ISO IEC 11770-3 2021 AMD1 2025.docx

IECInternationalStandardISO/IEC11770-3Fourthedition2021-10AMENDMENT12025-04©ISO/IEC2025InformationsecurityKeymanagement一Part3:MechanismsusingasymmetrictechniquesAMENDMENT1:TFNSidentity-basedkeyagreementSecuritedeinformationGestiondeclesPartie3:MecanismesUtilisantdestechniquesasymetriquesAMENDEMENT1:AccorddeclebaseesurUidentiteTFNSReferencenumberISO/IEC11770-3:2021/Amd.l:2025(en)COPYRIGHTPROTECTEDDOCUMENT©ISO/IEC2025Allrightsreserved.Unlessotherwisespecified,orrequiredinthecontextofitsimplementation,nopartofthispublicationmaybereproducedorutilizedotherwiseinanyformorbyanymeans,electronicormechanical,includingphotocopying,orpostingontheinternetoranintranet,withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOattheaddressbeloworISO,smemberbodyinthecountryoftherequester.ISOcopyrightofficeCP401Ch.deBlandonnet8CH-1214Vernier,GenevaPhone:+41227490111Email:copyrightiso.orgWebsite:www.iso.orgPublishedinSwitzerlandForewordISO(theInternationalOrganizationforStandardization)andIEC(theInternationalElectrotechnicalCommission)formthespecializedsystemforworldwidestandardization.NationalbodiesthataremembersofISOorIECparticipateinthedevelopmentofInternationalStandardsthroughtechnicalcommitteesestablishedbytherespectiveorganizationtodealwithparticularfieldsoftechnicalactivity.ISOandIECtechnicalcommitteescollaborateinfieldsofmutualinterest.Otherinternationalorganizations,governmentalandnon-governmental,inliaisonwithISOandIEC,alsotakepartinthework.TheproceduresusedtodevelopthisdocumentandthoseintendedforitsfurthermaintenancearedescribedintheISO/IECDirectives,Part1.Inparticular,thedifferentapprovalcriterianeededforthedifferenttypesofdocumentshouldbenoted.ThisdocumentwasdraftedinaccordancewiththeeditorialrulesoftheISO/IECDirectives,Part2(seeWWW.iso.org/directivesorwww.iec.ch/membersexpvrts/refdocs).ISOandIECdrawattentiontothepossibilitythattheimplementationofthisdocumentmayinvolvetheuseof（八）patent(三),ISOandIECtakenopositionconcerningtheevidence,validityorapplicabilityofanyclaimedpatentrightsinrespectthereof.Asofthedateofpublicationofthisdocument,ISOandIEChadreceivednoticeof（八）patent(三)whichmayberequiredtoimplementthisdocument.However,Implementersarecautionedthatthismaynotrepresentthelatestinformation,whichmaybeobtainedfromthepatentdatabaseavailableatWWW.isdorg/PatentSandhttps:/patents.iec.ch.ISOandIECshallnotbeheldresponsibleforidentifyinganyorallsuchpatentrights.Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsement.Foranexplanationofthevoluntarynatureofstandards,themeaningofISOspecifictermsandexpressionsrelatedtoconformityassessment,aswellasinformationaboutISO'sadherencetotheWorldTradeOrganization(WTO)principlesintheTechnicalBarrierstoTrade(TBT)seeWWW.iso.org/iso/foreword.html.IntheEC,seeWWW.iec.ch/UndVrStanding-standards.ThisdocumentwaspreparedbyTechnicalCommitteeISO/IECJTC1,Informationtechnology,SubcommitteeSC27,Informationsecurity,cybersecurityandprivacyprotection.AlistofallpartsintheISO/IEC11770seriescanbefoundontheISOwebsite.Anyfeedbackorquestionsonthisdocumentshouldbedirectedtotheuser'snationalstandardsbody.Acompletelistingofthesebodiescanbefoundatwww.iso.org/mDmbers.htmlandwww.iec.ch/national-committees.InformationsecurityKeymanagement一Part3:MechanismsusingasymmetrictechniquesAMENDMENT1:TFNSidentity-basedkeyagreementAnnexBAtthebottomofTableB.I1insertthesecondrowofthefollowingtable:Mechanism#passesImplicitkeyauthenticationKeyconfirmationEntityauthenticationPublickeyoperationsForwardsecrecyKeyfreshnessUnlinkableF.62A,BOptNo(5F1FP>A,BA,BNoAnnexFAddnewClauseF.6asfollows:F.6TFNSidentity-basedkeyagreementTFNSProtOCoIW,52jsa11exampleofthekeyagreementmechanism15,whichisidentity-basedinthefollowingsense: theprivatekeyofanentitycanbecomputedfromsomecombinationofitsidentityandaprivatekeyofatrustedthirdparty;theentitygetsitsprivatekeyfromthethirdparty; thepublickeyofanentitycanbecomputedfromsomecombinationofitsidentityandapublickeyofatrustedthirdparty; theauthenticityofthepublickeyisnotdirectlyverified,butthethirdpartyonlyissuestheprivatekeytotheentityifitsidentityisvalid.ThiskeyagreementmechanismestablishesasharedsecretbetweenentitiesAandBintwopasses,asshowninFigure12.Inthefollowing,distincthashfunctionshash7(mforj=1,2,3mapaconcatenationofmessagestoanintegerintherange0v.ln-l.Priortotheprocessofagreeingonasharedsecretkey,inadditiontothecommoninformation,thefollowingshallbeestablished: foratrustedthirdpartyT,aprivatekeydandapublickeyPip(G1),whichisanellipticcurvepointsatisfyingP=dG1.SeeISO/IEC15946-1foradescriptionofhowtogeneratethiskeypair; foreachentityX(4,B),anidentityrepresentationi,即hichisanintegercomputedasix=hash1(X),andaprivatekey-agreementkey,whichiscomputedasDx=(d7i)1modn)G2in(G2); foreachentityorB,accesstoanauthenticcopyofthepublickeyofthethirdpartyandtheidentityofthe