| Name |
Description |
Abstract |
Status |
Publication date |
Edition |
Number of pages |
Technical committee |
ICS |
| ISO/IEC 29115:2013 |
Information technology — Security techniques — Entity authentication assurance framework |
ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it:
- specifies four levels of entity authentication assurance;
- specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance;
- provides guidance for mapping other authentication assurance schemes to the four LoAs;
- provides guidance for exchanging the results of authentication that are based on the four LoAs; and
- provides guidance concerning controls that should be used to mitigate authentication threats.
|
Published |
2013-04 |
Edition : 1 |
Number of pages : 36 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29128-1:2023 |
Information security, cybersecurity and privacy protection — Verification of cryptographic protocols — Part 1: Framework |
This document establishes a framework for the verification of cryptographic protocol specifications according to academic and industry best practices.
|
Published |
2023-03 |
Edition : 2 |
Number of pages : 15 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29128:2011 |
Information technology — Security techniques — Verification of cryptographic protocols |
ISO/IEC 29128:2011 establishes a technical base for the security proof of the specification of cryptographic protocols. It specifies design evaluation criteria for these protocols, as well as methods to be applied in a verification process for such protocols. It also provides definitions of different protocol assurance levels consistent with evaluation assurance components in ISO/IEC 15408.
|
Withdrawn |
2011-12 |
Edition : 1 |
Number of pages : 50 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29134:2017 |
Information technology — Security techniques — Guidelines for privacy impact assessment |
ISO/IEC 29134:2017 gives guidelines for
- a process on privacy impact assessments, and
- a structure and content of a PIA report.
It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.
ISO/IEC 29134:2017 is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.
|
Published |
2017-06 |
Edition : 1 |
Number of pages : 43 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29134:2017/DAmd 1 |
Information technology — Security techniques — Guidelines for privacy impact assessment — Amendment 1 |
|
Deleted |
|
Edition : 1 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29134 |
Information technology — Security techniques — Guidelines for privacy impact assessment |
ISO/IEC 29134:2017 gives guidelines for
- a process on privacy impact assessments, and
- a structure and content of a PIA report.
It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.
ISO/IEC 29134:2017 is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.
|
Under development |
|
Edition : 2 |
|
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29146:2016 |
Information technology — Security techniques — A framework for access management |
ISO/IEC 29146:2016 defines and establishes a framework for access management (AM) and the secure management of the process to access information and Information and Communications Technologies (ICT) resources, associated with the accountability of a subject within some context.
This International Standard provides concepts, terms and definitions applicable to distributed access management techniques in network environments.
This International Standard also provides explanations about related architecture, components and management functions.
The subjects involved in access management might be uniquely recognized to access information systems, as defined in ISO/IEC 24760.
The nature and qualities of physical access control involved in access management systems are outside the scope of this International Standard.
|
Published |
2016-06 |
Edition : 1 |
Number of pages : 35 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29146:2016/Amd 1:2022 |
Information technology — Security techniques — A framework for access management — Amendment 1 |
|
Published |
2022-08 |
Edition : 1 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC FDIS 29146 |
Information technology — Security techniques — A framework for access management |
ISO/IEC 29146:2016 defines and establishes a framework for access management (AM) and the secure management of the process to access information and Information and Communications Technologies (ICT) resources, associated with the accountability of a subject within some context.
This International Standard provides concepts, terms and definitions applicable to distributed access management techniques in network environments.
This International Standard also provides explanations about related architecture, components and management functions.
The subjects involved in access management might be uniquely recognized to access information systems, as defined in ISO/IEC 24760.
The nature and qualities of physical access control involved in access management systems are outside the scope of this International Standard.
|
Under development |
|
Edition : 2 |
|
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-1:2000 |
Information technology — Security techniques — Hash-functions — Part 1: General |
|
Withdrawn |
2000-06 |
Edition : 2 |
Number of pages : 7 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29147:2014 |
Information technology — Security techniques — Vulnerability disclosure |
ISO/IEC 29147:2014 gives guidelines for the disclosure of potential vulnerabilities in products and online services. It details the methods a vendor should use to address issues related to vulnerability disclosure. ISO/IEC 29147:2014
provides guidelines for vendors on how to receive information about potential vulnerabilities in their products or online services,
provides guidelines for vendors on how to disseminate resolution information about vulnerabilities in their products or online services,
provides the information items that should be produced through the implementation of a vendor's vulnerability disclosure process, and
provides examples of content that should be included in the information items.
ISO/IEC 29147:2014 is applicable to vendors who respond to external reports of vulnerabilities in their products or online services.
|
Withdrawn |
2014-02 |
Edition : 1 |
Number of pages : 34 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29147:2018 |
Information technology — Security techniques — Vulnerability disclosure |
This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical vulnerability management as specified in ISO/IEC 27002:2013, 12.6.1[1]. Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coordinated vulnerability disclosure is especially important when multiple vendors are affected. This document provides:
— guidelines on receiving reports about potential vulnerabilities;
— guidelines on disclosing vulnerability remediation information;
— terms and definitions that are specific to vulnerability disclosure;
— an overview of vulnerability disclosure concepts;
— techniques and policy considerations for vulnerability disclosure;
— examples of techniques, policies (Annex A), and communications (Annex B).
Other related activities that take place between receiving and disclosing vulnerability reports are described in ISO/IEC 30111.
