1、 Reference numberISO/IEC 18014-2:2002(E)ISO/IEC 2002INTERNATIONAL STANDARD ISO/IEC18014-2First edition2002-12-15Information technology Security techniques Time-stamping services Part 2: Mechanisms producing independent tokens Technologies de linformation Techniques de scurit Services dhorodatage Par
2、tie 2: Mcanismes produisant des jetons indpendants Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard.Date of ANSI Approval: 7/7/2003Published by American National Standards Institute,25 West 43rd Street, New York, New York 10036Copyrigh
3、t 2003 by Information Technology Industry Council (ITI).All rights reserved.These materials are subject to copyright claims of International Standardization Organization (ISO), InternationalElectrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology In
4、dustry Council(ITI). Not for resale. No part of this publication may be reproduced in any form, including an electronic retrieval system, withoutthe prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW,Washington, DC 20005.Printed i
5、n the United States of AmericaCopyright American National Standards Institute Provided by IHS under license with ANSINot for ResaleNo reproduction or networking permitted without license from IHS-,-,-ISO/IEC 18014-2:2002(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance w
6、ith Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing
7、 policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Ev
8、ery care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 2002 All rights reserved. Unless otherwise specified, no part of this publ
9、ication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Gene
10、va 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2002 All rights reservedCopyright American National Standards Institute Provided by IHS under license with ANSINot for ResaleNo reproduction or networking permitted without
11、license from IHS-,-,-ISO/IEC 18014-2:2002(E) ISO/IEC 2002 All rights reserved iiiContentsForeword.ivIntroduction .v1 Scope.12 Normative References .13 Terms and Definitions .24 General Discussion35 Entities of the Time-Stamping Process .46 Message Formats.46.1 Object Identifiers66.2 Extension fields
12、66.2.1 ExtHash extension.66.2.2 ExtMethod extension.66.2.3 ExtRenewal extension .77 Time-stamps using digital signatures .77.1 TSA response .87.2 Token verification 98 Time-stamps using message authentication codes.108.1 TSA response .108.2 MAC generation128.3 MAC verification.128.4 Token verificati
13、on 129 Time-stamps using archiving .139.1 TSA response .139.2 Token verification 13Annex A (normative) ASN.1 Module for time-stamping.15Annex B (informative) Data Structures25Bibliography 28Copyright American National Standards Institute Provided by IHS under license with ANSINot for ResaleNo reprod
14、uction or networking permitted without license from IHS-,-,-ISO/IEC 18014-2:2002(E) iv ISO/IEC 2002 All rights reservedForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)form the specialized system for worldwide standardization. Na
15、tional bodies that are members of ISO or IECparticipate in the development of International Standards through technical committees established by therespective organization to deal with particular fields of technical activity. ISO and IEC technical committeescollaborate in fields of mutual interest.
16、 Other international organizations, governmental and non-governmental, inliaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC haveestablished a joint technical committee, ISO/IEC JTC 1.International Standards are drafted in accordance with the rul
17、es given in the ISO/IEC Directives, Part 2.The main task of the joint technical committee is to prepare International Standards. Draft International Standardsadopted by the joint technical committee are circulated to national bodies for voting. Publication as an InternationalStandard requires approv
18、al by at least 75 % of the national bodies casting a vote.ISO/IEC 18014-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,Subcommittee SC 27, IT Security techniques.ISO/IEC 18014 consists of the following parts, under the general title Information technology Security
19、techniques Time-stamping services: Part 1: Framework Part 2: Mechanisms producing independent tokens Part 3: Mechanisms producing linked tokensFurther parts may follow.Copyright American National Standards Institute Provided by IHS under license with ANSINot for ResaleNo reproduction or networking p
20、ermitted without license from IHS-,-,-ISO/IEC 18014-2:2002(E) ISO/IEC 2002 All rights reserved vIntroductionThe International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) drawattention to the fact that it is claimed that compliance with this Internationa
21、l Standard may involve the use ofpatents.The ISO and IEC take no position concerning the evidence, validity and scope of this patent right.The holder of this patent right has assured the ISO and IEC that he is willing to negotiate licences underreasonable and non-discriminatory terms and conditions
22、with applicants throughout the world. In this respect, thestatement of the holder of this patent right is registered with the ISO and IEC. Information may be obtained from:ISO/IEC JTC 1/SC 27 Standing Document 8 (SD 8) “Patent Information“SD 8 is publicly available at: http:/www.din.de/ni/sc27Attent
23、ion is drawn to the possibility that some of the elements of this International Standard may be the subject ofpatent rights other than those identified above. ISO and IEC shall not be held responsible for identifying any or allsuch patent rights.Copyright American National Standards Institute Provid
24、ed by IHS under license with ANSINot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Copyright American National Standards Institute Provided by IHS under license with ANSINot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Information te
25、chnology Security techniques Time-stampingservices Part 2: Mechanisms producing independent tokens1 ScopeA time-stamping service provides evidence that a data item existed before a certain point in time. Time-stampservices produce time-stamp tokens, which are data structures containing a verifiable
26、cryptographic bindingbetween a data items representation and a time-value. This part of ISO/IEC 18014 defines time-stampingmechanisms that produce independent tokens, which can be verified one by one.2 Normative ReferencesISO 7498-2: 1989, Information processing systems Open Systems Interconnection
