WWW.DISSERS.RU


...
    !

Pages:     | 1 || 3 |

aa 21 Cxe ea 21.1 FEIGE-FIAT-SHAMIR Cxea poo oc poep ooc, papaoaa Aoco ao ( Amos Fiat) A a po (Adi Shamir), paccapaec [566, 567]. ...

-- [ 2 ] --

(5) a eeoa coy pooo oea a a ae popa c op a, o eeppoa ya cya ceaco . Bce oceye a poooa pyc c oo oo a.

(6) Teeo Ac epeae co cepa eaop ooae.

(7) Teeo oa poepe oc cepaa eaopa ooae, coy op ce.

(8) Teeo oa pye oceoaeoc apoco/oeo. oo eoxoo peao pe e (e oee aao aep) opa ocae oe a apoc. (o oeae o yey cooa cepa, copoae peyeo oea.) O oe oe oca ap o eeoa Ac, a pyo - ap o Ac.

(9) Ec oa e y eeoa, o eo eeo o.

(10) Ec o oa, o cae eeo co aa. Eo eeo opaae aa poepe cepa oa, a a aax (2) (3).

(11) o epeae co cepa eaop ooae.

(12) Teeo Ac poepe oc oa, a a ae (7) pye oceoaeoc apo co/oeo, a a ae (8).

(13) Oa eeoa o a co pa oc oep eeoa pyoo ooae.

(14) Haaec eoac paoop.

(15) oa oa copo eae pyy, yac ceaco , a ae cepa, oope eeo oa oy o eeoa Ac, cepa, oope eeo Ac oy o eeoa oa.

a DES yae aoo oa. O cyecye oo yp yx eeox aapao oo eee paoopa, a oce eo ooa eeeo yoaec. Ec oye oye o oa yacoax paoope aapaa, o e coe pacpoa o peecy pa oop, oopo yacoa a aapaa.

24.4 STU-III STU ooaae "Secure Telephone Unit" (eoac eeo oy), papaoa NSA eoac eeo. o paepa ope o oy o ao e, a o eeo, oe co oa ae, a o eeo. Aapa yco oy, e a o paoa a ecepee.

O ae a op epea ax oo epea pe oy cooa eoaco epea ax o oeoy aay [1133].

oca STU-III [494]:

o oo, coy STU-III, o caaa o opao o a pyo STU-III, ae cae o xoee a ycpoco, coepaee popaecy epeey, aae oy "cepee epeoop" ( "go se cure"). Cyc pepo 15 cey aep, yo popaeco acpo, a eeo o a pa opa o oc oyce pyo copo, paoop oe aac.

ecpeee ao oee oepa (Walter Deeley), aece peopa NSA o eoacoc oya, o STU-III yye ccee eoaco oocoo c co ep, ao The New York Times [282]. ao e oo cce o peoca Mcepcy oopo CA eo opa cpeca eoaco epea pe eoaco ocopoco epea ax. B ep e o oo caao o paoe c c e, o oceeo opa aaa oc. B oo ccee coyc ope .

O oo oxoe pacpeee e o paccaao [68], oo cae oopoc o eeoax, "epepopapyex pa o o eoacoy eeooy aay ", o eca epoo peoaae cooae poooa poep cepao, aaooo ocaoy [ paee 24.3], oop pye eeoo eox o oc oac c epo ypae a. ocee ec oee opa, x paccaaoc o ccee ypae a, aao FIREFLY, oopa [1341] "papaoaa a ae exoo opx e c oyec pacpeee e poa oapoo paa". o ocae, ceece oaa, ae opeccy CA Hpo (Lee Neuwirth) Cylink [1164] peoaa cooae oa oea a cepaa, aaooo coyeoy eoacx eeoax ISDN. Beca epoo, o FIREFLY ae ocoaa a oee cee.

STU-III pooc AT&T GE. a 1994 o o yeo 300000-400000 y. Hoa epc, Secure Terminal E uipment (STE, eoac epa), ye paoa o ISDN.

24.5 KERBEROS Kerberos pecae coo papaoa cee TCP/IP pooo poep ooc c oepeo pee copoo. Cya Kerberos, paoaa ce, ecye a oepe ocpe, oecea eoacy ceey poepy ooc, ay ooae oooc paoa a ecox a ax ce. Kerberos a cepo popa (peaoa DES, o eco eo oo cooa p y e aop). p oe c a oeo ce Kerberos coye o o cepe , ae oo cepeoo a paoco ea oea.

Kerberos epoaao papaoa MT poea Aa. Moe Kerberos ocoaa a poooe Needham-Schroeder c oepeo pee copoo (c. pae 3.3) [1159]. Opaa epc Kerberos, Bep c 4, opeeea [1094, 1499]. (Bepc c 1 o 3 ype pao epc.) Bepc 5, oa Bepc 4, opeeea [876, 877, 878]. y oopo o Kerberos ec [1163]. pye oope ca - [1384, 1493], cooae Kerberos peao pe xopoo ocao [781, 782].

Moe Kerberos ao pooo Kerberos cxeao oca paee 3.3. B oe Kerberos cyecy pacoo ee ce oe - e cepep. ea oy ooae, o oy eace p o pa, oe ceye ec : apyy ao, epeay cooe, ocy aa ax, ocy pepa, oyee acpax pe, ..

Kerberos xpa ay ax eo x cepex e. ooaee-e cepe ec apoa apoe. Ceee cy, peye poep ooc, e, oope xo cooa cy, pecppy Kerberos co cepee .

Ta a Kerberos ae ce cepee , o oe coaa cooe, yeae o oe ooc pyoo. Kerberos ae coae ceacoe , oope ac ey cepepy ( y ea) oy oe. Ceaco coyec poa cooe, oop oe a c e copo, yoaec oce ooa ceaca.

poa Kerberos coye DES. Kerberos epc 4 oecea ecaap, ca pe poep ooc - o e o opee opeee ee poeca (c. pae 9.10). Kerberos epc 5 coye pe CBC.

1. apoc aaa a eee aaa 2. Maa ee aaa 3. apoc aaa cepepa Kerberos TGS 4. Maa cepepa 5. apoc ycy 2 e Cepep Pc. 24-1. a poep ooc Kerberos a paomaem Kerberos B o paee paccapaec Kerberos epc 5. He opcy pa ey epc 4 5. poo o Kerberos poc (c. 23rd). e apaae y Kerberos aa a opaee Cye ee a ao (Ticket-Granting Service, TGS). o aa, apoa cepe o ea, ocaec ey. cooa opeoo cepepa e apaae y TGS aa a opaee cepepy.

Ec ce ope, TGS ocae aa ey. ae e pee cepepy o aa ece c y o coepee. coa, ec apy ea pa, cepep peocae ey ocy ycye.

Ta. 24-1.

Taa copae Kerberos c = e s = cepep a = ceeo apec ea v = aao ooae pee ec aaa t = ea pee Kx = cepe x Kx,y = ceaco x y (m)Kx = m, poaoe cepe o x Tx,y = aa x a cooae y Ax,y = yocoepee x y Ampuym Kerberos coye a a apyo: aa yocoepe. (B aee o paee ye cooac oa, coyea oyeax Kerberos - c. 23-.) Maa coyec eoaco epea cepepy oc ea, oopoy a o aa. B e ae coepc opa, o o py cepep oe cooa poep oo, o e, coy aa, - o eo o e, oopoy o aa a. ocoepee - o ooe apy, pee ece c a ao. Maa Kerberos ee ceyy opy:

Tc,s = s, {c, a, v, Kc,s}Ks.

Maa xopo ooo cepepa ooo ea. O coep ea, eo ceeo apec, ce p epa, ey pee ceaco . a opa pyec cepe o cepepa. Ec e oy aa, o oe cooa eo ocya cepepy oo pa - oa e cee cpo ec aaa. He oe pacpoa aa (o e ae cepeoo a cepepa ), o o oe pe eo cepepy apoao ope. poa e aa p epeae eo o ce eooo. o coepee Kerberos ee ceyy opy:

Ac,s = {c, t, }Kc,s e coae eo a pa, oa ey yo ocooac ycya cepepa. ocoepee coep ea, ey pee eoae ooe ceaco , ce ae py c ceaco o, o ea cepepa. B oe o aaa yocoepee coyec oo o pa. Oao o e poea, a a e oe eeppoa yocoepe o epe aooc (ey ece o cepee ).

cooae yocoepe peceye e e. Bo epx, oo coep eoop op ec, apoa ceaco o. o oaae, o ey ece . o e eee ao, a poa op ec ae ey pee. oye, oopoy yaoc aca aa, yocoepee, e coe cooa x cyc a .

Cooeu Kerberos epcuu B Kerberos epc 5 coyec cooe (c. 23-):

1. e-Kerberos: c,tgs 2. Kerberos-e: {Kc,tgs}Kc, {Tc,tgs}Ktgs 3. e-TGS: {Ac,s}Kc,tgs{Tc,tgs} Ktgs,s 4. TGS-e: {Kc,s}Kc,tgs{Tc,s}Ks 5. e-cepep: {Ac,s}Kc,s {Tc,s}Ks Teep paccop cooae x cooe opoo.

oyeue nepoaaoo aama ea ec ac opa, oaae eo oc - eo apo. oo, o e xoec a ca ea epeaa apo o ce. pooo Kerberos pye epooc opoea a po, o p o e ooe ooae pao epoa ce, ec o e ae apo.

e ocae cooee, coepaee eo eo cepepa TGS a cepep poep ooc Kerberos. (oe ecoo cepepo TGS.) Ha pae ooae, copee ceo, poco o coe popaa xoa ccey ocae apoc.

Cepep poep ooc Kerberos e ae o ee coe ae ax. Ec opa o ee ec ae ax, Kerberos eeppye ceaco , oop ye cooac oea a ey eo TGS. O aaec Maao a eee aaa (Ticket Granting Ticket, TGT). Kerberos pye o ceaco cepe o ea. ae o coae ea TGT, oaa ooc ea TGS, pye eo cepe o TGS. Cepep poep oo c ocae a apoax cooe ey.

Teep e pacpoae epoe cooee oyae ceaco . Cepe ec ooapaeo x-ye ecoo apo, ooy y aooo ooae e ye ax p o e. Caoae e ae paoo apo , ceoaeo, e oe pacpoa oe cepepa p o ep ooc. ocy apeaec, caoa e e oe oy aa ceaco .

e coxpae TGT ceaco , cpa apo x-aee. a opa yoaec yee epooc opoea. Ec pa oaec copoa a ea, o oy oo TGT ceaco . ae a, o oo a pe TGT. oa cpo ec TGT cee, cee cay eccce. Teep eee pee TGT e oe oaa TGS co ooc.

oyeue cepepx aamo ey peyec oy oe aa ao yo ey ycy. TGS ee aa oex cepepo.

oa ey ye aa, oopoo y eo oa e, o ocae apoc TGS. (Ha pae popaa, copee ceo, eae o aoaec eaeo ooae.) TGS, oy apoc, pacpoae TGT co cepe o. ae TGS coye e TGT ceaco , o pacpoa yocoepee. Haoe TGS cpaae opa yocoepe c opae aaa, ceeo apec ea c apeco opae apoca ey pee c ey peee. Ec ce coaae, TGS papeae oee apoca.

poepa eo pee peoaae, o ac cex oepo cxpopoa, o pae epe c ooc o ecox y. Ec pe, yaaoe apoce, oco o eyeo oea co a e o pooe yyee, TGS cae apoc oo oope peyeo apoca. TGS oa a e ocea paoc cpoo ec yocoepe, a a ycy cepepa oy apaac e coo pa oceoaeo c o aao, o pa yocoepe. pyo apoc c e e aa o ye cooao eo pee yocoep e ye oepy.

B oe a pa apoc TGS opaae pa aa, oop e oe pe ce p epy. TGS ae coae o ceaco ea cepepa, apoa ceaco o, o ea TGS. Oa x cooe opac ey. e pacpoae cooee eae ceaco .

anpoc ycyu Teep e oe oaa co ooc cepepy. O coae cooee, oe oxoee a o, o o poe ocaoc TGS ( o oo, a a TGS - oe ycya).

e coae yocoepee, cocoee eo e, ceeoo apeca e pee, apoaoe ceaco o, oop eeppoa TGS ceaca ea cepepa. apoc coco aaa, oyeoo o Kerberos (ye apoaoo cepe o cepepa ) apoaoo eaopa.

Cepep pacpoae poepe aa yocoepee, a ye ocyaoc, a ae poepe apec ea ey pee. Ec ce ope, o cepep yepe, o, coaco Kerberos, e - eo o, a oo o ce ae.

Ec poee peye ao poep ooc, cepep ocae ey cooee, cocoee e pee, apoao ceaco o. o oaae, o cepepy ece pa ce pe , o oe pacpoa aa yocoepee.

p eoxooc e cepep oy poa aee cooe o o. Ta a o ece oo , o oa oy yepe, o oceee cooee, apoaoe o, opaeo pyo copoo.

