KS X ISO 15782-1-2007 Certificate management for financial services－Part 1：Public key certificates《金融业务的证书管理 第1部分 公共密钥证书》.pdf

1、 KS X ISO 157821 KSKSKSKS SKSKSKS KSKSKS SKSKS KSKS SKS KS 1： KS X ISO 157821 : 2007 (2012 ) 2007 9 3 http:/www.kats.go.krKS X ISO 157821：2007 : e- ( ) ( ) () () ( ) : () (WG1 ) (WG2 ) (WG3 ) (WG4 ) (WG5 ) JS ( ) STG KS X ISO 157821：2007 : (http:/www.standard.go.kr) ： ：2007 9 3 ：2012 12 28 2012-0863

2、 ： e- ： e- ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO 157821：2007 i e . KS X ISO 157821：2007 . A() ASN.1 B() C() 3 D() E() F() G() H() I() J() K() KS X ISO 15782 “ ” . 1： 2： . KS X ISO 157821 : 2007 (2012 ) 1： Certificate management for financial services Part 1 ：Public key certificate

3、s 2003 1 ISO 157821, Certificate management for financial services Part 1：Public key certificates , . ISO IEC . ISO IEC , . ISO IEC . , ISO IEC . . ISO/IEC JTC 1/SC 27 Standing Document 8(SD 8) “ ” SD 8 http:/www.ni.din.de/sc27 . . ISO IEC . 1 . , (： , ). KS X ISO 157821：2007 2 . . , . ISO/IEC 95948

4、, ITUT Recommendation X.509 . ( X.500 ) A ASN.1 . 2 . ( ) . ( ) ( .) . ISO/IEC 88241 |ITUT Recommendation X.680(1997), Information technologyAbstract Syntax Notation One(ASN.1), Specification of basic notationPart 1 ISO/IEC 88242 ： 1998 |ITUT Recommendation X.681(1997), Information technologyAbstrac

5、t Syntax Notation One(ASN.1)：Information object specificationPart 2 ISO/IEC 88243 |ITUT Recommendations X.682(1997), Information technologyAbstract Syntax Notation One(ASN.1)：Constraint specificationPart 3 ISO/IEC 88244 |ITUT Recommendation X.683(1997), Information technologyAbstract Syntax Notation

6、 One(ASN.1)：Parameterization of ASN.1 specificationsPart 4 ISO/IEC 88251 |ITUT Recommendation X.690(1997), Information technologyANS.1 encoding rules：Specification of Basic Encoding Rules(BER), Canonical Encoding Rules(CER) and Distinguished Encoding Rules(DER)Part 1 ISO/IEC 88252 |ITUT Recommendati

7、on X.691(1997), Information technologyANS.1 encoding rules：Specification of Packed Encoding Rules(PER)Part 2 ISO/IEC 95942 |ITUT Recommendation X.501(1997), Information technologyOpen Systems InterconnectionThe Directory：ModelsPart 2 ISO/IEC 95946 |ITUT Recommendation X.520(1997), Information techno

8、logyOpen Systems InterconnectionThe Directory：Selected attribute typesPart 6 ISO/IEC 95948 |ITUT Recommendation X.509(1997), Information technologyOpen Systems InterconnectionThe Directory：Publickey and attribute certificate frameworksPart 8 ISO 9807：1991 |Banking and related financial servicesRequi

9、rements for message authentication(retail) ISO/IEC 98341 |ITUT Recommendation X.660(1997), Information technologyOpen Systems InterconnectionProcedures for the operation of OSI Registration Authorities：General proceduresPart 1 ISO/IEC 15408(all parts), Common Criteria for Information Security Evalua

10、tion ISO 157822：2001, BankingCertificate ManagementPart 2：Certificate extensions ANS X9.301, Public Key Cryptography Using Irreversible Algorithms for the Financial Services Industry, KS X ISO 157821：2007 3 Part 1：The Digital Signature Algorithm(DSA) ANS X9.311, Public Key Cryptography Using Reversi

11、ble Algorithms for the Financial Services Industry, Part 1：The RSA Signature Algorithm ANS X9.62, Public Key Cryptography For The Financial Services Industry：The Elliptic Curve Digital Signature Algorithm(ECDSA) 3 . 3.1 ASN.1 (ASN.1 module) ASN.1 3.2 (attribute) 3.3 (audit journal) , 3.4 (authorizat

