SANS 18014-1-2009 Information technology - Security techniques - Time stamping services Part 1 Framework《信息技术 安全技术 时间标记服务；第1部分 框架》.pdf

1、 Collection of SANS standards in electronic format (PDF) 1. Copyright This standard is available to staff members of companies that have subscribed to the complete collection of SANS standards in accordance with a formal copyright agreement. This document may reside on a CENTRAL FILE SERVER or INTRA

2、NET SYSTEM only. Unless specific permission has been granted, this document MAY NOT be sent or given to staff members from other companies or organizations. Doing so would constitute a VIOLATION of SABS copyright rules. 2. Indemnity The South African Bureau of Standards accepts no liability for any

3、damage whatsoever than may result from the use of this material or the information contain therein, irrespective of the cause and quantum thereof. ISBN 978-0-626-22027-3 SANS 18014-1:2009 Edition 2 ISO/IEC 18014-1:2008 Edition 2 SOUTH AFRICAN NATIONAL STANDARD Information technology Security techniq

4、ues Time-stamping services Part 1: Framework This national standard is the identical implementation of ISO/IEC 18014-1:2008 and is adopted with the permission of the International Organization for Standardization and the International Electrotechnical Commission. Published by SABS Standards Division

5、 1 Dr Lategan Road Groenkloof envelopeback Private Bag X191 Pretoria 0001 Tel: +27 12 428 7911 Fax: +27 12 344 1568 www.sabs.co.za SABS SANS 18014-1:2009 Edition 2 ISO/IEC 18014-1:2008 Edition 2 Table of changes Change No. Date Scope National foreword This South African standard was approved by Nati

6、onal Committee SABS SC 71F, Information technology Information security, in accordance with procedures of the SABS Standards Division, in compliance with annex 3 of the WTO/TBT agreement. This SANS document was published in June 2009. This SANS document supersedes SANS 18014-1:2004 (edition 1). Refe

7、rence numberISO/IEC 18014-1:2008(E)ISO/IEC 2008INTERNATIONAL STANDARD ISO/IEC18014-1Second edition2008-09-01Information technology Security techniques Time-stamping services Part 1: Framework Technologies de linformation Techniques de scurit Services destampillage de temps Partie 1: Cadre gnral SANS

8、 18014-1:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 18014-1:2008(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be

9、edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is

10、a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member

11、 bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2008 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or

12、 by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E

13、-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2008 All rights reservedSANS 18014-1:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 18014-1:2008(E) ISO/IEC 2008 All rights reserved iiiContents Page Fore

14、word iv Introduction v 1 Scope 1 2 Normative references 1 3 Terms and definitions .1 4 Symbols and abbreviated terms 4 5 General4 5.1 Background and Summary .4 5.2 Services involved in Time-stamping5 5.3 Entities of the Time-Stamping Process.5 5.4 Use of Time-Stamps 5 5.5 Generation of a Time-Stamp

15、Token .6 5.6 Verification of a Time-Stamp Token.6 5.7 Time-Stamp renewal6 6 Communications between entities involved.7 6.1 Time-Stamp Request Transaction7 6.2 Time-Stamp Verification Transaction 8 7 Message Formats.8 7.1 Time-stamp request.9 7.2 Time-stamp response10 7.3 Time-stamp verification 12 7

16、.4 Extension fields .12 7.4.1 ExtHash extension.12 7.4.2 ExtMethod extension.13 7.4.3 ExtRenewal extension.13 Annex A (normative) ASN.1 Module for time-stamping 14 Annex B (normative) Excerpt of the Cryptographic Message Syntax .20 B.1 Introduction20 B.2 General Overview.20 B.3 General Syntax.20 B.4

17、 Data Content Type .21 B.5 Signed-data Content Type 21 B.5.1 SignedData Type22 B.5.2 EncapsulatedContentInfo Type23 B.5.3 SignerInfo Type23 B.5.4 Message Digest Calculation Process 25 B.5.5 Signature Generation Process .25 B.5.6 Signature Verification Process.25 B.6 Useful Attributes26 B.6.1 Content

18、 Type26 B.6.2 Message Digest26 B.6.3 Countersignature.27 Bibliography 28 SANS 18014-1:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 18014-1:2008(E) iv ISO/IEC 2008 All rights reservedForeword ISO (the International Organization

19、for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective

20、organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information tec

21、hnology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standa

22、rds adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the su

23、bject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 18014-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. This second edition cancels and replaces the f

24、irst edition (ISO/IEC 18014-1:2002), which has been technically revised. ISO/IEC 18014 consists of the following parts, under the general title Information technology Security techniques Time-stamping services: Part 1: Framework Part 2: Mechanisms producing independent tokens Part 3: Mechanisms prod

25、ucing linked tokens SANS 18014-1:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 18014-1:2008(E) ISO/IEC 2008 All rights reserved vIntroduction The International Organization for Standardization (ISO) and International Electrotech

26、nical Commission (IEC) draw attention to the fact that it is claimed that compliance with this International Standard may involve the use of patents. ISO and IEC take no position concerning the evidence, validity and scope of these patent rights. The holders of these patent rights have assured ISO a

27、nd IEC that they are willing to negotiate licences under reasonable and non-discriminatory terms and conditions with applicants throughout the world. In this respect, the statements of the holders of these patent rights are registered with ISO and IEC. Information may be obtained from: ISO/IEC JTC 1

