ISO/IEC 9798-1:1997

INTERNATIONAL ISO/IEC
STANDARD 9798-1
Second edition
1997-08-01
Information technology - Security
techniques - Entity authentication -
Part 1:
General
Technologies de /‘information - Techniques de s&wit& -
Authen tifica tion d ‘en tit6 -
Par-tie 7: G&&alit&
ISO/IEC 9798-l: 1997 (E)
Foreword
IS0 (the International Organization for Standardization) and IEC (the International Elec-
trotechnical Commission) form the specialized system for worldwide standardization. Na-
tional bodies that are members of IS0 or IEC participate in the development of Interna-
tional Standards through technical committees established by the respective organization
to deal with particular fields of technical activity. IS0 and IEC technical committees col-
laborate in fields of mutual interest. Other international organizations, governmental and
non-governmental, in liaison with IS0 and IEC, also take part in the work.
In the field of information technology, IS0 and IEC have established a joint technical com-
Draft International Standards adopted by the joint technical
mittee, ISO/IEC JTC 1.
Publication as an International
committee are circulated to national bodies for voting.
Standard requires approval by at least 75% of the national bodies casting a vote.
International Standard ISO/IEC 9798-l was prepared by Joint Technical Committee
ISO/IEC JTC 1, Information technology, Subcommittee SC27, IT Security techniques.
This second edition cancels and replaces the first edition (ISO/IEC 9798-1:1991), which has
been technically revised.
ISO/IEC 9798 consists of the following part, under the general title Information technology
Entity authentication mechanisms:
- Security techniques -
- Part 3: Entity authentication using a public key algorithm
ISO/IEC 9798 consists of the following parts, under the general title Information technology
- Security techniques - Entity authentication:
- Part 1: General
- Part 2: Mechanisms using symmetric encipherment algorithms
- Part 4: Mechanisms using a cryptographic check function
- Part 5: Mechanisms using asymmetric zero knowledge techniques
NOTE - The introductory element of the title of part 3 will be aligned with the
introductory element of the titles of parts 1, 2, 4 and 5 at the next revision of part 3
of ISO/IEC 9798.
Further parts may follow.
Annexes A, B, C and D of this part of ISO/IEC 9798 are for information only.
@ ISO/IEC 1997
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or
utilized in any form or by any means, electronic or mechanical, including photocopying and micro-
film, without permission in writing from the publisher.
ISO/IEC Copyright Office l Case postale 56 l CH-1211 Gentive 20 l Switzerland
Printed in Switzerland
ii
ISO/IEC 9798-l: 1997 (E)
INTERNATIONAL STANDARD @ ISo ’IEC
Information technology - Security techniaues -
Entity authentication -
Part 1:
General
1 Scope ISO/IEC 10181-2: 1996, Information technology -
Open Systems Interconnection - Security frameworks
for open systems: Authentication framework.
This part of ISO/IEC 9798 specifies an authentication
model and general requirements and constraints for en-
ISO/IEC 13888-1 -I: Information technology - Secu-
tity authentication mechanisms which use security tech-
rity techniques - Non-repudiation- Part I: General.
niques. These mechanisms are used to corroborate that
an entity is the one that is claimed. An entity to be au-
thenticated proves its identity by showing its knowledge
3 Definitions
of a secret. The mechanisms are defined as exchanges
of information between entities, and where required, ex-
3.1 ISO/IEC 9798 makes use of the following general
changes with a trusted third party.
security-related terms defined in IS0 7498-2:
’ The details of the mechanisms and the contents of the
authentication exchanges are not specified in this part
of ISO/IEC 9798 but in the subsequent parts.
3.1.1 cryptographic check value: information which
is derived by performing a cryptographic transforl
Certain of the mechanisms specified in subsequent parts
mation on the data unit.
of ISO/IEC 9798 can be used to help provide non-
repudiation services, mechanisms for which are specified
3.1.2 masquerade: the pretence by an entity to be a
in ISO/IEC 13888. The provision of non-repudiation
different entity.
services is beyond the scope of ISO/IEC 9798.
