| Name |
Description |
Abstract |
Status |
Publication date |
Edition |
Number of pages |
Technical committee |
ICS |
| ISO/IEC 10118-2:2010/Cor 1:2011 |
Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher — Technical Corrigendum 1 |
|
Published |
2011-12 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:1998 |
Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions |
|
Withdrawn |
1998-05 |
Edition : 1 |
Number of pages : 43 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2003 |
Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions |
ISO/IEC 10118-3:2003 specifies dedicated hash-functions, i.e., specially designed hash-functions. The hash-functions in ISO/IEC 10118-3:2003 are based on the iterative use of a round-function.
ISO/IEC 10118-3:2003 specifies seven distinct round-functions, giving rise to distinct dedicated hash-functions. In particular:
the first hash-function (RIPEMD-160) in Clause 7 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 160 bits; the second hash-function (RIPEMD-128) in Clause 8 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 128 bits;the third hash-function (SHA-1) in Clause 9 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 160 bits;the fourth hash-function (SHA-256) in Clause 10 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 256 bits;the fifth hash-function (SHA-512) in Clause 11 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 512 bits;the sixth hash-function (SHA-384) in Clause 12 of ISO/IEC 10118-3:2003 provides hash-codes of a fixed length, 384 bits; andthe seventh hash-function (WHIRLPOOL) in Clause 13 of ISO/IEC 10118-3:2003 provides hash-codes of lengths up to 512 bits.
For each of these seven dedicated hash-functions, ISO/IEC 10118-3:2003 specifies a padding method, initializing values, parameters, a sequence of functions (which are used in the round-function), constants, and an object identifier; and provides several computation examples.
|
Withdrawn |
2003-05 |
Edition : 2 |
Number of pages : 91 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2004 |
Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions |
ISO/IEC 10118-3:2004 specifies the following seven dedicated hash-functions, i.e. specially-designed hash-functions:
the first hash-function (RIPEMD-160) in Clause 7 provides hash-codes of lengths up to 160 bits; the second hash-function (RIPEMD-128) in Clause 8 provides hash-codes of lengths up to 128 bits; the third hash-function (SHA-1) in Clause 9 provides hash-codes of lengths up to 160 bits;the fourth hash-function (SHA-256) in Clause 10 provides hash-codes of lengths up to 256 bits; the fifth hash-function (SHA-512) in Clause 11 provides hash-codes of lengths up to 512 bits;the sixth hash-function (SHA-384) in Clause 12 provides hash-codes of a fixed length, 384 bits; andthe seventh hash-function (WHIRLPOOL) in Clause 13 provides hash-codes of lengths up to 512 bits.
For each of these dedicated hash-functions, ISO/IEC 10118-3:2004 specifies a round-function that consists of a sequence of sub-functions, a padding method, initializing values, parameters, constants, and an object identifier as normative information, and also specifies several computation examples as informative information.
|
Withdrawn |
2004-03 |
Edition : 3 |
Number of pages : 94 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2004/Amd 1:2006 |
Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions — Amendment 1: Dedicated Hash-Function 8 (SHA-224) |
|
Withdrawn |
2006-02 |
Edition : 3 |
Number of pages : 16 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2004/Cor 1:2011 |
Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash-functions — Technical Corrigendum 1 |
|
Withdrawn |
2011-12 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-3:2018 |
IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions |
This document specifies dedicated hash-functions, i.e. specially designed hash-functions. The hash-functions in this document are based on the iterative use of a round-function. Distinct round-functions are specified, giving rise to distinct dedicated hash-functions.
The use of Dedicated Hash-Functions 1, 2 and 3 in new digital signature implementations is deprecated.
NOTE As a result of their short hash-code length and/or cryptanalytic results, Dedicated Hash-Functions 1, 2 and 3 do not provide a sufficient level of collision resistance for future digital signature applications and they are therefore, only usable for legacy applications. However, for applications where collision resistance is not required, such as in hash-functions as specified in ISO/IEC 9797‑2, or in key derivation functions specified in ISO/IEC 11770‑6, their use is not deprecated.
Numerical examples for dedicated hash-functions specified in this document are given in Annex B as additional information. For information purposes, SHA-3 extendable-output functions are specified in Annex C.
|
Published |
2018-10 |
Edition : 4 |
Number of pages : 398 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-4:1998 |
Information technology — Security techniques — Hash-functions — Part 4: Hash-functions using modular arithmetic |
This part of ISO/IEC 10118 specifies two hash-functions which make use of modular arithmetic. These hash-functions,
which are believed to be collision-resistant, compress messages of arbitrary but limited length to a hash-code
whose length is determined by the length of the prime number used in the reduction-function defined in 7.3. Thus,
the hash-code is easily scaled to the input length of any mechanism (e.g., signature algorithm, identification
scheme).
The hash-functions specified in this part of ISO/IEC 10118, known as MASH-1 and MASH-2 (Modular Arithmetic
Secure Hash) are particularly suitable for environments in which implementations of modular arithmetic of sufficient
length are already available. The two hash-functions differ only in the exponent used in the round-function.
|
Published |
1998-12 |
Edition : 1 |
Number of pages : 23 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-4:1998/Amd 1:2014 |
Information technology — Security techniques — Hash-functions — Part 4: Hash-functions using modular arithmetic — Amendment 1: Object identifiers |
|
Published |
2014-11 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 10118-4:1998/Cor 1:2014 |
Information technology — Security techniques — Hash-functions — Part 4: Hash-functions using modular arithmetic — Technical Corrigendum 1 |
|
Published |
2014-07 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-1:1996 |
Information technology — Security techniques — Key management — Part 1: Framework |
Defines a general model of key management that is independent of the use of any particular cryptographic algorithm. Identifies the objective of key management, basic concepts and key management services.
|
Withdrawn |
1996-12 |
Edition : 1 |
Number of pages : 21 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-4:2017/Amd 1:2019 |
Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets — Amendment 1: Unbalanced Password-Authenticated Key Agreement with Identity-Based Cryptosystems (UPAKA-IBC) |
|
Published |
2019-09 |
Edition : 2 |
Number of pages : 15 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-4:2017/Amd 2:2021 |
Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets — Amendment 2: Leakage-resilient password-authenticated key agreement with additional stored secrets |
|
Published |
2021-02 |
Edition : 2 |
Number of pages : 39 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-1:2010 |
Information technology — Security techniques — Key management — Part 1: Framework |
ISO/IEC 11770-1:2010 defines a general model of key management that is independent of the use of any particular cryptographic algorithm. However, certain key distribution mechanisms can depend on particular algorithm properties, for example, properties of asymmetric algorithms.
ISO/IEC 11770-1:2010 contains the material required for a basic understanding of subsequent parts.
Examples of the use of key management mechanisms are included in ISO 11568. If non-repudiation is required for key management, ISO/IEC 13888 is applicable.
ISO/IEC 11770-1:2010 addresses both the automated and manual aspects of key management, including outlines of data elements and sequences of operations that are used to obtain key management services. However it does not specify details of protocol exchanges that might be needed.
As with other security services, key management can only be provided within the context of a defined security policy. The definition of security policies is outside the scope of ISO/IEC 11770.
The fundamental problem is to establish keying material whose origin, integrity, timeliness and (in the case of secret keys) confidentiality can be guaranteed to both direct and indirect users. Key management includes functions such as the generation, storage, distribution, deletion and archiving of keying material in accordance with a security policy (ISO 7498-2).
