ISO 13888-3-2009 pdf free download

ISO 13888-3-2009 pdf free download.Information technology — Security techniques — Non-repudiation — Part 3:Mechanisms using asymmetric techniques
Technologies de l’information — Techniques de sécurité — Non-repudiation — Partie 3: Mécanismes ufilisant des techniques asymétriques.
6 Trusted Third Party involvement
Trusted Third Parties are involved in the provision of non-repudiation services, their precise role depending on the mechanisms used and the non-repudiation policy In force. A Trusted Third Party may act In one or more of the following roles:
— A Delivery Authority (DA) is trusted to deliver the message to the intended recipient and to provide the non-repudiation of submission or non-repudiation of transport token.
— The use of asymmetric cryptographic techniques may require the involvement of a Trusted Third Party to guarantee the authenticity of the public verification keys, as described in, e.g.. ISO/IEC 9594-8,
The non-repudiation policy in force may require that the evidence is generated partly or totally by a Trusted Third Party.
— A Time-stamping token issued by a Time-stamping Authority (TSA) may also be used to ensure that a non-repudiation token remains valid.
— A Time-marking Authority may be involved to provide assurance that the signature of a given non- repudiation token was recorded before a given time.
— An Evidence Recording Authority may be involved to record evidence that can later be retrieved if there is a dispute.
Trusted Third Parties may be involved to differing degrees in the various phases of the provision of a non- repudiation service. When exchanging evidence, the parties must know, or agree, which non-repudiation policy Is to be applicable to the evidence.
7 Digital signatures
For the mechanisms specified in this part of ISO/IEC 13888. non-repudiation tokens are created using digital signatures. The digital signature technique used to generate these digital signatures shall conform to ISOIIEC 9796 or lSO/IEC 14888.
The public key to be used to verify a signature shall be included in a public key certificate. This certificate shall include a time period indicating the period during which the CA handles the revocation status of the certificate.
A signature from an NR Token shall be verifiable at least during the validity period of the certificates to be used to validate public verification key used to verify the signature, and also once the validity period of these certificates has expired. In order to achieve this goal the use of either a Time-stamping service or a Timemarking service is necessary (See Clause 11), The mechanisms described in Clause 11 must be used to guarantee that the non-repudiation token will remain valid once the certificate to be used to verify the signature of the NR token has expired, or if that certificate is revoked.ISO 13888-3-2009 pdf free download.