1、 g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g44g55g55g40g39g3g37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58ICS 43.020Road vehicles Security certificate managementBRITISH STANDARDBS ISO 20828:2006BS ISO 2082
2、8:2006This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 July 2006 BSI 2006ISBN 0 580 48910 8Cross-referencesThe British Standards which implement international publications referred to in this document may be found in the BSI Catalogue under
3、 the section entitled “International Standards Correspondence Index”, or by using the “Search” facility of the BSI Electronic Catalogue or of British Standards Online.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct applic
4、ation. Compliance with a British Standard does not of itself confer immunity from legal obligations.Summary of pagesThis document comprises a front cover, an inside front cover, the ISO title page, pages ii to vii, pages 1 to 38, an inside back cover and a back cover.The BSI copyright notice display
5、ed in this document indicates when the document was last issued.Amendments issued since publicationAmd. No. Date CommentsA list of organizations represented on this committee can be obtained on request to its secretary. present to the responsible international/European committee any enquiries on the
6、 interpretation, or proposals for change, and keep UK interests informed; monitor related international and European developments and promulgate them in the UK.National forewordThis British Standard reproduces verbatim ISO 20828:2006 and implements it as the UK national standard. The UK participatio
7、n in its preparation was entrusted to Technical Committee AUE/16, Electrical and electronic equipment, which has the responsibility to: aid enquirers to understand the text;Reference numberISO 20828:2006(E)INTERNATIONAL STANDARD ISO20828First edition2006-07-01Road vehicles Security certificate manag
8、ement Vhicules routiers Gestion des certificats de scurit BS ISO 20828:2006ii iiiContents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references . 1 3 Terms and definitions. 2 4 Symbols and abbreviated terms . 3 5 Certificate Management Principles. 4 5.1 Establishment of trust 4 5.2 Cert
9、ificates 7 5.3 Certification authorities 8 5.4 Certificate validity. 10 5.5 Certificate policies 12 5.6 Certificate Paths 17 6 Certificate structure 21 7 Certificate components and extensions.22 7.1 General. 22 7.2 Certificate version. 22 7.3 Certificate serial number 22 7.4 Certificate signature al
10、gorithm identifier . 22 7.5 Certificate issuer. 22 7.6 Certificate validity. 23 7.7 Certificate subject. 23 7.8 Certificate subject public key 23 7.9 Certificate issuer unique identifier 23 7.10 Certificate subject unique identifier 24 7.11 CA key identifier extension 24 7.12 Certificate subject key
11、 identifier extension . 24 7.13 Extended key usage extension . 24 7.14 Certificate policies extension 24 7.15 Vehicle identification number extension 26 7.16 Path information extension . 26 Annex A (normative) Security Certificate Management ASN.1 module definition 28 Annex B (informative) Certifica
12、te examples 31 BS ISO 20828:2006iv Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body in
13、terested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechni
14、cal Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the
15、 technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.
16、 ISO shall not be held responsible for identifying any or all such patent rights. ISO 20828 was prepared by Technical Committee ISO/TC 22, Road vehicles, Subcommittee SC 3, Electrical and electronic equipment. BS ISO 20828:2006vIntroduction Often data transmitted within road vehicles, between road v
17、ehicles or from and to road vehicles have to be protected to guarantee their confidentiality and integrity. Cryptography provides excellent means for this kind of protection. Depending on the protection requirements, different schemes may be used. In some situations it is sufficient to lock a data l
18、ink involving a specific device, and to unlock it only if a second device has sent the correct key in response to an arbitrary seed. The corresponding security access service is specified in various International Standards and is widely used today. ISO 15764 defines an extended security scheme. It d
19、oes not just restrict the access to data, but protects the data when transmitted over the data link. Protection is provided against masquerade, replay, eavesdropping, manipulation and repudiation. Before starting the secured data transmission, the data link must be established as a secured link. ISO
20、 15764 provides two methods for this: a) Both devices participating in the data transmission have a pre-established secret cryptographic key. This key is used to establish the secured link and excludes all third parties not having access to it from participating in the secured link. This method is b
21、ased on symmetric keys and is applicable to devices with a limited processing power and memory. b) The secured link may be established between arbitrary devices, if these devices have a private key and a security certificate for the corresponding public key. This method involves asymmetric cryptogra
22、phy requiring a higher amount of processing power and memory at the devices. Public keys are cryptographic keys that are publicly available and are linked to a private key, which is kept secret by the device owning it. There are two ways of using a public/private key pair: a) The device owning the p
23、rivate key may add an electronic signature to data it sends out. This signature is specific for the data sent out and may only be generated with the private key. Both a different data string to be signed and a different private key would lead to a different signature. Any other device possessing the
24、 corresponding public key is able to verify the signature and therefore to confirm that the data string originates from the device owning the private key and has not been altered after being sent out. b) Any device possessing the public key may use it to encrypt data before sending it to the device
25、owning the private key. As the data can only be decrypted with the aid of the private key, no other device is able to correctly interpret the data sent out. But how does the user of the public key know that it uses the correct one? A malicious third party could send its own public key, pretending it
26、 is from a trusted device, and could hope to get access to the secured data transmissions. For each domain of secured data transmissions, there must be an authority (or several of them) deciding which devices can be trusted. This is called Certification Authority. For the trusted devices, it issues
