dedica project : project te 2005 (te)
DESCRIPTION
DEDICA Project : Project TE 2005 (TE). Directory Based EDI Certificate Access and Management Manuel Medina, Juan Carlos Cruellas, Montse Rubia (DAC/UPC) URL: http://.www.ac.upc.es/recerca/DISTR/DEDICA/default.htm. AIM OF DEDICA. - PowerPoint PPT PresentationTRANSCRIPT
DEDICA Project : Project TE 2005 (TE)
Directory Based EDI Certificate Access and
ManagementManuel Medina, Juan Carlos Cruellas, Montse Rubia (DAC/UPC)
URL: http://.www.ac.upc.es/recerca/DISTR/DEDICA/default.htm
AIM OF DEDICA
The aim of the project is the rapid and cost effective provision of EDI Certificate management infra-structure to EDI users.
Addressed to those interested in the use of open standard UN/EDIFACT security services and interworking with electronic mail and other standard services.
OVERVIEW OF DEDICA PROJECT OBJECTIVES
• To supply a gateway tool between the X.509 certification infrastructure, and the existing EDI applications that are following the UN/EDIFACT standards for certification and electronic signature mechanisms.
• To specify translation rules to convert X.509 certificates into EDIFACT certificates and viceversa.
• To set up demonstrators of its applications in four experimental sites
• Disseminate and exploit the results in an operational and industrial way
DEDICA SCENARIO (I)
CertMap
MangMap
DEDICA
e-mail and X.509certificates users
X.500DIRECTORY
DUADUA
X.509
Certificates EDIFACTCertificates
KEYMAN
X.500Access
X.500Access
EDIFACT messages and certificates users
CertMap
MangMap
DEDICA
User X User E
X.509 CA EDIFACT CA
Gateway certified by X.509 and EDIFACT
CAs.
X.500 Directory
X.509 PKI EDIFACT PKI
DEDICA SCENARIO (II):
DEDICA SCENARIO (II)
• User A in an infrastructure IA gives his certificate (generated by a CA of IA -initial certificate-) and requests to DEDICA a certificate in the other infrastructure IB (derived certificate).
• User A sends a message to user B in infrastructure IB (with the certificate generated by DEDICA)
• User B requests DEDICA to validate the derived certificate of A.
• DEDICA verifies if the initial certificate of A is still valid. He sends to B the answer to his request.
BLOCK DIAGRAM OF THE DEDICA GATEWAY (I)
CertMap
MangMap
DEDICA
CertificateX.509
CertificateEDI
KEYMAN DUA X.509 Directory
X.509 worldEDI world
BLOCK DIAGRAM OF THE DEDICA GATEWAY (II)
• Given a valid certificate generated by a CA (initial certificate) in one format, to generate a certificate in the other format (derived certificate)
• Mapping information from the initial to the derived in the new format.
• Usage of external tools: ASN.1 and crypto tools.
• Manage connections with users.
• Collect requests for generating derived certificates.
• Verify the initial certificates arrived (access to X.500)
• Collect requests of validation of derived certificates.
• Build response messages
CERTMAP MANGMAP
DEVELOPMENT OF CERTMAP
• 1: Technical analysis of X.509 and UN/EDIFACT certificates
• 2: Definition and specification of the strategy for the mapping of the names
• 3: Formal specification of the mapping of the certificates.
CERT-MAP STRUCTURE (CM)
CertMap (CM)
CM_Kernel(CM_KE)
CM_Names (CM_NM)
CM_Algorithm (CM_AL)
CM_Time (CM_TM)
CM_Keys (CM_PK)
CM_Filter (CM_FF)
CM_CertEDI (CM_CE)
CM_KE/ASN1API
ASN.1
TOOL
CM_KE/CRIPTOG.
API
CRIPTOGRAPHIC
TOOL
MAPPING FROM X.509 TO UN/EDIFACT
CertMap (CM)
CM_Kernel(CM_KE)
CM_Names (CM_NM)
CM_Algorithm (CM_AL)
CM_Time (CM_TM)
CM_Keys (CM_PK)
CM_Filter (CM_FF)
CM_CertEDI (CM_CE)
CM_KE/CRYPTOG
.API
CRYPTOGRAPHIC
TOOL
0
2
3
4
5
6
CM_KE/ASN1API
ASN.1
TOOL
1
7
11
8
9
10
0. X.509 certificate arrives.
1. CM_KE passes DER to ASN.1 tool.
2. ASN.1 tool returns X.509 certificate information in an intern format.
3 to 6 Modules map data elements.
