GB/T 14805.9-2001 Application-level syntax rules for electronic data interchange for administration, commerce and transport (Syntax version: 4) Part 9: Security key and certificate management messages (message type KEYMAN)
Some standard content:
ICS35.240.60
National Standard of the People's Republic of China
GB/T14805.92001
idtISO9735-9:1999
Electronic Data Interchange For AdministrationCommerce and Transport (EDIFACT)-Application level syntax rules (Syntax version number :4)-Part 9: Securitykey and certificate managementmessage (message type KEYMAN)
Electronic Data Interchange For AdministrationCommerce and Transport (EDIFACT)-Application level syntax rules (Syntax version number :4)-Part 9: Securitykey and certificate managementmessage (message type KEYMAN type-KEYMAN)Published on April 9, 2001
Implemented on October 1, 2001
Published by the State Administration of Quality and Technical Supervision
GB/T14805.9—2001
This standard is equivalent to ISO9735-9:1999 "Application-level syntax rules for electronic data interchange for administration, commerce and transport (Syntax version number: 4) Part 9: Security key and certificate management messages (message type is KEYMAN)". GB/T14805 series of standards, under the general title of "Application-level grammar rules for electronic data interchange for administration, commerce and transport (grammar version number: 4)", includes the following 9 parts: Part 1: Common grammar rules and grammar service directory Part 2: Grammar rules for batch electronic data interchange Part 3: Grammar rules for interactive electronic data interchange Part 4: Grammar and service report message for batch electronic data interchange (message type CONTRL) Part 5: Security rules for batch electronic data interchange (authenticity, integrity and non-repudiation of origin) Part 6: Security authentication and confirmation message (message type AUTACK) Part 7: Security rules for batch electronic data interchange (confidentiality) Part 8: Related data in electronic data interchange Part 9: Security key and certificate management message (message type KEYMAN) New parts may be added in the future.
GB/T14805 series of standards corresponds to the 4th edition of ISO9735. Although ISO9735:1998 replaces the earlier versions, users can still use the earlier versions according to the relevant provisions of ISO9735:1998. In view of this, the national standard GB/T14805-1993 formulated by my country in 1993 based on the 1988, 1990 and 1992 versions of ISO9735 can also continue to be used for a period of time in the future. Therefore, the release and implementation of this series of standards does not replace GB/T14805-1993.
In this standard, Appendix A and Appendix B are the appendices of the standard and are an integral part of this standard. Appendix C to Appendix H are prompt appendices.
This standard is proposed by the China Standards Research Center. This standard is under the jurisdiction of the National Electronic Business Standardization Technical Committee. The drafting units of this standard are: China Standards Research Center, the People's Bank of China, and the Information Security Research Institute of Sichuan University. The main drafters of this standard are: Li Ying, Liu Bisong, Chen Yaodong, Zhou Anmin, Hu Hanjing, Deng Jie, etc. 1
GB/T14805.9—2001
ISO Foreword
ISO (International Organization for Standardization) is a worldwide alliance of national standard organizations (ISO national member bodies). The formulation of international standards is generally completed through SO technical committees. Each member body interested in a project of an established technical committee has the right to express its opinion on the project. Any official and unofficial international organization that has a liaison relationship with ISO can directly participate in the formulation of international standards. ISO and EC (International Electrotechnical Commission) work closely in all areas of electrotechnical standardization. The draft international standard formally adopted by the technical committee must be distributed to each member body for voting before being accepted as an international standard by the SO Council. According to ISO's working procedures, the draft standard becomes an international standard only after at least 75% of the member bodies vote in favor.
