Presentations and Documents for the December 2007 Working Group Meeting

General presentations
P1363 presentations
P1363.1 presentations
P1363.2 presentations
P1363.3 presentations

General

IEEE Patent Policy slide set

P1363

Outstanding items from last meeting:

Need material about MOV condition. WW to coordinate with Dan Brown.

P1363.1

P1363.2

Scope and Purpose from PAR

Scope

Specifications of common public-key cryptographic techniques for performing password-based authentication and key exchange, supplemental to the techniques considered in IEEE P1363 and IEEE P1363a. Specifications of primitives, schemes, and protocols designed to safely utilize passwords and other low-grade secrets as a basis for securing electronic transactions. Class of computer and communications systems is not restricted.

Purpose

Ensuring privacy and authenticity in personal electronic transactions is a process that necessarily involves human beings. Memorized secrets are an important factor in human authentication. Many common cryptographic methods for authentication require large, random high-grade secret keys, yet, the secrets that human beings can conveniently memorize and reliably reproduce tend to be low-grade secrets. Passwords are widely used low-grade secrets that are typically not-so-random and relatively small, and introduce risks of brute-force attack when inappropriately used as cryptographic keys.

P1363.2 will specify public-key cryptographic techniques specifically designed to securely perform password-based authentication and key exchange. These techniques provide a way to authenticate people and distribute high-quality cryptographic keys for people, while preventing off-line brute-force attacks associated with passwords. A resulting high quality key may be more confidently used in combination with other cryptographic methods, such as symmetric encryption methods and public-key encryption, identification, and digital signature methods. P1363.2 will provide a reference for a variety of such password- based techniques within a suitable framework.

It is not the purpose of this project to mandate any particular set of password-based techniques or security requirements (including key sizes). Rather, the purpose is to provide: (1) a reference for specification of a variety of techniques from which applications may select, (2) the appropriate theoretic background, and (3) extensive discussion of security and implementation considerations so that a solution provider can choose appropriate security requirements.

Scope and Purpose from balloted standard

Scope

This standard covers specifications of common public-key cryptographic techniques for performing password-based authentication and key establishment, supplemental to the techniques described in IEEE Std 1363-2000 and IEEE Std 1363a-2004. It includes specifications of primitives and schemes designed to safely utilize passwords and other low-grade secrets as a basis for securing electronic transactions, including schemes for password-authenticated key agreement and password-authenticated key retrieval.

Purpose

Ensuring privacy and authenticity in personal electronic transactions is a process that necessarily involves human beings. Memorized secrets are an important factor in human authentication. Many common cryptographic methods for authentication require large, random high-grade secret keys; yet, the secrets that human beings can conveniently memorize and reliably reproduce tend to be low-grade secrets. Passwords are widely used low-grade secrets that are typically not-so-random and relatively small, and introduce risks of brute-force attack when inappropriately used as cryptographic keys.

P1363.2 specifies public-key cryptographic techniques specifically designed to securely safely perform password-based authentication and key establishment. These techniques provide a way to authenticate people and distribute high-quality cryptographic keys for people, while preventing off-line brute-force attacks associated with passwords. A resulting high quality key may be more confidently used in combination with other cryptographic methods, such as symmetric encryption methods and public-key encryption, identification, and digital signature methods. P1363.2 provides a reference for a variety of such password-based techniques within a suitable framework.

It is not the purpose of this document to mandate any particular set of password-based techniques or security requirements (including key sizes). Rather, the purpose is to provide: (1) a reference for specification of a variety of techniques from which applications may select, (2) the appropriate theoretic background, and (3) extensive discussion of security and implementation considerations so that a solution provider can choose appropriate security requirements.

P1363.3

New documents:

P1363.3, draft D1 v 1.2.
SK-KEM Signature Scheme for inclusion in P1363.3. Description (.pdf)

Outstanding items from last meeting:

Requested description of SK-KEM suitable for inclusion in P1363.3 -- supplied as noted above.
WW to mail list about location of form for patent Letter of Assurance (see http://standards.ieee.org/board/pat/).


IEEE Home Page	IEEE Standards	IEEE P1363