Skip to content
Please enter a keyword to search

  • ISO/IEC TR 14516:2002

    Current The latest, up-to-date edition.

    Information technology Security techniques Guidelines for the use and management of Trusted Third Party services

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Language(s):  English, French

    Published date:  27-06-2002

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    Associated with the provision and operation of a Trusted Third Party (TTP) are a number of security-related issues for

    which general guidance is necessary to assist business entities, developers and providers of systems and services, etc.

    This includes guidance on issues regarding the roles, positions and relationships of TTPs and the entities using TTP

    services, the generic security requirements, who should provide what type of security, what the possible security

    solutions are, and the operational use and management of TTP service security.

    This Recommendation | Technical Report provides guidance for the use and management of TTPs, a clear definition of

    the basic duties and services provided, their description and their purpose, and the roles and liabilities of TTPs and

    entities using their services. It is intended primarily for system managers, developers, TTP operators and enterprise users

    to select those TTP services needed for particular requirements, their subsequent management, use and operational

    deployment, and the establishment of a Security Policy within a TTP. It is not intended to be used as a basis for a formal

    assessment of a TTP or a comparison of TTPs.

    This Recommendation | Technical Report identifies different major categories of TTP services including: time stamping,

    non-repudiation, key management, certificate management, and electronic notary public. Each of these major categories

    consists of several services which logically belong together.

    General Product Information - (Show below) - (Hide below)

    Document Type Standard
    Publisher International Organization for Standardization
    Status Current

    Standards Referenced By This Book - (Show below) - (Hide below)

