1、 Reference numberISO/IEC 15945:2002(E)ISO/IEC 2002Information technology Security techniques Specification of TTP services to support the application of digital signatures Technologies de linformation Techniques de scurit Spcifications des services TTP pour supporter lapplication des signatures numr
2、iques National Standard of CanadaCAN/CSA-ISO/IEC 15945:04(ISO/IEC 15945:2002)International Standard ISO/IEC 15945:2002 (first edition, 2002-02-01) has been adopted without modification(IDT) as CSA Standard CAN/CSA-ISO/IEC 15945:04, which has been approved as a National Standard of Canadaby the Stand
3、ards Council of Canada.ISBN 1-55397-308-9 January 2004The Canadian Standards Association (CSA), The Standards Council of Canada is theunder whose auspices this National Standard has been coordinating body of the National Standards system, produced, was chartered in 1919 and accredited by a federatio
4、n of independent, autonomousthe Standards Council of Canada to the National organizations working towards the furtherStandards system in 1973. It is a not-for-profit, development and improvement of voluntarynonstatutory, voluntary membership association standardization in the national interest.engag
5、ed in standards development and certification The principal objects of the Council are to foster activities. and promote voluntary standardization as a means CSA standards reflect a national consensus of of advancing the national economy, benefiting theproducers and users including manufacturers, he
6、alth, safety, and welfare of the public, assisting consumers, retailers, unions and professional and protecting the consumer, facilitating domestic organizations, and governmental agencies. The and international trade, and furthering internationalstandards are used widely by industry and commerce co
7、operation in the field of standards.and often adopted by municipal, provincial, and A National Standard of Canada is a standard whichfederal governments in their regulations, particularly in has been approved by the Standards Council ofthe fields of health, safety, building and construction, Canada
8、and one which reflects a reasonableand the environment. agreement among the views of a number of capableIndividuals, companies, and associations across individuals whose collective interests provide to theCanada indicate their support for CSAs standards greatest practicable extent a balance ofdevelo
9、pment by volunteering their time and skills to representation of producers, users, consumers, andCSA Committee work and supporting the Associations others with relevant interests, as may be appropriateobjectives through sustaining memberships. The more to the subject in hand. It normally is a standa
10、rdthan 7000 committee volunteers and the 2000 which is capable of making a significant and timelysustaining memberships together form CSAs total contribution to the national interest.membership from which its Directors are chosen. Approval of a standard as a National Standard ofSustaining membership
11、s represent a major source of Canada indicates that a standard conforms to theincome for CSAs standards development activities. criteria and procedures established by the StandardsThe Association offers certification and testing Council of Canada. Approval does not refer to theservices in support of
12、 and as an extension to its technical content of the standard; this remains thestandards development activities. To ensure the continuing responsibility of the accreditedintegrity of its certification process, the Association standards-development organization.regularly and continually audits and in
13、spects products Those who have a need to apply standards arethat bear the CSA Mark. encouraged to use National Standards of CanadaIn addition to its head office and laboratory complex whenever practicable. These standards are subject in Toronto, CSA has regional branch offices in major to periodic r
14、eview; therefore, users are cautioned centres across Canada and inspection and testing to obtain the latest edition from the organizationagencies in eight countries. Since 1919, the preparing the standard.Association has developed the necessary expertise to The responsibility for approving National
15、Standards meet its corporate mission: CSA is an independent of Canada rests with theservice organization whose mission is to provide an Standards Council of Canadaopen and effective forum for activities facilitating the 270 Albert Street, Suite 200exchange of goods and services through the use of Ot
16、tawa, Ontario, K1P 6N7standards, certification and related services to meet Canadanational and international needs.For further information on CSA services, write toCanadian Standards Association5060 Spectrum Way, Suite 100Mississauga, Ontario, L4W 5N6CanadaCette Norme nationale du Canada est offerte
17、 en anglais et en franais.Although the intended primary application of this Standard is stated in its Scope, it is importantto note that it remains the responsibility of the users to judge its suitability for their particular purpose.Registered trade-mark of Canadian Standards AssociationCAN/CSA-ISO
18、/IEC 15945:04 services to support the application of digital signaturesInformation technology Security techniques Specification of TTPJanuary 2004 Canadian Standards Association CSA/1CAN/CSA-ISO/IEC 15945:04Information technology Securitytechniques Specification of TTPservices to support the applica
19、tionof digital signaturesCSA PrefaceStandards development within the Information Technology sector is harmonized with internationalstandards development. Through the CSA Technical Committee on Information Technology (TCIT),Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Tec
20、hnical Committee 1 onInformation Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO memberbody for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of theInternational Telecommunication Union (ITU), Canada participates in the International
21、 Telegraph andTelephone Consultative Committee (ITU-T).This International Standard was reviewed by the CSA TCIT under the jurisdiction of the StrategicSteering Committee on Information Technology and deemed acceptable for use in Canada. (Acommittee membership list is available on request from the CS
22、A Project Manager.) From time to time,ISO/IEC may publish addenda, corrigenda, etc. The CSA TCIT will review these documents for approvaland publication. For a listing, refer to the CSA Information Products catalogue or CSA Info Update orcontact a CSA Sales representative. This Standard has been for