7. CM_CE returns ToBeSigned part of EDIFACT certificate.
8. CM_KE passes it to Cryptographic module.
9. Cryptographic module returns signature.
10. CM_FF filters signature.
11. CM_CE generates EDIFACT derived certificate.
MAPPING FROM EDIFACT TO X.509
CertMap (CM)
CM_Kernel(CM_KE)
CM_Names (CM_NM)
CM_Algorithm (CM_AL)
CM_Time (CM_TM)
CM_Keys (CM_PK)
CM_Filter (CM_FF)
CM_CertEDI (CM_CE)
CM_KE/CRYPTOG
.API
CRYPTOGRAPHIC
TOOL
0
7
2
3
4
5
CM_KE/ASN1API
ASN.1
TOOL
6
1
8
9
10
11
0. EDIFACT certificate arrives.
1. CM_CE returns certificate
information in an intern format.
2 to 5 Modules perform mapping
tasks of X.509 derived certificate.
6. CM_KE passes info to ASN.1 tool
7. ASN.1 tool returns ToBeSigned.
8. CM_KE passes ToBeSigned to
Cryptographic tool.
9. Crypto tool returns signature.
10. CM_KE passes signature to ASN.1 tool.
11. ASN.1 tool returns X.509 certificate.
MANG-MAP STRUCTURE (I)
KEYMANHandling
(KM)
MangMapKernel(MK)
X.500 AccessHandling
(XH)
CertM apm odule
(CM)
DEDICA gateway
M angM apM odule
(M M )
CAs information Table
… . … .
Names Mapping Table
MANG-MAP STRUCTURE (II)
• MK: MangMap Kernel. Handles the requests arrived to the gateway, passes them to the corresponding module, requests the mapping of a given certificate and coordinates the processing inside the gateway
• KH: KEYMAN and EDIFACT Interchange Handling. Handles the requesting interchanges and builds the answer interchanges.
• XH: X.509 PKI messages Handling. Handles the incoming messages from X.509 PKI and builds the corresponding answer messages..
• User X, with X.509 certificate requests to the gateway the production of a derived EDIFACT certificate.
• User X sends KEYMAN + X.509 DER encoded within an EDIFACT package (UNO-UNP segments).
• DEDICA gateway answers with an EDIFACT certificate within a KEYMAN message
CertMap
MangMap
DEDICA
User XUser E
KEYMAN UNO X.509 UNP
KEYMAN (EDIFACT Cert).
UN/EDIFACT derived certificate request (I)
SEQUENCE OF OPERATIONS
KEYMANHandling
(KH)
MangMapKernel(MK)
X.500 AccessHandling
(XH)
CertMapmodule
(CM)
DEDICA gateway
MangMapModule(MM )
CAs information Table
….
Names Mapping Table
….
Package
KEYMAN
Requesting Interchange1
23
X.500
9
4
65
7
11
12
KEYMAN
8
10
Packag
UN/EDIFACT derived certificate request (II)
SEQUENCE OF OPERATIONS
• User X sends to user E a secured EDIFACT interchange including the derived EDIFACT certificate.
CertMap
MangMap
DEDICA
User XUser E
Secured Interchange & EDIFACT Cert
SEQUENCE OF OPERATIONS
• User E receives secured interchange with the derived EDIFACT certificate.
• User E requests validation of the certificate to the gateway.
• The gateway answers the request.
• User E proceeds with the interchange.
CertMap
MangMap
DEDICA
User XUser E
KEYMAN(& EDIFACT Cert )
KEYMAN (Valid. result)
UN/EDIFACT derived certificate validation request (I)
SEQUENCE OF OPERATIONS
KEYMANHandling
(KH)
MangMapKernel(MK)
X.500 AccessHandling
(XH)
CertMapmodule
(CM)
DEDICA gateway
MangMapModule(MM)
CAs information Table
….
Names Mapping Table
….
1
2
3
X.500
4
5
76
9
1112
10
8RequestingKEYMAN
NotificationKEYMAN
UN/EDIFACT derived certificate validation request (II)
SEQUENCE OF OPERATIONS
• MangMap access to X.500 Directory by using LDAP in order to validate the X.509 initial certificate.
• MangMap validates:– Signature in X.509 certificate.
