| Name |
Description |
Abstract |
Status |
Publication date |
Edition |
Number of pages |
Technical committee |
ICS |
| ISO/IEC 33071:2016/Cor 1 |
Information technology — Process assessment — An integrated process capability assessment model for Enterprise processes — Technical Corrigendum 1 |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC 38500:2015 |
Information technology — Governance of IT for the organization |
ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations.
It also provides guidance to those advising, informing, or assisting governing bodies. They include the following:
executive managers;
members of groups monitoring the resources within the organization;
external business or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies;
internal and external service providers (including consultants);
auditors.
ISO/IEC 38500:2015 applies to the governance of the organization's current and future use of IT including management processes and decisions related to the current and future use of IT. These processes can be controlled by IT specialists within the organization, external service providers, or business units within the organization.
ISO/IEC 38500:2015 defines the governance of IT as a subset or domain of organizational governance, or in the case of a corporation, corporate governance.
ISO/IEC 38500:2015 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. ISO/IEC 38500:2015 is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.
The purpose of ISO/IEC 38500:20015 is to promote effective, efficient, and acceptable use of IT in all organizations by:
assuring stakeholders that, if the principles and practices proposed by the standard are followed, they can have confidence in the organization's governance of IT,
informing and guiding governing bodies in governing the use of IT in their organization, and
establishing a vocabulary for the governance of IT.
|
Published |
2015-02 |
Edition : 2 |
Number of pages : 12 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC DIS 38500 |
Information technology — Governance of IT for the organization |
|
Under development |
|
Edition : 3 |
Number of pages : 21 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC TS 38501:2015 |
Information technology — Governance of IT — Implementation guide |
ISO/IEC TS 38501:2015 provides guidance on how to implement arrangements for effective governance of IT within an organization.
|
Published |
2015-04 |
Edition : 1 |
Number of pages : 15 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC TR 38502:2014 |
Information technology — Governance of IT — Framework and model |
ISO/IEC TR 38502:2014 provides guidance on the nature and mechanisms of governance and management together with the relationships between them, in the context of IT within an organization.
The purpose of ISO/IEC TR 38502:2014 is to provide information on a framework and model that can be used to establish the boundaries and relationships between governance and management of an organization's current and future use of IT.
It provides guidance for:
governing bodies;
managers who have to work within the authority and accountability established by governance;
advisors or those assisting in the governance of organizations of all sizes and types; and
developers of standards in the areas of governance of IT and management of IT.
|
Withdrawn |
2014-02 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC TR 38502:2017 |
Information technology — Governance of IT — Framework and model |
ISO/IEC TR 38502:2017 provides guidance on the nature and mechanisms of governance and management together with the relationships between them, in the context of IT within an organization.
The purpose of this document is to provide information on a framework and model that can be used to establish the boundaries and relationships between governance and management of an organization's current and future use of IT.
ISO/IEC TR 38502:2017 provides guidance for:
- governing bodies;
- managers who work within the authority and accountability established by governance;
- advisors or those assisting in the governance of organizations of all sizes and types; and
- developers of standards in the areas of governance of IT and management of IT.
|
Published |
2017-12 |
Edition : 2 |
Number of pages : 11 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC 38503:2022 |
Information technology — Governance of IT — Assessment of the governance of IT |
This document provides guidance on the assessment of governance of information technology (IT) based on the principles, definitions and model for the governance of IT outlined in ISO/IEC 38500 and ISO/IEC TR 38502 and the implementation considerations outlined in ISO/IEC TS 38501.
This document includes approaches for conducting the assessment, the criteria against which the assessment can be made, guidance on the evidence that can be used for the assessment, as well as a method for determining the maturity of the organization’s governance of IT.
This document is applicable to organizations of all sizes, regardless of the extent of their use of IT.
|
Published |
2022-01 |
Edition : 1 |
Number of pages : 24 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC TR 38504:2016 |
Governance of information technology — Guidance for principles-based standards in the governance of information technology |
ISO/IEC TR 38504:2016 provides guidance on the information required to support principles-based standards in the area of governance and management of information technology.
Guidance includes general recommendations, identification of elements and advice for their formulation. It does not describe the detail of specific principles or how they are aggregated into specific guidance to fulfil business objectives and achieve business outcomes from the use of IT.
|
Published |
2016-09 |
Edition : 1 |
Number of pages : 8 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC 9797-3:2011 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 3: Mechanisms using a universal hash-function |
ISO/IEC 9797-3:2011 specifies the following Message Authentication Code (MAC) algorithms that use a secret key and a universal hash-function with an n-bit result to calculate an m-bit MAC based on the block ciphers specified in ISO/IEC 18033-3 and the stream ciphers specified in ISO/IEC 18033-4:
UMAC;
Badger;
Poly1305-AES;
GMAC.
|
Published |
2011-11 |
Edition : 1 |
Number of pages : 25 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 38505-1:2017 |
Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data |
ISO/IEC 38505-1:2017 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of data within their organizations by
- applying the governance principles and model of ISO/IEC 38500 to the governance of data,
- assuring stakeholders that, if the principles and practices proposed by this document are followed, they can have confidence in the organization's governance of data,
- informing and guiding governing bodies in the use and protection of data in their organization, and
- establishing a vocabulary for the governance of data.
ISO/IEC 38505-1:2017 can also provide guidance to a wider community, including:
- executive managers,
- external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies,
- internal and external service providers (including consultants), and
- auditors.
While this document looks at the governance of data and its use within an organization, guidance on the implementation arrangement for the effective governance of IT in general is found in ISO/IEC/TS 38501. The constructs in ISO/IEC/TS 38501 can help to identify internal and external factors relating to the governance of IT and help to define beneficial outcomes and identify evidence of success.
ISO/IEC 38505-1:2017 applies to the governance of the current and future use of data that is created, collected, stored or controlled by IT systems, and impacts the management processes and decisions relating to data.
ISO/IEC 38505-1:2017 defines the governance of data as a subset or domain of the governance of IT, which itself is a subset or domain of organizational, or in the case of a corporation, corporate governance.
ISO/IEC 38505-1:2017 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. This document is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their dependence on data.
|
Published |
2017-04 |
Edition : 1 |
Number of pages : 20 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC TR 38505-2:2018 |
Information technology — Governance of IT — Governance of data — Part 2: Implications of ISO/IEC 38505-1 for data management |
This document provides guidance to the members of governing bodies of organizations and their executive managers on the implications of ISO/IEC 38505-1 for data management. It assumes understanding of the principles of ISO/IEC 38500 and familiarization with the data accountability map and associated matrix of considerations, as presented in ISO/IEC 38505-1.
This document enables an informed dialogue between the governing body and the senior/executive management team of an organization to ensure that the data use throughout the organization aligns with the strategic direction set by the governing body.
