1、 KS X ISO 157821 KSKSKSKS SKSKSKS KSKSKS SKSKS KSKS SKS KS 1: KS X ISO 157821 : 2007 (2012 ) 2007 9 3 http:/www.kats.go.krKS X ISO 157821:2007 : e- ( ) ( ) () () ( ) : () (WG1 ) (WG2 ) (WG3 ) (WG4 ) (WG5 ) JS ( ) STG KS X ISO 157821:2007 : (http:/www.standard.go.kr) : :2007 9 3 :2012 12 28 2012-0863
2、 : e- : e- ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO 157821:2007 i e . KS X ISO 157821:2007 . A() ASN.1 B() C() 3 D() E() F() G() H() I() J() K() KS X ISO 15782 “ ” . 1: 2: . KS X ISO 157821 : 2007 (2012 ) 1: Certificate management for financial services Part 1 :Public key certificate
3、s 2003 1 ISO 157821, Certificate management for financial services Part 1:Public key certificates , . ISO IEC . ISO IEC , . ISO IEC . , ISO IEC . . ISO/IEC JTC 1/SC 27 Standing Document 8(SD 8) “ ” SD 8 http:/www.ni.din.de/sc27 . . ISO IEC . 1 . , (: , ). KS X ISO 157821:2007 2 . . , . ISO/IEC 95948
4、, ITUT Recommendation X.509 . ( X.500 ) A ASN.1 . 2 . ( ) . ( ) ( .) . ISO/IEC 88241 |ITUT Recommendation X.680(1997), Information technologyAbstract Syntax Notation One(ASN.1), Specification of basic notationPart 1 ISO/IEC 88242 : 1998 |ITUT Recommendation X.681(1997), Information technologyAbstrac
5、t Syntax Notation One(ASN.1):Information object specificationPart 2 ISO/IEC 88243 |ITUT Recommendations X.682(1997), Information technologyAbstract Syntax Notation One(ASN.1):Constraint specificationPart 3 ISO/IEC 88244 |ITUT Recommendation X.683(1997), Information technologyAbstract Syntax Notation
6、 One(ASN.1):Parameterization of ASN.1 specificationsPart 4 ISO/IEC 88251 |ITUT Recommendation X.690(1997), Information technologyANS.1 encoding rules:Specification of Basic Encoding Rules(BER), Canonical Encoding Rules(CER) and Distinguished Encoding Rules(DER)Part 1 ISO/IEC 88252 |ITUT Recommendati
7、on X.691(1997), Information technologyANS.1 encoding rules:Specification of Packed Encoding Rules(PER)Part 2 ISO/IEC 95942 |ITUT Recommendation X.501(1997), Information technologyOpen Systems InterconnectionThe Directory:ModelsPart 2 ISO/IEC 95946 |ITUT Recommendation X.520(1997), Information techno
8、logyOpen Systems InterconnectionThe Directory:Selected attribute typesPart 6 ISO/IEC 95948 |ITUT Recommendation X.509(1997), Information technologyOpen Systems InterconnectionThe Directory:Publickey and attribute certificate frameworksPart 8 ISO 9807:1991 |Banking and related financial servicesRequi
9、rements for message authentication(retail) ISO/IEC 98341 |ITUT Recommendation X.660(1997), Information technologyOpen Systems InterconnectionProcedures for the operation of OSI Registration Authorities:General proceduresPart 1 ISO/IEC 15408(all parts), Common Criteria for Information Security Evalua
10、tion ISO 157822:2001, BankingCertificate ManagementPart 2:Certificate extensions ANS X9.301, Public Key Cryptography Using Irreversible Algorithms for the Financial Services Industry, KS X ISO 157821:2007 3 Part 1:The Digital Signature Algorithm(DSA) ANS X9.311, Public Key Cryptography Using Reversi
11、ble Algorithms for the Financial Services Industry, Part 1:The RSA Signature Algorithm ANS X9.62, Public Key Cryptography For The Financial Services Industry:The Elliptic Curve Digital Signature Algorithm(ECDSA) 3 . 3.1 ASN.1 (ASN.1 module) ASN.1 3.2 (attribute) 3.3 (audit journal) , 3.4 (authorizat
