Ver:
· Repudio
· Prueba
Capacidad
para corroborar que es cierta la reivindicación de que ocurrió un cierto suceso
o se realizó una cierta acción por parte de las entidades que lo originaron. [UNE-ISO/IEC
27000:2014]
Con la
expresión "no repudio" se hace referencia a la capacidad de afirmar
la autoría de un mensaje o información, evitando que el autor niegue la
existencia de su recepción o creación. Entre sus características está:
· Comprobar la creación y origen de los contenidos.
· Poseer documentos que acrediten el envío o recepción de mensajes.
· Comprobar el envío o recepción de llamadas, etc.
http://www.inteco.es/glossary/Formacion/Glosario/
El no repudio
o irrenunciabilidad es un servicio de seguridad que permite probar la
participación de las partes en una comunicación. [CCN-STIC-405:2006]
Servicio de
seguridad (OSI ISO-7498-2) que previene que un emisor niegue haber remitido un
mensaje (cuando realmente lo ha emitido) y que un receptor niegue su recepción
(cuando realmente lo ha recibido).
En el primer
caso el no repudio se denomina en origen y en el segundo en destino.
[Ribagorda:1997]
Servicio de
seguridad que provee al receptor de los datos de una prueba del origen de los
mismos, que puede usarse ante intentos del emisor de negar su remisión
(ISO-7498-2) [Ribagorda:1997]
Servicio de
seguridad que provee al emisor de los datos de una prueba de la recepción de
los mismos, que puede usarse ante intentos del destinatario de negar su
recepción (ISO-7498-2) [Ribagorda:1997]
Servicio de
seguridad que asegura que el origen de una información no puede rechazar su
transmisión o su contenido, y/o que el receptor de una información no puede
negar su recepción o su contenido. [CESID:1997]
ability to prove
the occurrence of a claimed event or action and its originating entities [ISO/IEC
27000:2014]
Protection
against an individual falsely denying having performed a particular action.
Provides the capability to determine whether a given individual took a
particular action such as creating information, sending a message, approving
information, and receiving a message. [NIST-SP800-53:2013]
Assurance that
the sender of information is provided with proof of delivery and the recipient
is provided with proof of the senders identity, so neither can later deny
having processed the information.
NIST 800-53:
Protection against an individual falsely denying having performed a particular
action. Provides the capability to determine whether a given individual took a
particular action such as creating information, sending a message, approving information,
and receiving a message.
[CNSSI_4009:2010]
1. (I) A security
service that provide protection against false denial of involvement in an
association (especially a communication association that transfers data). (See: repudiation, time stamp.)
[RFC4949:2007]
(I) A security
service that provides the recipient of data with evidence that proves the
origin of the data, and thus protects the recipient against an attempt by the
originator to falsely deny sending the data. (See: non-repudiation service.)
[RFC4949:2007]
(I) A security
service that provides the originator of data with evidence that proves the data
was received as addressed, and thus protects the originator against an attempt
by the recipient to falsely deny receiving the data. (See: non-repudiation service.)
[RFC4949:2007]
A service that is
used to provide assurance of the integrity and origin of data in such a way
that the integrity and origin can be verified by a third party as having
originated from a specific entity in possession of the private key of the
claimed signatory. [NIST-SP800-57:2007]
Protection from
denial by one of the entities involved in a communication of having
participated in all or part of the communication. [H.235:2005]
Assurance that
the sender of information is provided with proof of delivery and the recipient
is provided with proof of the senders identity, so neither can later
legitimately deny having processed, stored, or transmitted the information. [NIST-SP800-60V2:2004]
A sequence of one
or more transfers of non-repudiation
information (NRI) for the purpose of non-repudiation. [ISO-13888-1:2004]
A set of
information that may consist of the information about an event or action for
which evidence is to be generated and verified, the evidence itself, and the
non-repudiation policy in effect. [ISO-13888-1:2004]
This service is
intended to protect against an entity's false denial of having created the
content of a message (i.e. being responsible for the content of a message). [ISO-13888-1:2004]
security service
in which the sender of data is provided with proof of delivery of data
NOTE 1. This will
protect against any subsequent attempt by the recipient to falsely deny
receiving the data or its contents.
NOTE 2. Adapted
from ISO-7498-2 | CCIT Rec. X.800.
[ISO-18028-2:2006]
This service is
intended to protect against a recipient's false denial of having received the
message and recognized the content of a message. [ISO-13888-1:2004]
This service is
intended to protect against a recipient's false denial of having taken notice
of the content of a received message. [ISO-13888-1:2004]
security service
in which the recipient of data is provided with proof of the origin of data
NOTE 1. This will
protect against any attempt by the sender to falsely deny sending the data or
its contents.
NOTE 2. Adapted
from ISO-7498-2 | CCIT Rec. X.800.
[ISO-18028-2:2006]
This service is
intended to protect against the originator's false denial of having created the
content of a message and of having sent a message. [ISO-13888-1:2004]
This service is
intended to protect against a recipient's false denial of having received a
message. [ISO-13888-1:2004]
This service is
intended to protect against the sender's false denial of having sent a message.
[ISO-13888-1:2004]
This service is
intended to provide evidence that a delivery authority has accepted the message
for transmission. [ISO-13888-1:2004]
This service is
intended to provide evidence for the message originator that a delivery
authority has delivered the message to the intended recipient. [ISO-13888-1:2004]
A set of criteria
for the provision of non-repudiation services. More specifically, a set of
rules to be applied for the generation and verification of evidence and for
adjudication. [ISO-13888-1:2004]
A special type of
security token as defined in ISO/IEC ISO-10181-1 consisting of evidence, and,
optionally, of additional data. [ISO-13888-1:2004]
This service is
intended to protect against a recipient's false denial of [ISO-13888-1:2004]
Non-repudiation
of delivery token. A data item which allows the originator to establish
non-repudiation of delivery for a message. [ISO-13888-1:2004]
Non-repudiation
of origin token. A data item which allows recipients to establish non-repudiation
of origin for a message. [ISO-13888-1:2004]
Non-repudiation
of submission token. A data item which allows either the originator (sender) or
the delivery authority to establish non-repudiation of submission for a message
having been submitted for transmission. [ISO-13888-1:2004]
Non-repudiation
of transport token. A data item which allows either the originator or the
delivery authority to establish non-repudiation of transport for a message. [ISO-13888-1:2004]
the ability to
prove an action or event has taken place, so that this event or action cannot
be repudiated later. [ISO-13888-1:2004]
[ISO-7498-2:1989]
The
Non-repudiation Security Dimension provides means for preventing an individual
or entity from denying having performed a particular action related to data by
making available proof of various network-related actions (such as proof of
obligation, intent, or commitment; proof of data origin, proof of ownership,
proof of resource use). It ensures the availability of evidence that can be
presented to a third party and used to prove that some kind of event or action
has taken place. [X.805:2003]
Non-repudiation
is the ability for a system to prove that a specific user and only that
specific user sent a message and that it hasn't been modified.
http://www.sans.org/security-resources/glossary-of-terms/
Service de sécurité
dont l'objectif est de générer, récolter, maintenir, rendre disponible et valider
l'évidence (information utilisée pour établir une preuve) concernant un
évènement ou une action revendiquée afin de résoudre les possibles disputes sur
l'occurrence ou non de l'évènement ou de l'action. [ISO-13888-1:2004]
Temas relacionados