GB/T 14805.6-1999 Application-level syntax rules for electronic data interchange for administration, commerce and transport (Syntax version number: 4) Part 6: Security authentication and confirmation messages (message type AUTACK)
Some standard content:
National Standard of the People's Republic of China
GB/T14805.6—1999
idtISO9735-6:1998
Electronic data interchange for administration, commerce and transport (EDIFACT)-Application level syntax rules (Syntax version number: 4)
Part 6:Secure authentication and acknowledgementmessage(message type AUTACK)
Electronic data interchange for administration, commerce and transport (EDIFACT)-Application level syntax rules (Syntax version number: 4)-Part 6:Secure authentication and acknowledgementmessage(message type AUTACK) type-AUTACK)Published on November 11, 1999
State Administration of Quality and Technical Supervision
Implementation on May 1, 2000
GB/T14805.6—1999
KAoNiKAca-
This standard is equivalent to ISO9735-6:1998 "Application-level syntax rules for electronic data interchange for administration, commerce and transport (Syntax version number: 4) Part 6: Security authentication and confirmation messages (message type is AUTACK)". The GB/T14805 series of standards, under the general title of "Application-level syntax rules for electronic data interchange for administration, commerce and transport (Syntax version number: 4)", includes the following 10 parts: Part 1: Syntax rules common to all parts and a directory of syntax services for each part Part 2: Syntax rules specific to batch electronic data interchange Part 3: Syntax rules specific to interactive electronic data interchange Part 4: Syntax and service report message for batch electronic data interchange (message type is CONTRL) Part 5: Security rules for batch electronic data interchange (authenticity, integrity and non-repudiation of origin) Part 6: Security authentication and confirmation message (message type is AUTACK) Part 7: Security rules for batch electronic data interchange (confidentiality) Part 8: Related data in electronic data interchange Part 9: Key and certificate management message (message type is KEYMAN) Part 10: Security rules for interactive electronic data interchange New parts may be added in the future.
GB/T×××X corresponds to the fourth edition of IS 9735. Its release and implementation do not affect the national standard GB/T14805-1993 formulated in 1993 according to ISO9735:1988. Appendix A of this standard is the appendix of the standard, and Appendix B, Appendix C and Appendix D are the appendices of the suggestion. This standard is proposed by the State Information Office of the People's Republic of China. This standard is under the jurisdiction of the National Technical Committee for Standardization of File Formats and Data Elements and the National Technical Committee for Standardization of Information Technology. The drafting units of this standard are: Standardization Research Institute of the Ministry of Electronics Industry and China Institute of Standardization and Information Classification and Coding. The main drafters of this standard are: Wang Yanzun, Wu Zhigang, Li Ying, Zhang Rongjing, Xu Dongmei, Wang Xin and Yuan Lin. I
GB/T14805.61999
ISO Foreword
ISO (International Organization for Standardization) is a worldwide alliance of national standard organizations (ISO national member bodies). The formulation of international standards is generally completed through ISO technical committees. Each member body interested in a subject of an established technical committee has the right to express its opinion on that technical committee. Any international organization, official or non-official, in liaison with ISO may participate directly in the preparation of international standards. ISO works closely with the IEC (International Electrotechnical Commission) in all fields of electrotechnical standards. Draft international standards formally adopted by the technical committee shall be circulated to the member bodies for voting before being accepted as international standards by the ISO Council. According to ISO's working procedures, the draft standard becomes an international standard only after at least 75% of the member bodies vote in favor.
This fourth edition of the international standard ISO9735 was drafted by the United Nations Economic Commission for Europe Working Group 4 (UN/ECE/WP.4) (as part of UN/EDIFACT) and adopted as an existing standard by ISO/TC154 (Documents and data elements in administration, commerce and industry) through the "fast voting procedure".
