ISO IEC 9798-1:2010 pdf download – Information technology — Security techniques — Entity authentication — Part 1: General.
1 Scope This part of ISO/IEC 9798 specifies an authentication model and general requirements and constraints for entity authentication mechanisms which use security techniques. These mechanisms are used to corroborate that an entity is the one that is claimed. An entity to be authenticated proves its identity by showing its knowledge of a secret. The mechanisms are defined as exchanges of information between entities and, where required, exchanges with a trusted third party. The details of the mechanisms and the contents of the authentication exchanges are given in subsequent parts of ISO/IEC 9798. 2 Normative references There are no normative references for this part of ISO/IEC 9798. 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 asymmetric cryptographic technique cryptographic technique that uses two related transformations: a public transformation (defined by the public key) and a private transformation (defined by the private key) NOTE The two transformations have the property that, given the public transformation, it is computationally infeasible to derive the private transformation. 3.2 asymmetric encryption system system based on asymmetric cryptographic techniques whose public operation is used for encryption and whose private operation is used for decryption 3.3 asymmetric key pair pair of related keys where the private key defines the private transformation and the public key defines the public transformation 3.4 asymmetric signature system system based on asymmetric cryptographic techniques whose private transformation is used for signing and whose public transformation is used for verification
3.5 challenge data item chosen at random and sent by the verifier to the claimant, which is used by the claimant, in conjunction with secret information held by the claimant, to generate a response which is sent to the verifier 3.6 claimant entity which is or represents a principal for the purposes of authentication NOTE A claimant includes the functions and the private data necessary for engaging in authentication exchanges on behalf of a principal. 3.7 ciphertext data which has been transformed to hide its information content 3.8 cryptographic check function cryptographic transformation which takes as input a secret key and an arbitrary string, and which gives a cryptographic check value as output NOTE The computation of a correct check value without knowledge of the secret key shall be infeasible. 3.9 cryptographic check value information which is derived by performing a cryptographic transformation on the data unit 3.10 decryption reversal of a corresponding encryption 3.11 digital signature (signature) data appended to, or a cryptographic transformation of, a data unit that allows the recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient 3.12 distinguishing identifier information which unambiguously distinguishes an entity in the context of an authentication exchange 3.13 encryption reversible operation by a cryptographic algorithm converting data into ciphertext so as to hide the information content of the data