ImageVerifierCode 换一换
格式:PDF , 页数:24 ,大小:1.14MB ,
资源ID:684094      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-684094.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(DIN ISO 14533-1-2015 Processes data elements and documents in commerce industry and administration - Long term signature profiles - Part 1 Long term signature profiles for CMS Adva.pdf)为本站会员(appealoxygen216)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

DIN ISO 14533-1-2015 Processes data elements and documents in commerce industry and administration - Long term signature profiles - Part 1 Long term signature profiles for CMS Adva.pdf

1、May 2015Translation by DIN-Sprachendienst.English price group 12No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).ICS 35.

2、240.60!%Ba“2316293www.din.deDDIN ISO 14533-1Processes, data elements and documents in commerce, industry andadministration Long term signature profiles Part 1: Long term signature profiles for CMS Advanced ElectronicSignatures (CAdES) (ISO 14533-1:2014),English translation of DIN ISO 14533-1:2015-05

3、Prozesse, Datenelemente und Dokumente in Handel, Industrie und Verwaltung Langzeit-Signaturprofile Teil 1: Langzeit-Signaturprofile fr CMS-erweiterte elektronische Signaturen (CAdES)(ISO 14533-1:2014),Englische bersetzung von DIN ISO 14533-1:2015-05Processus, lments dinformations et documents dans l

4、e commerce, lindustrie etladministration Profils de signature long terme Partie 1: Profils de signature long terme pour les signatures lectroniques avancesCMS (CAdES) (ISO 14533-1:2014),Traduction anglaise de DIN ISO 14533-1:2015-05www.beuth.deIn case of doubt, the German-language original shall be

5、considered authoritative.Document comprises 24 pages04.15 A comma is used as the decimal marker. Contents Page National foreword .3 Introduction .5 1 Scope .6 2 Normative references .6 3 Terms and definitions 6 4 Symbols .9 5 Requirements 9 6 Long term signature profiles .9 6.1 Defined profiles 9 6.

6、2 Representation of the required level . 10 6.3 Standard for setting the required level 10 6.4 Action to take when an optional element is not implemented . 11 6.5 CAdES-T profile 11 6.6 CAdES-A profile . 13 6.7 Timestamp validation data 15 Annex A (normative) Suppliers declaration of conformity and

7、its attachment . 17 Annex B (normative) Structure of timestamp token 22 Bibliography . 24 2DIN ISO 14533-1:2015-05National foreword The text of this document (ISO 14533-1:2014) has been prepared by Technical Committee ISO/TC 154 “Processes, data elements and documents in commerce, industry and admin

8、istration”. The responsible German body involved in its preparation was the DIN-Normenausschuss Informationstechnik und Anwendungen (DIN Standards Committee Information Technology and selected IT Applications), Working Committee NA 043-03-03 AA Elektronisches Geschftswesen. The text of ISO 14533-1 h

9、as been adopted without any modification. To avoid any falsification of the elements and/or attributes specified for the signature profiles, their names have been left in English, even in the German translation. Furthermore, the target group of IT specialists normally has sufficient knowledge of Eng

10、lish. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. DIN shall not be held responsible for identifying any or all such patent rights. DIN ISO 14533 consists of the following parts, under the general title Processes, data elements

11、 and docu-ments in commerce, industry and administration Long term signature profiles: Part 1: Long term signature profiles for CMS Advanced Electronic Signatures (CAdES) Part 2: Long term signature profiles for XML Advanced Electronic Signatures (XAdES) The following part is under preparation: Part

12、 3: Long term signature profiles for PDF Advanced Electronic Signatures (PAdES) 3DIN ISO 14533-1:2015-05 This page is intentionally blank 4DIN ISO 14533-1:2015-05Processes, data elements and documents in commerce, industry and administration Long term signature profiles Part 1: Long term signature p

13、rofiles for CMS Advanced Electronic Signatures (CAdES) IntroductionThe purpose of this part of ISO 14533 is to ensure the interoperability of implementations with respect to long term signatures that make electronic signatures verifiable for a long term. Long term signature specifications referenced

14、 by each implementation cover CMS Advanced Electronic Signatures (CAdES) developed by the European Telecommunications Standards Institute (ETSI).5DIN ISO 14533-1:2015-051 ScopeThis part of ISO 14533 specifies the elements, among those defined in CMS Advanced Electronic Signatures (CAdES), that enabl

