1、 ETSI TS 102 207 V1.1.3 (2003-08)Technical Specification Mobile Commerce (M-COMM);Mobile Signature Service;Specifications for Roaming in Mobile Signature ServicesETSI ETSI TS 102 207 V1.1.3 (2003-08) 2 Reference DTS/M-COMM-006 Keywords commerce, electronic signature, M-commerce, mobile, roaming, ser
2、vice ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document
3、can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, t
4、he reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI do
5、cuments is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, send your comment to: editoretsi.org Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to repro
6、duction in all media. European Telecommunications Standards Institute 2003. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Members. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Mem
7、bers. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 102 207 V1.1.3 (2003-08) 3 Contents Intellectual Property Rights5 Foreword.5 Introduction 5 1 Scope 7 1.1 Structure of this technical specification7 2 References 8 3 D
8、efinitions and abbreviations.8 3.1 Definitions8 3.2 Abbreviations .9 4 Void10 5 Introduction to mobile signature 10 5.1 Overview 10 5.1.1 Mobile signature .10 5.1.2 Using mobile signature .11 5.1.3 Mobile signature service.11 5.2 Notation12 5.3 XML Schema declaration.12 6 Mobile signature roaming se
9、rvice 13 6.1 Roaming issues.13 6.2 Interoperability domain: a mesh.14 6.3 Functional requirements .15 7 Roaming resolution 16 7.1 Discovery of the right home MSSP16 7.2 Finding a path through a mesh .17 8 Scenarios 17 8.1 Scenario 1.18 8.2 Scenario 2.19 8.3 Scenario 3.19 8.4 Scenario 4.20 8.5 Scenar
10、io 5.22 9 Technical description of roaming service.22 9.1 Overview 23 9.2 Message flows 23 9.2.1 Mobile signature method using roaming 23 9.2.2 Roaming error handling24 10 Data formats .25 10.1 SOAP header block types.26 10.1.1 Roaming header 26 10.1.2 HMSSP header26 10.1.3 Identity issuer header26
11、10.2 XML data types27 10.2.1 Roaming header entry type .27 10.2.2 CommonHeader type 27 10.2.3 RE_SenderInfo type28 10.2.4 MeshIntermediaryNode type 28 11 Processing instructions.28 11.1 Acquiring entity29 11.1.1 Acquiring entity as mesh starting point 29 11.1.1.1 Roaming header block.29 ETSI ETSI TS
12、 102 207 V1.1.3 (2003-08) 4 11.1.1.1.1 Common header.29 11.1.1.1.2 Roaming entry .30 11.1.1.2 Home MSSP header block 30 11.1.1.3 Identity issuer header block.30 11.1.2 Acquiring entity as mesh end point 30 11.1.2.1 Error handling .31 11.2 Routing entity.31 11.2.1 Roaming header block 31 11.2.1.1 Com
13、mon header 31 11.2.1.2 Roaming entry.31 11.2.2 Error handling.32 11.3 Identity issuer .32 11.3.1 Roaming header block 32 11.3.2 Identity issuer header block 32 11.3.3 Home MSSP header block32 11.4 Home MSSP.32 11.4.1 Roaming header block 33 11.4.1.1 Common header 33 11.4.1.2 Roaming entry.33 11.4.2
14、HMSSP header block33 11.5 Verifying entity 33 11.5.1 Roaming header block 34 11.6 Error handling 34 Annex A (normative): XML Schema35 Annex B (normative): SOAP fault subcodes .37 Annex C (informative): Bibliography.38 History 39 ETSI ETSI TS 102 207 V1.1.3 (2003-08) 5 Intellectual Property Rights IP
15、Rs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or p
16、otentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carri
17、ed out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Project M
18、-Commerce (M-COMM). Introduction Citizens around the world are making use increasingly of electronic communications facilities in their daily lives. This often involves interactions between parties who have never previously met - or may never meet - and for whom no pre-established relationship exist
19、s. Consequently, communications networks of all kinds are being exploited in new ways to conduct business, to facilitate remote working and to create other “virtual“ shared environments. Consumers, businesses and government departments alike benefit in various ways. For the European Union (EU), elec
20、tronic commerce presents an excellent opportunity to advance its programmes for economic integration. But, such an approach requires an appropriate security mechanism to allow completion of “remote“ interactions between parties with confidence. To this end, the European Parliament and Council Direct
21、ive on Electronic Signatures (1999/93/EC 2) was published on December 13th, 1999. The definition of “electronic signature“ contained in article 2 of the Directive 2 facilitated the recognition of data in electronic form in the same manner as a hand-written signature satisfies those requirements for
22、paper-based data. Since electronic signatures can only be as “good“ as the technology and processes used to create them, “standardization“ activities such as those in Europe by ETSI and CEN within the EESSI framework aim to ensure that a common level of confidence and acceptance can be recognized. T
23、he result will be a powerful enabling facility for electronic commerce and, more generally, for completion of transactions of any kind. In the context of the EU Directive 2, the present document focuses on electronic signatures created by cryptographic means in a “secure signature creation device“.