– Revocation List in X.509 initial certificate issuer’s site.
– Certification Path for the X.509 initial certificate.
SEQUENCE OF OPERATIONS
CertMap
MangMap
DEDICA
KH MK XH
LDAP SERVER
DUA
X.500 DIRECTORY
DEDICA AND X.500 ACCESS
DEDICA TOOLS could also be used in other environments:
• CAs with DEDICA modules could issue both kind of certificates without needing to duplicate infrastructure (revocation lists, etc.)
• Currently existing X.509 CAs could become an EDIFACT CA by incorporating DEDICA tools.
OTHER POSSIBLE USAGES
CURRENT STATUS
• Conversion rules for X.509 and EDIFACT certificates specified.
• CertMap developed and working in the sense X.509 -> EDIFACT.
• MangMap finished.
• Pilots starting. Certification services for EDIFACT users.
COOPERATION ACTIVITIES WITH OTHER PROJECTS AND PROGRAM SECTORS
• SEMPER Project
• ICE-TEL Project
• E2S
PLANS FOR DEMONSTRATION, EXPLOITATION, IMPLEMENTATION AND EXPECTED ACHIEVEMENTS
• ETS, European Trusted third parties Services
• Demonstration phase with the involvement of European wide users’ communities
• Development and/or enhancement of services.
COMMITMENT AND ABILITY OF THE PARTICIPANTS TO OPERATE IN THE MARKET AREAS INVOLVED
• INTRASOFT/ INTERBANK– HEDIVAN project
• FINSIEL– Italian Custom Administration
TRANSITION TO A SUCCESSFUL EXPLOITATION PHASE
• A second users’ meeting will be organised to demonstrate the capabilities of the DEDICA gateway to different users’ comunities, and to developers of EDI applications.
X.509 INITIAL CERTIFICATE (I): SHORT DN
SEQUENCE (331) {
toBeSigned SEQUENCE (310) {
version [0] INTEGER (1) 0x00 (0) DEFAULT
serialNumber INTEGER (2) 0x04D2 (1234)
signature SEQUENCE (13) {
algorithm OBJECT IDENTIFIER (9) pkcs1-md5WithRSAEncryption
parameters TYPE (2) with {
NULL (0)
}
}
issuer SEQUENCE OF (49) RDN {
O=CARoot, O=CASP, O=CA_UPC
}
validity SEQUENCE (30) {
notBefore UTCTime (13) "961218111200Z"
notAfter UTCTime (13) "971218111200Z"
}
subject SEQUENCE OF (44) RDN {
C=es, O=upc, CN=medina
}
subjectPublicKeyInfo SEQUENCE (159) {
algorithm SEQUENCE (13) {
algorithm OBJECT IDENTIFIER (9) pkcs1-rsaEncryption
parameters TYPE (2) with {
NULL (0)
}
}
subjectPublicKey BIT STRING (141) Encapsulates {
TYPE (140) with {
rSAPublicKey SEQUENCE (137) {
modulus INTEGER (129) 0x00BF2B9E56769AAEB79564F63D9CE6759FC8CD851761F13CD63EC6DABF08A5FE6C2219E888D48DB753E141BE0169D3F404F993D7F389DAF1D27370F5D6E173A75BFB9D75E13D11DAFDA2D197084355BA0159EE60AE34B1F1C50426D323F1E748CF34C1E0B0FA7EC94CF0FFCD41A3D66C5B6AF7B64008D6CDD14806D43A0D461D6F
exponent INTEGER (3) 0x010001 (65537)
}
}
}
}
issuerUId [1] IMPLICIT BIT STRING OPTIONAL NOT PRESENT
subjectUId [2] IMPLICIT BIT STRING OPTIONAL NOT PRESENT
extensions [3] SEQUENCE OF OPTIONAL NOT PRESENT
}
signatureAlgorithm SEQUENCE (13) {
algorithm OBJECT IDENTIFIER (9) pkcs1-md5WithRSAEncryption
parameters TYPE (2) with {
NULL (0)
}
}
signature BIT STRING (0)
}
EDIFACT CERTIFICATE CONTENTS AND CODIFICATION (I)
