Codes & Standards - Purchase
CAN/CSA-ISO/IEC 11770-3-01
Information Technology - Security Techniques - Key Management - Part 3: Mechanisms Using Asymmetric Techniques (Adopted ISO/IEC 11770-3:1999, first edition, 1999-11-01)
SKU: 2414373
Published by CSA Group
Publication Year 2001
35 pages
Withdrawn
Product Details
Scope
This part of ISO/IEC 11770 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals:
1. Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism the secret key is the result of a data exchange between the two entities A and B. Neither of them can predetermine the value of the shared secret key.
2. Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key transport. In a secret key transport mechanism the secret key is chosen
by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques.
3. Make an entity's public key available to other entities by key transport. In a public key transport mechanism, the public key of an entity A must be transferred to other entities in an authenticated way, but not requiring secrecy.
4. Some of the mechanisms of this part of ISO/IEC 11770 are based on the corresponding authentication mechanisms in ISO/IEC 9798-
This part of ISO/IEC 11770 does not cover aspects of key management such as
- key lifecycle management,
- mechanisms to generate or validate asymmetric key pairs,
- mechanisms to store, archive, delete, destroy, etc. keys.
While this part of ISO/IEC 11770 does not explicitly cover the distr ibution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this.
This part of ISO/IEC 11770 does not cover the implementations of the transformations used in the key management mechanisms.
NOTE - To achieve authenticity of key management messages it is possible to make provisions for authenticity within the key establishment protocol or to use a public key signature system to sign the key exchange messages.
This part of ISO/IEC 11770 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals:
1. Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism the secret key is the result of a data exchange between the two entities A and B. Neither of them can predetermine the value of the shared secret key.
2. Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key transport. In a secret key transport mechanism the secret key is chosen
by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques.
3. Make an entity's public key available to other entities by key transport. In a public key transport mechanism, the public key of an entity A must be transferred to other entities in an authenticated way, but not requiring secrecy.
4. Some of the mechanisms of this part of ISO/IEC 11770 are based on the corresponding authentication mechanisms in ISO/IEC 9798-
This part of ISO/IEC 11770 does not cover aspects of key management such as
- key lifecycle management,
- mechanisms to generate or validate asymmetric key pairs,
- mechanisms to store, archive, delete, destroy, etc. keys.
While this part of ISO/IEC 11770 does not explicitly cover the distr ibution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this.
This part of ISO/IEC 11770 does not cover the implementations of the transformations used in the key management mechanisms.
NOTE - To achieve authenticity of key management messages it is possible to make provisions for authenticity within the key establishment protocol or to use a public key signature system to sign the key exchange messages.