Trusted third parties

具公信力第三者(trusted third parties)

We start our enquiry with a brief and very basic examination of an established intermediary function and entity, that of the trusted third party in a Public Key Infrastructure security system.

一開始，我們以基本簡要方式檢討已確立的中介者功能與主體，亦即公鑰基礎建 設(Public Key Infrastructure)安全系統中的具公信力第三者。

In cryptography, the term “trusted third party” (TTP) is applied to an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. TTPs are common in systems involving cryptographic protocols, for example, a certificate authority (CA).

在密碼學中，具公信力第三者(trusted third party, TTP)是由交易雙方所信任，而促 成交易的第三者主體；交易雙方使用這項信任，以保障其交易。TTPs 在涉及密碼協定 的系統中很常見，例如憑證管理中心(certificate authority, CA)。⁵²

People who wish to communicate confidentially and securely with each other encrypt their messages so that only the two parties hold the necessary keys to decrypt them and render them legible. The problem with traditional encryption systems was that passing the key from one person to another was a relatively insecure process. The key exchange could be intercepted by a hostile third party.

人們希望秘密通訊，以及安全地互相針對訊息加密，使持有必要解密鑰匙的這二 方才能解密讀取訊息。傳統加密系統的問題在於，由一方傳遞鑰匙到另一方，相對上 是一個不安全的過程。惡意第三者可能會截取鑰匙的交換。

Public key cryptography provided a solution to this problem. It involves the use of one key to encrypt a message and a second related key to decrypt it. The two keys are matched:

one is publicly accessible, like the telephone number of a listed telephone subscriber. The other key is held privately and exclusively by the owner of the keys. Using this system, the sender of the secret message can look up the public key of the intended recipient and encrypt the message with that key. When it is received by the intended recipient he is able to decrypt the message with his privately held key.

公鑰密碼提供了這個問題的解決方案。其中涉及使用一份鑰匙加密訊息，以及一 份相關的解密鑰匙。這二份鑰匙是相互配對：一份是公開可得，如同電話目錄上的電 話號碼。另一份鑰匙只由鑰匙所有人私下持有。使用這套系統，秘密訊息送件人可以 查到收件人的公鑰，並以公鑰加密訊息。當收件人收到訊息，便能以他的私鑰解密訊 息。

52 A Certification Authority (CA) is a body, either public or private, that seeks to fill the need for trusted third party services in electronic commerce by issuing digital certificates that attest to some fact about the subject of the certificate. Information available at

<http://www.law.miami.edu/%7Efroomkin/articles/trustedf.htm - ENDNOTE22>.

憑證管理中心(certificate authority, CA)是一種公立或私人主體，經由發出數位認證，以證 明被認證者某些事實，而滿足電子商務中對具公信力第三者服務之需求。資訊可見於

<http://www.law.miami.edu/%7Efroomkin/articles/trustedf.htm - ENDNOTE22>。

The issue which this process obviously threw up was how far the sender could be sure that the publicly accessible number was indeed the number of the intended recipient. If it was not, the message transmission would fail. The solution involved the services of a trusted third party to guarantee the accuracy of the public key as being that of the intended recipient.

Consider the following example:

顯然這個過程產生一個問題，送件人如何能確定公開號碼實際上就是收件人的號 碼。如果不是，訊息傳遞將會失敗。解決方案涉及了具公信力第三者的服務，以確保 公鑰收件人的正確性。考慮以下例子：

Suppose Alice and Bob wish to communicate securely — they may choose to use cryptography. Without ever having met Bob, Alice may need to obtain a key to use to encrypt messages to him. In this case, a TTP is a third party who may have previously seen Bob (in person), or is otherwise willing to vouch that this key (typically in an identity certificate) belongs to the person indicated in that certificate, in this case, Bob. (In discussions, this third person is often called “Trent”.) Trent gives it to Alice, who then uses it to send secure messages to Bob. Alice can trust this key to be Bob’s if and only if she trusts Trent. In such discussions, it is simply assumed that she has valid reasons to do so.