ISO/IEC 11770-1:2010 has a special relationship to the security frameworks for open systems (ISO/IEC 10181). All the frameworks, including this one, identify the basic concepts and characteristics of mechanisms covering different aspects of security.
|
Published |
2010-12 |
Edition : 2 |
Number of pages : 30 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:1996 |
Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques |
Defines key establishment mechanisms using symmetric cryptographic techniques. Addresses three environments for the establishment of keys: Point-to-Point, Key Distribution Centre (KDC) and Key Translation Centre (KTC). Describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.
|
Withdrawn |
1996-04 |
Edition : 1 |
Number of pages : 17 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:1996/Cor 1:2005 |
Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques — Technical Corrigendum 1 |
|
Withdrawn |
2005-07 |
Edition : 1 |
Number of pages : 1 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:2008 |
Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques |
ISO/IEC 11770 is concerned with the management of cryptographic keys. ISO/IEC 11770-2:2008 specifies a series of 13 mechanisms for establishing shared secret keys using symmetric cryptography. These mechanisms address three different environments for the establishment of shared secret keys: point-to-point key establishment schemes, mechanisms using a Key Distribution Centre (KDC), and techniques that use a Key Translation Centre (KTC). ISO/IEC 11770-2:2008 describes the content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established. This second edition is a technically revised version of the first edition: Mechanism 12 has been modified to address identified security shortcomings.
|
Withdrawn |
2008-06 |
Edition : 2 |
Number of pages : 27 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:2008/Cor 1:2009 |
Information technology — Security techniques — Key management — Part 2: Mechanisms using symmetric techniques — Technical Corrigendum 1 |
|
Withdrawn |
2009-09 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-2:2018 |
IT Security techniques — Key management — Part 2: Mechanisms using symmetric techniques |
This document defines key establishment mechanisms using symmetric cryptographic techniques.
This document addresses three environments for the establishment of keys: Point-to-Point, Key Distribution Centre (KDC), and Key Translation Centre (KTC). It describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.
This document does not indicate other information which can be contained in the messages or specify other messages such as error messages. The explicit format of messages is not within the scope of this document.
This document does not specify the means to be used to establish initial secret keys; that is, all the mechanisms specified in this document require an entity to share a secret key with at least one other entity (e.g. a TTP). For general guidance on the key lifecycle, see ISO/IEC 11770-1. This document does not explicitly address the issue of inter-domain key management. This document also does not define the implementation of key management mechanisms; products complying with this document are not necessarily compatible.
|
Published |
2018-10 |
Edition : 3 |
Number of pages : 28 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:1999 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques |
|
Withdrawn |
1999-11 |
Edition : 1 |
Number of pages : 35 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2008 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques |
ISO/IEC 11770-3:2008 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals.
Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is the result of a data exchange between the two entities A and B. Neither of them can predetermine the value of the shared secret key.
Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques.
Make an entity's public key available to other entities by key transport. In a public key transport mechanism, the public key of entity A must be transferred to other entities in an authenticated way, but not requiring secrecy.
Some of the mechanisms of ISO/IEC 11770-3:2008 are based on the corresponding authentication mechanisms in ISO/IEC 9798-3.
ISO/IEC 11770-3:2008 does not cover aspects of key management such as
key lifecycle management,
mechanisms to generate or validate asymmetric key pairs,
mechanisms to store, archive, delete, destroy, etc. keys.
While ISO/IEC 11770-3:2008 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means like smart cards, etc.
ISO/IEC 11770-3:2008 does not cover the implementations of the transformations used in the key management mechanisms.
|
Withdrawn |
2008-07 |
Edition : 2 |
Number of pages : 83 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2015 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques |
ISO/IEC 11770-3:2015 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals: a) establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is computed as the result of a data exchange between the two entities A and B. Neither of them should be able to predetermine the value of the shared secret key; b) establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B via key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques; and c) make an entity's public key available to other entities via key transport. In a public key transport mechanism, the public key of entity A shall be transferred to other entities in an authenticated way, but not requiring secrecy.
Some of the mechanisms of ISO/IEC 11770-3:2015 are based on the corresponding authentication mechanisms in ISO/IEC 9798‑3.
ISO/IEC 11770-3:2015 does not cover certain aspects of key management, such as key lifecycle management, mechanisms to generate or validate asymmetric key pairs, and mechanisms to store, archive, delete, destroy, etc. keys.
While ISO/IEC 11770-3:2015 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means such as smart cards, etc.
ISO/IEC 11770-3:2015 does not specify the transformations used in the key management mechanisms.
|
Withdrawn |
2015-08 |
Edition : 3 |
Number of pages : 81 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2015/Amd 1:2017 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques — Amendment 1: Blinded Diffie-Hellman key agreement |
|
Withdrawn |
2017-11 |
Edition : 3 |
Number of pages : 7 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2015/Cor 1:2016 |
Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques — Technical Corrigendum 1 |
|
Withdrawn |
2016-05 |
Edition : 3 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2021 |
Information security — Key management — Part 3: Mechanisms using asymmetric techniques |
This document defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals.
a) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is computed as the result of a data exchange between the two entities A and B. Neither of them is able to predetermine the value of the shared secret key.
b) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B via key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques.
c) Make an entity's public key available to other entities via key transport. In a public key transport mechanism, the public key of entity A is transferred to other entities in an authenticated way, but not requiring secrecy.
Some of the mechanisms of this document are based on the corresponding authentication mechanisms in ISO/IEC 9798‑3.
This document does not cover certain aspects of key management, such as:
— key lifecycle management;
— mechanisms to generate or validate asymmetric key pairs; and
— mechanisms to store, archive, delete, destroy, etc., keys.
While this document does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means such as smart cards, etc.
This document does not specify the transformations used in the key management mechanisms.
NOTE To provide origin authentication for key management messages, it is possible to make provisions for authenticity within the key establishment protocol or to use a public key signature system to sign the key exchange messages.
|
Published |
2021-10 |
Edition : 4 |
Number of pages : 90 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-3:2021/WD Amd 1 |
Information security — Key management — Part 3: Mechanisms using asymmetric techniques — Amendment 1 |
|
Under development |
|
Edition : 4 |
|
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-4:2006 |
Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets |
ISO/IEC 11770-4:2006 defines key establishment mechanisms based on weak secrets, i.e., secrets that can be readily memorized by a human, and hence secrets that will be chosen from a relatively small set of possibilities. It specifies cryptographic techniques specifically designed to establish one or more secret keys based on a weak secret derived from a memorized password, while preventing off-line brute-force attacks associated with the weak secret. More specifically, these mechanisms are designed to achieve one of the following three goals.