This document covers the following:
— identifying the information that a governing body requires in order to evaluate and direct the strategies and policies relating to a data-driven business;
— identifying the capabilities and potential of measurement systems that can be used to monitor the performance of data and its uses.
|
Published |
2018-06 |
Edition : 1 |
Number of pages : 36 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC TS 38505-3:2021 |
Information technology — Governance of data — Part 3: Guidelines for data classification |
This document provides essential guidance for members of governing bodies of organizations and management on the use of data classification as a means to support the organization’s overall data governance policy and associated systems. It sets out important factors to be considered in developing and deploying a data classification system.
|
Published |
2021-12 |
Edition : 1 |
Number of pages : 17 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC 38506:2020 |
Information technology — Governance of IT — Application of ISO/IEC 38500 to the governance of IT enabled investments |
This document provides guidance on governance of IT enabled investments to the governing body of all forms of organizations, whether private, public or government entities, and will equally apply regardless of the size of the organization or its industry or sector. The terms business and business outcome throughout this document include all forms of organization covered by this document.
The document also provides guidance to other parties interacting with governing bodies such as project personnel, accountants, management consultants, investment portfolio managers and governance support staff.
IT enabled investments within the scope of this document could be investments of any scale from acquiring businesses to any business change incorporating IT, building new business services or addressing effectiveness and efficiency gains in IT operational services to gain competitive edge, whether those services are internal or provided by external parties.
Resource allocation for strategic innovation is addressed by providing guidance to the governing body's decision for investment resource allocation between short-, medium- and long-term innovation projects.
This document also provides guidance that can be applied in the due diligence process related to business acquisitions. This document may provide guidance on the application of the principles documented in ISO/IEC 38500 for ranking IT enabled investments including assessing the value and risks of IT elements in the context of investment banking or as performed by investment companies.
This document does not prescribe or define specific management practices required for IT enabled investments.
ISO/IEC TS 38501 contains guidance on the implementation arrangement for the effective governance of IT in general. The constructs in ISO/IEC TS 38501 can help to identify internal and external factors relating to the governance of IT and to define beneficial outcomes and identify evidence of success. ISO/IEC TR 38502 contains guidance on the integration between the governing body and management of an organization in general.
This document is written in accordance with the principles of ISO/IEC TR 38504:2016.
|
Published |
2020-02 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC 38507:2022 |
Information technology — Governance of IT — Governance implications of the use of artificial intelligence by organizations |
This document provides guidance for members of the governing body of an organization to enable and govern the use of Artificial Intelligence (AI), in order to ensure its effective, efficient and acceptable use within the organization.
This document also provides guidance to a wider community, including:
— executive managers;
— external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies;
— public authorities and policymakers;
— internal and external service providers (including consultants);
— assessors and auditors.
This document is applicable to the governance of current and future uses of AI as well as the implications of such use for the organization itself.
This document is applicable to any organization, including public and private companies, government entities and not-for-profit organizations. This document is applicable to an organization of any size irrespective of their dependence on data or information technologies.
|
Published |
2022-04 |
Edition : 1 |
Number of pages : 28 |
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC CD TS 38508 |
Information Technology — Governance of IT — Governance Implications of the Use of Shared Digital Service Platform among Ecosystem Organizations |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.020
Information technology (IT) in general
|
| ISO/IEC CD 42006 |
Information technology — Artificial intelligence — Requirements for bodies providing audit and certification of artificial intelligence management systems |
This document specifies additional requirements for ISO/IEC 17021-1 in order to enable accredited and or peer assessed certification bodies to reliably audit the management system for organizations that develop or use AI systems or both according to ISO/IEC 42001 and to make an evaluation and decision for certification. The application of this document enables the certification bodies to meet the specific technical features and the particular risks in dealing with AI systems according to ISO/IEC 42001. This allows accreditation bodies and peer assessors to assess the competencies of conformity assessment bodies in an efficient and harmonized way and ensures the comparability and reproducibility of certificates confirming conformity with ISO/IEC 42001.
The requirements contained in this document shall be demonstrated by any body providing AIMS certification.
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.020
Information technology (IT) in general
;
03.120.20
Product and company certification. Conformity assessment
|
| ISO/IEC TR 90006:2013 |
Information technology — Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011 |
ISO/IEC TR 90006:2013 provides guidelines for the application of ISO 9001:2008 to service management for IT services. Examples provided in the guidelines are for service management of IT services.
Additionally, ISO/IEC TR 90006:2013 provides guidelines for the alignment and integration of a QMS and SMS in organizations where services are being delivered to internal or external customers. The guidelines about integration provided can be applicable to a scope including IT services and other non-IT services as required.
ISO/IEC TR 90006:2013 provides a comparison of the requirements of ISO 9001:2008 and ISO/IEC 20000-1:2011. It highlights those areas where there is the greatest similarity between the two management systems, and where there are differences between the two.
ISO/IEC TR 90006:2013 cites and explains the requirements of ISO 9001:2008 in its application to service management and its integration with ISO/IEC 20000-1:2011, but does not add to or otherwise change the requirements of ISO 9001 or ISO/IEC 20000-1.
The guidelines provided in ISO/IEC TR 90006:2013 are not intended to be used as criteria for conformity assessments or audits.
ISO/IEC TR 90006:2013 can apply to organizations of all sizes, sectors, and types with different organizational forms or business models.
ISO/IEC TR 90006:2013 can be used by:
auditors and assessors looking for guidelines on audits for ISO 9001:2008 with a scope that includes services and service management;
auditors and assessors looking for guidelines on integrated audits for ISO 9001:2008 and ISO/IEC 20000-1:2011 with a scope that includes services and service management;
organizations implementing a QMS with a scope that includes services and service management;
organizations implementing an integrated management system using the requirements of ISO 9001:2008 and ISO/IEC 20000-1:2011.
|
Withdrawn |
2013-11 |
Edition : 1 |
Number of pages : 80 |
Technical Committee |
35.020
Information technology (IT) in general
;
03.100.70
Management systems
|
| IWA 17:2014 |
Information and operations security and integrity requirements for lottery and gaming organizations |
IWA 17:2014 covers all types of lottery and gaming organizations, including commercial enterprises, government agencies and non-profit organizations. IWA 17:2014 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented security and integrity system within the context of the organization's overall risks. It specifies the requirements for the implementation of security and integrity controls applicable to the needs of individual organizations, so that the security and integrity management systems can be designed to ensure the selection of adequate and proportionate security and integrity controls that protect assets and give confidence to interested parties.