This document is applicable to vendors who choose to practice vulnerability disclosure to reduce risk to users of vendors' products and services.
|
Published |
2018-10 |
Edition : 2 |
Number of pages : 32 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 29149:2012 |
Information technology — Security techniques — Best practices for the provision and use of time-stamping services |
ISO/IEC TR 29149:2012 explains how to provide and use time-stamping services so that time-stamp tokens are effective when used to provide timeliness, data integrity, and non-repudiation services in conjunction with other mechanisms. It defines:
how time-stamp requesters should use time-stamp token generation services;
how TSAs (time-stamping authorities) should provide a service of guaranteed quality;
how TSAs should deserve trust based on good practices;
which algorithms and parameters should be used in TST (time-stamp token) generation and TST renewal, so that TSTs resist during the time period during which the TSTs can be verified as being valid;
how time-stamp verifiers should use the time-stamp token verification services, both when validating individual TSTs, and when validating sequences of renewal TSTs.
|
Published |
2012-03 |
Edition : 1 |
Number of pages : 21 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29150:2011 |
Information technology — Security techniques — Signcryption |
ISO/IEC 29150:2011 specifies four mechanisms for signcryption that employ public key cryptographic techniques requiring both the originator and the recipient of protected data to have their own public and private key pairs. The methods specified in ISO/IEC 29150:2011 have been designed to maximize the level of security and provide efficient processing of data. All the mechanisms defined have mathematical "proofs of security", i.e. rigorous arguments supporting their security claims.
ISO/IEC 29150:2011 is not applicable to infrastructures for management of public keys which are defined in ISO/IEC 11770-1 and ISO/IEC 9594.
|
Published |
2011-12 |
Edition : 1 |
Number of pages : 53 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29150:2011/Cor 1:2014 |
Information technology — Security techniques — Signcryption — Technical Corrigendum 1 |
|
Published |
2014-03 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29151:2017 |
Information technology — Security techniques — Code of practice for personally identifiable information protection |
ISO/IEC 29151:2017 establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified by a risk and impact assessment related to the protection of personally identifiable information (PII).
In particular, this Recommendation | International Standard specifies guidelines based on ISO/IEC 27002, taking into consideration the requirements for processing PII that may be applicable within the context of an organization's information security risk environment(s).
ISO/IEC 29151:2017 is applicable to all types and sizes of organizations acting as PII controllers (as defined in ISO/IEC 29100), including public and private companies, government entities and not-for-profit organizations that process PII.
|
Published |
2017-08 |
Edition : 1 |
Number of pages : 39 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29184:2020 |
Information technology — Online privacy notices and consent |
This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.
This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.
|
Published |
2020-06 |
Edition : 1 |
Number of pages : 25 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29190:2015 |
Information technology — Security techniques — Privacy capability assessment model |
ISO 29190:2015 provides organizations with high-level guidance about how to assess their capability to manage privacy-related processes.
In particular, it
- specifies steps in assessing processes to determine privacy capability,
- specifies a set of levels for privacy capability assessment,
- provides guidance on the key process areas against which privacy capability can be assessed,
- provides guidance for those implementing process assessment, and
- provides guidance on how to integrate the privacy capability assessment into organizations operations.
|
Published |
2015-08 |
Edition : 1 |
Number of pages : 15 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29191:2012 |
Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication. |
ISO/IEC 29191:2012 provides a framework and establishes requirements for partially anonymous, partially unlinkable authentication.
|
Published |
2012-12 |
Edition : 1 |
Number of pages : 9 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29192-1:2012 |
Information technology — Security techniques — Lightweight cryptography — Part 1: General |
ISO/IEC 29192-1:2012 provides terms and definitions that apply in subsequent parts of ISO/IEC 29192. ISO/IEC 29192-1:2012 sets the security requirements, classification requirements and implementation requirements for mechanisms that are proposed for inclusion in subsequent parts of ISO/IEC 29192.
|
Published |
2012-06 |
Edition : 1 |
Number of pages : 13 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29192-2:2012 |
Information technology — Security techniques — Lightweight cryptography — Part 2: Block ciphers |
ISO/IEC 29192-2:2012 specifies two block ciphers suitable for lightweight cryptography:
a) PRESENT: a lightweight block cipher with a block size of 64 bits and a key size of 80 or 128 bits;
b) CLEFIA: a lightweight block cipher with a block size of 128 bits and a key size of 128, 192 or 256 bits.
|
Withdrawn |
2012-01 |
Edition : 1 |
Number of pages : 41 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29192-2:2019 |
Information security — Lightweight cryptography — Part 2: Block ciphers |
This document specifies three block ciphers suitable for applications requiring lightweight cryptographic implementations:
— PRESENT: a lightweight block cipher with a block size of 64 bits and a key size of 80 or 128 bits;
— CLEFIA: a lightweight block cipher with a block size of 128 bits and a key size of 128, 192 or 256 bits;
— LEA: a lightweight block cipher with a block size of 128 bits and a key size of 128, 192 or 256 bits.
|
Published |
2019-11 |
Edition : 2 |
Number of pages : 56 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29192-3:2012 |
Information technology — Security techniques — Lightweight cryptography — Part 3: Stream ciphers |
ISO/IEC 29192-3:2012 specifies two dedicated keystream generators for lightweight stream ciphers:
Enocoro: a lightweight keystream generator with a key size of 80 or 128 bits;
Trivium: a lightweight keystream generator with a key size of 80 bits.
|
Published |
2012-10 |
Edition : 1 |
Number of pages : 26 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29192-4:2013 |
Information technology — Security techniques — Lightweight cryptography — Part 4: Mechanisms using asymmetric techniques |
ISO/IEC 29192-4:2013 specifies three lightweight mechanisms using asymmetric techniques:
a) a unilateral authentication mechanism based on discrete logarithms on elliptic curves;
b) an authenticated lightweight key exchange (ALIKE) mechanism for unilateral authentication and establishment of a session key;
c) an identity-based signature mechanism.
|
Published |
2013-06 |
Edition : 1 |
Number of pages : 26 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29192-4:2013/Amd 1:2016 |
Information technology — Security techniques — Lightweight cryptography — Part 4: Mechanisms using asymmetric techniques — Amendment 1 |
|
Published |
2016-02 |
Edition : 1 |
Number of pages : 16 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29192-5:2016 |
Information technology — Security techniques — Lightweight cryptography — Part 5: Hash-functions |
ISO/IEC 29192-5:2016 specifies three hash-functions suitable for applications requiring lightweight cryptographic implementations.