Balanced password-authenticated key agreement: Establish one or more shared secret keys between two entities that share a common weak secret. In a balanced password-authenticated key agreement mechanism, the shared secret keys are the result of a data exchange between the two entities, the shared secret keys are established if and only if the two entities have used the same weak secret, and neither of the two entities can predetermine the values of the shared secret keys.Augmented password-authenticated key agreement: Establish one or more shared secret keys between two entities A and B, where A has a weak secret and B has verification data derived from a one-way function of A's weak secret. In an augmented password-authenticated key agreement mechanism, the shared secret keys are the result of a data exchange between the two entities, the shared secret keys are established if and only if the two entities have used the weak secret and the corresponding verification data, and neither of the two entities can predetermine the values of the shared secret keys. Password-authenticated key retrieval: Establish one or more secret keys for an entity, A, associated with another entity, B, where A has a weak secret and B has a strong secret associated with A's weak secret. In an authenticated key retrieval mechanism, the secret keys, retrievable by A (not necessarily derivable by B), are the result of a data exchange between the two entities, and the secret keys are established if and only if the two entities have used the weak secret and the associated strong secret. However, although B's strong secret is associated with A's weak secret, the strong secret does not (in itself) contain sufficient information to permit either the weak secret or the secret keys established in the mechanism to be determined.
|
Withdrawn |
2006-05 |
Edition : 1 |
Number of pages : 33 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-4:2006/Cor 1:2009 |
Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets — Technical Corrigendum 1 |
|
Withdrawn |
2009-09 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-4:2017 |
Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets |
ISO/IEC 11770-4:2017 defines key establishment mechanisms based on weak secrets, i.e. secrets that can be readily memorized by a human, and hence, secrets that will be chosen from a relatively small set of possibilities. It specifies cryptographic techniques specifically designed to establish one or more secret keys based on a weak secret derived from a memorized password, while preventing offline brute-force attacks associated with the weak secret. ISO/IEC 11770-4:2017 is not applicable to the following aspects of key management:
- life-cycle management of weak secrets, strong secrets, and established secret keys;
- mechanisms to store, archive, delete, destroy, etc. weak secrets, strong secrets, and established secret keys.
|
Published |
2017-11 |
Edition : 2 |
Number of pages : 48 |
Technical Committee |
35.030
IT Security
|
| ISO 20347:2004/Cor 1:2005 |
Personal protective equipment — Occupational footwear — Technical Corrigendum 1 |
|
Withdrawn |
2005-09 |
Edition : 1 |
Number of pages : 1 |
Technical Committee |
13.340.50
Leg and foot protection
|
| ISO/IEC 11770-5:2011 |
Information technology — Security techniques — Key management — Part 5: Group key management |
ISO/IEC 11770-5:2011 specifies key establishment mechanisms for multiple entities to provide procedures for handling cryptographic keying material used in symmetric or asymmetric cryptographic algorithms according to the security policy in force.
It defines the symmetric key based key establishment mechanisms for multiple entities with a key distribution centre (KDC), and defines symmetric key establishment mechanisms based on general tree based structure with both individual rekeying and batched rekeying. It also defines key establishment mechanisms based on key chain with both unlimited forward key chain and limited forward key chain. Both key establishment mechanisms can be combined by applications.
ISO/IEC 11770-5:2011 also describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.
|
Withdrawn |
2011-12 |
Edition : 1 |
Number of pages : 22 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-5:2020 |
Information security — Key management — Part 5: Group key management |
This document specifies mechanisms to establish shared symmetric keys between groups of entities. It defines:
— symmetric key-based key establishment mechanisms for multiple entities with a key distribution centre (KDC); and
— symmetric key establishment mechanisms based on a general tree-based logical key structure with both individual rekeying and batch rekeying.
It also defines key establishment mechanisms based on a key chain with group forward secrecy, group backward secrecy or both group forward and backward secrecy.
This document also describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.
This document does not specify information that has no relation with key establishment mechanisms, nor does it specify other messages such as error messages. The explicit format of messages is not within the scope of this document.
This document does not specify the means to be used to establish the initial secret keys required to be shared between each entity and the KDC, nor key lifecycle management. This document also does not explicitly address the issue of interdomain key management.
|
Published |
2020-11 |
Edition : 2 |
Number of pages : 18 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-6:2016 |
Information technology — Security techniques — Key management — Part 6: Key derivation |
ISO/IEC 11770-6:2016 specifies key derivation functions, i.e. functions which take secret information and other (public) parameters as input and output one or more "derived" secret keys. Key derivation functions based on MAC algorithms and on hash-functions are specified.
|
Published |
2016-10 |
Edition : 1 |
Number of pages : 23 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11770-7:2021 |
Information security — Key management — Part 7: Cross-domain password-based authenticated key exchange |
This document specifies mechanisms for cross-domain password-based authenticated key exchange, all of which are four-party password-based authenticated key exchange (4PAKE) protocols. Such protocols let two communicating entities establish a shared session key using just the login passwords that they share with their respective domain authentication servers. The authentication servers, assumed to be part of a standard public key infrastructure (PKI), act as ephemeral certification authorities (CAs) that certify key materials that the users can subsequently use to exchange and agree on as a session key.
This document does not specify the means to be used to establish a shared password between an entity and its corresponding domain server. This document also does not define the implementation of a PKI and the means for two distinct domain servers to exchange or verify their respective public key certificates.
|
Published |
2021-07 |
Edition : 1 |
Number of pages : 26 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11889-1:2009 |
Information technology — Trusted Platform Module — Part 1: Overview |
ISO/IEC 11889 defines the Trusted Platform Module (TPM), a device that enables trust in computing platforms in general. ISO/IEC 11889-1:2009 is an overview of the TPM. It describes the TPM and how it fits into the trusted platform. ISO/IEC 11889-1:2009 describes trusted platform concepts such as the trust boundary, transitive trust, integrity measurement, and integrity reporting.
|
Published |
2009-05 |
Edition : 1 |
Number of pages : 12 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11889-1:2015 |
Information technology — Trusted platform module library — Part 1: Architecture |
ISO/IEC 11889-1:2015 defines the architectural elements of the Trusted Platform Module (TPM), a device which enables trust in computing platforms in general. Some TPM concepts are explained adequately in the context of the TPM itself. Other TPM concepts are explained in the context of how a TPM helps establish trust in a computing platform. When describing how a TPM helps establish trust in a computing platform, ISO/IEC 11889-1:2015 provides some guidance for platform requirements. However, the scope of ISO/IEC 11889 is limited to TPM requirements.
ISO/IEC 11889-1:2015 illustrates TPM security and privacy techniques in the context of a platform through the use of cryptography. It includes definitions of how different cryptographic techniques are implemented by a TPM. The scope of ISO/IEC 11889 does not include cryptographic analysis or guidance about the applicability of different algorithms for specific uses cases.
TPM requirements in ISO/IEC 11889-1:2015 are general, covering concepts like integrity protection, isolation and confidentially. Defining a specific strength of function or assurance level is out of scope for ISO/IEC 11889. This approach limits the guarantees provided by ISO/IEC 11889 itself, but it does allow the TPM architectural elements defined to be adapted to meet diverse implementation and platform specific needs.
|
Published |
2015-08 |
Edition : 2 |
Number of pages : 257 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 1539-1:1997/Cor 2:2002 |
Information technology — Programming languages — Fortran - Part 1: Base language — Technical Corrigendum 2 |
|
Withdrawn |
2002-06 |
Edition : 1 |
Number of pages : 8 |
Technical Committee |
35.060
Languages used in information technology
|
| ISO/IEC 11889-2:2009 |
Information technology — Trusted Platform Module — Part 2: Design principles |
ISO/IEC 11889 defines the Trusted Platform Module (TPM), a device that enables trust in computing platforms in general. ISO/IEC 11889-2:2009 defines the principles of TPM operation. These include base operating modes, cryptographic algorithms and key sizes for the algorithms, basic interoperability requirements, basic protocols and the use of the protocols, and use of TPM resources.
|
Published |
2009-05 |
Edition : 1 |
Number of pages : 143 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11889-2:2015 |
Information technology — Trusted Platform Module Library — Part 2: Structures |
ISO/IEC 11889-2:2015 contains the definitions of the constants, flags, structure, and union definitions used to communicate with the TPM. Values defined in ISO/IEC 11889-2:2015 are used by the TPM commands defined in ISO/IEC 11899-3 and by the functions in ISO/IEC 11889-4.
|
Published |
2015-08 |
Edition : 2 |
Number of pages : 159 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11889-3:2009 |
Information technology — Trusted Platform Module — Part 3: Structures |
ISO/IEC 11889 defines the Trusted Platform Module (TPM), a device that enables trust in computing platforms in general. ISO/IEC 11889-3:2009 defines the structures and constants that enable the interoperability between TPM implementations.
|
Published |
2009-05 |
Edition : 1 |
Number of pages : 188 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11889-3:2015 |
Information technology — Trusted Platform Module Library — Part 3: Commands |
ISO/IEC 11889 contains the definitions of the Trusted Platform Module (TPM) commands. These commands make use of the constants, flags, structures, and union definitions defined in ISO/IEC 11889-2.
