Information security — Key management — Part 7: Cross-domain password-based authenticated key exchange (ISO/IEC 11770-7:2021)
This document specifies mechanisms for cross-domain password-based authenticated key exchange, allof which are four-party password-based authenticated key exchange (4PAKE) protocols. Such protocolslet two communicating entities establish a shared session key using just the login passwords that theyshare with their respective domain authentication servers. The authentication servers, assumed to bepart of a standard public key infrastructure (PKI), act as ephemeral certification authorities (CAs) thatcertify key materials that the users can subsequently use to exchange and agree on as a session key.This document does not specify the means to be used to establish a shared password between an entityand its corresponding domain server. This document also does not define the implementation of aPKI and the means for two distinct domain servers to exchange or verify their respective public keycertificates.
View in