Kerberos epcuu B peyx paeax paccapac Kerberos epc 5. Bepc 4 eoo oaec cooe ocpye aao yocoepe. B Kerberos epc 4 coyc ceye cooe :

1. e-Kerberos: c,tgs 2. Kerberos-e: {Kc,tgs{Tc,tgs}Ktgs}Kc, 3. e-TGS: {Ac,s}Kc,tgs{Tc,tgs} Ktgs,s 4. TGS-e: {Kc,s{Tc,s}Ks}Kc,tgs 5. e-cepep: {Ac,s}Kc,s {Tc,s}Ks Tc,s = {s, c, a, v, l, Kc,s}Ks Ac,s = {c, a, t} Kc,s Cooe 1,3 5 e ec. ooe poae aaa a aax 2 4 epc 5 o ycpaeo.

Maa epc 5 ooeo a oooc cooa ecoo apeco, a oe "pe ", l, aeeo peee aaa ooa. B yocoepee epc oaea oooc e ooeoo a.

eonacocm Kerberos C eo (Steve Bellovin) Ma Mepp (Michael Merritt) poaapoa eoope oe ae ye eca Kerberos [108]. Xo a paoa a acaa po pooo epc 4, oe ee a ea pe epc 5.

Booo poae oopoe cooae capx yocoepe. Xo e o peopa ay oooc, yocoepe oy cooac oopo eee pee aaa.

peoaaec, o cepep xpa ce pae aa, o oapy oop, o o e cea ooo. poe oo, pe ae ocaoo o, aco o oc aco.

cooae yocoepe ocoa a o, o ce ac ce oee eee cxpopoa. Ec pe oepa ye ycaoeo epao, o capoe yocoepee oe cooao e p o e. oco ceex poooo oep eoo pee eeoac, ooy aa oooc pecae coo cepey poey.

Kerberos ae ycee cp c yaae apo. oye oe aca aa ae oac x pacpoa. He aye, o cpe ooae peo pae xopo apo.

Ec Mop oye ocaoo aao, y eo oc eoxe ac pacp apo.

Booo ca oac ec cpe, coyee ceaoe popaoe oeceee. po oo Kerberos opayea, o popaoy oecee oo oep. He cocoa oea M op coa ae ce ecoe popaoe oeceee Kerberos ao epce, oopa oo oe poooo Kerberos acae apo. o ec poeo oo popaecoo popaoo aea, paoaeo a eeoaco oepe, o poo pacpocpaeoe cooae Kerberos oox cpeax eae eo ocoeo peaeo e.

Beyc pao a yyee Kerberos, a oepa ypae a c oo p o pa c op a epeca eeyax apoe.

ueuu Kerberos e ec oeocy, o o MT ocye cooo. ecea peaa pao ax cceax UNIX - o coce pya cop. P oa poae epc Kerberos, o oo oy xopoy epc ecao o Cygnus Support, 814 University Ave., Pale Alto, CA, 94301;

(415) 32,2.-3811;

fax: (415) 32.2.-3270.

24.6 KRYPTOKNIGHT KryptoKnight (poPap) ec cceo poep ooc pacpeee e, papa o ao IBM. o pooo c cepe o, coy o DES pee CBC (c. pae 9.3) opoay epc MD5 (c. pae 18.5). KryptoKnight oepae epe cepca eoacoc :

poepa ooc ooae (aaea eceo oc - single sign-on) ycopo poepa ooc Pacpeeee e poepa ooc coepa pocxoe ax C o pe ooae, KryptoKnight oxo a Kerberos. Bo eoope o:

poep ooc poa aao KryptoKnight coye x-y.

KryptoKnight e coye cxpopoax aco, coyc oo eye apoc (c. pa e 3.3).

Ec Ace yo cac c oo, oa o KryptoKnight ooe Ace oca cooee oy, a ae ooe oy aa pooo oea a.

KryptoKnight, a Kerberos, coye aa yocoepe. O coep TGS, o KryptoKnight aac cepepa poep ooc. Papao KryptoKnight opa eao yc, py oeco cooe, x paep oe poa. O KryptoKnight ae [1110, 173, 174, 175].

24.7 SESAME SESAME oaae Secure European System for Applications in a Multivendor Environment - eoaca epo eca ccea poe eoopox cpeax. o poe Epoecoo cooeca, a 50 poe o acpye RACE (c. pae 25.7), ao e oopo ec papaoa exoo p o ep ooc ooae p pacpeeeo opoe ocya. y ccey oo paccapa a epoec apa Kerberos. poe coco yx ace: a epo ca papaaaec aoa apx eypa, a opa ca pecae coo p oepecx poeo. Ceye p oa pa aoee yace papaoe cce - ICL Beopa, Siemens epa Bull o pa.

SESAME pecae coo ccey poep ooc oea a [361, 1248, 797, 1043]. Oa coye pooo Needham-Schroeder, pe popa c op a c ey pa eoac oea. B ccee ec p cepex o. Beco cooa acoeo aopa poa o ccee peec XOR c 64-o o. o ee xye, SESAME c oyec XOR pee CBC, oop ocae eapoa ooy opoo eca. B ay papaoo ao caa, o o copac cooa DES, o paycoe paeco pao eyooce o oy ooy. O yep o c DES, o ae ypa eo. a ccea e e ea a.

Ooecee SESAME ec ye epoo oa, a e ceo cooe. B peyae oo o eceoc cooe ye poepea o coa "Dear Sir'', a e o cey coepa cooe. eepa e coco yx oo y rand oepaoo cce UNIX, oopa coce e cyaa. B aece ooapaex x-y SESAME coye crc32 MD5. oeo, SESAME ooo Kerberos ycea yaa apoe.

24.8 Oa popaeca apxeypa IBM Oa popaeca apxeypa ( Common Cryptographic Architecture, CCA) a papaoaa o ae IBM, o oece popaece p oeaoc, eococ, ypa e a opao epcoaoo eaooo oa (PIN) [751, 784, 1025, 1026, 940, 752].

paee a pocxo c oo eopo ypae ( control vector, CV) (c. pae 8.5). ao y y cooecye CV, c oop oee oepae XOR. CV paec oo eoaco aapao oye. CV pecae coo cpyypy ax, oeceay yoe o ae pe, cax c ope o.

Oee CV oaa ope cco p cooa aoo a, peeoo CGA. CV epeac ece c apoa o cpyypax ax, aaex e ap e pa (key token). Bypee ee apep coyc oao coepa , poae o a a o (master key, MK). Bee ee apep coyc poa a ey ccea. o ex ex apepax apoa a poa e (key-encrypting key, KEK). paee KEK ocyecec c oo ypex ex apepo.

paec a py cooec c x cooae.

a a ae aaec p oo o CV. oapo - 56-oe - coyc ax y, a oeceee oeaoc cooe. oo - 112-oe pec ypae a, y PIN pyx ceax ee. oy DOU BLE-ONLY (oo oe), pae ee oo oopx o pa, DOUBLE (oe) oo oopx oy cyao coac, SINGLE-REPLICATED (oape-oopee), oopx p a e ee oo pa, SINGLE (oape), coepae oo 56 o. CGA opeee aa pay peaa opeeex o e, coyex eoopx oepa.

CV poepec eoaco aapao oye : ao y CGA eop oe cooecoa opeee paa. Ec CV yceo poxo poepy, o p oo XOR KEK MK c CV oy aec apa KEK MK, ee eppoa opoo eca cooe co y ec oo p oe y CGA. p eepa ox e CV aae coco cooa co aoo a. oa o e, oope oy cooa cp cce, e co ac CGA-coecx cceax e opp yc x.

pacpeee e CGA pee oa popa c op a pop a c cepe a. KDC pye ceaco ooae cepe a o, pa ee c ooaee. Pacpeeee ax e pocxo c oo popa c o p a.

Papao cce pa ao p oxo o y pa. epo x ec e oc. popa c op a peye ox cex pecypco, ec ceacoe pacpeec c oo popa c op a, ccea oe ocy. Bopo po ec opaa coecoc, ccea oe c a ocec ycaoea oepx cyecyx cxe c cepe a.

CGA-cce poepoac a, o o o aoecoa c pa py ccea.

p oae c ecoec ccea y pac eopa ypae (Control Vector Translate, CVXLT) ooe ccea oeac a. aa y CVXLT peye opo c oe x copo. aa x oa eaco ycao ye a pac. Tao oo opo oeceae coy cee aeoc, acaec eococ pocxoe e, oppyex ccey.

T a DATA oepaec coecoc c py ccea. a DATA xpac ece c cooecy CV, yaa, o o a DATA. a DATA oy coo ac ocaoo poo, ooy yo oocc c oopee cooa x c ocopo o c. a DATA e cooa ax y ypae a.

Aapaypa ap oepecx ax (Commercial Data Masking Facility, CDMF) pecae coo coppyey epc CGA. Ee ocoeoc ec yeee eo e DES o pa peex copy 40 o (c. pae 15.5) [785].

24.9 Cxea poep ooc ISO cooa cxee poep ooc ISO, ae eco a pooo X.509, peoeye c popa c op a [304]. a cxea oeceae poepy ooc o ce. Xo ope aop e opeee oecee eoacoc, poep ooc, ce a peoeye cooa RSA. Oao ooo cooae ecox aopo x-y.

epoaa apa X.509 ye 1988 . oce opoo ye oepoa o epecope 1993 oy, o cpa eoope eoacoc [1100, 750].

Bepc oceoae oep eaop aopa - Aop - apaep Baa opaa Bpe ec - aao ec - oe ec Cye Op cyea - Aop - apaep - Op oc Pc. 24-2. Cepa X.509.

Cepmuuam Haoee ao ac X.509 coyea cpyypa cepao opx e. ea cex ooaee pa. oepe Opa cepa (Certification Authority, CA) pcaae aoy ooae yaoe ae oca cepa, coepa op oo a e. Cpyypa cepaa X.509 oaaa a 22- [304].

oe epc opeee opa cepaa. oceoae oep yae opeoo CA. Ce yee oe opeee aop, cooa oc cepaa, ece co ce eoxo apaepa. Bae opaae ec CA. Cpo ec pecae coo apy a, cepa ecee poeye ey y aa. Cye - o ooae. opa o o po e ae aae aopa, ce eoxoe apaep op . oce oe ec oc CA.

Ec Aca xoe cac c oo, oa caaa eae a ax eo cepa poepe eo ocoepoc. Ec y x o CA, o ce poco. Aca poepe oc CA a cepae oa.

Ec o oyc pa CA, o ce opao coee. pecae cee peoy cpyypy, oopo o CA ceppy pye CA ooaee. Ha cao epxy axoc a CA. ao o CA ec cepa, ocae eco CA eco CA. p poepe cepaa oa Aca coye cepa.

Taa cxea poeocppoaa a 21-. Cepa Ac aepe CAA, cepa oa aepe CAB.

Aca ae op CAA. CAC ec cepa, oca CAA, ooy Aca oe poep o. CAC ec cepa, oca CAD. cepa oa oca CAD. oac o epey cep a o oe o, ao cyae CAD, Aca oe poep cepa oa.

CAE CAD CAC CAB CAA o Aca Pc. 24-3. pep epapx cepa.

Cepa oy xpac aax ax a pax yax ce. ooae oy oca x py pyy. cee cpoa ec cepaa o oe yae cex oeocyx aaoo.

Oao CA, a cepa, oe pooa xpa eo o, oopa oe opeoac p papee oox copo.

Cepa ae oy ooa, o -a opoea a ooae, o -a oo, o CA oe e xoe oepa cepa aoo ooae. a CA oe oepa cco cex ooax cepao, cpo ec oopx ee e aoc. oa Aca oyae o cepa, oa oa poep, e o ooa. Oa oe poep ay ax ooax e o ce, o cope ceo oa poep oao pye epee ooax cepao. B ao ccee opeeeo epo oyopee, o cepao ooo ec cao cao ac o cxe.

pomoo npoepu nouocmu Ace yo cac c oo. Caaa oa eae a ax oceoaeoc cepa o Ac o oa op oa. B o oe Aca oe poa oopoxo, yxpoxo pexpoxo pooo poep ooc.

Oopoxo pooo pecae coo pocy epeay ax oy Aco. pooo ycaa ae oc Ac, oa, a ae eococ opa, epeaaeo oy Aco. poe oo, o oeceae ay o cp c c oo oopa.

B yxpoxoo poooe oae oe oa. pooo ycaaae, o eo o, a e ao-o caoae, ocae oe. O ae oeceae eoacoc oex epea aae o cp o opo.

oopoxox, yxpoxox aopax coyc e pee. B pexpoxoo poo oe oaec ee oo cooee Ac oy ooe ea eo pee (, ceoaeo, p a oo eoo pee).

Oopoxo pooo:

(1) Aca eeppye cyaoe co RA.

(2) Aca coae cooee, M = (TA, RA, IB, d), e TA - ea pee Ac, IB - eaop oa, d pooe ae. eoacoc ae oy apoa op o oa EB.

