Customer Service:
Mon - Fri: 8:30 am - 6 pm EST

Entity Authentication

Entity authentication software standards are published by ISO and IEC. They cover anonymous entity authentication, mechanisms using authenticated encryption, mechanisms using digital signature techniques, public key algorithm, cryptographic check function, assurance framework, circuit cards, and requirements for anonymous authentication.

ISO/IEC 20009-1:2013

Information technology - Security techniques - Anonymous entity authentication - Part 1: General

ISO/IEC 20009-1:2013 specifies a model, requirements and constraints for anonymous entity authentication mechanisms that allow the legitimacy of an entity to be corroborated.

Available for Subscriptions

ISO/IEC 20009-2:2013

Information technology - Security techniques - Anonymous entity authentication - Part 2: Mechanisms based on signatures using a group public key

ISO/IEC 20009-2:2013 specifies anonymous entity authentication mechanisms based on signatures using a group public key in which a verifier verifies a group signature scheme to authenticate the entity with which it is communicating, without knowing this entity's identity. ISO/IEC 20009-2:2013 provides: a general description of an anonymous entity authentication mechanism based on signatures using a group public key; a variety of mechanisms of this type. ISO/IEC 20009-2:2013 describes: the group membership issuing processes; anonymous authentication mechanisms without an online Trusted Third Party (TTP); anonymous authentication mechanisms involving an online TTP. Furthermore, ISO/IEC 20009-2:2013 also specifies: the group membership opening process (optional); the group signature linking process (optional).

Available for Subscriptions

ISO/IEC 20009-4:2017

Information technology - Security techniques - Anonymous entity authentication - Part 4: Mechanisms based on weak secrets

ISO/IEC 20009-4:2017 specifies anonymous entity authentication mechanisms based on weak secrets. The precise operation of each mechanism is specified, together with details of all inputs and outputs. This document is applicable to situations in which the server only verifies that the user belongs to a certain user group without obtaining any information that can be used to identify the user later on.

Available for Subscriptions

ISO/IEC 9798-1:2010

Information technology - Security techniques - Entity authentication - Part 1: General

ISO/IEC 9798-1:2010 specifies an authentication model and general requirements and constraints for entity authentication mechanisms which use security techniques. These mechanisms are used to corroborate that an entity is the one that is claimed. An entity to be authenticated proves its identity by showing its knowledge of a secret. The mechanisms are defined as exchanges of information between entities and, where required, exchanges with a trusted third party. The details of the mechanisms and the contents of the authentication exchanges are given in subsequent parts of ISO/IEC 9798.

Available for Subscriptions

ISO/IEC 9798-2:2019

IT Security techniques - Entity authentication - Part 2: Mechanisms using authenticated encryption

This document specifies entity authentication mechanisms using authenticated encryption algorithms. Four of the mechanisms provide entity authentication between two entities where no trusted third party is involved; two of these are mechanisms to unilaterally authenticate one entity to another, while the other two are mechanisms for mutual authentication of two entities. The remaining mechanisms require an on-line trusted third party for the establishment of a common secret key. They also realize mutual or unilateral entity authentication. Annex A defines Object Identifiers for the mechanisms specified in this document.

Available for Subscriptions

ISO/IEC 9798-2:2008/Cor3:2013

Corrigendum

Available for Subscriptions

ISO/IEC 9798-3:2019

IT Security techniques - Entity authentication - Part 3: Mechanisms using digital signature techniques

This document specifies entity authentication mechanisms using digital signatures based on asymmetric techniques. A digital signature is used to verify the identity of an entity. Ten mechanisms are specified in this document. The first five mechanisms do not involve an on-line trusted third party and the last five make use of on-line trusted third parties. In both of these two categories, two mechanisms achieve unilateral authentication and the remaining three achieve mutual authentication. Annex A defines the object identifiers assigned to the entity authentication mechanisms specified in this document.

Available for Subscriptions

ISO/IEC 9798-3/Cor1:2009

Information technology - Security techniques - Entity authentication mechanisms - Part 3: Entity authentication using a public key algorithm - Corrigendum

Available for Subscriptions

ISO/IEC 9798-3/Amd1:2010

Information technology - Security techniques - Entity authentication mechanisms - Part 3: Entity authentication using a public key algorithm - Amendment 1: .

Available for Subscriptions

ISO/IEC 9798-3/Cor2:2012

Information technology - Security techniques - Entity authentication mechanisms - Part 3: Entity authentication using a public key algorithm - Corrigendum 2

Available for Subscriptions

ISO/IEC 9798-4:1999

Information technology -- Security techniques -- Entity authentication -- Part 4: Mechanisms using a cryptographic check function

This part of ISO/IEC 9798 specifies entity authentication mechanisms using a cryptographic check function. Two mechanisms are concerned with the authentication of a single entity (unilateral authentication), while the remaining are mechanisms for mutual authentication of two entities. The mechanisms specified in this part of ISO/IEC 9798 use time variant parameters such as time stamps, sequence numbers, or random numbers, to prevent valid authentication information from being accepted at a later time or more than once. If a time stamp or sequence number is used, one pass is needed for unilateral authentication, while two passes are needed to achieve mutual authentication. If a challenge and response method employing random numbers is used, two passes are needed for unilateral authentication, while three passes are required to achieve mutual authentication. Examples of cryptographic check functions are given in ISO/IEC 9797.

