1、- STD-ITU-T RECMN Q*8/4-ENGL 2000 48b259L Ob85882 591 INTERNATIONAL TELECOMMUNICATION UNION ITU=T TELECOMMUNICATION STAN DARD IZATION SECTOR OF ITU 4.814 (02/2000) SERIES Q: SWITCHING AND SIGNALLING Specifications of Signalling System No. 7 - Q3 interface Specification of an electronic data intercha
2、nge interactive agent ITU-T Recommendation Q.814 (Formerly CCITT Recommendation) STD-ITU-T RECMN Q.BL4-ENGL 2000 4862591 Ob85883 428 = ITU-T Q-SERIES RECOMMENDATIONS SWITCHING AND SIGNALLING SIGNALLING IN THE INTERNATIONAL MANUAL SERVICE FUNCTIONS AND INFORMATION FLOWS FOR SERVICES IN THE ISDN SPECI
3、FICATIONS OF SIGNALLING SYSTEMS No. 4 AND No. 5 SPECIFICATIONS OF SIGNALLING SYSTEM No. 6 SPECIFICATIONS OF SIGNALLING SYSTEM RI SPECIFICATIONS OF SIGNALLING SYSTEM R2 DIGITAL EXCHANGES INTERWORKING OF SIGNALLING SYSTEMS SPECIFICATIONS OF SIGNALLING SYSTEM No. 7 INTERNATIONAL AUTOMATIC AND SEMI-AUTO
4、MATIC WORKING CLAUSES APPLICABLE TO ITU-T STANDARD SYSTEMS General Message transfer part (MTP) Signalling connection control part (SCCP) Telephone user part (TUP) ISDN supplementary services Data user part Signalling System No. 7 management ISDN user part Transaction capabilities application part Te
5、st specification Q3 interface DIGITAL SUBSCRIBER SIGNALLING SYSTEM No. 1 PUBLIC LAND MOBILE NETWORK INTERWORKTNG WITH SATELLITE MOBILE SYSTEMS INTELLIGENT NETWORK BROADBAND ISDN SIGNALLING REQUIREMENTS AND PROTOCOLS FOR IMT-2000 Q. 1-4.3 Q.4-Q.5 9 Q.6CkQ. 99 Q.IOO-Q.119 Q. 12O-Q.249 Q.250-4.309 Q.3
6、10-4.399 Q.400-Q.499 Q.500-Q.599 Q.60O-Q.699 Q.70O-Q.849 4.700 4.70 1-4.709 4.7 1 1-Q.7 I9 Q.72O-Q.729 4.730-Q.739 Q.740-Q.749 Q.750-Q.759 Q.76O-Q.769 Q .7 7 O-Q . 7 7 9 4.780-4.799 Q.850-Q.999 Q.1000-Q. i 099 Q.iiO-Q.ii99 Q.12OO-Q. I699 Q.17OO-Q.1799 Q.2000-Q.2999 Q.8OO-Q.849 For furiher details, p
7、lease refer to the list o$iTU-T Recommendaiions. STD-ITU-T RECMN Q-BL4-ENGL 2000 48b259L Ob85884 364 = ITU-T Recommendation Q.814 Specification of an electronic data interchange interactive agent Summary This ITU-T Recommendation defines the technical specification of a session layer protocol module
8、 called Electronic Communications Interactive Agent. This may be used as an interface reference point in a TMN model for the asynchronous exchange of data between peer application entities. The Interactive Agent (IA) supports the exchange of near real time Electronic Data Interchange (EDIFACT or ASC
9、 X12 EDI) transactions. In addition, this ITU-T Recommendation defines the architecture, design, structure, and process-flow for both normail and high priority2 business functions utilizing Transport Layer Security (TLS). Source ITU-T Recommendation Q.814 was prepared by JTU-T Study Group 4 (1997-20
10、00) and approved under the WTSC Resolution 1 procedure on 4 February 2000. I Normal Priori - An example of a Normal Priority Business Function is an Order Request Transaction. 2 High Priority - An example of a High Priority Business Function is an interactive inquiry transaction. STD-ITU-T RECMN r3.
11、834-ENGL 2000 W 4862573 Ob85885 2TO FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical,
12、 operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Conference (WTSC), which meets every four years, establishes the topics for study by the IT-T study groups which, in t
13、urn, produce Recommendations on these The approval of IT-T Recommendations is covered by the procedure laid down in WTSC Resolution I. In some areas of information technology which fall within IT-Ts purview, the necessary standards are prepared on a collaborative basis with IS0 and IEC. topics. NOTE
14、 In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. INTELLECTUAL PROPERTY RIGHTS I draws attention to the possibility that the practice or implementation of this Recommendation may inv
15、olve the use of a claimed Intellectual Property Right. TU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Reco
16、mmendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database.
