ISO IEC 9798-4-1999 PDF

Full title and description

Information technology — Security techniques — Entity authentication — Part 4: Mechanisms using a cryptographic check function. This international standard defines standardized mechanisms by which an entity proves its identity by generating a cryptographic check value (for example a message authentication code) over selected data using a shared secret or keyed function; mechanisms for both unilateral and mutual authentication are specified, and time-variant parameters (time stamps, sequence numbers, random challenges) are used to prevent replay and reuse of authentication information.

Abstract

Part 4 of ISO/IEC 9798 specifies entity authentication methods that rely on a cryptographic check function. It explains configurations for unilateral and mutual authentication, the use of time-variant inputs (time stamps, sequence numbers, random nonces), and the required message exchanges (one-, two- or three-pass sequences depending on the chosen parameter type). Examples of suitable cryptographic check functions are referenced from ISO/IEC 9797.

General information

• Status: Published (confirmed after periodic reviews; remains the current 1999 edition as confirmed by ISO reviews).
• Publication date: December 1999 (Edition 2; valid from 16 December 1999).
• Publisher: ISO/IEC (International Organization for Standardization / International Electrotechnical Commission), developed by JTC 1/SC 27.
• ICS / categories: 35.030 — IT security.
• Edition / version: Edition 2 (1999).
• Number of pages: 7 (1999 edition).

Scope

This part of ISO/IEC 9798 specifies authentication mechanisms in which a claimant demonstrates knowledge of a secret key by producing a cryptographic check value computed over agreed data fields. The standard covers message formats and sequence flows needed to provide replay resistance by incorporating time stamps, sequence numbers or random challenges, and it distinguishes the number of message passes required for unilateral versus mutual authentication depending on the mechanism chosen. Implementation guidance focuses on how to arrange inputs to the check function and how to manage time‑variant parameters to avoid replay attacks.

Key topics and requirements

• Definition and formal description of mechanisms that use a cryptographic check function (e.g., MACs) for entity authentication.
• Support for unilateral and mutual authentication modes and the required message-pass counts (one, two or three passes depending on time-variant choice).
• Use of time-variant parameters—time stamps, sequence numbers, or random numbers—to prevent replay and to bind freshness to authentication tokens.
• Recommendations for structuring authentication data and selecting inputs to the cryptographic check function; references to ISO/IEC 9797 for example check functions.
• Notes on interoperability, expected message formats, and how challenge/response exchanges are constructed for different authentication goals.

Typical use and users

Implementers of security protocols, designers of authentication modules, security architects, and organizations developing interoperable authentication solutions commonly use this standard. Typical applications include secure networked services, smart card authentication systems, online transaction verification, and constrained environments where a keyed cryptographic check (MAC) is preferred over public-key proofs for performance or operational reasons. Standards bodies, test labs, and implementors seeking compatibility with other ISO/IEC 9798 parts also consult this document.

Related standards

This part is one element of the ISO/IEC 9798 series on entity authentication (other parts cover mechanisms using digital signatures, zero-knowledge techniques, manual data transfer, etc.). It references ISO/IEC 9797 for cryptographic check functions and has published corrigenda (Cor 1:2009 and Cor 2:2012) that amend the 1999 text. Related documents include other ISO/IEC 9798 parts (1, 2, 3, 5, 6) and complementary authentication/assurance standards such as ISO/IEC 29115.

Keywords

entity authentication, cryptographic check function, MAC, message authentication code, challenge–response, time stamp, sequence number, replay protection, ISO/IEC 9798, authentication protocol.

FAQ

Q: What is this standard?

A: ISO/IEC 9798-4:1999 is the part of the ISO/IEC 9798 series that standardizes entity authentication mechanisms which use a cryptographic check function (for example a keyed MAC) to prove knowledge of a shared secret.

Q: What does it cover?

A: It covers protocol message formats and exchanges for unilateral and mutual authentication using time-variant parameters (time stamps, sequence numbers, random challenges), the number of message passes required for each option, and references to appropriate cryptographic check functions.

Q: Who typically uses it?

A: Security protocol designers, implementers of authentication systems (including smart cards, network services and embedded devices), test laboratories, and standards developers use it to ensure interoperable, replay-resistant authentication based on shared-key cryptographic checks.

Q: Is it current or superseded?

A: The 1999 (Edition 2) version is the current edition of ISO/IEC 9798-4 and has been subject to technical corrigenda in 2009 and 2012. The standard has been periodically reviewed and was confirmed in ISO systematic reviews; implementers should check for any later amendments or national adoptions before purchase or formal citation.

Q: Is it part of a series?

A: Yes — ISO/IEC 9798 is a multipart series addressing entity authentication. Part 4 addresses cryptographic check function mechanisms; other parts address different authentication techniques (digital signatures, zero-knowledge proofs, manual transfer, etc.).

Q: What are the key keywords?

A: Entity authentication, cryptographic check function, MAC, challenge–response, time stamp, sequence number, replay protection, mutual authentication, unilateral authentication.