    ISO/IEC 18028-5:2006 Information technology Security techniques IT network security Part 5: Securing communications across networks using virtual private networks
    BS PD ISO/TR 17068 : 2012 INFORMATION AND DOCUMENTATION - TRUSTED THIRD PARTY REPOSITORY FOR DIGITAL RECORDS
    BS ISO 17068:2017 Information and documentation. Trusted third party repository for digital records
    CSA ISO/IEC 21827 : 2009 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SYSTEMS SECURITY ENGINEERING - CAPABILITY MATURITY MODEL (SSE-CMM)
    08/30194076 DC : DRAFT DEC 2008 BS ISO 21091 - HEALTH INFORMATICS - DIRECTORY SERVICES FOR SECURITY, COMMUNICATIONS AND IDENTIFICATION OF PROFESSIONALS AND PATIENTS
    CSA ISO TS 17090-2 : 2005 HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 2: CERTIFICATE PROFILE
    05/30040757 DC : DRAFT JUN 2005 ISO/IEC 18028 - INFORMATION TECHNOLOGY - IT NETWORK SECURITY - PART 1: NETWORK SECURITY MANAGEMENT
    EN 319 411-1 : 1.2.2 ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); POLICY AND SECURITY REQUIREMENTS FOR TRUST SERVICE PROVIDERS ISSUING CERTIFICATES; PART 1: GENERAL REQUIREMENTS
    08/30169511 DC : DRAFT DEC 2008 BS ISO/IEC 13888-3 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 3: MECHANISMS USING ASYMMETRIC TECHNIQUES
    ISO 17068:2017 Information and documentation — Trusted third party repository for digital records
    08/30145964 DC : DRAFT SEP 2008 BS ISO/IEC 24713-3 - BIOMETRIC PROFILES FOR INTEROPERABILITY AND DATA INTERCHANGE - PART 3: BIOMETRIC PROFILE FOR SEAFARERS
    BS ISO/IEC 18014-1:2008 Information technology. Security techniques. Time- stamping services Framework
    DIN EN ISO 22600-2 E : 2015 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS (ISO 22600-2:2014)
    CAN/CSA-ISO/IEC 27033-1:16 Information technology - Security techniques - Network security - Part 1: Overview and concepts (Adopted ISO/IEC 27033-1:2015, second edition, 2015-08-15)
    CSA ISO/IEC 13888-1 : 2010 : R2015 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 1: GENERAL
    INCITS/ISO/IEC 18028-1 : 2008 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 1: NETWORK SECURITY MANAGEMENT
    ISO/IEC 24713-3:2009 Information technology Biometric profiles for interoperability and data interchange Part 3: Biometrics-based verification and identification of seafarers
    UNI EN ISO 22600-2 : 2014 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS
    ISO 17090-2:2015 Health informatics Public key infrastructure Part 2: Certificate profile
    BS ISO 15782-1:2009 Certificate management for financial services Public key certificates
    ISO/IEC 21827:2008 Information technology Security techniques Systems Security Engineering Capability Maturity Model (SSE-CMM)
    I.S. EN ISO 21091:2013 HEALTH INFORMATICS - DIRECTORY SERVICES FOR HEALTHCARE PROVIDERS, SUBJECTS OF CARE AND OTHER ENTITIES (ISO 21091:2013)
    BS EN ISO 21091:2013 Health informatics. Directory services for healthcare providers, subjects of care and other entities
    BS ISO/IEC 18028-5:2006 Information technology. Security techniques. IT network security Securing communications across networks using virtual private networks
    09/30168526 DC : 0 BS ISO/IEC 27033-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NETWORK SECURITY - PART 1: GUIDELINES FOR NETWORK SECURITY
    ISO/TS 17090-3:2002 Health informatics Public key infrastructure Part 3: Policy management of certification authority
    TR 102 040 : 1.3.1 ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); INTERNATIONAL HARMONIZATION OF POLICY REQUIREMENTS FOR CAS ISSUING CERTIFICATES
    12/30271004 DC : 0 BS ISO 22600-2 - HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS
    07/30169475 DC : 0 BS ISO 15782-1 - CERTIFICATE MANAGEMENT FOR FINANCIAL SERVICES - PART 1: PUBLIC KEY CERTIFICATES
    BS ISO 17090-1:2013 Health informatics. Public key infrastructure Overview of digital certificate services
    BS ISO/IEC TR 13335-5:2001 Information technology. Guidelines for the management of IT security Management guidance of network security
    CSA ISO/IEC 13888-3 : 2010 : R2015 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 3: MECHANISMS USING ASYMMETRIC TECHNIQUES
    CSA ISO/IEC 18014-2 : 2010 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 2: MECHANISMS PRODUCING INDEPENDENT TOKENS
    CSA ISO/IEC 18014-1 : 2009 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 1: FRAMEWORK
    INCITS/ISO/IEC 24713-3 : 2010 INFORMATION TECHNOLOGY - BIOMETRIC PROFILES FOR INTEROPERABILITY AND DATA INTERCHANGE - PART 3: BIOMETRICS BASED VERIFICATION AND IDENTIFICATION OF SEAFARERS
    CSA ISO TS 17090-3 : 2005 HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 3: POLICY MANAGEMENT OF CERTIFICATION AUTHORITY
    INCITS/ISO/IEC 18028-5 : 2008 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 5: SECURING COMMUNICATIONS BETWEEN NETWORKS USING VIRTUAL PRIVATE NETWORKS
    ISO/IEC 13888-3:2009 Information technology Security techniques Non-repudiation Part 3: Mechanisms using asymmetric techniques
    DD ISO/TS 17090-2:2002 Health informatics. Public key infrastructure Certificate profile
    ISO/IEC 18014-1:2008 Information technology Security techniques Time-stamping services Part 1: Framework
    ISO/IEC 13888-1:2009 Information technology Security techniques Non-repudiation Part 1: General
    INCITS/ISO/IEC TR 13335-5 : 2001 INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 5: MANAGEMENT GUIDANCE ON NETWORK SECURITY
    08/30135161 DC : 0 ISO/IEC 18014-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 2: MECHANISMS PRODUCING INDEPENDENT TOKENS
    04/30062174 DC : DRAFT JUN 2004 ISO/IEC FCD 17799 - INFORMATION TECHNOLOGY - CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT
    17/30281253 DC : 0 BS ISO 21188 - PUBLIC KEY INFRASTRUCTURE FOR FINANCIAL SERVICES - PRACTICES AND POLICY FRAMEWORK
    BS ISO/IEC 13888-3:1997 Information technology. Security techniques. Non-repudiation Mechanisms using asymmetric techniques
    14/30278505 DC : 0 BS ISO/IEC 27033-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NETWORK SECURITY PART 1: OVERVIEW AND CONCEPTS