17、O ITU 2001 All rights reserved. No part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the ITU. 1 2 2.1 2.2 3 4 5 6 6.1 6.2 7 8 8.1 8.2 8.3 9 9.1 9.2 Page Scope Referenc
18、es Normatives references Informative references Definitions Abbreviations . Conventions Architecture and Service Characteristics Architecture Service characteristics 6.2.1 Elements of Service . 6.2.2 Classifications of Elements of Service Data Flow . IA Messages . Message Format Definitions . Messag
19、e Syntax Definitions . 8.2.1 Basic Message . 8.2.2 IA Status/Control Message 8.2.3 Enhanced Message IA Status Message Detail Format . 8.3.1 First Octet 8.3.2 Second Octet . 8.3.3 Third and Fourth Octets 8.3.4 Special Test Message 8.3.5 Invalid Message . Client Specifications . Determine IP Destinati
20、on Address . Connect to Server . 9.2.1 Allocate TLS Data Structure and Memory . 9.2.2 Open Socket 9.2.3 Send TLS Client Hello 9.2.4 Send Clients Certificate to Server 9.2.5 Client Key Exchange . 9.2.6 9.2.7 Change Cipher Specs Send Client Certificate Verify . 1 1 2 2 2 6 7 7 7 7 8 8 8 8 8 8 9 9 9 9
21、9 10 10 10 10 10 10 11 9.3 9.4 9.5 10 10.1 10.2 10.3 10.4 10.5 10.6 10.7 10.8 11 11.1 11.2 11.3 12 STD-ITU-T RECMN Q.814-ENGL ZOO0 = 4862593 0685887 073 - 9.2.8 Send Client Finished . Send Application Data to Server Transmission Logging Client Disconnect . Server Specifications Accept Connection fio
22、m Client Message Read Setup . 10.3.1 Allocate TLS Data Structure and Memory . 10.3.2 Bind TLS Data Structure to the Socket . 10.3.3 Send TLS Server Hello . 10.3.4 Send Server?s Certificate to Client 10.3.5 Server Key Exchange 10.3.6 Send Client Certificate Request 10.3.7 Send Server Hello Done 10.3.
23、8 Execute Change Cipher Specs . 10.3.9 Send Server Finished . TLS Read Processing . Server Disconnect . Parsing the Received Message . Transfer Data to Immediate User (TranslatodSecurity Module) . Receipt Logging . . Initialize Server . Operational requirements . Security . Digital Certificates Flow
24、 Control . Port Assignments Annex A . ASN . 1 Production Module Annex B . Design Considerations . B . 1 Multi-processinghulti-threading B.2 Non-Persistent Versus Persistent Connections . B.3 Resumable TLS Sessions . Annex C . Error HandlingRecovery Appendix I . Non-normative references . Page 11 11
25、11 11 12 12 12 12 13 13 13 13 13 13 13 13 13 13 14 14 14 15 15 15 15 16 16 17 17 17 17 18 18 18 - STDmITU-T RECMN Q-BLLi-ENGL 2000 YBb259L Ob85884 TOT Introduction This ITU-T Recommendation defines the specifications for an Electronic Data Interchange Interactive Agent (IA). The IA supports the exch
26、ange of Electronic Data Interchange transactions between peer entities. It maps ED1 transactions into the transport layer. More specifically, it interfaces with Transport Layer Security (TLS) to request the establishment and termination of secure (Le. supporting peer entity authentication, integrity
27、, and privacy) TCP sessions and secure transport of ED1 messages. The IA further provides basic flow control functionality. STD-ITU-T RECMN Q-BLiI-ENGL ZOO0 W 48b259L CJb85B8q 946 ITU-T Recommendation Q.814 Specification of an electronic data interchange interactive agent 1 Scope This ITU-T Recommen
28、dation provides a specification for the Electronic Data Interchange Interactive Agent (IA). The IA supports the interchange of Electronic Data Interchange (EDIFACT/ASC X 12 EDI) transactions over a Transmission Control ProtocoVInternet Protocol (TCPAP) network utilizing Transport Layer Security (TLS
29、). This ITU-T Recommendation specifies the general architecture of the IA, the syntax of the message formats to be used, the encoding rules for the messages and the applicable security transformations. 2 References 2.1 Normatives references The following ITU-T Recommendations and other references co
30、ntain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; all users of this Recommendation are therefore encouraged to investig
31、ate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. - ITU-T Recommendation Q.815 (2000), Specification of a security module for whole message protection. ITU-T Re
32、commendation X.509 (1 997) I ISOAEC 9495-8: 1998, Information technology - Open Systems Interconnection - The Directory: Authentication fiamework. ITU-T Recommendation X.680 (1997) I ISOAEC 8824-1:1998, Information technology - Abstract Syntax Notation One (ASN. 1): Specification of basic notation.
33、ITU-T Recommendation X.681 (1997) I ISO/IEC 8824-2:1998, Information technology - Abstract Syntax Notation One (ASN. I): Information object specijcation. ITU-T Recommendation X.682 (1997) I ISOAEC 8824-3:1998, Information technology - Abstract Syntax Notation One (ASN. 1): Constraint specification.