12、ion) 3.5 (CAcertificate) (CA) 3.6 () (certificate) hold) 3.7 (certificate informtion) 3.8 (certificate policy) / . 1 ( ) . KS X ISO 157821：2007 4 X.509 3 . . 2 X.509 3 . , , . , . ( ) ( ) . 3.9 (certificate policy framework) . 3.10 (certificate request data credentials) , 3.11 (certificate revocatio

13、n list CRL) 3.12 (certificate-using system) 3.13 (certification) 3.14 (certification authority CA) , , 3.15 (certification authority system) CA . KS X ISO 157821：2007 5 3.16 (certification path) 3.17 (certification practice statement CPS) 3.18 (compromise) 3.19 (confidentiality) , 3.20 CRL (CRL dist

14、ribution point) CRLs CRL CRL CA CA . 3.21 (cross certification) (policy mapping)(3.48) 3.22 () (cryptographic) key) . 3.23 (cryptographic module) (：, , ) 3.24 (cryptography) , , , 3.25 (cryptoperiod) KS X ISO 157821：2007 6 3.26 (data integrity) 3.27 (deltaCRL) CRL CRL 3.28 () (digital) signature) ,

15、(signer nonrepudiation) 3.29 (directory repository) CRL X.500 3.30 (distinguished name) 1 . 2 . 3.31 (dual control) , , ( ) 1 . (：). 2 , , , , , . . 3.32 (end certificate) 3.33 (end entity) , CA , 3.34 (entity) (：, , ) KS X ISO 157821：2007 7 C, RA 3.35 (financial message) 3.36 (hash) ( ) () ( ) . .

16、3.37 (key agreement) DiffieHellman 3.38 (key fragment) ( ) 3.39 (key management) , , , 3.40 (key pair) 3.41 (keying material) , , 3.42 (keying relationship) 3.43 (message) 3.44 (non-repudiation) KS X ISO 157821：2007 8 . (, , , ) 3.45 (optional) . ASN.1 “ OPTIONAL” . 3.46 (outofband notification) 3.4

17、7 (policy mapping) CA CA , ( ) 3.48 (qualifier) X.509 3.49 (private key) 3.50 (public key) 3.51 (public key certificate) ( ) 3.52 (public key validation PKV) 1 / 2 (, , ), . (：ANS X9.62) . 3.53 (registration authority RA) . CA . KS X ISO 157821：2007 9 RA , . 3.54 (relying party user) 3.55 (split kno

18、wledge) 3.56 (subject) 3.57 CA (subjct CA) CA CA 3.58 CA (trusted CA public key) ( G ) CA CA , 3.59 (zerorize) , 4 ASN.1 Abstract syntax notation one( 1) BER Basic encoding rules( ) CA Certification authority( ) CPS Certification practice statement( ) CRL Certificate revocation list( ) DER Distingui

19、shed encoding rules( ) DSA Digital signature algorithm( ) ECDSA Elliptic curve digital signature algorithm( ) ITUT International Telecommunication Union telecommunications standardization sector PKI Public key infrastructure( ) RA Registration authority( ) RSA Rivest Shamir Adleman algorithm KS X IS

20、O 157821：2007 10 SHA1 Secure hash algorithm1( 1) URI Uniform resource identifier( ) Xinformation Singining of “information” by X Xp Xs public key(e.g. X1p is X1s public key) Xs Xs private key X1X2 X2s certificate issued by the CA, X1 X1X2X2X3 Xn1Xn . CA . X1Xn . X1p Xn . X1p.X1X2 . CA(X1) (X1X2) . X

21、2p . 1 , X.509 . 2 CertReqData CRLEntry , ISO/IEC 88244 ISO/IEC 88251 ISO/IEC 88252 ISO/IEC 88241 , (ASN.1) . , ASN.1 . 5 5.1 (PKI) , . . . , . ( ) ( ) . . . . X.509(1997) . 5.2 , . KS X ISO 157821：2007 11 1 . 5.3 (CA) CA / . CA . CA . . CA . CA . . 6.3.1, H, ISO 95948 . , . . CA . CA , , , . . . , CA “ root” CA . CA . CA CA , . CA CA . CA .