Back

ISO/IEC 11770-4:2017

Information technology -- Security techniques -- Key management -- Part 4: Mechanisms based on weak secrets

General information

Valid from 17.11.2017
ICS Groups
35.030 IT Security
Directives or regulations
None

Standard history

Status
Date
Type
Name
02.02.2021
Amendment
ISO/IEC 11770-4:2017/Amd 2:2021
06.09.2019
Amendment
ISO/IEC 11770-4:2017/Amd 1:2019
17.11.2017
Main
ISO/IEC 11770-4:2017
Main
ISO/IEC 11770-4:2006
Corrigendum
ISO/IEC 11770-4:2006/Cor 1:2009
ISO/IEC 11770-4:2017 defines key establishment mechanisms based on weak secrets, i.e. secrets that can be readily memorized by a human, and hence, secrets that will be chosen from a relatively small set of possibilities. It specifies cryptographic techniques specifically designed to establish one or more secret keys based on a weak secret derived from a memorized password, while preventing offline brute-force attacks associated with the weak secret. ISO/IEC 11770-4:2017 is not applicable to the following aspects of key management:
-      life-cycle management of weak secrets, strong secrets, and established secret keys;
-      mechanisms to store, archive, delete, destroy, etc. weak secrets, strong secrets, and established secret keys.

Required fields are indicated with *

*
*
*
PDF
241.44 € incl tax
Paper
241.44 € incl tax
Standard monitoring
English (PDF 273 KB)

Related products

Amendment

ISO/IEC 11770-4:2017/Amd 2:2021

Information technology — Security techniques — Key management — Part 4: Mechanisms based on weak secrets — Amendment 2: Leakage-resilient password-authenticated key agreement with additional stored secrets
Newest version Valid from 02.02.2021
Amendment

ISO/IEC 11770-4:2017/Amd 1:2019

Unbalanced Password-Authenticated Key Agreement with Identity-Based Cryptosystems (UPAKA-IBC)
Newest version Valid from 06.09.2019
Main

EVS-EN ISO/IEC 27001:2017

Information technology - Security techniques - Information security management systems - Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015)
Withdrawn from 15.08.2023
Main

EVS-EN ISO/IEC 27001:2023

Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC 27001:2022)
Valid from 15.08.2023

Standards designation

EVSEstonian standard
ENEuropean standard (published by an CEN or CENELEC)
EN ISOInternational standard adopted as an European standard
ISOInternational Organization for Standardization’s standard
IECInternational Electrotechnical Commission’s standard
HDCENELEC’s harmonisation document
EVS-ENEuropean standard implemented in Estonia
EVS-EN ISOInternational standard adopted in Europe and implemented in Estonia
EVS-EN ISO/IECInternational standard/International electrotechnical standard adopted in Europe and implemented in Estonia
EVS-IECInternational electrotechnical standard implemented in Estonia
EVS-ISO International standard implemented in Estonia
 
A, AMDamedment
+Aa full standard plus the amendment
/Aonly amendment
COR, ACcorrigendum
+CORa full standard plus the corrigendum
NAnational annex
+NAa full standard plus the national annex
/NAonly national annex
TStechnical specification
TRtechnical report
CWAagreement, developed by a CEN or CENELEC
prEVS-EN (etc)draft standard
 
etthe standard is in Estonian only
enthe standard is in English only
et-enthe standard is in Parallel text Estonian-English