ДСТУ ISO/IEC 11770-3-2002
Цей стандарт визначає механізми керування криптографічними ключами з використанням асиметричних методів (публічних ключів). Він регулює процеси створення, розподілу та перевірки ключів для забезпечення конфіденційності та цілісності даних у сучасних інформаційних системах.
Використовуйте сертифіковані механізми електронного підпису на базі асиметричних методів для легітимізації електронних протоколів перевірки знань та інструктажів з ОП. Слідкуйте за цілісністю криптографічних засобів захисту в автоматизованих системах управління безпекою праці.
Скачать документ
Формат .docx · доступно зарегистрированным пользователям
1 2 4 1 2 З? 4 5 6 7 8 —? —? —? ISO/IEC 11770 —? Part 1: Framework.
—? Part 2: Mechanisms using symmetric techniques.
—? Part 3: Mechanisms using asymmetric techniques.
Part 3. Mechanisms using asymmetric techniques
1 1. 2. 3. —? —? —?
2 ISO 7498-2:1989 Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture
ISO/IEC 9594-8:1995 Information technology — Open Systems Interconnection — The Directory: Authentication framework
ISO/IEC 9798-3:1998 Information technology — Security techniques — Entity authentication — Part 3: Mechanisms using digital signature techniques
ISO/IEC 10118-1:1994 Information technology — Security techniques — Hash-functions — Part 1: General
ISO/IEC 10181-1:1996 Information technology — Open Systems Interconnection — Security frameworks for open systems: Overview
ISO/IEC 11770-1:1996 Information technology — Security techniques — Key management — Part 1: Framework.
ISO 7498-2: 1989 ISO/IEC 9594-8:1995 ISO/IEC 9798-3:1998 ISO/IEC 10118-1:1994 ISO/IEC 10181-1:1996 ISO/IEC 11770-1: 1996 3.1 3.2 3.4 3.5 3.6 3.7 3.8 3.9 3.10 ( 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 3.21 3.22 3.23 3.24 3.25 3.26 3.27 3.28 3.29 3.30 3.31 3.32 3.33 3.34
4 BE — BS — Cert A — D a — d A — F(h, f — /k(Z) — h A — hash — G — S A — —? Text TVP — —? v A — S — II — 5 6 —? F —? F —? —? —? 6.1 1. 2.
(81)
(S1)
(81.2)
KT 41 = ^||F(r,g)[|TVP||S A (fKABHI|rVP))|[Textf. ’
1. 2. 3. 4. 5. TUP: 6. 7.
6.4 1. 2. 3. 4. 6.5 1. 2. 3.
1. 2. 3. 4. 5. 6. 7. 6.6 1. 2, 3. 4.
(62)
BS = Sa6A|| 1. 2. 3. 4. 5. 6. 7. 6.7 1. 2. 3.
KT S1
DB 1 = F(r B , g)]F(r A , DB 2 = F(r A , g)F(r B , g)||S||7exf4.
1. 2. 3.
4. 5. 6. — — 7. 8. 7 7.1 1. 2. 3.
1. 2. 3. 4. 5. TVP: 6. 7. 7.2 1. 2. 3. 4. 5.
BE = E B (AKText1).
1. 2. 3. 4. 5. ( 6. 7. 8. 9. 10. 11. 7.3 1. 2. 3. 4. 5.
BS = S A (B||K||7VP||Texf1).
1. 2. 3. 4. 5. ( 6. 7. 8.
7.4 1. 2. 3. 4. BS = E A (BKText2).
1. 2. 3. 4. 5. 6. 7. 8. 7. 5 1. 2. 3. 4.
BE, = E A (8||K s ||7exf2).
1. 2. 3.
4. 5. 6. 7. 7.6 1. 2.
1. 2. 3. 4. 5. 6. 7. 8 1. 2. 8.1 8.1.1 1. 2.
1. 2. 8.1.2 1. 2.
1. 2. 3. 4. 8.2
8.2.1
1. 2. 3. 4. (
( F(h, F (9 ) =(9 ) =(g ) modp.
В?.1 В?.2 —? —? Cert x = SxO^mod s// x = 1(modn).
В?.З? KT / K AB = (g r ) hB = g hBr modp.
BS = (u,v) = S a (r A ||A).
BE =(A||K)(p s ) r modp.
A||K = BE(gT fte modp.
В?.10 (KTAi) d modn = ( F(k,
K AB = (P A ) [hB .
R = // _ UhB] - R = KT S1 = BE = ( BE = (AK)-(n((PB lr] ))modq.