The detailed description of the operation of the commands is written in the C language with extensive comments. The behavior of the C code in this ISO/IEC 11889-3:2015 is normative but does not fully describe the behavior of a TPM. The combination of this ISO/IEC 11889-3:2015 and ISO/IEC 11889-4 is sufficient to fully describe the required behavior of a TPM.
ISO/IEC 11889-3:2015 and ISO/IEC 11889-4 is written to define the behavior of a compliant TPM. In some cases it is not possible to provide a compliant implementation. In those cases, any implementation provided by the vendor that meets the general description of the function provided in this part of ISO/IEC 11889 would be compliant.
|
Published |
2015-08 |
Edition : 2 |
Number of pages : 457 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11889-4:2009 |
Information technology — Trusted Platform Module — Part 4: Commands |
ISO/IEC 11889 defines the Trusted Platform Module (TPM), a device that enables trust in computing platforms in general. ISO/IEC 11889-4:2009 defines the commands, actions of the commands, and the parameters to the commands that provide the TPM functionality.
|
Published |
2009-05 |
Edition : 1 |
Number of pages : 237 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 11889-4:2015 |
Information technology — Trusted Platform Module Library — Part 4: Supporting Routines |
ISO/IEC 11889-4:2015 contains C code that describes the algorithms and methods used by the command code in ISO/IEC 11889-3. The code in ISO/IEC 11889-4:2015 augments ISO/IEC 11889-2 and ISO/IEC 11889-3 to provide a complete description of a TPM, including the supporting framework for the code that performs the command actions.
Any code in ISO/IEC 11889-4:2015 may be replaced by code that provides similar results when interfacing to the action code in ISO/IEC 11889-3. The behavior of code in this ISO/IEC 11889-4:2015 that is not included in an annex is normative, as observed at the interfaces with ISO/IEC 11889-3 code. Code in an annex is provided for completeness, that is, to allow a full implementation of ISO/IEC 11889 from the provided code.
The code in ISO/IEC 11889-3 and this ISO/IEC 11889-4:2015 is written to define the behavior of a compliant TPM. In some cases (e.g., firmware update), it is not possible to provide a compliant implementation. In those cases, any implementation provided by the vendor that meets the general description of the function provided in ISO/IEC 11889-3 would be compliant.
The code in ISO/IEC 11889-3 and this ISO/IEC 11889-4:2015 is not written to meet any particular level of conformance nor does ISO/IEC 11889 require that a TPM meet any particular level of conformance.
|
Published |
2015-08 |
Edition : 2 |
Number of pages : 556 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 13335-1:2004 |
Information technology — Security techniques — Management of information and communications technology security — Part 1: Concepts and models for information and communications technology security management |
ISO/IEC 13335-1:2004 presents the concepts and models fundamental to a basic understanding of ICT security, and addresses the general management issues that are essential to the successful planning, implementation and operation of ICT security. Part 2 of ISO/IEC 13335 (currently 2nd WD) provides operational guidance on ICT security. Together these parts can be used to help identify and manage all aspects of ICT security.
|
Withdrawn |
2004-11 |
Edition : 1 |
Number of pages : 28 |
Technical Committee |
35.030
IT Security
;
03.100.70
Management systems
|
| ISO/IEC TR 13335-1:1996 |
Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security |
Presents the basic management concepts and models which are essential for an introduction into the management of IT security. These concepts and models are further discussed and developed in the remaining parts to provide more detailed guidance.
|
Withdrawn |
1996-12 |
Edition : 1 |
Number of pages : 18 |
Technical Committee |
35.030
IT Security
;
03.100.70
Management systems
|
| ISO/IEC 13888-1:2004 |
IT security techniques — Non-repudiation — Part 1: General |
This part of ISO/IEC 13888:2004 serves as a general model for subsequent parts specifying non-repudiation mechanisms using cryptographic techniques. The goal of the non-repudiation service is to generate, collect, maintain, make available and verify evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non-occurrence of the event or action. There are two main types of evidence, the nature of which depends on cryptographic techniques employed: the secure envelopes generated by an evidence-generating authority using symmetric cryptographic techniques, and digital signatures generated by an evidence generator or an evidence generating authority using asymmetric cryptographic techniques.
Non-repudiation mechanisms generic to the various non-repudiation services are described first. The different parts of this International Standard provide non-repudiation mechanisms for the following phases of non-repudiation: evidence generation, transfer, storage, retrieval and verification. The non-repudiation mechanisms are then applied to a selection of specific non-repudiation services such as non-repudiation of origin, non-repudiation of delivery, non-repudiation of submission, and non-repudiation of transport. Non-repudiation mechanisms provide protocols for the exchange of non-repudiation tokens specific to each non-repudiation service. Non-repudiation tokens consist of secure envelopes and/or digital signatures and, optionally, of additional data.
|
Withdrawn |
2004-06 |
Edition : 2 |
Number of pages : 15 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 13888-1:2009 |
Information technology — Security techniques — Non-repudiation — Part 1: General |
ISO/IEC 13888 is concerned with non-repudiation. ISO/IEC 13888-1:2009 is a general part which defines a model for non-repudiation mechanisms providing evidence based on cryptographic check values generated using symmetric or asymmetric cryptographic techniques. Non-repudiation mechanisms provide protocols for the exchange of non-repudiation tokens for non-repudiation services. Specific and additional non-repudiation services are described.
|
Withdrawn |
2009-07 |
Edition : 3 |
Number of pages : 19 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 13888-1:2020 |
Information security — Non-repudiation — Part 1: General |
This document serves as a general model for subsequent parts specifying non-repudiation mechanisms using cryptographic techniques.
The ISO/IEC 13888 series provides non-repudiation mechanisms for the following phases of non-repudiation:
— evidence generation;
— evidence transfer, storage and retrieval; and
— evidence verification.
Dispute arbitration is outside the scope of the ISO/IEC 13888 series.
|
Published |
2020-09 |
Edition : 4 |
Number of pages : 20 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 13888-2:1998 |
Information technology — Security techniques — Non-repudiation — Part 2: Mechanisms using symmetric techniques |
|
Withdrawn |
1998-04 |
Edition : 1 |
Number of pages : 10 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 13888-2:2010 |
Information technology — Security techniques — Non-repudiation — Part 2: Mechanisms using symmetric techniques |
The goal of the non-repudiation service is to generate, collect, maintain, make available and validate evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non-occurrence of the event or action. ISO/IEC 13888-2:2010 provides descriptions of generic structures that can be used for non-repudiation services, and of some specific communication-related mechanisms which can be used to provide non-repudiation of origin (NRO) and non-repudiation of delivery (NRD). Other non-repudiation services can be built using the generic structures described in ISO/IEC 13888-2:2010 in order to meet the requirements defined by the security policy.
ISO/IEC 13888-2:2010 relies on the existence of a trusted third party (TTP) to prevent fraudulent repudiation or accusation. Usually, an online TTP is needed.
