Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Table 5: Protection requirements for cryptographic keys<br />
Key Type <strong>Security</strong><br />
Service<br />
Private<br />
signature key<br />
Public<br />
signature<br />
verification<br />
key<br />
Symmetric<br />
authentication<br />
key<br />
Private<br />
authentication<br />
key<br />
Public<br />
authentication<br />
key<br />
Symmetric<br />
data<br />
encryption/dec<br />
ryption key<br />
Authentication;<br />
Integrity;<br />
Nonrepudiation<br />
Authentication;<br />
Integrity;<br />
Nonrepudiation<br />
Authentication;<br />
Integrity<br />
Authentication;<br />
Integrity<br />
Authentication;<br />
Integrity<br />
<strong>Security</strong><br />
Protection<br />
Integrity 24 ;<br />
Confidentiality<br />
Archive;<br />
Integrity;<br />
Archive;<br />
Integrity;<br />
Confidentiality<br />
Integrity;<br />
Confidentiality<br />
Archive;<br />
Integrity<br />
Confidentiality Archive;<br />
Integrity;<br />
Confidentiality<br />
Association<br />
Protection<br />
Usage or<br />
application;<br />
Domain parameters;<br />
Public signature<br />
verification key<br />
Usage or<br />
application;<br />
Key pair owner<br />
Domain parameters;<br />
Private signature<br />
key;<br />
Signed data<br />
Usage or<br />
application;<br />
Other authorized<br />
entities;<br />
Authenticated data<br />
Usage or<br />
application;<br />
Public<br />
authentication key;<br />
Domain parameters<br />
Usage or<br />
application;<br />
Key pair owner;<br />
Authenticated data;<br />
Private<br />
authentication key;<br />
Domain parameters<br />
Usage or<br />
application;<br />
Other authorized<br />
entities;<br />
Plaintext/Encrypted<br />
data<br />
Assurances<br />
Required<br />
24 Integrity protection can be provided by a variety of means. See Sections 6.2.1.2 and 6.2.2.2.<br />
74<br />
March, 2007<br />
Period of Protection<br />
Possession From generation until the<br />
end of the cryptoperiod<br />
Validity From generation until no<br />
protected data needs to be<br />
verified<br />
From generation until no<br />
protected data needs to be<br />
verified<br />
Possession From generation until the<br />
end of the cryptoperiod<br />
Validity From generation until no<br />
protected data needs to be<br />
authenticated<br />
From generation until the<br />
end of the lifetime of the<br />
data or the end of the<br />
cryptoperiod, whichever<br />
comes later