SA(S||7VP|rtBE)
(
( 1 ANSI 2 ANSI X9.30 199x, Public Key Cryptography Using Irreversible Algorithms for the Financial Services Industry, Part 3: Certificate Management for DSA
3 ANSI X9.31 199x, Public key cryptography using reversible algorithms for the financial services industry — Pan 4: Management of symmetric algorithm keys using RSA
4 Beller M.J., Yacobi Y., Fully-fledged two-way public authentication and key agreement for low- cost terminals. Electronic Letters, Vol. 29, no. 11 (27 May 93), pp 999—1001
5 RIPE, Integrity Primitives for Secure Information Systems — Final Report of RACE Integrity Primitives Evaluation (RIPE-RACE 1040), LNCS 1007, A. Bos-selaers, B. Preneel, Eds., Springer-Verlag, 1995
6 Diffie W., Hellman M.E., New Directions in Cryptography, IEEE Trans, on Inform. Theory, vol. IT- 22, pp. 644—654, Nov. 1976
7 EIGamal, T., A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, IEEE Trans, on Inform. Theory, vol. IT-31, pp. 469—472, July 1985
8 Girault M., Pailles J.C., An identity-based scheme providing zero-knowledge authentication and authenticated key exchange. Proceedings of ESORICS 90, pp. 173—184
9 ISO 8732:1988, Banking — Key Management (Wholesale)
10 ISO/IEC 9594-8:1990, (CCITT X.509), Information technology — Open Systems Interconnection — The Directory — Authentication framework
11 ISO/IEC 9796:1991 Information technology — Security techniques — Digital signature scheme giving message recovery
12 ISO/IEC 9797:1994 Information technology — Security techniques - Data integrity mechanism using a cryptographic check function employing a block cipher algorithm
13 ISO/IEC 10118-2:1994 Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher algorithm
14 ISO/IEC 10118-3:1998 Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash functions
15 ISO/IEC 10118-4:1998 Information technology— Security techniques — Hash-functions — Part 4: Mechanisms using modular arithmetic
16 ISO 11166-1:1994 Banking — Key Management by means of asymmetric algorithms — Part 1: Principles, Procedures and Formats
17 Matsumoto T., TakashimaY, Imai H., On Seeking Smart Public-Key-Distribution Systems, Trans, of the IECE of Japan, vol.E69 no.2, Feb. 1986 pp. 99—106
18 Menezes A., Elliptic Curve Public Key Cryto-systems, Kluwer Academic Publishers, 1993
19 Nyberg K., Rueppel R.A., Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem, Proceedings of Eurocrypt’94, Springer-Verlag, 1994
20 Okamoto E., Proposal for identity-based key distribution system. Electronic Letters, Vol. 22, n 21 Tanaka K., Okamoto E., Key distribution system for mail systems using ID-related information directory, Computers & Security, Vol.10, 1991, pp. 25—33
22 ISO/IEC 10118-2:1994 Information technology — Security techniques — Hash-functions — Part 2: Hash-functions using an n-bit block cipher algorithm
23 ISO/IEC 10118-3:1998 Information technology — Security techniques — Hash-functions — Part 3: Dedicated hash functions
24 ISO/IEC 10118-4:1998 Information technology — Security techniques — Hash-functions — Part 4: Mechanisms using modular arithmetic
25 ISO 11166-1:1994 Banking — Key Management by means of asymmetric algorithms — Part 1: Principles, Procedures and Formats 26 Matsumoto T., TakashimaY., Imai H., On Seeking Smart Public-Key-Distribution Systems, Trans, of the IECE of Japan, vol.E69 no.2, Feb. 1986 pp.99—106
27 Menezes A., Elliptic Curve Public Key Cryto-systems, Kluwer Academic Publishers, 1993
28 Nyberg K., Rueppel R.A., Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem, Proceedings of Eurocrypt’94, Springer-Verlag, 1994
29 Okamoto E., Proposal for identity-based key distribution system. Electronic Letters, Vol. 22, n 30 Tanaka K., Okamoto E., Key distribution system for mail systems using ID-related information directory, Computers & Security, Vol. 10, 1991, pp. 25—33.
Director of Licensing
2955 Campus Drive, Suite 400
San Mateo, CA 94403-2507, USA ID based DH key agreement Eiji Okamono JP 1871933
US 4876716
EP 0257585
CA 1279709 1994-09-26 1989-10-24
1992-11-25 1991-01-01 NEC Corporation Intellectual Property Division 7-1, Shiba 5-Chome, Mintao-Ku Tokyo 108-8001, Japan Goss key agreement Goss US 4,956,863 1990-09-11 Jones Futurex™ Ink. Chief Operatinf Officer 3715 Atherton Road Rocklin, CA 95765, USA ID based DH key agreement EP 0,639,907 1997-02-04
■? 200 Matheson Blvd. West
Missisauga, Ontario, Canada L5R 3L7 R3
Security Engineering AG CH-8302
Glattzentrum, Switzerland
