open systems: Confidentiality framework. ITU-T X.815 ITU-T Recommendation X.815 (1995), Information technology Open Systems Interconnection Security frameworks for open systems: Integrity framework. ITU-T X.1111 ITU-T Recommendation X.1111 (2007), Framework of security technologies for home net

37、work. ISO 19092-1 ISO 19092-1:2006, Financial services Biometrics Part 1: Security framework. 3 Terms and definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 administrator of home network: ITU-T X.1111 3.1.2 biometric: ISO 19092-1 3.1.3 biome

38、tric data: ISO 19092-1 3.1.4 capture: ISO 19092-1 3.1.5 extraction: ISO 19092-1 3.1.6 home access: ITU-T J.190 3.1.7 home application service provider: ITU-T X.1111 3.1.8 home bridge: ITU-T J.190 3.1.9 home client: ITU-T J.190 3.1.10 home device: ITU-T X.1111 3.1.11 home user: ITU-T X.1111 3.1.12 ID

39、 certificate: ITU-T X.1111 3.1.13 match: ISO 19092-1 3.1.14 raw biometric data: ISO 19092-1 3.1.15 remote terminal: ITU-T X.1111 3.1.16 remote user: ITU-T X.1111 3.1.17 security console: ITU-T X.1111 3.1.18 secure home gateway: ITU-T X.1111 3.1.19 template: ISO 19092-1 3.2 Terms defined in this Reco

40、mmendation This Recommendation defines the following terms: 3.2.1 authentication server: Authentication servers refer to servers that provide authentication services to users or other systems. Authentication is generally used as the basis for authorization (determining whether a privilege will be gr

41、anted to a particular user or process), privacy (preventing the disclosure of information to non-participants), and non-repudiation (not being able to deny having done something that was authorized to be done based on the authentication). ITU-T Rec. X.1113 (11/2007) 3 3.2.2 client authentication: Cl

42、ient authentication models a situation in which the server wants to verify the clients identity. The client responds by sending his/her credentials such as digital certificate, shared secret or password. 3.2.3 home portal: A home portal is a functional element that provides management and translatio

43、n functions to provide the user with home network services such as the control of home devices, multimedia contents, various applications, etc. In general, a home portal is a website that provides a gateway or portal to information related to various home network services. It also allows the home us

44、er to maintain and set up his/her home using the Internet. Finally, a home portal is designed to use distributed applications and different numbers and types of middleware and hardware to provide services from a number of different sources. In other words, a home portal offers information to home ne

45、twork services from various home entities in a unified manner. 3.2.4 identity proof: Identity proof refers to a process that a user proves who he/she is. To prove his/her identity in a digital environment, the user uses a set of security credentials such as user name and password, or certificates. F

46、or identity proof, those credentials shall include the users ID corresponding to the user secret. In general, when the user can successfully demonstrate possession and control of a secret token to an authentication system through an authentication protocol, identity proof of the user can be achieved

47、. 3.2.5 implicit authentication: Implicit authentication is a type of authentication without identity proof. Thus, anyone who has the correct secret can access the services. 3.2.6 mutual authentication: Mutual authentication refers to a type of authentication that enables both server authentication

48、and client authentication. 3.2.7 policy database: A policy database refers to a list of policy needs to be created in a file. In the user authentication context, this file defines the rules required for user authentication protocol. 3.2.8 security token: This is a cryptographic key stored in a speci

49、al hardware device or a general-purpose computing device. 3.2.9 server authentication: Server authentication models a situation in which the client wants to verify the servers identity. The server answers by sending its credentials such as digital certificate or shared secret. 3.2.10 session key: The session key is a temporary key used to encrypt data for the current session only. The use of session keys keeps the secret keys even more secret because

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1