The requirements set out in IWA 17:2014 are generic and are intended to be applicable to all organizations, regardless of type, size and nature.
|
Withdrawn |
2014-12 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/TR 3242:2022 |
Blockchain and distributed ledger technologies – Use cases |
This document lists use cases that summarise common capabilities and usage patterns for attributes of distributed ledger technologies including the blockchain in order to help standards and technology development. This document includes use cases reflecting a range of industry sectors, processes and specific applications.
This document can inform decision-makers considering or involved in applying these new technologies, including business, academia, government, technical and standards bodies.
|
Published |
2022-10 |
Edition : 1 |
Number of pages : 190 |
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/IEC PRF 4922-1 |
Information security — Secure multiparty computation — Part 1: General |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.030
IT Security
|
| ISO/IEC DIS 4922-2 |
Information security — Secure multiparty computation — Part 2: Mechanisms based on secret sharing |
|
Under development |
|
Edition : 1 |
Number of pages : 33 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC PRF TR 5891 |
Information security, cybersecurity and privacy protection — Hardware monitoring technology for hardware security assessment |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 5895:2022 |
Cybersecurity — Multi-party coordinated vulnerability disclosure and handling |
This document clarifies and increases the application and implementation of ISO/IEC 30111 and ISO/IEC 29147 in multi-party coordinated vulnerability disclosure (MPCVD) settings, including the evolving commonly adopted practices in this area, by articulating:
— The MPCVD life cycle and application of coordinated vulnerability disclosure (CVD) stages (preparation, receipt, verification, remediation[1] development, release, post-release) in MPCVD settings.
— Stakeholders involved in MPCVD include users, vendors (coordinating, mitigating, and dependent vendors), reporters, and non-vendor coordinators (entities defined in ISO/IEC 29147 and ISO/IEC 30111).
— The exchange of information between stakeholders during the vulnerability handling and disclosure process in a MPCVD settings.
Clarifying the application of ISO/IEC 30111 and ISO/IEC 29147 in MPCVD settings illustrates the benefits of vulnerability disclosure processes.
[1] Remediation is a defined term used in ISO/IEC 30111 and ISO/IEC 29147. This document uses the term "remediation" and verb “remediate” in the context of this definition.
|
Published |
2022-06 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 7064:2003 |
Information technology — Security techniques — Check character systems |
ISO/IEC 7064:2002 specifies a set of check character systems capable of protecting strings against errors which occur when people copy or key data. The strings may be of fixed or variable length and may have character sets which are
numeric (10 digits: 0 to 9);alphabetic (26 letters: A to Z);alphanumeric (letters and digits).
Embedded spaces and special characters are ignored.
ISO/IEC 7064:2002 specifies conformance requirements for products described as generating check characters or checking strings using the systems given in this International Standard.
ISO/IEC 7064:2002 is for use in information interchange between organizations; it is also strongly recommended as good practice for internal information systems.
The check character systems specified in ISO/IEC 7064:2002 can detect:
all single substitution errors (the substitution of a single character for another, for example 4234 for 1234);all or nearly all single (local) transposition errors (the transposition of two single characters, either adjacent or with one character between them, for example 12354 or 12543 for 12345);all or nearly all shift errors (shifts of the whole string to the left or right);a high proportion of double substitution errors (two separate single substitution errors in the same string, for example 7234587 for 1234567);a high proportion of all other errors.
ISO/IEC 7064:2002 excludes systems designed specifically to:
permit both error detection and automatic correction;detect deliberate falsification;check strings interchanged solely between machines.
ISO/IEC 7064:2002 specifies two types of systems:
pure systems;hybrid systems.
The pure systems use a single modulus for all stages of the calculation.
|
Published |
2003-02 |
Edition : 1 |
Number of pages : 13 |
Technical Committee |
35.030
IT Security
|
| ISO 8372:1987 |
Information processing — Modes of operation for a 64-bit block cipher algorithm |
Defines four modes for any 64-bit block cipher algorithm using a secret key for applications such as data transmission, data storage authentication. Defines the formation of the starting variable and the values of parameters. Reference: ANSI X3.92-1981.
|
Withdrawn |
1987-07 |
Edition : 1 |
Number of pages : 6 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC DTS 9569 |
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Patch Management Extension for the ISO/IEC 15408 series and ISO/IEC 18045 |
This document specifies an extension for the ISO/IEC 15408 series and ISO/IEC 18045 to specify patch management requirements.
The document focuses on the initial TOE. The security assurance requirements specified in this document do not include evaluation or test activities on the final TOE, but on the initial TOE and on the life cycle processes used by manufacturers. Additionally, this document gives guidance to facilitate the evaluation of the TOE including the patch and development processes which support the patch management.
This document lists options for evaluation authorities (or mutual recognition agreements) on how to utilize the additional assurance and additional evidence in their processes to enable the developer to consistently re-certify their updated or patched TOEs to the benefit of the users of these TOEs. The implementation of these options by an evaluation scheme is out of the scope of this document.
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-2:1997 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Mechanisms using a hash-function |
|
Withdrawn |
1997-08 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-2:2002 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms |
ISO/IEC 9796-2:2002 specifies three digital signature schemes giving message recovery, two of which are deterministic (non-randomized) and one of which is randomized. The security of all three schemes is based on the difficulty of factorizing large numbers. All three schemes can provide either total or partial message recovery.
The method for key production for the three signature schemes is specified in this part of ISO/IEC 9796. However, techniques for key management and for random number generation (as required for the randomized signature scheme), are outside the scope of this part of ISO/IEC 9796.
Users of this International Standard are, wherever possible, recommended to adopt the second mechanism (Digital signature scheme 2). However, in environments where generation of random variables by the signer is deemed infeasible, then Digital signature scheme 3 is recommended. Digital signature scheme 1 shall only be used in environments where compatibility is required with systems implementing the first edition of this International Standard. However, Digital signature scheme 1 is only compatible with systems implementing the first edition of this International Standard that use hash-codes of at least 160 bits.
|
Withdrawn |
2002-10 |
Edition : 2 |
Number of pages : 47 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-2:2002/Amd 1:2008 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms — Amendment 1 |
|
Withdrawn |
2008-01 |
Edition : 2 |
Number of pages : 4 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-2:2010 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms |
ISO/IEC 9796-2:2010 specifies three digital signature schemes giving message recovery, two of which are deterministic (non-randomized) and one of which is randomized. The security of all three schemes is based on the difficulty of factorizing large numbers. All three schemes can provide either total or partial message recovery.
ISO/IEC 9796-2:2010 specifies the method for key production for the three signature schemes. However, techniques for key management and for random number generation (as required for the randomized signature scheme), are outside the scope of ISO/IEC 9796-2:2010.
