Codes & Standards - Purchase
ISO/IEC 9798-6:2010 specifies mechanisms in which entity authentication is achieved by
- manually transferring short data strings from one device to the other, or
- manually comparing short data strings output by the two devices.
In ISO/IEC 9798-6:2010, the meaning of the term entity authentication is different from the meaning applied in other parts of ISO/IEC 9798. Instead of one device verifying that the other device has a claimed identity (and vice versa), both devices in possession of a user verify that they correctly share a data string with the other device at the time of execution of the mechanism. This data string could contain identifiers (and/or public keys) for one or both of the devices.