1、National Standard of Canada CAN/CSA-ISO/IEC 101 81 -4-00 (ISO/IEC 101 81 -41997) CSA INTERNATIONAL / I International Standard ISO/IEC 101814: 1997 (first edition 1997-04-01) has been adopted without modification as CSA Standard CAN/CSA-ISO/IEC 10181-4-00, which has been approved as a National Standa
2、rd of Canada by the Standards Council of Canada. ISBN 1-55324-094-4 March 2000 Information technology - Open Systems Interconnection - Security. frameworks for open systems: Non-repudiation framework Technologies de iinfotmation - lnterconnexion de systemes ouverts (OSI) - Cadres de securite pour le
3、s systemes ouverts: Cadre de non-repudia tion Reference number ISO/IEC 10181-4:1997(E) The Canadian Standards Association, which operates under the name CSA International (CSA), under whose auspices this National Standard has been produced, was chartered in 191 4 and accredited by the Standards Coun
4、cil of Canada to the National Standards system in 1973. It is a not-for-profit, nonstatutory, voluntary membership association engaged in standards development and certification activities. and users - including manufacturers, consumers, retailers, unions and professional organizations, and governme
5、ntal agencies. The standards are used widely by industry and commerce and often adopted by municipal, provincial, and federal governments in their regulations, particularly in the fields of health, safety, building and construction, and the environment. indicate their support for CSAs standards deve
6、lopment by volunteering their time and skills to CSA Committee work and supporting the Associations objectives through sustaining memberships. The more than 7000 committee volunteers and the 2000 sustaining memberships together form CSAs total membership from which its Directors are chosen. Sustaini
7、ng memberships represent a major source of income for CSAs standards development activities. in support of and as an extension to its standards development activities. To ensure the integrity of its certification process, the Association regularly and continually audits and inspects products that be
8、ar the CSA Mark. Toronto, CSA has regional branch offices in major centres across Canada and inspection and testing agencies in eight countries. Since 191 9, the Association has developed the necessary expertise to meet its corporate mission: CSA is an independent service organization whose mission
9、is to provide an open and effective forum for activities facilitating the exchange of goods and services through the use of standards, certification and related services to meet national and international needs. For futher information on CSA services, write to CSA International 178 Rexdale Boulevard
10、 Toronto, Ontario, M9W 1 R3 Canada CSA standards reflect a national consensus of producers Individuals, companies, and associations across Canada The Association offers certification and testing services In addition to its head office and laboratory complex in The Standards Council of Canada is the
11、coordinating body of the National Standards system, a federation of independent, autonomous organizations working towards the further development and improvement of voluntary standardization in the national interest. The principal objects of the Council are to foster and promote voluntary standardiz
12、ation as a means of advancing the national economy, benefiting the health, safety, and welfare of the public, assisting and protecting the consumer, facilitating domestic and international trade, and furthering international cooperation in the field of standards. has been approved by the Standards C
13、ouncil of Canada and one which reflects a reasonable agreement among the views of a number of capable individuals whose collective interests provide to the greatest practicable extent a balance of representation of producers, users, consumers, and others with relevant interests, as may be appropriat