The first mechanism specified in ISO/IEC 9796-2:2010 is only applicable for existing implementations, and is retained for reasons of backward compatibility.
|
Published |
2010-12 |
Edition : 3 |
Number of pages : 54 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-3:2000 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms |
|
Withdrawn |
2000-04 |
Edition : 1 |
Number of pages : 25 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-3:2006 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms |
A digital signature in electronic exchange of information provides the same kind of facilities that are expected from a handwritten signature in paper-based mail. Hence it is applicable to providing entity authentication, data origin authentication, non-repudiation, and integrity of data.
ISO/IEC 9796-3:2006 specifies digital signature mechanisms giving partial or total message recovery aiming at reducing storage and transmission overhead.
ISO/IEC 9796-3:2006 specifies mechanisms based on the discrete logarithm problem of a finite field or an elliptic curve over a finite field.
ISO/IEC 9796-3:2006 defines types of redundancy: natural redundancy, added redundancy, or both.
ISO/IEC 9796-3:2006 gives the general model for digital signatures giving partial or total message recovery aiming at reducing storage and transmission overhead.
ISO/IEC 9796-3:2006 specifies six digital signature schemes giving data recovery: NR, ECNR, ECMR, ECAO, ECPV, and ECKNR. NR is defined on a prime field; ECNR, ECMR, ECAO, ECPV, and ECKNR are defined on an elliptic curve over a finite field.
|
Published |
2006-09 |
Edition : 2 |
Number of pages : 69 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796:1991 |
Information technology — Security techniques — Digital signature scheme giving message recovery |
|
Withdrawn |
1991-09 |
Edition : 1 |
Number of pages : 12 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-1:1999 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher |
|
Withdrawn |
1999-12 |
Edition : 1 |
Number of pages : 16 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-1:2011 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher |
ISO/IEC 9797-1:2011 specifies six MAC algorithms that use a secret key and an n-bit block cipher to calculate an m-bit MAC.
ISO/IEC 9797-1:2011 can be applied to the security services of any security architecture, process, or application.
Key management mechanisms are outside the scope of ISO/IEC 9797-1:2011.
ISO/IEC 9797-1:2011 specifies object identifiers that can be used to identify each mechanism in accordance with ISO/IEC 8825-1. Numerical examples and a security analysis of each of the six specified algorithms are provided, and the relationship of ISO/IEC 9797-1:2011 to previous standards is explained.
|
Published |
2011-03 |
Edition : 2 |
Number of pages : 40 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-1:2011/DAmd 1 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher — Amendment 1 |
|
Under development |
|
Edition : 2 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-2:2002 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function |
ISO/IEC 9797-2:2002 specifies three MAC algorithms that use a secret key and a hash-function (or its round-function) with an n-bit result to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorised manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key. The strength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the length (in bits) n of a hash-code produced by the hash-function, on the strength of the hash-function, on the length (in bits) m of the MAC, and on the specific mechanism.
The three mechanisms specified in ISO/IEC 9797-2:2002 are based on the dedicated hash-functions specified in ISO/IEC 10118-3. The first mechanism specified in ISO/IEC 9797-2:2002 is commonly known as MDx-MAC. It calls the complete hash-function once, but it makes a small modification to the round-function by adding a key to the additive constants in the round-function. The second mechanism specified in ISO/IEC 9797-2:2002 is commonly known as HMAC. It calls the complete hash-function twice. The third mechanism specified in ISO/IEC 9797-2:2002 is a variant of MDx-MAC that takes as input only short strings (at most 256 bits). It offers a higher performance for applications that work with short input strings only.
ISO/IEC 9797-2:2002 can be applied to the security services of any security architecture, process, or application.
|
Withdrawn |
2002-06 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-2:2011 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function |
Message Authentication Code (MAC) algorithms are data integrity mechanisms that compute a short string (the Message Authentication Code or MAC) as a complex function of every bit of the data and of a secret key. Their main security property is unforgeability: someone who does not know the secret key should not be able to predict the MAC on any new data string.
MAC algorithms can be used to provide data integrity. Their purpose is the detection of any unauthorized modification of the data such as deletion, insertion, or transportation of items within data. This includes both malicious and accidental modifications. MAC algorithms can also provide data origin authentication. This means that they can provide assurance that a message has been originated by an entity in possession of a specific secret key.
ISO/IEC 9797-2:2011 specifies three MAC algorithms that are based on a dedicated hash-function (selected from ISO/IEC 10118-3).
ISO/IEC 9797-2:2011 specifies three MAC algorithms that use a secret key and a hash-function (or its round-function) with an n-bit result to calculate an m-bit MAC.
The strength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the length (in bits) n of the hash-function and its strength, on the length (in bits) m of the MAC, and on the specific mechanism.
The first mechanism specified in ISO/IEC 9797-2:2011 is commonly known as MDx-MAC. It calls the complete hash-function once, but it makes a small modification to the round-function by adding a key to the additive constants in the round-function. The second mechanism specified in ISO/IEC 9797-2:2011 is commonly known as HMAC. It calls the complete hash-function twice. The third mechanism specified in ISO/IEC 9797-2:2011 is a variant of MDx-MAC that takes as input only short strings (at most 256 bits). It offers a higher performance for applications that work with short input strings only.
|
Withdrawn |
2011-05 |
Edition : 2 |
Number of pages : 39 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-2:2021 |
Information security — Message authentication codes (MACs) — Part 2: Mechanisms using a dedicated hash-function |
This document specifies MAC algorithms that use a secret key and a hash-function (or its round-function or sponge function) to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorized manner.
NOTE A general framework for the provision of integrity services is specified in ISO/IEC 10181‑6.
|
Published |
2021-06 |
Edition : 3 |
Number of pages : 52 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-1:2010 |
Information technology — Security techniques — Entity authentication — Part 1: General |
ISO/IEC 9798-1:2010 specifies an authentication model and general requirements and constraints for entity authentication mechanisms which use security techniques. These mechanisms are used to corroborate that an entity is the one that is claimed. An entity to be authenticated proves its identity by showing its knowledge of a secret. The mechanisms are defined as exchanges of information between entities and, where required, exchanges with a trusted third party.
The details of the mechanisms and the contents of the authentication exchanges are given in subsequent parts of ISO/IEC 9798.
|
Published |
2010-07 |
Edition : 3 |
Number of pages : 11 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:1994 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms |
|
Withdrawn |
1994-12 |
Edition : 1 |
Number of pages : 10 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:1999 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms |
|
Withdrawn |
1999-07 |
Edition : 2 |
Number of pages : 11 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:1999/Cor 1:2004 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms — Technical Corrigendum 1 |
|
Withdrawn |
2004-02 |
Edition : 2 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2008 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms |
ISO/IEC 9798-2:2008 specifies entity authentication mechanisms using symmetric encipherment algorithms. Four of the mechanisms provide entity authentication between two entities where no trusted third party is involved; two of these are mechanisms to unilaterally authenticate one entity to another, while the other two are mechanisms for mutual authentication of two entities. The remaining mechanisms require a trusted third party for the establishment of a common secret key, and realize mutual or unilateral entity authentication.