(3) Aca ocae oy (CA, DA(M)). (CA - o cepa Ac, DA - o o ye epea cepa.) (4) o poepe CA oyae EA. O poepe, o cpo ec x e ee e ce. (EA - o o p Ac.) (5) o coye EA eppoa DA(M). ece o poepe oc Ac, eoc oc ocao opa.

(6) o ooc poepe IB M.

(7) o poepe TA M yeaec, o cooee ec ey.

(8) ooeo o oe poep RA M o ae ax capx oepo, o yec, o coo ee e ec oope cap cooee.

yxpoxo pooo coco oopoxooo poooa oceyeo aaooo oopoxo oo poooa o oa Ace. oce oe ao (1)-(8) oopoxooo poooa yxpoxo pooo pooaec cey opao :

(9) o eeppye cyaoe co RB.

(10) o coae cooee M' = (TB, RB, IA, RA, d), e TB - ea pee oa, IA- eaop Ac, a d - pooe ae. eoacoc ae oy apoa op o Ac EA. RA - cyaoe co Ac, coaoe a ae (1).

(11) o ocae Ace sends DB(M').

(12) Aca coye EB, o pacpoa DB(M'). Ta opao oopeeo poepc oc oa eococ ocao opa.

(13) Aca ooc poepe IA M'.

(14) Aca poepe TB M' yeaec, o cooee ec ey.

(15) ooeo Aca oe poep RB M', o yec, o cooee e ec oop e cap cooee.

Tpexpoxo pooo peae y e cay aay, o e eo pee. a (1) - (15) ae e, a yxpoxoo aope, o TA = TB = 0.

(16) Aca cepe oyey epc RA c RA, oopoe o opaeo oy a ae ( 3).

(17) Aca ocae oy DA(RB).

(18) o coye EA, o pacpoa DA(RB). Ta opao oopeeo poepc oc Ac eococ ocao opa.

(19) Aca cepe oyey epc RB c RB, oopoe o opaeo Ace a ae (10 ).

24.10 oa c oeo cepeoc PRIVACY-ENHANCED MAIL (PEM) oa c oeo cepeoc (Privacy-Enhanced Mail, PEM) pecae coo caap Internet o c oeo cepeoc, oope Coeo o apxeype Internet (Internet Architecture Board, IAB) oecee eoacoc epoo o Internet. epoaa apa papaoa pyo cepeoc eoacoc (Privacy and Security Research Group, PSRG) Internet Resources Task Force (IRTF), a ae x papaoa a epeaa Paoy pyy PEM Internet Engineering Task Force (IETF) PEM Working Group. pooo PEM peaae poa, poep ooc, poep e o coc cooe ypae a.

ooc pooo PEM caaa eao oca pe RFC (Re uests for Comment, apoc oeape) [977] ae epecope [978]. Tpe epa poooo [979, 827, 980] ceea [177, 178]. pooo ee yye, ooaee pooo eao ocac p y o aope RFC [981, 825, 76, 802]. B pyo cae M oa (Matthew Bishop) [179] opoo oca ce ee. o peaa PEM paccapac [602, 1505, 1522, 74, 351, 1366, 1367]. C. ae [1394].

PEM ec pacpe caapo. poeyp pooo PEM papaoa a, o co ec co oeco oxoo ypae a, a cepy cxey cooae opx e poa e poa ax. Cepa popa peec poa eca cooe. opo eococ cooe coyc popaece coc o xpoa. pye oye oepa exa ypae a c oo cepao opx e, aopo, peo cax eaopo, a ae epoe opooc, pacpyypy poeyp ypae a.

PEM oepae oo opeeee aop, o ooe oa oee oe aop.

Cooe pyc aopo DES pee CBC. poepa ooc, oeceaea cpeco poep eococ cooe (Message Integrity Check, MIC), coye MD2 MD5. Cepoe ypaee a oe pe o DES pee, o poo DES c y a (a aae pe EDE). ypae a PEM ae oepae cepa opx e, co y RSA (a a o 1024 o) caap X.509 cpyyp cepao.

PEM oeceae p cepca oe cepeoc: oeaoc, poepa ooc o po eococ cooe. epoo ocoo ccee e peec ax ceax pe o a. PEM oe cpoe opoo, opeeee y y opeeex ooaee, e a paoy ocao ce.

oyem PEM PEM opeeec ceyx epex oyeax :

RFC 1421: ac I, poeyp poa poep ooc cooe. B o oyee ope ec poeyp poa poep ooc cooe, oope o oece y o c oeo cepeoc epea epoo o Internet.

RFC 1422: ac II, paee a c oo cepao. B o oyee opeeec ap xeypa pacpyypa ypae a, oope ocoa a eoe cepao opx e, peocax opa o ax opae oyae cooe.

RFC 1423: ac III, Aop, pe eaop. o oye coep opeee, opa, cc a popaecx aopo, peo cooa cax eaopo apaepo.

RFC 1424: ac IV, Cepa e pocee y. B o oyee ocac p a y, oepaex PEM: cepa e, xpaee eee cca ooax cepao (certificate revocation list, CRL).

Cepmuuam PEM coec co cxeo poep ooc, ocao [304], c. ae [826]. PEM pecae co o aoeco X.509, opee poeyp coae pacpyyp ypae a, c oyeo c PEM yye py poooa (a ce TCP/IP OSI).

pacpyypa ypae a coye o ope ce cepa Internet. ep pe cpaoo o (Internet Policy Registration Authority, IPRA) opeee oay cpae, p e y o ce epapx. He op - IPRA - axoc ep cepaoo o ( Policy Certifica tion Authorities, PCA), a oopx opeee oyoae co cpae pecpa oo a ee opaa. a PCA ceppoa IPRA. Ceo a PCA y CA, ceppye oo aee ypae opaao opaee (eapaea, oca, oep o a ). epoaao peoaaoc, o oco ooaee ye pecppoac aece eo opaa.

a oaec, p PCA ye oecea cepa ooaee, e xox oy opa a . peoaaec e o ecoo PCA pecpa ooaee, eax oco o ac peyeca cepeoc PEM coxpa aooc. Cpae x PCA ye oo pe cppoa ooaee, e eax pacpa co oc.

Cooeu PEM Cepe PEM ec opa cooe. Ha 20- oaao apoaoe cooee p cepo ypae a. Ha 19- oaao ocaoe apoaoe cooee p ypae a a ae opx e, a Figure 24.6 oaao ocaoe (o eapoaoe) cooee p ypa e a a ae opx e.

Pc. 24-4. pep cpoeoo cooe (cep cya) Pc. 24-5. pep cpoeoo poaoo (ENCRYPTED) cooe (acep cya).

ep oe ec "Proc-Type", eaop a opao, oopo oepoc cooee. Cy ecye p oox a cooe. Ceaop "ENCRYPTED" ooaae, o cooee apo ao ocao. Ceaop "MIC-ONLY" "MIC-CLEAR" yaa, o cooee ocao, o e apoao. Cooe MIC-CLEAR e opyc oy poa c oo pyoo, e xo eo PEM popaoo oecee. peopaoa cooe MIC-ONLY yooaey opy eoxoo popaoe oeceee PEM. Cooee PEM ocaec cea, a poae e ec oae.

Ceyee oe, "Content-Domain", aae oooo cooe. Oo e e a eoacoc. oe "DEK-Info" coep opa o e oea a (Data Exchange Key, DEK), aope, co yeo poa eca, apaepax, cax c aopo poa. B acoee pe ope ee ece aop - DES pee CBC, "DES-CBC" Bopoe ooe coep IV. B yye PEM oy opeee pye aop, x cooae ye apooopoao oe DEK-Info pyx ox, opeex aop.

B cooex c cep ypaee a (c. 20th) cey oe ye "Originator-ID Symmetric" c pe oo. epoe ooe c oo yaoo apeca epoo o opeee opae. Bopoe oe e ec oae opeee opa, a aee . Tpe ec eoaeoe ooe Bepc/Ooae cpoa.

aee, p cooa cepoo ypae a, y aoo oyae ec a o :

"Recipient-ID-Symmetric" "Key-Info." oe "Recipient-ID-Symmetric" coep p oo, oope ope e oyae ae, a oo o "Originator- ID-Symmetric" opee opae.

oe "Key-Info" aae apaep ypae a. oo o epe oo. epoe opeee aop, cooa poa DEK. Ta a paccapaeo cooe peec ce poe ypaee a, o opae oyae coy o . O aaec aee o (Interchange Key, IK) coyec poa DEK. DEK oe apoa o c oo DES pee ECB (o coco ooaaec "DES-ECB"), o po DES ("DES-EDE"). Bopoe ooe opeee aop MIC. Moe cooac MD2 (ooaaec "RSA-MD2") MD5 ("RSA MD5"). Tpee ooe, DEK, eepoe ooe, MIC, pyc c oo IK.

Ha 19- 18- oaa cooe, oopx coyec ypaee a c oo opx e ( epee PEM ao coco aaec acep ). aoo ec. B cooex EN CRYPTED oce o "DEK-Info" e oe "Originator-Certificate". opa cepaa cooecye caa p y X.509 (c. pae 24.9). Cey oe ec "Key-Info" c y oo. epoe ooe opee e aop c op o, cooa poa DEK, acoee pe oepaec oo RSA. Ceyee ooe - DEK, apoa op o opae. o eoaeoe oe, oopoe ooe opae pacpoa coe coceoe cooee, opaeoe ooo c c eo. Cey oe ec "Issuer-Certificate", cepa opaa, ocae cepa o pae ("Originator-Certificate").

aee p acepo ypae a ceye oe "MIC-Info". epoe ooe aae aop ce MIC, a opoe - aop, cooa oc MIC. Tpee ooe coep MIC, o ca ap o opae.

Pc. 24-6. pep cpoeoo MIC-ONLY cooe (acep cya).

Ceye o ca c oyae. aoy oyae cooecy a o : "Recipient-ID Asymmetric" "Key-Info". o"Recipient-ID-Asymmetric" a oo. epoe opeee opa, a op oyae, a op ec eoaeoe ooe Bepc/Ooae cpoa. oe "Key Info'' aae apaep ypae a : epoe ooe opeee aop, cooa poa cooe, a op ooe cy DEK, apoa op o oyae.

eonacocm PEM a e RSA, coyex PEM, oe ec aaoe o 508 o 1024 o. oo oca oo paec oo ypo eoacoc. oee epoo, o cpe ye apaeo po poooo ypae a. Mop oe ypac a ap - e acae eo e - oac ocyy a a op . poeyp cepa e PEM ea o eoo, ec ce ooae cpoo cey cooecy poeypa, o, a eco, aco eaypa.

Mop oe ocy xpee opoa peaa PEM, paoay ae ccee. a eea epc oe ao epeca Mop c ay oy, apoa ee eo op o.

Ey oe ocaa ae o aeo apoo a. Ec eea peaa ye paoa x o poo, o oa e yaee, o cyoc.

Peaoo cocoa peopa aoe cpe e cyecye. B oee cooa ooapae y x-y oy opoy cyy coeoo oa PEM. ae, p ao ayce po paoo oecee oee poep opoy cyy, o ope oapy ee. Ho Mop oo ae oe e o opoo cy p ee oa PEM. Moo coxpa opoy cyy opoo cy, o Mop oe e ee. Ec y Mop ec ocy a ey oepy, o oe papy eoacoc PEM.

Mopa o, o e o oep aoy eey popaoo oecee, ec e o e e oep aapaype, a oopo paoae o popaoe oeceee. oca ae oace oayc eoocoa. Ho eoopx e o oe pea.

TIS/PEM oepee opaoe cce ( TIS, Trusted Information Systems), aco oepaee paee o epeo ay poea paeca Coeex ao, a peaa PEM (TIS/PEM). Papaoae aop UNIX, o ae epeece a VMS, DOS Windows.

Xo cea PEM opee Internet o a cepao ep, TIS/PEM o epae cyecoae ecox epapx cepa. oy opee aop cepao, oope yy cac ece, a ce cepa, ae ya. oo, o o oac TIS/PEM yy e yo pcoec epapx Internet.

Bce opaa paae CA aa p ea oy oy ocy TIS/PEM, oopa pacpocpaec e cxooo oa. aepecoae a o opaac o ceyey apecy :

Privacy-Enhanced Mail, Trusted Information Systems, Inc., 3060 Washington Road IRte. 97), Glenwood, MD 2,1738;

(301) 854-6889;

fax: (301) 854-5363;

Inte rnet: pern-info@tis.com.

RIPEM RIPEM - o popaa, acaa Mapo Popao ( Mark Riordan) peaya pooo PEM.