Available for Subscriptions

ISO/IEC 9798-4/Cor1:2009

Information technology - Security techniques - Entity authentication - Part 4: Mechanisms using a cryptographic check function - Corrigendum

Available for Subscriptions

ISO/IEC 9798-4/Cor2:2012

Information technology - Security techniques - Entity authentication - Part 4: Mechanisms using a cryptographic check function - Corrigendum 1

Available for Subscriptions

ISO/IEC 9798-5:2009

Information technology - Security techniques - Entity authentication - Part 5: Mechanisms using zero-knowledge techniques

ISO/IEC 9798-5:2009 specifies entity authentication mechanisms using zero-knowledge techniques: mechanisms based on identities and providing unilateral authentication; mechanisms based on integer factorization and providing unilateral authentication; mechanisms based on discrete logarithms with respect to numbers that are either prime or composite, and providing unilateral authentication; mechanisms based on asymmetric encryption systems and providing either unilateral authentication, or mutual authentication; mechanisms based on discrete logarithms on elliptic curves and providing unilateral authentication. These mechanisms are constructed using the principles of zero-knowledge techniques, but they are not necessarily zero-knowledge according to the strict definition for every choice of parameters.

Available for Subscriptions

ISO/IEC 9798-6:2010

Information technology - Security techniques - Entity authentication - Part 6: Mechanisms using manual data transfer

ISO/IEC 9798-6:2010 specifies eight entity authentication mechanisms based on manual data transfer between authenticating devices. Four of these mechanisms are improved versions of mechanisms specified in ISO/IEC 9798-6:2005 since they use less user input and achieve more security. Such mechanisms can be appropriate in a variety of circumstances where there is no need for an existing public key infrastructure, shared secret keys or passwords. One such application occurs in personal networks, where the owner of two personal devices capable of wireless communications wishes them to perform an entity authentication procedure as part of the process of preparing them for use in the network. These mechanisms can also be used to support key management functions. ISO/IEC 9798-6:2010 specifies mechanisms in which entity authentication is achieved by manually transferring short data strings from one device to the other, or manually comparing short data strings output by the two devices. In ISO/IEC 9798-6:2010, the meaning of the term entity authentication is different from the meaning applied in other parts of ISO/IEC 9798. Instead of one device verifying that the other device has a claimed identity (and vice versa), both devices in possession of a user verify that they correctly share a data string with the other device at the time of execution of the mechanism. This data string could contain identifiers (and/or public keys) for one or both of the devices.

Available for Subscriptions

ISO/IEC 29115:2013

Information technology - Security techniques - Entity authentication assurance framework

ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it: - specifies four levels of entity authentication assurance; - specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance; - provides guidance for mapping other authentication assurance schemes to the four LoAs; - provides guidance for exchanging the results of authentication that are based on the four LoAs; and - provides guidance concerning controls that should be used to mitigate authentication threats.

Available for Subscriptions

ISO/IEC 24760-1:2019

IT Security and Privacy - A framework for identity management - Part 1: Terminology and concepts

This document defines terms for identity management, and specifies core concepts of identity and identity management and their relationships. It is applicable to any information system that processes identity information.

Available for Subscriptions

ISO/IEC 29191:2012

Information technology - Security techniques - Requirements for partially anonymous, partially unlinkable authentication.

ISO/IEC 29191:2012 provides a framework and establishes requirements for partially anonymous, partially unlinkable authentication.

Available for Subscriptions

ISO/IEC 7816-15:2016

Identification cards - Integrated circuit cards - Part 15: Cryptographic information application

ISO/IEC 7816-15:2016 specifies an application in a card. This application contains information on cryptographic functionality. This part of ISO/IEC 7816 defines a common syntax and format for the cryptographic information and mechanisms to share this information whenever appropriate. The objectives of this part of ISO/IEC 7816 are to - facilitate interoperability among components running on various platforms (platform neutral), - enable applications in the outside world to take advantage of products and components from multiple manufacturers (vendor neutral), - enable the use of advances in technology without rewriting application-level software (application neutral), and - maintain consistency with existing, related standards while expanding upon them only where necessary and practical. It supports the following capabilities: - storage of multiple instances of cryptographic information in a card; - use of the cryptographic information; - retrieval of the cryptographic information, a key factor for this is the notion of Directory Files , which provides a layer of indirection between objects on the card and the actual format of these objects; - cross-referencing of the cryptographic information with DOs defined in other parts of ISO/IEC 7816 when appropriate; - different authentication mechanisms; - multiple cryptographic algorithms (the suitability of these is outside the scope of this part of ISO/IEC 7816). ISO/IEC 7816-15.2016 does not cover the internal implementation within the card and/or the outside world. It is not mandatory for implementations complying with this International Standard to support all options described. In case of discrepancies between ASN.1 definitions in the body of the text and the module in Annex A, Annex A takes precedence.

Available in Packages Available for Subscriptions
ANSI Logo

As the voice of the U.S. standards and conformity assessment system, the American National Standards Institute (ANSI) empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment.

Useful Links
CUSTOMER SERVICE
NEW YORK OFFICE
ANSI HEADQUARTERS
2024 © American National Standards Institute (ANSI) All Rights Reserved.