Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC 13888-3-10:2015 – Non-Repudiation Mechanisms Using Asymmetric Techniques: Technical Overview and Compliance
Understanding the Scope, Cryptographic Requirements, and Implementation Guidelines for Secure Non-Repudiation Services
Scope and Application
IEC 13888-3-10:2015 is a specific mechanism defined within the ISO/IEC 13888 series for providing non-repudiation services using asymmetric cryptographic techniques. This part specifies the procedures for generating, verifying, and storing non-repudiation evidence (NRT – Non-Repudiation Tokens) that can be used to settle disputes over the occurrence of a digital event, such as the origin, delivery, or receipt of a message.
The standard is applicable to any environment where participants rely on public-key cryptography to assert actions and where legal or contractual requirements demand irrefutable proof. Typical use cases include electronic contracting, e-commerce transactions, long-term archiving, and audit trails. IEC 13888-3-10 focuses on the “asymmetric token” variant, which leverages digital signatures as the primary means of binding an entity to an event.
Technical Requirements for Non-Repudiation Mechanisms
Core Cryptographic Building Blocks
The standard mandates the use of approved asymmetric cryptography algorithms—typically RSA or ECDSA—combined with a collision-resistant hash function (e.g., SHA-256). Each non-repudiation token must contain an unambiguous identification of the token type, the evidence identifier, the involved entity, a timestamp (or a reference to a time-stamping service), and a digital signature computed over the token’s payload.
Token Types and Mechanisms
IEC 13888-3-10 defines several token mechanisms that serve different non-repudiation services. The table below summarizes the primary mechanisms specified in this part.
| Mechanism ID | Service | Primitive Operations | Typical TTP Role |
|---|---|---|---|
| NRO-3-10 | Non-Repudiation of Origin | Originator signs token with private key | Optional: time-stamping authority |
| NRD-3-10 | Non-Repudiation of Delivery | Recipient signs acknowledgment token | Optional: delivery authority |
| NRR-3-10 | Non-Repudiation of Receipt | Combined evidence from origin and recipient | Not required, may use TTP for verification |
| NRP-3-10 | Non-Repudiation of Submission | Submission agent signs submission token | Submission authority acts as TTP |
Each token must include a version field, a unique token identifier, and optionally a field for additional attributes (policy references, qualifiers). The signature algorithm and key length must be chosen according to an agreed security policy that satisfies the protection requirements of the application.
Evidence Verification
Verification of an NRT requires the recipient to retrieve the signer’s public-key certificate, validate its freshness, and perform the cryptographic verification using the same algorithms and parameters used during generation. The standard emphasizes that evidence must be stored in a manner that preserves its integrity over the entire retention period, including periodic re-stamping or use of long-term signature standards (e.g., CAdES, XAdES).
Implementation Tip: Adopt cryptographic agility by supporting a range of algorithms and key sizes. Refer to security recommendations such as NIST SP 800-57 or ENISA guidelines to ensure that the chosen suite remains resilient against evolving threats.
Implementation Guidelines and Best Practices
Key Management
Effective non-repudiation depends on strict key management. Private keys must be generated in a secure environment (e.g., FIPS 140-2 Level 2 or higher), and exposed only to the entity authorized to create evidence. Use of hardware security modules (HSMs) is strongly encouraged. Public-key certificates should be issued by a certificate authority (CA) that operates in accordance with a policy compatible with the overall evidence scheme.
Integration with PKI and Time-Stamping
IEC 13888-3-10 does not mandate a specific PKI profile, but it recommends that the TTP providing time-stamping services be made available for both generation and verification. Evidence validity can be extended through time-stamping of token digests; this is critical when the signer’s key may expire or be revoked before the evidence is needed.
Common Pitfall: Failing to bind a qualified timestamp to a token can render the evidence irretrievable in disputes. Always include a reliable time source and ensure the timestamp itself is verifiable.
Storage and Archiving
Evidence tokens must be stored in a secure, non-repudiable journal. The standard advises maintaining a chain of custody for all NRTs, including metadata about the verification status, access logs, and any revocation information. For long-term retention, employ a periodic re-validation scheme or use evidence formats that support detached signatures.
Success Strategy: Combine IEC 13888-3-10 with a formal evidence management policy that aligns with ISO 15489 (records management) and ISO 27001 (information security). This ensures that non-repudiation evidence is admissible in audits and legal proceedings.
Compliance Assessment and Certification
Conformance to IEC 13888-3-10 can be verified through inspection of the evidence lifecycle: generation, transmission, storage, and verification. Testing laboratories typically evaluate:
- Correct implementation of token structure and required fields.
- Cryptographic algorithm suitability and key strength.
- Robustness of the evidence storage mechanism against tampering.
- Integration with trusted third-party services (if used).
Documentation should include a cryptographic policy, a risk assessment, and a description of how evidence is archived and retired. For high-assurance environments, the implementation should also comply with ISO/IEC 15408 (common criteria) at a suitable evaluation assurance level.
Critical Issue: Do not assume that digital signatures alone provide non-repudiation. Without proper time-stamping and key management, signature repudiation becomes feasible. Verify that your implementation meets all conditions specified in clause 8 of the standard.
Frequently Asked Questions
Q: What is the difference between non-repudiation of origin and non-repudiation of delivery?
A: Non-repudiation of origin (NRO) proves that a specific entity generated a message, while non-repudiation of delivery (NRD) proves that the intended recipient actually received the message. Both are symmetric in evidence but involve different actors and token types.
A: Non-repudiation of origin (NRO) proves that a specific entity generated a message, while non-repudiation of delivery (NRD) proves that the intended recipient actually received the message. Both are symmetric in evidence but involve different actors and token types.
Q: Does ECO 13888-3-10 require a specific public key infrastructure?
A: No. The standard defines the token formats and cryptographic operations but leaves PKI selection to the community of use. However, it does require that each signer’s certificate be valid at the time of generation and that all verifiers can obtain the necessary certificates and revocation status.
A: No. The standard defines the token formats and cryptographic operations but leaves PKI selection to the community of use. However, it does require that each signer’s certificate be valid at the time of generation and that all verifiers can obtain the necessary certificates and revocation status.
Q: How does the standard address long-term preservation of evidence?
A: The standard recommends using a time-stamping service or long-term signature profiles (e.g., CAdES-LTA) to maintain proof of existence beyond the validity period of the original signing key. Implementations should also include periodic re-validation checks.
A: The standard recommends using a time-stamping service or long-term signature profiles (e.g., CAdES-LTA) to maintain proof of existence beyond the validity period of the original signing key. Implementations should also include periodic re-validation checks.
Q: Is conformance testing available for this part of the series?
A: Yes. ISO/IEC 13888-3-10 can be evaluated by accredited laboratories using test suites derived from the specification. Look for certification bodies that offer ISO/IEC 15408 or sector-specific (e.g., eIDAS) evaluation.
A: Yes. ISO/IEC 13888-3-10 can be evaluated by accredited laboratories using test suites derived from the specification. Look for certification bodies that offer ISO/IEC 15408 or sector-specific (e.g., eIDAS) evaluation.