标准摘要
[中文适用范围]: 不可否认服务的目标是生成、收集、维护、提供和验证有关所声明的事件或动作的证据,以解决有关事件或动作发生或不发生的争议。 ISO/IEC 13888 的这一部分提供了可用于不可否认服务的通用结构的描述,以及可用于提供不可否认来源 (NRO) 和不可否认交付的一些特定通信相关机制的描述。 (NRD)。 可以使用 ISO/IEC 13888 本部分中描述的通用结构来构建其他不可否认服务,以满足安全策略定义的要求。 ISO/IEC 13888 的这一部分依赖于可信第三方 (TTP) 的存在来防止欺诈性否认或指控。 通常,需要在线 TTP。 不可否认性只能在特定应用程序及其法律环境的明确定义的安全策略的背景下提供。 ISO/IEC 10181-4 中定义了不可否认策略。 [外文原描述]: The goal of the non-repudiation service is to generate, collect, maintain, make available and validate evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non-occurrence of the event or action. ISO/IEC 13888-2:2010 provides descriptions of generic structures that can be used for non-repudiation services, and of some specific communication-related mechanisms which can be used to provide non-repudiation of origin (NRO) and non-repudiation of delivery (NRD). Other non-repudiation services can be built using the generic structures described in ISO/IEC 13888-2:2010 in order to meet the requirements defined by the security policy. ISO/IEC 13888-2:2010 relies on the existence of a trusted third party (TTP) to prevent fraudulent repudiation or accusation. Usually, an online TTP is needed. Non-repudiation can only be provided within the context of a clearly defined security policy for a particular application and its legal environment. Non-repudiation policies are defined in ISO/IEC 10181-4.
英文名称Information technology - Security techniques - Non-repudiation - Part 2: Mechanisms using symmetric techniques