ISO/IEC 11770-5:2020 信息安全密钥管理第5部分:组密钥管理

标准编号：ISO/IEC 11770-5:2020

中文名称：信息安全密钥管理第5部分:组密钥管理

英文名称：Information security - Key management - Part 5: Group key management

发布日期：2020-11-10

标准范围

本文档指定了在实体组之间建立共享对称密钥的机制。它定义:-用于具有密钥分发中心(KDC)的多个实体的基于对称密钥的密钥建立机制；和-基于通用的基于树的逻辑密钥结构的对称密钥建立机制，具有单独密钥更新和批量密钥更新。它还定义了基于具有组前向保密、组后向保密或组前向和后向保密的密钥链的密钥建立机制。该文档还描述了携带密钥材料的消息的所需内容或建立密钥材料可以被建立的条件所必需的消息。本文档没有指定与密钥建立机制无关的信息，也没有指定诸如错误消息之类的其他消息。消息的显式格式不在本文档的范围内。本文档没有指定用于建立每个实体和KDC之间共享所需的初始密钥的方法，也没有指定密钥生命周期管理。该文档也没有明确解决域间密钥管理的问题。

This document specifies mechanisms to establish shared symmetric keys between groups of entities. It defines:
- symmetric key-based key establishment mechanisms for multiple entities with a key distribution centre (KDC); and
- symmetric key establishment mechanisms based on a general tree-based logical key structure with both individual rekeying and batch rekeying.
It also defines key establishment mechanisms based on a key chain with group forward secrecy, group backward secrecy or both group forward and backward secrecy.
This document also describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.
This document does not specify information that has no relation with key establishment mechanisms, nor does it specify other messages such as error messages. The explicit format of messages is not within the scope of this document.
This document does not specify the means to be used to establish the initial secret keys required to be shared between each entity and the KDC, nor key lifecycle management. This document also does not explicitly address the issue of interdomain key management.

标准预览图