23、mally approved, without modification, bythe Technical Committee and has been approved as a National Standard of Canada by the StandardsCouncil of Canada.January 2004 Canadian Standards Association 2004All rights reserved. No part of this publication may be reproduced in any form whatsoever without t
24、he prior permission ofthe publisher. ISO/IEC material is reprinted with permission. Where the words “this International Standard” appear in thetext, they should be interpreted as “this National Standard of Canada”. Inquiries regarding this National Standard of Canada should be addressed to Canadian
25、Standards Association 5060 Spectrum Way, Suite 100, Mississauga, Ontario, Canada L4W 5N6 1-800-463-6727 416-747-4044www.csa.caReference numberISO/IEC 15945:2002(E)ISO/IEC 2002INTERNATIONAL STANDARD ISO/IEC15945First edition2002-02-01Information technology Security techniques Specification of TTP ser
26、vices to support the application of digital signatures Technologies de linformation Techniques de scurit Spcifications des services TTP pour supporter lapplication des signatures numriques ISO/IEC 15945:2002(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes li
27、censing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The
28、ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has
29、been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 2002 All rights reserved. Unless otherwise specified, no part of this publication may b
30、e reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. +
31、41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.ch Web www.iso.ch ii ISO/IEC 2002 All rights reservedISO/IEC 15945:2002(E) ISO/IEC 2002 All rights reserved iiiCONTENTS Page 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations | International Standards. 2 2.2 Additional referenc
32、es. 2 3 Definitions 3 4 Abbreviations 4 5 Descriptive classification of services 5 5.1 Certificate management services . 5 5.2 Key management services . 8 5.3 Other services 9 6 Minimal certificate and CRL profile. 10 6.1 Minimal certificate profile. 10 6.2 Minimal CRL profile. 11 7 Certificate mana
33、gement messages 11 7.1 Overview of certificate management services and messages 12 7.2 Assumptions and restrictions for some of the services 15 8 Data structures for certificate management messages 19 8.1 Overall message 19 8.2 Common Data Structures 22 8.3 Data structures specific for Certificate R
34、equest Messages of type CertReq 24 8.4 Data structures specific for other messages. 29 8.5 Transport protocols 32 8.6 Complete ASN.1 Module 32 9 Online Certificate Status Protocol 40 9.1 Protocol Overview. 40 9.2 Functional Requirements. 42 9.3 Detailed Protocol. 43 9.4 ASN.1 Module for OCSP 47 Anne
35、x A Interworking 50 Annex B Algorithms . 51 B.1 Hash Algorithms 51 B.2 Digital Signature Algorithms. 51 Annex C Bibliography 52 ISO/IEC 15945:2002(E) iv ISO/IEC 2002 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commi
36、ssion) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO
37、 and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO
38、/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to nationa
39、l bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of patent rights. ISO and IEC shall not be held re
40、sponsible for identifying any or all such patent rights. ISO/IEC 15945 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques, in collaboration with ITU-T. The identical text is published as ITU-T Rec. X.843. Annexes A to C of this
41、 International Standard are for information only. ISO/IEC 15945:2002(E) ISO/IEC 2002 All rights reserved vIntroduction Today the development of information technology, as well as that of the worldwide communication infrastructure, opens the possibility to implement electronic commerce in economicall
42、y relevant dimensions. Digital signatures are an important technique to add security to these commercial applications and to other application fields with a need for legally effective electronic transactions. Digital signatures are suitable to assure the integrity of data and the authentication of p
43、articipants in transactions. They can supply an analogue of the handwritten signature for digital orders, offers and contracts. The most important property of digital signatures in this context is that a person who signed a document cannot successfully deny this fact. This property is called “non-re
44、pudiation of creation“ of a document. In several countries and in international contexts, legislation concerning digital signatures is being pushed forward with the aim to support the development of electronic commerce and other application fields with a need for legally effective electronic transac
45、tions. A number of standards exist that specify digital signatures, as well as their use for different purposes, like non-repudiation or authentication. A number of commercial applications, as well as TTPs offering services in connection with digital signatures, are implemented or planned. Interoper
46、ability of these TTPs, among each other and with the commercial applications, is needed for an economically and legally effective worldwide use of digital signatures. The goal of this Recommendation | International Standard is to define the services required to support the application of digital sig
47、natures for non-repudiation of creation. Since the use of digital signature mechanisms for non-repudiation of creation of a document implies integrity of the document and authenticity of the creator, the services described in this Recommendation | International Standard can also be combined to imple
48、ment integrity and authenticity services. This is done in a way to promote interoperability among TTPs as well as between TTPs and commercial applications. NOTE There is no inherent reason why every TTP planning to support the application of digital signatures should be required to offer all of thes
49、e services. It is possible that a number of TTPs offering different services cooperate in supporting the use of digital signatures. But, from the view of the potential commercial applications, the whole range of the services may be required and interoperability becomes even more important in this scenario. This is an additional justification to collect all these services together in one document. ISO/IEC 15945:2002 (E) ITU-T X.843 (10/2000 E) 1 INTERNATIONAL STANDARD ISO/IEC 15945:2001 (E) ITU-T RECOMMENDA