ISO/IEC9735 consists of the following parts under the general title of "United Nations application-level syntax rules for electronic data interchange for administration, commerce and transport":
ISO9375-1 Syntax rules common to all parts and directory of syntax services for each part ISO9375-2 Syntax rules specific to batch electronic data interchange ISO9375-3 Syntax rules specific to interactive electronic data interchange ISO9375-4 Syntax and service report message for batch electronic data interchange (message type CONTRL) ISO9375-5 Security rules for batch electronic data interchange (authenticity, integrity and non-repudiation of origin) ISO9375-6 Security authentication and confirmation messages (message type AUTACK) ISO9375-7 Security rules for batch electronic data interchange (confidentiality) ISO9375-8 Related data in electronic data interchange ISO9375-9 Key and certificate management messages (message type KEYMAN) ISO9375-10 Security rules for interactive electronic data interchange New parts may be added in the future.
ISO Introduction
This standard contains application-level rules for structuring data in electronic messages for exchange in an open environment, depending on the needs of batch or interactive processing. The United Nations Economic Commission for Europe (UN/ECE) has agreed on these rules as application-level syntax rules for electronic data interchange for administration, commerce and transport (EDIFACT). These rules are part of the United Nations Trade Data Interchange Directory (UNTDID). UNTDID also contains guidelines for the design of batch and interactive messages. Communication specifications and protocols are outside the scope of this standard. This standard is a new addition to ISO9735. It provides optional functionality for protecting an EDI-FACT structure (i.e., message, package, group or interchange) through a method of securely authenticating and confirming messages. 1
1 Scope
National Standard of the People's Republic of China
Application level syntax rules for electronic data interchange for administration, commerce and transport (Syntax version nuber :4)
Part 6: Secure authentication and acknowledgement message (message type-AUTACK)
Electronic data interchange for administration, commerce and transport (EDIFACT)-Application level syntax fules (Syntax version nuber :4)Part 6:Secure authentication and acknowledgement message (message type-AUTACK) This standard defines the secure authentication and acknowledgement message (message type AUTACK). 2 Conformance
iKANiKAca-
GB/T14805.6—1999
idtISO9735-6:1998
Conformance to a standard means support for all its requirements, including all options. If not all options are supported, any conformance statement shall include a statement identifying those options that are declared to be conformant. Data exchanged are in conformance if their structure and representation conform to the grammatical rules specified in this standard. Devices supporting this standard are in conformance when they can create and/or interpret data whose structure and representation conform to this standard.
Conformance with this standard shall include conformance with GB/T14805.1, GB/T14805.2 and GB/T14805.5. When clauses defined in related standards are identified in this standard, these clauses shall form part of the conformance determination criteria. 3 Definitions
The definitions used in this standard are given in Appendix A of GB/T14805.1-1999 and Appendix A of GB/T14805.5-1999. 4 Rules for the use of security authentication and confirmation messages 4.1 Functional Definition
AUTACK is a message for authenticating a sent exchange, group, message or packet, or for providing security confirmation for a received exchange, group, message or packet.
Security authentication and confirmation messages can be used to:
a) Provide security authentication, integrity or source non-repudiation for messages, packets, groups or exchanges. b) Provide security confirmation of receipt or non-repudiation of receipt for securely processed messages, packets, groups or exchanges. Issued by the State Administration of Quality and Technical Supervision on November 11, 1999 and implemented on May 1, 2000
4.2 Application Fields
GB/T14805.6—1999
Security authentication and confirmation messages are applicable to domestic and international trade. It is widely practiced in the fields of administration, commerce and transportation, without being restricted by the type of business or industry. 4.3 Principles
The security procedures to be applied shall be agreed upon by the trading parties and shall be specified in the exchange agreement. The Security Authentication and Acknowledgement message (AUTACK) implements security services to other EDIFACT structures (including messages, packages, groups, or exchanges) and provides security confirmation of securely processed EDIFACT structures. It can also be applied to combinations of EDIFACT structures between trading parties that require secure processing.
Security services are provided by cryptographic mechanisms applied to the content of the original EDIFACT structure. The results of these cryptographic mechanisms form the body of the AUTACK message, which is supplemented by relevant data such as a reference to the encryption method used, a reference number of the EDIFACT structure, and the date and time of the original structure.
The AUTACK message shall use a standard set of security headers and security trailers. The AUTACK message applies to one or more messages, packages, or groups in one or more exchanges, or to one or more exchanges.