Non-repudiation can only be provided within the context of a clearly defined security policy for a particular application and its legal environment. Non-repudiation policies are defined in ISO/IEC 10181-4.
|
Published |
2010-12 |
Edition : 2 |
Number of pages : 17 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 13888-2:2010/Cor 1:2012 |
Information technology — Security techniques — Non-repudiation — Part 2: Mechanisms using symmetric techniques — Technical Corrigendum 1 |
|
Published |
2012-12 |
Edition : 2 |
Number of pages : 3 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 13888-3:1997 |
Information technology — Security techniques — Non-repudiation — Part 3: Mechanisms using asymmetric techniques |
|
Withdrawn |
1997-11 |
Edition : 1 |
Number of pages : 7 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 13888-3:2009 |
Information technology — Security techniques — Non-repudiation — Part 3: Mechanisms using asymmetric techniques |
ISO/IEC 13888-3:2009 specifies mechanisms for the provision of specific, communication related, non-repudiation services using asymmetric cryptographic techniques.
|
Withdrawn |
2009-12 |
Edition : 2 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 13888-3:2020 |
Information security — Non-repudiation — Part 3: Mechanisms using asymmetric techniques |
This document specifies mechanisms for the provision of specific, communication-related, non‑repudiation services using asymmetric cryptographic techniques.
|
Published |
2020-09 |
Edition : 3 |
Number of pages : 13 |
Technical Committee |
35.030
IT Security
|
| ISO 14520-11:2000 |
Gaseous fire-extinguishing systems — Physical properties and system design — Part 11: HFC 236fa extinguishant |
|
Withdrawn |
2000-08 |
Edition : 1 |
Number of pages : 5 |
Technical Committee |
13.220.10
Fire-fighting
|
| ISO/IEC TR 14516:2002 |
Information technology — Security techniques — Guidelines for the use and management of Trusted Third Party services |
Associated with the provision and operation of a Trusted Third Party (TTP) are a number of security-related issues for
which general guidance is necessary to assist business entities, developers and providers of systems and services, etc.
This includes guidance on issues regarding the roles, positions and relationships of TTPs and the entities using TTP
services, the generic security requirements, who should provide what type of security, what the possible security
solutions are, and the operational use and management of TTP service security.
This Recommendation | Technical Report provides guidance for the use and management of TTPs, a clear definition of
the basic duties and services provided, their description and their purpose, and the roles and liabilities of TTPs and
entities using their services. It is intended primarily for system managers, developers, TTP operators and enterprise users
to select those TTP services needed for particular requirements, their subsequent management, use and operational
deployment, and the establishment of a Security Policy within a TTP. It is not intended to be used as a basis for a formal
assessment of a TTP or a comparison of TTPs.
This Recommendation | Technical Report identifies different major categories of TTP services including: time stamping,
non-repudiation, key management, certificate management, and electronic notary public. Each of these major categories
consists of several services which logically belong together.
|
Published |
2002-06 |
Edition : 1 |
Number of pages : 33 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-1:1998 |
Information technology — Security techniques — Digital signatures with appendix — Part 1: General |
|
Withdrawn |
1998-12 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-1:2008 |
Information technology — Security techniques — Digital signatures with appendix — Part 1: General |
There are two types of digital signature mechanism:
When the verification process needs the message as part of the input, the mechanism is called "signature mechanism with appendix". A hash-function is in used in the calculation of the appendix.
When the verification process reveals all or part of the message, the mechanism is called a "signature mechanism giving message recovery". A hash-function is also used in the generation and verification of these signatures.
ISO/IEC 14888 specifies digital signatures with appendix. ISO/IEC 14888-1:2008 specifies general principles and requirements for digital signatures with appendix. ISO/IEC 14888-2 addresses digital signatures based on integer factoring, and ISO/IEC 14888-3 addresses digital signatures based on discrete logarithm.
Signature mechanisms giving message recovery are specified in ISO/IEC 9796. Hash-functions are specified in ISO/IEC 10118.
|
Published |
2008-04 |
Edition : 2 |
Number of pages : 11 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-2:1999 |
Information technology — Security techniques — Digital signatures with appendix — Part 2: Identity-based mechanisms |
|
Withdrawn |
1999-12 |
Edition : 1 |
Number of pages : 16 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-2:2008 |
Information technology — Security techniques — Digital signatures with appendix — Part 2: Integer factorization based mechanisms |
ISO/IEC 14888 specifies digital signature with appendix. As no part of the message is recovered from the signature (the recoverable part of the message is empty), the signed message consists of the signature and the whole message.
NOTE ISO/IEC 9796 specifies digital signature giving message recovery. As all or part of the message is recovered from the signature, the recoverable part of the message is not empty. The signed message consists of either the signature only (when the non-recoverable part of the message is empty), or both the signature and the non-recoverable part.
ISO/IEC 14888-2:2008 specifies digital signatures with appendix whose security is based on the difficulty of factoring the modulus in use. For each signature scheme, it specifies:
the relationships and constraints between all the data elements required for signing and verifying;
a signature mechanism, i.e. how to produce a signature of a message with the data elements required for signing;
a verification mechanism, i.e. how to verify a signature of a message with the data elements required for verifying.
The title of ISO/IEC 14888-2 has changed from Identity-based mechanisms (first edition) to Integer factorization based mechanisms (second edition).
ISO/IEC 14888-2:2008 includes the identity-based scheme specified in ISO/IEC 14888-2:1999, namely the GQ1 scheme. This scheme has been revised due to the withdrawal of ISO/IEC 9796:1991 in 1999.
Among the certificate-based schemes specified in ISO/IEC 14888-3:1998, it includes all the schemes based on the difficulty of factoring the modulus in use, namely, the RSA, RW and ESIGN schemes. These schemes have been revised due to the withdrawal of ISO/IEC 9796:1991 in 1999.
It takes into account ISO/IEC 14888-3:1998/Cor.1:2001, technical corrigendum of the ESIGN scheme.
It includes a format mechanism, namely the PSS mechanism, also specified in ISO/IEC 9796-2:2002, and details of how to use it in each of the RSA, RW, GQ1 and ESIGN schemes.
It includes new certificate-based schemes that use no format mechanism, namely, the GQ2, GPS1 and GPS2 schemes.
For each scheme and its options, as needed, it provides an object identifier.
|
Published |
2008-04 |
Edition : 2 |
Number of pages : 66 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-2:2008/Cor 1:2015 |
Information technology — Security techniques — Digital signatures with appendix — Part 2: Integer factorization based mechanisms — Technical Corrigendum 1: To ISO/IEC 14888-2:2008 |
|
Published |
2015-10 |
Edition : 2 |
Number of pages : 3 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-3:1998 |
Information technology — Security techniques — Digital signatures with appendix — Part 3: Certificate-based mechanisms |
|
Withdrawn |
1998-12 |
Edition : 1 |
Number of pages : 34 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-3:1998/Cor 1:2001 |
Information technology — Security techniques — Digital signatures with appendix — Part 3: Certificate-based mechanisms — Technical Corrigendum 1 |
|
Withdrawn |
2001-09 |
Edition : 1 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-3:2005 |
Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements |
ISO/IEC 15408-3:2005 defines the assurance requirements of ISO/IEC 15408. It includes the evaluation assurance levels (EALs) that define a scale for measuring assurance, the individual assurance components from which the assurance levels are composed, and the criteria for evaluation of protection profiles and security targets.
|
Withdrawn |
2005-10 |
Edition : 2 |
Number of pages : 149 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-3:2006 |
Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms |
ISO/IEC 14888-3:2006 specifies digital signature mechanisms with appendix whose security is based on the discrete logarithm problem. It provides a general description of a digital signature with appendix mechanism, and a variety of mechanisms that provide digital signatures with appendix.
