BS ISO IEC 11586-3-1996 Information technology - Open systems interconnection - Generic upper layers security - Security exchange service element (SESE) protocol specification《信息技术.pdf

上传人:吴艺期 文档编号:588252 上传时间:2018-12-15 格式:PDF 页数:18 大小:468.68KB
下载 相关 举报
BS ISO IEC 11586-3-1996 Information technology - Open systems interconnection - Generic upper layers security - Security exchange service element (SESE) protocol specification《信息技术.pdf_第1页
第1页 / 共18页
BS ISO IEC 11586-3-1996 Information technology - Open systems interconnection - Generic upper layers security - Security exchange service element (SESE) protocol specification《信息技术.pdf_第2页
第2页 / 共18页
BS ISO IEC 11586-3-1996 Information technology - Open systems interconnection - Generic upper layers security - Security exchange service element (SESE) protocol specification《信息技术.pdf_第3页
第3页 / 共18页
BS ISO IEC 11586-3-1996 Information technology - Open systems interconnection - Generic upper layers security - Security exchange service element (SESE) protocol specification《信息技术.pdf_第4页
第4页 / 共18页
BS ISO IEC 11586-3-1996 Information technology - Open systems interconnection - Generic upper layers security - Security exchange service element (SESE) protocol specification《信息技术.pdf_第5页
第5页 / 共18页
亲,该文档总共18页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、BRITISH STANDARD BS ISO/IEC 11586-3:1996 Information technology Open Systems Interconnection Generic upper layers security: Security Exchange Service Element (SESE) protocol specification (ITU-T Rec. X.832 (1995) | ISO/IEC 11586-3:1996) ICS 35.100.70BS ISO/IEC 11586-3:1996 This British Standard, hav

2、ing been prepared under the direction of the DISC Board, was published under the authority of the Standards Board and comes into effect on 15 November 1996 BSI 11-1998 ISBN 0 580 26550 1 National foreword This British Standard reproduces verbatim ISO/IEC 11586-3:1996, and implements it as the UK nat

3、ional standard. The UK participation in its preparation was entrusted to Technical Committee IST/21, Open Systems Interconnection, Data Management and Open Distributed Processing, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/European

4、 committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee is available on request. Cross-references The Brit

5、ish Standards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or using the “Find” facility of the BSI Standards Electronic Catalogue. A British S

6、tandard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cov

7、er, an inside front cover, the ISO/IEC title page, pages ii to iv, pages 1 to 10, an inside back cover and aback cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on theinside front cover. Amendments iss

8、ued since publication Amd. No. Date CommentsBS ISO/IEC 11586-3:1996 ii BSI 11-1998 Contents Page Introduction 1 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations|International Standards 1 3 Definitions 2 4 Abbreviations 2 5 Overview of the protocol 2 5.1 Service provision 2 5.2 Use of

9、 underlying services 2 6 Elements of procedure 2 6.1 APDUs used 2 6.2 Transfer procedure 2 6.3 User-initiated abort procedure 2 6.4 Provider-initiated abort procedure 3 7 Structure and encoding of SESE APDUs 3 7.1 Generic APDU specification 3 7.2 Abstract syntax construction 6 8 Mapping to underlyin

10、g services 7 8.1 General 7 8.2 Mapping to ACSE services 7 9 Conformance 7 9.1 Statement Requirements 7 9.2 Static Requirements 7 9.3 Dynamic Requirements 7 Annex A SEPM state tables 8 A.1 General 8 A.2 Conventions 8 A.3 Tables 8 Annex B Basic SESE application context definition 10 B.1 Application Co

11、ntext Name 10 B.2 Application Service Elements 10 B.3 SESE APDU Mappings 10 B.4 PDV concatenation constraints 10 B.5 PDV embedding constraints 10 B.6 Procedural constraints 10 B.7 Presentation context constraints 10 Table 1 Incoming Event List 8 Table 2 Outgoing Event List 8 Table 3 Predicates 8 Tab

12、le 4 SEPM States 9 Table 5 SEPM State Table 9BS ISO/IEC 11586-3:1996 BSI 11-1998 iii Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members o

13、f ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organiza

14、tions, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee are circulated to

15、 national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 11586-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 21, Open systems int

16、erconnection, data management and open distributed processing, in collaboration with ITU-T. The identical text is published as ITU-T Recommendation X.832. ISO/IEC 11586 consists of the following parts, under the general title Information technology Open Systems Interconnection Generic upper layers s