14、e to the subject in hand. It normally is a standard which is capable of making a significant and timely contribution to the national interest. Approval of a standard as a National Standard of Canada indicates that a standard conforms to the criteria and procedures established by the Standards Counci
15、l of Canada. Approval does not refer to the technical content of the standard; this remains the continuing responsibility of the accredited standards-development organization. Those who have a need to apply standards are encouraged to use National Standards of Canada whenever practicable. These stan
16、dards are subject to periodic review; therefore, users are cautioned to obtain the latest edition from the organization preparing the standard. The responsibility for approving National Standards of Canada rests with the Standards Council of Canada 45 OConnor Street, Suite 1200 Ottawa, Ontario, K1 P
17、 6N7 Canada A National Standard of Canada is a standard which CSA INTERNATIONAL c . Les normes nationales du Canada sont publi6es en versions frangaise et anglaise. Although the intended primary application of this Standard is stated in its Scope, it is important to note that it remains the responsi
18、bility of the users to judge its suitability for their particular purpose. lnformation technology - Open Systems Interconnection - Security frameworks for open systems: Non-repudiation framework CAN/CSA-ISO/IEC 7 0 7 8 7 -4-00 CAN/CSA-ISO/IEC 101 81 -4-00 Infomation technology - Open Systems Interco
19、nnecfion - Security frameworks for open systems: Non- repudiation fkrnewovk CSA Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians sewe as the C
20、anadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (1SO/IEC TCl) for the Standards Council of Canada (SCC), the IS0 member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunicatio
21、n Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). This International Standard was reviewed by the CSA TCIT under the jurisdiction of the Strategic Steering Committee on Information Technology and deemed acceptable for use in Canada. (A co
22、mmittee membership list is available on request from the CSA Project Manager.) From time to time, ISO/IEC may publish addenda, corrigenda, etc. The CSA TCIT will review these documents for approval and publication. For a listing, refer to the CSA Information Products catalogue or CSA Info Update or
23、contact a CSA Sales representative. This Standard has been formally approved, without modification, by these Committees and has been approved as a National Standard of Canada by the Standards Council of Canada. March 2000 0 CSA International - 2000 All rights reserved. No part of this publication ma
24、y be reproduced in any form whatsoever without the prior permission of the publisher. ISO/IEC material is reprinted with permission. Inquiries regarding this National Standard of Canada should be addressed to CSA International, 7 78 Rexdale Boulevard, Toronto, Ontario, M9W 7 R3. March 2000 CSA/l INT
25、ERNATIONAL STANDARD ISOIIEC 101 81 -4 First edition 1997-04-01 Information technology - Open Systems Interconnection - Security. frameworks for open systems: Non-repudiation framework Technologies de Iinformation - Intercomexion de systemes ouverts (OS/) - Cadres de securite pour les systemes ouvert
26、s: Cadre de non-repudiation Reference number ISO/IEC 10181-4:1997(E) ISO/TEC 101814: 1997(E) Contents 1 2 Scope Normative references . 2.1 Identical Recommendations I International Standards 2.2 Paired Recommendations I International Standards equivalent in technical content 3 Definitions 3.1 Basic
27、Reference Model definitions . 3.2 Security Architecture definitions 3.3 Security Frameworks Overview definitions 3.4 Additional definitions . 4 5 6 7 8 Abbreviations . General discussion of Non-repudiation 5.1 5.2 Roles of a Trusted Third Party 5.4 Some forms of Non-repudiation services 5.5 Examples
28、 of OS1 Non-repudiation evidence Basic concepts of Non-repudiation . 5.3 Phases of Non-repudiation Non-repudiation policies Information and facilities . 7.1 Information . 7.2 Non-repudiation facilities . Non-repudiation mechanisms . 8.1 Non-repudiation using a TTP security token (secure envelope) .
