ISO IEC 11770-3 2021 AMD1 2025.docx

《ISO IEC 11770-3 2021 AMD1 2025.docx》由会员分享，可在线阅读，更多相关《ISO IEC 11770-3 2021 AMD1 2025.docx（7页珍藏版）》请在第壹文秘上搜索。

1、IECInternationalStandardISO/IEC11770-3Fourthedition2021-10AMENDMENT12025-04ISO/IEC2025InformationsecurityKeymanagement一Part3:MechanismsusingasymmetrictechniquesAMENDMENT1:TFNSidentity-basedkeyagreementSecuritedeinformationGestiondeclesPartie3:MecanismesUtilisantdestechniquesasymetriquesAMENDEMENT1:A

2、ccorddeclebaseesurUidentiteTFNSReferencenumberISO/IEC11770-3:2021/Amd.l:2025(en)COPYRIGHTPROTECTEDDOCUMENTISO/IEC2025Allrightsreserved.Unlessotherwisespecified,orrequiredinthecontextofitsimplementation,nopartofthispublicationmaybereproducedorutilizedotherwiseinanyformorbyanymeans,electronicormechani

3、cal,includingphotocopying,orpostingontheinternetoranintranet,withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOattheaddressbeloworISO,smemberbodyinthecountryoftherequester.ISOcopyrightofficeCP401Ch.deBlandonnet8CH-1214Vernier,GenevaPhone:+41227490111Email:copyrightiso.orgWebsite:www

4、.iso.orgPublishedinSwitzerlandForewordISO(theInternationalOrganizationforStandardization)andIEC(theInternationalElectrotechnicalCommission)formthespecializedsystemforworldwidestandardization.NationalbodiesthataremembersofISOorIECparticipateinthedevelopmentofInternationalStandardsthroughtechnicalcomm

5、itteesestablishedbytherespectiveorganizationtodealwithparticularfieldsoftechnicalactivity.ISOandIECtechnicalcommitteescollaborateinfieldsofmutualinterest.Otherinternationalorganizations,governmentalandnon-governmental,inliaisonwithISOandIEC,alsotakepartinthework.Theproceduresusedtodevelopthisdocumen

6、tandthoseintendedforitsfurthermaintenancearedescribedintheISO/IECDirectives,Part1.Inparticular,thedifferentapprovalcriterianeededforthedifferenttypesofdocumentshouldbenoted.ThisdocumentwasdraftedinaccordancewiththeeditorialrulesoftheISO/IECDirectives,Part2(seeWWW.iso.org/directivesorwww.iec.ch/membe

7、rsexpvrts/refdocs).ISOandIECdrawattentiontothepossibilitythattheimplementationofthisdocumentmayinvolvetheuseof（八）patent(三),ISOandIECtakenopositionconcerningtheevidence,validityorapplicabilityofanyclaimedpatentrightsinrespectthereof.Asofthedateofpublicationofthisdocument,ISOandIEChadreceivednoticeof（

8、八）patent(三)whichmayberequiredtoimplementthisdocument.However,Implementersarecautionedthatthismaynotrepresentthelatestinformation,whichmaybeobtainedfromthepatentdatabaseavailableatWWW.isdorg/PatentSandhttps:/patents.iec.ch.ISOandIECshallnotbeheldresponsibleforidentifyinganyorallsuchpatentrights.Anytr

9、adenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.Foranexplanationofthevoluntarynatureofstandards,themeaningofISOspecifictermsandexpressionsrelatedtoconformityassessment,aswellasinformationaboutISOsadherencetotheWorldTradeOrganization(WTO)principles

10、intheTechnicalBarrierstoTrade(TBT)seeWWW.iso.org/iso/foreword.html.IntheEC,seeWWW.iec.ch/UndVrStanding-standards.ThisdocumentwaspreparedbyTechnicalCommitteeISO/IECJTC1,Informationtechnology,SubcommitteeSC27,Informationsecurity,cybersecurityandprivacyprotection.AlistofallpartsintheISO/IEC11770seriesc

11、anbefoundontheISOwebsite.Anyfeedbackorquestionsonthisdocumentshouldbedirectedtotheusersnationalstandardsbody.Acompletelistingofthesebodiescanbefoundatwww.iso.org/mDmbers.htmlandwww.iec.ch/national-committees.InformationsecurityKeymanagement一Part3:MechanismsusingasymmetrictechniquesAMENDMENT1:TFNSide

12、ntity-basedkeyagreementAnnexBAtthebottomofTableB.I1insertthesecondrowofthefollowingtable:Mechanism#passesImplicitkeyauthenticationKeyconfirmationEntityauthenticationPublickeyoperationsForwardsecrecyKeyfreshnessUnlinkableF.62A,BOptNo(5F1FPA,BA,BNoAnnexFAddnewClauseF.6asfollows:F.6TFNSidentity-basedke

13、yagreementTFNSProtOCoIW,52jsa11exampleofthekeyagreementmechanism15,whichisidentity-basedinthefollowingsense: theprivatekeyofanentitycanbecomputedfromsomecombinationofitsidentityandaprivatekeyofatrustedthirdparty;theentitygetsitsprivatekeyfromthethirdparty; thepublickeyofanentitycanbecomputedfromsome

14、combinationofitsidentityandapublickeyofatrustedthirdparty; theauthenticityofthepublickeyisnotdirectlyverified,butthethirdpartyonlyissuestheprivatekeytotheentityifitsidentityisvalid.ThiskeyagreementmechanismestablishesasharedsecretbetweenentitiesAandBintwopasses,asshowninFigure12.Inthefollowing,disti

15、ncthashfunctionshash7(mforj=1,2,3mapaconcatenationofmessagestoanintegerintherange0v.ln-l.Priortotheprocessofagreeingonasharedsecretkey,inadditiontothecommoninformation,thefollowingshallbeestablished: foratrustedthirdpartyT,aprivatekeydandapublickeyPip(G1),whichisanellipticcurvepointsatisfyingP=dG1.S

16、eeISO/IEC15946-1foradescriptionofhowtogeneratethiskeypair; foreachentityX(4,B),anidentityrepresentationi,即hichisanintegercomputedasix=hash1(X),andaprivatekey-agreementkey,whichiscomputedasDx=(d7i)1modn)G2in(G2); foreachentityorB,accesstoanauthenticcopyofthepublickeyofthethirdpartyandtheidentityofthe