17、ecurity: Part 1: Overview, models and notation; Part 2: Security Exchange Service Element (SESE) service definition; Part 3: Security Exchange Service Element (SESE) protocol specification; Part 4: Protecting transfer syntax specification; Part 5: Security Exchange Service Element Protocol Implement

18、ation Conformance Statement (PICS) proforma; Part 6: Protecting transfer syntax Protocol Implementation Conformance Statement (PICS) proforma. Annexes A and B form an integral part of this part of ISO/IEC 11586.iv blankBS ISO/IEC 11586-3:1996 BSI 11-1998 1 Introduction This Recommendation | Internat

19、ional Standard forms part of a series of Recommendations |International Standards, which provide(s) a set of facilities to aid the construction of Upper Layers protocols which support the provision of security services. The parts are as follows: Part 1: Overview, Models and Notation; Part 2: Securit

20、y Exchange Service Element Service Definition; Part 3: Security Exchange Service Element Protocol Specification; Part 4: Protecting Transfer Syntax Specification; Part 5: Security Exchange Service Element PICS Proforma; Part 6: Protecting Transfer Syntax PICS Proforma. This Recommendation |Internati

21、onal Standard constitutes Part 3 of this series. 1 Scope 1.1 This series of Recommendations | International Standards defines a set of generic facilities to assist in the provision of security services in application layer protocols. These include: a) a set of notational tools to support the specifi

22、cation of selective field protection requirements in an abstract syntax specification, and to support the specification of security exchanges and security transformations; b) a service definition, protocol specification and PICS proforma for an application-service-element (ASE) to support the provis

23、ion of security services within the Application Layer; c) a specification and PICS proforma for a security transfer syntax, associated with Presentation Layer support for security services in the Application Layer. 1.2 This Recommendation | International Standard defines the protocol provided by the

24、 Security Exchange Service Element (SESE). The SESE is an ASE which allows the communication of security information to support the provision of security services within the Application Layer. 2 Normative references The following Recommendations and International Standards contain provisions which,

25、through reference in this text, constitute provisions of this Recommendation| International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation| International Standa

26、rd are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of cu

27、rrently valid ITU-T Recommendations. 2.1 Identical Recommendations | International Standards ITU-T Recommendation X.207 (1993)| ISO/IEC 9545:1994, Information technology Open Systems Interconnection Application Layer structure. ITU-T Recommendation X.216 (1994)| ISO/IEC 8822:1994, Information techno

28、logy Open Systems Interconnection Presentation service definition. ITU-T Recommendation X.217 (1995) | ISO/IEC 8649:. 1) . Information technology Open Systems Interconnection Service definition for the Association Control Service Element. ITU-T Recommendation X.226 (1994) | ISO/IEC 8823-1:1994, Info

29、rmation technology Open Systems Interconnection Connection-oriented presentation protocol: Protocol specification. ITU-T Recommendation X.227 (1995)| ISO/IEC 8650-1:. 1) , Information technology Open Systems Interconnection Connection-oriented protocol for the Association Control Service Element: Pr

30、otocol specification. ITU-T Recommendation X.680 (1994)| ISO/IEC 8824-1:1995, Information technology Abstract Syntax Notation One (ASN.1):Specification of basic notation. ITU-T Recommendation X.681 (1994)| ISO/IEC 8824-2:1995, Information technology Abstract Syntax Notation One (ASN.1):Information o

31、bject specification. ITU-T Recommendation X.682 (1994)| ISO/IEC 8824-3:1995, Information technology Abstract Syntax Notation One (ASN.1):Constraint specification. 1) To be published.BS ISO/IEC 11586-3:1996 2 BSI 11-1998 ITU-T Recommendation X.683 (1994)| ISO/IEC 8824-4:1995, Information technology A

32、bstract Syntax Notation One (ASN.1):Parameterization of ASN.1 specifications. ITU-T Recommendation X.690 (1994)| ISO/IEC 8825-1:1995, Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). ITU-T

33、 Recommendation X.803 (1994)| ISO/IEC 10745:1995, Information technology Open Systems Interconnection Upper layers security model. 3 Definitions This Recommendation |International Standard makes use of the following terms defined in ITU-TRec. X.803 | ISO/IEC 10745: security exchange; security exchan

34、ge item. 4 Abbreviations 5 Overview of the protocol 5.1 Service provision The protocol defined in this Specification provides the services defined in ITU-T Rec. X.831 | ISO/IEC 11586-2. These services are as follows: 5.2 Use of underlying services This SESE protocol defines a set of APDUs, each of w

35、hich may potentially be mapped onto any Presentation Layer service which conveys user-data, or which may be embedded in or concatenated with any other application-PDU, according to the rules of the ASO-context or application-context in force. Clause 8 defines some useful mappings to the presentation

