1、INTERNATIONAL STANDARD ISOAEC 9798-3 Second edition 19984045 Information technology - Security techniques - Entity authentication - Part 3: Mechanisms using digital signature techniques Technologies de Iinforma tion - Techniques de s this remains thestandards development activities. To ensure the co
2、ntinuing responsibility of the accreditedintegrity of its certification process, the Association standards-development organization.regularly and continually audits and inspects products Those who have a need to apply standards arethat bear the CSA Mark. encouraged to use National Standards of Canad
3、aIn addition to its head office and laboratory complex whenever practicable. These standards are subject in Toronto, CSA has regional branch offices in major to periodic review; therefore, users are cautioned centres across Canada and inspection and testing to obtain the latest edition from the orga
4、nizationagencies in eight countries. Since 1919, the preparing the standard.Association has developed the necessary expertise to The responsibility for approving National Standards meet its corporate mission: CSA is an independent of Canada rests with theservice organization whose mission is to prov
5、ide an Standards Council of Canadaopen and effective forum for activities facilitating the 270 Albert Street, Suite 200exchange of goods and services through the use of Ottawa, Ontario, K1P 6N7standards, certification and related services to meet Canadanational and international needs.For further in
6、formation on CSA services, write toCanadian Standards Association5060 Spectrum Way, Suite 100Mississauga, Ontario, L4W 5N6CanadaAlthough the intended primary application of this Standard is stated in its Scope, it is importantto note that it remains the responsibility of the users to judge its suita
7、bility for their particular purpose.Registered trade-mark of Canadian Standards AssociationInformation technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniquesTechnical Corrigendum 1:2010 (IDT) toNational Standard of CanadaCAN/CSA-ISO/IEC 9798-3-02(I
8、SO/IEC 9798-3:1998, IDT)NOT FOR RESALE.PUBLICATION NON DESTINE LA REVENTE.CSA Standards Update ServiceTechnical Corrigendum 1:2010 toCAN/CSA-ISO/IEC 9798-3-02December 2010Title: Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniquesPagi
9、nation: pageSTo register for e-mail notification about any updates to this publicationgo to www.ShopCSA.caclick on E-mail Services under MY ACCOUNTclick on CSA Standards Update ServiceThe List ID that you will need to register for updates to this publication is .If you require assistance, please e-m
10、ail techsupportcsa.ca or call 416-747-2233.Visit CSAs policy on privacy at www.csagroup.org/legal to find out how we protect your personal information.ICS 35.040 Ref. No. ISO/IEC 9798-3:1998/Cor.1:2009(E) ISO/IEC 2009 All rights reserved INTERNATIONAL STANDARD ISO/IEC 9798-3:1998 TECHNICAL CORRIGEND
11、UM 1 Published 2009-09-15 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ORGANISATION INTERNATIONALE DE NORMALISATIONINTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION LECTROTECHNIQUE INTERNATIONALEInformation technology Security techniques Entity authentication Part 3: Mechanisms using digital si
12、gnature techniques TECHNICAL CORRIGENDUM 1 Technologies de linformation Techniques de scurit Authentification dentit Partie 3: Mcanismes utilisant des techniques de signature numriques RECTIFICATIF TECHNIQUE 1 Technical Corrigendum 1 to ISO/IEC 9798-3:1998 was prepared by Joint Technical Committee I
13、SO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. Page 1, Clause 3 Insert the following text at the end of this clause: As defined in ISO/IEC 9798-1, X |Y is used to mean the result of the concatenation of data items X and Y in the order specified. In cases where the
14、result of concatenating two or more data items is signed as part of one of the mechanisms specified in this part of ISO/IEC 9798, this result shall be composed so that it can be uniquely resolved into its constituent data strings, i.e. so that there is no possibility of ambiguity in interpretation.
