Jun,13

ISO/IEC 9798-1:2010 pdf – Information technology — Security techniques — Entity authentication — Part 1: General

ISO/IEC 9798-1:2010 pdf – Information technology — Security techniques — Entity authentication — Part 1: General

ISO/IEC 9798-1:2010 pdf – Information technology — Security techniques — Entity authentication — Part 1: General.
1 Scope This part of ISO/IEC 9798 specifies an authentication model and general requirements and constraints for entity authentication mechanisms which use security techniques. These mechanisms are used to corroborate that an entity is the one that is claimed. An entity to be authenticated proves its identity by showing its knowledge of a secret. The mechanisms are defined as exchanges of information between entities and, where required, exchanges with a trusted third party. The details of the mechanisms and the contents of the authentication exchanges are given in subsequent parts of ISO/IEC 9798. 2 Normative references There are no normative references for this part of ISO/IEC 9798. 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 asymmetric cryptographic technique cryptographic technique that uses two related transformations: a public transformation (defined by the public key) and a private transformation (defined by the private key) NOTE The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. 3.2 asymmetric encryption system system based on asymmetric cryptographic techniques whose public operation is used for encryption and whose private operation is used for decryption 3.3 asymmetric key pair pair of related keys where the private key defines the private transformation and the public key defines the public transformation 3.4 asymmetric signature system system based on asymmetric cryptographic techniques whose private transformation is used for signing and whose public transformation is used for verification
3.30 reflection attack masquerade which involves sending a previously transmitted message back to its originator 3.31 replay attack masquerade which involves use of previously transmitted messages 3.32 sequence number time variant parameter whose value is taken from a specified sequence which is non-repeating within a certain time period NOTE See also Annex B. 3.33 symmetric cryptographic technique cryptographic technique that uses the same secret key for both the originator’s and the recipient’s transformation NOTE Without knowledge of the secret key, it is computationally infeasible to compute either the originator’s or the recipient’s transformation. 3.34 symmetric encryption algorithm encryption algorithm that uses the same secret key for both the originator’s and the recipient’s transformation 3.35 time stamp time variant parameter which denotes a point in time with respect to a common reference NOTE See also Annex B. 3.36 time variant parameter data item used to verify that a message is not a replay, such as a random number, a time stamp or a sequence number NOTE See also Annex B. 3.37 token message consisting of data fields relevant to a particular communication and which contains information that has been transformed using a cryptographic technique 3.38 trusted third party security authority or its agent, trusted by other entities with respect to security related activities NOTE In the context of ISO/IEC 9798, a trusted third party is trusted by a claimant and/or a verifier for the purposes of authentication. 3.39 unilateral authentication entity authentication which provides one entity with assurance of the other’s identity but not vice versa 3.40 verifier entity which is or represents the entity requiring an authenticated identity NOTE A verifier includes the functions necessary for engaging in authentication exchanges.
The general model for entity authentication mechanisms is shown in Figure 1. It is not essential that all the entities and exchanges are present in every authentication mechanism. For the authentication mechanisms specified in the other parts of ISO/IEC 9798, for unilateral authentication, entity A is considered the claimant, and entity B is considered the verifier. For mutual authentication, A and B each take the roles of both claimant and verifier. For authentication purposes, the entities generate and exchange standardised messages, called tokens. It takes the exchange of at least one token for unilateral authentication and the exchange of at least two tokens for mutual authentication. An additional pass may be needed if a challenge has to be sent to initiate the authentication exchange. Additional passes may be needed if a trusted third party is involved. In Figure 1 the lines indicate potential information flow. Entities A and B may directly interact with each other, directly interact with the trusted third party through B or A respectively, or use information issued by the trusted third party. The details of the authentication mechanisms of ISO/IEC 9798 are specified in the subsequent parts. 6 General requirements and constraints In order that an entity can authenticate another entity, both shall use a common set of cryptographic techniques and parameters. During the operational life of a key, the values of all time-variant parameters on which the key operates (i.e. time stamps, sequence numbers and random numbers) shall be non-repeating, at least with overwhelming probability.

Download
The previous

ISO 25947-5:2017 pdf - Fireworks — Categories 1, 2 and 3 — Part 5: Requirements for construction and performance

The next

ISO/IEC 10373-3:2010 pdf - Identification cards — Test methods — Part 3: Integrated circuit cards with contacts and related interface devices

Related Standards