Xo a popaa e ec cooo ocyo, e oo ocooac ecao acoo, e oepecoo cooa. e a ee cooae xo oyea.

o e oe coppoa. oeo, ao paeca CA e ecy a peea Coe ex ao, p e oppye cope opae. o RIPEM ocye o cey py a e pox ocax oe. Papeea copa epc, aaea RIPEM/SIC, peaya oo poe oc.

oey aca x cpo RIPEM e ooc peaoaa pooo PEM, e e oooc cooa cepa poep ooc e.

o RIPEM Popa aca oxoy popay RPEM. opayeaoc, o o ye oeocya popaa epoo o. ac oo aee poe, Popa cooa aop Rabin (c.

pae 19.5). Public Key Partners aa, o x ae pacpocpac a c popa c op a. o ypoo cyeoo poecca Popa pepa pacpocpaee popa.

Ceac RPEM e coyec. Oa e coeca c RIPEM. Ta a oo cooa RIPEM, e cpe a pec co copo Public Key Partners, e ooa opaac RPEM.

24.11 pooo eoacoc cooe pooo eoacoc cooe (Message Security Protocol, MSP) - o oe ae PEM. O papaoa NSA oe 80-x oo p paoe o popae coa eoaco cce epea ax o ce (Secure Data Network System, SDNS) program. o coec c X.400 pooo ypo poe ap epoo o. MSP apyec cooa papaaaeo ce oopox cooe (Defense Message System, DMS) Mcepca oopo.

peape pooo eoacoc cooe (Preliminary Message Security Protocol, PMSP), oop peoaaec cooa "ecepex, o ax" cooe, pecae coo aapoay cooa c X.400 TCP/IP epc MSP. o pooo ae aa Mosaic.

a PEM, popae peaa MSP PMSP ocaoo , x ocpy ooe ocp o c o cooae pax aopo ocyece y eoacoc, ax a oc, xpoae poae. PSMP ye paoa c pocxeo Capstone (c. pae 24.17).

24.12 PRETTY GOOD PRIVACY (PGP) Pretty Good Privacy (PGP, eca xopoa cepeoc) - o cooo pacpocpaea popaa eoa c o epoo o, papaoaa o epao ( Philip Zimmermann) [1652]. poa ax oa coye IDEA, ypae a poo oc - RSA (a a o 2047 o), a ooapaeoo xpoa - MD5.

oye cyax opx e PGP coye epoocy poepy ce a pocoy, coy oye capox oceoaeoce epa ey aa ooaee a a aaype. PGP eeppye cyae IDEA c oo eoa, ANSI X9.17, Appendix C (c. pa e 8.1) [55], coy eco DES aece cepoo aopa IDEA. PGP ae pye ap ooae c oo xpoao apoo pa, a e apo eocpeceo.

Cooe, apoae PGP, e ecoo ypoe eoacoc. Ecea e, eca poaay o apoao cooe, - o oyae cooe p yco, o poaay ece ID a oyae. Too pacpoa cooee, oyae yae, e oo ocao, ec oo ocao. o peo oaec o cooe PEM, aooe oopoo eao opa o opa ee, oyaee cao cooe xpac eapoao e.

Cao epeco ocoeoc PGP ec pacpeee oxo ypae a (c. pae 8.12). epo cepa e e, eco oo PGP oepaec "ce oep". a oo ae ca coae pacpocpae co op . ooae oca py pya, co aa aocaoe cooeco ooaee PGP.

Hapep, Aca oe ec epea oy co op . o o ae Acy, ooy o ocae ee op . Oy ocay o o opaae Ace, a pyy ocae. oa Ace yo cac c po, oa ocae po ocay o o a. po, y oopo a o opao ye ec oa (oa oya eo pae), oopa oepe oy aep pyoo e oea, poepe eo oc o o Ac yeaec, o oa paa. Ta opao, o ao Acy po.

PGP e opeee cpae ycao oepex ce, ooae ca pea, oy ep, a oy e. PGP oeceae exa oep accoaoo oep op a c ooa oep. a ooae xpa aop ocax opx e e aa oa opx e (public-key ring). a oa oaae oe aooc a, opee ypoe oep y opeoo ooae. e oe ypoe oep, e oe ooae yepe aooc a. oe oep oc epe, acoo ooae ep oy, o o ca ope pyx ooaee. aoe oe oep aey a aae ypoe, ope e , acoo ope ooae ep aey a, ocaey pye ope .

o oe pyy ycaaaec ooaee. PGP epepo ooe o o epe oe o o opa.

Ha 17- oaao, a a oe opeoo ooae, Ac. Ac axoc cao epxy epapx, aee a acoo aee. Aca ocae oa, po, a, e pa. Oa oepe oy po oca ope pyx e, poe oo, oa a c o oepe y e oca ope pyx e. oa oepe e oca ope pyx e, xo caa e ocaa e.

yx aco oepex oce oe oaac ocao cepa a. Aca ca e, o ypa aoe, a a e oca eo. poe oep ycaaaec PGP py y, Aca oe pa ycpaay ee cee apao.

Aca e oa aoaec oep a pyx e oo ooy, o o oca o, oop oa cae pa. Aca Oa e oepe py Oa oca pye , xo oa coceopyo ocaa eo . poe oo, oa e oepe oc aa o o Mapa oc ypa o o.

Oya ooe a xo ce, oe , Aca oya eo o cepepa. PGP e cae a oaec pa, Aca oa o o o paoc a, o pec oep ooy ex, o oca .

oeo, o e eae Ace cooa , oop oa e oepe. aaa PGP - peype Acy o oopeoc a, a e oea e ycaaa coee.

Ca ca eo o cce ec o e : apapoa, o o-y e ocoye c copoepoa o, eooo. Ec ap Ac ypae, oa oe oca e cepa oa a (key revocation certificate), o, a a eoe pacpeeee e ye pooo, e apapoa, o o cooee ye oyeo ce, coy ee op coe oe e. a a Aca oa ye oca co cepa oa a co ap o, o ec oa oepe , oa e coe ooa eo.

Aca oepe aey a x pao oca pye x ocae y Aca aco oepe aey y a pao oca pye Aca cae ao Aca cae eao Aca ?

?

p o po e ?

?

e a eep yp a ? ?

Map Hc Oy Pc. 24-7. Moe oep PGP.

Teye epce PGP ec 2.6.2. oee oo epc, PGP 3.0, oaec oy 1995 oa. B 3. e o pooo DES, SHA, pye aop c op a, paeee ap "op /ap " poa oc, pacpee poeyp oa e, yyee y ypae oo e, API eppoa PGP pye popa ooc epe cae coee oy.

PGP ocya MS-DOS, UNIX, Macintosh, Amiga Atari. B x, eoepecx ex ee oo cooa cooo, caa co ox yo ftp Internet. o copoa PGP c ya MIT c oo telnet oec net-dist.mit.edu, oe ccey a getpgp, oee a opoc, ae coye ftp coee c net-dist.mit.edu epee aao, yaa cecc telnet. y popay ae oo oy ftp.ox.ac.uk, ftp.dsi.unimi.it, ftp.funet.fi, ftp.demon.co.uk, CompuServe, AOL, .. oepecoo cooa CA PGP oo popec - ooc, ece c e - pepo a 100 oapo oa ViaCrypt, 9033 N 24th Ave., Phoenix, AZ, 85021;

(602) 944-0773;

viacrypt@acm.org. Cyecy pa e cpeca, ooae eppoa PGP MS-DOS, Microsoft Windows, Macintosh UNIX.

O PGP acao ecoo [601,1394,1495]. cxo o ae oyoa eao e [1653] p oe oo oceapae CA, oop pooae ca, o cxo o oo c oppoa oo yao, a e epoo e. Ec oepee IDEA, PGP oo a p c oeoy ypo poa.

24.13 eeyae apo eeyaa apoa pecae coo acoy apoy, o paepy ope a pea apoa, c cpoeo oepo pocxeo. e capa - epe ae a e 20 oy aa - o -a paecx opae oooc peaoa ae apo oac oo pe p o e aa. C ex op o ca oyp, a opao Epoe. Bo ox cpaax eey ae apo coyc oa a eeo. Cyecy eeyae pee apo, eeyae ee apo, eeyae apo eo yoo. Aepace oa o ycy pex apoe paoa a exooe, epe ecoo e ae axyae aepa yy oc eeyae apo cox yaax.

eeyaa apoa coep ae oep (oo 8-o popoeccop), O (eep oaa), (pepo 6-8 oa), ecoo oa o EPROM (cpaeoe popa pyeoe ) EEPROM (epoo cpaeoe popapyeoe ). Oe a eeya x apoax ceyeo ooe aepa opace, o opeeee ece opae apy ae pacpe. apoa coye co oepaoy ccey, popa ae. (eo e e, a o coa a, epoep oaec, oa apoy ca cae.) apoa eo aca. B ae eec pe, oa e oep yoy oepy, eeoy, a ey yoo, oee yepe coe apoe, oopa xpac ae yae.

B eeyax apoax oy cooac pae popaece pooo aop. O oy epo oeo, aa oooc pa oya epoe a e. apo oy cooac poooax poep ooc c ye ae, o oy oaa coce a poa. Booo, o oo oca oye ca opoy c oepx popa.

Heoope eeyae apo cac yco oy, a opao ce aco a a opaa, poae apo. a oce e xoe, o o e x eeya y apoy ac cee ooe ee.

eeyae apo - o oe epeca ea, a oopy acao oeco epayp. Xo poe oopo cae o popa eeyax apoax oe cy [672]. Eeoo po oc oepe: CARTES ope ape CardTech apee Baoe, opy oy. Tpy yx pyx oepe o eeya apoa oo a [342, 382]. B oac eeya x apoe cyecy co aeo, ac paeae epoec oa. epece opo c yyeo cooa eeyax apoe - poepa eococ, ayopc opo, aa o opoa, epoe ae, oaa oox pacxoo - oca [1628].

24.14 Caap popa c op a Caap popa c op a ( Public-Key Cryptography Standards, PKCS) - o oa oa RSA Data Security, Inc oece poe caap popa c op a. o pa a ea aac ANSI, o, ya eyy cya popaeco oe, RSADSI pea, o ye o ce cea ca. Paoa co oeco oa, RSADSI papa oaa aop caapo. Heoope x coec c py caapa, a eo ope - e.

caap e c caapa oepo cce oo coa, o e copac e o o coa a PKCS. o co coce coa RSADSI "ye eceo opaae, paooo p a pee o ao caape, ye epecapa caap o epe eoxooc " [803].

ae o ye coce. Ec eyepe, ae cpyyp ax cacc cooa p popa poa popa c op a, caap e xye ax-o pyx. oy e, a a o e acoe caap, oee ocpo x o co y.

aee peeo paoe ocae aoo PKCS (PKCS #2 PKCS #4 e PKCS #l).

PKCS #l [1345] ocae coco poa eppoa RSA, a opao coa pox oce pox oepo, ocax PKCS #7. pox oce cooee xpyec, a ae x-aee pyec ap o ocaeo. Coecoe pecaee cooe x-ae opoo ocao in PKCS #7. pox oepo (poae cooe) cooee caaa pyec cep aopo, a ae cooe pyec op o oy a e. Coecoe pecaee poaoo cooe poaoo a oo cooecoa PKCS #7. a eoa coec co caapa PEM. cpyyp cepao ( x oo) o px apx e RSA pex aopo oc - MD2 RSA, MD4 RSA, MD5 RSA - PKCS #l ae ocae cacc, e caccy X.509 PEM.

PKCS #3 [1346] ocae coco peaa oea a o cxee Diffie-Hellman.

PKCS #5 [1347) ocae coco poa cooe cepe o, oye apo.

Caap coye MD2 MD5 oye a apo pye cooe c oo DES pee CBC. o eo peaae a opao poa apx e p x epeae o oo oepo cce pyo, o oe cooa poa cooe.

PKCS #6 [1348] ocae caap cacc cepao opx e. Cacc ec aoeco cepaa X.509, p eoxooc oo e cepa X.509. ooee apy e opaa poecc cepa oo op o. O coepa pyy op a , apep, apec epoo o.

PKCS # 7 [1349] pecae coo o cacc ocaex pyex ax, ap ep, pox oce pox oepo. Cacc ec peypc, ooy oo opa o a oeoc oepo oca -o oc o paee apoa a. Cacc ae papeae ece c coepae cooe poepy ooc pyx apyo, apep, eo pee. PKCS #7 c PEM, ooy ocae apoae cooe oy peopaoa c o oe PEM, aoopo, e ooex popaecx oepa. ypae a c o o cepao PKCS #7 oe oepa oeco apxeyp - oo x ec PEM.

PKCS #8 [1350] ocae cacc opa o apx ax, a ap aop a pyo, cacc poax apx e. poa opa o apx ax o o cooa PKCS #5.

PKCS #9 [1351] opeee pae apyo pacpex cepao PKCS #6, cooe c poo oc PKCS #7 opa o apx ax PKCS #8.

PKCS #10 [1352,] ocae caap cacc apoco cepa. Cepa ae yaoe , op (eoaeo) aop apyo, oope oca o, pca apoc. apoc cepa pcac ceppy opa, oop peopaye apoc o cepa opoo a X.509, o cepa PKCS #6.