假設 Alice 與 Bob⁵³想要安全地通訊－他們可以選擇使用密碼。Alice 沒有與 Bob 會面，因此需要獲得一份鑰匙，針對給 Bob 的訊息加密。在這個情形，一個 TTO 可能 是先前當面見過 Bob 的第三者，或者是願意保證這份鑰匙屬於證書上的人，亦即本例 中的 Bob。（在討論中，這個第三者通常稱為 Trent）。Trent 將鑰匙給予 Alice，Alice 之後可以使用它寄送安全訊息給予 Bob。只要 Alice 信任 Trent，Alice 就可以信任這是 Bob 的鑰匙。在這些討論中，是直接假設她有正確理由這樣做。

An important reference text on the function and responsibilities of trusted third parties is the Technical Report of ISO/ IEC entitled “Guidelines for the use and management of Trusted Third Party services.” The introduction to the report describes the subject matter as follows:

關於具公信力第三者的功能與責任，ISO/ IEC 的技術報告是一份重要參考文件，

其 名 稱 為 「 具 公 信 力 第 三 者 服 務 之 使 用 與 管 理 準 則 」 (Guidelines for the use and management of Trusted Third Party services) ⁵⁴。這份報告導論中所描述的主題如下：

“Achievement of adequate levels of business confidence in the operation of IT systems is underpinned by the provision of practical and appropriate legal and technical controls.

Business must have confidence that IT systems will offer positive advantages and that such systems can be relied upon to sustain business obligations and create business opportunities.

「在資訊科技系統運作上達到適當水準的商業信任，有賴於提供實用而適當的法 律與技術控制。商業界必須信任資訊科技系統能夠提供積極優點，而且在維持商 業義務與創造商機上能依賴該系統。

53 For those readers unfamiliar with the parlance of cryptographers, Alice and Bob are the standard names for the different actors in a particular interaction. There are a series of other such names.

對不熟悉解密用語的讀者，Alice 與 Bob 是特定互動中不同行為人的標準名稱。而其他類 似的名稱也有很多。

54 Information technology – Security techniques - Guidelines for the use and management of Trusted Third Party services, Technical Report Document ISO/IEC TR 14516, 2002.

An exchange of information between two entities implies an element of trust, e.g. with the recipient assuming that the identity of the sender is in fact the sender, and in turn, the sender assuming that the identity of the recipient is in fact the recipient for whom the information is intended. This “implied element of trust” may not be enough and may require the use of a Trusted Third Party (TTP) to facilitate the trusted exchange of information. The role of TTPs includes providing assurance that business and other trustworthy (e.g. governmental activities) messages and transactions are being transferred to the intended recipient, at the correct location, that messages are received in a timely and accurate manner, and that for any business dispute that may arise, there exist appropriate methods for the creation and delivery of the required evidence for proof of what happened. Services provided by TTPs may include those necessary for key management, certificate management, identification and authentication support, privilege attribute service, non-repudiation, time stamping services, electronic public notary services, and directory services. TTPs may provide some or all of these services.

二個主體之間的資訊交往意味著信任，例如收件人假設送件者的身分事實上就是 這位送件者，而送件者假設收件者的身分就是這項資訊預定的收件者。這種「默 示的信任要件」(implied element of trust)可能有所不足，而可能需要使用具公信力 第三者(Trusted Third Party, TTP)促成受委託的資訊交流。TTPs 的角色包含確保商 業性與其他可靠（例如政府活動）訊息與交易將能夠傳遞到預定的收件者及正確 地點，以及訊息能夠以及時與正確方式接收，以及關於可能發生的商業爭端，有 適當方法提出證明事件發生的必要證據。TTPs 可能提供以下事項所需的服務：鑰 匙管理、證書管理、識別與認證支援、權限屬性(privilege attribute)服務、不可否 認(non-repudiation services)服務與時間戳記服務(time stamping services)、電子公證 服務，以及目錄服務。TTPs 可能提供以上部分或全部的服務。

A TTP has to be designed, implemented and operated to provide assurance in the security services it provides, and to satisfy applicable legal and regulatory requirements.

The types and levels of protection adopted or required will vary according to the type of service provided and the context within which the business application is operating.”