4.3.1 Use of AUTACK for Authentication
AUTACK messages used as authentication messages shall be sent by the sender of one or more other EDIFACT structures or by a party authorized to act on behalf of the sender. The purpose is to facilitate the security services defined in ISO/IEC 14805.5, namely authenticity, integrity and non-repudiation of origin of the associated EDIFACT structure. AUTACK authentication messages can be implemented in two ways. The first is to transmit a hash value of the referenced EDIFACT structure that has been securely processed by the AUTACK itself, and the second is to use the AUTACK to transmit only the digital signature of the referenced EDIFACT structure.
4.3.1.1 Authentication using a hash value of a referenced EDIFACT structure A securely processed EDIFACT structure shall be referenced when a USX segment (Secure Reference) is present. For each USX there shall be at least one corresponding USY segment (Secure Reference) present, which shall contain the security result of the security function performed on the referenced EDIFACT structure, such as a hash value.
Details of the security functions implemented will be contained in the security header set of this AUTACK. The USY and USH segments used for the referenced EDIFACT structure will be linked using the data element security reference in both segments. As a final step, all information transmitted in the AUTACK will be secured using at least one pair of the security header set and the security trailer set.
Note: The AUTACK uses USX segments to reference one or more messages, packets or groups in one or more exchanges, or to reference a complete exchange. For each USX segment, the corresponding USY segment contains the hash result, authentication and non-repudiation methods applied to the referenced EDIFACT structure. 4.3.1.2 Authentication Using Digital Signatures of Referenced EDIFACT Structures The secured EDIFACT structure shall be referenced when a USX segment (Security Reference) is present. For each USX segment, at least one corresponding USY segment (Reference Security) shall be present and contain the digital signature of the referenced EDIFACT structure. Details of the security functions performed shall be included in this AUTACK security header segment group. Since a single referenced EDIFACT structure may be securely processed multiple times, the associated USY segments and security header segments shall be linked by using the data element security control reference number in both segments.
If the digital signature of the referenced EDIFACT structure is included in the AUTACK (rather than a hash value), the AUTACK message itself does not need to be securely processed. 4.3.2 Use of AUTACK for Confirmation Function
Usage as Confirmation Message The AUTACK message shall be sent by a recipient who has received one or more securely processed EDIFACT structures, or by a party authorized to act on behalf of the recipient. Its purpose is to simplify the implementation of confirmation of receipt, confirmation of content integrity, confirmation of integrity, and non-repudiation of receipt of the associated EDIFACT structures. 2
GB/T14805.6—1999
KANiKAca-
The confirmation function is only applicable to securely processed EDIFACT structures. This secured ECT structure shall be referenced when a USX segment (security reference) appears. For each USX, at least one corresponding USY segment shall appear. The USY segment shall contain either a hash value or a digital signature of the referenced EDIFACT structure. The USY segment shall be linked to the security header segment group of the referenced EDIFACT structure or to the security header segment group of the AUTACK message that secures the EDIFACT structure using the data element security reference number. The security header corresponding to the referenced EDIFACT structure contains details of the security functions performed on the referenced EDIFACT structure by the sender of the original message. As the final step in generating an acknowledgement message, all information transmitted in the AUTACK shall be secured by at least one pair of security header segment group and security trailer segment group.
AUTACK is also used for non-acknowledgement functions when security verification fails. NOTE: Security acknowledgement is only meaningful for secured EDIFACT structures. Security of EDIFACT structures is achieved by integrated security segment groups (see ISO/IEC 14805.5) or by AUTACK authentication. To avoid an infinite loop, an AUTACK used for confirmation functions shall not require its recipient to send back an AUTACK confirmation message. 4.4 Message Definition
4.4.1 Data Segment Description
UNH, Message Header
Starts and uniquely identifies the service segment of the message. The message type code for security authentication and confirmation messages is AUTACK. The data element message type sub-function identifier is used to indicate the usage of the AUTACK function, such as authentication, confirmation, or rejection of confirmation.
Note: Messages conforming to this standard must contain the following data in the UNH segment and the composite data element S009: Data element
AUTACK
Segment Group 1: USH-USA-SG2 (Security Header Segment Group) This segment group identifies the security service and security mechanism used and contains the data required to perform the confirmation calculation (see the definition in GB/T 14805.5).