The mechanisms specified in ISO/IEC 9798-2:2008 use time variant parameters such as time stamps, sequence numbers, or random numbers to prevent valid authentication information from being accepted at a later time or more than once.
If no trusted third party is involved and a time stamp or sequence number is used, one pass is needed for unilateral authentication, while two passes are needed to achieve mutual authentication. If no trusted third party is involved and a challenge and response method employing random numbers is used, two passes are needed for unilateral authentication, while three passes are required to achieve mutual authentication. If a trusted third party is involved, any additional communication between an entity and the trusted third party requires two extra passes in the communication exchange.
|
Withdrawn |
2008-12 |
Edition : 3 |
Number of pages : 16 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2008/Cor 1:2010 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms — Technical Corrigendum 1 |
|
Withdrawn |
2010-02 |
Edition : 3 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2008/Cor 2:2012 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms — Technical Corrigendum 2 |
|
Withdrawn |
2012-03 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2008/Cor 3:2013 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms — Technical Corrigendum 3 |
|
Withdrawn |
2013-02 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2019 |
IT Security techniques — Entity authentication — Part 2: Mechanisms using authenticated encryption |
This document specifies entity authentication mechanisms using authenticated encryption algorithms. Four of the mechanisms provide entity authentication between two entities where no trusted third party is involved; two of these are mechanisms to unilaterally authenticate one entity to another, while the other two are mechanisms for mutual authentication of two entities. The remaining mechanisms require an on-line trusted third party for the establishment of a common secret key. They also realize mutual or unilateral entity authentication.
Annex A defines Object Identifiers for the mechanisms specified in this document.
|
Published |
2019-06 |
Edition : 4 |
Number of pages : 15 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-3:1993 |
Information technology — Security techniques — Entity authentication mechanisms — Part 3: Entity authentication using a public key algorithm |
|
Withdrawn |
1993-11 |
Edition : 1 |
Number of pages : 9 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-3:1998 |
Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques |
|
Withdrawn |
1998-10 |
Edition : 2 |
Number of pages : 6 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-3:2019 |
IT Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques |
This document specifies entity authentication mechanisms using digital signatures based on asymmetric techniques. A digital signature is used to verify the identity of an entity.
Ten mechanisms are specified in this document. The first five mechanisms do not involve an on-line trusted third party and the last five make use of on-line trusted third parties. In both of these two categories, two mechanisms achieve unilateral authentication and the remaining three achieve mutual authentication.
Annex A defines the object identifiers assigned to the entity authentication mechanisms specified in this document.
|
Published |
2019-01 |
Edition : 3 |
Number of pages : 25 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-4:1995 |
Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function |
|
Withdrawn |
1995-03 |
Edition : 1 |
Number of pages : 9 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-4:1999 |
Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function |
This part of ISO/IEC 9798 specifies entity authentication mechanisms using a cryptographic check function. Two
mechanisms are concerned with the authentication of a single entity (unilateral authentication), while the remaining
are mechanisms for mutual authentication of two entities.
The mechanisms specified in this part of ISO/IEC 9798 use time variant parameters such as time stamps,
sequence numbers, or random numbers, to prevent valid authentication information from being accepted at a later
time or more than once.
If a time stamp or sequence number is used, one pass is needed for unilateral authentication, while two passes are
needed to achieve mutual authentication. If a challenge and response method employing random numbers is
used, two passes are needed for unilateral authentication, while three passes are required to achieve mutual
authentication.
Examples of cryptographic check functions are given in ISO/IEC 9797.
|
Published |
1999-12 |
Edition : 2 |
Number of pages : 7 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-4:1999/Cor 1:2009 |
Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function — Technical Corrigendum 1 |
|
Published |
2009-09 |
Edition : 2 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-4:1999/Cor 2:2012 |
Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function — Technical Corrigendum 2 |
|
Published |
2012-07 |
Edition : 2 |
Number of pages : 3 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-5:1999 |
Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero knowledge techniques |
|
Withdrawn |
1999-03 |
Edition : 1 |
Number of pages : 29 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-5:2004 |
Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques |
ISO/IEC 9798-5:2004 specifies authentication mechanisms in the form of exchange of information between a claimant and a verifier.
In accordance with the types of calculations that need to be performed by a claimant and the verifier (see Annex C), the mechanisms specified in ISO/IEC 9798-5:2004 can be classified into four main groups.
The first group is characterized by the performance of short modular exponentiations. The challenge size needs to be optimized since it has a proportional impact on workloads.The second group is characterized by the possibility of a "coupon" strategy for the claimant. A verifier can authenticate a claimant without computational power. The challenge size has no impact on workloads.The third group is characterized by the possibility of a "coupon" strategy for the verifier. A verifier without computational power can authenticate a claimant. The challenge size has no impact on workloads.The fourth group has no possibility of a "coupon" strategy.
|
Withdrawn |
2004-12 |
Edition : 2 |
Number of pages : 50 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-5:2009 |
Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques |
ISO/IEC 9798-5:2009 specifies entity authentication mechanisms using zero-knowledge techniques:
mechanisms based on identities and providing unilateral authentication;
mechanisms based on integer factorization and providing unilateral authentication;
mechanisms based on discrete logarithms with respect to numbers that are either prime or composite, and providing unilateral authentication;
mechanisms based on asymmetric encryption systems and providing either unilateral authentication, or mutual authentication;
mechanisms based on discrete logarithms on elliptic curves and providing unilateral authentication.
These mechanisms are constructed using the principles of zero-knowledge techniques, but they are not necessarily zero-knowledge according to the strict definition for every choice of parameters.
|
Published |
2009-12 |
Edition : 3 |
Number of pages : 53 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-1:1996 |
Information technology — Security techniques — Key management — Part 1: Framework |
Defines a general model of key management that is independent of the use of any particular cryptographic algorithm. Identifies the objective of key management, basic concepts and key management services.
|
Withdrawn |
1996-12 |
Edition : 1 |
Number of pages : 21 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-6:2005 |
Information technology — Security techniques — Entity authentication — Part 6: Mechanisms using manual data transfer |
ISO/IEC 9798-6:2005 specifies four entity authentication mechanisms based on manual data transfer between authenticating devices. Such mechanisms may be appropriate in a variety of circumstances. One such application occurs in Personal Area Networks, where the owner of two personal devices capable of wireless communications wishes them to perform an entity authentication procedure as part of the process of preparing them for use in the network. These mechanisms may also be used to support key management functions.