PKCS #11 [1353], Caap API popaeco e (Cryptographic Token API Standard), opeee epec popapoa, aae "Cryptoki", opax popaecx ycpoc cex o. Cryptoki pecae coo ooey oecy oe, ooy poe o popaece oepa a opax ycpocax, e a eae coyeo exoo. o caap ae opeee po poe : aop aopo, oope oe oepa ycpoco.

PKCS #12 [1354] ocae cacc xpae popao oecee opx e ooa e e, aex apx e, cepao pyo cao popaeco opa. e oo ec caapa eoo aa e, coyeoo o poe.

caap cecopo, o e ceoe. Moe opoc ocac a peea x caapo :

poea pcoe e, epopaece opoc, acaec cepa, e yc o pax apaepo. PKCS pa oece opa epea ax, ocoao a p o pa c op a, pacpyypy, oepay ay epeay.

24.15 epcaa ccea epox aee epcaa ccea epox aee ( Universal Electronic Payment System, UEPS) pecae coo aocoe poee, coyee eeyae apo, epoaao papaoaoe ceco o Ap, o oee poe oco aoc pya o cpa. aay oa AP o yeo ooo 2 oo apoe. a ccea ae pa Ha, paep aec o pae epe o poccc ao.

Ccea ooe cooa eoace ee apo, oxoe peoo, oopx o xa eeoa ce eae eooo aooy poepy. apo ec oyaee, y poao, oyae oy cooa co apo epeoa ee poaa. poae oe ocooac coe apoo, o oo a oec e a co aoc ce, oyae oe o c ooac coe apoo, o oo a epeec e a co apoy. He eoxoo c aoc o aooc, yo oece oo ay o oeeca.

Bo a pooo c ey oyaee Aco poao oo (B eceoc, A ca o poco ca co apo ay oa oe paa.) oa Aca epe oyae co apoy, oa oyae apy e, K1 K2, a ce x, coy ee eo o py cepey y. Too apo poao cpoe cepee cpeca, eoxoe c e e ooaee.

(1) Aca ocae oy coe , A, eo , B, cyaoe co RA, py x c oo DES: caaa o K2, ae K1. Oa ae ocae coe op eco.

A, ( (A,B,RA)) EK EK 1 (2) o ce K1 K2 o e Ac. O pacpoae cooee, yeaec, o A B pa , ae pye eapoay opy ooy cooe Ac o K2.

(A,B,RA) EK o e ocae o cooee Ace, 56 o poeca caoc o K3. o ocae Ace coe , ee cyaoe co, RB, py x c oo DES: caaa o K3, ae K1.

( (B,A,RB)) EK EK 1 (3) Aca aao opao ce K3 pacpoae cooee oa, yeac, o A B pa , ae pye eapoay opy ooy cooe oa o K3.

(B,A,RB) EK Aca e ocae o cooee oy, 56 o poeca caoc o K4. ae Aca oc ae oy coe , eo poepooe aee C. o poepooe aee coep ea op a e oyae, ay, opoy cyy, oeco a MAC. Bce o pyec DES: caaa o K4, ae K1. O MAC oe poepe ao Ac, a opo oe poepe oo paceo-acco epo. Aca yeae co ce a cooecyee aee.

( (A,B,C)) EK EK 1 (4) o aao opao ce K4. p yco, o ce ea coaa, pao oea poepa, o pae ae.

Beoe ooeee o poooe ec o, o aoe cooee ac o peyeo.

aoe cooee cyae yocoepee cex peyx cooe. o oaae, o oop capoe cooee oy e yacc, oyae poco oa e pacpye eo. Me pac a e, ye pe, o oa oy pooe peee, a oo cae poo ec a.

pyo payo e o poooe - aae pao peaa. Ec papao po e epao peaye pooo, o poco e ye paoa.

Oe apo coxpa ac ao paa. oa apo pao oo ycao aoooe coeee c ao (poae - oo e a ce, a oyae - c co cea), a ee a c oceyeo opo.

Aapaypa oaaec ycoo oy, o oea oy yaco cop a e. Aca e coe e aee coe apo. opoa ac oeceae ae oap y e apee oeecx paa. B apoax coyc yepcae cepe - MAC apoax oyaee, y peopaoa e ooaee K1 K2 - o caec, o peee opao aa x cepeo ocao o pyo.

a cxea, oeo e, ecoepea, o oa eoacee yax eo ox ex apoe.

coo ypo oeeca c e oee pa, a oyae poa. UEPS peocae ay o ax oyopee.

Oe cooe ec pepac pepo ycooo poooa: B ao cooe pcyc y ea oex copo, a opa, yay cooe, aoe cooee opao ac o cex peyx.

24.16 CLIPPER Mpocxea Clipper (eca ae a MYK-78T) - o papaoaa NSA, ycoa oy pocxea, peaaea poa epeoopo ooco. o oa yx cxe, peayx pa ece Caap ycooo poa (Escrowed Encryption Standard, EES) [1153]. VLSI Technologies, Inc. ooa pocxey, a Mykotronx, Inc. apopapoaa ee. Caaa ce pocxe Clipper yy xo eoacoe eeooe ycpoco Model 3600 AT&T (c. pae 24.18). Mpocxea peaye ao p poa Skipjack (c. pae 13.12,), papaoa NSA cepe aop c poae ce pe o, oo pee OFB.

Ca poope oeo pocxe Clipper, EES eo, ec pooo ycooo pye e (c. pae 4.14). ao pocxe ec cea, ey cooe, . o coyec poa o a cooe aoo ooae. B xoe poecca cxpo a epeaa pocxea Clipper eeppye ocae pae oe ocya oe a oa (Law Enforcement Access Field, LEAF). LEAF coep o eyeo ceacooo a, apoa o o cea o (aae o oy). o ooe paece pocyae oy ceaco pacp op ec paoopa.

o coa peopa NIST [812]:

peycapaec, o ccea "c ycoo pye o" oece cooae pocxe Clipper a aooocyx aepae. B ao ycpoce, coepae pocxey ye a yax "a", a ca, oope oaoc yoooe paece opaa e ppoa cooe, apoax ycpoco. p ooe ycpoca oa a yy o e e opo yx aax ax " ycoo pyex e", opopyex eepa poypopo.

ocy a ye papee oo paece oa c ao papeee o ocyaee ycpoco.

paeco ae copaec oop pooe pacpocpaee ax eeox aapao, o o e ae, o oe poo c aa ax ycoo pyex e.

oo oecx aceo, co ooop o ypee cpyype LEAF [812, 1154, 1594, 459, 107, 462]. LEAF - o cpoa, aa ocaoo opa, o p oecee paoopa o o o pacp ceaco Ks p yco, o a ycoo oyx ypee yy ecoa cooa. LEAF coep 32-o eaop oy U, ya ao pocxe Clipper. Oo ae coep ey 80-o ceaco , apoa ya o oy pocxe KU, 16-oy opoy cyy C, aaey eaopo ycooo py e . opoa cya pecae coo y ceacooo a, IV ooo pyo opa.

p o pyc cpoa o o KF, o cex aoecyx pocxe Clipper. O , coyee pe poa, ea opoo cy oa cpyypa LEAF acepee. Booo o oe oxoe a o-o oooe :

EK (EK (K,U,C)) s F U KU oc pocxe Clipper p ooe. o ae paeec (c. pae 3.5) xpa c yx aax ax ycoo pyex e, oxpaex y pa ypee.

o Ea oa e Ks LEAF, oa oa caaa pacpoa LEAF o KF oy U.

ae oa oa oy ocaoee cya aoo ypee ycooo pye, aoe o opx opaae ooy KU aoo U. Ea oe XOR oex oo oyae KU, ae oa coye KU oye Ks, Ks - ocya paoopa.

opoa cya oa oea apye o cxe, paa pocxea Clipper e oe o eppoae, ec opoa cya epaa. Oao cyecye 216 oox ae opoo cy, aoe LEAF c pao opoo cyo, o epa o, oe aeo pepo a 42 y [187]. Ho o e oe ooe ocya paoop, e y c c oo Clipper. Ta a pooo oea a e ec ac pocxe Clipper, 42 yoe cpe pyo co oo oeo oce oea a, oo e oe o e o o eeooo oa. Taoe cpe oe paoa p epeae aco p cooa apo Fortezza (c. pae 24.17).

peooeo pocxea Clipper oa pooco eepoy cp, oeoy "ope, xopoo" [1154], o o cyxa Sandia National Laboratories yceo poe cceoae o o pocxe. ae ec cyx o, oopea, o ca py po pooe aoe eepoe cpe oe o ca, eo cpo ec oo opoco pecypco opa.

C o eo cao oeco opoco o ae oc. Moocee py a paacx coo ey ay oa po oo exaa ycooo pye e, oop ac pa ecy pao ocya paa. Bc ooc o, o, xo a cxea oa e poxoa epe opecc, NIST oyoa EES aece FIPS [1153], oo oee aooae poecc. Ce ac ce , a ec EES xo eeo ypa, o caap coco pooa co oyy eeoc.

B 22- epece pae opaa, yacye o popae. a ace e, o oa ypee ycooo pye oocc oo coeo e ac? o caee o ype ex ycooo pye, oope o cy eo e a o aax a ocyae oy oo ceo oop x? o ace ee o p paeco cepeoo aopa aece oepecoo caapa?

Ta. 24-2.

Opaa, yacye EES.

Mcepco c - Cocop cce, aee oeo a NIST - Pyooco popao, xpae ycoo pyeo ac a FBI - ooae-epo, aee oeo a Mcepco aco - Xpae ycoo pyeo ac a NSA - Papao popa B o cyae, cooae Clipper opo eao poe p opae cy. He aae, Clip per paoae oo pee OFB. o a oe e oop, o pe e oeceae eococ poepe ooc. peoo, o Aca pecaa epe cyo, ac oaaec ec e e o paoop, apoa pocxeo Clipper. Aca yepae, o oa oa e oa, ooc - e ee. Aop ca pe acoo ox, o ooa ooc Ac pyo, o oee yepae, o, a a pacpoa paoop oo oo c oo ycoo pyeoo a Ac, o oo cea c ee eeoa.

Aca ae, o paoop oea cooec c [984, 1339]: a poec op ec, oe x c oo XOR, oo oy eo oo. ae o eo oo oo o e c oo XOR c acoo py op eco, oya a poec, oop ae oe peopaoa a op ec, oop oaec a epaop pocxe.

pa o e, o oo oe eo oce coee p pcx, oope e coy eeo paoop oaaeco.

pyo coco cp, aae Bcae ( S ueeze), ooe Ace a ce a oa. Bo a o pocxo [575]: Aca o oy, coy Clipper. Oa coxpae o eo LEAF ece c cea co o. ae oa o po (po oopy eco, o ee ocya ). p ycaoe a Aca eae ceaco e oy, oop oa cooaa paoopa c oo. oo opeyec oa eeo, o o epyo. ae eco oo, o oca coe LEAF, oa ocae LEAF oa. o paoe LEAF, ooy eeo po eo e ae. Teep oa oe oop po ce, o axoe - oa o pacpye LEAF, oa oapy, o oo pae oy. ae ec Ace e yacc a ce a oa, ey pec oaa co eooc cye, o oe oe opaa peee ooo cxe.

Opa oxpa paoopa Coeex ao e o pa coe pe, aac copo opa yoox pacceoax, oopy e cooa cye. ae ec ycooe pyee e oc eoxo ee, Clipper - o e y coco peaa o e.

24.17 CAPSTONE Capstone (ec ae a MYK-80) - o pya papaoaa NSA CC, peaya Caap yc ooo poa paeca CA [1153]. Capstone peaye ceye y [1155, 462]:

Aop Skipjack o epex ocox peo : ECB, CBC, CFB OFB.

Aop oea a (Key Exchange Algorithm, KEA) a ae opx e, copee ceo Dif fie-Hellman.

Aop poo oc (Digital Signature Algorithm, DSA). * Aop eoacoo xpoa (Secure Hash Algorithm, SHA). j Aop oee cee oeo aae.

eepaop cyax ce c cooae co yooo coa.

Capstone oeceae popaece oooc, eoxoe eoaco epoo opo pyx oepx poe. ep peee Capstone ec apoa PCMCIA, aaa Fortezza. (Caaa oa aaac Tessera, oa a o e oaoaac oa Tessera, Inc..) NSA yo oooc ye opoo cy LEAF Capstone epcx apoe oo, o oea paee paccopeoy cp LEAF. Beco oo a oaea oooc o epeayc apo oce 10 epax LEAF. Me o e eao - pe oca paoo LEAF oo a 10 poeo, o 46 y.

