1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication BS ISO/IEC 29191:2012 Information technology Security techniques Requirements for partially anonymous, partially unlinkable authenticationBS ISO/IEC 29191:2012 BRITISH STANDAR
2、D National foreword This British Standard is the UK implementation of ISO/IEC 29191:2012. The UK participation in its preparation was entrusted to T e c h n i c a l C o m m i t t e e I S T / 3 3 , I T - S e c u r i t y t e c h n i q u e s . A list of organizations represented on this committee can b
3、e obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2012. Published by BSI Standards Limited 2012. ISBN 978 0 580 70449 9 ICS 35.040 Compl
4、iance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 January 2013. Amendments issued since publication Date T e x t a f f e c t e dBS ISO/IEC 29191:2012Reference numbe
5、r ISO/IEC 29191:2012(E) ISO/IEC 2012INTERNATIONAL STANDARD ISO/IEC 29191 First edition 2012-12-15Information technology Security techniques Requirements for partially anonymous, partially unlinkable authentication Technologies de linformation Techniques de scurit Exigences pour lauthentification par
6、tiellement anonyme, partiellement non reliableBS ISO/IEC 29191:2012 ISO/IEC 29191:2012(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, includ
7、ing photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Publishe
8、d in Switzerland ii ISO/IEC 2012 All rights reservedBS ISO/IEC 29191:2012 ISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Terms and definitions . 1 3 General . 2 4 Framework . 2 5 Requirements . 4 Annex A (informative) Use cases 5 Anne
9、x B (informative) Application of the mechanism for the purpose of data authentication and data protection . 7 Bibliography 9 BS ISO/IEC 29191:2012 ISO/IEC 29191:2012(E) iv ISO/IEC 2012 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Ele
10、ctrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of tech
11、nical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint techn
12、ical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are ci
13、rculated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC should not be h
14、eld responsible for identifying any or all such patent rights. ISO/IEC 29191 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT Security techniques. BS ISO/IEC 29191:2012 ISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved vIntroduction The cur
15、rent state of the art for entity authentication requires the revelation of the identifiable information of an entity being authenticated. In many types of transactions, the entity would prefer to remain anonymous and unlinkable, which means that when two transactions are performed, it is difficult t
16、o distinguish whether the transactions are performed by the same user or two different users. However, in some circumstances there are legitimate reasons to enable subsequent reidentification (e.g., the interest of accountability). The term partially anonymous, partially unlinkable means that an a p
17、riori designated opener, and that designated opener only, can identify the authenticated entity. For example, a library may need to identify an entity that has not returned a borrowed book in order to send a late notice to the entity. Current cryptographic technologies are available to provide parti
18、ally anonymous, partially unlinkable authentication. This International Standard defines a framework and requirements for partially anonymous, partially unlinkable authentication. BS ISO/IEC 29191:2012BS ISO/IEC 29191:2012 INTERNATIONAL STANDARD ISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved
19、 1Information technology Security techniques Requirements for partially anonymous, partially unlinkable authentication 1 Scope This International Standard provides a framework and establishes requirements for partially anonymous, partially unlinkable authentication. 2 Terms and definitions For the p
20、urposes of this document, the following terms and definitions apply. 2.1 authentication provision of assurance in the claimed identity of an entity SOURCE: ISO/IEC 18014-2 2.2 claimant entity which is or represents a principal for the purposes of authentication SOURCE: ISO/IEC 9798-1:2010 2.3 creden
21、tial representation of an identity SOURCE: ISO/IEC 24760-1 2.4 designated opener entity who can re-identify the claimant from the transcript of authentication NOTE The selection of the designated opener should be made in advance of transactions. The entity or entities that make that selection may va
22、ry with the implementation. As the designated opener has the capability of identifying the claimant, the selection of the designated opener and the selection of the transcript of authentication to be provided to the designated opener need to be carefully performed. 2.5 identity set of attributes rel
23、ated to an entity SOURCE: ISO/IEC 24760-1 2.6 re-identification identification of a claimant following a partially anonymous, partially unlinkable authentication NOTE Re-identification is also called opening. BS ISO/IEC 29191:2012 ISO/IEC 29191:2012(E) 2 ISO/IEC 2012 All rights reserved2.6 transcrip
24、t of authentication record of sequences of exchanged data from a process of authentication 3 General Many cryptographic mechanisms are available and in use today to improve the security of the authentication process. This leads to greater trust when, following a successful authentication, an entity
25、is given appropriate access to protected resources using some authorization process. Note that the details of authorization are out of scope for this standard and thus marked in parentheses. A typical authentication and authorization model includes the following steps (with each step usually includi
26、ng a number of sub-steps, many of which are covered in ISO/IEC 29115): a) Enrollment b) Authentication c) (Authorization) Most cryptographic mechanisms in use today require the revelation of the identifiable information and enable tracking of an entity across transactions. For example, the use of pu
27、blic keys could hide an entitys real name. However, if the same public key or pseudonym is used for multiple authentications, it can be used to link information about the entity across transactions and so build a profile. But complete anonymity and unlinkability may not always be desirable. For exam
28、ple, an entity could use anonymity to escape punishment for exploiting a system. So, while anonymity and unlinkability may be appropriate in some situations, there are cases where it may be necessary to give certain parties the ability to re-identify an entity. To achieve the goal of partially anony