    15/30282567 DC : 0 BS ISO 12812-5 - CORE BANKING - MOBILE FINANCIAL SERVICES - PART 5: MOBILE PAYMENTS TO BUSINESS
    BS ISO/IEC 18028-1:2006 Information technology. Security techniques. IT network security Network security management
    DD ISO/TS 17090-3:2002 Health informatics. Public key infrastructure Policy management of certification authority
    BS ISO/IEC 18014-2:2009 Information technology. Security techniques. Time-stamping services Mechanisms producing independent tokens
    DD ISO/TS 17090-1:2002 Health informatics. Public key infrastructure Framework and overview
    07/30135157 DC : 0 BS ISO/IEC 18014-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 1: FRAMEWORK
    BS ISO/IEC 21827:2008 Information technology. Security techniques. Systems security engineering. Capability maturity model (SSE- CMM)
    12/30186137 DC : 0 BS ISO/IEC 27002 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS
    BS EN ISO 22600-2:2014 Health informatics. Privilege management and access control Formal models
    BS ISO 17090-3:2008 Health informatics. Public key infrastructure Policy management of certification authority
    ISO/TS 22600-2:2006 Health informatics Privilege management and access control Part 2: Formal models
    INCITS/ISO/IEC TR 13335-5 : 2001 : R2007 INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 5: MANAGEMENT GUIDANCE ON NETWORK SECURITY
    CSA ISO/IEC 18014-2 : 2010 : R2015 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 2: MECHANISMS PRODUCING INDEPENDENT TOKENS
    BS ISO/IEC 13888-1:2009 Information technology. Security techniques. Non-repudiation General
    CSA ISO TS 17090-1 : 2005 HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 1: FRAMEWORK AND OVERVIEW
    CSA ISO/IEC 18028-5 : 2006 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 5: SECURING COMMUNICATIONS ACROSS NETWORKS USING VIRTUAL PRIVATE NETWORKS
    ISO/TR 17068:2012 Information and documentation - Trusted third party repository for digital records
    ISO 15782-1:2009 Certificate management for financial services Part 1: Public key certificates
    ISO/TS 17090-1:2002 Health informatics Public key infrastructure Part 1: Framework and overview
    EN ISO 21091:2013 Health informatics - Directory services for healthcare providers, subjects of care and other entities (ISO 21091:2013)
    CSA Z21091 : 2007 HEALTH INFORMATICS - DIRECTORY SERVICES FOR SECURITY, COMMUNICATIONS AND IDENTIFICATION OF PROFESSIONALS AND PATIENTS
    ISO 17090-1:2013 Health informatics Public key infrastructure Part 1: Overview of digital certificate services
    05/30092187 DC : DRAFT APR 2005 ISO 21188 - PUBLIC KEY INFRASTRUCTURE FOR FINANCIAL SERVICES - PRACTICES AND POLICY FRAMEWORK
    BS ISO 17090-2:2015 Health informatics. Public key infrastructure Certificate profile
    CSA ISO/IEC 18014-1 : 2009 : R2014 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - TIME-STAMPING SERVICES - PART 1: FRAMEWORK
    UNE-ISO/TR 17068:2013 Information and documentation. Trusted third party repository for digital records.
    ISO 17090-3:2008 Health informatics Public key infrastructure Part 3: Policy management of certification authority
    DIN EN ISO 22600-2:2015-02 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS (ISO 22600-2:2014)
    15/30303638 DC : 0 BS ISO 17068 - INFORMATION AND DOCUMENTATION - TRUSTED THIRD PARTY REPOSITORY FOR DIGITAL RECORDS
    PD ISO/TS 12812-5:2017 Core banking. Mobile financial services Mobile payments to businesses
    CSA ISO/IEC 21827 : 2009 : R2014 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - SYSTEMS SECURITY ENGINEERING - CAPABILITY MATURITY MODEL (SSE-CMM)
    CSA ISO/IEC 13888-1:2010 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 1: GENERAL
    ISO/IEC 18014-2:2009 Information technology Security techniques Time-stamping services Part 2: Mechanisms producing independent tokens
    ISO/TS 17090-2:2002 Health informatics Public key infrastructure Part 2: Certificate profile
    ISO/IEC 18028-1:2006 Information technology Security techniques IT network security Part 1: Network security management
    ISO 21091:2013 Health informatics — Directory services for healthcare providers, subjects of care and other entities
    ISO 22600-2:2014 Health informatics Privilege management and access control Part 2: Formal models
    EN ISO 22600-2:2014 Health informatics - Privilege management and access control - Part 2: Formal models (ISO 22600-2:2014)
    05/30104603 DC : DRAFT JUN 2005 ISO/IEC FCD 18028-5 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 5: SECURING COMMUNICATIONS ACROSS NETWORKS USING VIRTUAL PRIVATE NETWORKS
    13/30274150 DC : 0 BS ISO 17090-2 - HEALTH INFORMATICS - PUBLIC KEY INFRASTRUCTURE - PART 2: CERTIFICATE PROFILE
    UNI EN ISO 21091 : 2013 HEALTH INFORMATICS - DIRECTORY SERVICES FOR HEALTHCARE PROVIDERS, SUBJECTS OF CARE AND OTHER ENTITIES
    BS ISO/IEC 24713-3:2009 Information technology. Biometric profiles for interoperability and data interchange Biometrics-based verification and identification of seafarers
    CSA ISO/IEC TR 13335-5 : 2004 INFORMATION TECHNOLOGY - GUIDELINES FOR THE MANAGEMENT OF IT SECURITY - PART 5: MANAGEMENT GUIDANCE ON NETWORK SECURITY
    DD ISO/TS 22600-2:2006 Health informatics. Privilege management and access control Formal models
    CSA ISO/IEC 13888-3:2010 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - NON-REPUDIATION - PART 3: MECHANISMS USING ASYMMETRIC TECHNIQUES
    ISO/IEC 20248:2018 Information technology Automatic identification and data capture techniques Data structures Digital signature meta structure
    ISO/IEC TR 13335-5:2001 Information technology Guidelines for the management of IT Security Part 5: Management guidance on network security
    ISO/TS 12812-5:2017 Core banking — Mobile financial services — Part 5: Mobile payments to businesses
    CSA ISO/IEC 18028-1 : 2006 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - IT NETWORK SECURITY - PART 1: NETWORK SECURITY MANAGEMENT
    I.S. EN ISO 22600-2:2014 HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 2: FORMAL MODELS (ISO 22600-2:2014)