This International Standard ISO 9735-9 was prepared by the Trade Division of the United Nations Economic Commission for Europe (UN/ECE) (as part of UNEDIFACT) and adopted as the current standard by ISO/TC154 (Technical Committee for Documents and Data Elements in Administration, Commerce and Industry) through the "fast-track voting procedure". As this standard replaces earlier versions and uses "4" in the mandatory data element 0002 (Syntax version number) of the exchange header (UNB) segment to identify this version, exchanges that continue to use the syntax rules of earlier releases should use the following syntax version numbers to distinguish them from each other. ISO 9735:1988 - Syntax version number: 1 ISO 9735:1988 (revised and reprinted in 1990) - Syntax version number: 2 ISO 9735:1988 (revised and reprinted in 1990) and its 1992 Amendment No. 1 Single Syntax Version Number: 3 ISO/IEC 9735 consists of the following parts under the general title of "United Nations application level syntax rules for electronic data interchange for administrative, commercial and transport purposes (Syntax version number: 4)": ISO 9735-1 Syntax rules common to all parts and directory of syntax services for each part ISO 9735-2 Syntax rules specific to batch electronic data interchange I ISO9735-3 Syntax rules specific to interactive electronic data interchange ISO9735-4 Syntax and service report message for batch electronic data interchange (message type CONTRL) ISO9735-5 Security rules for batch electronic data interchange (authenticity, integrity and non-repudiation of origin) ISO9735-6 Security authentication and confirmation message (message type AUTACK) ISO9735-7 Security rules for batch electronic data interchange (confidentiality) ISO9735-8 Related data in electronic data interchange ISO9735-9 Key and certificate management message (message type KEYMAN) New parts may be added in the future.
In this standard, Appendix A and Appendix B are normative appendices, and Appendix C to Appendix H are informative appendices. GB/T14805.9—2001
Based on the requirements of batch processing, this standard contains application-level rules for the structuring of data in electronic messages exchanged in an open environment. The United Nations Economic Commission for Europe (UN/ECE) has agreed to use these rules as application-level syntax rules for electronic data interchange for administration, commerce and transport (EDIFACT). These rules are part of the United Nations Trade Data Interchange Directory (UNTDID). UNTDID also contains guidelines for batch and interactive message design. Communication specifications and protocols are not within the scope of this standard. This standard is a new part of ISO9735. It provides an optional ability to manage security keys and certificates. 1 Scope
National Standard of the People's Republic of China
Application level syntax rules for electronic data interchange for administration, commerce and transport (EDIFACT)-Application level syntax rules (Syntax version number: 4)—Part 9: Security key and certificate management message (message type KEYMAN)
Electronic Data Interchange For Administration, Commerce and Transport (EDIFACT)-Application level syntax rules (Syntax version number: 4)—Part 9: Security key and certificate management message (message type-KEYMAN)
This standard specifies the security key and certificate management messages required for batch EDIFACT security. 2 Conformance
GB/T14805.9—2001
idtIS09735-9:1999
Conformance to a standard implies support for all its requirements, including all options. If not all options are supported, any conformance claim shall include a statement identifying those options that are claimed to be conformant. If the structure and representation of the exchanged data conform to the grammatical rules specified in this standard, the data is in a consistent state. If the devices supporting this standard can create and/or interpret data whose structure and representation are consistent with this standard, the devices are in a consistent state.