15、e verification of a digital signature over a long period of time.It does not give new technical specifications about the digital signature itself, nor new restrictions of usage of the technical specifications about the digital signatures which have already existed.NOTE CMS Advanced Electronic Signat

16、ures (CAdES) is the extended specification of Cryptographic message syntax (CMS), used widely.2 Normative referencesThe following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applie

17、s. For undated references, the latest edition of the referenced document (including any amendments) applies.ETSI/TS 101 733 v2.2.1 (2013-04), Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES)1)3 Terms and definitionsFor the purposes of this document, the fol

18、lowing terms and definitions apply.3.1long term signaturesignature that is made verifiable for a long term by implementing measures to enable the detection of illegal alterations of signature information, including the identification of signing time, the subject of said signature, and validation dat

19、a3.2profilerule used to ensure interoperability, related to the optional elements of referenced specifications, the range of values, etc.3.3required levellevel of requirement for implementing each element constituting a profile1) Available from http:/pda.etsi.org/pda/queryform.asp6DIN ISO 14533-1:20

20、15-053.4cryptographic message syntaxCMSsyntax pertaining to the signature, digest, authentication, and encryption of a given messageNote 1 to entry: Cryptographic message syntax is defined in IETF RFC 5652.3.5CMS advanced electronic signatureCAdESelectronic signature defined in ETSI/TS 101 733 for w

21、hich the signer can be identified and any illegal data alteration detected3.6CAdES with timeCAdES-TCMS advanced electronic signature defined in ETSI/TS 101 733 with information to ascertain signing timeEXAMPLE Signature timestamp.3.7archival CAdESCAdES-ACMS advanced electronic signature defined in E

22、TSI/TS 101 733 with information that enables the detection of any illegal alterations of information pertaining to the signature, including the subject of the signature and validation dataEXAMPLE Archive timestamp.3.8content informationdata structure that defines the content in CMS3.9signed datadata

23、 structure that defines the signed data in CMS or related data3.10signerinfodata structure that defines the signature information for each signer or related data3.11signed attributesignature information that is the subject of a signature3.12unsigned attributesignature information that is not the sub

24、ject of a signatureNote 1 to entry: The signature timestamp and archive timestamp are unsigned attributes.3.13validation datacertificate and revocation information used to validate a signature and timestamp3.14timestamping authorityTSAtrusted third party commissioned to provide proof that certain da

25、ta existed prior to a certain point in time7DIN ISO 14533-1:2015-053.15timestamp tokenTSTdata object that binds a representation of a datum to a particular time, thus establishing evidence that the datum existed before that time3.16signature timestamptimestamp affixed to a signature value in order t

26、o identify the time when the signature existed3.17archive timestamptimestamp affixed to information pertaining to a signature, including the subject of the signature and validation data, in order to enable the detection of any illegal alteration3.18trust anchororigin of trust provided in the form of

27、 a public key certificate or public key used by the validator to validate an electronic signature, and generally a public key certificate issued by a trusted root certification authority3.19trusted third partyTTPsecurity authority or its agent entrusted by another entity in connection with activitie

28、s related to security3.20certification authorityCAcentre that is entrusted with the development and assignment of public key certificatesNote 1 to entry: Certification authorities can, at their discretion, develop and assign keys to entities.3.21certificateinformation on the publicly disclosed key a

29、s a part of an asymmetric key pair for an entity, signed by a certification authority to prevent forgery3.22attribute certificatecertificate containing the job, qualification, position, and other attributes and attribute values3.23revocation informationinformation issued by a certification authority

30、 with respect to a certificate revocated within the effective periodNote 1 to entry: This information can be collated to determine whether the certificate is still in force.3.24enhanced security serviceESSoptional enhanced service related to a signature including, but not limited to, information ide

31、ntifying SigningCertificate and information showing the type of signature8DIN ISO 14533-1:2015-054 SymbolsThe following symbols are used for the “required level”. C: Conditional M: Mandatory O: Optional P: Prohibited (creation or modification)5 Requirements5.1 The generation or validation of CAdES-T

32、 data conforms to this part of ISO 14533 provided that the following requirements are met:a) all processing of elements whose required level is “Mandatory” in the CAdES-T profile, as specified in this part of ISO 14533, shall be included;b) detailed specifications pertaining to the processing of any