- PHOTON: a lightweight hash-function with permutation sizes of 100, 144, 196, 256 and 288 bits computing hash-codes of length 80, 128, 160, 224, and 256 bits, respectively.
- SPONGENT: a lightweight hash-function with permutation sizes of 88, 136, 176, 240 and 272 bits computing hash-codes of length 88, 128, 160, 224, and 256 bits, respectively.
- Lesamnta-LW: a lightweight hash-function with permutation size 384 bits computing a hash-code of length 256 bits.
The requirements for lightweight cryptography are given in ISO/IEC 29192‑1.
|
Published |
2016-08 |
Edition : 1 |
Number of pages : 26 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29192-6:2019 |
Information technology — Lightweight cryptography — Part 6: Message authentication codes (MACs) |
This document specifies MAC algorithms suitable for applications requiring lightweight cryptographic mechanisms. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorized manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key.
The following MAC algorithms are specified in this document:
a) LightMAC;
b) Tsudik's keymode;
c) Chaskey-12.
|
Published |
2019-09 |
Edition : 1 |
Number of pages : 20 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 29192-8:2022 |
Information security — Lightweight cryptography — Part 8: Authenticated encryption |
This document specifies one method for authenticated encryption suitable for applications requiring lightweight cryptographic mechanisms.
This method processes a data string with the following security objectives:
a) data confidentiality, i.e. protection against unauthorized disclosure of data,
b) data integrity, i.e. protection that enables the recipient of data to verify that it has not been modified.
Optionally, this method can provide data origin authentication, i.e. protection that enables the recipient of data to verify the identity of the data originator.
The method specified in this document is based on a lightweight stream cipher, and requires the parties of the protected data to share a secret key for this algorithm. Key management is outside the scope of this document.
NOTE Key management techniques are defined in the ISO/IEC 11770 series.
|
Published |
2022-09 |
Edition : 1 |
Number of pages : 17 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TS 30104:2015 |
Information Technology — Security Techniques — Physical Security Attacks, Mitigation Techniques and Security Requirements |
Physical security mechanisms are employed by cryptographic modules where the protection of the modules sensitive security parameters is desired. ISO/IEC TS 30104:2015 addresses how security assurance can be stated for products where the risk of the security environment requires the support of such mechanisms. This Technical Specification addresses the following topics:
- a survey of physical security attacks directed against different types of hardware embodiments including a description of known physical attacks, ranging from simple attacks that require minimal skill or resources, to complex attacks that require trained, technical people and considerable resources;
- guidance on the principles, best practices and techniques for the design of tamper protection mechanisms and methods for the mitigation of those attacks; and
- guidance on the evaluation or testing of hardware tamper protection mechanisms and references to current standards and test programs that address hardware tamper evaluation and testing.
The information in ISO/IEC TS 30104:2015 is useful for product developers designing hardware security implementations, and testing or evaluation of the final product. The intent is to identify protection methods and attack methods in terms of complexity, cost and risk to the assets being protected. In this way cost effective protection can be produced across a wide range of systems and needs.
|
Published |
2015-05 |
Edition : 1 |
Number of pages : 30 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 30111:2013 |
Information technology — Security techniques — Vulnerability handling processes |
ISO/IEC 30111:2013 gives guidelines for how to process and resolve potential vulnerability information in a product or online service.
ISO/IEC 30111:2013 is applicable to vendors involved in handling vulnerabilities.
|
Withdrawn |
2013-11 |
Edition : 1 |
Number of pages : 12 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 30111:2019 |
Information technology — Security techniques — Vulnerability handling processes |
This document provides requirements and recommendations for how to process and remediate reported potential vulnerabilities in a product or service.
This document is applicable to vendors involved in handling vulnerabilities.
|
Published |
2019-10 |
Edition : 2 |
Number of pages : 13 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 30147:2021 |
Information technology — Internet of things — Methodology for trustworthiness of IoT system/service |
|
Published |
2021-05 |
Edition : 1 |
Number of pages : 31 |
Technical Committee |
35.020
Information technology (IT) in general
;
35.030
IT Security
|
| IWA 17:2014 |
Information and operations security and integrity requirements for lottery and gaming organizations |
IWA 17:2014 covers all types of lottery and gaming organizations, including commercial enterprises, government agencies and non-profit organizations. IWA 17:2014 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented security and integrity system within the context of the organization's overall risks. It specifies the requirements for the implementation of security and integrity controls applicable to the needs of individual organizations, so that the security and integrity management systems can be designed to ensure the selection of adequate and proportionate security and integrity controls that protect assets and give confidence to interested parties.
The requirements set out in IWA 17:2014 are generic and are intended to be applicable to all organizations, regardless of type, size and nature.
|
Withdrawn |
2014-12 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/TR 3242:2022 |
Blockchain and distributed ledger technologies – Use cases |
This document lists use cases that summarise common capabilities and usage patterns for attributes of distributed ledger technologies including the blockchain in order to help standards and technology development. This document includes use cases reflecting a range of industry sectors, processes and specific applications.
This document can inform decision-makers considering or involved in applying these new technologies, including business, academia, government, technical and standards bodies.
|
Published |
2022-10 |
Edition : 1 |
Number of pages : 190 |
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/IEC PRF 4922-1 |
Information security — Secure multiparty computation — Part 1: General |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 5895:2022 |
Cybersecurity — Multi-party coordinated vulnerability disclosure and handling |
This document clarifies and increases the application and implementation of ISO/IEC 30111 and ISO/IEC 29147 in multi-party coordinated vulnerability disclosure (MPCVD) settings, including the evolving commonly adopted practices in this area, by articulating:
— The MPCVD life cycle and application of coordinated vulnerability disclosure (CVD) stages (preparation, receipt, verification, remediation[1] development, release, post-release) in MPCVD settings.
