ISO/IEC 11770-7:2021 信息安全 密钥管理 第7部分：基于跨域密码的认证密钥交换

标准编号：ISO/IEC 11770-7:2021

中文名称：信息安全 密钥管理 第7部分：基于跨域密码的认证密钥交换

英文名称：Information security — Key management — Part 7: Cross-domain password-based authenticated key exchange

发布日期：2021-07

标准范围

该文档指定了用于跨域基于密码的认证密钥交换的机制，所有这些机制都是基于密码的认证密钥交换（4PAKE）四方协议。这种协议允许两个通信实体仅使用它们与各自的域认证服务器共享的登录密码来建立共享会话密钥。认证服务器被认为是标准公钥基础设施（PKI）的一部分，充当临时认证机构（CA），其认证用户随后可以用来交换和同意作为会话密钥的密钥材料。本文档没有指定用于在实体与其相应的域服务器之间建立共享密码的方法。本文档也没有定义PKI的实现以及两个不同域服务器交换或验证它们各自的公钥证书的方法。

This document specifies mechanisms for cross-domain password-based authenticated key exchange, all of which are four-party password-based authenticated key exchange (4PAKE) protocols. Such protocols let two communicating entities establish a shared session key using just the login passwords that they share with their respective domain authentication servers. The authentication servers, assumed to be part of a standard public key infrastructure (PKI), act as ephemeral certification authorities (CAs) that certify key materials that the users can subsequently use to exchange and agree on as a session key.
This document does not specify the means to be used to establish a shared password between an entity and its corresponding domain server. This document also does not define the implementation of a PKI and the means for two distinct domain servers to exchange or verify their respective public key certificates.

标准预览图