34、ITU-T Recommendation X.683 (1997) I ISO/IEC 8824-4: 1998, Information technology - Abstract Syntax Notation One (ASN. I): Parameterization of ASN. I speciJications. ITU-T Recommendation X.690 (1997) I ISO/IEC 8825-1 : 1998, Information technology - ASN. I encoding rules: SpeciJication of Basic Encod
35、ing Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). - - - - - - Internet Societyhnternet Engineering Task Force: - RFC 2246, The TLS Protocol Version 1. O. 2.2 Informative references - Directory Implementors Guide (Version 12) (1 999). STD-ITU-T RECMN Q-814-ENGL 2
36、000 = 4862591 Ob85890 bb 3 Definitions This ITU-T Recommendation defines the following terms: 3.1 interactive agent transfer protocol (IATP): This protocol is utilized between peer interactive agents wishing to exchange electronic data interchange transactions/messages via transmission control proto
37、colInternet protocol utilizing transport layer security. 3.2 EDI translator: An ED1 translator is typically a computer software module or program that translates private data formats and representations to/fiom standard formats and standard data representations such as those specified by IS0 9735 or
38、 ANSI ASC X.12. 3.3 interactive agent (IA): The IA supports the exchange of electronic data interchange (UNEDIFACT or ASC X12 EDI) transactions between peer entities. The IA functions as an interface between its direct user (normally an EDIFACT/ASC XI2 ED1 translator or a security module) and the tr
39、ansport layer security. Various implementation approaches may be taken ranging from a simple API (Application Program Interface) through a stand-alone program. The IA is described in this ITU-T Recommendation and the Security Module is described in ITU-T Recommendation Q. 8 1 5. 3.4 transport layer
40、securiy (TLS): The TLS protocol optionally provides communications privacy. The protocol allows clientkerver applications to communicate in a way that is designed to prevent eavesdropping, tampering, and intrusion. The TLS protocol also provides strong peer authentication and data flow integrity. 4
41、Abbreviations This ITU-T Recommendation uses the following abbreviations: IA Interactive Agent IATP Interactive Agent Transfer Protocol MD Message Digest SHA-1 SM Security Module TLS Transport Layer Security WAN Wide Area Network Secure Hashing Algorithm, Revision 1 5 Conventions The following conve
42、ntions are used within this ITU-T Recommendation: The term EDI, as used within this ITU-T Recommendation, refers to any or all of the following: 0 UNEDIFACT as defined by the UNECE Trade Division and adopted by ISO/TC 154 EDIFACT as defined by IS0 9735 NOTE - This also includes ED1 as defined by ANS
43、I ASC X12. Table 1 in 6.2.2 uses the following conventions: M Mandatory O Optional All occurrences of C Language code appearing in this ITU-T Recommendation are for illustrative purposes only. STD-ITU-T RECMN Q.834-ENGL 2000 4862593 0685893 5T4 = 6 Architecture and Service Characteristics 6.1 Archit
44、ecture The IA functions as an interface between its direct user (normally an application such as EDIFACT or ASC X12 EDI translator) and the transport layer. (See Figure 1.) Basic security of ED1 transactions is provided by TLS. Additional security capabilities (e.g. non-repudiation) may be provided
45、by a separate security module that performs security transformations on whole ED1 messages. Such security module can also be a direct user of the IA as illustrated in Figure 2. Network I Management I Management I Translator ED1 Data _-_-_-_- Translator Not used . li Interactive Agent Service : . , i
46、 ,. i Security i j i Module *. ,. : C . . . 8, i Security i i j Module i j ., :; i : : Figure UQ.814 - Message flow relationship (without Security Module) STDeITU-T RECMN BmB34-ENGL 2000 4862573 Ob85892 430 Management ED1 Data -_-_ Translator Service Security Interface Management t -u Translator Sec
47、urity Secure Message oe int unit; struct sockaddr-in sin; struct servent *sp; struct hostent *hp; if (sp=getservbyname(service,“tcp“) = NULL) then error. if (hp=gethostbyname(host) = NULL) then error. bzero(char *) etc. 1 The result returned is afile descriptor that is connected to a server process.
48、 This is a communications channel on which one can conduct an application specific protocol. 9.2.3 Send TLS Client Hello The function sends the clients current datehime, session identifier, cipher suite list, compression algorithm list, a random data structure and a client version parameter. This pa
49、rameter specifies what version(s) of the TLS protocol can be used for the connection. This should be set to a value of (3. I for TLS. After sending a Client Hello, the client must wait until it receives a Server Hello in response. 9.2.4 The client sends its digital certificate to the server. Send Clients Certificate to Server 9.2.5 Client Key Exchange This message sets the 48 byte pre-master secret, encrypts it with the servers public key and sends the results in an encrypted pre-master secret message
