Customer Service:
Mon - Fri: 8:30 am - 6 pm EST

 Historical

ISO/IEC 13888-2:1998

Information technology - Security techniques - Non-repudiation - Part 2: Mechanisms using symmetric techniques (publiÇ en anglais seulement)

The goal of the non-repudiation service is to generate, collect, maintain, make available and validate evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non occurrence of the event or action. This part of ISO/IEC 13888 provides descriptions of generic structures that can be used for non-repudiation services, and of some specific, communication related mechanisms which can be used to provide non-repudiation of origin (NRO), non-repudiation of delivery (NRD), non-repudiation of submission (NRS), and non-repudiation of transport (NRT) services. Other non-repudiation services can be built using the generic structures described in Clause 8 in order to meet the requirements defined by the security policy.

This part of ISO/IEC 13888 relies on the existence of a trusted third party (TTP) to prevent fraudulent repudiation. Usually an on-line trusted third party is needed.

Non-repudiation mechanisms provide protocols for the exchange of non-repudiation tokens specific to each non-repudiation service. Non-repudiation tokens used in this part consist of Secure Envelopes and additional data. Non-repudiation tokens shall be stored as non-repudiation information that may be used subsequently in case of disputes.

Depending on the non-repudiation policy in effect for a specific application, and the legal environment within which the application operates, additional information may be required to complete the non-repudiation information, e.g.,

  • evidence including a trusted time stamp provided by a Time Stamping Authority,
  • evidence provided by a notary which provides assurance about the action or event performed by one or more entities.

Non-repudiation can only be provided within the context of a clearly defined security policy for a particular application and its legal environment. Non-repudiation policies are described in ISO/IEC 10181-4.


Content Provider
International Organization for Standardization [iso]


Others Also Bought

ISO/IEC 13888-1:2004
IT security techniques - Non-repudiation - Part 1: General
ISO/IEC 13888-3:1997
Information technology - Security techniques - Non-repudiation - Part 3: Mechanisms using asymmetric technique ...
ISO/IEC 13888-1:2009
Information technology - Security techniques - Non-repudiation - Part 1: General
ANSI Logo

As the voice of the U.S. standards and conformity assessment system, the American National Standards Institute (ANSI) empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment.

CUSTOMER SERVICE
NEW YORK OFFICE
ANSI HEADQUARTERS