1、BS ISO/IEC 18014-1:2008 ICS 35.040, NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BRITISH STANDARD Information technology Security techniques Time- stamping services Part 1: FrameworkThis British Standard was published under the authority of the Standards Policy and Strategy
2、 Committee on 3 ember 2008 BSI 2008 ISBN 978 0 580 55483 4 Amendments/corrigenda issued since publication Date Comments BS ISO/IEC 18014-1:2008 National foreword This British Standard is the UK implementation of BS ISO/IEC 18014-1:2008. It supersedes BS ISO/IEC 18014-1:2002 and which is withdrawn. T
3、he UK participation in its preparation was entrusted to Technical Committee IST/33, IT - Security techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Us
4、ers are responsible for its correct application. Compliance with a British Standard cannot confer immunity from legal obligations. 1 DecBS ISO/IEC 18014-1:2008 BS ISO/IEC 18014-1:2008Reference number ISO/IEC 18014-1:2008(E) ISO/IEC 2008INTERNATIONAL STANDARD ISO/IEC 18014-1 Second edition 2008-09-01
5、 Information technology Security techniques Time-stamping services Part 1: Framework Technologies de linformation Techniques de scurit Services destampillage de temps Partie 1: Cadre gnral BS ISO/IEC 18014-1:2008 BS ISO/IEC 18014-1:2008 ISO/IEC 18014-1:2008(E) PDF disclaimer This PDF file may contai
6、n embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibili
7、ty of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation param
8、eters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2008 All
9、 rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country o
10、f the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2008 All rights reservedBS ISO/IEC 18014-1:2008 BS ISO/IEC 18014-1:2008 ISO/IEC 18014-1:2008(E) ISO/IEC 200
11、8 All rights reserved iii Contents Page Foreword iv Introduction v 1 Scope1 2 Normative references1 3 Terms and definitions .1 4 Symbols and abbreviated terms 4 5 General4 5.1 Background and Summary .4 5.2 Services involved in Time-stamping5 5.3 Entities of the Time-Stamping Process.5 5.4 Use of Tim
12、e-Stamps 5 5.5 Generation of a Time-Stamp Token .6 5.6 Verification of a Time-Stamp Token.6 5.7 Time-Stamp renewal6 6 Communications between entities involved.7 6.1 Time-Stamp Request Transaction7 6.2 Time-Stamp Verification Transaction8 7 Message Formats.8 7.1 Time-stamp request.9 7.2 Time-stamp re
13、sponse10 7.3 Time-stamp verification12 7.4 Extension fields .12 7.4.1 ExtHash extension.12 7.4.2 ExtMethod extension.13 7.4.3 ExtRenewal extension.13 Annex A (normative) ASN.1 Module for time-stamping 14 Annex B (normative) Excerpt of the Cryptographic Message Syntax .20 B.1 Introduction20 B.2 Gener
14、al Overview.20 B.3 General Syntax.20 B.4 Data Content Type .21 B.5 Signed-data Content Type 21 B.5.1 SignedData Type22 B.5.2 EncapsulatedContentInfo Type23 B.5.3 SignerInfo Type23 B.5.4 Message Digest Calculation Process 25 B.5.5 Signature Generation Process .25 B.5.6 Signature Verification Process.
15、25 B.6 Useful Attributes26 B.6.1 Content Type26 B.6.2 Message Digest26 B.6.3 Countersignature.27 Bibliography 28 BS ISO/IEC 18014-1:2008 BS ISO/IEC 18014-1:2008 ISO/IEC 18014-1:2008(E) iv ISO/IEC 2008 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the I
16、nternational Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particula
17、r fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have establish
18、ed a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical
19、committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC
20、 shall not be held responsible for identifying any or all such patent rights. ISO/IEC 18014-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. This second edition cancels and replaces the first edition (ISO/IEC 18014-1:2002)
21、, which has been technically revised. ISO/IEC 18014 consists of the following parts, under the general title Information technology Security techniques Time-stamping services: Part 1: Framework Part 2: Mechanisms producing independent tokens Part 3: Mechanisms producing linked tokens BS ISO/IEC 1801
22、4-1:2008 BS ISO/IEC 18014-1:2008 ISO/IEC 18014-1:2008(E) ISO/IEC 2008 All rights reserved v Introduction The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) draw attention to the fact that it is claimed that compliance with this International
23、Standard may involve the use of patents. ISO and IEC take no position concerning the evidence, validity and scope of these patent rights. The holders of these patent rights have assured ISO and IEC that they are willing to negotiate licences under reasonable and non-discriminatory terms and conditio
24、ns with applicants throughout the world. In this respect, the statements of the holders of these patent rights are registered with ISO and IEC. Information may be obtained from: ISO/IEC JTC 1/SC 27 Standing Document 8 (SD 8) “Patent Information“ SD 8 is publicly available at: http:/www.din.de/ni/sc2
25、7 Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of patent rights other than those identified above. ISO and IEC shall not be held responsible for identifying any or all such patent rights. BS ISO/IEC 18014-1:2008 BS ISO/IEC 18014-1:
26、2008BS ISO/IEC 18014-1:2008 BS ISO/IEC 18014-1:2008 INTERNATIONAL STANDARD ISO/IEC 18014-1:2008(E) ISO/IEC 2008 All rights reserved 1 Information technology Security techniques Time-stamping services Part 1: Framework 1 Scope This part of ISO/IEC 18014: identifies the objective of a time-stamping au
27、thority; describes a general model on which time-stamping services are based; defines time-stamping services; defines the basic protocols between the involved entities. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated referen
28、ces, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 8601, Data elements and interchange formats Information interchange Representation of dates and times ISO/IEC 10118 (all parts), Information technology S
29、ecurity techniques Hash-functions 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 certification authority CA centre trusted to create and assign public key certificates NOTE Optionally, the certification authority can create and assign keys t
