ISO/IEC 13888-2:2010 信息技术 安全技术 抗抵赖性 第2部分：采用对称技术的机制

标准编号：ISO/IEC 13888-2:2010

中文名称：信息技术 安全技术 抗抵赖性 第2部分：采用对称技术的机制

英文名称：Information technology — Security techniques — Non-repudiation — Part 2: Mechanisms using symmetric techniques

发布日期：2010-12

标准范围

不可否认服务的目标是生成、收集、维护、提供和验证关于所声称的事件或动作的证据，以便解决关于事件或动作的发生或不发生的争议。ISO/IEC 13888-2:20 10提供了可用于不可否认服务的通用结构的描述，以及可用于提供不可否认起源(NRO)和不可否认递送(NRD)的一些特定通信相关机制的描述。可以使用ISO/IEC 13888-2:20 10中描述的通用结构来构建其他不可否认服务，以便满足由安全策略定义的要求。ISO/IEC 13888-2:20 10依赖于可信第三方（TTP）的存在来防止欺诈性否认或指控。通常，需要在线TTP。只有在为特定应用程序及其法律环境明确定义的安全策略的上下文中才能提供不可否认性。在ISO/IEC 10181-4中定义了不可否认策略。

The goal of the non-repudiation service is to generate, collect, maintain, make available and validate evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non-occurrence of the event or action. ISO/IEC 13888-2:2010 provides descriptions of generic structures that can be used for non-repudiation services, and of some specific communication-related mechanisms which can be used to provide non-repudiation of origin (NRO) and non-repudiation of delivery (NRD). Other non-repudiation services can be built using the generic structures described in ISO/IEC 13888-2:2010 in order to meet the requirements defined by the security policy.

ISO/IEC 13888-2:2010 relies on the existence of a trusted third party (TTP) to prevent fraudulent repudiation or accusation. Usually, an online TTP is needed.

Non-repudiation can only be provided within the context of a clearly defined security policy for a particular application and its legal environment. Non-repudiation policies are defined in ISO/IEC 10181-4.

标准预览图