KS X ISO IEC 15945-2007 Information technology－Security techniques－Specification of TTP services to support the application of digital signatures《信息技术 安全技术 支持数字签名应用的TTP服务规范》.pdf

1、 KS X ISO/IEC 15945 KSKSKSKS SKSKSKS KSKSKS SKSKS KSKS SKS KS TTP KS X ISO/IEC 15945 ：2007 (2012 ) 2007 10 29 http:/www.kats.go.krKS X ISO/IEC 15945：2007 : e- ( ) ( ) () () ( ) : () ( ) () () JS KS X ISO/IEC 15945：2007 : (http:/www.standard.go.kr) ： ：2002 11 26 ：2007 10 29 ：2012 12 31 ： e 2012-0848

2、： e ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO/IEC 15945：2007 (2012 ) TTP Information technologySecurity techniquesSpecification of TTP services to support the application of digital signatures 2002 1 ISO/IEC 15945, Information technologySecurity techniques Specification of TTP service

3、s to support the application of digital signatures , . , . . , . , (手記) . . . . , , TTP . , TTP . , . TTP , TTP . TTP . TTP . , . . KS X ISO/IEC 15945：2007 2 1 TTP . TTP . TTP . . TTP , , . ITU Rec X.842|ISO/IEC TR 14516, Information technology - security techniques guidelines on the uses and manage

4、ment of Trusted Third Party Services . 1 , . 1) TTP , TTP . 2) . 3) . . . 2 RFC2510 RFC2511 ( ), RFC2560(OCSP ) . PKCS#10 . C . 3 SET EDIFACT TTP . . 4 . , , ( ) . , TTP TTP . . 2 . . , , . , . KS X ISO/IEC 15945：2007 3 . . ISO IEC . ITU (the Telecommunication Standardization Bureau) ITUT . 2.1 ITUT

5、 X.501(1997) | ISO/IEC 95942：1998, Information technologyOpen Systems Interconnection The Directory：Models ITUT X.509(2000) | ISO/IEC 95948：2001, Information technologyOpen Systems InterconnectionThe Directory：Public-key and attribute certificate frameworks(KS X ISO/IEC 9594 8 ) ITUT X.520(1997) | I

6、SO/IEC 95946：1998, Information technologyOpen Systems InterconnectionThe Directory：Selected attribute types ITUT X.680(1997) | ISO/IEC 88241：1998, Information technologyAbstract Syntax Notation One(ASN.1)：Information of basic notation(KS X ISO/ IEC 88241 ) ITUT X.681(1997) | ISO/IEC 88242：1998, Info

7、rmation technologyAbstract Syntax Notation One(ASN.1)：Information object specification ITUT X.682(1997) | ISO/IEC 88243：1998, Information technologyAbstract Syntax Notation One (ASN.1)：Constraint specification ITUT X.683(1997) | ISO/IEC 88244：1998, Information technologyAbstract Syntax Notation One(

8、ASN.1)：Parameterization of ASN.1 specifications(KS X ISO/ IEC 88244 ) ITUT X.690(1997) | ISO/IEC 88251：1998, Information technologyASN.1 encoding Rules：Specification of Basic Encoding Rules(BER), Canonical Encoding Rules(CER) and Distinguished Encoding Rules(DER)(KS X ISO/ IEC 88251 ) ITUT X.810(199

9、5) | ISO/IEC 101811：1996, Information technologyOpen Systems Interconnection. Security frameworks for open systems：Overview(KS X ISO/ IEC 101811 ) ITUT X.813(1996) | ISO/IEC 101814：1997, Information technologyOpen Systems Interconnection. Security frameworks for open systems: Non-repudiation framewo

10、rk(KS X ISO/IEC 101814 ) 2.2 ISO/IEC 97962, Information technology. Security techniquesDigital signatures giving message recoveryPart 2：Mechanisms using a hash-function, 1997(KS X ISO/IEC 97962 ) ISO/IEC 97963, Information technology. Security techniquesDigital signatures giving message recoveryPart

11、 3：Discrete logarithm based Mechanisms, 1999(KS X ISO/IEC 97963 ) ISO/IEC 101181, Information technology. Security techniquesHash-functionsPart 1：General, 1994(KS X ISO/IEC 101181 ) ISO/IEC 101182, Information technologySecurity techniquesHash-functionsPart 2：Hash- functions using an n-bit block cip