3.1.3 digital signature (signature): data appended
2 Normative references to, or a cryptographic transformation of, a data
unit that allows the recipient of the data unit to
prove the source and integrity of the data unit and
The following standards contain provisions which,
protect against forgery e.g. by the recipient.
through reference in this text, constitute provisions of
this part of ISO/IEC 9798. At the time of publication,
the editions indicated were valid. All standards are sub-
3.2 ISO/IEC 9798 makes use of the following general
ject to revision, and parties to agreements based on this
security-related terms defined in ISO/IEC 10181-2:
part of ISO/IEC 9798 are encouraged to investigate the
possibility of applying the most recent editions of the
3.2.1 claimant: an entity which is or represents a
standards indicated below. Members of IEC and IS0
principal for the purposes of authentication. A
maintain registers of currently valid International Stan-
claimant includes the functions necessary for en-
dards.
gaging in authentication exchanges on behalf of a
IS0 7498-2: 1989, Information processing systems -
principal.
Open Systems Interconnection __ Basic Reference Model
3.2.2 principal: an entity whose identity can be au-
- Part 2: Security Architecture.
thenticated.
ISO/IEC 9594-8: 1995, Information technology - Open
lto be published
Systems Interconnection - The Directory - Part 8:
Authentication framework.
ISO/IEC 9798-l: 1997 (E) @ ISO/IEC
3.2 3 trusted third party: a security authority or
its agent, trusted by other entities with respect 3.3.4 asymmetric signature system: a system
to security-related activities. In the context of based on asymmetric cryptographic techniques
ISO/IEC 9798, a trusted third party is trusted by whose private transformation is used for signing and
a claimant and/or a verifier for the purposes of au- whose public transformation is used for verification.
thentication.
3.3.5 challenge: a data item chosen at random and
sent by the verifier to the claimant, which is used
3.2.4 verifier: an entity which is or represents the en-
by the claimant, in conjunction with secret infor-
tity requiring an authenticated identity. A verifier
mation held by the claimant, to generate a response
includes the functions necessary for engaging in au-
which is sent to the verifier.
thentication exchanges.
3.3.6 ciphertext: data which has been transformed
3.3 For the purposes of ISO/IEC 9798 the following to hide its information content.
definitions apply:
3.3.7 cryptographic check function: a cryptogra-
phic transformation which takes as input a secret
3.3.1 asymmetric cryptographic technique: a
key and an arbitrary string, and which gives a cryp-
cryptographic technique that uses two related
tographic check value as output. The computation
transformations, a public transformation (defined
of a correct check value without knowledge of the
by the public key) and a private transformation (de-
secret key shall be infeasible.
fined by the private key). The two transformations
3.3.8 decipherment: the reversal of a corresponding
have the property that, given the public transfor-
encipherment.
mation, it is computationally infeasible to derive
the private transformation.
3.3.9 distinguishing identifier: information which
unambiguously distinguishes an entity.
NOTE ~ A system based on asymmetric crypto-
graphic techniques can either be an encipherment
3.3.10 encipherment: the (reversible) transformation
system, a signature system, a combined encipher-
of data by a cryptographic algorithm to produce
ment and signature system, or a key agreement
ciphertext, i.e., to hide the information content of
system. With asymmetric cryptographic tech-
the data.
niques there are four elementary transformations:
sign and verify for signature systems, encipher and
decipher for encipherment systems. The signature
3.3.11 entity authentication: the corroboration that
and decipherment transformation are kept private
an entity is the one claimed.
by the owning entity, whereas the corresponding
verification and encipherment transformation are
3.3.12 interleaving attack: a masquerade which in-
published. There exist asymmetric cryptosystems
volves use of information derived from one or more
(e.g. RSA) where the four elementary functions
ongoing or previous authentication exchanges.
may be achieved by only two transformations: one
private transformation suffices for both signing
3.3.13 key: a sequence of symbols that controls the
and decrypting messages, and one public transfor-
operation of a cryptographic transformation (e.g.
mation suffices for both verifying and encrypting
encipherment, decipherment, cryptographic check
messages. However, since this is not the general
function computation, signature generation, or sig-
case, throughout ISO/IEC 9798 the four elemen-
nature verification).
tary transformations and the corresponding keys
are kept separate.