12、ion) 3.5 (CAcertificate) (CA) 3.6 () (certificate) hold) 3.7 (certificate informtion) 3.8 (certificate policy) / . 1 ( ) . KS X ISO 157821:2007 4 X.509 3 . . 2 X.509 3 . , , . , . ( ) ( ) . 3.9 (certificate policy framework) . 3.10 (certificate request data credentials) , 3.11 (certificate revocatio
13、n list CRL) 3.12 (certificate-using system) 3.13 (certification) 3.14 (certification authority CA) , , 3.15 (certification authority system) CA . KS X ISO 157821:2007 5 3.16 (certification path) 3.17 (certification practice statement CPS) 3.18 (compromise) 3.19 (confidentiality) , 3.20 CRL (CRL dist
14、ribution point) CRLs CRL CRL CA CA . 3.21 (cross certification) (policy mapping)(3.48) 3.22 () (cryptographic) key) . 3.23 (cryptographic module) (:, , ) 3.24 (cryptography) , , , 3.25 (cryptoperiod) KS X ISO 157821:2007 6 3.26 (data integrity) 3.27 (deltaCRL) CRL CRL 3.28 () (digital) signature) ,
15、(signer nonrepudiation) 3.29 (directory repository) CRL X.500 3.30 (distinguished name) 1 . 2 . 3.31 (dual control) , , ( ) 1 . (:). 2 , , , , , . . 3.32 (end certificate) 3.33 (end entity) , CA , 3.34 (entity) (:, , ) KS X ISO 157821:2007 7 C, RA 3.35 (financial message) 3.36 (hash) ( ) () ( ) . .
16、3.37 (key agreement) DiffieHellman 3.38 (key fragment) ( ) 3.39 (key management) , , , 3.40 (key pair) 3.41 (keying material) , , 3.42 (keying relationship) 3.43 (message) 3.44 (non-repudiation) KS X ISO 157821:2007 8 . (, , , ) 3.45 (optional) . ASN.1 “ OPTIONAL” . 3.46 (outofband notification) 3.4
17、7 (policy mapping) CA CA , ( ) 3.48 (qualifier) X.509 3.49 (private key) 3.50 (public key) 3.51 (public key certificate) ( ) 3.52 (public key validation PKV) 1 / 2 (, , ), . (:ANS X9.62) . 3.53 (registration authority RA) . CA . KS X ISO 157821:2007 9 RA , . 3.54 (relying party user) 3.55 (split kno
18、wledge) 3.56 (subject) 3.57 CA (subjct CA) CA CA 3.58 CA (trusted CA public key) ( G ) CA CA , 3.59 (zerorize) , 4 ASN.1 Abstract syntax notation one( 1) BER Basic encoding rules( ) CA Certification authority( ) CPS Certification practice statement( ) CRL Certificate revocation list( ) DER Distingui
19、shed encoding rules( ) DSA Digital signature algorithm( ) ECDSA Elliptic curve digital signature algorithm( ) ITUT International Telecommunication Union telecommunications standardization sector PKI Public key infrastructure( ) RA Registration authority( ) RSA Rivest Shamir Adleman algorithm KS X IS
20、O 157821:2007 10 SHA1 Secure hash algorithm1( 1) URI Uniform resource identifier( ) Xinformation Singining of “information” by X Xp Xs public key(e.g. X1p is X1s public key) Xs Xs private key X1X2 X2s certificate issued by the CA, X1 X1X2X2X3 Xn1Xn . CA . X1Xn . X1p Xn . X1p.X1X2 . CA(X1) (X1X2) . X
21、2p . 1 , X.509 . 2 CertReqData CRLEntry , ISO/IEC 88244 ISO/IEC 88251 ISO/IEC 88252 ISO/IEC 88241 , (ASN.1) . , ASN.1 . 5 5.1 (PKI) , . . . , . ( ) ( ) . . . . X.509(1997) . 5.2 , . KS X ISO 157821:2007 11 1 . 5.3 (CA) CA / . CA . CA . . CA . CA . . 6.3.1, H, ISO 95948 . , . . CA . CA , , , . . . , CA “ root” CA . CA . CA CA , . CA CA . CA .