ISO/IEC 13888-2:2010
Information technology — Security techniques — Non-repudiation — Part 2: Mechanisms using symmetric techniques
The goal of the non-repudiation service is to generate, collect, maintain, make available and validate evidence concerning a claimed event or action in order to resolve disputes about the occurrence or non-occurrence of the event or action. ISO/IEC 13888-2:2010 provides descriptions of generic structures that can be used for non-repudiation services, and of some specific communication-related mechanisms which can be used to provide non-repudiation of origin (NRO) and non-repudiation of delivery (NRD). Other non-repudiation services can be built using the generic structures described in ISO/IEC 13888-2:2010 in order to meet the requirements defined by the security policy.
ISO/IEC 13888-2:2010 relies on the existence of a trusted third party (TTP) to prevent fraudulent repudiation or accusation. Usually, an online TTP is needed.
Non-repudiation can only be provided within the context of a clearly defined security policy for a particular application and its legal environment. Non-repudiation policies are defined in ISO/IEC 10181-4.
| Get this standard | Prices exclude GST | |
|---|---|---|
| PDF ( Single user document) |
$179.13 NZD
|
|
| HardCopy |
$214.78 NZD
|
|
| Networkable PDF |
Price varies
|
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Notation
5.1 Notation from ISO/IEC 13888-1
5.2 Notation unique for the purposes of this part of ISO/IEC 13888
6 Requirements
7 Secure envelopes
8 Generation and verification of non-repudiation tokens
8.1 Creation of tokens by the TTP
8.2 Data items used in the non-repudiation mechanisms
8.2.1 Data items used in secure envelopes
8.2.2 Data items used in non-repudiation tokens
8.3 Non-repudiation tokens
8.3.1 Provision of evidence
8.3.2 Non-repudiation of origin token
8.3.3 Non-repudiation of delivery token
8.3.4 Time stamping token
8.4 Verification of tokens by the TTP
8.4.1 Verification process
8.4.2 On-line verification of the token
8.4.3 Table of tokens
9 Specific non-repudiation mechanisms
9.1 Mechanisms for non-repudiation
9.2 Mechanism for non-repudiation of origin
9.2.1 Transactions and mechanisms
9.2.2 Token Generation
9.2.2.1 Transaction 1 – between originator A and TTP
9.2.2.2 Transaction 2 – from originator A to recipient B
9.2.2.3 Transaction 3 – between recipient B and TTP
9.2.3 Token Verification
9.3 Mechanism for non-repudiation of delivery
9.3.1 Transactions and mechanisms
9.3.2 Token generation
9.3.2.1 Transaction 1 – between recipient B and TTP
9.3.2.2 Transaction 2 – from recipient B to originator A
9.3.2.3 Transaction 3 – between originator A and TTP
9.3.3 Token Verification
9.4 Mechanism for obtaining a time stamping token
Amendments
Previous versions
Keep me up-to-date
Register to receive notifications when updates are made to this standard.
Related Information
Similar Standards
-
AS/NZS ISO/IEC 27001:2023
Information security, cybersecurity and privacy protection – Information security management systems – Requirements
-
AS/NZS ISO/IEC 27002:2022
Information security, cybersecurity and privacy protection — Information security controls
-
AS/NZS ISO/IEC 27551:2024
Information security, cybersecurity and privacy protection – Requirements for attribute-based unlinkable entity authentication
-
BS 10754-1:2018
Information technology. Systems trustworthiness, Governance and management specification
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Notation
5.1 Notation from ISO/IEC 13888-1
5.2 Notation unique for the purposes of this part of ISO/IEC 13888
6 Requirements
7 Secure envelopes
8 Generation and verification of non-repudiation tokens
8.1 Creation of tokens by the TTP
8.2 Data items used in the non-repudiation mechanisms
8.2.1 Data items used in secure envelopes
8.2.2 Data items used in non-repudiation tokens
8.3 Non-repudiation tokens
8.3.1 Provision of evidence
8.3.2 Non-repudiation of origin token
8.3.3 Non-repudiation of delivery token
8.3.4 Time stamping token
8.4 Verification of tokens by the TTP
8.4.1 Verification process
8.4.2 On-line verification of the token
8.4.3 Table of tokens
9 Specific non-repudiation mechanisms
9.1 Mechanisms for non-repudiation
9.2 Mechanism for non-repudiation of origin
9.2.1 Transactions and mechanisms
9.2.2 Token Generation
9.2.2.1 Transaction 1 – between originator A and TTP
9.2.2.2 Transaction 2 – from originator A to recipient B
9.2.2.3 Transaction 3 – between recipient B and TTP
9.2.3 Token Verification
9.3 Mechanism for non-repudiation of delivery
9.3.1 Transactions and mechanisms
9.3.2 Token generation
9.3.2.1 Transaction 1 – between recipient B and TTP
9.3.2.2 Transaction 2 – from recipient B to originator A
9.3.2.3 Transaction 3 – between originator A and TTP
9.3.3 Token Verification
9.4 Mechanism for obtaining a time stamping token