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 13888-2:2010 Information technology Security techniques Non-repudiation Part 2: Mechanisms using symmetric techniques
    ISO 15782-1:2009 Certificate management for financial services Part 1: Public key certificates
    ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
    ISO/IEC 7498-3:1997 Information technology Open Systems Interconnection Basic Reference Model: Naming and addressing
    ISO/IEC 9798-3:1998 Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniques
    BS 7799(1995) : AMD 9911 CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT
    ISO/IEC 11770-2:2008 Information technology Security techniques Key management Part 2: Mechanisms using symmetric techniques
    ISO/IEC 15945:2002 Information technology — Security techniques — Specification of TTP services to support the application of digital signatures
    ISO/IEC 15408-3:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components
    ISO/IEC 8824-2:2015 Information technology Abstract Syntax Notation One (ASN.1): Information object specification Part 2:
    ISO/IEC 13888-3:2009 Information technology Security techniques Non-repudiation Part 3: Mechanisms using asymmetric techniques
    ISO/IEC 9798-4:1999 Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function
    ISO/IEC 10181-3:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Access control framework
    ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview
    ISO/IEC 9798-2:2008 Information technology Security techniques Entity authentication Part 2: Mechanisms using symmetric encipherment algorithms
    ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
    ISO/IEC TR 13335-2:1997 Information technology Guidelines for the management of IT Security Part 2: Managing and planning IT Security
    ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
    ISO/IEC 9594-6:2017 Information technology Open Systems Interconnection The Directory Part 6: Selected attribute types
    ISO/IEC 8824-4:2015 Information technology Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications Part 4:
    ISO/IEC 10118-1:2016 Information technology Security techniques Hash-functions Part 1: General
    ISO/IEC TR 13335-3:1998 Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security
    ISO/IEC 13888-1:2009 Information technology Security techniques Non-repudiation Part 1: General
    ISO/IEC Guide 61:1996 General requirements for assessment and accreditation of certification/registration bodies
    ISO/IEC 10181-4:1997 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework Part 4:
    ISO/IEC 10181-2:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Authentication framework
    ISO/IEC TR 13335-4:2000 Information technology Guidelines for the management of IT Security Part 4: Selection of safeguards
    ISO/IEC 10118-3:2004 Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions
    AS/NZS 4444.1:1999 Information security management Code of practice for information security management
    ISO/IEC 15946-3:2002 Information technology Security techniques Cryptographic techniques based on elliptic curves Part 3: Key establishment
    ISO/IEC 10181-5:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Confidentiality framework
    ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model
    ISO/IEC 8824-1:2015 Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation Part 1:
    ISO/IEC 10181-6:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Integrity framework
    ISO/IEC 10118-2:2010 Information technology Security techniques Hash-functions Part 2: Hash-functions using an n-bit block cipher
    ISO/IEC Guide 65:1996 General requirements for bodies operating product certification systems
    ISO/IEC 8824-3:2015 Information technology Abstract Syntax Notation One (ASN.1): Constraint specification Part 3:
    ISO/IEC 11770-1:2010 Information technology Security techniques Key management Part 1: Framework
    ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques
    ISO/IEC 9798-1:2010 Information technology Security techniques Entity authentication Part 1: General
    ISO/IEC TR 13335-1:1996 Information technology — Guidelines for the management of IT Security — Part 1: Concepts and models for IT Security
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective