ISO/IEC 11770-2-2008 信息技术.安全技术.密钥管理.第2部分:对称技术机制

标准号：ISO/IEC 11770-2-2008
中文标准名称：信息技术.安全技术.密钥管理.第2部分:对称技术机制
英文标准名称：Information technology - Security techniques - Key management - Part 2: Mechanisms using symmetric techniques
标准类型：L80
发布日期：1999/12/31 12:00:00
实施日期：1999/12/31 12:00:00
中国标准分类号：L80
引用标准：ISO/IEC 11770-1
适用范围：The purpose of key management is to provide procedures for handling cryptographic keying material to beused in symmetric or asymmetric cryptographic algorithms according to the security policy in force. This partof ISO/IEC 11770 defines key establishment mechanisms using symmetric cryptographic techniques.Key establishment mechanisms using symmetric cryptographic techniques can be derived from the entityauthentication mechanisms of ISO/IEC 9798-2 and ISO/IEC 9798-4 by specifying the use of text fieldsavailable in those mechanisms. Other key establishment mechanisms exist for specific environments; see, forexample, ISO 8732. Besides key establishment, the goals of such a mechanism might include unilateral ormutual authentication of the communicating entities. Further goals might be the verification of the integrity ofthe established key, or key confirmation.This part of ISO/IEC 11770 addresses three environments for the establishment of keys: Point-to-Point, KeyDistribution Centre (KDC), and Key Translation Centre (KTC). This part of ISO/IEC 11770 describes therequired content of messages which carry keying material or are necessary to set up the conditions underwhich the keying material can be established. It does not indicate other information which can be contained inthe messages or specify other messages such as error messages. The explicit format of messages is notwithin the scope of this part of ISO/IEC 11770.This part of ISO/IEC 11770 does not specify the means to be used to establish initial secret keys; that is, allthe mechanisms specified in this part of ISO/IEC 11770 require an entity to share a secret key with at leastone other entity (e.g. a TTP). For general guidance on the key lifecycle see ISO/IEC 11770-1. This part ofISO/IEC 11770 does not explicitly address the issue of interdomain key management. This part ofISO/IEC 11770 also does not define the implementation of key management mechanisms; productscomplying with this part of ISO/IEC 11770 might not be compatible.