30、o the entities. ISO/IEC 11770-1:1996 BS ISO/IEC 18014-1:2008 BS ISO/IEC 18014-1:2008 ISO/IEC 18014-1:2008(E) 2 ISO/IEC 2008 All rights reserved3.2 collision-resistant hash-function hash-function satisfying the following property: it is computationally infeasible to find any two distinct inputs which
31、 map to the same output NOTE Computational feasibility depends on the specific security requirements and environment. ISO/IEC 10118-1:2000 3.3 data items representation data item or some representation thereof such as a cryptographic hash value 3.4 digital signature data appended to, or a cryptograp
32、hic transformation of, a data unit that allows a recipient of the data unit to prove the origin and integrity of the data unit and protect the sender and the recipient of the data unit against forgery by third parties and sender against forgery by the recipient ISO/IEC 11770-3:1999 3.5 entity authen
33、tication corroboration that an entity is the one claimed ISO/IEC 9798-1:1997 3.6 hash-function function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties: it is computationally infeasible to find for a given output, an input which maps to this output
34、; it is computationally infeasible to find for a given input, a second input which maps to the same output NOTE Computational feasibility depends on the specific security requirements and environment. ISO/IEC 10118-1:2000 3.7 hash value string of bits which is the output of a hash-function NOTE Iden
35、tical to the definition of hash-code in ISO/IEC 10118-1:2000. 3.8 private key that key of an entitys asymmetric key pair which should only be used by that entity ISO/IEC 11770-1:1996 3.9 public key that key of an entitys asymmetric key pair which can be made public ISO/IEC 11770-1:1996 BS ISO/IEC 18
36、014-1:2008 BS ISO/IEC 18014-1:2008 ISO/IEC 18014-1:2008(E) ISO/IEC 2008 All rights reserved 3 3.10 public key certificate public key information of an entity signed by the certification authority and thereby rendered unforgeable ISO/IEC 11770-1:1996 3.11 sequence number time variant parameter whose
37、value is taken from a specified sequence which is nonrepeating within a certain time period ISO/IEC 11770-1:1996 3.12 time stamp time variant parameter which denotes a point in time with respect to a common time reference ISO/IEC 11770-1:1996 3.13 time-stamp renewal process of issuing a new time-sta
38、mp token to extend the validity period of an earlier time-stamp token 3.14 time-stamp requester entity which possesses data it wants to be time-stamped NOTE A requester can also be a trusted third party including a time-stamping authority. 3.15 time-stamp token TST data structure containing a verifi
39、able binding between a data items representation and a time-value NOTE A time-stamp token can also include additional data items in the binding. 3.16 time-stamp verifier entity which possesses data and wants to verify that it has a valid time stamp bound to it NOTE The verification process can be pe
40、rformed by the verifier itself or by a trusted third party. 3.17 time-stamping authority TSA trusted third party trusted to provide a time-stamping service 3.18 time-stamping service TSS service providing evidence that a data item existed before a certain point in time 3.19 time variant parameter da
41、ta item used by an entity to verify that a message is not a replay, such as a random number, a sequence number, or a time stamp ISO/IEC 11770-1:1996 BS ISO/IEC 18014-1:2008 BS ISO/IEC 18014-1:2008 ISO/IEC 18014-1:2008(E) 4 ISO/IEC 2008 All rights reserved3.20 trusted third party TTP security authori
42、ty, or its agent, trusted by other entities with respect to security-related activities ISO/IEC 11770-3:1999 3.21 time referencing scheme concepts for describing temporal characteristics of geographic information, about the use of an atomic clock, the clock of the GPS signal, etc. NOTE See ISO 19108
43、:2002. 3.22 time-signal emission standard time signals are emitted with reference to UTC according to standard schemes ITU-R TF.460-6 3.23 time-stamping policy set of rules that indicates the applicability of a time-stamp token to a particular community and/or class of application with common securi
44、ty requirements 4 Symbols and abbreviated terms TS (x 1 , x 2 , , x n ) generation of time-stamp token for the data x 1 , x 2 , , x nD data to be time-stamped other info information used to generate the time-stamp token, and which equals “TSTInfo” less the hash value of the data to be time-stamped T
45、 0,T 1,T n,the point in time to be time-stamped t 0, t 1 , t 2 , t n , the point in time to be time-stamped S the point in time at which the end entitys digital signature is generated 5 General 5.1 Background and Summary The use of digital data that may be provided on easily modifiable media raises
46、the issue of how to certify when this data was created or last changed. Digital time-stamping shall provide evidence of timeliness. Digital time- stamping shall fulfill the following requirements: A time variant parameter shall be bound to the data in a non-forgeable way to provide evidence that the
47、 data existed prior to a certain point in time. Data shall be provided in a way that it is not disclosed. BS ISO/IEC 18014-1:2008 BS ISO/IEC 18014-1:2008 ISO/IEC 18014-1:2008(E) ISO/IEC 2008 All rights reserved 5 The time-stamping methods specified in this international standard solve these requirem
48、ents by time-stamping the hash value of data, which allows for the control of integrity and nondisclosure. The data themselves are not exposed. The hash of the data will be bound to the current time value by the TSA. This binding demonstrates the integrity and authenticity of the time-stamp. A time-
49、stamp token providing these elements will be sent to the requester of the time-stamp. Time-stamp tokens may also include information relating to previously generated tokens. Here the datas representation and additional information from data time-stamped prior to that time-stamp request are input parameters to the time-stamping process. The TSA may in addition publish various data items relating to the time-stamping process, to provide evidence tha