This segment group should specify the security service and algorithm applied to the AUTACK message or the referenced EDIFACT structure. Each security header segment group shall be linked to a security trailer segment group, and some security header segment groups may additionally be linked to USY segments.
USH, Security Header
This segment specifies the security services (as defined in IEC 614805.5) that are applied to the message/packet containing this segment, or to the referenced EDIFACT structure.
The Security Services data element shall specify the security services applied to the AUTACK message or referenced EDIFACT structure: - The message origin authentication and source non-repudiation security services apply only to the AUTACK message itself. - The referenced EDIFACT structure integrity, referenced EDIFACT structure origin authentication, and referenced EDIFACT structure source non-repudiation security services may only be used by the sender to securely process the EDIFACT structure referenced by the AUTACK.
- The receipt authentication and receipt non-repudiation security services may only be used by the receiver of the securely processed EDIFACT structure to securely process the acknowledgment.
The security application scope of the security service should be described in accordance with the relevant provisions of GB/T14805.4. In an AUTACK message, four security application scopes are allowed: 1. The first two scopes are defined in GB/T14805.5. 3
GB/T14805.6—1999
A third scope includes the entire EDIFACT structure, where the security application scope starts from the first character of the referenced message, package, group or exchange (i.e., \U") to the last character of the message, package, group or exchange. The fourth scope is user-defined, that is, the security application is defined in the agreement between the sender and the receiver. USA, Security Algorithm
This paragraph identifies the security algorithm and the technical usage generated by the algorithm, and contains the required technical parameters (see GB/T 1485.5 definition).
Segment Group 2: USC-USA-USR (Certificate Segment Group) When an asymmetric algorithm is used, this segment group contains the data required to verify the security method applied to the message/packet (see GB/T 14805.5 definition).
USC, Certificate
This section contains the credentials of the certificate holder and identifies the certification authority that generated the certificate (see GB/T 14805.5 definition). USA, Security Algorithm
This section identifies the security algorithm and the technical usage resulting from the algorithm and contains the required technical parameters (see GB/T 14805.5 definition).
USR, Security Result
This section contains the result of the security function applied by the certification authority to the certificate (see GB/T 14805.5 definition). USB, Securely Processed Data Identification
This section shall contain the identification of the sender and receiver of the exchange and the timing associated with the security of this AUTACK. The AUTACK message is sent between two AUTACK packets and it should specify whether a security confirmation is required from the recipient of this AUTACK message. If required, the sender of this message will expect an AUTACK confirmation message to be sent back by the recipient of the message. The sender of the exchange and the recipient of the exchange in the USB should refer to the sender and recipient of the exchange in which the AUTACK appears in order to ensure the security of this information. Segment Group 3: USX-USY
This segment group is used to identify the referenced party in the security process and provide security information about the referenced EDIFACT structure. USX, Security Reference
This segment should contain a reference to the participants involved in the security process! The composite data element security date and time can contain the initial of the referenced EDIFACT structure. Date and time of creation. If only data element 0020 is present, but 0048, 0062, and 0800 are not, the entire exchange is referenced. If data elements 0020 and 0048 are present, but 0062 and 0800 are not, the group is referenced. USY, Security of Reference
This segment contains a link to a security header group and the result of applying the security services specified in the linked security header group to the referenced EDIFACT structure.
Multiple USY segments may be linked to the same security header when multiple referenced EDIFACT structures are securely processed by the same security services and using the same security parameters. In this case, the link value between the security header group and the associated multiple USYs shall be the same. When AUTACK is used for an acknowledgment function, the corresponding security header group shall be that of the referenced EDIFACT structure, or that of the AUTACK message used to provide authentication to the referenced EDIFACT structure.
The value of data element 0534 in a USY segment shall be identical to the value of data element 0534 in the corresponding USH segment in either of the following two cases:
If authentication is used, the current AUTACK (security services: authenticity of the referenced EDIFACT structure, integrity of the referenced EDIFACT structure, or non-repudiation of origin of the referenced EDIFACT structure). - If confirmation is used, the referenced EDIFACT structure itself, or the AUTACK message providing authentication to the referenced EDIFACT structure (security services: non-repudiation of receipt, or authentication of receipt). 0130
GB/T14805.6—1999
Segment Group 4: UST-USR (Security Trailer Segment Group) -KAoNiKAca-
This segment group contains the link to the security header segment group and the results of the security functions applied to the message/packet (see GB/T14805.5 for definition).