Conformance with this standard shall include conformance with GB/T14805.1. Consistency of GB/T14805.2 and GB/T14805.5 When the clauses defined in the relevant standards are identified in this standard, these clauses shall constitute an integral part of the consistency determination criteria. 3 Referenced standards
The clauses contained in the following standards constitute the clauses of this standard through reference in this standard. When this standard was published, the versions shown were valid. All standards will be revised, and the parties using this standard should explore the possibility of using the latest versions of the following standards. Members of ISO and IEC maintain a registration of currently valid international standards. GB/T 14805.1-1999 Application-level syntax rules for electronic data interchange in administration, commerce and transport (Syntax version number: 4) Part 1: Common syntax rules and syntax service directory (idtIS9735-1: 1998) GB/T 14805.2-1999 Application-level syntax rules for electronic data interchange in administration, commerce and transport (Syntax version number: 4) Part 2: Syntax rules specific to batch electronic data interchange (idtISO9735-2: 1998) GB/T 14805.5-1999 Application-level syntax rules for electronic data interchange in administration, commerce and transport (Syntax version number: 4) Part 2: Syntax rules specific to batch electronic data interchange (idtISO9735-2: 1998) Level syntax rules (syntax version number: 4) Part 5: Security rules for batch electronic data interchange (authenticity, integrity and non-repudiation of origin) (idtISO9735-5:1998)
Approved by the State Administration for Quality Supervision, Inspection and Quarantine on April 9, 2001 and implemented on October 1, 2001
GB/T14805.92001
ISO/IEC9594-81) Information Technology Open Systems Interconnection Directory: Authentication Framework [ITU-T Recommendation X.509 (1997)] 4 Definitions
The definitions adopted in this standard can be found in Appendix A of GB/T14805.1-1999. 5 Rules for the use of security key and certificate management messages 5.1 Functional definition
KEYMAN is a message used to provide security key and certificate management. The key can be a secret key used in a symmetric algorithm or a public key and private key used in an asymmetric algorithm. 5.2 Application Areas
This message is applicable to domestic and international trade. It is based on international practices related to administration, commerce and transportation, but is not dependent on the type of business or industry.
5.3 Principles
This message can be used to request or deliver security keys, certificates or certification paths (including requesting other key and certificate management actions, such as updating, replacing or revoking certificates, and requesting delivery of other information such as certificate status), and can also be used to deliver certificate lists (such as indicating revoked certificates). This message can be protected by a security header and trailer group. The structure of the security header and trailer group is defined in GB/T14805.5. This message can be used to:
a) request actions related to keys and certificates; b) deliver keys, certificates and related information. 5.4 Message Definition
5.4.1 Data Segment Description
0010UNH, the message header
begins and uniquely identifies the message.
The message type code for security key and certificate management messages is KEYMAN. NOTE: Messages conforming to this standard must contain the following data in the composite data element S009 of the UNH segment: Data element
0020 Segment Group 1: USE-USX-SG2
KEYMAN
Gives all the information required for the request, delivery and notification of key, certificate or certification path management. 0030
USE, Security Message Relationship
Identifies the relationship to a previous message, such as a KEYMAN request. USX, Security Reference
Identifies the connection to a previous message, such as a request. The composite data element "Security Date and Time" may include the source generation date and time of the referenced message.
Segment Group 2: USF-USA-SG3
Gives a single key, a single certificate or a group of certificates that make up a certification path. USF, Key Management Function
Identifies the function of the segment group that is triggered, i.e., request or delivery. When used to indicate an element of a certification path, the certificate serial number shall indicate 1) To be released. The version to be released is a revised version of ISO/IEC9594-8, 1995. The current national standard corresponding to it in my country is GB/T16264.8-1995, which is equivalent to ISO/IEC9594-81990.
GB/T14805.92001
The position of the certificate followed in the certification path. It can also be used for its own retrieval without providing a certificate. If more than one key or certificate is processed, there can be several different USF segments in the same message. However, the request function and the delivery function cannot be mixed. The USF segment can also describe the filtering function used for the binary field of the USA segment that follows this segment. USA, security algorithm
Identifies the security algorithm and its usage, and gives the required technical parameters (see GB/T14805.5). This segment is applicable to the request, suspension or delivery of symmetric keys, and can also be used for the request of asymmetric key pairs. Segment Group 3: USC-USA-USR
When an asymmetric algorithm is used (see ISO/IEC 14805.5), the data required to verify the security method applied to the message/packet are given. This segment group applies to the request or delivery of keys and certificates. In the USC segment, the entire certificate segment group (including the USR segment) or only the data elements required to unambiguously identify the asymmetric key pair used should be given. If the two parties have already exchanged certificates or the certificate is available from a database, the entire certificate does not need to be given.