15、This latter property could be achieved in a variety of different ways, depending on the application. For example, it could be guaranteed by (a) fixing the length of each of the substrings throughout the domain of use of the mechanism, or (b) encoding the sequence of concatenated strings using a meth
16、od that guarantees unique decoding, e.g. using the distinguished encoding rules defined in ISO/IEC 8825-1 1. Technical Corrigendum 1:2010 to CAN/CSA-ISO/IEC 9798-3-02ISO/IEC 9798-3:1998/Cor.1:2009(E) 2 ISO/IEC 2009 All rights reservedPage 6 Add a bibliography on a new page after Annex A, as follows:
17、 Bibliography 1 ISO/IEC 8825-1, Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Technical Corrigendum 1:2010 to CAN/CSA-ISO/IEC 9798-3-02Copyright NoticeThis Amendment to the International
18、 Standard contains information copyright protected by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Except as permitted under the laws of Canada, no extract of this Amendment to the International Standard may be reproduced, stored i
19、n any retrieval system, or transmitted in any form or by any means, electronic, photocopying, recording, or otherwise, without prior permission from the Standards Council of Canada (SCC). Requests for permission to reproduce this Amendment to the International Standard or parts thereof should be add
20、ressed to Manager, Technical Document Centre Standards Council of Canada 270 Albert Street, Suite 200 Ottawa, Ontario K1P 6N7 The Canadian adoption of this Amendment to the International Standard contains information copyright protected by the Canadian Standards Association. All rights reserved. No
21、part of this adopted Amendment may be reproduced in any form whatsoever without the prior permission of the publisher. ISO/IEC material is reprinted with permission. Requests for permission to reproduce this adopted Amendment or parts thereof should be addressed to Manager, Sales Canadian Standards
22、Association 5060 Spectrum Way, Suite 100 Mississauga, Ontario L4W 5N6Copyright violators will be prosecuted to the full extent of the law.PRINTED IN CANADAIMPRIMEAU CANADA100%The Canadian Standards Association (CSA) prints its publications on Rolland Enviro100, which contains 100% recycled post-cons
23、umer fibre, is EcoLogo and Processed Chlorine Free certified, and was manufactured using biogas energy.CAN/CSA-ISO/IEC 9798-3:02 Part 3: Mechanisms using digital signature techniquesInformation technology Security techniques Entity authentication December 2002 Canadian Standards Association CSA/1CAN
24、/CSA-ISO/IEC 9798-3:02Information technology Securitytechniques Entityauthentication Part 3: Mechanisms using digital signaturetechniquesCSA PrefaceStandards development within the Information Technology sector is harmonized with internationalstandards development. Through the CSA Technical Committe
25、e on Information Technology (TCIT),Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 onInformation Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO memberbody for Canada and sponsor of the Canadian National Committee of the IE
26、C. Also, as a member of theInternational Telecommunication Union (ITU), Canada participates in the International Telegraph andTelephone Consultative Committee (ITU-T).This Standard supersedes CAN/CSA-ISO/IEC 9798-3-94 (adoption of ISO/IEC 9798-3:1993).This International Standard was reviewed by the
27、CSA TCIT under the jurisdiction of the StrategicSteering Committee on Information Technology and deemed acceptable for use in Canada. (Acommittee membership list is available on request from the CSA Project Manager.) From time to time,ISO/IEC may publish addenda, corrigenda, etc. The CSA TCIT will r
28、eview these documents for approvaland publication. For a listing, refer to the CSA Information Products catalogue or CSA Info Update orcontact a CSA Sales representative. This Standard has been formally approved, without modification, bythe Technical Committee and has been approved as a National Sta
29、ndard of Canada by the StandardsCouncil of Canada.December 2002 Canadian Standards Association 2002All rights reserved. No part of this publication may be reproduced in any form whatsoever without the priorpermission of the publisher. ISO/IEC material is reprinted with permission. Where the words “t
30、hisInternational Standard” appear in the text, they should be interpreted as “this National Standard ofCanada”. Inquiries regarding this National Standard of Canada should be addressed to Canadian Standards Association 5060 Spectrum Way, Suite 100, Mississauga, Ontario, Canada L4W 5N6 1-800-463-6727
31、 416-747-4044www.csa.caINTERNATIONAL STANDARD ISOAEC 9798-3 Second edition 19984045 Information technology - Security techniques - Entity authentication - Part 3: Mechanisms using digital signature techniques Technologies de Iinforma tion - Techniques de sIlSSA(l; II l l l llYj)* In this part of ISO
32、/IEC 9798, the term “signed data” refers to “Ylll l l - 1py used as input to the signa- ture scheme and the term “unsigned data” refers to “X,11 l l l llxi”. If information contained in the signed data of the token can be recovered from the signature, then it need not be contained in the unsigned da