ISO/IEC 9798-6:2005 specifies mechanisms in which entity authentication is achieved by
manually transferring short data strings from one device to the other, ormanually comparing short data strings output by the two devices.
In ISO/IEC 9798-6:2005, the meaning of the term entity authentication is different to the meaning applied in other parts of ISO/IEC 9798. Instead of one device verifying that the other device has a claimed identity (and vice versa), both devices in possession of a user verify that they correctly share a data string with the other device at the time of execution of the mechanism. Of course, this data string could contain identifiers for one or both of the devices.
|
Withdrawn |
2005-08 |
Edition : 1 |
Number of pages : 20 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-6:2005/Cor 1:2009 |
Information technology — Security techniques — Entity authentication — Part 6: Mechanisms using manual data transfer — Technical Corrigendum 1 |
|
Withdrawn |
2009-09 |
Edition : 1 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-6:2010 |
Information technology — Security techniques — Entity authentication — Part 6: Mechanisms using manual data transfer |
ISO/IEC 9798-6:2010 specifies eight entity authentication mechanisms based on manual data transfer between authenticating devices. Four of these mechanisms are improved versions of mechanisms specified in ISO/IEC 9798-6:2005 since they use less user input and achieve more security. Such mechanisms can be appropriate in a variety of circumstances where there is no need for an existing public key infrastructure, shared secret keys or passwords. One such application occurs in personal networks, where the owner of two personal devices capable of wireless communications wishes them to perform an entity authentication procedure as part of the process of preparing them for use in the network. These mechanisms can also be used to support key management functions.
ISO/IEC 9798-6:2010 specifies mechanisms in which entity authentication is achieved by
manually transferring short data strings from one device to the other, or
manually comparing short data strings output by the two devices.
In ISO/IEC 9798-6:2010, the meaning of the term entity authentication is different from the meaning applied in other parts of ISO/IEC 9798. Instead of one device verifying that the other device has a claimed identity (and vice versa), both devices in possession of a user verify that they correctly share a data string with the other device at the time of execution of the mechanism. This data string could contain identifiers (and/or public keys) for one or both of the devices.
|
Published |
2010-12 |
Edition : 2 |
Number of pages : 35 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9979:1991 |
Data cryptographic techniques — Procedures for the registration of cryptographic algorithms |
|
Withdrawn |
1991-12 |
Edition : 1 |
Number of pages : 5 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9979:1999 |
Information technology — Security techniques — Procedures for the registration of cryptographic algorithms |
|
Withdrawn |
1999-03 |
Edition : 2 |
Number of pages : 9 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:1991 |
Information technology — Modes of operation for an n-bit block cipher algorithm |
|
Withdrawn |
1991-09 |
Edition : 1 |
Number of pages : 11 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:1997 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher |
|
Withdrawn |
1997-04 |
Edition : 2 |
Number of pages : 12 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:2006 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher |
ISO/IEC 10116:2006 specifies modes of operation for an n-bit block cipher. These modes provide methods for encrypting and decrypting data where the bit length of the data may exceed the size of the block cipher. The modes specified in ISO/IEC 10116:2006 only provide protection of data confidentiality. Protection of data integrity and requirements for padding the data are not within the scope of ISO/IEC 10116:2006.
ISO/IEC 10116:2006 specifies five modes of operation:
Electronic Codebook (ECB);Cipher Block Chaining (CBC), with optional interleaving;Cipher Feedback (CFB);Output Feedback (OFB); and Counter (CTR).
The Annexes of ISO/IEC 10166:2006 provide object identifiers (according to ISO/IEC 9834) for each mode, a description of the properties of each mode, and diagrams and examples of each mode.
Block ciphers are specified in ISO/IEC 18033-3.
|
Withdrawn |
2006-02 |
Edition : 3 |
Number of pages : 41 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:2006/Cor 1:2008 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher — Technical Corrigendum 1 |
|
Withdrawn |
2008-03 |
Edition : 3 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2008/Cor 1:2009 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques — Technical Corrigendum 1 |
|
Withdrawn |
2009-09 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:2017 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher |
ISO/IEC 10116:2017 data during transmission or in storage). The defined modes only provide protection of data confidentiality. Protection of data integrity is not within the scope of this document. Also, most modes do not protect the confidentiality of message length information.
NOTE 1 Methods for protecting the integrity of data using a block cipher are provided in ISO/IEC 9797-1.
NOTE 2 Methods for simultaneously protecting the confidentiality and integrity of data are provided in ISO/IEC 19772.
ISO/IEC 10116:2017 specifies the modes of operation and gives recommendations for choosing values of parameters (as appropriate).
NOTE 3 The modes of operation specified in this document have been assigned object identifiers in accordance with ISO/IEC 9834. The list of assigned object identifiers is given in Annex A. In applications in which object identifiers are used, the object identifiers specified in Annex A are to be used in preference to any other object identifiers that can exist for the mode concerned.
NOTE 4 Annex B contains comments on the properties of each mode and important security guidance.
|
Published |
2017-07 |
Edition : 4 |
Number of pages : 39 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:2017/Amd 1:2021 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher — Amendment 1: CTR-ACPKM mode of operation |
|
Published |
2021-02 |
Edition : 4 |
Number of pages : 13 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-1:1994 |
Information technology — Security techniques — Hash-functions — Part 1: General |
|
Withdrawn |
1994-10 |
Edition : 1 |
Number of pages : 5 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-1:2000 |
Information technology — Security techniques — Hash-functions — Part 1: General |
|
Withdrawn |
2000-06 |
Edition : 2 |
Number of pages : 7 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-1:2016 |
Information technology — Security techniques — Hash-functions — Part 1: General |
ISO/IEC 10118-1:2016 specifies hash-functions and is therefore applicable to the provision of authentication, integrity and non-repudiation services. Hash-functions map strings of bits of variable (but usually upper bounded) length to fixed-length strings of bits, using a specified algorithm. They can be used for
- reducing a message to a short imprint for input to a digital signature mechanism, and
- committing the user to a given string of bits without revealing this string.
NOTE The hash-functions specified in ISO/IEC 10118 (all parts) do not involve the use of secret keys. However, these hash-functions may be used, in conjunction with secret keys, to build message authentication codes. Message Authentication Codes (MACs) provide data origin authentication as well as message integrity. Techniques for computing a MAC using a hash-function are specified in ISO/IEC 9797‑2 [1].
