Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Key Type <strong>Security</strong><br />
Service<br />
Private<br />
ephemeral key<br />
agreement key<br />
Public<br />
ephemeral key<br />
agreement key<br />
Symmetric<br />
authorization<br />
keys<br />
Private<br />
authorization<br />
key<br />
Public<br />
authorization<br />
key<br />
<strong>Security</strong><br />
Protection<br />
Support Integrity;<br />
Confidentiality<br />
Association<br />
Protection<br />
Usage or<br />
application;<br />
Public ephemeral<br />
key agreement key;<br />
Domain parameters;<br />
Support Integrity 25 Key pair owner;<br />
Authorization Integrity;<br />
Confidentiality<br />
Authorization Integrity;<br />
Confidentiality<br />
Private ephemeral<br />
key agreement key;<br />
Usage or<br />
application;<br />
Domain parameters<br />
Usage or<br />
application;<br />
Other authorized<br />
entities<br />
Usage or<br />
application;<br />
Public authorization<br />
key;<br />
Domain parameters<br />
Authorization Integrity Usage or<br />
application;<br />
Key pair owner;<br />
Private authorization<br />
key;<br />
Domain parameters<br />
Assurances<br />
Required<br />
March, 2007<br />
Period of Protection<br />
From generation until the<br />
end of the key agreement<br />
process<br />
After the end of the process<br />
the key shall be destroyed<br />
Validity From generation until the<br />
key agreement process is<br />
complete<br />
From generation until the<br />
end of the cryptoperiod of<br />
the key<br />
Possession From generation until the<br />
end of the cryptoperiod of<br />
the key<br />
Validity From generation until the<br />
end of the cryptoperiod of<br />
the key<br />
6.1.2 Summary of Protection Requirements for Other Cryptographic or Related<br />
Information<br />
Table 6 provides a summary of the protection requirements for other cryptographic information<br />
during distribution and storage. Mechanisms for providing the necessary protection are discussed<br />
in Section 6.2.<br />
25 Public ephemeral key agreement keys are not generally protected during transmission; however, the key<br />
agreement protocols may be designed to detect unauthorized substitutions and modifications to the transmitted<br />
ephemeral public keys. In this case, the protocols form the data integrity mechanism.<br />
76