33、ta of the token (see, for example, ISO/IEC 9796). If information contained in the text field of the signed data of the token cannot be recovered from the signa- ture, then it shall be contained in the unsigned text field of the token. If information in the signed data of the token (e.g., a random nu
34、mber) is already known to the verifier, then it need not be contained in the unsigned data of the token sent bv the claimant. ” All text fields specified in the following mechanisms are available for use in applications outside the scope of this part of ISO/IEC 9798 (they may be empty). Their re- la
35、tionship and contents depend upon the specific appli- cation. See Annex A for information on the use of text fields. NOTES 1 The signing by one entity of a data block which has been manipulated by a second entity for some ulterior motive can be prevented by the first entity including its own random
36、number in the data block which it signs. In this case, it is the unpredictability which prevents the signing of pre-defined data. 2 As the distribution of certificates is outside the scope of this part of ISO/IEC 9798, the sending of certificates . is optional in all mechanisms. 5.1 Unilateral authe
37、ntication Unilateral authentication means that only one of the two entities is authenticated by use of the mechanism. 5.1.1 One pass authentication In this authentication mechanism the claimant A ini- tiates the process and is authenticated by the verifier 0 ISOAEC B. Uniqueness / timeliness is cont
38、rolled by generating and checking a time stamp or a sequence number (see Annex B of ISO/IEC 9798-l). The authentication mechanism is illustrated in figure 1. . , (1) CertAIITokenAB A L * B (2) . Figure I The form of the token (TokenAB), sent by the claimant A to the verifier B is: TokenAB = 2 jlBjlT
39、ext2lissA ($liB(l-=tl), where the claimant A uses either a sequence number NA or a time stamp TA as the time variant parameter. The choice depends on the technical capabilities of the claimant and the verifier as well as on the environment. NOTES 1 The inclusion of the identifier B in the signed dat
40、a of TokenAB is necessary to prevent the token from being accepted by anyone other than the intended verifier. 2 In general, Text2 is not authenticated by this pro- cess. 3 One application of this mechanism could be key dis- tribution (see Annex A of ISO/IEC 9798-l). (1) A sends TokenAB and, optiona
41、lly, its certificate to B. (2) On receipt of the message containing TokenAB, B performs the following steps: 0 i ( 1 ii It ensures that it is in possession of a valid public key of .A either by verifying the certifi- cate of A or by some other means. It verifies TokenAB by verifying the signature of
42、 A contained in the token, by checking the time stamp or the sequence number, and by checking that the value of the identifier field (B) in the signed data of TokenAB is equal to entity Bs distinguishing identifier. 5.1.2 Two pass authentication In this authentication mechanism the claimant A is aut
43、henticated by the verifier B who initiates the pro- cess. Uniqueness / timeliness is controlled by generat- ing and checking a random number Rg (see Annex B of ISO/IEC 9798-l). ISOAEC ISOA EC 9798-3: 1998(E) The authentication mechanism is illustrated in figure 2. The mechanism specified in 5.2.3 us
44、es four messages which, however, need not all be sent consecutively. In this way the authentication process may be speeded up. r 1 (1) RsljTextl t 1 / A rrj B ( (3) 1 I Figure 2 L I The form of the token (TokenAB), sent by the claimant A to the verifier B is: . TokenAB = BAIIBBIIBIITxWSA (AIIWWJW Th
45、e inclusion of identifier B in TokenAB is optional. It depends on the environment in which this authentica- tion mechanism is used. (1) (2) (3) 5.2 NOTES 1 The inclusion of the optional identifier B in the signed data of TokenAB can prevent the token from being ac- cepted by anyone other than the in
46、tended verifier (e.g., in a person-in-the-middle attack). 2 The inclusion of the random number R,J in the signed part of TokenAB prevents B from obtaining the signa- ture of A on data chosen by B prior to the start of the authentication mechanism. This measure may be re- quired, for example, when th
47、e same key is used by A for purposes other than entity authentication. B sends a random number RB and, optionally, a text field Text1 to A. A sends TokenAB and, optionally, its certificate to B . On receipt of the message containing TokenAB, B performs the following steps: (i) It ensures that it is
48、in possession of a valid public key of A either by verifying the certifi- cate of A or by some other means. (ii) It verifies TokenAB by checking the signature of A contained in the token, by checking that the random number Rg, sent to A in step (l), agrees with the random number contained in the sig
49、ned data of TokenAB, and by checking that the value of the identifier field (B) in the signed data of TokenAB, if present, is equal to Bs distinguishing identifier. Mutual authentication Mutual authentication means that the two communicat- ing entities are authenticated to each other. The two mechanisms described in 5.1.1 and 5.1.2 are extended in 5.2.1 and 5.2.2, respectively, to achieve mu- tual au
