GB/T 18794.4-2003
Information technology-Open Systems Interconnection-Security frameworks for open systems-Part 4:Non-repudiation framework (English Version)

Standard No.

GB/T 18794.4-2003

Language

Chinese, Available in English version

Release Date

2003

Published By

General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China

Latest

GB/T 18794.4-2003

Scope

This standard for an open systems security framework addresses the application of security services in an open systems environment, where the term "open systems" includes such domains as databases, distributed applications, open distributed processing, and open systems interconnection. A security framework involves defining methods for providing protection to systems and objects within systems, and to the interactions between systems. This security framework does not address methodologies for building systems or mechanisms. A security framework addresses sequences of data elements and operations (rather than protocol elements), both of which can be used to obtain specific security services. These security services apply to the entities the systems are communicating with, the data exchanged between the systems, and the data managed by the systems. This part: - Defines the basic concepts of non-repudiation; - Defines general non-repudiation services; - Determines possible mechanisms for providing non-repudiation services; - Determines general management requirements for non-repudiation services and mechanisms. Like other security services, non-repudiation services can only be provided within the scope of security policies specified for specific applications. The definition of security policy is outside the scope of this standard. This section does not include detailed descriptions of the protocol exchanges that need to be completed to achieve non-repudiation. This section does not describe in detail the specific mechanisms that may be used to support non-repudiation services, nor does it give details of the supported security management services and protocols. Some of the procedures described in this framework achieve security through the application of cryptography. This framework does not depend on the use of specific cryptographic algorithms or other algorithms, nor on specific (eg symmetric or asymmetric) cryptographic techniques, although certain kinds of non-repudiation mechanisms may be associated with specific algorithmic properties. Indeed, it is possible to use a large number of different algorithms. Two entities wishing to cryptographically protect data must support the same cryptographic algorithm. Many different types of standards can use this framework, including: 1) standards that embody the concept of non-repudiation; 2) standards that specify abstract services that contain non-repudiation; 3) standards that specify the use of non-repudiation services; Standards for providing non-repudiation methods within the open system architecture; 5) Standards for specifying non-repudiation mechanisms. These standards can use this framework in the following ways: - standard type 1), 2), 3), 4) or 5) can use the terms of this framework; - standard type 2), 3), 4) or 5 ) can use the facilities defined in clause 7; – standard type 5) can be based on the mechanism classes defined in clause 8.

GB/T 18794.4-2003 history

• 2003 GB/T 18794.4-2003 Information technology-Open Systems Interconnection-Security frameworks for open systems-Part 4:Non-repudiation framework

GB/T 18794.4-2003 -All Parts