When it is decided to refer to a non-EDIFACT certificate (such as X.509), the syntax and version of the certificate should be identified in data element 0545 of the USC segment. Such certificates can be transmitted in EDIFACT packets. USC, Certificate
Gives the credentials of the certificate holder and identifies the certification authority that generated the certificate (see ISO/IEC 14805.5). This segment applies to certificate requests such as renewal, or asymmetric key requests such as suspension, as well as certificate delivery. USA, Security Algorithm
Identifies the security algorithm and its usage, and gives the required technical parameters (see GB/T 14805.5). This segment applies to certificate requests such as credential enrollment and certificate delivery.
USR, Security Function Result
Gives the result of the security function applied to the certificate by the certification authority (see GB/T 14805.5). This segment applies to certificate verification or certificate delivery.
Segment Group 4.USL-SG5
Gives a list of certificates or public keys. This segment group is suitable for grouping certificates with similar status, such as still valid or may be invalid for some reason.
USL Security List Status
Identifies items that are valid, revoked, unknown or suspended. These items can be certificates (such as valid or revoked) or public keys (such as valid or suspended). If the delivery refers to the delivery of a list of more than one certificate or public key, this segment can appear multiple times in the message. Different lists can be identified by list parameters. Segment Group 5: USC-USA-USR
When an asymmetric algorithm is used (see ISO/IEC 14805.5), gives the data required to verify the security method applied to the message/packet. This segment group can be used to deliver a list of keys or certificates with similar status. USC, Certificate
Gives the credentials of the certificate holder and identifies the certification authority that generated the certificate (see ISO/IEC 14805.5). This segment is either used in conjunction with the USA and USR segments for the entire certificate, or can be used to indicate the certificate reference number or key name, in which case the message should be signed using the security header and trailer segment group. USA, Security Algorithm
Identifies the security algorithm and its use, and gives the required technical parameters (see ISO/IEC 14805.5). This segment should be used if it is necessary to indicate the algorithm used in the certificate.
USR, Security Function Result
Gives the result of the security function applied to the certificate by the certification authority (see ISO/IEC 14805.5). If a certificate needs to be signed, this segment should be used.
0180UNT, Message tail
GB/T14805.9—2001
Ends a message, giving the total number of segments in the message and the control reference number. 5.4.2 Data segment index
Message header
Message tail
Security algorithm
Security message relationship
Key management function
Security list status
Security function calculation result
Security reference
5.4.3 Message structure
5.4.3.1 Segment tablebZxz.net
Identifier
Message header
Segment group 1
Security message relationship
Security reference
Segment group 2
Key management function
Security algorithm
Segment group 3
Security algorithm
Security function operation result
Segment group 4
Security list status
Segment group 5
Security algorithm
Security function operation result
Message tail
Maximum number
GB/T14805.92001
Appendix A
(Appendix to the standard)
A1 Certification path: An ordered sequence of object certificates in a list information tree (DIT). The public key of the final object in the path can be obtained through the public key of the starting object in the path.
Appendix B
(Normative Appendix)
Syntax Service Directory
(Segments, Composite Data Elements and Simple Data Elements) B1 Segment Directory
Function:
Position:
Label:
Name:
Status:
Maximum Number:
Indication:
Function of the segment.
The sequential position number of an independent data element or a composite data element in the segment table. The labels of all service segments contained in the segment directory begin with the letter "U", the labels of all service composite data elements begin with the letter "s", and the labels of all service simple data elements begin with the number "0". The English names of segments are expressed in uppercase letters. The English names of composite data elements are expressed in uppercase letters. The English names of independent data elements are expressed in uppercase letters. The English names of component data elements are expressed in lowercase letters. The status of an independent data element or a composite data element in a segment or the status of a component data element in a composite data element (M indicates mandatory, C indicates conditional). The maximum number of times a segment appears in a message structure or an independent data element or a composite data element appears in a segment. The data value of an independent data element or a component data element in a composite data element represents: a
alpha character
numeric character
alphanumeric character
3-digit alphabetic character, fixed length
3-digit numeric character, fixed length
3-digit alphanumeric character, fixed length
up to 3 alphabetic characters
up to 3 numeric characters
up to 3 alphanumeric characters.