24.18 eoac eeo AT&T MODEL 3600 TELEPHONE SECURITY DEVICE (TSD) eoac eeo AT&T (Telephone Security Device, TSD) - o eeo c pocxeo Clipper. Ha cao ee cyecye epe oe TSD. Oa coep pocxey Clipper, pya - coppye pe aop poa AT&T pe - pe aop cooa yp cpa c cop pye aop, a eepa ae Clipper, ype coppye aop.

aoo eeooo oa TSD coy o ceaco . apa TSD eeppye ceaco c oo cxe oea a Diffie-Hellman, eace o pocxe Clipper. Ta a Dif fie-Hellman e ae poep ooc, TSD coye a eoa peopae cp "eoe cepee".

ep ec pa. TSD xpye ceaco o x-aee a aeo pae e epex ecaapx p. Coece poep, o a x pa ee oaoe p.

aeco ooca ocaoo xopoo, o o o ya py pya o oocy.

Bce e Ea oe cp y cxey. yc e yaoc c ey oo Aco. Oa c oye TSD a c Aco opoa TSD a c oo. ocepee oa copae a eeox oa. Aca aec cea paoop eoac. Oa o opao eeppye , o oaec c Eo, ae ce a oa. Ea pacpae c oo opoaoo TSD eae a, o , oop oa ceeppoaa oa, e aoe e x-aee. o cpe a e oe peao, o eo peopae TSD coyec opoa.

TSD eeppye cyae ca, coy co ya xao yce c poo opao c. O eeppye o oo, oop poycaec epe ocoea p a ae p o oo poeccopa.

Hecop a ce o cpaoo pyooce TSD e coa o eoacoc. Ha cao ee a ac a o [70]:

AT&T e apapye, o TSD a o cp apoao epea paece ypeee, eo aea pee copoo. oee oo, AT&T e apapye, o TSD a o cp epeaaeo opa c oo eoo, oxox poae.

aa oa 25.1 Aeco aoao eoacoc (NSA) NSA - o Aeco aoao eoacoc (National Security Agency, oa-o pacpoaoc ya a "No Such Agency" (aoe aeco) "Never Say Anything" (oa eo e cay), o eep o oee op), oa opa paeca CA o opoca eoacoc. Aeco o coao 1952 oy peeo app Tpyeo oe Mcepca eoacoc, oe o cepee xpaoc ca a eo cyecoa. NSA ocpaoc a epoa paea, eo aa xoo ocya pacpoa ce ocpae c epecax Coeex ao.

Ceye aa opaoo ooe o NSA, ocaoo 1952 oy peeo Tp y eo paccepeeoo cyc oo e [1535]:

B aa COMINT Aeca aoao eoacoc (NSA) o xo ee opaa ypa e e paeaeo eeoc Coeex ao oac eeoya, pooo po ocpax paec, o oece eocy ecey oy cooecye ep. coye o pe e ep "epoa paea" ("communications intelligence") "COMINT" ooaae ce ec eo, co yee epexaa eeoya, ca apyee peccy paoeae, oye opa, pe a aeo pea py oyaee, o cae eypy, a ae pooco pacpocpaee oyeo pa eaeo opa.

Ceaa ppoa ec COMINT peye, o o o cex ooex pooc oeo o pyo oe paeaeo eeoc. pa, pe, yaa peoea oo opaa coeo ac, acaec copa, oye, eoacoc, opao, pacpocpae cooa paeaeo opa epe ooe ec COMINT, ec o e ooopeo ocoo, oye e yy a o e e pecaee aeca, xo paeco. pye pe Haoaoo coea eoacoc peopy P cae pe, ae peopo P, e o pec ec COMINT, ec o e ye ceaa pea Haoaoo coea eoacoc, aca ac COMINT.

NSA ee cceoa oac poo, aac a papaoo eoacx aopo a oya Coeex ao, a poaaece eo pocya oy a a peea CA research. eco, o NSA ec pye pe paooaee ae a o. Oo ae ec pye pe oyaee oepo aapayp. Booo popa ec o NSA a oo e oopac o coco e opo aye ( ac aopo, o p ac poooo). Hecoeo Aeco oe oa oe coyex ceo cce. Ho, coopae aoao eoacoc, o c opa o NSA - ae ee e - acepeea. (o cyxa e Aeca cocae ooo 13 apo oapo o - a oeoe acpoae poeo NSA oay epcoaa - , o cyxa, e paoae 16 c eoe.) NSA coye co ac, o opa opy ocyoc popa oea a o a paa cooa co ce eo poa, o Aeco oo x oa.

ec Macce (James Massey) aapye y opy ey ay oe cceoa p opa [1007]:

Ec ca, o poo ec pepoao paeca, o, oeo, oa ac pooecx c ceoa oa ecc a ap ep. e coo coe oeco e, ax ceo poo e c cceoa, aoo oe, e oeco e, paoax opo poo. Ope poo ece cceoa poo eyc oo ocee 10 e. Mey y cceoaec cooeca yy o. Ope cceoa peca coo o oc a, oopoo eo ae op oe e c oo oepe, peea ya ayx ypaax. Ho oe pae cea opaa, oecea a cpe po pyx ocyapc, pecoa ya pa, oop e oa? Moe cceoae c co coec yoa oo p, oope oe cec a e ce yc oo oa, axoxc a cye eo paeca ? Moo acaa, o ya oaao eoa c oo pa aca ce paeca ec ce ooo "eea" Ccoa, o eoxoo o, o op e cceoa popa o oecx ecx oo opao oee cepex, e o ox pyx oacx ay. c ao e oy, o paecee opaa a oe poo oy c ea c cceoae, a oy, o o (o pae epe e, o oopx a eco) a eae a cae.

ec op (James Bamford) aca yeaey y po NSA: The Puzzle Palace [79], (ope ooooo), eao opaoay ece c Bo Mece ( Wayne Madsen) [80].

oepeca npopaa cepmuuauu onmepo eonacocmu oepeca popaa cepa oepo eoacoc (Commercial COMSEC Endorsement Program (CCEP)), oooe Overtake, - o peoee, ceaoe NSA 1984 oy paoe oe papaoy oepo cpec c c cpoe popaec oooc [85, 1165].

Oo c papaoy ax e oaa oee, o oxooc eeeo. NSA ocao, o ec oa oy poaa aapaypy ap, opopa, ae ocpa, o oo ye pacxo ceoe oe. Aecy oe e peoaoc poep coecoc oop y oa c eepa caapo 102.7, ae CCEP peocaa ocy oopeoy paec o popaecoy oopyoa [419].

NSA papaoao p popaecx oye paoo aae. B x oyx pax poe coyc pae aop, pooe oya oooc e o oy ca pyo acoc o ea ea. Cyecy oy oeoo cooa (T I), oy "ecepeoo, o aoo" paeceoo cooa (T II), oy opopaoo cooa (T III) oy coppoa (T IV). Pae oy, x peee aa cee 24-.

Ta. 25-1.

Moy CCEP peee T I T II Pe/ocopoca epeaa ax Winster Edgeshot oep Tepache Bulletproof Bcoocopoca epeaa ax Foresee Brushstroke Ceyee ooee Countersign I Countersign II a popaa ce ee ecye, o oa e aa yaa y oo poe paeca. Bce oy ae o cp, ce aop acepee, a ooae o oya o NSA. opopa oa peao e ep e cooa cepex aopo, aax p a eco. aaoc , NSA oyo ae ypo, o oe e oya peee Clipper, Skipjack pocxe poa c yco pye e e.

25.2 Haoa ep oepo eoacoc (NCSC) Haoa ep oepo eoacoc ( National Computer Security Center, NCSC), oeee NSA, oeae a oepey paecey oepy popay. B acoee pe ep poo oey poyo oepo eoacoc (popax aapax), acpye cceoa yye x peaya, papaaae exece pyooca oeceae oy oepy oy e e.

NCSC ae caao ecy "Opaey y" [465]. Ee acoee aae - Department of Defense Trusted Computer System Evaluation Criteria (pep oe eapaea oopox oepex oepx cce), o o a pyo oapa, oy e y opaea ooa. Opaea a aec opee peoa eoacoc, ae pooe oepo oe coco ep eoacoc x cce yaae , o eoxoo cpaa eoace poy. a ocea oepo eoacoc, o popa e o cy oopc e oe oo.

Opaea a opeee epe pox aeop a eoacoc. B e ae opeec acc a yp eoopx x aeop. O cee 23-.

Ta. 25-2.

acca Opaeo D: Minimal Security (Maa eoacoc) C: Discretionary Protection (aa o ycope) C1: Discretionary Security Protection (aa eoacoc o ycope) C2: Controlled Access Protection (aa ypaeoo ocya) B: Oaea aa B1: Labeled Security Protection B2: Structured Protection (Cpyypa aa) B3: Security Domains (Oac eoacoc) A: Verified Protection (ocoepa aa) A1: Verified Design (ocoepa papaoa) oa pooe oop " oeceae eoacoc C2". B y o e acca Opaeo . a oee opoo opae opaaec [1365]. Moe oepo eo acoc, coyea x pepx, aaec oe Bell-LaPadula [100, 101, 102, 103].

NCSC a ey cep o oepo eoacoc, oa aaey Payo (ce o o e pae ea). Hapep, Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria [1146] (eppea pepe oe oepex oepx cce ooe oepex cee), oa aaea paco o, oye ooe Opaeo o ooe ce ceeoy oopyoa. Trusted Database Management System Interpretation of the Trusted Computer System Evaluation Criteria [1147] (eppea pepe oe oepex oepx cce o o e cce ypae aa ax) - ae e ac oca e oo - eae o e caoe a ax. Ceo cyecye ce 30 ax , e ooe eoopx x opaee.

a o oeo Pay opaaec o apecy Director, National Security Agency, INFOSEC Awareness, Attention: C81, 9800 Savage Road, Fort George G. Meade, MD 2,0755-6000;

(301 ) 766-8729. He oo pe , o ac oca .

25.3 Haoa cy caapo ex NIST - o Haoa cy caapo ex (National Institute of Standards and Technology ), opaeee Mcepca opo CA. Paee o aac Haoa po caapo ( NBS, Na tional Bureau of Standards) e 1988 oy. C oo coe aopaop oepx cce (Computer Systems Laboratory, CSL), NIST poa ope caap aoec, oope, a o a ec, ycop pae ocoax a oepax opacx poeoc. acoey pee NIST yc caap pyooca, oope, a o cae, yy p ce oep ccea Coeex ao. Oae caap oyoa a a FIPS (eepae caap o pao opa.

Ec a y o oo FIPS ( pyx a NIST), cec c Haoao cyo ex eco opa Mcepca opo CA - National Technical Information Service (NTIS), U.S. De partment of Commerce, 5285 Port Royal Road, Springfield, VA 22161;

(703) 487-4650;

ocee go pher://csrc.ncsl.nist.go* oa 1987 oy opecc p A o oepo eoacoc ( Computer Security Act), NIST yoooe opee caap, oeceae eoacoc ao, o e cepeo opa p a ecex oepx. (Cepea opa ae peypeae opa axoc cepe pc NSA.) A papeae NIST xoe oe peaaex execx caapo copy a c py paece opaa ac pep.

NIST ae caap popaecx y. Opaa paeca CA oa co o a x ao, o ecepeo opa. aco caap pac ac ceopo. NIST yc DES, DSS, SHS EES.

Bce aop papaoa c eoopo oo NSA, aa o aaa DES o poepoa DSS, SHS aopa Skipjack EES. Heoope py NIST a o, o NSA oo cee oe opopoa caap, xo epec NSA oy e coaa c epeca NIST. Heco, a ec eo NSA oe o a poepoae papaoy aopo. Ho p opaex a epcoa, e pecypc NIST peee NSA aec pay. NSA oaae o oooc, a yy pe oepe cpeca.

Oa "Meopay o aooa" ( "Memorandum of Understanding", MOU) ey y op aa ac:

MEMOPAHM O BAMOOHMAH ME PETOPOM HAOHAHOO HCTTTA CTAHA P TOB TEXH PETOPOM AEHTCTBA HAOHAHO EOACHOCT OTHOCTEHO PMEH E H HOO AOHA 100- Coaa, o:

A. B cooec c paeo 2 Aa o oepo eoacoc o 1987 oa (y ao 100-235), (A), a Haoa cy caapo ex (NIST) a ac eepaoo paeca oaaec oeceoc a:

1. Papaoy execx, acpax, ecx caapo, caapo ypae pyooc pe a ex eoacoc aeoc ao opa eepax oepx c ce, opeeex Ae;

, 2. Papaoy pyooc o execo eoacoc cooecyx oepx cce Aeca aoao eoacoc (NSA).

B. B cooec c paeo 2 Aa NIST oa paoa eco aoec c py opaa, a NSA, oecea:

1. Macaoe cooae cex cyecyx apyex popa, aepao, cceoa oeo, a caxc eoacoc aeoc oepx cce, o ea eyoo opooo ypoa pao ;

, 2. caap, papaoae NIST cooec c Ao, acao ooo cee o co a coa coec co caapa poeypa, papaoa a cepeo opa eepax oepx cceax.

C. B cooec c Ao oaoc Mcpa opo, oope o epeopyae NIST, xo aaee eo ocyaoo oea o eoacoc aeoc oepx cce ( Computer System Security and Privacy Advisory Board), o pae epe ea, peca eo NSA.