For each mechanism, ISO/IEC 14888-3:2006 specifies the process of generating keys, the process of producing signatures, and the process of verifying signatures.
The verification of a digital signature requires the signing entity's verification key. It is thus essential for a verifier to be able to associate the correct verification key with the signing entity, or more precisely, with (parts of) the signing entity's identification data. This association may be provided by another means that is not covered in ISO/IEC 14888-3:2006. Whatever the nature of such means, the scheme is then said to be 'certificate-based'. If not, the association between the correct verification key and the signing entity's identification data is somehow inherent in the verification key itself. In such a case, the scheme is said to be 'identity-based'. Depending on the two different ways of checking the correctness of the verification keys, the digital signature mechanisms specified in ISO/IEC 14888-3:2006 are categorized in two groups: certificate-based and identity-based.
|
Withdrawn |
2006-11 |
Edition : 2 |
Number of pages : 68 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-3:2006/Amd 1:2010 |
Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms — Amendment 1: Elliptic Curve Russian Digital Signature Algorithm, Schnorr Digital Signature Algorithm, Elliptic Curve Schnorr Digital Signature Algorithm, and Elliptic Curve Full Schnorr Digital Signature Algorithm |
|
Withdrawn |
2010-06 |
Edition : 2 |
Number of pages : 27 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-3:2006/Cor 1:2007 |
Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms — Technical Corrigendum 1 |
|
Withdrawn |
2007-09 |
Edition : 2 |
Number of pages : 3 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-3:2006/Amd 2:2012 |
Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms — Amendment 2: Optimizing hash inputs |
|
Withdrawn |
2012-07 |
Edition : 2 |
Number of pages : 4 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-3:2006/Cor 2:2009 |
Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms — Technical Corrigendum 2 |
|
Withdrawn |
2009-02 |
Edition : 2 |
Number of pages : 2 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-3:2016 |
Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms |
ISO/IEC 14888-3:2016 specifies digital signature mechanisms with appendix whose security is based on the discrete logarithm problem.
ISO/IEC 14888-3:2016 provides
- a general description of a digital signature with appendix mechanism, and
- a variety of mechanisms that provide digital signatures with appendix.
For each mechanism, this part of ISO/IEC 14888 specifies
- the process of generating a pair of keys,
- the process of producing signatures, and
- the process of verifying signatures.
|
Withdrawn |
2016-03 |
Edition : 3 |
Number of pages : 131 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 14888-3:2018 |
IT Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms |
This document specifies digital signature mechanisms with appendix whose security is based on the discrete logarithm problem.
This document provides
— a general description of a digital signature with appendix mechanism, and
— a variety of mechanisms that provide digital signatures with appendix.
For each mechanism, this document specifies
— the process of generating a pair of keys,
— the process of producing signatures, and
— the process of verifying signatures.
Annex A defines object identifiers assigned to the digital signature mechanisms specified in this document, and defines algorithm parameter structures.
Annex B defines conversion functions of FE2I, I2FE, FE2BS, BS2I, I2BS, I2OS and OS2I used in this document.
Annex D defines how to generate DSA domain parameters.
|
Published |
2018-11 |
Edition : 4 |
Number of pages : 155 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC CD 14888-4.2 |
Information technology — Security techniques — Digital signatures with appendix — Part 4: Stateful hash-based mechanisms |
|
Under development |
|
Edition : 1 |
|
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15292:2001 |
Information technology - Security techniques - Protection Profile registration procedures |
|
Withdrawn |
2001-12 |
Edition : 1 |
Number of pages : 14 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-1:1999 |
Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
|
Withdrawn |
1999-12 |
Edition : 1 |
Number of pages : 53 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 1539-1:2004/Cor 2:2007 |
Information technology — Programming languages — Fortran — Part 1: Base language — Technical Corrigendum 2 |
|
Withdrawn |
2007-02 |
Edition : 2 |
Number of pages : 3 |
Technical Committee |
35.060
Languages used in information technology
|
| ISO/IEC 15408-1:2005 |
Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
ISO/IEC 15408-1:2005 defines two forms for expressing IT security functional and assurance requirements. The protection profile (PP) construct allows creation of generalized reusable sets of these security requirements. The PP can be used by prospective consumers for specification and identification of products with IT security features which will meet their needs. The security target (ST) expresses the security requirements and specifies the security functions for a particular product or system to be evaluated, called the target of evaluation (TOE). The ST is used by evaluators as the basis for evaluations conducted in accordance with ISO/IEC 15408.
|
Withdrawn |
2005-10 |
Edition : 2 |
Number of pages : 41 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-1:2009 |
Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model |
ISO/IEC 15408-1:2009 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.
It provides an overview of all parts of ISO/IEC 15408. It describes the various parts of ISO/IEC 15408; defines the terms and abbreviations to be used in all parts ISO/IEC 15408; establishes the core concept of a Target of Evaluation (TOE); the evaluation context; and describes the audience to which the evaluation criteria are addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.
It defines the various operations by which the functional and assurance components given in ISO/IEC 15408-2 and ISO/IEC 15408-3 may be tailored through the use of permitted operations.
The key concepts of protection profiles (PP), packages of security requirements and the topic of conformance are specified and the consequences of evaluation and evaluation results are described.
ISO/IEC 15408-1:2009 gives guidelines for the specification of Security Targets (ST) and provides a description of the organization of components throughout the model.
General information about the evaluation methodology is given in ISO/IEC 18045 and the scope of evaluation schemes is provided.
|
Withdrawn |
2009-12 |
Edition : 3 |
Number of pages : 64 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-1:2022 |
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 1: Introduction and general model |
This document establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.
This document provides an overview of all parts of the ISO/IEC 15408 series. It describes the various parts of the ISO/IEC 15408 series; defines the terms and abbreviations to be used in all parts of the standard; establishes the core concept of a Target of Evaluation (TOE); describes the evaluation context and describes the audience to which the evaluation criteria is addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given.
This document introduces:
— the key concepts of Protection Profiles (PP), PP-Modules, PP-Configurations, packages, Security Targets (ST), and conformance types;
— a description of the organization of security components throughout the model;
— the various operations by which the functional and assurance components given in ISO/IEC 15408‑2 and ISO/IEC 15408‑3 can be tailored through the use of permitted operations;
— general information about the evaluation methods given in ISO/IEC 18045;
— guidance for the application of ISO/IEC 15408‑4 in order to develop evaluation methods (EM) and evaluation activities (EA) derived from ISO/IEC 18045;
— general information about the pre-defined Evaluation Assurance Levels (EALs) defined in ISO/IEC 15408‑5;
— information in regard to the scope of evaluation schemes.
|
Published |
2022-08 |
Edition : 4 |
Number of pages : 142 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-2:1999 |
Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements |
|
Withdrawn |
1999-12 |
Edition : 1 |
Number of pages : 343 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-2:2005 |
Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements |
ISO/IEC 15408-2:2005 defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that will meet the common security functionality requirements of many IT products and systems.
|
Withdrawn |
2005-10 |
Edition : 2 |
Number of pages : 227 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-2:2008 |
Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
ISO/IEC 15408-2:2008 defines the content and presentation of the security functional requirements to be assessed in a security evaluation using ISO/IEC 15408. It contains a comprehensive catalogue of predefined security functional components that will meet most common security needs of the marketplace. These are organized using a hierarchical structure of classes, families and components, and supported by comprehensive user notes.
