Skip to content
Please enter a keyword to search

  • IEEE DRAFT 802.10C : D15 JAN 97

    Superseded A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

    DRAFT STANDARD FOR INTEROPERABLE LAN/MAN SECURITY CLAUSE 3 - KEY MANAGEMENT

    Available format(s): 

    Superseded date:  01-05-1998

    Language(s): 

    Published date:  12-01-2013

    Publisher:  Institute of Electrical & Electronics Engineers

    Sorry this product is not available in your region.

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    1 INTRODUCTION
    1.1 SCOPE AND PURPOSE
    1.2 OVERVIEW
    2 DEFINITIONS
    2.1 ACRONYMS
    2.2 SECURITY DEFINITIONS
    3 REFERENCES
    4 KEY DISTRIBUTION TECHNIQUES
    4.1 MANUAL KEY DISTRIBUTION TECHNIQUES
    4.2 CENTER-BASED KEY DISTRIBUTION TECHNIQUES
    4.3 CERTIFICATE-BASED DISTRIBUTION TECHNIQUES
    4.4 MULTICAST KEY DISTRIBUTION TECHNIQUES
    5 KEY MANAGEMENT MODEL
    5.1 SECURITY ASSOCIATION LIFECYCLE
    5.2 KEY MANAGEMENT APPLICATION ENTITY STRUCTURE
    5.3 SEQUENCING OF APPLICATION LAYER SERVICES
    5.3.1 Manually Distributed Key
    5.3.2 Key Center Distribution
    5.3.3 Certificate-Based Key Distribution
    5.3.4 Multicast Key Distribution
    5.3.4.1 Create Multicast Security Association
    5.3.4.2 Spawn Multicast Security Association
    5.3.5 Spawn Security Association
    5.3.6 Delete Security Association
    6 SERVICE DEFINITION
    6.1 KEY MANAGEMENT APPLICATION ENTITY (KMAE) SERVICES
    6.1.1 Create Security Association (Create-SA)
    6.1.1.1 Calling AE-Title
    6.1.1.2 Called AE-Title
    6.1.1.3 Key Management Technique Identifier List
    6.1.1.4 Security Policy Identifier
    6.1.1.5 Security Association Attributes List
    6.1.1.6 Security Association Attributes
    6.1.1.7 Calling SAID
    6.1.1.8 Called SAID
    6.1.1.9 Result
    6.1.2 Spawn Security Association (Spawn-SA)
    6.1.2.1 Spawn Option
    6.1.2.2 Key Transformation Algorithm Identifier
    6.1.2.3 Previously Established Calling SAID
    6.1.2.4 Previously Established Called SAID
    6.1.3 Delete Security Association (Delete-SA)
    6.1.4 Create Multicast Security Association
               (Create-MSA)
    6.1.4.1 MKCTitle
    6.1.4.2 Mcast Address List
    6.1.4.3 Mcast Token List
    6.1.5 Spawn Multicast Security Association
               (Spawn-MSA)
    6.1.5.1 MCastSAID
    6.2 KEY PEER APPLICATION SERVICE OBJECT (KPASO) SERVICES
    6.2.1 Negotiate Key Management Algorithm (Pick-KM-Alg)
    6.2.2 Select Key (Select-Key)
    6.2.2.1 Keying Material Identifier
    6.2.2.2 TransformAlgorithmIdentifier
    6.2.3 Make Key (Make-Key)
    6.2.3.1 Key Generation Algorithm Identifier
    6.2.3.2 Calling Certificate Path
    6.2.3.3 Called Certificate Path
    6.2.3.4 Calling Key Generation Algorithm Parameters
    6.2.3.5 Called Key Generation Algorithm Parameters
    6.2.3.6 Calling Attribute Certification Path
    6.2.3.7 Called Attribute Certification Path
    6.2.4 Send Key (Send-Key)
    6.2.4.1 KEK Identifier
    6.2.4.2 Request Parameters
    6.2.4.3 Response Parameters
    6.2.5 Negotiate Security Association Attributes
               (Pick-SA-Attrs)
    6.2.5.1 Escrow Agent Info
    6.2.6 Spawn Key (Spawn-Key)
    6.2.6.1 Key Transformation Algorithm Identifier
    6.2.7 Get Multicast Key (Get-MKey)
    6.2.8 Delete Key (Delete-Key)
    6.2.9 Release Peer Association (Release-P)
    6.2.9.1 Release-request-reason
    6.2.9.2 Release-response-reason
    6.2.9.3 User Information
    6.2.10 Abort Peer Association (Abort-P)
    6.2.10.1 Abort Source
    6.2.10.2 User Information
    6.2.11 Protected Make Key (Protected-Make-Key)
    6.2.12 Get Next Multicast Key (Get-Next-MKey)
    6.2.13 Please Send Key (Please-Send-Key)
    6.3 KEY CENTER APPLICATION SERVICE OBJECT (KCASO)
               SERVICES
    6.3.1 Request Key (Request-Key)
    6.3.1.1 KDC AE-Title
    6.3.1.2 Request Parameters
    6.3.1.3 Response Parameters
    6.3.2 Translate Key (Translate-Key)
    6.3.2.1 KTC AE-Title
    6.3.2.2 Request Parameters
    6.3.2.3 Response Parameters
    6.3.3 Release Center Association (Release-C)
    6.3.4 Abort Center Association (Abort-C)
    7 SECURITY EXCHANGES
    7.1 KEY MANAGEMENT APPLICATION ENTITY (KMAE)
               SECURITY EXCHANGES
    7.2 KEY PEER APPLICATION SERVICE OBJECT (KPASO)
               SECURITY EXCHANGES
    7.2.1 Negotiate Key Management Algorithm
               (Pick-KM-Alg) Security Exchange
    7.2.2 Select Key (Select-Key) Security Exchange
    7.2.3 Make Key (Make-Key) Security Exchange
    7.2.4 Send Key (Send-Key) Security Exchange
    7.2.5 Negotiate Security Association Attributes
               (Pick-SA-Attrs) Security Exchange
    7.2.6 Spawn Key (Spawn-Key) Security Exchange
    7.2.7 Get Multicast Key (Get-MKey) Security Exchange
    7.2.8 Delete Key (Delete-Key) Security Exchange
    7.2.9 Protected Make Key (Protected-Make-Key)
    7.2.10 Get Next Multicast Key (Get-Next-MKey)
    7.2.11 Please Send Key (Please-Send-Key) Security Exchange
    7.3 KEY CENTER APPLICATION SERVICE OBJECT (KCASO)
               SECURITY EXCHANGES
    7.3.1
    7.3.2 Request Key (Request-Key) Security Exchange
    7.3.3 Translate Key (Translate-Key) Security Exchange
    7.4 OBJECT IDENTIFIERS
    7.5 OBJECT CLASS DEFINITIONS
    7.5.1 Key Generation Algorithm Object Class
    7.5.2 Security Protocol Attributes Object Class
    7.5.3 Center Protocol Object Class
    7.6 SECURITY TRANSFORMATIONS AND PROTECTION MAPPINGS
    7.6.1 Integrity and Privacy Security Transformation
    7.6.1.1 Other Details
    7.6.2 Integrity Security Transformation
    7.6.3 Seal and Encrypt Protection Mapping
    7.6.4 Sealed Protection Mapping
    8 KMAE CONTROL FUNCTION
    8.1 KMAE CONTROL FUNCTION STATE TABLES
    8.2 SAMPLE TIMING DIAGRAMS
    9 APPENDIX A LOCATING SDE KEY MANAGEMENT ENTITIES
    9.1 PROBE FRAMES
    9.1.1 Probe Request
    9.1.2 Probe Processing
    9.1.3 Probe Response
    9.2 ADDRESS DISCOVERY SCENARIO
    10 APPENDIX B CERTIFICATE REPLACEMENT
    10.1 SERVICE DEFINITION (CERT-REPLACE)
    10.1.1 Certificate-To-Be-Replaced
    10.1.2 Replacement-Indicator
    10.2 REPLACE-CERTIFICATE
    10.2.1 Replacement-Material
    10.3 SECURITY EXCHANGES
    11 APPENDIX C COMPROMISED MATERIAL LISTS
    11.1 SECURITY DEFINITION (CML-REQUEST)
    11.1.1 Name
    11.1.2 Attribute-Id
    11.1.3 Attribute-Value
    11.2 REQUEST-CML
    11.3 SECURITY EXCHANGES
    12 APPENDIX D KEY DISTRIBUTION SCENARIOS
    12.1 MANUAL KEY DISTRIBUTION SCENARIO
    12.2 CENTER-BASED KEY DISTRIBUTION SCENARIO
    12.3 CERTIFICATE-BASED KEY DISTRIBUTION SCENARIO
    12.3.1 X9.44 RSA Key Transfer Scenario
    12.3.2 X9.42 Diffie-Hellman Key Agreement Scenario
    13 APPENDIX E SDE ATTRIBUTE NEGOTIATIONS
    13.1 SECURITY ATTRIBUTES FOR SECURE DATA EXCHANGE (SDE)