B1.2 Dependent annotation identifier
One and only one
All or nothing
One or more
One or nothing
GB/T14805.9—2001
If the first item is present, all are present
If the first item is present, there is at least one item
If the first item is present, all other items are absent
For the definition of dependent annotation identifier, please refer to Article 11.5 of GB/T14805.1—1999. B1.3 Segment index tags in alphabetical order of segment tags
Message header
Message trailer
Security algorithm
Security message relationship
Key management function
Security list status
Security function calculation result
Security reference
B1.4 Segment index tags in alphabetical order of segment English names
B1.5 Segment specification
Key management function
Message header
Message trailer
Security algorithm
Security message relationship
Security reference
Security function calculation result
Security list status
English name
Certificate
Key management function
Message header
Message trailer
Security algorithm
Security message relation
Security references
Security result
Security list status
Note: Only the sections not included in other parts of the GB/T14805 series of standards are defined here. USE
Security message relation
Securitymessagerelation
Function: Describes the relationship with the previous security message, such as the response to a specific request or the request for a specific answer. Position
Identifier
Message relation, code type
Maximum number
Key management function
GB/T14805.9—2001
Key management function
Function: Describes the type of key management function and the status of the corresponding key or certificate. Position
Identifier
Key management function qualifier
List parameter
List parameter qualifier
List parameter
Security status, coded type
Certificate sequence number
Filter function, coded type
Security list status
Security list status
Maximum number
Function: Describe the status of the security object, such as the key or certificate to be delivered in the list and the corresponding list parameter. Position
Identifier
Compound data element directory
B2.1 Description
Position:
Security status, coded type
List parameter
List parameter qualifier
List parameter
The sequential position number of the component data element in the compound data element. Tag:
Name:
Status:
Representation:
Maximum number
The tags of all service composite data elements in the composite data element directory begin with the letter "s", and the tags of all service simple data elements begin with the number "0". The English names of component data elements are represented by lowercase letters. The status of the component data elements in the composite data element (M indicates mandatory type, C indicates conditional type). The data value of the component data element in the composite data element is represented by: a
Description: Description of the composite data element.
Alphabetic characters
Numeric characters
Alphanumeric characters
3 alphanumeric characters, fixed length
3 numeric characters, fixed length
3 alphanumeric characters, fixed length
Up to 3 alphanumeric characters
Up to 3 numeric characters
Up to 3 alphanumeric characters
B2.2 Dependent annotation identifier
One and Only one item
All or nothing
One or more items
One or nothing
GB/T14805.92001
If the first item is present, then all are present
If the first item is present, then at least one item
If the first item is present, then the other items are all absent
For the definition of attribute annotation identifiers, see 11.5 of GB/T14805.1-1999. B2.3 Index of composite data elements arranged in alphabetical order of marking Note: Only composite data elements not included in other parts of the GB/T14805 series of standards are defined here. Tag
List parameter
B2.4 Alphabetical index of composite data elements by name Tag
List parameter
B2.5 Composite data element specification
List parameter
Description: Identification of the requested or delivered list parameter. Position
Identifier
Simple data element directory
B3.1Description
Tag:
Name:
Description:
Represents:
List parameter qualifier
List parameter
English name
List parameter
List parameter
The tags of all service simple data elements in the simple data element catalog begin with the number "0". The name of the simple data element.
Description of the simple data element.
The data value of the simple data element represents:
Note: The comment number of the simple data element.
Alphabetic characters
Numeric characters
Alphanumeric characters
3 alphanumeric characters, fixed length
3 numeric characters, fixed length
3 alphanumeric characters, fixed length
Up to 3 alphanumeric characters
Up to 3 numeric characters
Up to 3 alphanumeric characters
B3.2 Index of simple data elements in alphabetical order of their tags 8
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.