• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

IEEE DRAFT 802.10C : D15 JAN 97

Superseded
Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

DRAFT STANDARD FOR INTEROPERABLE LAN/MAN SECURITY CLAUSE 3 - KEY MANAGEMENT
Superseded date

01-05-1998

Published date

12-01-2013

1 INTRODUCTION
1.1 SCOPE AND PURPOSE
1.2 OVERVIEW
2 DEFINITIONS
2.1 ACRONYMS
2.2 SECURITY DEFINITIONS
3 REFERENCES
4 KEY DISTRIBUTION TECHNIQUES
4.1 MANUAL KEY DISTRIBUTION TECHNIQUES
4.2 CENTER-BASED KEY DISTRIBUTION TECHNIQUES
4.3 CERTIFICATE-BASED DISTRIBUTION TECHNIQUES
4.4 MULTICAST KEY DISTRIBUTION TECHNIQUES
5 KEY MANAGEMENT MODEL
5.1 SECURITY ASSOCIATION LIFECYCLE
5.2 KEY MANAGEMENT APPLICATION ENTITY STRUCTURE
5.3 SEQUENCING OF APPLICATION LAYER SERVICES
5.3.1 Manually Distributed Key
5.3.2 Key Center Distribution
5.3.3 Certificate-Based Key Distribution
5.3.4 Multicast Key Distribution
5.3.4.1 Create Multicast Security Association
5.3.4.2 Spawn Multicast Security Association
5.3.5 Spawn Security Association
5.3.6 Delete Security Association
6 SERVICE DEFINITION
6.1 KEY MANAGEMENT APPLICATION ENTITY (KMAE) SERVICES
6.1.1 Create Security Association (Create-SA)
6.1.1.1 Calling AE-Title
6.1.1.2 Called AE-Title
6.1.1.3 Key Management Technique Identifier List
6.1.1.4 Security Policy Identifier
6.1.1.5 Security Association Attributes List
6.1.1.6 Security Association Attributes
6.1.1.7 Calling SAID
6.1.1.8 Called SAID
6.1.1.9 Result
6.1.2 Spawn Security Association (Spawn-SA)
6.1.2.1 Spawn Option
6.1.2.2 Key Transformation Algorithm Identifier
6.1.2.3 Previously Established Calling SAID
6.1.2.4 Previously Established Called SAID
6.1.3 Delete Security Association (Delete-SA)
6.1.4 Create Multicast Security Association
           (Create-MSA)
6.1.4.1 MKCTitle
6.1.4.2 Mcast Address List
6.1.4.3 Mcast Token List
6.1.5 Spawn Multicast Security Association
           (Spawn-MSA)
6.1.5.1 MCastSAID
6.2 KEY PEER APPLICATION SERVICE OBJECT (KPASO) SERVICES
6.2.1 Negotiate Key Management Algorithm (Pick-KM-Alg)
6.2.2 Select Key (Select-Key)
6.2.2.1 Keying Material Identifier
6.2.2.2 TransformAlgorithmIdentifier
6.2.3 Make Key (Make-Key)
6.2.3.1 Key Generation Algorithm Identifier
6.2.3.2 Calling Certificate Path
6.2.3.3 Called Certificate Path
6.2.3.4 Calling Key Generation Algorithm Parameters
6.2.3.5 Called Key Generation Algorithm Parameters
6.2.3.6 Calling Attribute Certification Path
6.2.3.7 Called Attribute Certification Path
6.2.4 Send Key (Send-Key)
6.2.4.1 KEK Identifier
6.2.4.2 Request Parameters
6.2.4.3 Response Parameters
6.2.5 Negotiate Security Association Attributes
           (Pick-SA-Attrs)
6.2.5.1 Escrow Agent Info
6.2.6 Spawn Key (Spawn-Key)
6.2.6.1 Key Transformation Algorithm Identifier
6.2.7 Get Multicast Key (Get-MKey)
6.2.8 Delete Key (Delete-Key)
6.2.9 Release Peer Association (Release-P)
6.2.9.1 Release-request-reason
6.2.9.2 Release-response-reason
6.2.9.3 User Information
6.2.10 Abort Peer Association (Abort-P)
6.2.10.1 Abort Source
6.2.10.2 User Information
6.2.11 Protected Make Key (Protected-Make-Key)
6.2.12 Get Next Multicast Key (Get-Next-MKey)
6.2.13 Please Send Key (Please-Send-Key)
6.3 KEY CENTER APPLICATION SERVICE OBJECT (KCASO)
           SERVICES
6.3.1 Request Key (Request-Key)
6.3.1.1 KDC AE-Title
6.3.1.2 Request Parameters
6.3.1.3 Response Parameters
6.3.2 Translate Key (Translate-Key)
6.3.2.1 KTC AE-Title
6.3.2.2 Request Parameters
6.3.2.3 Response Parameters
6.3.3 Release Center Association (Release-C)
6.3.4 Abort Center Association (Abort-C)
7 SECURITY EXCHANGES
7.1 KEY MANAGEMENT APPLICATION ENTITY (KMAE)
           SECURITY EXCHANGES
7.2 KEY PEER APPLICATION SERVICE OBJECT (KPASO)
           SECURITY EXCHANGES
7.2.1 Negotiate Key Management Algorithm
           (Pick-KM-Alg) Security Exchange
7.2.2 Select Key (Select-Key) Security Exchange
7.2.3 Make Key (Make-Key) Security Exchange
7.2.4 Send Key (Send-Key) Security Exchange
7.2.5 Negotiate Security Association Attributes
           (Pick-SA-Attrs) Security Exchange
7.2.6 Spawn Key (Spawn-Key) Security Exchange
7.2.7 Get Multicast Key (Get-MKey) Security Exchange
7.2.8 Delete Key (Delete-Key) Security Exchange
7.2.9 Protected Make Key (Protected-Make-Key)
7.2.10 Get Next Multicast Key (Get-Next-MKey)
7.2.11 Please Send Key (Please-Send-Key) Security Exchange
7.3 KEY CENTER APPLICATION SERVICE OBJECT (KCASO)
           SECURITY EXCHANGES
7.3.1
7.3.2 Request Key (Request-Key) Security Exchange
7.3.3 Translate Key (Translate-Key) Security Exchange
7.4 OBJECT IDENTIFIERS
7.5 OBJECT CLASS DEFINITIONS
7.5.1 Key Generation Algorithm Object Class
7.5.2 Security Protocol Attributes Object Class
7.5.3 Center Protocol Object Class
7.6 SECURITY TRANSFORMATIONS AND PROTECTION MAPPINGS
7.6.1 Integrity and Privacy Security Transformation
7.6.1.1 Other Details
7.6.2 Integrity Security Transformation
7.6.3 Seal and Encrypt Protection Mapping
7.6.4 Sealed Protection Mapping
8 KMAE CONTROL FUNCTION
8.1 KMAE CONTROL FUNCTION STATE TABLES
8.2 SAMPLE TIMING DIAGRAMS
9 APPENDIX A LOCATING SDE KEY MANAGEMENT ENTITIES
9.1 PROBE FRAMES
9.1.1 Probe Request
9.1.2 Probe Processing
9.1.3 Probe Response
9.2 ADDRESS DISCOVERY SCENARIO
10 APPENDIX B CERTIFICATE REPLACEMENT
10.1 SERVICE DEFINITION (CERT-REPLACE)
10.1.1 Certificate-To-Be-Replaced
10.1.2 Replacement-Indicator
10.2 REPLACE-CERTIFICATE
10.2.1 Replacement-Material
10.3 SECURITY EXCHANGES
11 APPENDIX C COMPROMISED MATERIAL LISTS
11.1 SECURITY DEFINITION (CML-REQUEST)
11.1.1 Name
11.1.2 Attribute-Id
11.1.3 Attribute-Value
11.2 REQUEST-CML
11.3 SECURITY EXCHANGES
12 APPENDIX D KEY DISTRIBUTION SCENARIOS
12.1 MANUAL KEY DISTRIBUTION SCENARIO
12.2 CENTER-BASED KEY DISTRIBUTION SCENARIO
12.3 CERTIFICATE-BASED KEY DISTRIBUTION SCENARIO
12.3.1 X9.44 RSA Key Transfer Scenario
12.3.2 X9.42 Diffie-Hellman Key Agreement Scenario
13 APPENDIX E SDE ATTRIBUTE NEGOTIATIONS
13.1 SECURITY ATTRIBUTES FOR SECURE DATA EXCHANGE (SDE)