33、 element whose required level is “Conditional” in the CAdES-T profile, as specified in this part of ISO 14533, shall be provided.5.2 The generation or validation of CAdES-A data conforms to this part of ISO 14533 provided that the following requirements are met:a) all processing of elements whose re

34、quired level is “Mandatory” in the CAdES-A profile, as specified in this part of ISO 14533, shall be included;b) detailed specifications pertaining to the processing of any element whose required level is “Conditional” in the CAdES-A profile, as specified in this part of ISO 14533, shall be provided

35、.5.3 If first-party conformity assessment is used, the implementer shall make a declaration of conformity to this part of ISO 14533 by disclosing the suppliers declaration of compliance and its attachment (see Annex A) containing a description of implementation status (and the specifications for any

36、 elements “Conditional”).NOTE Figure 1 shows the positioning of the generation and validation of CAdES-T data and CAdES-A data.6 Long term signature profiles6.1 Defined profilesIn order to make electronic signatures verifiable for a long term, signing time shall be identifiable, any illegal alterati

37、ons of information pertaining to signatures, including the subject of information and validation data, shall be detectable, and interoperability ensured. To meet these requirements, this part of ISO 14533 defines the following two profiles with respect to CAdES:a) CAdES-T profile: a profile pertaini

38、ng to the generation and validation of CAdES-T data;b) CAdES-A profile: a profile pertaining to the generation and validation of CAdES-A data.Figure 1 shows the relation between CAdES-T data and CAdES-A data.9DIN ISO 14533-1:2015-05Figure 1 Relation between CAdES-T data and CAdES-A data6.2 Represent

39、ation of the required levelThis part of ISO 14533 defines the following representation methods for the required level (as a profile) of each element constituting CAdES-T data and CAdES-A data.a) Mandatory (M): Elements whose required level is “Mandatory” shall be implemented without fail. If such an

40、 element has optional subelements, at least one subelement shall be selected. Any element whose required level is “Mandatory” and is one of the subelements of an optional element shall be selected whenever the optional element is selected.b) Optional (O): Elements whose required level is “Optional”

41、may be implemented at the discretion of the implementer.c) Conditional (C): Elements whose required level is “Conditional” may be implemented at the discretion of the implementer, provided that detailed specifications for the processing thereof are provided separately.d) Prohibited (P): Elements who

42、se required level is Prohibited shall not be created or modified, may be read.6.3 Standard for setting the required levelThe required level of each element constituting CAdES-T data and CAdES-A data shall be set in accordance with the following requirements.a) The required level shall be “Mandatory”

43、 for elements whose required level is “Mandatory” in the definition of CAdES, and those necessary for the generation and validation of long term signatures. The elements whose required level is “Optional” in the definition of CAdES are defined as “Mandatory”, “Optional” or “Conditional”.b) The requi

44、red level shall be “Conditional” for externally defined elements.EXAMPLE 1 OtherCertificateFormat.c) The required level shall be “Conditional” for elements intended to interact with a certain application.EXAMPLE 2 ContentReference.d) The required level shall be “Conditional” for elements with an ope

45、ration-dependent factor.EXAMPLE 3 Attribute certificate; time mark.NOTE The archiving-type timestamp defined in ISO/IEC 18014-2 is included in “Time mark or other method.”10DIN ISO 14533-1:2015-05e) The required level shall be “optional” for elements only containing reference information.6.4 Action

46、to take when an optional element is not implementedThe following action shall be taken when the CAdES data used in a validation transaction contains an unimplemented element.a) When the required level of an upper-level element is mandatory and one or more subordinate optional elements shall be selec

47、ted, or one or more relevant optional elements shall be selected, the validator shall be cautioned that validation requires implementation of said element(s); otherwise, validation cannot be performed.EXAMPLE In a validation transaction, a BasicOCSPResponse element is detected where only the process

48、ing of CertificateList elements, among all other optional elements in RevocationValues, is implemented.b) When CounterSignature is an unimplemented element, the validator shall be cautioned that validation requires implementation of said element; otherwise, validation cannot be performed.c) Optional

49、 elements other than those specified above may be ignored for implementation.6.5 CAdES-T profile6.5.1 GeneralThe required levels of constituent elements of CAdES-T data are specified in 6.5.2 to 6.5.4.If a certification authority (CA) or other trusted service is trusted to maintain and keep certificates for the signature validation accessible for an appropriate period of time and parties relying on the signature validity know the location where the certificates are a

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1