28、/SC 27 Standing Document 8 (SD 8) “Patent Information“ SD 8 is publicly available at: http:/www.din.de/ni/sc27 Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of patent rights other than those identified above. ISO and IEC shall not b

29、e held responsible for identifying any or all such patent rights. SANS 18014-1:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .SANS 18014-1:2009This s tandard may only be used and printed by approved subscription and freemailing clients o

30、f the SABS .INTERNATIONAL STANDARD ISO/IEC 18014-1:2008(E) ISO/IEC 2008 All rights reserved 1Information technology Security techniques Time-stamping services Part 1: Framework 1 Scope This part of ISO/IEC 18014: identifies the objective of a time-stamping authority; describes a general model on whi

31、ch time-stamping services are based; defines time-stamping services; defines the basic protocols between the involved entities. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For

32、undated references, the latest edition of the referenced document (including any amendments) applies. ISO 8601, Data elements and interchange formats Information interchange Representation of dates and times ISO/IEC 10118 (all parts), Information technology Security techniques Hash-functions 3 Terms

33、 and definitions For the purposes of this document, the following terms and definitions apply. 3.1 certification authority CA centre trusted to create and assign public key certificates NOTE Optionally, the certification authority can create and assign keys to the entities. ISO/IEC 11770-1:1996 SANS

34、 18014-1:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 18014-1:2008(E) 2 ISO/IEC 2008 All rights reserved3.2 collision-resistant hash-function hash-function satisfying the following property: it is computationally infeasible to

35、find any two distinct inputs which map to the same output NOTE Computational feasibility depends on the specific security requirements and environment. ISO/IEC 10118-1:2000 3.3 data items representation data item or some representation thereof such as a cryptographic hash value 3.4 digital signature

36、 data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the origin and integrity of the data unit and protect the sender and the recipient of the data unit against forgery by third parties and sender against forgery by the recipient ISO/

37、IEC 11770-3:1999 3.5 entity authentication corroboration that an entity is the one claimed ISO/IEC 9798-1:1997 3.6 hash-function function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties: it is computationally infeasible to find for a given output,

38、an input which maps to this output; it is computationally infeasible to find for a given input, a second input which maps to the same output NOTE Computational feasibility depends on the specific security requirements and environment. ISO/IEC 10118-1:2000 3.7 hash value string of bits which is the o

39、utput of a hash-function NOTE Identical to the definition of hash-code in ISO/IEC 10118-1:2000. 3.8 private key that key of an entitys asymmetric key pair which should only be used by that entity ISO/IEC 11770-1:1996 3.9 public key that key of an entitys asymmetric key pair which can be made public

40、ISO/IEC 11770-1:1996 SANS 18014-1:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 18014-1:2008(E) ISO/IEC 2008 All rights reserved 33.10 public key certificate public key information of an entity signed by the certification author

41、ity and thereby rendered unforgeable ISO/IEC 11770-1:1996 3.11 sequence number time variant parameter whose value is taken from a specified sequence which is nonrepeating within a certain time period ISO/IEC 11770-1:1996 3.12 time stamp time variant parameter which denotes a point in time with respe

42、ct to a common time reference ISO/IEC 11770-1:1996 3.13 time-stamp renewal process of issuing a new time-stamp token to extend the validity period of an earlier time-stamp token 3.14 time-stamp requester entity which possesses data it wants to be time-stamped NOTE A requester can also be a trusted t

43、hird party including a time-stamping authority. 3.15 time-stamp token TST data structure containing a verifiable binding between a data items representation and a time-value NOTE A time-stamp token can also include additional data items in the binding. 3.16 time-stamp verifier entity which possesses

44、 data and wants to verify that it has a valid time stamp bound to it NOTE The verification process can be performed by the verifier itself or by a trusted third party. 3.17 time-stamping authority TSA trusted third party trusted to provide a time-stamping service 3.18 time-stamping service TSS servi

45、ce providing evidence that a data item existed before a certain point in time 3.19 time variant parameter data item used by an entity to verify that a message is not a replay, such as a random number, a sequence number, or a time stamp ISO/IEC 11770-1:1996 SANS 18014-1:2009This s tandard may only be

46、 used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 18014-1:2008(E) 4 ISO/IEC 2008 All rights reserved3.20 trusted third party TTP security authority, or its agent, trusted by other entities with respect to security-related activities ISO/IEC 11770-3:1999 3.21 tim

47、e referencing scheme concepts for describing temporal characteristics of geographic information, about the use of an atomic clock, the clock of the GPS signal, etc. NOTE See ISO 19108:2002. 3.22 time-signal emission standard time signals are emitted with reference to UTC according to standard scheme

48、s ITU-R TF.460-6 3.23 time-stamping policy set of rules that indicates the applicability of a time-stamp token to a particular community and/or class of application with common security requirements 4 Symbols and abbreviated terms TS (x1, x2, , xn) generation of time-stamp token for the data x1, x2,

49、 , xnD data to be time-stamped other info information used to generate the time-stamp token, and which equals “TSTInfo” less the hash value of the data to be time-stamped T0,T1,Tn,the point in time to be time-stamped t0, t1, t2, tn, the point in time to be time-stamped S the point in time at which the end entitys digital signature is generated 5 General 5.1 Background and Summary The use of digital data that may be provided on