RSA Laboratories

5.3.4 What are ISO standards?

The International Organization for Standardization, (ISO), is a non-governmental body promoting standardization developments globally. Altogether, ISO is broken down into about 2700 Technical Committees, subcommittees and working groups. ISO/IEC (International Electrotechnical Commission) is the joint technical committee developing the standards for information technology.

One of the more important information technology standards developed by ISO/IEC is ISO/IEC 9798 [ISO92a]. This is an emerging international standard for entity authentication techniques. It consists of five parts. Part 1 is introductory, and Parts 2 and 3 define protocols for entity authentication using secret-key techniques and public-key techniques. Part 4 defines protocols based on cryptographic checksums, and part 5 addresses zero-knowledge techniques.

ISO/IEC 9796 is another ISO standard that defines procedures for digital signature schemes giving message recovery (such as RSA and Rabin-Williams). ISO/IEC International Standard 9594-8 is also published (and is better known) as ITU-T Recommendation X.509, ``Information Technology - Open Systems Interconnection - The Directory: Authentication Framework,'' and is the basic document defining the most widely used form of public-key certificate.

Another example of an ISO/IEC standard is the ISO/IEC 9979 [ISO91] standard defining the procedures for a service that registers cryptographic algorithms. Registering a cryptographic algorithm results in a unique identifier being assigned to it. The registration is achieved via a single organization called the registration authority. The registration authority does not evaluate or make any judgment on the quality of the protection provided.

For more information on ISO, contact their official web site

Top of the page