ISO/IEC 10118-1:2016 contains definitions, symbols, abbreviations and requirements that are common to all the other parts of ISO/IEC 10118. The criteria used to select the algorithms specified in subsequent parts of ISO/IEC 10118 are defined in Annex B of this document.
|
Published |
2016-10 |
Edition : 3 |
Number of pages : 12 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-1:2016/Amd 1:2021 |
Information technology — Security techniques — Hash-functions — Part 1: General — Amendment 1: Padding methods for sponge functions |
|
Published |
2021-03 |
Edition : 3 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:1994 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher algorithm |
|
Withdrawn |
1994-10 |
Edition : 1 |
Number of pages : 7 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:2000 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher |
|
Withdrawn |
2000-12 |
Edition : 2 |
Number of pages : 19 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:2000/Cor 1:2006 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher — Technical Corrigendum 1 |
|
Withdrawn |
2006-10 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:2000/Cor 2:2007 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher — Technical Corrigendum 2 |
|
Withdrawn |
2007-02 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:2010 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher |
ISO/IEC 10118-2:2010 specifies hash-functions which make use of an n-bit block cipher algorithm. They are therefore suitable for an environment in which such an algorithm is already implemented. Block ciphers are specified in ISO/IEC 18033-3.
Four hash-functions are specified. The first provides hash-codes of length less than or equal to n, where n is the block-length of the algorithm used. The second provides hash-codes of length less than or equal to 2n; the third provides hash-codes of length equal to 2n; and the fourth provides hash-codes of length 3n. All four of the hash-functions specified in ISO/IEC 10118-2:2010 conform to the general model specified in ISO/IEC 10118-1.
|
Published |
2010-10 |
Edition : 3 |
Number of pages : 29 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2003 |
Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions |
ISO/IEC 10118-3:2003 specifies dedicated hash-functions, i.e., specially designed hash-functions. The hash-functions in ISO/IEC 10118-3:2003 are based on the iterative use of a round-function.
ISO/IEC 10118-3:2003 specifies seven distinct round-functions, giving rise to distinct dedicated hash-functions. In particular:
the first hash-function (RIPEMD-160) in Clause 7 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 160 bits; the second hash-function (RIPEMD-128) in Clause 8 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 128 bits;the third hash-function (SHA-1) in Clause 9 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 160 bits;the fourth hash-function (SHA-256) in Clause 10 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 256 bits;the fifth hash-function (SHA-512) in Clause 11 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 512 bits;the sixth hash-function (SHA-384) in Clause 12 of ISO/IEC 10118-3:2003 provides hash-codes of a fixed length, 384 bits; andthe seventh hash-function (WHIRLPOOL) in Clause 13 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 512 bits.
For each of these seven dedicated hash-functions, ISO/IEC 10118-3:2003 specifies a padding method, initializing values, parameters, a sequence of functions (which are used in the round-function), constants, and an object identifier; and provides several computation examples.
|
Withdrawn |
2003-05 |
Edition : 2 |
Number of pages : 91 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2004 |
Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions |
ISO/IEC 10118-3:2004 specifies the following seven dedicated hash-functions, i.e. specially-designed hash-functions:
the first hash-function (RIPEMD-160) in Clause 7 provides hash-codes of lengths up to 160 bits; the second hash-function (RIPEMD-128) in Clause 8 provides hash-codes of lengths up to 128 bits; the third hash-function (SHA-1) in Clause 9 provides hash-codes of lengths up to 160 bits;the fourth hash-function (SHA-256) in Clause 10 provides hash-codes of lengths up to 256 bits; the fifth hash-function (SHA-512) in Clause 11 provides hash-codes of lengths up to 512 bits;the sixth hash-function (SHA-384) in Clause 12 provides hash-codes of a fixed length, 384 bits; andthe seventh hash-function (WHIRLPOOL) in Clause 13 provides hash-codes of lengths up to 512 bits.
For each of these dedicated hash-functions, ISO/IEC 10118-3:2004 specifies a round-function that consists of a sequence of sub-functions, a padding method, initializing values, parameters, constants, and an object identifier as normative information, and also specifies several computation examples as informative information.
|
Withdrawn |
2004-03 |
Edition : 3 |
Number of pages : 94 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2004/Amd 1:2006 |
Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions — Amendment 1: Dedicated Hash-Function 8 (SHA-224) |
|
Withdrawn |
2006-02 |
Edition : 3 |
Number of pages : 16 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2004/Cor 1:2011 |
Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions — Technical Corrigendum 1 |
|
Withdrawn |
2011-12 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2018 |
IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions |
This document specifies dedicated hash-functions, i.e. specially designed hash-functions. The hash-functions in this document are based on the iterative use of a round-function. Distinct round-functions are specified, giving rise to distinct dedicated hash-functions.
The use of Dedicated Hash-Functions 1, 2 and 3 in new digital signature implementations is deprecated.
NOTE As a result of their short hash-code length and/or cryptanalytic results, Dedicated Hash-Functions 1, 2 and 3 do not provide a sufficient level of collision resistance for future digital signature applications and they are therefore, only usable for legacy applications. However, for applications where collision resistance is not required, such as in hash-functions as specified in ISO/IEC 9797‑2, or in key derivation functions specified in ISO/IEC 11770‑6, their use is not deprecated.
Numerical examples for dedicated hash-functions specified in this document are given in Annex B as additional information. For information purposes, SHA-3 extendable-output functions are specified in Annex C.
|
Published |
2018-10 |
Edition : 4 |
Number of pages : 398 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-4:1998 |
Information technology — Security techniques — Hash-functions — Part 4: Hash-functions using modular arithmetic |
This part of ISO/IEC 10118 specifies two hash-functions which make use of modular arithmetic. These hash-functions,
which are believed to be collision-resistant, compress messages of arbitrary but limited length to a hash-code
whose length is determined by the length of the prime number used in the reduction-function defined in 7.3. Thus,
the hash-code is easily scaled to the input length of any mechanism (e.g., signature algorithm, identification
scheme).
The hash-functions specified in this part of ISO/IEC 10118, known as MASH-1 and MASH-2 (Modular Arithmetic
Secure Hash) are particularly suitable for environments in which implementations of modular arithmetic of sufficient
length are already available. The two hash-functions differ only in the exponent used in the round-function.
|
Published |
1998-12 |
Edition : 1 |
Number of pages : 23 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-4:1998/Amd 1:2014 |
Information technology — Security techniques — Hash-functions — Part 4: Hash-functions using modular arithmetic — Amendment 1: Object identifiers |
|
Published |
2014-11 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-4:1998/Cor 1:2014 |
Information technology — Security techniques — Hash-functions — Part 4: Hash-functions using modular arithmetic — Technical Corrigendum 1 |
|
Published |
2014-07 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-1:2010 |
Information technology — Security techniques — Key management — Part 1: Framework |
ISO/IEC 11770-1:2010 defines a general model of key management that is independent of the use of any particular cryptographic algorithm. However, certain key distribution mechanisms can depend on particular algorithm properties, for example, properties of asymmetric algorithms.
