Capacidad
para corroborar que es cierta la reivindicación de que ocurrió un cierto suceso
o se realizó una cierta acción por parte de las entidades que lo originaron. [UNE-ISO/IEC
27000:2014]
Con la
expresión "no repudio" se hace referencia a la capacidad de afirmar
la autoría de un mensaje o información, evitando que el autor niegue la
existencia de su recepción o creación. Entre sus características está:
·
Comprobar la creación y origen de
los contenidos.
·
Poseer documentos que acrediten el
envío o recepción de mensajes.
·
Comprobar el envío o recepción de
llamadas, etc.
http://www.inteco.es/glossary/Formacion/Glosario/
El no repudio
o irrenunciabilidad es un servicio de seguridad que permite probar la
participación de las partes en una comunicación. [CCN-STIC-405:2006]
Servicio de
seguridad (OSI ISO-7498-2) que previene que un emisor niegue haber remitido un
mensaje (cuando realmente lo ha emitido) y que un receptor niegue su recepción
(cuando realmente lo ha recibido).
En el primer
caso el no repudio se denomina en origen y en el segundo en destino.
[Ribagorda:1997]
Servicio de
seguridad que provee al receptor de los datos de una prueba del origen de los
mismos, que puede usarse ante intentos del emisor de negar su remisión
(ISO-7498-2) [Ribagorda:1997]
Servicio de
seguridad que provee al emisor de los datos de una prueba de la recepción de
los mismos, que puede usarse ante intentos del destinatario de negar su
recepción (ISO-7498-2) [Ribagorda:1997]
Servicio de
seguridad que asegura que el origen de una información no puede rechazar su
transmisión o su contenido, y/o que el receptor de una información no puede
negar su recepción o su contenido. [CESID:1997]
ability to prove the
occurrence of a claimed event or action and its originating entities [ISO/IEC 27000:2014]
Protection against an
individual falsely denying having performed a particular action. Provides the
capability to determine whether a given individual took a particular action
such as creating information, sending a message, approving information, and
receiving a message. [NIST-SP800-53:2013]
Assurance that the sender of
information is provided with proof of delivery and the recipient is provided
with proof of the sender’s identity, so neither can later deny having processed
the information.
NIST 800-53: Protection
against an individual falsely denying having performed a particular action.
Provides the capability to determine whether a given individual took a
particular action such as creating information, sending a message, approving
information, and receiving a message.
[CNSSI_4009:2010]
1. (I) A security service
that provide protection against false denial of involvement in an association
(especially a communication association that transfers data). (See: repudiation, time stamp.)
[RFC4949:2007]
(I) A security service that
provides the recipient of data with evidence that proves the origin of the data,
and thus protects the recipient against an attempt by the originator to falsely
deny sending the data. (See:
non-repudiation service.) [RFC4949:2007]
(I) A security service that
provides the originator of data with evidence that proves the data was received
as addressed, and thus protects the originator against an attempt by the
recipient to falsely deny receiving the data. (See: non-repudiation service.)
[RFC4949:2007]
A service that is used to
provide assurance of the integrity and origin of data in such a way that the
integrity and origin can be verified by a third party as having originated from
a specific entity in possession of the private key of the claimed signatory. [NIST-SP800-57:2007]
Protection from denial by
one of the entities involved in a communication of having participated in all
or part of the communication. [H.235:2005]
Assurance that the sender of
information is provided with proof of delivery and the recipient is provided
with proof of the senders identity, so neither can later legitimately deny
having processed, stored, or transmitted the information. [NIST-SP800-60V2:2004]
A sequence of one or more transfers of non-repudiation information
(NRI) for the purpose of non-repudiation. [ISO-13888-1:2004]
A set of information that
may consist of the information about an event or action for which evidence is
to be generated and verified, the evidence itself, and the non-repudiation
policy in effect. [ISO-13888-1:2004]
This service is intended to
protect against an entity's false denial of having created the content of a
message (i.e. being responsible for the content of a message). [ISO-13888-1:2004]
security service in which
the sender of data is provided with proof of delivery of data
NOTE 1. This will protect
against any subsequent attempt by the recipient to falsely deny receiving the
data or its contents.
NOTE 2. Adapted from
ISO-7498-2 | CCIT Rec. X.800.
[ISO-18028-2:2006]
This service is intended to
protect against a recipient's false denial of having received the message and
recognized the content of a message. [ISO-13888-1:2004]
This service is intended to
protect against a recipient's false denial of having taken notice of the
content of a received message. [ISO-13888-1:2004]
security service in which
the recipient of data is provided with proof of the origin of data
NOTE 1. This will protect
against any attempt by the sender to falsely deny sending the data or its
contents.
NOTE 2. Adapted from
ISO-7498-2 | CCIT Rec. X.800.
[ISO-18028-2:2006]
This service is intended to
protect against the originator's false denial of having created the content of
a message and of having sent a message. [ISO-13888-1:2004]
This service is intended to
protect against a recipient's false denial of having received a message. [ISO-13888-1:2004]
This service is intended to
protect against the sender's false denial of having sent a message. [ISO-13888-1:2004]
This service is intended to
provide evidence that a delivery authority has accepted the message for
transmission. [ISO-13888-1:2004]
This service is intended to
provide evidence for the message originator that a delivery authority has
delivered the message to the intended recipient. [ISO-13888-1:2004]
A set of criteria for the
provision of non-repudiation services. More specifically, a set of rules to be
applied for the generation and verification of evidence and for adjudication. [ISO-13888-1:2004]
A special type of security token
as defined in ISO/IEC ISO-10181-1 consisting of evidence, and, optionally, of
additional data. [ISO-13888-1:2004]
This service is intended to
protect against a recipient's false denial of [ISO-13888-1:2004]
Non-repudiation of delivery
token. A data item which allows the originator to establish non-repudiation of
delivery for a message. [ISO-13888-1:2004]
Non-repudiation of origin
token. A data item which allows recipients to establish non-repudiation of
origin for a message. [ISO-13888-1:2004]
Non-repudiation of
submission token. A data item which allows either the originator (sender) or
the delivery authority to establish non-repudiation of submission for a message
having been submitted for transmission. [ISO-13888-1:2004]
Non-repudiation of transport
token. A data item which allows either the originator or the delivery authority
to establish non-repudiation of transport for a message. [ISO-13888-1:2004]
the ability to prove an
action or event has taken place, so that this event or action cannot be
repudiated later. [ISO-13888-1:2004]
[ISO-7498-2:1989]
The Non-repudiation Security
Dimension provides means for preventing an individual or entity from denying
having performed a particular action related to data by making available proof
of various network-related actions (such as proof of obligation, intent, or
commitment; proof of data origin, proof of ownership, proof of resource use).
It ensures the availability of evidence that can be presented to a third party
and used to prove that some kind of event or action has taken place. [X.805:2003]
Non-repudiation is the
ability for a system to prove that a specific user and only that specific user
sent a message and that it hasn't been modified.
http://www.sans.org/security-resources/glossary-of-terms/
Service de sécurité
dont l'objectif est de générer, récolter, maintenir, rendre disponible et
valider l'évidence (information utilisée pour établir une preuve) concernant un
évènement ou une action revendiquée afin de résoudre les possibles disputes sur
l'occurrence ou non de l'évènement ou de l'action. [ISO-13888-1:2004]