3.3.14 mutual authentication: entity authentication
which provides both entities with assurance of each
3.3.2 asymmetric encipherment system: a system
other ’s identity.
based on asymmetric cryptographic techniques
whose public transformation is used for encipher-
3.3.15 plaintext: unenciphered information.
ment and whose private transformation is used for
decipherment.
3.3.16 private decipherment key: private key which
3.3.3 asymmetric key pair: a pair of related keys
defines the private decipherment transformation.
where the private key defines the private transfor-
3.3.17 private key: that key of an entity ’s asymmet-
mation and the public key defines the public trans-
ric key pair which should only be used by that en-
formation.
tity.
ISO/IEC 9798-l: 1997 (E)
@ ISO/IEC
NOTE - In the case of an asymmetric signature
system the private key defines the signature trans- 3.3.28 symmetric cryptographic technique: a
formation. In the case of an asymmetric encipher-
cryptographic technique that uses the same secret
ment system the private key defines the decipher-
key for both the originator ’s and the recipient ’s
ment transformation.
transformation. Without knowledge of the secret
key, it is computationally infeasible to compute ei-
3.3.18 private signature key: key wh .ich de-
private
ther the originator ’s or the recipient ’s transforma-
fin
.es the private signature transformation.
tion.
NOTE - This is sometimes referred to as a secret
signature key.
3.3.29 symmetric encipherment algorithm: an
encipherment algorithm that uses the same secret
3.3.19 public encipherment key: public key which
key for both the originator ’s and the recipient ’s
defines the public encipherment transformation.
transformation.
3.3.20 public key: that key of an entity ’s asymmetric
3.3.30 time stamp: a time variant parameter which
key pair which can be made public.
denotes a point in time with respect to a common
reference (see also Annex B) .
NOTE - In the case of an asymmetric signa-
ture system the public key defines the verification
3.3.31 time variant parameter: a data item used to
transformation. In the case of an asymmetric en-
verify that a message is not a replay, such as a ran-
cipherment system the public key defines the enci-
dom number, a sequence number, or a time stamp
pherment transformation. A key that is ‘publicly
(see also Annex B).
known’ is not necessarily globally available. The
key may only be available to all members of a pre-
3.3.32 token: a message consisting of data fields rele-
specified group.
vant to a particular communication and which con-
tains information that has been transformed using
a cryptographic technique.
3.3.21 public key certificate (certificate): the pub-
lic key information of an entity signed by the certifi-
cation authority and thereby rendered unforgeable
3.3.33 unilateral authentication: entity authentica-
(see also Annex C) .
tion which provides one entity with assurance of the
other ’s identity but not vice versa.
3.3.22 public key information: information specific
to a single entity and which contains at least the
entity ’s distinguishing identifier and at least one
4 Notation
public key for this entity. There may be other in-
formation regarding the certification authority, the
Throughout ISO/IEC 9798 the following notation is
entity, and the public key included in the public key
used:
information, such as the validity period of the pub-
lic key, the validity period of the associated private
A: the distinguishing identifier of entity A.
key, or the identifier of the involved algorithms (see
also Annex C).
B: the distinguishing identifier of entity B.
3.3.23 public verification key: public key which de-
TP: the distinguishing identifier of the trusted third
fines the public verification transformation.
party.
3.3. 24 random number: a time variant parameter
KXY: a secret key shared between entities X and Y,
whose value is unpredictable (see also Annex B).
used only in symmetric cryptographic techniques.
3.3.25 reflection attack: a masquerade which in-
PX : a public verification key associated with entity X,
volves sending a previously transmitted message
used only in asymmetric cryptographic techniques.
back to its originator.
sx: a pri vate signature key associated with entity
x,
involves
3.3.26 replay attack: a masquerade which
used only in asymmetr
...