27、security certificates, confirming that the public key is from that device (meaning that the device owns the corresponding private key). The electronic signature of the Certification Authority is attached to the certificate, rendering it unforgeable. As part of the procedure to set up a secured link,
28、 the devices involved verify the certificates of each other. With the second method specified in ISO 15764, a secured link can be established between devices using the public key of the Certification Authority of each other. But in many cases there are different security domains with different autho
29、rities responsible to establish trusted devices, and secured links must be established between devices of different domains, not knowing the public keys of the Certification Authorities of the other domain. This International Standard specifies how trust between devices from different security domai
30、ns is established based on security certificates. In this sense it extends the application range of ISO 15764. BS ISO 20828:2006vi Key 1 security domain 1 2 security domain 2 3 security domain 3 internal secured links covered by ISO 15764 external secured links covered by ISO 20828Figure 1 How ISO 2
31、0828 extends the application range of ISO 15764 The focus of this International Standard is on the management of certificates. Various security domains based on certificates have already been defined in various contexts. The task of a security certificate management for road vehicles is to give a fr
32、amework in which such security domains can interact in the sense that secured links can be established from one domain to the other. For instance, there may be specific security domains for different car manufacturers, for public authorities in charge of tachographs or other legislated vehicle compo
33、nents, for telematics service providers, authorized dealers and workshops, emergency task forces and fleet operators. The framework should cover all of them. When defining this security framework, the following specific requirements of the road vehicle environment have been considered: There should
34、be no need for an overall infrastructure to be shared by all security systems. For instance, it cant be expected that shared databases are installed to which the devices involved have access. It should be possible to easily integrate existing security systems in the various domains without major mod
35、ifications. The additional security framework should not affect the security of each domain. Devices with different security levels are considered. Breaking the security of a device with little protection should not affect the security of other devices. BS ISO 20828:2006vii It should be possible to
36、use the framework even for devices with limited resources. This means that the provisions requested from the framework should be easy to handle. The special situation of mobile devices with limited and non-permanent access to communication facilities are considered. BS ISO 20828:2006blank1Road vehic
37、les Security certificate management 1 Scope This International Standard establishes a uniform practice for the issuing and management of security certificates for use in Public Key Infrastructure applications. Assuming that all entities, intending to set up a secure data exchange to other entities b
38、ased on private and public keys, are able to provide their own certificate, the certificate management scheme guarantees that the entities will get all additional information needed to establish trust to other entities, from a single source in a simple and unified format. The certificate management
39、is flexible with respect to the relations between Certification Authorities, not requesting any hierarchical structure. It does not prescribe centralized directories or the like, being accessible by all entities involved. With these properties, the management scheme is optimized for applications in
40、the automotive domain. This International Standard details the role and responsibilities of the Certification Authority relating to certificate issuing and distribution. It specifies how to handle certificate validity and certificate policies. This is the prerequisite for each entity to make sure it
41、 can actually trust another entity when intending to exchange data of a specific kind with it. This International Standard prescribes a Certificate format, which is a special implementation of the well-known X.509 certificate according to ISO/IEC 9594-8. It specifies the structure and use of every c
42、ertificate component such that it complies with the certificate management established. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition o
43、f the referenced document (including any amendments) applies. ISO 3779, Road vehicles Vehicle identification number (VIN) Content and structure ISO 3780, Road vehicles World manufacturer identifier (WMI) code ISO/IEC 8824-1, Information technology Abstract Syntax Notation One (ASN.1) Part 1: Specifi
44、cation of basic notation ISO/IEC 8824-2, Information technology Abstract Syntax Notation One (ASN.1) Part 2: Information object specification ISO/IEC 8824-3, Information technology Abstract Syntax Notation One (ASN.1) Part 3: Constraint specification ISO/IEC 9594-2, Information technology Open Syste
45、ms Interconnection Part 2:The Directory: Models ISO/IEC 9594-8, Information technology Open Systems Interconnection Part 8: The Directory: Public-key and attribute certificate frameworks ISO/IEC 15408-3, Information technology Security techniques Evaluation criteria for IT security Part 3: Security
46、assurance requirements BS ISO 20828:20062 ISO 15764, Road vehicles Extended data link security IETF RFC 3279, Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, R. Housley, W. Polk, W. Ford, D. Solo, April 2002 IETF
47、RFC 3280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, W. Polk, R. Housley, L. Bassham, April 2002 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/IEC 9594-8, in ISO 15764 and the following apply
48、. 3.1 certificate public-key certificate as defined in ISO/IEC 9594-8, including further information as specified in this International Standard 3.2 certificate validity assignment of one of the two states “valid” or “invalid” to a certificate by its issuer, which only guarantees that the certificat
49、e can be used to establish trust between end entities if it is valid 3.3 Certification Authority List CAL list maintained by a CA for one of its public keys, the corresponding private key being used to sign certificates, containing information on other CA having issued CA-certificates with this public key being the public key of the subject, and information on these CA-certificates 3.4 certification path ordered sequence of different CAs, together with their public keys and CA-certificates issue