ISO/IEC 15408-2:2008 also provides guidance on the specification of customized security requirements where no suitable predefined security functional components exist.
|
Withdrawn |
2008-08 |
Edition : 3 |
Number of pages : 218 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-2:2022 |
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 2: Security functional components |
This document defines the required structure and content of security functional components for the purpose of security evaluation. It includes a catalogue of functional components that meets the common security functionality requirements of many IT products.
|
Published |
2022-08 |
Edition : 4 |
Number of pages : 273 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-3:1999 |
Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements |
|
Withdrawn |
1999-12 |
Edition : 1 |
Number of pages : 213 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-3:2008 |
Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components |
ISO/IEC 15408-3:2008 defines the assurance requirements of the evaluation criteria. It includes the evaluation assurance levels that define a scale for measuring assurance for component targets of evaluation (TOEs), the composed assurance packages that define a scale for measuring assurance for composed TOEs, the individual assurance components from which the assurance levels and packages are composed, and the criteria for evaluation of protection profiles and security targets.
ISO/IEC 15408-3:2008 defines the content and presentation of the assurance requirements in the form of assurance classes, families and components and provides guidance on the organization of new assurance requirements. The assurance components within the assurance families are presented in a hierarchical order.
|
Withdrawn |
2008-08 |
Edition : 3 |
Number of pages : 174 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-3:2022 |
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components |
This document defines the assurance requirements of the ISO/IEC 15408 series. It includes the individual assurance components from which the evaluation assurance levels and other packages contained in ISO/IEC 15408-5 are composed, and the criteria for evaluation of Protection Profiles (PPs), PP-Configurations, PP-Modules, and Security Targets (STs).
|
Published |
2022-08 |
Edition : 4 |
Number of pages : 189 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-4:2022 |
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 4: Framework for the specification of evaluation methods and activities |
This document provides a standardized framework for specifying objective, repeatable and reproducible evaluation methods and evaluation activities.
This document does not specify how to evaluate, adopt, or maintain evaluation methods and evaluation activities. These aspects are a matter for those originating the evaluation methods and evaluation activities in their particular area of interest.
|
Published |
2022-08 |
Edition : 1 |
Number of pages : 16 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15408-5:2022 |
Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 5: Pre-defined packages of security requirements |
This document provides packages of security assurance and security functional requirements that have been identified as useful in support of common usage by stakeholders.
EXAMPLE Examples of provided packages include the evaluation assurance levels (EAL) and the composed assurance packages (CAPs).
This document presents:
— evaluation assurance level (EAL) family of packages that specify pre-defined sets of security assurance components that may be referenced in PPs and STs and which specify appropriate security assurances to be provided during an evaluation of a target of evaluation (TOE);
— composition assurance (CAP) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during an evaluation of composed TOEs;
— composite product (COMP) package that specifies a set of security assurance components used for specifying appropriate security assurances to be provided during an evaluation of a composite product TOEs;
— protection profile assurance (PPA) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during a protection profile evaluation;
— security target assurance (STA) family of packages that specify sets of security assurance components used for specifying appropriate security assurances to be provided during a security target evaluation.
The users of this document can include consumers, developers, and evaluators of secure IT products.
|
Published |
2022-08 |
Edition : 1 |
Number of pages : 27 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 15443-1:2005 |
Information technology — Security techniques — A framework for IT security assurance — Part 1: Overview and framework |
ISO/IEC TR 15443 is a multi-part type 3 Technical Report to guide the IT security professional in the selection of an appropriate assurance method when specifying, selecting, or deploying a security service, product, or environmental factor such as an organization or personnel (known as a deliverable). The aim is to understand the assurance type and amount required to achieve confidence that the deliverable satisfies the stated IT security assurance requirements and consequently its security policy.
ISO/IEC TR 15443-1:2005 describes the fundamentals of security assurance and its relation to other security concepts. This is to clarify why security assurance is required and dispel common misconceptions such as that increased assurance is gained by increasing the strength of a security mechanism. The framework includes a categorization of assurance types and a generic lifecycle model to identify the appropriate assurance types required for the deliverable with respect to the deliverable's lifecycle. The model also demonstrates how security assurance must be managed throughout the deliverable's lifecycle requiring assurance decisions to be made by several assurance authorities for the lifecycle stage relevant to their organization (i.e. developer, standards, consumer). The framework has been developed to be general enough to accommodate different assurance types and map into any lifecycle approach so as not to dictate any particular design. Advanced security assurance concepts, such as combining security assurance methods, are addressed briefly as they are to be addressed in later parts of ISO/IEC TR 15443.
ISO/IEC TR 15443 targets IT security managers and other security professionals responsible for developing a security assurance program, engineering security into a deliverable, determining the security assurance of their deliverable, entering an assurance assessment audit (e.g. ISO 9000, SSE-CMM (ISO/IEC 21827), ISO/IEC 15408-3), or other assurance activities.
|
Withdrawn |
2005-02 |
Edition : 1 |
Number of pages : 23 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 15443-1:2012 |
Information technology — Security techniques — Security assurance framework — Part 1: Introduction and concepts |
ISO/IEC TR 15443-1:2012 defines terms and establishes an extensive and organised set of concepts and their relationships for understanding IT security assurance, thereby establishing a basis for shared understanding of the concepts and principles central to ISO/IEC TR 15443 across its user communities. It provides information fundamental to users of ISO/IEC TR 15443-2.
|
Published |
2012-11 |
Edition : 2 |
Number of pages : 51 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 15443-2:2005 |
Information technology — Security techniques — A framework for IT security assurance — Part 2: Assurance methods |
ISO/IEC TR 15443-2:2005 describes a variety of IT security assurance methods and approaches and relates them to the IT security assurance framework in ISO/IEC TR 15443-1. The emphasis is to identify qualitative properties of the assurance methods and elements that contribute to assurance, and where possible, to define assurance ratings. This material is intended for IT security professionals for the understanding of how to obtain assurance in a given life-cycle stage of a product or service.
The objective is to describe and categorize assurance methods and approaches in a manner enabling a review of their comparable and synergetic properties. This will facilitate selection of the appropriate assurance method or and possible combination of assurance methods for a given IT security product, system, or service and its specific environment.
|
Withdrawn |
2005-09 |
Edition : 1 |
Number of pages : 66 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 15443-2:2012 |
Information technology — Security techniques — Security assurance framework — Part 2: Analysis |
ISO/IEC TR 15443-2:2012 builds on the concepts presented in ISO/IEC TR 15443-1. It provides a discussion of the attributes of security assurance conformity assessment methods that contribute towards making assurance claims and providing assurance evidence to fulfil meeting the assurance requirements for a deliverable.
ISO/IEC TR 15443-2:2012 proposes criteria for comparing and analysing different SACA methods. The reader is cautioned that the methods used as examples in ISO/IEC TR 15443-2:2012 are considered to represent popularly used methods at the time of its writing. New methods may appear, and modification or withdrawal of the methods cited may occur. It is intended that the criteria can be used to describe and compare any SACA method whatever its provenance.
|
Published |
2012-11 |
Edition : 2 |
Number of pages : 18 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 15443-3:2007 |
Information technology — Security techniques — A framework for IT security assurance — Part 3: Analysis of assurance methods |
ISO/IEC TR 15443-3:2007 provides general guidance to an assurance authority in the choice of the appropriate type of international communications techology (ICT) assurance methods and to lay the framework for the analysis of specific assurance methods for specific environments.
ISO/IEC TR 15443-3:2007 will allow the user to match specific assurance requirements and/or typical assurance situations with the general characteristics offered by available assurance methods.
