NISTIR 90-4262 includes four documents dealing with key management which were developed by the National Security Agency (NSA) as output from the Secure Data Network System (SDNS) project. SDN.601, Communication Protocol Requirements for Support of the SDNS Key Management Protocol, supplies a profile for the implementation of SDNS Key Management services in Open Systems. It is primarily concerned with providing guidance for implementation agreements on the variety of protocol stacks that are needed to satisfy the Key Management Application Process (KMAP) requirements in various communication specific environments. It also specifies the protocol support required at the transport, network, data link, and physical layers for varying communication environments; namely Packet Switched Networks (PSN), Local Area Networks (LAN), and direct dial Public Switched Telephone Networks (PSTN).
SDN.902, Definition of Services Provided by the Key Management Application Service Element (KMASE) , defines in an abstract way the key management services within the OSI Application Layer in terms of ; a) the primitive actions and events of the service; b) the parameter data associated with each primitive action and event; and c) the relationship between and the valid sequences of these actions and events. The standard only defines the services in terms of an abstract model. It implies neither a particular implementation of the services, nor does it imply a particular representation of the service primitives.
The protocol specified in SDN.903, Specification of the Protocol for Services Provided by the Key Management Application Service Element, describes the KMASE services provided to the Key Management Application Process (KMAP) to support applications in a distributed open systems environment. Key management provides for the generation, distribution, and updating of traffic encryption keys. Some management capabilities for authentication and access control are provide by the KMAP.
SDN.906, SDNS Traffic Key Attribute Negotiation, specifies the framework of the SDNS security attribute negotiation service. It supplements SDN.902 and SDN.903 where traffic key security service attributes negotiation is specified.
The four key management documents of NISTIR 90-4262 support the security protocols addressed in NISTIR 90-4250 and the access control documents covered in NISTIR 90-4259.
NISTIR 90-4262 includes four documents dealing with key management which were developed by the National Security Agency (NSA) as output from the Secure Data Network System (SDNS) project. SDN.601, Communication Protocol Requirements for Support of the SDNS Key Management Protocol, supplies a profile...
See full abstract
NISTIR 90-4262 includes four documents dealing with key management which were developed by the National Security Agency (NSA) as output from the Secure Data Network System (SDNS) project. SDN.601, Communication Protocol Requirements for Support of the SDNS Key Management Protocol, supplies a profile for the implementation of SDNS Key Management services in Open Systems. It is primarily concerned with providing guidance for implementation agreements on the variety of protocol stacks that are needed to satisfy the Key Management Application Process (KMAP) requirements in various communication specific environments. It also specifies the protocol support required at the transport, network, data link, and physical layers for varying communication environments; namely Packet Switched Networks (PSN), Local Area Networks (LAN), and direct dial Public Switched Telephone Networks (PSTN).
SDN.902, Definition of Services Provided by the Key Management Application Service Element (KMASE) , defines in an abstract way the key management services within the OSI Application Layer in terms of ; a) the primitive actions and events of the service; b) the parameter data associated with each primitive action and event; and c) the relationship between and the valid sequences of these actions and events. The standard only defines the services in terms of an abstract model. It implies neither a particular implementation of the services, nor does it imply a particular representation of the service primitives.
The protocol specified in SDN.903, Specification of the Protocol for Services Provided by the Key Management Application Service Element, describes the KMASE services provided to the Key Management Application Process (KMAP) to support applications in a distributed open systems environment. Key management provides for the generation, distribution, and updating of traffic encryption keys. Some management capabilities for authentication and access control are provide by the KMAP.
SDN.906, SDNS Traffic Key Attribute Negotiation, specifies the framework of the SDNS security attribute negotiation service. It supplements SDN.902 and SDN.903 where traffic key security service attributes negotiation is specified.
The four key management documents of NISTIR 90-4262 support the security protocols addressed in NISTIR 90-4250 and the access control documents covered in NISTIR 90-4259.
Hide full abstract
