11.17 Class 17: Security function
Capability of maintaining the integrity of data elements, functions and processes.
数据单元、功能和过程的可靠性
Maintains the integrity of the system.系统的可靠
Some examples of security function attributes are given in Table 7 below.
Table 7 – Examples of security function attributes 安全功能属性举例
Identification识别
Method of uniquely identifying an entity within the system (log-on name, account number, meter number, card number, record identifier, batch number, receipt number, personal ID number, street name and number, bank name and branch code, token identifier, etc.)
在系统中唯一识别实体的方法(登陆名、帐号、表号、卡号、记录标识符、BATCH号、收据号、个人身份证号、街道名称门牌号、银行号和支行代码、TOKEN标识符)。
Authentication鉴定
Method of determining that the sender of a given piece of information is who it claims to be or represent (password, message authentication code, signature, biometric, private and public cryptographic keys)
决定由谁给出信息的方法(密码、信息权限代码、信号、个人和公共秘钥)
Integrity可靠性
Method of determining that a given piece of information is true to the original (Cyclic_Redundancy_Code, parity check, etc.) Non-repudiation Method of ensuring that the sender of a given piece of information cannot deny having sent it (RSA signature, message sequencing)
决定发出的信息可靠的方法(循环冗余编码、奇偶校验等)。信息的发送者不能否认有信息送
出(RSA签字)
Confidentiality机密
Rendering a private message unintelligible to an unauthorized reader (using encryption like DES, AES, RSA, proprietary algorithms, etc.)
使非权限的读者不能理解相关的秘密信息(使用加密技术如DES、AES、RSA、四则运算)
Authorization权限
Giving approval to perform defined actions within the system (user registration, access rights assignment, free token issues, transaction reversals, access rights to records (read, write, modify), etc.)
批准在系统中执行规定的动作使用者注册、处理权限分配、发行TOKEN、交易撤消、记录的处理权读、写、更改等。
Verification检查
Checking that a claimed activity had taken place or that a reported status is true (calibration accuracy, meter audit, cash register reconciliation, bank statement reconciliation, etc.)
检查某一动作发生或报告状态是正确的校准精度、表计检查、收银机、银行结算等。
Certification证明
Giving legal and traceable standing to the results of a verification process (metrology type certification, safety, code of practice, etc.)
对检查的过程的结果给出合法的可追溯的证明(校准证明、安全、操作码等)
Validation确认
Making new information valid (token generation, etc.)
使新的信息有效化(生成TOKEN等)
Cancellation取消
Making currently valid information permanently invalid (token acceptance in meter, returned
tokens, etc.)
使现在有效的信息形成永久的无效的(表计接收TOKEN,返回TOKEN等)
Expiration期满
Making information valid for a given period of time only (cryptographic key expiry, tariff expiry, password expiry, vendor credit expiry, etc.)
给有效的信息一个时间期限(密钥到期、费率到期、密码到期、买方CREDIT到期等)
Registration注册
Keeping a register of assigned security attributes of entities within the system (public cryptographic key registry, user registration)
系统中对实体安全属性的注册(公共密钥注册、用户注册)
Rights-assignment权限分配
Trusted responsibility for administering the assignment of security rights to other entities within the system (usually performed by the highest trusted officer in the user hierarchy)
对系统中其他实体的安全权利的分配(通常是用户层次中最高层管理者执行)
Supervision管理
A level of trust and authorized security rights to monitor and control activities of other entities within the system (for example: the person in charge of one or more cashiers and who might also do the banking)
授权对系统中其他实体的监视和控制(例如管理一个或多个出纳的人也可以做BANKING)
Sealing铅封
Limiting physical access to sensitive parts within the system in such a way that renders such intrusion obvious and detectable (meter terminal seals, physical protection of secure module for storage of crypto keys, a marked seal may also be the indicator of a certification)
从物理角度限制触及系统中敏感器件,如果发生,就可以察觉和检测出来(表计端子铅封,用于储存密钥的物理保护安全模块、可以指示的被标志了的铅封)
Detection探测
Reporting of the fact when a security attribute of the system has been breached
(broken meter seals, deviations in purchase pattern analysis, energy balancing)
当系统的安全属性被破坏时破坏表计铅封、破坏购买流程、或电量平衡),要输出报告
Prosecution检举
Law enforcement processes applied to a perpetrator as a consequence of committing
fraud or breaching unauthorized security attributes of the system
因为欺骗或破坏系统的安全属性使用法律惩罚犯罪者