ISO/IEC 11770-1:2010 contains the material required for a basic understanding of subsequent parts.
Examples of the use of key management mechanisms are included in ISO 11568. If non-repudiation is required for key management, ISO/IEC 13888 is applicable.
ISO/IEC 11770-1:2010 addresses both the automated and manual aspects of key management, including outlines of data elements and sequences of operations that are used to obtain key management services. However it does not specify details of protocol exchanges that might be needed.
As with other security services, key management can only be provided within the context of a defined security policy. The definition of security policies is outside the scope of ISO/IEC 11770.
The fundamental problem is to establish keying material whose origin, integrity, timeliness and (in the case of secret keys) confidentiality can be guaranteed to both direct and indirect users. Key management includes functions such as the generation, storage, distribution, deletion and archiving of keying material in accordance with a security policy (ISO 7498-2).
ISO/IEC 11770-1:2010 has a special relationship to the security frameworks for open systems (ISO/IEC 10181). All the frameworks, including this one, identify the basic concepts and characteristics of mechanisms covering different aspects of security.
|
Published |
2010-12 |
Edition : 2 |
Number of pages : 30 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:1996 |
Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques |
Defines key establishment mechanisms using symmetric cryptographic techniques. Addresses three environments for the establishment of keys: Point-to-Point, Key Distribution Centre (KDC) and Key Translation Centre (KTC). Describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.
|
Withdrawn |
1996-04 |
Edition : 1 |
Number of pages : 17 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:1996/Cor 1:2005 |
Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques — Technical Corrigendum 1 |
|
Withdrawn |
2005-07 |
Edition : 1 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:2008 |
Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques |
ISO/IEC 11770 is concerned with the management of cryptographic keys. ISO/IEC 11770-2:2008 specifies a series of 13 mechanisms for establishing shared secret keys using symmetric cryptography. These mechanisms address three different environments for the establishment of shared secret keys: point-to-point key establishment schemes, mechanisms using a Key Distribution Centre (KDC), and techniques that use a Key Translation Centre (KTC). ISO/IEC 11770-2:2008 describes the content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established. This second edition is a technically revised version of the first edition: Mechanism 12 has been modified to address identified security shortcomings.
|
Withdrawn |
2008-06 |
Edition : 2 |
Number of pages : 27 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:2008/Cor 1:2009 |
Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques — Technical Corrigendum 1 |
|
Withdrawn |
2009-09 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:2018 |
IT Security techniques — Key management — Part 2: Mechanisms using symmetric techniques |
This document defines key establishment mechanisms using symmetric cryptographic techniques.
This document addresses three environments for the establishment of keys: Point-to-Point, Key Distribution Centre (KDC), and Key Translation Centre (KTC). It describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.
This document does not indicate other information which can be contained in the messages or specify other messages such as error messages. The explicit format of messages is not within the scope of this document.
This document does not specify the means to be used to establish initial secret keys; that is, all the mechanisms specified in this document require an entity to share a secret key with at least one other entity (e.g. a TTP). For general guidance on the key lifecycle, see ISO/IEC 11770-1. This document does not explicitly address the issue of inter-domain key management. This document also does not define the implementation of key management mechanisms; products complying with this document are not necessarily compatible.
|
Published |
2018-10 |
Edition : 3 |
Number of pages : 28 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:1999 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques |
|
Withdrawn |
1999-11 |
Edition : 1 |
Number of pages : 35 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2008 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques |
ISO/IEC 11770-3:2008 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals.
Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is the result of a data exchange between the two entities A and B. Neither of them can predetermine the value of the shared secret key.
Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques.
Make an entity's public key available to other entities by key transport. In a public key transport mechanism, the public key of entity A must be transferred to other entities in an authenticated way, but not requiring secrecy.
Some of the mechanisms of ISO/IEC 11770-3:2008 are based on the corresponding authentication mechanisms in ISO/IEC 9798-3.
ISO/IEC 11770-3:2008 does not cover aspects of key management such as
key lifecycle management,
mechanisms to generate or validate asymmetric key pairs,
mechanisms to store, archive, delete, destroy, etc. keys.
While ISO/IEC 11770-3:2008 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means like smart cards, etc.
ISO/IEC 11770-3:2008 does not cover the implementations of the transformations used in the key management mechanisms.
|
Withdrawn |
2008-07 |
Edition : 2 |
Number of pages : 83 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2015 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques |
ISO/IEC 11770-3:2015 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals: a) establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is computed as the result of a data exchange between the two entities A and B. Neither of them should be able to predetermine the value of the shared secret key; b) establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B via key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques; and c) make an entity's public key available to other entities via key transport. In a public key transport mechanism, the public key of entity A shall be transferred to other entities in an authenticated way, but not requiring secrecy.
Some of the mechanisms of ISO/IEC 11770-3:2015 are based on the corresponding authentication mechanisms in ISO/IEC 9798‑3.
ISO/IEC 11770-3:2015 does not cover certain aspects of key management, such as key lifecycle management, mechanisms to generate or validate asymmetric key pairs, and mechanisms to store, archive, delete, destroy, etc. keys.
While ISO/IEC 11770-3:2015 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means such as smart cards, etc.
ISO/IEC 11770-3:2015 does not specify the transformations used in the key management mechanisms.
|
Withdrawn |
2015-08 |
Edition : 3 |
Number of pages : 81 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2015/Amd 1:2017 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques — Amendment 1: Blinded Diffie-Hellman key agreement |
|
Withdrawn |
2017-11 |
Edition : 3 |
Number of pages : 7 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2015/Cor 1:2016 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques — Technical Corrigendum 1 |
|
Withdrawn |
2016-05 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2021 |
Information security — Key management — Part 3: Mechanisms using asymmetric techniques |
This document defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals.
a) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is computed as the result of a data exchange between the two entities A and B. Neither of them is able to predetermine the value of the shared secret key.
b) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B via key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques.
c) Make an entity's public key available to other entities via key transport. In a public key transport mechanism, the public key of entity A is transferred to other entities in an authenticated way, but not requiring secrecy.
Some of the mechanisms of this document are based on the corresponding authentication mechanisms in ISO/IEC 9798‑3.
This document does not cover certain aspects of key management, such as:
— key lifecycle management;
— mechanisms to generate or validate asymmetric key pairs; and
— mechanisms to store, archive, delete, destroy, etc., keys.
While this document does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means such as smart cards, etc.
This document does not specify the transformations used in the key management mechanisms.
NOTE To provide origin authentication for key management messages, it is possible to make provisions for authenticity within the key establishment protocol or to use a public key signature system to sign the key exchange messages.
|
Published |
2021-10 |
Edition : 4 |
Number of pages : 90 |
Technical Committee |
35.030
IT Security
|