29、8.2 Non-repudiation using security tokens and tamper-resistant modules 8.3 Non-repudiation using a digital signature . 8.4 Non-repudiation using Time Stamping . 8.5 Non-repudiation using an in-line Trusted Third Party 8.6 Non-repudiation using a Notary 8.7 Threats to Non-repudiation . 0 ISO/IEC 1997
30、 Page i 2 2 2 2 2 2 3 3 4 4 4 5 5 7 8 8 9 9 10 12 12 13 13 13 14 14 14 All rights reserved . Unless otherwise specified. no part of this publication may be reproduced or utilized in any form or by any means. electronic or mechanical. including photocopying and microfilm. without permission in writin
31、g from the publisher . ISOAEC Copyright Office Case postale 56 CH-1211 Genkve 20 Switzerland 11 ISOAEC ISO/IEC 10181-4:1997(E) 9 Interactions with other security services and mechanisms . 9.1 Authentication . 9.2 Access Control 9.3 Confidentiality 9.4 Integrity . 9.5 Audit . Annex A - Non-repudiatio
32、n in OS1 Basic Reference Model Annex B - Non-repudiation Facilities Outline Annex C - Non-repudiation in store and forward systems . Annex D - Recovery in a Non-repudiation service . hex E - Interaction with the Directory . Annex F - Bibliography 16 16 16 16 16 16 17 18 19 20 22 23 . 111 ISO/IEC 101
33、81-4:1997(E) 0 ISOAEC Foreword IS0 (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specidized system for worldwide standardization. National bodies that are members of IS0 or IEC participate in the development of International Sta
34、ndards through technical committees established by the respective organization to deal with particular fields of technical activity. IS0 and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with IS0 an
35、d IEC, also take part in the work. In the field of information technology, IS0 and EC have established a joint technicd committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Stand
36、ard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 1018 1-4 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 2 1, Open systems interconnection, data manugemant and open distributed prucessing, i
37、n collaboration with ITU-T. The identical text is published as ITU-T Recommendation X.813. ISO/IEC 10181 consists of the following parts, under the general title Information technology - Open Systems Interconnection - Security frameworks for open systems: - Part I: Overwiew - Part 2: Authentication
38、framework - Part 3: Access control framework - Part 4: Non-repudiation framework - Part 5: Confidentiality framework - Part 6: integrity framework - Part 7: Security audit and aianns framework Annexes A to F of this part of ISO/IEC 10181 are for information only. iv Q ISO/IEC ISO/IEC 10181-4: 1997(E
39、) Introduction The goal of the Non-repudiation service is to collect, maintain, make available and validate irrefutable evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non-occurrence of the event or action. The Non-repudiation service can be applied
40、 in a number of different contexts and situations. The service can apply to the generation of data, the storage of data, or the transmission of data. Non-repudiation involves the generation of evidence that can be used to prove that some kind of event or action has taken place, so that this event or
41、 action cannot be repudiated later. In an OSI environment (see CCITT Rec. X.800 arid IS0 7498-2) the Non-repudiation service has two forms: - Non-repudiation with proof of origin which is used to counter false denial by a sender that the data or its contents has been sent. Non-repudiation with proof
42、 of delivery which is used to counter false denial by a recipient that the data or its contents (i.e. the information that the data represents) has been received. Applications which make use of OS1 protocols may require other forms of the Non-repudiation service which are specific to particular clas
43、ses of applications. For example, MHS (ITU-T Rec. X.402 I IS0 10021-2) defines the Non-repudiation of submission service, while the EDI Messaging System (see Recommendation X.435) defines the Non-repudiation of retrieval and Non-repudiation of transfer services. - The concepts in this framework are
44、not limited to OS1 communications but may be interpreted more broadly to include such uses as creation and storage of data for later use. This Recommendation j International Standard defines a general framework for the provision of a Non-repudiation service. This framework: - expands upon the concep
45、ts of Non-repudiation services described in CCITT Rec. X.800 and IS0 7498-2 and describes how they may be applied to Open Systems; describes alternatives for the provision of these services; and explains the relationship of these services to other security services. - - Non-repudiation services may
46、require: - - adjudicators who will arbitrate disputes that may arise as a result of repudiated events or actions; and Trusted Third Parties who will assure the authenticity and integrity of the data to be used for the verification of evidence. V ISO/IEC 10181-4 : 1997 (E) I INTERNATIONAL STANDARD IT
47、U-T RECOMMENDATION INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - SECURITY FRAMEWORKS FOR OPEN SYSTEMS: NON-REPUDIATION FRAMEWORK 1 Scope This Recommendation I International Standard addresses the application of security services in an Open Systems environment, where the term “Open Systems”
48、 is taken to include areas such as Database, Distributed Applications, Open Distributed Processing and OSI. The Security Frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The Security Frameworks
49、 are not concerned with the methodology for constructing systems or mechanisms. The Security Frameworks address both data elements and sequences of operations (but not protocoi elements) which are used to obtain specific security services. These security services may apply to the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems. This Recommendation International Standard: - - defines general Non-repudiation services; - - defines the basic concepts of Non-repudiation; identifies possible mechanisms to provide the Non-rep