24、As at June 2003, security provisions for signature creation and verification systems are such that parties wishing to provide a signature require “special“ equipment. Typically, this involves a smartcard and a card reader with sufficient processing power and display capabilities to present full deta
25、ils of the transaction to be “signed“. For consumer markets, however, it is doubtful whether individual citizens will want to invest in such equipment, which for the most part may remain connected to (or inserted into) personal computer equipment located in the home. An alternative approach is to ca
26、pitalize on the fact that many citizens already possess a device which contains a smartcard and which itself is effectively a personal card reader- their mobile phone. In some European countries, mobile penetration rates are approaching 80 % of the population. As one of the most widely-owned electro
27、nic devices, the mobile phone represents the natural choice for implementation of a socially-inclusive, electronic signature solution for the majority of citizens. Electronic signatures created in this way have become known as “Mobile Signatures“ and a number of initiatives are already underway to e
28、valuate the feasibility of such an approach. Only a small number of these have so far been implemented commercially and none have yet been extended to a mass-market scale. Many of those engaged in such activity cite “interoperability“ issues as a restraining factor, requiring standardization to avoi
29、d market fragmentation. ETSI ETSI TS 102 207 V1.1.3 (2003-08) 6 The concept of a “Mobile Signature“ is attractive because it leverages existing commercial models, network infrastructure, mobile device technology (including the SIM-infrastructure) and customer relationships managed by GSM mobile netw
30、ork operators. This offers the prospect that the concept could be adopted by around one billion mobile phone users in 179 countries, world-wide. Extension of the concept to other mobile network technologies is also possible. Adoption of mobile signature might also assist in the fight against interna
31、tional crimes, such as money “laundering“. In this case, the opportunity provided by mobile signature to identify the citizens who are party to a transaction is attractive, subject to provisions concerning Data Protection, Privacy and Legal Interception (as applied to data services). Acceptance of t
32、he concept universally now requires “standardization“ of a common service methodology, where signature requests/responses can be issued/received in a “standard“ format - irrespective of mobile device characteristics. To this end, the European Commission allocated funds to ETSI to establish a Special
33、ist Task Force (STF-221) to produce a set of deliverables on mobile signature service. It is envisaged that mobile signature services will play a pivotal role in reaching an appropriate level of confidence, acceptance and interoperability to support implementation of the European Directive 2 on Elec
34、tronic Signature - particularly for consumer (mass) markets. This Technical Report focuses on those technologies able to realize a mobile signature the equivalent of an “enhanced electronic signature“ as defined by the European Directive 2. The mobile signature service is considered suitable for the
35、 administration and management of all aspects relating to: advising and guiding citizens about the use of mobile signature; acquiring mobile signature capability; managing citizen identity (including data protection and individual privacy); processing of signature requests from application providers
36、 (and providing responses); maintaining signature transaction records for the citizen; managing all aspects of signature lifecycle (e.g. validity, expiry); supporting service administration and maintenance activities. The definition of the Mobile Signature service comprises the following report and
37、specifications: TR 102 203 7: “Mobile Commerce (M-COMM); Mobile Signatures; Business and Functional Requirements“. TS 102 204 8: “Mobile Signature Service; Web Service Interface“. TR 102 206 9: “Mobile Signature Service; Security Framework“. TS 102 207 (the present document): “Mobile Signature Servi
38、ce; Specifications for Roaming in Mobile Signature Services“. Together, the TR and the TSs allow the design and implementation of interoperable mobile signature solutions. ETSI ETSI TS 102 207 V1.1.3 (2003-08) 7 1 Scope Basically, an Application Provider should be able to get a Mobile Signature from
39、 any enduser, even if the Application Provider and the enduser have not contracted a commercial relationship with the same Mobile Signature Service Provider. Otherwise, an Application Provider would have to build commercial terms with as many MSSPs as possible, and this might be a cost burden. This
40、means that a Mobile Signature transaction issued by an Application Provider should be able to reach the appropriate Mobile Signature Service Provider, and this should be transparent for the Application Provider and the enduser. This is the concept of Mobile Signature Roaming. The present document sp
41、ecifies technical interfaces over SOAP and HTTP for architectures that facilitate the roaming of mobile signature messages between the enduser and an Application Provider, and facilitate the building of an open model. These standardized interfaces must allow: many-to-many relationships between stake
42、holders, relying parties and customers; both centralized or decentralized approach so that endusers and Application Providers are able to establish multiple trusted relationships; a minimized number of intermediaries between an enduser and an Application Provider; a common understanding between the
43、Mobile Signature Service Provider and the Application Provider of the security involved in a mobile signature process; keep track of the path taken by the roaming transaction; a dispute resolution policy between Application Provider, Enduser, Home MSSP, Acquiring Entity and all the intermediaries in
44、volved in the roaming of the transaction. 1.1 Structure of this technical specification Scope: A description of the goals and objectives of the present document. Document administration: An explanation of the structure, definitions, symbols and abbreviations used in the present document. Introductio
45、n: Positions the Mobile Signature project and EC funding etc leading to overview of why mobile signature has a way to accelerate deployment of electronic signatures as originally envisaged by the EU Directive 2. Mobile Signature Roaming Service: Specifies principles and requirements for the Mobile S
46、ignature Roaming Service. Also the Mesh concept is described. Roaming Resolution: This clause treats the negotiations that take place during a Mobile Signature Roaming transaction. The aim to find a path within the Mesh that targets the Mobile Signature Service Provider that is able to contact the e
47、nduser. Scenarios: This clause provides scenarios of how the Home Mobile Signature Service Provider of the enduser can be addressed by the Application Provider using the Mesh. ETSI ETSI TS 102 207 V1.1.3 (2003-08) 8 Technical Description of Roaming Service: The technical description of the Roaming S
48、ervice is outlined first and illustrated by means of message flows. Data Formats: The XML data types, i.e. SOAP Header blocks, used with respect to the Roaming Service are specified. Processing Instructions: Processing instructions with respect to the SOAP Header blocks are specified. 2 References T
49、he following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. 1 ITU-T Rec