29、mous, partially unlinkable authentication, the process steps now look like: a) Registration/enrollment, including setup to achieve anonymity b) Authentication c) (Authorization) d) Re-identification (when appropriate) 4 Framework For the sake of understanding an overview of the framework, a typical
30、scenario is exemplified, where a claimant begins by enrolling with a service. The service includes an issuer that generates credentials and issues them to the claimants. The claimants then use the credentials for authentication. If the authentication is successful, a transcript of authentication is
31、created. Although it may contain other things, this transcript shall include information necessary to enable re-identification by the designated opener. If re-identification is required, the transcript of authentication is given to the designated opener who, a priori to any transactions, must be est
32、ablished and provided with the necessary cryptographic components required for re-identification. Each system will have its own set of practices and principles for determining when re-identification is appropriate or necessary. Those details are not within the scope of this standard. Principles such
33、 as openness, transparency and notice are explained in ISO/IEC 29100. Every application will have its own requirements so any particular implementation may have variations from the flow described above. For example, the cryptographic-based credentials could be generated by the claimant, rather than
34、the issuer; or credentials may be issued electronically or in person. But such variations do not change the fundamental aspects of the framework. BS ISO/IEC 29191:2012 ISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved 3This framework defines a set of roles and operations, which are shown in Fig
35、ure 1. The four roles are: a) Issuer the entity who issues credentials to claimants b) Claimant the entity who will be authenticated by a verifier c) Verifier an entity that checks whether the claimant possesses credentials that are valid d) Designated opener the entity that can re-identify the clai
36、mant Among the above four roles, there are four basic operations in this framework. 1) A process between an issuer and a claimant to perform a credential issuing process. After this process a claimant has a credential. 2) A process for the designated opener to setup the cryptographic information nec
37、essary for re- identification. 3) A process between a claimant and a verifier to perform authentication, which produces a transcript of authentication. Authentication is successful if the verifier can determine that the claimant possesses a valid credential. 4) A process by a designated opener to id
38、entify the claimant from the transcript of authentication, called re-identification. In this process, a designated opener uses the transcript of authentication and may use other information, where appropriate, to enable re-identification Cryptographic information necessary for re- identification Iss
39、uer Claimant Verifier Designated opener 1) Credential issuing process 3) Authentication process 4) Re-identification process Identity of claimant Transcript of authenti cation Credential 2) Setup processFigure 1 Framework of partially anonymous, partially unlinkable authentication BS ISO/IEC 29191:2
40、012 ISO/IEC 29191:2012(E) 4 ISO/IEC 2012 All rights reserved5 Requirements Partially anonymous, partially unlinkable authentication shall satisfy all requirements described below. a) A claimant shall be authenticated by a verifier without being identifiable by the verifier. For a claimant to remain
41、anonymous to a verifier, the transaction shall not provide any information to identify the claimant, while allowing the verifier to corroborate that the claimant possesses a valid credential. b) The transcript of authentication shall not by itself provide information that can link multiple authentic
42、ation transactions by the same claimant. For a claimant to remain unlinkable to verifiers, the transaction shall not provide any information to link multiple transactions performed by the same claimant. c) The transcript of an authentication shall contain information necessary for the designated ope
43、ner to re- identify the claimant. For the designated opener to be capable of later re-identifying the claimant, the transcript resulting from a successful transaction shall provide information to identify the claimant. Note, the designated opener may use other information, where appropriate, to enab
44、le re-identification. d) The designated opener shall be able to provide evidence that the claimed identity is correct. In order to avoid fraudulent claim(s) by the designated opener, the designated opener shall be able to provide evidence that the procedure for re-identification was properly perform
45、ed. BS ISO/IEC 29191:2012 ISO/IEC 29191:2012(E) ISO/IEC 2012 All rights reserved 5Annex A (informative) Use cases A.1 Library use case In some countries, the list of books that an individual has borrowed from a library is considered to be sensitive because the list can reveal the individuals thought
46、s, conscience, or religion. Due to this sensitivity, borrowers may not want their name linked to the list of books they have borrowed. At the same time, the library may need to associate the title of a borrowed book with the name of the borrower (e.g., if the book is not returned by the due date). P
47、artially anonymous, partially unlinkable authentication can be applied to this scenario. The registration desk librarian (issuer) at the library will provide a membership card and rules for re- identification to an individual (claimant) who would like to borrow books. When the individual wants to bo
48、rrow a book, he/she will present the membership card to the librarian (verifier) who will check that the individual is a member of the library and will perform the book checkout procedure. A transaction record is created and stored in a database so the library can manage and track books on loan. All
49、 individuals remain anonymous in this database, and checkout transactions cannot be linked together. If the individual keeps a book for longer than the allowed borrowing period, the database will notify the head librarian (designated opener) who can determine the name of the borrower for the overdue book and use it to send the individual an appropriate notice. Registration Desk Librarian (issuer) Borrower (claimant) Librarian (verifier) Head Librarian (designated opener) Issuance of membership card Register
