BS ISO IEC 15945-2002 Information technology - Security techniques - Specification of TTP services to support the application of digital signatures《信息技术 安全性技术 对数字签字进行支持的TTP服务业务的规范》.pdf

1、BRITISH STANDARD BS ISO/IEC 15945:2002 Information technology Security techniques Specification of TTP services to support the application of digital signatures ICS 35.040 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBS ISO/IEC 15945:2002 This British Standard, having been p

2、repared under the direction of the DISC Board, was published under the authority of the Standards Policy and Strategy Committee on 15 March 2002 BSI 15 March 2002 ISBN 0 580 39227 9 National foreword This British Standard reproduces verbatim ISO/IEC 15945:2002 and implements it as the UK national st

3、andard. The UK participation in its preparation was entrusted to Technical Committee IST/33, Security techniques, which has the responsibility to: A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement

4、 international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Find” facility of the BSI Standards Electronic Catalogue. A British Standard does not purport t

5、o include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. aid enquirers to understand the text; present to the responsible international

6、/European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. Summary of pages This document comprises a front cover, an inside front cover, the ISO/IEC titl

7、e page, pages ii to v, a blank page, pages 1 to 53 and a back cover. The BSI copyright date displayed in this document indicates when the document was last issued. Amendments issued since publication Amd. No. Date Comments Reference number ISO/IEC 15945:2002(E)INTERNATIONAL STANDARD ISO/IEC 15945 Fi

8、rst edition 2002-02-01 Information technology Security techniques Specification of TTP services to support the application of digital signatures Technologies de linformation Techniques de scurit Spcifications des services TTP pour supporter lapplication des signatures numriques ISO/IEC 15945:2002(E)

9、 lcsid FDParemi ihTs PDF file mac ytnoaie nmt deddebyfepca.se In ccaocnadrw eith Aebods licsneilop gnic,y this file mairp eb yntiv ro deewb detu slahl ton ide ebtlnu desse tt ehyfepacse whice era hml era deddebicsnede to i dnanstlaled t noeh comtupfrep reomrign tide ehti.gn In wodnlidaogn this file,

10、 trapies ccatpe tiereht nsnopser ehibility fo ton infriignA gnebods licnesilop gnic.y I ehTStneC Oarl Secrteiraat cacepts l oniibality in this .aera Ai ebods a tredamafo kr Aebod SystemI sncotaropr.de teDails fo ts ehoftwaorp ercudts ust deo crtaet ehis PDF file ceb na fi dnuon tlareneG eh Info lera

11、tit evo tf ehile; tP ehD-Fcrtaeiarap nomtesre were tpoimizf deoirp rnti.gn Evyre casah er t neebakt neo snet eruhat tf ehile is suitlbaf eosu rI yb eSO memidob rebse. In the lnuikletneve y ttah alborp emler ati gnto it is fnuo,dlp saee inform ttneC ehlar Secrteiraat at tsserdda ehig leb nevwo. ISO/I

12、E2002 C Athgir lls serevr.de selnUs towrehise specfi,dei trap on fo this ilbupctanoi may cudorper ebtu ro deziliyna ni de fomr yb ro nam y,snae lecetrinoc m roecinahcal, inclidutohp gnocpoiym dna gnicrfoilm, wittuoh repmissioi nn writif gnrom ietreh ISa Ot tserdda ehs lebwo I roSOs membre ydob in te

13、h ctnuoo yrf ttseuqer ehe.r ISO cirypothg fofice saCe tsopale 65 eneG 1121-HC02 av leT. 14 + 10 947 22 11 xaF 90 947 22 14 + 74 E-mail cirypothgiso.ch Web ww.wiso.ch Prnietdni wS ztierland ii ISO/IEC 15945:2002(E) iiiCONTENTS Page 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations | In

14、ternational Standards. 2 2.2 Additional references. 2 3 Definitions 3 4 Abbreviations 4 5 Descriptive classification of services 5 5.1 Certificate management services. 5 5.2 Key management services . 8 5.3 Other services 9 6 Minimal certificate and CRL profile. 10 6.1 Minimal certificate profile. 10

15、 6.2 Minimal CRL profile. 11 7 Certificate management messages 11 7.1 Overview of certificate management services and messages 12 7.2 Assumptions and restrictions for some of the services 15 8 Data structures for certificate management messages 19 8.1 Overall message 19 8.2 Common Data Structures 22

16、 8.3 Data structures specific for Certificate Request Messages of type CertReq 24 8.4 Data structures specific for other messages. 29 8.5 Transport protocols 32 8.6 Complete ASN.1 Module 32 9 Online Certificate Status Protocol 40 9.1 Protocol Overview. 40 9.2 Functional Requirements. 42 9.3 Detailed

17、 Protocol. 43 9.4 ASN.1 Module for OCSP 47 Annex A Interworking 50 Annex B Algorithms . 51 B.1 Hash Algorithms 51 B.2 Digital Signature Algorithms. 51 Annex C Bibliography 52 ISO/IEC 15945:2002(E) iv Foreword ISO (the International Organization for Standardization) and IEC (the International Electro

18、technical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technica

19、l activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical

20、 committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circul

21、ated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of patent rights. ISO and IEC shall

22、 not be held responsible for identifying any or all such patent rights. ISO/IEC 15945 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques, in collaboration with ITU-T. The identical text is published as ITU-T Rec. X.843. Annexes

23、 A to C of this International Standard are for information only. ISO/IEC 15945:2002(E) vIntroduction Today the development of information technology, as well as that of the worldwide communication infrastructure, opens the possibility to implement electronic commerce in economically relevant dimensi

24、ons. Digital signatures are an important technique to add security to these commercial applications and to other application fields with a need for legally effective electronic transactions. Digital signatures are suitable to assure the integrity of data and the authentication of participants in tra

25、nsactions. They can supply an analogue of the handwritten signature for digital orders, offers and contracts. The most important property of digital signatures in this context is that a person who signed a document cannot successfully deny this fact. This property is called “non-repudiation of creat

26、ion“ of a document. In several countries and in international contexts, legislation concerning digital signatures is being pushed forward with the aim to support the development of electronic commerce and other application fields with a need for legally effective electronic transactions. A number of

27、 standards exist that specify digital signatures, as well as their use for different purposes, like non-repudiation or authentication. A number of commercial applications, as well as TTPs offering services in connection with digital signatures, are implemented or planned. Interoperability of these T

28、TPs, among each other and with the commercial applications, is needed for an economically and legally effective worldwide use of digital signatures. The goal of this Recommendation | International Standard is to define the services required to support the application of digital signatures for non-re

29、pudiation of creation. Since the use of digital signature mechanisms for non-repudiation of creation of a document implies integrity of the document and authenticity of the creator, the services described in this Recommendation | International Standard can also be combined to implement integrity and

30、 authenticity services. This is done in a way to promote interoperability among TTPs as well as between TTPs and commercial applications. NOTE There is no inherent reason why every TTP planning to support the application of digital signatures should be required to offer all of these services. It is

31、possible that a number of TTPs offering different services cooperate in supporting the use of digital signatures. But, from the view of the potential commercial applications, the whole range of the services may be required and interoperability becomes even more important in this scenario. This is an additional justification to collect all these services together in one document.