— Stakeholders involved in MPCVD include users, vendors (coordinating, mitigating, and dependent vendors), reporters, and non-vendor coordinators (entities defined in ISO/IEC 29147 and ISO/IEC 30111).
— The exchange of information between stakeholders during the vulnerability handling and disclosure process in a MPCVD settings.
Clarifying the application of ISO/IEC 30111 and ISO/IEC 29147 in MPCVD settings illustrates the benefits of vulnerability disclosure processes.
[1] Remediation is a defined term used in ISO/IEC 30111 and ISO/IEC 29147. This document uses the term "remediation" and verb “remediate” in the context of this definition.
|
Published |
2022-06 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/PRF TR 6039 |
Blockchain and distributed ledger technologies — Identifiers of subjects and objects for the design of blockchain systems |
|
Under development |
2023-06 |
Edition : 1 |
|
Technical Committee |
35.030
IT Security
;
35.240.40
IT applications in banking
;
35.240.99
IT applications in other fields
|
| ISO/IEC PRF TR 6114 |
Cybersecurity – Security considerations throughout the product life cycle |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.030
IT Security
|
| ISO 7064:1983 |
Data processing — Check character systems |
Lays down a set of check characters systems capable of protecting strings against errors occurring when copying or entering data. Defines conformance requirements for products described as generating check characters or checking strings.
|
Withdrawn |
1983-09 |
Edition : 1 |
Number of pages : 13 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 7064:2003 |
Information technology — Security techniques — Check character systems |
ISO/IEC 7064:2002 specifies a set of check character systems capable of protecting strings against errors which occur when people copy or key data. The strings may be of fixed or variable length and may have character sets which are
numeric (10 digits: 0 to 9);alphabetic (26 letters: A to Z);alphanumeric (letters and digits).
Embedded spaces and special characters are ignored.
ISO/IEC 7064:2002 specifies conformance requirements for products described as generating check characters or checking strings using the systems given in this International Standard.
ISO/IEC 7064:2002 is for use in information interchange between organizations; it is also strongly recommended as good practice for internal information systems.
The check character systems specified in ISO/IEC 7064:2002 can detect:
all single substitution errors (the substitution of a single character for another, for example 4234 for 1234);all or nearly all single (local) transposition errors (the transposition of two single characters, either adjacent or with one character between them, for example 12354 or 12543 for 12345);all or nearly all shift errors (shifts of the whole string to the left or right);a high proportion of double substitution errors (two separate single substitution errors in the same string, for example 7234587 for 1234567);a high proportion of all other errors.
ISO/IEC 7064:2002 excludes systems designed specifically to:
permit both error detection and automatic correction;detect deliberate falsification;check strings interchanged solely between machines.
ISO/IEC 7064:2002 specifies two types of systems:
pure systems;hybrid systems.
The pure systems use a single modulus for all stages of the calculation.
|
Published |
2003-02 |
Edition : 1 |
Number of pages : 13 |
Technical Committee |
35.030
IT Security
|
| ISO 8372:1987 |
Information processing — Modes of operation for a 64-bit block cipher algorithm |
Defines four modes for any 64-bit block cipher algorithm using a secret key for applications such as data transmission, data storage authentication. Defines the formation of the starting variable and the values of parameters. Reference: ANSI X3.92-1981.
|
Withdrawn |
1987-07 |
Edition : 1 |
Number of pages : 6 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC DTS 9569 |
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Patch Management Extension for the ISO/IEC 15408 series and ISO/IEC 18045 |
This document specifies an extension for the ISO/IEC 15408 series and ISO/IEC 18045 to specify patch management requirements.
The document focuses on the initial TOE. The security assurance requirements specified in this document do not include evaluation or test activities on the final TOE, but on the initial TOE and on the life cycle processes used by manufacturers. Additionally, this document gives guidance to facilitate the evaluation of the TOE including the patch and development processes which support the patch management.
This document lists options for evaluation authorities (or mutual recognition agreements) on how to utilize the additional assurance and additional evidence in their processes to enable the developer to consistently re-certify their updated or patched TOEs to the benefit of the users of these TOEs. The implementation of these options by an evaluation scheme is out of the scope of this document.
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-2:1997 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Mechanisms using a hash-function |
|
Withdrawn |
1997-08 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2008/Cor 1:2009 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques — Technical Corrigendum 1 |
|
Withdrawn |
2009-09 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO 14520-8:2000 |
Gaseous fire-extinguishing systems — Physical properties and system design — Part 8: HFC 125 extinguishant |
|
Withdrawn |
2000-08 |
Edition : 1 |
Number of pages : 5 |
Technical Committee |
13.220.10
Fire-fighting
|
| ISO/IEC 9796-2:2002 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms |
ISO/IEC 9796-2:2002 specifies three digital signature schemes giving message recovery, two of which are deterministic (non-randomized) and one of which is randomized. The security of all three schemes is based on the difficulty of factorizing large numbers. All three schemes can provide either total or partial message recovery.
The method for key production for the three signature schemes is specified in this part of ISO/IEC 9796. However, techniques for key management and for random number generation (as required for the randomized signature scheme), are outside the scope of this part of ISO/IEC 9796.
Users of this International Standard are, wherever possible, recommended to adopt the second mechanism (Digital signature scheme 2). However, in environments where generation of random variables by the signer is deemed infeasible, then Digital signature scheme 3 is recommended. Digital signature scheme 1 shall only be used in environments where compatibility is required with systems implementing the first edition of this International Standard. However, Digital signature scheme 1 is only compatible with systems implementing the first edition of this International Standard that use hash-codes of at least 160 bits.
|
Withdrawn |
2002-10 |
Edition : 2 |
Number of pages : 47 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-2:2002/Amd 1:2008 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms — Amendment 1 |
|
Withdrawn |
2008-01 |
Edition : 2 |
Number of pages : 4 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-2:2010 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 2: Integer factorization based mechanisms |
ISO/IEC 9796-2:2010 specifies three digital signature schemes giving message recovery, two of which are deterministic (non-randomized) and one of which is randomized. The security of all three schemes is based on the difficulty of factorizing large numbers. All three schemes can provide either total or partial message recovery.
