《ANSI-ISO-IEC-18014-2-2002.pdf》由会员分享,可在线阅读,更多相关《ANSI-ISO-IEC-18014-2-2002.pdf(36页珍藏版)》请在三一文库上搜索。
1、 Reference number ISO/IEC 18014-2:2002(E) ISO/IEC 2002 INTERNATIONAL STANDARD ISO/IEC 18014-2 First edition 2002-12-15 Information technology Security techniques Time-stamping services Part 2: Mechanisms producing independent tokens Technologies de linformation Techniques de scurit Services dhorodat
2、age Partie 2: Mcanismes produisant des jetons indpendants Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard.Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard. Date of ANSI
3、Approval: 7/7/2003 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2003 by Information Technology Industry Council (ITI). All rights reserved. These materials are subject to copyright claims of International Standardization Organization (IS
4、O), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any form, including an electronic retrieval system, without the prior written permiss
5、ion of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/996103
6、1100 Not for Resale, 05/08/2007 21:10:31 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 18014-2:2002(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edit
7、ed unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a tr
8、ademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bod
9、ies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 2002 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mech
10、anical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.is
11、o.org Published in Switzerland ii ISO/IEC 2002 All rights reserved Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 21:10:31 MDTNo reproduction or networking permitted without lice
12、nse from IHS -,-,- ISO/IEC 18014-2:2002(E) ISO/IEC 2002 All rights reserved iii Contents Foreword.iv Introduction .v 1Scope.1 2Normative References.1 3Terms and Definitions .2 4General Discussion3 5Entities of the Time-Stamping Process.4 6Message Formats.4 6.1Object Identifiers6 6.2Extension fields6
13、 6.2.1ExtHash extension.6 6.2.2ExtMethod extension.6 6.2.3ExtRenewal extension.7 7Time-stamps using digital signatures .7 7.1TSA response.8 7.2Token verification 9 8Time-stamps using message authentication codes.10 8.1TSA response.10 8.2MAC generation12 8.3MAC verification.12 8.4Token verification 1
14、2 9Time-stamps using archiving.13 9.1TSA response.13 9.2Token verification 13 Annex A (normative) ASN.1 Module for time-stamping .15 Annex B (informative) Data Structures25 Bibliography 28 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repai
15、r Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 21:10:31 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 18014-2:2002(E) iv ISO/IEC 2002 All rights reserved Foreword ISO (the International Organization for Standardization) and IEC (the International Electr
16、otechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technic
17、al activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technica
18、l committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circu
19、lated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. ISO/IEC 18014-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. ISO/IEC
20、 18014 consists of the following parts, under the general title Information technology Security techniques Time-stamping services: Part 1: Framework Part 2: Mechanisms producing independent tokens Part 3: Mechanisms producing linked tokens Further parts may follow. Copyright American National Standa
21、rds Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 21:10:31 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 18014-2:2002(E) ISO/IEC 2002 All rights reserved v Introduction The Intern
22、ational Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) draw attention to the fact that it is claimed that compliance with this International Standard may involve the use of patents. The ISO and IEC take no position concerning the evidence, validity and sco
23、pe of this patent right. The holder of this patent right has assured the ISO and IEC that he is willing to negotiate licences under reasonable and non-discriminatory terms and conditions with applicants throughout the world. In this respect, the statement of the holder of this patent right is regist
24、ered with the ISO and IEC. Information may be obtained from: ISO/IEC JTC 1/SC 27 Standing Document 8 (SD 8) “Patent Information“ SD 8 is publicly available at: http:/www.din.de/ni/sc27 Attention is drawn to the possibility that some of the elements of this International Standard may be the subject o
25、f patent rights other than those identified above. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05
26、/08/2007 21:10:31 MDTNo reproduction or networking permitted without license from IHS -,-,- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 21:10:31 MDTNo reproduction or networki
27、ng permitted without license from IHS -,-,- Information technology Security techniques Time-stamping services Part 2: Mechanisms producing independent tokens 1 Scope A time-stamping service provides evidence that a data item existed before a certain point in time. Time-stamp services produce time-st
28、amp tokens, which are data structures containing a verifiable cryptographic binding between a data items representation and a time-value. This part of ISO/IEC 18014 defines time-stamping mechanisms that produce independent tokens, which can be verified one by one. 2 Normative References ISO 7498-2:
29、1989, Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture ISO/IEC 8824-1: 1998 | ITU-T Recommendation X.680 (1997), Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation ISO/IEC 8824-2: 1998 | ITU-T Re
30、commendation X.681 (1997), Information technology Abstract Syntax Notation One (ASN.1): Information object specification ISO/IEC 8824-3: 1998 | ITU-T Recommendation X.682 (1997), Information technology Abstract Syntax Notation One (ASN.1): Constraint specification ISO/IEC 8824-4: 1998 | ITU-T Recomm
31、endation X.683 (1997), Information technology Abstract Syntax Notation One (ASN.1): Parameterisation of ASN.1 specifications ISO/IEC 8825-1: 1998 | ITU-T Recommendation X.690 (1997), Information technology ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (C
32、ER) and Distinguished Encoding Rules (DER) ISO/IEC 9594-8: 2001 | ITU-T Recommendation X.509 (2000), Information technology Open Systems Interconnection The Directory: Public key and attribute certificate frameworks ISO/IEC TR 14516: 2002 | ITU-T Recommendation X.842 (2000), Information technology G
33、uidelines for the use and management of Trusted Third Party services ISO/IEC 9798-1: 1997, Information technology Security techniques Entity authentication Part 1: General ISO/IEC 10181-2: 1996, Information technology Open Systems Interconnection Security frameworks for open systems: Authentication
34、framework ISO/IEC 11770-1: 1996, Information technology Security techniques Key management Part 1: Framework ISO/IEC 11770-3: 1999, Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques ISO/IEC 13888-1: 1997, Information technology Security techniqu
35、es Non-repudiation Part 1: General ISO/IEC 14888 (all parts), Information technology Security techniques Digital signatures with appendix ISO/IEC 2002 All rights reserved 1 The following referenced documents are indispensable for the application of this document. For dated references, only the editi
36、on cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. INTERNATIONAL STANDARD ISO/IEC 18014-2:2002(E) Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuk
37、a/9961031100 Not for Resale, 05/08/2007 21:10:31 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 18014-1: 2002, Information technology Security techniques Time-stamping services Part 1: Framework 3 Terms and Definitions The following terms are used as defined in ISO
38、/IEC 7498-2: Cryptography: the discipline that embodies principles, means, and methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorized use. Data integrity: the property that data has not been altered or dest
39、royed in an unauthorized manner. Data origin authentication: the corroboration that the source of data received is as claimed. Digital signature: data appended to, or a cryptographic transformation (see cryptography) of, a data unit that allows a recipient of the data unit to prove the source and in
40、tegrity of the data unit and protect against forgery e.g. by the recipient. The following term is used as defined in ISO/IEC 8825-1: Distinguished Encoding Rules (DER): encoding rules that may be applied to values of types defined using the ASN.1 notation. Application of these encoding rules produce
41、s a transfer syntax for such values. It is implicit that the same rules are also to be used for decoding. The DER is more suitable if the encoded value is small enough to fit into the available memory and there is a need to rapidly skip over some nested values. The following term is used as defined
42、in ISO/IEC 9594-8: Certification path: an ordered sequence of certificates of objects in the DIT (directory information tree) which, together with the public key of the initial object in the path, can be processed to obtain that of the final object in the path. The following terms are used as define
43、d in ISO/IEC 9798-1: Asymmetric key pair: a pair of related keys where the private key defines the private transformation and the public key defines the public transformation. Asymmetric signature system: a system based on asymmetric techniques whose private transformation is used for signing and wh
44、ose public transformation is used for verification. The following term is used as defined in ISO/IEC 10181-2: Authentication: the provision of assurance of the claimed identity of an entity. The following term is used as defined in ISO/IEC 11770-1: Certification authority (CA): a centre trusted to c
45、reate and assign public key certificates. Optionally, the certification authority may create and assign keys to the entities. The following terms are used as defined in ISO/IEC 13888-1: Message Authentication Code (MAC): a data item derived from a message using symmetric cryptographic techniques and
46、 a secret key. It is used to check the integrity and origin of a message by any entity holding the secret key. Private key: that key of an entitys asymmetric key pair that is usable only by that entity. In the case of an asymmetric signature system, the private key and the associated algorithms defi
47、ne the signature transformation. ISO/IEC 18014-2:2002(E) 2 ISO/IEC 2002 All rights reserved Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 21:10:31 MDTNo reproduction or networki
48、ng permitted without license from IHS -,-,- Public key: the key of an entitys asymmetric key pair that can be made public. In the case of an asymmetric signature system, the public key and the associated algorithms define the verification transformation. Public key certificate: a security certificate which binds unforgeably the public key of an entity to the entitys distinguishing identifier, and which indicates the validity o