36、-service and ACSE. 6 Elements of procedure 6.1 APDUs used The SESE protocol specifies the following APDUs: 6.2 Transfer procedure This procedure is used by a requestor SEPM to initiate a security-exchange requiring the transfer of one or more security-exchange-items. This procedure is also used by e

37、ither requestor or responder SEPM to transfer further security-exchange-items started by the requestor SEPM. On receipt of a SE-TRANSFER request primitive, the SEPM retains the security exchange identifier, and generates a SE-TRANSFER APDU (SETR). On receipt of a SE-TRANSFER APDU (SETR), the SEPM re

38、tains the security exchange identifier, and issues a SE-TRANSFER indication primitive. If the security exchange belongs to the “Alternating” class, and the exchange does not follow the expected sequence, then the SEPM generates an SE-P-ABORT APDU (SEPA), and issues an SE-P-ABORT indication. 6.3 User

39、-initiated abort procedure This procedure is used for one SESE user to indicate to the peer SESE user and the SEPM that an error has occurred and that any security exchange in progress is to be abnormally terminated. Additionally, it may optionally cause the abnormal release of the ASO-association w

40、ith the possible loss of information in transit. It is initiated by an SE-U-ABORT request primitive. On receipt of an SE-U-ABORT request primitive, the SEPM generates an SE-ABORT APDU (SEAB). On receipt of an SE-ABORT APDU (SEAB), the SEPM issues an SE-U-ABORT indication primitive. ACSE Association

41、Control Service Element APDU application-protocol-data-unit ASE application-service-element ASO application-service-object OSI Open Systems Interconnection PICS Protocol Implementation Conformance Statement SEPM Security Exchange Protocol Machine SEI Security Exchange Item SESE Security Exchange Ser

42、vice Element SE-TRANSFER Non-confirmed SE-U-ABORT Non-confirmed SE-P-ABORT Provider-initiated SE-TRANSFER APDU (SETR) SE-U-ABORT APDU (SEAB) SE-P-ABORT APDU (SEPA)BS ISO/IEC 11586-3:1996 BSI 11-1998 3 6.4 Provider-initiated abort procedure This procedure is used for the SEPM to indicate to the SESE

43、users that an error has occurred and that any security exchange in progress is to be abnormally terminated. Additionally, it may optionally cause the abnormal release of the ASO-association with the possible loss of information in transit. On detection of an error, the SEPM issues an SE-P-ABORT indi

44、cation primitive and generates an SE-P-ABORT APDU (SEPA). If the severity of the error requires the ASO-association to be terminated, the SEPA APDU is mapped to the ASO-Association Abort service. On receiving an ASO-Association Abort indication with SEPA APDU, the SEPM issues an SE-P-ABORT indicatio

45、n with the fatality indicator set. An error condition causing a SE-P-ABORT to be generated has an associated problem code, which may be indicated to both ends. The problems so indicated are categorized as follows: a) general problem Not peculiar to any particular APDU type; b) transfer problem Probl

46、em resulting from receipt of a SE-TRANSFER APDU; c) abort problem Problem resulting from receipt of a SE-U-ABORT APDU. Particular error conditions, and the associated problem codes, are described in the following. 6.4.1 General problem Invalid APDU The structure and/or encoding of the APDU do not co

47、nform to either SETR, SEAB, or SEPA APDUs. 6.4.2 Transfer problem a) Duplicate invocation identifier The same invocation identifier is in use for another active security exchange invocation. b) Unrecognized security exchange The security exchange identified is not valid for this ASO-context. c) Mist

48、yped item The type of the SEI does not conform to that in the object class definition. d) Inappropriate invocation identifier The invocation identifier is not within the set specified for this ASO-context. e) Alternating sequence error The received SETR does not follow the sequence of the “Alternati

49、ng” class of security exchange. 6.4.3 Abort problem a) Unrecognized invocation identifier The invocation identifier does not identify an active or just-completed security exchange transfer. b) Abort unexpected The identified security exchange does not generate an abort for this security exchange item. c) Unrecognized error The identified security exchange does not generate this error. d) Unexpected error The identified secu

展开阅读全文
相关资源
  • BS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdfBS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdf
  • BS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdfBS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdf
  • BS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdfBS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdf
  • BS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdfBS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdf
  • BS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdfBS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdf
  • BS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdfBS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdf
  • BS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdfBS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdf
  • BS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdfBS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdf
  • BS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdfBS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdf
  • BS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdfBS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdf
  • 猜你喜欢
    相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > BS

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1