    Abstract - (Show below) - (Hide below)

    Specifies a cryptographic key management architecture and protocol.

    General Product Information - (Show below) - (Hide below)

    Comment Closes On
    Document Type Draft
    Publisher Institute of Electrical & Electronics Engineers
    Status Superseded

    Standards Referenced By This Book - (Show below) - (Hide below)

    MIL-HDBK-818-1 Base Document:1992 SURVIVABLE ADAPTABLE FIBER OPTIC EMBEDDED NETWORK (SAFENET) NETWORK DEVELOPMENT GUIDANCE

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO 8650:1988 Information processing systems — Open Systems Interconnection — Protocol specification for the Association Control Service Element
    ISO/IEC 7498-3:1997 Information technology Open Systems Interconnection Basic Reference Model: Naming and addressing
    ISO/IEC 7498-1:1994 Information technology Open Systems Interconnection Basic Reference Model: The Basic Model
    ISO/IEC 10736:1995 Information technology Telecommunications and information exchange between systems Transport layer security protocol
    ISO/IEC 9545:1994 Information technology Open Systems Interconnection Application Layer structure
    ISO/IEC 8824:1990 Information technology — Open Systems Interconnection — Specification of Abstract Syntax Notation One (ASN.1)
    ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview
    ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
    ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
    ISO/IEC 11586-1:1996 Information technology Open Systems Interconnection Generic upper layers security: Overview, models and notation
    ISO/IEC 11586-4:1996 Information technology Open Systems Interconnection Generic upper layers security: Protecting transfer syntax specification
    ISO/IEC 11577:1995 Information technology Open Systems Interconnection Network layer security protocol
    ISO/IEC 11586-3:1996 Information technology Open Systems Interconnection Generic upper layers security: Security Exchange Service Element (SESE) protocol specification
    ISO/IEC 11586-2:1996 Information technology Open Systems Interconnection Generic upper layers security: Security Exchange Service Element (SESE) service definition
    ISO/IEC 8649:1996 Information technology Open Systems Interconnection Service definition for the Association Control Service Element
    ISO/IEC 10745:1995 Information technology Open Systems Interconnection Upper layers security model
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective