|
URL: http://www.iso.ch
URL: http://www.csa-intl.org/onlinestore/GetCatalogDrillDown.asp?Parent=2627
From
http://www.csa-intl.org:
The
goal of the Non-repudiation Service is to generate, collect, maintain, make
available and validate evidence concerning a claimed event or action in order
to resolve disputes about the occurrence or non-occurrence of the event or
action. This part of ISO/IEC 13888 specifies mechanisms for the provision of
some specific, communication related non-repudiation Services using asymmetric
techniques.
Non-repudiation
mechanisms are specified to establish the following non-repudiation services:
-
non-repudiation of origin,
- non-repudiation of delivery,
- non-repudiation of submission,
- non-repudiation of transport.
Non-repudiation
mechanisms involve the exchange of non-repudiation tokens specific for each
non-repudiation Service. Non-repudiation tokens consist of digital signatures
and additional data. Non-repudiation tokens shall be stored as non-repudiation
information that may be used subsequently in case of disputes.
Depending
on the non-repudiation policy in effect for a specific application, and the
legal environment within which the application operates, additional information
may be required to complete the non-repudiation information, e.g.,
-
evidence including a trusted time stamp provided by a Time Stamping Authority,
- evidence provided by a notary which provides assurance about the action or
event performed by
one or more entities.
Non-repudiation
can only be provided within the context of a clearly defined security policy
for a particular application and its legal environment. Non-repudiation policies
are described in the multipart Standard of Security Frameworks for open systems
- Part 4: Non-repudiation Framework, ISO/IEC 10181-4.
Keywords:
Keywords:
|