If the Security Trailer Segment Group is linked to a Security Header Segment Group associated with a referenced EDIFACT structure, the USR segment may be omitted. In this case, the corresponding security function results shall be found in the USY segment linked to the corresponding Security Header Segment Group.
UST, Security Trailer
This segment establishes a link between the Security Header Segment Group and the Security Trailer Segment Group and specifies the number of security segments contained in these groups (as defined in ISO 14805.5).
USR, Security Result
This segment contains the results of the security functions applied to the message/packet. These security functions are defined in the linked Security Header Segment Group (as defined in ISO 14805.5). In this segment, the security results shall apply to the AUTACK message itself.
UNT, Message Trailer
This service segment terminates a
message and gives the total number of segments and the control reference number of the message. 4.4.2 Message Structure
4.4.2.1 Segment Table
Message Header
Segment Group 1
Security Header
Security Algorithm
Segment Group 2
Security Algorithm
Security Result
Security Processed Data Identifier
Segment Group 3
Security Reference
Referenced Security
Segment Group 4
Security Tail
Security Result
Message Tail
Note: The message body of the AUTACK message consists of the USB segment and segment group 3. Maximum Number of Times
A1 Segment Directory
A1.1 Segment Specification:
Maximum Number of Times
Function of the segment.
GB/T14805.6—1999
Appendix A
(Appendix to the standard)
Syntax Service Directorybzxz.net
(Segments, compound data elements and simple data elements) The sequential position number of the independent data element or compound data element in the segment table. The labels of all service segments in the segment directory begin with the letter "U". The labels of all service compound data elements begin with the letter "S", and the labels of all service simple data elements begin with the number "0". The English names of compound data elements are expressed in uppercase letters, the names of independent data elements are expressed in uppercase letters, and the English names of component data elements are expressed in lowercase letters. The status of the independent data element or compound data element in the segment (M indicates mandatory type, C indicates conditional type), or the status of the component data element in the compound data element.
The maximum number of times an independent data element or component data element appears in a segment. The data value of an independent data element or component data element in a compound data element represents: a
A1.2 Dependent Sexual annotation identifier
alpha characters,
numeric characters,
alphanumeric characters;
3 alphabetic characters, fixed length,
3 alphabetic characters, fixed length,
3 alphanumeric characters, fixed length;
up to 3 alphabetic characters;
up to 3 numeric characters;
up to 3 alphanumeric characters.
One and only
all or nothing
One or more
One or nothing
If the first item is, then all
If the first item is present, then at least one item exists
If the first item is present, then all other items are absent
For the definition of attribute annotation identifiers, see 11.5 of GB/T14805.1—1999. A1.3 Segment index tags arranged in alphabetical order by segment tags
Message header
Message trailer
Security algorithm USB
GB/T14805.6—1999
Security-processed data Identification (Secured data identification) Certificate (Certificate) || tt || Security header (Security header) || tt || Security result (Security result) || tt || Security trailer (Security trailer) || tt || Security references (Security references) Security on references (Security on references) A1.4 Segment index tags arranged in alphabetical order of English names || tt || A1.5 Segment Specifications
Certificate
Message Header
Message Trailer
Secured Data IdentificationSecurity AlgorithmSecurity Header
Security on ReferencesSecurity ReferencesSecurity Result
Security Trailer
Note: Only segments not defined in other parts of GB/T 14805 are included here. 3 Secured Data Identification
Function: Contains details related to AUTACK. Location
Response type, coded
Secure date and time
Date and time qualifier
Event date
Event time
Interchange sender
Interchange sender identification
Identification code qualifier
Interchange sender internal identification
Interchange sender internal sub-identifier
Interchange receiver
Interchange receiver identification
Identification code qualifier
Interchange receiver internal identification
Maximum number
KANiKAca-
GB/T14805.6—1999
Interchange receiver internal sub-identifier
Security reference
Function: Reference to the securely processed EDIFACT structure and its related date and time. Location
Exchange Control Reference
Exchange Sender
Exchange Sender Identity
Identification Code Qualifier
Exchange Sender Internal Identity
Exchange Sender Internal Sub-Identifier
Exchange Receiver
Exchange Receiver Identity
Identification Code Qualifier
Exchange Receiver Internal Identity
Exchange Receiver Internal Sub-Identifier
Segment Group Reference Number
Application Sender Identity
Application Sender Identity
Identification Code Qualifier
Application Receiver Identity
Application Receiver Identity
Identification Code Qualifier
Message Reference Number
Message Identifier
Message type
Message version number
Message release number
Administrative agency, code type
Agency-assigned code
Code list directory version number
Message type sub-function identifier
Package reference number
Security date and time
Maximum number
Attribute note:
Date and time qualifier
Event date
Event time
1D5(050,040)
2D1(070,090)
3D5(060,040)
GB/T14805.6—1999
If the first item is present, all are present.
