Information security. Key management - Cross-domain password-based authenticated key exchange

Information security. Key management - Cross-domain password-based authenticated key exchange

£272.00
£272.00
£136.00
Sold out

What is ISO 117707 about?  

The ISO 11770 series discusses information security. ISO 117707 elaborates on password-based key management. ISO 117707 specifies mechanisms for cross-domain password-based authenticated key exchange, all of which are four-party password-based authenticated key exchange (4PAKE) protocols. Such protocols let two communicating entities establish a shared session key using just the login passwords that they share with their respective domain authentication servers. 

The authentication servers assumed to be part of a standard public key infrastructure (PKI), act as ephemeral certification authorities (CAs) that certify key materials that users can subsequently use to exchange and agree on as a session key. 

Note: ISO 117707 does not specify the means to be used to establish a shared password between an entity and its corresponding domain server. This document also does not define the implementation of a PKI and the means for two distinct domain servers to exchange or verify their respective public key certificates. 

Who is ISO 117707 for? 

ISO 117707 on information security useful for: 

  • Cybersecurity teams 
  • Software teams 
  • IT-based organizations who are looking to improve their security 
  • Any organization that wants to protect its data 

Why should you use ISO 117707?  

Business-critical information should be exchanged on secure platforms. One way to secure your data is using key exchange mechanisms. In a security domain, two entities can authenticate each other and establish a shared session key to protect their communication. This authentication is typically based on pre-established information, such as a shared password or symmetric key or possession of each other’s public key certificates.  

ISO 117707 specifies cross-domain password-based authenticated key exchange mechanisms. Such mechanisms enable you from one domain to establish a session key shared with your client from a different domain through your respective domain servers. The only pre-established authentication information that both of you have is a password shared with their domain server. Each mechanism specified in ISO 117707 involves four parties in two security domains, in which each user and server pair are in the same domain. This type of mechanism is referred to as a four-party password-based authenticated key exchange (4PAKE) protocol. ISO 117707 contains a framework for designing such 4PAKE protocols using a compositional approach. That is, a 4PAKE protocol can be implemented based on two building blocks: 

  • A 2PAKE protocol 
  • A 2SAKE protocol or a 2AAKE protocol 

ISO 117707 also specifies several mechanisms for such 4PAKE protocols. The 2PAKE, 2SAKE and 2AAKE protocols used to implement such 4PAKE protocols are chosen from ISO/IEC 11770-4, ISO/IEC 11770-2 and ISO/IEC 11770-3 respectively. ISO 117707 ensures the exchange of information between you and your clients remain secured