• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

CAN/CSA-ISO/IEC 10181-2-00 (R2013)

Current

Current

The latest, up-to-date edition.

Information Technology - Open Systems Interconnection - Security Frameworks for Open Systems: Authentication Framework (Adopted ISO/IEC 10181-2:1996, first edition, 1996-05-15)

Available format(s)

Hardcopy , PDF

Language(s)

French, English

Published date

01-01-2000

£110.57
Excluding VAT

1 Scope
2 Normative references
3 Definitions
4 Abbreviations
5 General discussion of authentication
6 Authentication information and facilities
7 Characteristics of authentication mechanisms
8 Authentication mechanisms
9 Interactions with other security services/mechanisms
Annex A - Human user authentication
Annex B - Authentication in the OSI Model
Annex C - Countering replay using unique numbers or
          challenges
Annex D - Protection against some forms of attack on
          authentication
Annex E - Bibliography
Annex F - Some specific examples of authentication
          mechanisms
Annex G - Authentication facilities outline

Scope This series of Recommendations / International Standards on Security Frameworks for Open Systems addresses the application of security services in an Open Systems environment, where the term \"Open Systems\" is taken to include areas such as Database, Distributed Applications, Open Distributed Processing and OSI. The Security Frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The Security Frameworks are not concerned with the methodology for constructing systems or mechanisms. The Security Frameworks address both data elements and sequences of op erations (but not protocol elements) which are used to obtain specific security services. These security services may apply to the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems. This Recommendation / International Standard: defines the basic concepts for authentication; identifies the possible classes of authentication mechanisms; defines the services for these classes of authentication mechanism; identifies functional requirements for protocols to support these classes of authentication mechanism; and identifies general management requirements for authentication. A number of different types of standards can use this framework including: (1) standards that incorporate the concept of authentication (2) standards that provide an authentication service (3) standards that use an authentication service (4) standards that specify the means to provide authentication within an open system architecture (5) standards that specify authentication mechanisms. [Note that the service in (2), (3) and (4) might include authentication but may have a different primary purpose.] These standards can use this framework as follows: standard types (1), (2), (3), (4) and (5) can use the terminology of this framework; standard types (2), (3), (4) and (5) can use the services defined in clause 7 of this framework; and standard types (5) can be based on the mechanisms defined in clause 8 of this framework. As with other security services, authentication can only be provided within the context of a defined security policy for a particular application. The definitions of security policies are outside the scope of this ITU Recommendation / International Standard. The scope of this Recommendation / International Standard does not include specification of details of the protocol exchanges which need to be performed in order to achieve authentication. This Recommendation / International Standard does not specify particular mechanisms to support these authentication services. Other standards (such as ISO/IEC 9798) develop specific authentication methods in greater detail. Furthermore, examples of such methods are incorporated into other standards (such as ITU Rec. X.509 / ISO/IEC 9594-8) in order to address specific authentication requirements. Some of the procedures described in this framework achieve security by the application of cryptographic techniques. This framework is not dependent on the use of a particular cryptographic or other algorithm, although certain classes of authent ication mechanisms may depend on particular algorithm properties, e.g. asymmetric properties. NOTE - Although ISO does not standardize cryptographic algorithms, it does standardize the procedures used to register them in ISO/IEC 9979.

DocumentType
Standard
ISBN
1-55324-084-7
Pages
60
PublisherName
Canadian Standards Association
Status
Current
Supersedes

Scope This series of Recommendations / International Standards on Security Frameworks for Open Systems addresses the application of security services in an Open Systems environment, where the term \"Open Systems\" is taken to include areas such as Database, Distributed Applications, Open Distributed Processing and OSI. The Security Frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The Security Frameworks are not concerned with the methodology for constructing systems or mechanisms. The Security Frameworks address both data elements and sequences of op erations (but not protocol elements) which are used to obtain specific security services. These security services may apply to the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems. This Recommendation / International Standard: defines the basic concepts for authentication; identifies the possible classes of authentication mechanisms; defines the services for these classes of authentication mechanism; identifies functional requirements for protocols to support these classes of authentication mechanism; and identifies general management requirements for authentication. A number of different types of standards can use this framework including: (1) standards that incorporate the concept of authentication (2) standards that provide an authentication service (3) standards that use an authentication service (4) standards that specify the means to provide authentication within an open system architecture (5) standards that specify authentication mechanisms. [Note that the service in (2), (3) and (4) might include authentication but may have a different primary purpose.] These standards can use this framework as follows: standard types (1), (2), (3), (4) and (5) can use the terminology of this framework; standard types (2), (3), (4) and (5) can use the services defined in clause 7 of this framework; and standard types (5) can be based on the mechanisms defined in clause 8 of this framework. As with other security services, authentication can only be provided within the context of a defined security policy for a particular application. The definitions of security policies are outside the scope of this ITU Recommendation / International Standard. The scope of this Recommendation / International Standard does not include specification of details of the protocol exchanges which need to be performed in order to achieve authentication. This Recommendation / International Standard does not specify particular mechanisms to support these authentication services. Other standards (such as ISO/IEC 9798) develop specific authentication methods in greater detail. Furthermore, examples of such methods are incorporated into other standards (such as ITU Rec. X.509 / ISO/IEC 9594-8) in order to address specific authentication requirements. Some of the procedures described in this framework achieve security by the application of cryptographic techniques. This framework is not dependent on the use of a particular cryptographic or other algorithm, although certain classes of authent ication mechanisms may depend on particular algorithm properties, e.g. asymmetric properties. NOTE - Although ISO does not standardize cryptographic algorithms, it does standardize the procedures used to register them in ISO/IEC 9979.

Standards Relationship
ISO/IEC 10181-2:1996 Identical

ISO/IEC 9798-3:1998 Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniques
ISO/IEC 9798-4:1999 Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function
ISO/IEC 9979:1999 Information technology Security techniques Procedures for the registration of cryptographic algorithms
ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview
ISO/IEC 9798-2:2008 Information technology Security techniques Entity authentication Part 2: Mechanisms using symmetric encipherment algorithms
ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 10116:2017 Information technology — Security techniques — Modes of operation for an n-bit block cipher
ISO/IEC 9798-1:2010 Information technology Security techniques Entity authentication Part 1: General

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.