27、Basic Reference Model Part 2: Security ArchitectureISO/IEC 8824-1: 1998 | ITU-T Recommendation X.680 (1997), Information technology Abstract SyntaxNotation One (ASN.1): Specification of basic notationISO/IEC 8824-2: 1998 | ITU-T Recommendation X.681 (1997), Information technology Abstract SyntaxNota
28、tion One (ASN.1): Information object specificationISO/IEC 8824-3: 1998 | ITU-T Recommendation X.682 (1997), Information technology Abstract SyntaxNotation One (ASN.1): Constraint specificationISO/IEC 8824-4: 1998 | ITU-T Recommendation X.683 (1997), Information technology Abstract SyntaxNotation One
29、 (ASN.1): Parameterisation of ASN.1 specificationsISO/IEC 8825-1: 1998 | ITU-T Recommendation X.690 (1997), Information technology ASN.1 EncodingRules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished EncodingRules (DER)ISO/IEC 9594-8: 2001 | ITU-T Recomm
30、endation X.509 (2000), Information technology Open SystemsInterconnection The Directory: Public key and attribute certificate frameworksISO/IEC TR 14516: 2002 | ITU-T Recommendation X.842 (2000), Information technology Guidelines forthe use and management of Trusted Third Party servicesISO/IEC 9798-
31、1: 1997, Information technology Security techniques Entity authentication Part 1: GeneralISO/IEC 10181-2: 1996, Information technology Open Systems Interconnection Security frameworks for opensystems: Authentication frameworkISO/IEC 11770-1: 1996, Information technology Security techniques Key manag
32、ement Part 1: FrameworkISO/IEC 11770-3: 1999, Information technology Security techniques Key management Part 3: Mechanismsusing asymmetric techniquesISO/IEC 13888-1: 1997, Information technology Security techniques Non-repudiation Part 1: GeneralISO/IEC 14888 (all parts), Information technology Secu
33、rity techniques Digital signatures with appendix ISO/IEC 2002 All rights reserved 1The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (i
34、ncluding any amendments) applies. INTERNATIONAL STANDARD ISO/IEC 18014-2:2002(E)Copyright American National Standards Institute Provided by IHS under license with ANSINot for ResaleNo reproduction or networking permitted without license from IHS-,-,-ISO/IEC 18014-1: 2002, Information technology Secu
35、rity techniques Time-stamping services Part 1:Framework3 Terms and DefinitionsThe following terms are used as defined in ISO/IEC 7498-2:Cryptography: the discipline that embodies principles, means, and methods for the transformation of data in orderto hide its information content, prevent its undete
36、cted modification and/or prevent its unauthorized use.Data integrity: the property that data has not been altered or destroyed in an unauthorized manner.Data origin authentication: the corroboration that the source of data received is as claimed.Digital signature: data appended to, or a cryptographi
37、c transformation (see cryptography) of, a data unit thatallows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g.by the recipient.The following term is used as defined in ISO/IEC 8825-1:Distinguished Encoding Rules (DER): encoding rules t
38、hat may be applied to values of types defined using theASN.1 notation. Application of these encoding rules produces a transfer syntax for such values. It is implicit that thesame rules are also to be used for decoding. The DER is more suitable if the encoded value is small enough to fitinto the avai
39、lable memory and there is a need to rapidly skip over some nested values.The following term is used as defined in ISO/IEC 9594-8:Certification path: an ordered sequence of certificates of objects in the DIT (directory information tree) which,together with the public key of the initial object in the
40、path, can be processed to obtain that of the final object in thepath.The following terms are used as defined in ISO/IEC 9798-1:Asymmetric key pair: a pair of related keys where the private key defines the private transformation and thepublic key defines the public transformation.Asymmetric signature
41、 system: a system based on asymmetric techniques whose private transformation is usedfor signing and whose public transformation is used for verification.The following term is used as defined in ISO/IEC 10181-2:Authentication: the provision of assurance of the claimed identity of an entity.The follo
42、wing term is used as defined in ISO/IEC 11770-1:Certification authority (CA): a centre trusted to create and assign public key certificates. Optionally, thecertification authority may create and assign keys to the entities.The following terms are used as defined in ISO/IEC 13888-1:Message Authentica
43、tion Code (MAC): a data item derived from a message using symmetric cryptographictechniques and a secret key. It is used to check the integrity and origin of a message by any entity holding thesecret key.Private key: that key of an entitys asymmetric key pair that is usable only by that entity. In t
44、he case of anasymmetric signature system, the private key and the associated algorithms define the signature transformation.ISO/IEC 18014-2:2002(E) 2 ISO/IEC 2002 All rights reservedCopyright American National Standards Institute Provided by IHS under license with ANSINot for ResaleNo reproduction o
45、r networking permitted without license from IHS-,-,-Public key: the key of an entitys asymmetric key pair that can be made public. In the case of an asymmetricsignature system, the public key and the associated algorithms define the verification transformation.Public key certificate: a security cert
46、ificate which binds unforgeably the public key of an entity to the entitysdistinguishing identifier, and which indicates the validity of the corresponding private key.The following term is used as defined in ISO/IEC 14888-2:Trusted third party: a security authority, or its agent, trusted by other en
47、tities with respect to security relatedactivities.The following terms are used as defined in ISO/IEC 18014-1:Time-stamping authority (TSA): a trusted third party trusted to provide a time-stamping service.Time-stamping service (TSS): a service providing evidence that a data item existed before a cer
48、tain point in time.Time-stamp requester: an entity which possesses data it wants to be time-stamped.Time-stamp token: a data structure containing a verifiable cryptographic binding between a data itemsrepresentation and a time-value. A time-stamp token may also include additional data items in the b
49、inding.Time-stamp verifier: an entity which possesses data and wants to verify that it has a valid time-stamp bound to it.The verification process may be performed by the verifier itself or by a Trusted Third Party.4 General DiscussionISO/IEC 18014-1 presents a general framework for the provision of time