There is one and only one item.
If the first item is present, all are present.
(080,
Referenced Security
070)
Function: Identifies the applicable header and contains the security result and/or reference value indicating the cause of the security error. Position
Security Reference Number
Confirmation Result
Confirmation Value Qualifier
Confirmation Value
Security Error, Code Type
Compound Data Element Directory
Undefined compound data element.
Simple Data Element Directory
020,
Maximum Number
A3.1 Simple Data Element Specification
The tags of all service simple data elements in the simple data element directory begin with the digit "0". Name
The name of the simple data element.
Description of the simple data element.
Data value representation of a simple data element:
Note: Simple data element note number.
Alphabetic characters,
Digital characters;
Alphanumeric characters;
3-digit alphabetic characters, fixed length,
3-digit numeric characters, fixed length,
2-digit alphanumeric characters, fixed length,
Up to 3 alphabetic characters;
Up to 3 numeric characters;
Up to 3 alphanumeric characters.
Simple data element index arranged by tag
KANiKAca-
All are available.6—1999
If the first item is present, all are present.
There is one and only one item.
If the first item is present, all are present.
(080,
Referenced Security
070)
Function: Identifies the applicable header and contains the security result and/or reference value indicating the cause of the security error. Position
Security Reference Number
Confirmation Result
Confirmation Value Qualifier
Confirmation Value
Security Error, Code Type
Compound Data Element Directory
Undefined compound data element.
Simple Data Element Directory
020,
Maximum Number
A3.1 Simple Data Element Specification
The tags of all service simple data elements in the simple data element directory begin with the digit "0". Name
Name of the simple data element.
Description of the simple data element.
Data value of the simple data element is represented by:
Note: Simple data element note number.
Alphabetic characters,
Digital characters;
Alphanumeric characters;
3 alphanumeric characters, fixed length,
3 numeric characters, fixed length,
2 alphanumeric characters, fixed length,
Up to 3 alphabetic characters;
Up to 3 numeric characters;
Up to 3 alphanumeric characters.
Index of simple data elements arranged by tag
KANiKAca-
All.6—1999
If the first item is present, all are present.
There is one and only one item.
If the first item is present, all are present.
(080,
Referenced Security
070)
Function: Identifies the applicable header and contains the security result and/or reference value indicating the cause of the security error. Position
Security Reference Number
Confirmation Result
Confirmation Value Qualifier
Confirmation Value
Security Error, Code Type
Compound Data Element Directory
Undefined compound data element.
Simple Data Element Directory
020,
Maximum Number
A3.1 Simple Data Element Specification
The tags of all service simple data elements in the simple data element directory begin with the digit "0". Name
Name of the simple data element.
Description of the simple data element.
Data value of the simple data element is represented by:
Note: Simple data element note number.
Alphabetic characters,
Digital characters;
Alphanumeric characters;
3 alphanumeric characters, fixed length,
3 numeric characters, fixed length,
2 alphanumeric characters, fixed length,
Up to 3 alphabetic characters;
Up to 3 numeric characters;
Up to 3 alphanumeric characters.
Index of simple data elements arranged by tag
KANiKAca-
All.
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.