ISO/IEC 9796-2:2010 specifies the method for key production for the three signature schemes. However, techniques for key management and for random number generation (as required for the randomized signature scheme), are outside the scope of ISO/IEC 9796-2:2010.
The first mechanism specified in ISO/IEC 9796-2:2010 is only applicable for existing implementations, and is retained for reasons of backward compatibility.
|
Published |
2010-12 |
Edition : 3 |
Number of pages : 54 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-3:2000 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms |
|
Withdrawn |
2000-04 |
Edition : 1 |
Number of pages : 25 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796-3:2006 |
Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms |
A digital signature in electronic exchange of information provides the same kind of facilities that are expected from a handwritten signature in paper-based mail. Hence it is applicable to providing entity authentication, data origin authentication, non-repudiation, and integrity of data.
ISO/IEC 9796-3:2006 specifies digital signature mechanisms giving partial or total message recovery aiming at reducing storage and transmission overhead.
ISO/IEC 9796-3:2006 specifies mechanisms based on the discrete logarithm problem of a finite field or an elliptic curve over a finite field.
ISO/IEC 9796-3:2006 defines types of redundancy: natural redundancy, added redundancy, or both.
ISO/IEC 9796-3:2006 gives the general model for digital signatures giving partial or total message recovery aiming at reducing storage and transmission overhead.
ISO/IEC 9796-3:2006 specifies six digital signature schemes giving data recovery: NR, ECNR, ECMR, ECAO, ECPV, and ECKNR. NR is defined on a prime field; ECNR, ECMR, ECAO, ECPV, and ECKNR are defined on an elliptic curve over a finite field.
|
Published |
2006-09 |
Edition : 2 |
Number of pages : 69 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9796:1991 |
Information technology — Security techniques — Digital signature scheme giving message recovery |
|
Withdrawn |
1991-09 |
Edition : 1 |
Number of pages : 12 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-1:1999 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher |
|
Withdrawn |
1999-12 |
Edition : 1 |
Number of pages : 16 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-1:2011 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher |
ISO/IEC 9797-1:2011 specifies six MAC algorithms that use a secret key and an n-bit block cipher to calculate an m-bit MAC.
ISO/IEC 9797-1:2011 can be applied to the security services of any security architecture, process, or application.
Key management mechanisms are outside the scope of ISO/IEC 9797-1:2011.
ISO/IEC 9797-1:2011 specifies object identifiers that can be used to identify each mechanism in accordance with ISO/IEC 8825-1. Numerical examples and a security analysis of each of the six specified algorithms are provided, and the relationship of ISO/IEC 9797-1:2011 to previous standards is explained.
|
Published |
2011-03 |
Edition : 2 |
Number of pages : 40 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-1:2011/DAmd 1 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher — Amendment 1 |
|
Under development |
|
Edition : 2 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-2:2002 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function |
ISO/IEC 9797-2:2002 specifies three MAC algorithms that use a secret key and a hash-function (or its round-function) with an n-bit result to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorised manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key. The strength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the length (in bits) n of a hash-code produced by the hash-function, on the strength of the hash-function, on the length (in bits) m of the MAC, and on the specific mechanism.
The three mechanisms specified in ISO/IEC 9797-2:2002 are based on the dedicated hash-functions specified in ISO/IEC 10118-3. The first mechanism specified in ISO/IEC 9797-2:2002 is commonly known as MDx-MAC. It calls the complete hash-function once, but it makes a small modification to the round-function by adding a key to the additive constants in the round-function. The second mechanism specified in ISO/IEC 9797-2:2002 is commonly known as HMAC. It calls the complete hash-function twice. The third mechanism specified in ISO/IEC 9797-2:2002 is a variant of MDx-MAC that takes as input only short strings (at most 256 bits). It offers a higher performance for applications that work with short input strings only.
ISO/IEC 9797-2:2002 can be applied to the security services of any security architecture, process, or application.
|
Withdrawn |
2002-06 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-2:2011 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function |
Message Authentication Code (MAC) algorithms are data integrity mechanisms that compute a short string (the Message Authentication Code or MAC) as a complex function of every bit of the data and of a secret key. Their main security property is unforgeability: someone who does not know the secret key should not be able to predict the MAC on any new data string.
MAC algorithms can be used to provide data integrity. Their purpose is the detection of any unauthorized modification of the data such as deletion, insertion, or transportation of items within data. This includes both malicious and accidental modifications. MAC algorithms can also provide data origin authentication. This means that they can provide assurance that a message has been originated by an entity in possession of a specific secret key.
ISO/IEC 9797-2:2011 specifies three MAC algorithms that are based on a dedicated hash-function (selected from ISO/IEC 10118-3).
ISO/IEC 9797-2:2011 specifies three MAC algorithms that use a secret key and a hash-function (or its round-function) with an n-bit result to calculate an m-bit MAC.
The strength of the data integrity mechanism and message authentication mechanism is dependent on the length (in bits) k and secrecy of the key, on the length (in bits) n of the hash-function and its strength, on the length (in bits) m of the MAC, and on the specific mechanism.
The first mechanism specified in ISO/IEC 9797-2:2011 is commonly known as MDx-MAC. It calls the complete hash-function once, but it makes a small modification to the round-function by adding a key to the additive constants in the round-function. The second mechanism specified in ISO/IEC 9797-2:2011 is commonly known as HMAC. It calls the complete hash-function twice. The third mechanism specified in ISO/IEC 9797-2:2011 is a variant of MDx-MAC that takes as input only short strings (at most 256 bits). It offers a higher performance for applications that work with short input strings only.
|
Withdrawn |
2011-05 |
Edition : 2 |
Number of pages : 39 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-2:2021 |
Information security — Message authentication codes (MACs) — Part 2: Mechanisms using a dedicated hash-function |
This document specifies MAC algorithms that use a secret key and a hash-function (or its round-function or sponge function) to calculate an m-bit MAC. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorized manner.