TTP 必須設計、執行並運作，以確保所提供的安全服務，並且滿足相關的法律與 管制要求。所採取或所需的的保護類型與層級，取決於服務類型。以及商務應用 的運作情境。」

The report then proceeds to list the key requirements of an effective trusted third party:

接下來這份報告列舉了具公信力第三者在效能上的關鍵要求條件：

(a) operate within a legal framework which is consistent among the participating entities;

(a)在當事主體之間相容的法律架構中運作；

(b) offer a range of services, with minimum services clearly defined;

(b)提供一定範圍的服務，明確界定最基本的服務項目；

(c) have defined policies, in particular a public security policy;

(c)已定出政策，尤其是公共安全政策(public security policy )；

(d) be managed and operated in a secure and reliable manner, based on an information security management system and trustworthy IT systems;

(d)基於資訊安全管理系統及可靠的資訊科技系統，以安全可靠方式進行管理及運 作；

(e) conform to national and international standards, where applicable;

(e)遵守相關國內與國際標準；

(f) follow an accepted best code of practice;

(f)遵循獲得認可的最佳作業準則(best code of practice)；

(g) publish practice statements;

(g)公布作業聲明；

(h) record and archive all evidence relevant to their services;

(h)將一切與服務相關的證據加以記錄與建檔；

(i) allow for independent arbitration, without compromising security;

(i)在不危害安全下允許獨立仲裁；

(j) be independent and impartial in their operation, (e.g. accreditation rules); and (j)在運作上保持獨立不偏頗（例如認證規則）；且

(k) assume responsibility of liability within defined limits for availability and quality of service.

(k)對於服務的可取用性與品質承擔有限度責任。

Obviously, the element of trust is fundamental to the role of the trusted third party. The report describes this as follows, identifying the essential trust components of the entity in question:

信任顯然是具公信力第三者角色的根本要件。這份報告接下來的描述指出了該主 體的信任基本內涵：

“The use of a TTP and its services depends on the fundamental observation that the services provided by the TTP will be trusted by other TTPs and entities. This trust results from the confidence that the TTP is managed correctly and its services are operated securely. Therefore it should give assurance that the TTP itself and the services it provides are according to the defined policies. Especially, the security policy should cover all security aspects related to the management of the TTP and the operation of the services.

「TTP及其服務的運用，取決於該TTP的服務能夠受到其他TTPs與主體所信任。

這項信任來自於相信該TTP有正確的管理及安全的服務運作。因此TTP本身與其 服務，必須保證能遵循明確的政策。尤其是，安全政策應涵蓋TTP管理與服務運 作所有的相關安全面向。

The confidence can be established through evidence of the management and operational TTP aspects. Evidence should be given that the management aspects are proper and sufficient to completely achieve the objectives, that the management system is effective, suitable to minimise risks and to counter threats, and the safeguards are documented and understood by personnel, not outdated or superseded and are implemented properly.

TTP 在各面向上的管理及運作證據，能夠建立這項信任。應該提出的證據是，在 各管理面向上能適當充分完成這些目標，以及管理系統能恰當有效將風險控制到 最少，並能反制威脅，以及安全措施有明文規定，為 TTP 人員所了解，沒有落伍 過時，而且能適當執行。

To gain confidence in the management and operational aspects a TTP especially should provide evidence that:

為了在管理及運作面向上獲得信任，TTP 應特別提供以下證據：

(a) there is an appropriate Security Policy in place;

(a)已有適當安全政策；

(b) security problems have been addressed by a combination of correctly implemented security procedures and mechanisms;

(b 以正確執行的安全程序與機制處理安全問題；

(c) the operations are being carried out correctly and in keeping with a clearly defined set of roles and responsibilities;

(c)運作上的實施正確，並且符合明確的角色與責任；

(d) the interfaces and procedures for communicating with entities are appropriate for the functions to be performed and are correctly used;

(d)與其他主體的通訊介面與程序，適合 TTP 所執行的功能，並且運用得當；

(e) rules and regulations are followed by management and staff, and are consistent with a stated or targeted level of trustworthiness;

(e)規則與管制規定為管理人員與職員所遵循，並且符合所宣稱或預定的信任層

(e)規則與管制規定為管理人員與職員所遵循，並且符合所宣稱或預定的信任層