Specifies a cryptographic key management architecture and protocol.

DocumentType
Draft
PublisherName
Institute of Electrical & Electronics Engineers
Status
Superseded

MIL-HDBK-818-1 Base Document:1992 SURVIVABLE ADAPTABLE FIBER OPTIC EMBEDDED NETWORK (SAFENET) NETWORK DEVELOPMENT GUIDANCE

ISO 8650:1988 Information processing systems — Open Systems Interconnection — Protocol specification for the Association Control Service Element
ISO/IEC 7498-3:1997 Information technology Open Systems Interconnection Basic Reference Model: Naming and addressing
ISO/IEC 7498-1:1994 Information technology Open Systems Interconnection Basic Reference Model: The Basic Model
ISO/IEC 10736:1995 Information technology Telecommunications and information exchange between systems Transport layer security protocol
ISO/IEC 9545:1994 Information technology Open Systems Interconnection Application Layer structure
ISO/IEC 8824:1990 Information technology — Open Systems Interconnection — Specification of Abstract Syntax Notation One (ASN.1)
ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview
ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 11586-1:1996 Information technology Open Systems Interconnection Generic upper layers security: Overview, models and notation
ISO/IEC 11586-4:1996 Information technology Open Systems Interconnection Generic upper layers security: Protecting transfer syntax specification
ISO/IEC 11577:1995 Information technology Open Systems Interconnection Network layer security protocol
ISO/IEC 11586-3:1996 Information technology Open Systems Interconnection Generic upper layers security: Security Exchange Service Element (SESE) protocol specification
ISO/IEC 11586-2:1996 Information technology Open Systems Interconnection Generic upper layers security: Security Exchange Service Element (SESE) service definition
ISO/IEC 8649:1996 Information technology Open Systems Interconnection Service definition for the Association Control Service Element
ISO/IEC 10745:1995 Information technology Open Systems Interconnection Upper layers security model

View more information
Sorry this product is not available in your region.

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.