1

Scope

1.1

General ISO/IEC 10609 is applicable to End Systems concerned with operating in the Open Systems Interconnection (OSI) environment. It specifies a combination of OSI standards which collectively provide the connection-mode Transport Service using the connection-mode Network Service.

This part of ISO/IEC 10609 specifies a security sub-profile for the provision of security services using cryptographic techniques with Network Layer Security Protocol connection-mode and no-header mode.

1.2 Position within the Taxonomy The taxonomy of profiles is specified in ISO/IEC TR 10000-2. This part of ISO/IEC ISP 10609 supports security services for any TB, TC, TD or TE profile specified in ISO/IEC ISP 10609 (Connection-mode transport over connection-mode Network Service).

Note: ISO/IEC TR 10000 currently does not identify security sub- profiles. Profiles based on this part of ISO/IEC ISP 10609 may be referred to as TB/C/D/EnnnS1, or TB/C/D/nnnS1C if confidentiality is selected.

1.4 Security Services The following security services are within the scope of this part of ISO/IEC ISP 10609:

a) Peer entity authentication b) Connection confidentiality (optional)

Notes 1) It is strongly recommended that some form of access control is supported. However, this may be achieved using local access control lists which are outside the scope of this profile.

2) Limited connection integrity without recovery may be provided by the encipherment mechanism for confidentiality depending on the algorithm employed (e.g. stream ciphers and algorithms employing cipher block chaining may provide integrity protection whereas electronic code book ciphers are likely to provide little or no integrity protection).

1.5 Security Mechanisms This part of ISO/IEC ISP 10609 provides no assurance as to the str ength of the security mechanisms employed.

This part of ISO/IEC ISP 10609 does not specify the cryptographic algorithms to be employed.