NOTE A general framework for the provision of integrity services is specified in ISO/IEC 10181‑6.
|
Published |
2021-06 |
Edition : 3 |
Number of pages : 52 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-3:2011 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 3: Mechanisms using a universal hash-function |
ISO/IEC 9797-3:2011 specifies the following Message Authentication Code (MAC) algorithms that use a secret key and a universal hash-function with an n-bit result to calculate an m-bit MAC based on the block ciphers specified in ISO/IEC 18033-3 and the stream ciphers specified in ISO/IEC 18033-4:
UMAC;
Badger;
Poly1305-AES;
GMAC.
|
Published |
2011-11 |
Edition : 1 |
Number of pages : 25 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797-3:2011/Amd 1:2020 |
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 3: Mechanisms using a universal hash-function — Amendment 1 |
|
Published |
2020-02 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797:1989 |
Data cryptographic techniques — Data integrity mechanism using a cryptographic check function employing a block cipher algorithm |
|
Withdrawn |
1989-11 |
Edition : 1 |
Number of pages : 3 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9797:1994 |
Information technology — Security techniques — Data integrity mechanism using a cryptographic check function employing a block cipher algorithm |
|
Withdrawn |
1994-04 |
Edition : 2 |
Number of pages : 8 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-1:1991 |
Information technology — Security techniques — Entity authentication mechanisms — Part 1: General model |
|
Withdrawn |
1991-08 |
Edition : 1 |
Number of pages : 4 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-1:1997 |
Information technology — Security techniques — Entity authentication — Part 1: General |
|
Withdrawn |
1997-07 |
Edition : 2 |
Number of pages : 9 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-1:2010 |
Information technology — Security techniques — Entity authentication — Part 1: General |
ISO/IEC 9798-1:2010 specifies an authentication model and general requirements and constraints for entity authentication mechanisms which use security techniques. These mechanisms are used to corroborate that an entity is the one that is claimed. An entity to be authenticated proves its identity by showing its knowledge of a secret. The mechanisms are defined as exchanges of information between entities and, where required, exchanges with a trusted third party.
The details of the mechanisms and the contents of the authentication exchanges are given in subsequent parts of ISO/IEC 9798.
|
Published |
2010-07 |
Edition : 3 |
Number of pages : 11 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2008 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms |
ISO/IEC 9798-2:2008 specifies entity authentication mechanisms using symmetric encipherment algorithms. Four of the mechanisms provide entity authentication between two entities where no trusted third party is involved; two of these are mechanisms to unilaterally authenticate one entity to another, while the other two are mechanisms for mutual authentication of two entities. The remaining mechanisms require a trusted third party for the establishment of a common secret key, and realize mutual or unilateral entity authentication.
The mechanisms specified in ISO/IEC 9798-2:2008 use time variant parameters such as time stamps, sequence numbers, or random numbers to prevent valid authentication information from being accepted at a later time or more than once.
If no trusted third party is involved and a time stamp or sequence number is used, one pass is needed for unilateral authentication, while two passes are needed to achieve mutual authentication. If no trusted third party is involved and a challenge and response method employing random numbers is used, two passes are needed for unilateral authentication, while three passes are required to achieve mutual authentication. If a trusted third party is involved, any additional communication between an entity and the trusted third party requires two extra passes in the communication exchange.
|
Withdrawn |
2008-12 |
Edition : 3 |
Number of pages : 16 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2008/Cor 1:2010 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms — Technical Corrigendum 1 |
|
Withdrawn |
2010-02 |
Edition : 3 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2008/Cor 2:2012 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms — Technical Corrigendum 2 |
|
Withdrawn |
2012-03 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2008/Cor 3:2013 |
Information technology — Security techniques — Entity authentication — Part 2: Mechanisms using symmetric encipherment algorithms — Technical Corrigendum 3 |
|
Withdrawn |
2013-02 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-2:2019 |
IT Security techniques — Entity authentication — Part 2: Mechanisms using authenticated encryption |
This document specifies entity authentication mechanisms using authenticated encryption algorithms. Four of the mechanisms provide entity authentication between two entities where no trusted third party is involved; two of these are mechanisms to unilaterally authenticate one entity to another, while the other two are mechanisms for mutual authentication of two entities. The remaining mechanisms require an on-line trusted third party for the establishment of a common secret key. They also realize mutual or unilateral entity authentication.
Annex A defines Object Identifiers for the mechanisms specified in this document.
|
Published |
2019-06 |
Edition : 4 |
Number of pages : 15 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-3:1993 |
Information technology — Security techniques — Entity authentication mechanisms — Part 3: Entity authentication using a public key algorithm |
|
Withdrawn |
1993-11 |
Edition : 1 |
Number of pages : 9 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-3:1998 |
Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques |
|
Withdrawn |
1998-10 |
Edition : 2 |
Number of pages : 6 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-3:1998/Amd 1:2010 |
Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques — Amendment 1: . |
|
Withdrawn |
2010-06 |
Edition : 2 |
Number of pages : 8 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-3:1998/Cor 1:2009 |
Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques — Technical Corrigendum 1 |
|
Withdrawn |
2009-09 |
Edition : 2 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-3:1998/Cor 2:2012 |
Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques — Technical Corrigendum 2 |
|
Withdrawn |
2012-03 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-3:2019 |
IT Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques |
This document specifies entity authentication mechanisms using digital signatures based on asymmetric techniques. A digital signature is used to verify the identity of an entity.