The guidance of ISO/IEC TR 15443-3:2007 is applicable to the development, implementation and operation of ICT product and ICT systems with security requirements.
The advice given in ISO/IEC TR 15443-3:2007 will be qualitative and summary, and the user may need to analyse which methods presented in ISO/IEC TR 15443-2 will suit best his specific deliverables and organisational security requirements.
|
Withdrawn |
2007-12 |
Edition : 1 |
Number of pages : 63 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 15446:2004 |
Information technology — Security techniques — Guide for the production of Protection Profiles and Security Targets |
ISO/IEC TR 15446:2004 provides guidance relating to the construction of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with ISO/IEC 15408 (the "Common Criteria").
ISO/IEC TR 15446:2004 gives suggestions on how to develop each section of a PP or ST. It is supported by an annex that contains generic examples of each type of PP and ST component, and by other annexes that contain detailed worked examples.
ISO/IEC TR 15446:2004 is primarily aimed at those who are involved in the development of PPs and STs. However, it is also likely to be useful to evaluators of PPs and STs and to those who are responsible for monitoring PP and ST evaluation. It may also be of interest to consumers and users of PPs and STs who wish to understand what guidance the PP/ST author used, and which parts of the PP or ST are of principal interest.
|
Withdrawn |
2004-07 |
Edition : 1 |
Number of pages : 125 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 15446:2009 |
Information technology — Security techniques — Guide for the production of Protection Profiles and Security Targets |
ISO/IEC TR15446:2009 provides guidance relating to the construction of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with the third edition of ISO/IEC 15408. It is also applicable to PPs and STs compliant with Common Criteria Version 3.1, a technically identical standard published by the Common Criteria Management Board, a consortium of governmental organizations involved in IT security evaluation and certification.
ISO/IEC TR15446:2009 is not intended as an introduction to evaluation using ISO/IEC 15408. Readers who seek such an introduction should consult ISO/IEC 15408-1.
ISO/IEC TR15446:2009 does not deal with associated tasks beyond PP and ST specifications such as PP registration and the handling of protected intellectual property.
|
Withdrawn |
2009-03 |
Edition : 2 |
Number of pages : 81 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC TR 15446:2017 |
Information technology — Security techniques — Guidance for the production of protection profiles and security targets |
ISO/IEC TR 15446 provides guidance relating to the construction of Protection Profiles (PPs) and Security Targets (STs) that are intended to be compliant with the third edition of ISO/IEC 15408 (all parts). It is also applicable to PPs and STs compliant with Common Criteria Version 3.1 Revision 4[6], a technically identical standard published by the Common Criteria Management Board, a consortium of governmental organizations involved in IT security evaluation and certification.
NOTE ISO/IEC TR 15446 is not intended as an introduction to evaluation using ISO/IEC 15408 (all parts). Readers who seek such an introduction can read ISO/IEC 15408‑1.
ISO/IEC TR 15446 does not deal with associated tasks beyond PP and ST specification such as PP registration and the handling of protected intellectual property.
|
Published |
2017-10 |
Edition : 3 |
Number of pages : 79 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15816:2002 |
Information technology — Security techniques — Security information objects for access control |
The scope of this Recommendation | International Standard is:
a) the definition of guidelines for specifying the abstract syntax of generic and specific Security Information
Objects (SIOs) for Access Control;
b) the specification of generic SIOs for Access Control;
c) the specification of specific SIOs for Access Control.
The scope of this Recommendation | International Standard covers only the "statics" of SIOs through syntactic
definitions in terms of ASN.1 descriptions and additional semantic explanations. It does not cover the "dynamics" of
SIOs, for example rules relating to their creation and deletion. The dynamics of SIOs are a local implementation issue.
|
Published |
2002-02 |
Edition : 1 |
Number of pages : 20 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 1539-1:2004/Cor 3:2008 |
Information technology — Programming languages — Fortran — Part 1: Base language — Technical Corrigendum 3 |
|
Withdrawn |
2008-11 |
Edition : 2 |
Number of pages : 5 |
Technical Committee |
35.060
Languages used in information technology
|
| ISO/IEC 15945:2002 |
Information technology — Security techniques — Specification of TTP services to support the application of digital signatures |
This Recommendation | International Standard will define those TTP services needed to support the application of digital
signatures for the purpose of non-repudiation of creation of documents.
This Recommendation | International Standard will also define interfaces and protocols to enable interoperability
between entities associated with these TTP services.
Definitions of technical services and protocols are required to allow for the implementation of TTP services and related
commercial applications.
This Recommendation | International Standard focuses on:
? implementation and interoperability;
? service specifications; and
? technical requirements.
This Recommendation | International Standard does not describe the management of TTPs or other organizational,
operational or personal issues. Those topics are mainly covered in ITU-T Rec. X.842 | ISO/IEC TR 14516, Information
technology ? Security techniques ? Guidelines on the use and management of Trusted Third Party services.
NOTE 1 ? Because interoperability is the main issue of this Recommendation | International Standard, the following restrictions
hold:
i) Only those services which may be offered by a TTP, either to end entities or to another TTP, are covered in this
Recommendation | International Standard.
ii) Only those services which may be requested and/or delivered by means of standardizable digital messages are
covered.
iii) Only those services for which widely acceptable standardized messages can be agreed upon at the time this
Recommendation | International Standard is published are specified in detail.
Further services will be specified in separate documents when widely acceptable standardized messages are available for them. In
particular, time stamping services will be defined in a separate document.
NOTE 2 ? The data structures and messages in this Recommendation | International Standard will be specified in accordance to
RFC documents, RFC 2510 and RFC 2511 (for certificate management services) and to RFC 2560 (for OCSP services). The
certificate request format also allows interoperability with PKCS#10. See Annex C for references to the documents mentioned in
this Note.
NOTE 3 ? Other standardization efforts for TTP services in specific environments and applications, like SET or EDIFACT, exist.
These are outside of the scope of this Recommendation | International Standard.
NOTE 4 ? This Recommendation | International Standard defines technical specifications for services. These specifications are
independent of policies, specific legal regulations, and organizational models (which, for example, might define how duties and
responsibilities are shared between Certification Authorities and Registration Authorities). Of course, the policy of TTPs offering
the services described in this Recommendation | International Standard will need to specify how legal regulations and the other
aspects mentioned before will be fulfilled by the TTP. In particular, the policy has to specify how the validity of digital signatures
and certificates is determined.
|
Published |
2002-02 |
Edition : 1 |
Number of pages : 53 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15946-1:2002 |
Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 1: General |
|
Withdrawn |
2002-12 |
Edition : 1 |
Number of pages : 26 |
Technical Committee |
35.030
IT Security
|
| ISO/IEC 15946-1:2008 |
Information technology — Security techniques — Cryptographic techniques based on elliptic curves — Part 1: General |
ISO/IEC 15946 specifies public-key cryptographic techniques based on elliptic curves. It consists of five parts and includes the establishment of keys for symmetric cryptographic techniques, and digital signature mechanisms.
ISO/IEC 15946-1:2008 specifically addresses the general techniques based on elliptic curves. It describes the mathematical background and specifies the general techniques necessary for implementing mechanisms based on elliptic curves defined over finite fields or pairings based on elliptic curves.
ISO/IEC 15946-1:2008 specifies
conventional functions,
elliptic curves over any finite field such as a prime field and an extension field with characteristic two or three together with coordinates,
pairings over an elliptic curve.
|
Withdrawn |
2008-04 |
Edition : 2 |
Number of pages : 30 |
Technical Committee |
35.030
IT Security
|