12、her algorithm, 1994(KS X ISO/IEC 101182 ) ISO/IEC 101183, Information technologySecurity techniquesHash-functionsPart 3：Dedicated hash-functions, 1998(KS X ISO/IEC 101183 ) ISO/IEC 117701, Information technologySecurity techniquesKey managementPart 1： Framework, 1996(KS X ISO/IEC 117701 ) ISO/IEC 11

13、7702, Information technologySecurity techniquesKey managementPart 2：Mechanisms using symmetric techniques, 1996(KS X ISO/IEC 117702 ) ISO/IEC 117703, Information technologySecurity techniquesKey managementPart 3：Mechanisms using asymmetric techniques, 1999 KS X ISO/IEC 15945：2007 4 ISO/IEC 138881, I

14、nformation technologySecurity techniquesNon-repudiationPart 1：General model,1997(KS X ISO/IEC 138881 ) ISO/IEC 138882：1998, Information technologySecurity techniquesNon-repudiationPart 2：Mechanisms using symmetric techniques(KS X ISO/IEC 138882 ) ISO/IEC 138883：1998, Information technologySecurity t

15、echniquesNon-repudiationPart 3：Mechanisms using asymmetric techniques ISO/IEC 148881：1998, Information technology Security techniques Digital signatures with appendix Part 1：General(KS X ISO/IEC 148881 ) ISO/IEC 148882：1998, Information technology Security techniques Digital signatures with appendix

16、 Part 2 ：Identity-based mechanisms(KS X ISO/IEC 148882 ) ISO/IEC 148883：1998, Information technology Security techniques Digital signatures with appendix Part 3 ：Certificate-based mechanisms(KS X ISO/IEC 148883 ) ISO/IEC 159462, Information technologySecurity techniquesCryptographic techniques based

17、 on elliptic curvesPart 2：Digital signatures(KS X ISO/IEC 159462 ) 3 ISO/IEC 117701 . (Key management) ISO/IEC 101811 . 3 (Trusted Third Party) ITUT Rec.X.509(2000) | ISO/IEC 95948：2000 . (CA-Certificate) (Certification Authority) (Public key certificate) . (Certification policy) (Certification revo

18、cation list) (Certification path) ISO/IEC 101181 . (Hash function) (Hash code) ISO/IEC 148881 . (domain parameter) . KS X ISO/IEC 15945：2007 5 3.1 (Certificate Management Services) , , , . 3.2 (Certification Service) , ISO/IEC 95948：1995 . 3.3 (Digital signature) , , 3 , . , , . . 3.4 (Directly trus

19、ted CA) , , . 3.5 (Directly trusted CA key) (Directly trusted CA key) (Directly trusted CA) . . , . , (CA) ( A ), . . . 3.6 (Directory Service) , , , , , . ITUT Rec X.500 . 3.7 (Key Distribution Service) , , ISO/IEC 117701 . 3.8 (Non-Repudiation of creation) (, ). KS X ISO/IEC 15945：2007 6 3.9 (Pers

20、onal Security Environment) , . , . 3.10 (Personalization Service) . . ITUT Rec.X.842|ISO/IEC TR 14516 3 . 3.11 (PKD) . (CA) . 3.12 (Public Key Infrastructure) TTP , , . TTP TTP PKI . . 3.13 (Registration Authority) , 3.14 (Registration Services) 3.15 (Time stamping Service) , . . 4 . CA (Certificati

21、on Authority) CRL (Certificate Revocation List) EE (End Entity) OCSP (Online Certificate Status Protocol) KS X ISO/IEC 15945：2007 7 PKI (Public Key Infrastructure) PSE (Personal Security Environment) RA (Registration Authority) TTP 3(Trusted Third Party) 5 TTP . , , , . . TTP . TTP . 1 , TTP TTP . (

22、 ). . 1) ： TTP , . 2) ( )： , . 3) ： , . 2 . 5.1 . 7. , ASN.1 8. . (, ) 9. . . ITUT X.511 X.519 . LDAP(RFCs 1777,2555 2587-LDAP v2) WEB-access(RFC2585). . KS X ISO/IEC 15945：2007 8 5.1.1 1 . , ( ) , . (：) , . . (： ) . . , “” Z “ X”, Y , (extension) . , , , . (scenario) , . , . 5.1.2 . ITUT Rec.X.509(2000) | ISO/IEC 95948：2000 . 5.1.3 5.1.3.1 . , . , . . . KS X ISO/IEC 15945：2007 9 . ITUT Rec. X.509(2000) | ISO/IEC 9598：2000 . . 5.1.3.2 2 . a) , , . . , . (： ). ISO/IEC 117701 . 1)