ISO/IEC 14888-3:2006 信息技术 安全技术 带附录的数字签名 第3部分：基于离散算法的机制

标准编号：ISO/IEC 14888-3:2006

中文名称：信息技术 安全技术 带附录的数字签名 第3部分：基于离散算法的机制

英文名称：Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms

发布日期：2006-11

标准范围

ISO/IEC 14888-3:2006规定了带有附录的数字签名机制，其安全性基于离散对数问题。它提供了带附录的数字签名机制的一般描述，以及提供带附录的数字签名的各种机制。对于每种机制，ISO/IEC 14888-3:2006规定了生成密钥的过程、生成签名的过程和验证签名的过程。数字签名的验证需要签名实体的验证密钥。因此，验证者必须能够将正确的验证密钥与签名实体相关联，或者更准确地说，与签名实体的标识数据（部分）相关联。该关联可通过ISO/IEC 14888中未涵盖的其他方式提供-3:2006. 无论这种手段的性质如何，该计划都被称为“基于证书”。如果没有，正确的验证密钥和签名实体的标识数据之间的关联在某种程度上是验证密钥本身固有的。在这种情况下，该方案被称为“基于身份”。根据检查验证密钥正确性的两种不同方法，ISO/IEC 14888-3:2006中规定的数字签名机制分为两类:基于证书的和基于身份的。

ISO/IEC 14888-3:2006 specifies digital signature mechanisms with appendix whose security is based on the discrete logarithm problem. It provides a general description of a digital signature with appendix mechanism, and a variety of mechanisms that provide digital signatures with appendix.For each mechanism, ISO/IEC 14888-3:2006 specifies the process of generating keys, the process of producing signatures, and the process of verifying signatures.The verification of a digital signature requires the signing entity's verification key. It is thus essential for a verifier to be able to associate the correct verification key with the signing entity, or more precisely, with (parts of) the signing entity's identification data. This association may be provided by another means that is not covered in ISO/IEC 14888-3:2006. Whatever the nature of such means, the scheme is then said to be 'certificate-based'. If not, the association between the correct verification key and the signing entity's identification data is somehow inherent in the verification key itself. In such a case, the scheme is said to be 'identity-based'. Depending on the two different ways of checking the correctness of the verification keys, the digital signature mechanisms specified in ISO/IEC 14888-3:2006 are categorized in two groups: certificate-based and identity-based.

标准预览图