Ceoaeo, oecee ee aoo MOU peop NIST peop NSA aco pa ceyee:

I. NIST ye:

1. Haaa ocya oe o eoacoc aeoc oepx cce o pae epe o o o pecae, aeaeo peopa NSA.

2. Opac a papaoae NSA pyooca o execo eoacoc oepx cce o o cee, oopo NIST opeee, o pyooca oea peoa, pee ae ao opa e e pax oepx cceax.

3. paa ceppoa NSA pe oepex cce cooec c popao pepe oe eoacoc oepex oepo e ooeo cep.

4. Papaaa caap eoacoc eeoya a ax ecepex oepx ax, acao opac a peya cep papao Aeca aoao eoacoc, o o oaoc coepeeo eo.

5. o oooc ea ypoa, papa coece pao c NSA oye oo NSA.

6. apaa oo NSA o ce opoca, ca c popaec aopa popaec eoa, a cceoa, oey papao, oopee, o e opaac ec.

II. NSA ye:

1. Oecea NIST exec pyooca o oepe exoo, eoacoc eeoya ea oc, oope oy cooa peaex cceax a ax oepx a x.

2. poo poa cceoaece poee popa o oepe exoo, eoacoc eeoya, popaec eoa eoa ea oc.

3. o poca NIST oaa oo ooe cex opoco, cax c popaec aopa popaec eoa, a cceoa, oey papao, oopee, o e opaac ec .

4. caaa caap oop e pee eoacx cceax, oxaaex 10 USC pae 2315 (opaa opepa).

5. o peoa eepax opaa, x opo pyx acpyex paeco cyeo p o o oey oooc paeco paeaeo eeoc ooe eepax opaox cce, a ae oecea execoe coece peoeoa e, oopee pee eoacx cceax, o pooco ao ypoe.

III. NIST NSA yy:

1. ooppoa co a o oecee eoacoc aeoc oepx cce, a oope NIST NSA ecy oeceoc cooec c paeo 6(b) Aa.

2. Oeac exec caapa pyooca, ec o eoxoo oce ee Aa.

3. Coeco paoa a ocee ee oo eopaya c acao eoc, ea eyoo ypoa yc.

4. oepa epep ao, apapy, o aa opaa ye axoc a oaoo ypoe copeex exoo opoco, x a eoacoc aoapoax opaox oe p x cce.

5. Opaoa execy paoy pyy oopa aaa oace coecx epeco, acaxc a cce, opaaax ay pyy ecepey opa. a pya ye coco ec e e pax cyax, o poe o NIST NSA, p eoxooc oe yeea a ce pecaee pyx opa a. Te pao py oy opeec o aecee peopa NSA o opaoo eoacoc, o aecee peopa NIST, o oy poac cao pyo c ocey oopee aecee peopa NSA o opaoo eoacoc aecee peopa NIST. B eee ecox e oce oc a o epe pyo opoca o aecee peopa NSA o opaoo eoacoc, o aecee peopa NIST pya oa peca oe o oe pao o oy opocy , p eoxooc, a ae eo aaa.

6. Ha eeoo ocoe oeac aa pao o ce cceoaec ocpyopc poea, ca c ao cce, opaaax ay pyy ecepey opa, a oepee exoo, ay eococ ocyoc ax, eoacoc eeoya eoo ea oc. Oe opae o poea oe pocxo eeapao, oop coco poeo oe o copo peo c ac o apocy pyo copo.

7. poep oop execo paoe py o oyoa cex opoco, acaxc ex oecee eoacoc cce, papaaaex cooa p ae ao opa eepax oepx cceax, o apapoa coecoc pacp x e c aoao eoacoc Coeex ao. E c NIST NSA e coy pe oo opoc eee 60 e, a opaa oe o o opoc e pe Mcpo oopo Mcpo opo. paec, o a opoc c oo NSC oe epea pee peey. Hae ec e o pepac o ooaeoo pee opoca.

8. Opee ooee paoe coae, aee ey NSA NIST, a poe oy MOU.

IV. a copo oe pepa ece oo MOU ce yeoee, apae a ec ece o pepae ec. o MOU caec ece p a oex oce.

/ocao/ PMOH. . AMMEP coe peop, Haoa cy caapo ex, 24 apa 1989 oa . O. CTMEH Be-apa, BMC CA, peop, Aeco aoao eoacoc, 23 apa 1989 oa 25.4 RSA Data Security, Inc.

RSA Data Security, Inc. (RSADSI) a ocoaa 1982 oy papao, epoa oep e coo cooa aea RSA. oa ec p oepecx poyo, a oe ae eoacoc epoo o, pae popaece oe (ocye e cxox eco oeoo oa). RSADSI ae peaae a pe cepe aop RC2 RC4 (c.

pae 11.8). RSA Laboratories, cceoaeca aopaop, caa c RSADSI, oe yaea e popaece cceoa oaae ocyaoe ycy.

p aepecoaoc ex poyax yo opaac peopy o poaa ( Director of Sales, RSA Data Security, Inc., 100 Marine Parkway, Redwood City, CA 94065;

(415) 595-8782;

ac: (415) 595 1873).

25.5 PUBLIC KEY PARTNERS aeo, epecex 22-, paea Public Key Partners (PKP) Caa (Sunnyvale), aop, apepcy RSADSI Care-Kahn, Inc. - poeco oa Cylink. (RSADSI oyae poeo p, a Care-Kahn 35 poeo.) PKP yepae, o ae 4218582 ocoeo pe o ce cnocoa ucnooau popa c op a.

Ta. 25-3.

ae Public Key Partners aea aa opeae Haae aea 4200770 29.3.80 Hellman, Diffie, Merkle Oe a Diffie-Hellman 4218582 19.8.80 Hellman, Merkle Pa Merkle-Hellman 4405829 20.9.83 Rivest, Shamir, Adleman RSA 4424414 3.3.84 Hellman, Pohlig Pohlig-Hellman 4995082 19.2.91 Schnorr oc Schnorr B [574], PKP caa:

ae [4200770, 4218582, 4405829 4424414] oxaa ce ece eo cooa cycca op x e, a apa, ooeo ece a ElGamal.

aoap pooy pacpocpae pox oce RSA eyapoo cooece Public Key Partners pe eo oope x ee caap poo oc. M aepe ce aepecoae copo, o Public Key Partners oc ce pee ANSI IEEE, acac ocyoc epoa oo cycca. Ocoeo oep x paex caapo, coyx poy oc RSA. Public Key Partners aco aep e, o e a cooae oce RSA yy peocac paye cpo, a payx ycox e a o-o cpa.

paa o, ac o oo, c e oope. e PKP, a pao, cepe, ooy cocoa poep, oaec aa e o pyx, e cyecye. Xo oa yepae, o oy e oaaa ae e, o pae epe e oa oop o o, o e aa e a.

PKP aeo oxpae co ae, ypoa ce, o coye e epoa popa c o p a. aco o pea a aeoe aooaeco CA. Ec aey aea e ya ec aaa apye aea, o oe oep co ae. o oo paoopo o aooc x aeo, o ae paoopo eo e oo. Bce aoe pee aea PKP ypeypoa o cya.

e copac o e aa pece coe. Moe ae RSA e yco epe cyo.

Moe ae e pe o ce popa c op a. (eco oop, e o a, a o oxaa ElGamal pocce c ec p.) Moe oy-o yacc pa poecc po PKP RSADSI. Ho e aae, o opopa c opo pec o ea, apep, IBM, Microsoft, Lotus, Apple, Novell, Digital, National Semiconductor, AT&T Sun, e poa RSA cooa cox poyax, a e opaac cy. Boeing, Shell Oil, DuPont, Raytheon Citicorp - ce epoa RSA coeo ypeeo cooa.

B oo cyae PKP oyo poecc po TRW Corporation o ooy cooa e epo a aopa ElGamal. TRW yepaa, o e e ya e. PKP TRW oc coae e 1992. opooc ypeypoa oa eec, o cpe x - coace TRW oy e a ae. o e peeae eo xopoeo. TRW oa oo cee xopox pco. oy oo peoo, o, ec TRW a yepea, o coe pa poecc, e opa eepooo o eca ee, oa e oaaac o op.

Te e eee PKP cyecy co ypee poe. B e 1994 oa Care-Kahn oaa cy a RSADSI, a, cpe ceo ocaoo, o ae RSA epae epe [401]. Oa apepa o ac paopa coe apepco. ao ae e? Hyo ye ooae oya e o Care-Kahn, o ooac aopo RSA? oy ye paea ae Schnorr? Booo o eo ye ypeypoao oey xoa o .

ae ece eee Patents 17 e e oy oooe. 29 apa 1997 oa oe a Diffie-Hellman ( aop ElGamal) cay oeocy. 20 cep 2000 oa cae oeocy RSA. oee a cox aeapx.

25.6 Meyapoa accoa pooecx cceoa Meyapoa accoa pooecx cceoa ( International Association for Cryptologic R e search, IACR) - o cepa popaeca cceoaeca opaa. Ee e ec pae eop pa poo cax oace. Ee eo oe ca o. Accoa cyae cocopo yx eeox oepe, Crypto (pooc ayce Caa-apape ) Eurocrypt (pooc Epoe), eeapao ae The Journal of Cryptology IACR Newsletter.

Apec a-app IACR eec ece co ceo peea. Tey apec: IACR Business Office, Aarhus Science Park, Custav Wieds Vej 10, DK-8000 Aarhus C, Denmark.

25.7 Oea po eococ RACE (RIPE) popaa cceoa pa epeox cpec c Epoe ( Research and Development in Ad vanced Communication Technologies in Europe, RACE) a poaa Epoec cooeco o ep peapeo popao eeoyaox caapo exoo, oepax eppoae coocopoce cpeca c ( Integrated Broadband Communication, IBC). B aece ac o pao RACE ypeo ocopy Oe po eococ RACE (RACE Integrity Primitives Evaluation, RIPE), o copa oo eoe ae exoo, cooecyx oo peoa eoacoc IBC.

ocopy RIPE opaoa ec eyx epoecx popaecx cceoaecx py :

ep o aeae oep aya ( Center for Mathematics and Computer Science ), Acepa;

Sie mens AG;

Philips Crypto BV;

Royal PTT Nederland NV, PTT Research;

Katholieke Univesiteit Leuven Aarhus Universitet. oce oe o pee aopo 1989 1991 oax [1564], oa 32 ao, pcax co ceo pa, coceo oeaeo poea eoc 350 eoeo-ece, ocopy oy oa RIPE Integrity Primitives [1305, 1332]. Oe coep eee, ecoo ocox oe eoc oc x p: MDC-4 (c. pae 14.11), RIPE-MD (c. pae 14.8), RIPE-MAG (c. pae 14.14), IBC-HASH, SKID (c. pae 3.2), RSA, COMSET (c. pae 16.1) eepa e RSA.

25.8 co ocy Epo (CAFE) co ocy Epo (Conditional Access for Europe, CAFE) - o poe paax popa ES PRIT Epoecoo cooeca [204, 205]. Paoa aaac eape 1992 oa o ay oa aoc oy 1995 oa. Opaoa ocopy coco py coax cceoa cceoa pa (Cardware, Institut fur Sozialforschung), ooee popaoo oecee aapayp (DigiCash, Cem plus, Ingenico, Siemens), a ae popao (CWI Amsterdam, PTT Research Netherlands, SPET, Sintef Delab Trondheim, Universities of Arhus, Hildesheim and Leuven).

e poea ec papaoa cce ycooo ocya, ocoeo pox aex cce.

aee cce o oecea aeoc aoo ooae peoa a oo e e ep ce - aeoc e oa ace o ycooc yc poc oy.

Oco ycpoco CAFE cy epo ya: ae oep, oe oxo a apa ayop. eo ec aapea, aaypa, pa papac aa c c py yaa. aoo ooae co coce ya, oop oeceae eo paa apa pye eo eoacoc.

ycpoca c aaypo pao ec opeeeoe peyeco epe eeyao apo oo oe paoa eaco o epaa. ooae oe eocpeceo ec co apo cy y aea. Oe o peo ap ooae e yo oaa co ya oy-o, o o paa. ooe oooc c :

Aooe paa. Ccea peaaea ae opae eox cy ax, aooa ccea a co pooa.

cooc oep. Ec ooae oepe co ya, ya coaec, eo ypay, ooae e oepe co e.

oepa pax a.

Opa apxeypa opa ccea. ooae oe e oooc aa a po oe ycy, apep, oy aae, eeo, oece pacop, peocaee pa ocaa. Ccea oa oecea aoece oo oeca eo epox ee, a ae aoece yao pax o pooee.

Ha cooc.

oey aca o cyecye oo popaa epc cce, ocopy oo p a oae a aapa pooo.