Ten mechanisms are specified in this document. The first five mechanisms do not involve an on-line trusted third party and the last five make use of on-line trusted third parties. In both of these two categories, two mechanisms achieve unilateral authentication and the remaining three achieve mutual authentication.
Annex A defines the object identifiers assigned to the entity authentication mechanisms specified in this document.
|
Published |
2019-01 |
Edition : 3 |
Number of pages : 25 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-4:1999 |
Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function |
This part of ISO/IEC 9798 specifies entity authentication mechanisms using a cryptographic check function. Two
mechanisms are concerned with the authentication of a single entity (unilateral authentication), while the remaining
are mechanisms for mutual authentication of two entities.
The mechanisms specified in this part of ISO/IEC 9798 use time variant parameters such as time stamps,
sequence numbers, or random numbers, to prevent valid authentication information from being accepted at a later
time or more than once.
If a time stamp or sequence number is used, one pass is needed for unilateral authentication, while two passes are
needed to achieve mutual authentication. If a challenge and response method employing random numbers is
used, two passes are needed for unilateral authentication, while three passes are required to achieve mutual
authentication.
Examples of cryptographic check functions are given in ISO/IEC 9797.
|
Published |
1999-12 |
Edition : 2 |
Number of pages : 7 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-4:1999/Cor 1:2009 |
Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function — Technical Corrigendum 1 |
|
Published |
2009-09 |
Edition : 2 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-4:1999/Cor 2:2012 |
Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function — Technical Corrigendum 2 |
|
Published |
2012-07 |
Edition : 2 |
Number of pages : 3 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-5:1999 |
Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero knowledge techniques |
|
Withdrawn |
1999-03 |
Edition : 1 |
Number of pages : 29 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-5:2004 |
Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques |
ISO/IEC 9798-5:2004 specifies authentication mechanisms in the form of exchange of information between a claimant and a verifier.
In accordance with the types of calculations that need to be performed by a claimant and the verifier (see Annex C), the mechanisms specified in ISO/IEC 9798-5:2004 can be classified into four main groups.
The first group is characterized by the performance of short modular exponentiations. The challenge size needs to be optimized since it has a proportional impact on workloads.The second group is characterized by the possibility of a "coupon" strategy for the claimant. A verifier can authenticate a claimant without computational power. The challenge size has no impact on workloads.The third group is characterized by the possibility of a "coupon" strategy for the verifier. A verifier without computational power can authenticate a claimant. The challenge size has no impact on workloads.The fourth group has no possibility of a "coupon" strategy.
|
Withdrawn |
2004-12 |
Edition : 2 |
Number of pages : 50 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-5:2009 |
Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques |
ISO/IEC 9798-5:2009 specifies entity authentication mechanisms using zero-knowledge techniques:
mechanisms based on identities and providing unilateral authentication;
mechanisms based on integer factorization and providing unilateral authentication;
mechanisms based on discrete logarithms with respect to numbers that are either prime or composite, and providing unilateral authentication;
mechanisms based on asymmetric encryption systems and providing either unilateral authentication, or mutual authentication;
mechanisms based on discrete logarithms on elliptic curves and providing unilateral authentication.
These mechanisms are constructed using the principles of zero-knowledge techniques, but they are not necessarily zero-knowledge according to the strict definition for every choice of parameters.
|
Published |
2009-12 |
Edition : 3 |
Number of pages : 53 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-6:2005 |
Information technology — Security techniques — Entity authentication — Part 6: Mechanisms using manual data transfer |
ISO/IEC 9798-6:2005 specifies four entity authentication mechanisms based on manual data transfer between authenticating devices. Such mechanisms may be appropriate in a variety of circumstances. One such application occurs in Personal Area Networks, where the owner of two personal devices capable of wireless communications wishes them to perform an entity authentication procedure as part of the process of preparing them for use in the network. These mechanisms may also be used to support key management functions.
ISO/IEC 9798-6:2005 specifies mechanisms in which entity authentication is achieved by
manually transferring short data strings from one device to the other, ormanually comparing short data strings output by the two devices.
In ISO/IEC 9798-6:2005, the meaning of the term entity authentication is different to the meaning applied in other parts of ISO/IEC 9798. Instead of one device verifying that the other device has a claimed identity (and vice versa), both devices in possession of a user verify that they correctly share a data string with the other device at the time of execution of the mechanism. Of course, this data string could contain identifiers for one or both of the devices.
|
Withdrawn |
2005-08 |
Edition : 1 |
Number of pages : 20 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-6:2005/Cor 1:2009 |
Information technology — Security techniques — Entity authentication — Part 6: Mechanisms using manual data transfer — Technical Corrigendum 1 |
|
Withdrawn |
2009-09 |
Edition : 1 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9798-6:2010 |
Information technology — Security techniques — Entity authentication — Part 6: Mechanisms using manual data transfer |
ISO/IEC 9798-6:2010 specifies eight entity authentication mechanisms based on manual data transfer between authenticating devices. Four of these mechanisms are improved versions of mechanisms specified in ISO/IEC 9798-6:2005 since they use less user input and achieve more security. Such mechanisms can be appropriate in a variety of circumstances where there is no need for an existing public key infrastructure, shared secret keys or passwords. One such application occurs in personal networks, where the owner of two personal devices capable of wireless communications wishes them to perform an entity authentication procedure as part of the process of preparing them for use in the network. These mechanisms can also be used to support key management functions.
ISO/IEC 9798-6:2010 specifies mechanisms in which entity authentication is achieved by
manually transferring short data strings from one device to the other, or
manually comparing short data strings output by the two devices.
