ISO/IEC JTC 1/SC 27
| Projekta Nr. | ISO/IEC 11770-3:2008 |
|---|---|
| Nosaukums | <p>ISO/IEC 11770-3:2008 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals.</p> <ol> <li>Establish a shared secret key for a symmetric cryptographic technique between two entities <i>A</i> and <i>B</i> by key agreement. In a secret key agreement mechanism, the secret key is the result of a data exchange between the two entities <i>A</i> and <i>B</i>. Neither of them can predetermine the value of the shared secret key.</li> <li>Establish a shared secret key for a symmetric cryptographic technique between two entities <i>A</i> and <i>B</i> by key transport. In a secret key transport mechanism, the secret key is chosen by one entity <i>A</i> and is transferred to another entity <i>B</i>, suitably protected by asymmetric techniques.</li> <li>Make an entity's public key available to other entities by key transport. In a public key transport mechanism, the public key of entity <i>A</i> must be transferred to other entities in an authenticated way, but not requiring secrecy.</li> </ol> <p>Some of the mechanisms of ISO/IEC 11770-3:2008 are based on the corresponding authentication mechanisms in ISO/IEC 9798-3.</p> <p>ISO/IEC 11770-3:2008 does not cover aspects of key management such as</p> <ul> <li>key lifecycle management,</li> <li>mechanisms to generate or validate asymmetric key pairs,</li> <li>mechanisms to store, archive, delete, destroy, etc. keys.</li> </ul> <p>While ISO/IEC 11770-3:2008 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means like smart cards, etc.</p> <p>ISO/IEC 11770-3:2008 does not cover the implementations of the transformations used in the key management mechanisms.</p> |
| Reģistrācijas numurs (WIID) | 46542 |
| Darbības sfēra | <p>ISO/IEC 11770-3:2008 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals.</p> <ol> <li>Establish a shared secret key for a symmetric cryptographic technique between two entities <i>A</i> and <i>B</i> by key agreement. In a secret key agreement mechanism, the secret key is the result of a data exchange between the two entities <i>A</i> and <i>B</i>. Neither of them can predetermine the value of the shared secret key.</li> <li>Establish a shared secret key for a symmetric cryptographic technique between two entities <i>A</i> and <i>B</i> by key transport. In a secret key transport mechanism, the secret key is chosen by one entity <i>A</i> and is transferred to another entity <i>B</i>, suitably protected by asymmetric techniques.</li> <li>Make an entity's public key available to other entities by key transport. In a public key transport mechanism, the public key of entity <i>A</i> must be transferred to other entities in an authenticated way, but not requiring secrecy.</li> </ol> <p>Some of the mechanisms of ISO/IEC 11770-3:2008 are based on the corresponding authentication mechanisms in ISO/IEC 9798-3.</p> <p>ISO/IEC 11770-3:2008 does not cover aspects of key management such as</p> <ul> <li>key lifecycle management,</li> <li>mechanisms to generate or validate asymmetric key pairs,</li> <li>mechanisms to store, archive, delete, destroy, etc. keys.</li> </ul> <p>While ISO/IEC 11770-3:2008 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means like smart cards, etc.</p> <p>ISO/IEC 11770-3:2008 does not cover the implementations of the transformations used in the key management mechanisms.</p> |
| Statuss | Atcelts |
| ICS grupa | 35.040 35.030 |