25.9 ISO/IEC B cepee 80-x ISO caappoa DES, oop ye cooac aece FIPS caapa ANSI.

oce eoopo oeco o ISO peo e caappoa popaece aop, a pe cppoa x. apecppoa oo oo aop poa, pecppoa x-y cxe oc e. apecppoa aop oe a aoaa opaa.

B acoee pe oa a a pecpa pex aopo (c. 21-). oaa a ae opa o cooa, apaepax, peaax, peax ecox eopax. opooe ocae eoaeo, oo oaa a pecpa cepee aop.

a pecpa aopa eo e oop o eo aece. Pecpa e ec oopee a o pa ISO/IEC, oa poco oaae, o oa aoax opaa xoe apecppoa a o p, eaco o pepe, coyex ao opaae.

Me e eaa a e. Pecpa eae poeccy caapa. Beco oo, o p e coo aopo, ISO pecppye o aop. p ao opoe oo apecppoa ce, o yoo, aee c o pao copooa co aop yo oao "apecppoa ISO/IEC 9979 ". B o cyae peecp ee National Computer Centre Ltd., Oxford Road, Manchester, MI 7ED, United Kingdom.

Ta. 25-4.

apecppoae aop ISO/IEC Pecpao oep Haae 0001 B-CRYPT 0002 IDEA 0003 LUC 25.10 poeccoae poee py, a ae py a o paacx coo opauo emp no empoo mae uocmu (EPIC) opao ep o epoo ae oc ( Electronic Privacy Information Center, EPIC) ypee 1994 oy pee oeceoo a oa opoca a oc, c a c Haoao opaoo pacpyypo, ax a pocxe Clipper, peoe o poo eeo, aoae cce eaox oepo, a cop oe poaa cee o opeex. EPIC ee cyee poecc, cocpye oepe, yye oe, ae EPIC Alert poo aa o opoca a oc. eae pcoec oy opac o apecy Anyone interested in joining should contact Electronic Privacy Information Center, 666 Pennsylvania Avenue SE, Suite 301, Washington, D.C. 20003 (202,) 544-9240;

ac: (202) 547-5482;

Internet: info@epic.org.

o empooo pomupa (EFF) o epooo popa (Electronic Frontier Foundation, EFF) oc ce ae paacx pa eppocpace. Paccapa popaecy oy CA, EFF cae, o opa ocy popa c yaea paa, ooy c x o c paecee opae. o opaoa paoy pyy o poo eoacoc ae oc (Digital Privacy and Security Working Croup), oopa ec oae 50 opaa. pya pooecye aoy o poo eeo ae Clipper. EFF ae coecye ee poecco po opo a c opo popa [143]. eae pcoec EFF oy cac c Electronic Frontier Foundation, 1001 C Street NW, Suite 950E, Washington, D.C. 20001;

(202) 347 5400, ac: (202) 393-5509;

Internet:

eff@eff.org.

Accouau no ucumeo mexue (ACM) Accoa o ceo exe ( Association for Computing Machinery, ACM) - o eyapoa oepa poea opaa. B 1994 oy oe oeceo o ACM CA peca pepac oe o popaeco oe CA [935]. Eo co poa aoy, o epec y ec oo popa. Eo oo oy c oo aooo ftp c info.acm.org /reports/acm.

crypt_study/acm_crypto_study.ps.

cmumym ueepo no empuecmy u pauoempoue (IEEE) cy eepo o epecy paoepoe ( Institute of Electrical and Electronics Engineers, IEEE) - o pya poeccoaa opaa. Oeee CA yae opoc, cae c ao oc, a popaecy oy, eaoe oepa, aa a Internet, pa paaae cooecye peoea.

Accouau npououmee npopaoo oecneeu (SPA) Accoa pooee popaoo oecee ( Software Publishers Association, SPA) - o opoa accoa, oopy xo ce 1000 oa, papaaax popaoe oeceee epc o ax oa. O cya a ocaee copoo opo popa oepa ep e e oepec ocyx apyex poyo.

25.11 Sci.crypt Sci.crypt - o eeoepe Usenet o poo. Ee a pepo 100000 eoe o cey py.

oco cooe - oa eyxa, epepaa o, pyoe oopeeo. Heoope cooe acac o, a oco ocax - poc peoca cee oe. oa o ee oepe cyao oaac pae caopo eoopa oea opa. Ec a sci.crypt peypo, oo ya, a cooa eo, aaeoe ao-ye.

pyo eeoepee Usenet ec sci.crypt.research, oee yepea eeoepe, ocea ocye pooecx cceoa. B e ee cooe, o opao epecee.

25.12 poa poa (Cypherpunks) - o eopaa pya e, aepecoax oye ye popa. O ae cepepy c popae, ac ec ee oxo. o x e ce popaece cceoa e pec oecy eo xopoeo, a a oo e ocooaoc o c e popa.

B "Maece poao" p X (Eric Hughes) e [744]:

M, poa, cpec coa aoe cce. M aae a a c oo popa, c o o cce aoo opa o, c oo pox oce epox ee.

poa y o. M ae, o o-o oe aca popaoe oeceee, aaee a o c, a a oa o e ceao, e coe oece coxpaee cox a, copaec aca ae popa . M yye a o, o a py poa o opaoac opa c . Ha o cooo oe cooa o yoo e yoo. Hac e oe oye, pac a popa, oope e. M a e, o popaoe oeceee eooo papy, o eooo pepa paoy paccex cce.

Te, o xoe pcoec ccy pacc poao Internet, o opa oy apec majordomo@toad.com. Cco pacc xpac a ftp.csua.berkeley.edu /pub/cypherpunks.

25.13 ae Bopoc o popax aeax eooo cy pa o . Xopo o e, o cye cy. B Coeex aax oo aeoa aop, o ce popaece. IBM aee aea DES [514]. IDEA aaeoa. aaeoa o ce aop c op a. NIST ae aaeoa DSA. ece pa popaecx aeo o opoao eaeco NSA, cooec c Ao o cepeoc opee ( Invention Secrecy Act) o 1940 oa Ao o aoao eoacoc (National Security Act) o 1947 oa. o oaae, o eco aea opeae oyae ce peoe ocaoee, ey apeaec ocya eo opeee c e-y ee.

NSA ec ocoe oooc p aeoa. Aeco oe opac a aeo ae o poa eo ay. Coa oec cepeoe ocaoee, o eep NSA oopeeo opeae, ae ocaoe. oa cyc eoopoe pe cepeoe ocaoee oeec, pecpaoa oopa ae ae, ecy caape 17 e years. o oee o aae opeee, e xpaee eo cepee. Ec oy-y yacc opec o e caoe, NSA ye oao ay a ae.

Ec oy pyoy e yacc opec o e caoe, opeee ocaec ce pe.

Hecop a o, o poecc aeoa oe e oo aa opee, o pacpa x, aoap o yoe NSA oe epa ae oe 17 e. Oce 17-eeo cpoa aaec c oe a a aea, a e oa a. oa eco, a ce oe ec c c paae ooopa o GATT Coee aa.

25.14 copoe aooaeco CA Coaco paecy CA popa oocc oeoy cape. o oaae, o po pa oec e e aoa, o paea TOW a M1 Apac. Ec poaee popae c poy e cooecye copo e, o - eyapo opaac opye. Ec e xoe cop ae pee cpoo o pea eepao pe, opae ae a a o oaeco.

C aao 1949 oy xooo o ce cpa HATO (poe ca), a ae Acpa, o ca, opaoa OOM - oopao oe oocopoeo opo a copo (CoCom, Coordinating Committee for Multilateral Export Controls ). o eoaa opaa, paa ooppoa aoae opae, acaec copa ax oex exoo Coec Co, pye cpa Bapacoo ooopa acy Hapoy Pecyy. pepa opopyex exoo c oep, ca eaopoaa popa. e o opaa oc aeee epea exoo yaae cpa, cepae, a opao, x oeoo oe aa.

C oo xooo o cpa OOM ocoa, o oe opo oe ac yc a pe. B acoee pe, o oy, e poecc oppoa "Hooo opya", pyo eyapoo opaa, oopa copaec ocao oo oex exoo cpa, oope e pac ea opaa.

B o cyae copa oa CA ooe cpaeecx oapo peypyec paec e ao o cope (Export Administration Act), Ao o opoe a copo oopye (Arms Ex port Control Act), Ao o aoo ep (Atomic Energy Act) Ao o epacpocpae epx oop y e (Nuclear Non-Proliferation Act). opo, ycaoe aooaeco, peayec c o o ox oaox ao, o x e ooppye pyo. Ce opaa, a oee cy, ocyec opo, aco x eeoc epepaec oye.

oopoe exoo yppy ecox ccax. popa, o pa oocac oopye, oec epee oopye CA ( U.S. Munitions List, USML), Meyapoo epee oopye (International Munitions List, IML), epee opo a opoe (Commerce Control List, CCL) Meyapoo poeo epee ( International Industrial List, IIL). oceapae oeae a USML, o yyec a ac Peypoa eyapooo paa opy (International Traffic in Arms Regula tions, ITAR) [466, 467].

cop popa CA opopyec y paece opaa. Oo ec oe o ypae copo (Bureau of Export Administration, BXA) Mcepce opo, yoo oe paa peypoa copa ( Export Administration Regulations, EAR). pya - o pae e o peypoa poa cpec oopo (Office of Defense Trade Controls, DTC) ocyapceo eapaee, yoooeoe ITAR. o oy peoa BXA Mcepca opo eee cpo, o caaa ec popaec cop pocapaec DTC oceapaea (oopoe oyae coe o exe aoao eoacoc o NSA , aec, cea ceye coea ), oopoe oe oa a epea pao pee BXA.

ITAR peypye o poecc. (o 1990 oa paee DTC aaoc paee o opo a oopyee, ooo, yc oac "a pe" apae a o, o a, o ee eo c oa ya.) copec DTC copooc ae copx e a cpeca poa cee opeeeoo ypo - xo o o, ao o ypoe, oa e cooaoc.

Ceye pae ITAR [466, 467]:

120.10 Texece ae.

Texece ae - o, acoe oye :

(1) opa, oa o popaoo oecee, opeeeoo 120.10(d), oopa ya poepoa, papao, pooca, opao, ooe, cop, pao, peoa, oep oa cpec oopo.

o, apep, opa ope ceoo, epee, oopa, ao, cpy oye a;

(2) Cepea opa, acaac cpec oopo oopoo eeoc ;

(3) opa, oxaaea ocaoee o acepea opee ;

(4) popaoe oeceee, opeeeoe paee 121.8(f) eocpeceo caoe co cpeca oopo (5) o opeeee e ae opa, acayc oeayx, aeaecx eepx p o, oo yaex oeocyx oax, oeax yepceax, a opeeeo 120.11. Oo ae e ae aoy poy opa o y, aae oecceo oca cpec oopo.

120.11 Op ocy.

Op ocy ooaae opa, oopa oyoaec oe oeocyo :

(1) C oo poa ocax x aaax ;

(2) C oo oc, oopa ocya e opae oo, o xoe oy popec oy o ay opa;

(3) C oo oox pe opoo acca, ax paeco CA ;

(4) B oeax, opx y, oopx ya oe oy oye ;

(5) C oo aeo, ocyx o aeo oope ;

(6) C oo eopaeoo pacpocpae a oepe, cpee, ceape, peea cae, o c yx oo ye Coeex aax ;

(7) C oo cooe ea (.e., eopaeoe pacpocpaee) o ope (apep, eoaeo oyoao), oopex oee opaa CA (c. ae 125.4(b)(13)).

(8) C oo yaeax cceoa aye exe apeoax cx yex aeex CA, e oyea opa oo yyec poo pacpocpaec ayo cooece. yaea aac aoe pae cceoa aye exe, oa oyea opa oo yye c poo pacpocpaec ayo cooece oe o cceoa, peya oopx e paaac -a pa coceoc opeeeoo opo ocya pacpocpae paeco CA. epcece cce oa e cac yaea, ec :

(i) epce eo cceoae coaac c py opae a ya ayo-execo opa, oyeo peyae pao a poeo, (ii) cceoa acpyc paeco CA, a ocy peyaa cceoa x pacpocpaee a xoc opae c e a opa.

120.17 cop.

o copo oaec:

(1) epeaa o cpec oopo a pee Coeex ao cocoo, poe yeec a p e e Coeex ao a, e a a exece ae ;

(2) epeaa ocpaoy y pa pecpa, ypae coceoc a o caoe, cyo cy , pcycy epee oopye CA, Coeex aax a x peea ;

(3) Pacpe ( o ce ycoe yaoe ) epeaa Coeex aax x cpec oopo oco cy, ypee opaee ocpaoo paeca (apep, oaec cc );

(4) Pacpe ( o ce ycoe yaoe) epeaa execx ax ocpaoy y Coeex aax a x peea;

(5) Boee oopoo eeoc o e o ocpaoo a Coeex aax a x peea.

(6) aycae aapa oea apya e o, p ayce aoo aapaa, paccapac a cop.

Pages:     | 1 || 3 |



2011 www.dissers.ru -

, .
, , , , 1-2 .