In ISO/IEC 9798-6:2010, the meaning of the term entity authentication is different from the meaning applied in other parts of ISO/IEC 9798. Instead of one device verifying that the other device has a claimed identity (and vice versa), both devices in possession of a user verify that they correctly share a data string with the other device at the time of execution of the mechanism. This data string could contain identifiers (and/or public keys) for one or both of the devices.
|
Published |
2010-12 |
Edition : 2 |
Number of pages : 35 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9979:1991 |
Data cryptographic techniques — Procedures for the registration of cryptographic algorithms |
|
Withdrawn |
1991-12 |
Edition : 1 |
Number of pages : 5 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 9979:1999 |
Information technology — Security techniques — Procedures for the registration of cryptographic algorithms |
|
Withdrawn |
1999-03 |
Edition : 2 |
Number of pages : 9 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:1991 |
Information technology — Modes of operation for an n-bit block cipher algorithm |
|
Withdrawn |
1991-09 |
Edition : 1 |
Number of pages : 11 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:1997 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher |
|
Withdrawn |
1997-04 |
Edition : 2 |
Number of pages : 12 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:2006 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher |
ISO/IEC 10116:2006 specifies modes of operation for an n-bit block cipher. These modes provide methods for encrypting and decrypting data where the bit length of the data may exceed the size of the block cipher. The modes specified in ISO/IEC 10116:2006 only provide protection of data confidentiality. Protection of data integrity and requirements for padding the data are not within the scope of ISO/IEC 10116:2006.
ISO/IEC 10116:2006 specifies five modes of operation:
Electronic Codebook (ECB);Cipher Block Chaining (CBC), with optional interleaving;Cipher Feedback (CFB);Output Feedback (OFB); and Counter (CTR).
The Annexes of ISO/IEC 10166:2006 provide object identifiers (according to ISO/IEC 9834) for each mode, a description of the properties of each mode, and diagrams and examples of each mode.
Block ciphers are specified in ISO/IEC 18033-3.
|
Withdrawn |
2006-02 |
Edition : 3 |
Number of pages : 41 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:2006/Cor 1:2008 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher — Technical Corrigendum 1 |
|
Withdrawn |
2008-03 |
Edition : 3 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:2017 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher |
ISO/IEC 10116:2017 data during transmission or in storage). The defined modes only provide protection of data confidentiality. Protection of data integrity is not within the scope of this document. Also, most modes do not protect the confidentiality of message length information.
NOTE 1 Methods for protecting the integrity of data using a block cipher are provided in ISO/IEC 9797-1.
NOTE 2 Methods for simultaneously protecting the confidentiality and integrity of data are provided in ISO/IEC 19772.
ISO/IEC 10116:2017 specifies the modes of operation and gives recommendations for choosing values of parameters (as appropriate).
NOTE 3 The modes of operation specified in this document have been assigned object identifiers in accordance with ISO/IEC 9834. The list of assigned object identifiers is given in Annex A. In applications in which object identifiers are used, the object identifiers specified in Annex A are to be used in preference to any other object identifiers that can exist for the mode concerned.
NOTE 4 Annex B contains comments on the properties of each mode and important security guidance.
|
Published |
2017-07 |
Edition : 4 |
Number of pages : 39 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10116:2017/Amd 1:2021 |
Information technology — Security techniques — Modes of operation for an n-bit block cipher — Amendment 1: CTR-ACPKM mode of operation |
|
Published |
2021-02 |
Edition : 4 |
Number of pages : 13 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-1:1994 |
Information technology — Security techniques — Hash-functions — Part 1: General |
|
Withdrawn |
1994-10 |
Edition : 1 |
Number of pages : 5 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-1:2016 |
Information technology — Security techniques — Hash-functions — Part 1: General |
ISO/IEC 10118-1:2016 specifies hash-functions and is therefore applicable to the provision of authentication, integrity and non-repudiation services. Hash-functions map strings of bits of variable (but usually upper bounded) length to fixed-length strings of bits, using a specified algorithm. They can be used for
- reducing a message to a short imprint for input to a digital signature mechanism, and
- committing the user to a given string of bits without revealing this string.
NOTE The hash-functions specified in ISO/IEC 10118 (all parts) do not involve the use of secret keys. However, these hash-functions may be used, in conjunction with secret keys, to build message authentication codes. Message Authentication Codes (MACs) provide data origin authentication as well as message integrity. Techniques for computing a MAC using a hash-function are specified in ISO/IEC 9797‑2 [1].
ISO/IEC 10118-1:2016 contains definitions, symbols, abbreviations and requirements that are common to all the other parts of ISO/IEC 10118. The criteria used to select the algorithms specified in subsequent parts of ISO/IEC 10118 are defined in Annex B of this document.
|
Published |
2016-10 |
Edition : 3 |
Number of pages : 12 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-1:2016/Amd 1:2021 |
Information technology — Security techniques — Hash-functions — Part 1: General — Amendment 1: Padding methods for sponge functions |
|
Published |
2021-03 |
Edition : 3 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:1994 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher algorithm |
|
Withdrawn |
1994-10 |
Edition : 1 |
Number of pages : 7 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:2000 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher |
|
Withdrawn |
2000-12 |
Edition : 2 |
Number of pages : 19 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:2000/Cor 1:2006 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher — Technical Corrigendum 1 |
|
Withdrawn |
2006-10 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:2000/Cor 2:2007 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher — Technical Corrigendum 2 |
|
Withdrawn |
2007-02 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-2:2010 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher |
ISO/IEC 10118-2:2010 specifies hash-functions which make use of an n-bit block cipher algorithm. They are therefore suitable for an environment in which such an algorithm is already implemented. Block ciphers are specified in ISO/IEC 18033-3.
Four hash-functions are specified. The first provides hash-codes of length less than or equal to n, where n is the block-length of the algorithm used. The second provides hash-codes of length less than or equal to 2n; the third provides hash-codes of length equal to 2n; and the fourth provides hash-codes of length 3n. All four of the hash-functions specified in ISO/IEC 10118-2:2010 conform to the general model specified in ISO/IEC 10118-1.
|
Published |
2010-10 |
Edition : 3 |
Number of pages : 29 |
Technical Committee |
35.030
IT Security
|