USC (v3) : CERTIFICATE SEGMENT 0536....CERTIFICATE REFERENCE 1 S500: SECURITY IDENTIFICATION DETAILS 0577....Security party qualifier 3 0538....Key name Manel Medina Key 1 0586....Security party name EDI Manuel Medina S500: SECURITY IDENTIFICATION DETAILS 0577....Security party qualifier 4 0586....Security party name DEDICAName 0544....FORMAT CERTIFICATE VERSION XXY 0505....FILTER FUNCTION, CODED 5 0507....CHARACTER SET ENCODING, CODED 2 0543....CHARACTER REPERTOIRE, CODED 2 S501_V3: SECURITY DATE AND TIME 0517....Date and time qualifier, coded 3 0502....Date 19961218 0504....Time 111211 S501_V3: SECURITY DATE AND TIME 0517....Date and time qualifier, coded 4 0502....Date 19971218 0504....Time 111211
USA (v3) : SECURITY ALGORITHM S502: SECURITY ALGORITHM 0523....Use of algorithm, coded 3 0527....Algorithm, coded 10USA (v3) : SECURITY ALGORITHM S502: SECURITY ALGORITHM 0523....Use of algorithm, coded 4 0527....Algorithm, coded 6USA (v3) : SECURITY ALGORITHM S502: SECURITY ALGORITHM 0523....Use of algorithm, coded 6 0527....Algorithm, coded 10 S503_V3: ALGORITHM PARAMETER 0532....Algorithm parameter value 04J61TB/WLH,PH/D=38MYV-1M5BSJO3A8XH8TSLRM)QJDM=AE/X3 PAI.QJQUBQG94H08HTE)0TQKK7XU,UDKT5-FRLTWCG0NCVQLYIV7 /2KCZ50T0Y168B)G081X07O55ORGRB.5G64/=W0.STPQ(AOLRHNZ AS2ZH-93XTTOCSAYCW8)9TVZS//0.S81Q9UI2P 0531....Algorithm parameter qualifier, coded 12 S503_V3: ALGORITHM PARAMETER 0532....Algorithm parameter value 05/01 0531....Algorithm parameter qualifier, coded 13 S503_V3: ALGORITHM PARAMETER 0532....Algorithm parameter value 1024 0531....Algorithm parameter qualifier, coded 14
USC+1+3:::::1234RegSchemeID560C=es, O=upc, CN=m:edina+4:::::DEDICAName+XXY+5+2+2++++++3:19961218:111200+4:19971218:111200'USA+3:::10+++++'USA+4:::6+++++'USA+7:::10+04J61TB/WLH,PH/D=38MYV-1M5BSJO3A8XH8TSLRM)QJDM=AE/X3PAI.QJQUBQG94H08HTE)0TQKK7XU,UDKT5-FRLTWCG0NCVQLYIV7/2KCZ50T0Y168B)G081X07O55ORGRB.5G64/=W0.STPQ(AOLRHNZAS2ZH-93XTTOCSAYCW8)9TVZS//0.S81Q9UI2P:12+05/01:13+1024:14++'USR+P()68CY9D5ZW8EN3ILEOIVE=DYOJHGL2)2.OISSEIOHT32C95BVMMJCNIN,EW6-225K.CE/2Y5(X61WAK5ZC9RAVWM55B1)DHRUGQ/8JBOESQI5UK,NQ2SXW4-C3,=Y.3J2KTASVEE2I84MMKDJUUWOX9UQXD,JYOBFUELHBVE7G95S/7X-IUX6Y/DAK4S25'
X.509 INITIAL CERTIFICATE (II):LONG DN
SEQUENCE (439) { toBeSigned SEQUENCE (418) { version [0] INTEGER (1) 0x00 (0) DEFAULT serialNumber INTEGER (2) 0x04D2 (1234) signature SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs1-md5WithRSAEncryption parameters TYPE (2) with { NULL (0) } } issuer SEQUENCE OF (49) RDN { O=CARoot, O=CASP, O=CA_UPC } validity SEQUENCE (30) { notBefore UTCTime (13) "961218111200Z" notAfter UTCTime (13) "971218111200Z" } subject SEQUENCE OF (151) RDN { C=es, O=This is an example of very long organisation name, OU=organisational unit name,
CN=long DN for the subject (Part 1) } subjectPublicKeyInfo SEQUENCE (159) { algorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs1-rsaEncryption parameters TYPE (2) with { NULL (0) } }
subjectPublicKey BIT STRING (141) Encapsulates { TYPE (140) with { rSAPublicKey SEQUENCE (137) { modulus INTEGER (129)
0x00BF2B9E56769AAEB79564F63D9CE6759FC8CD851761F13CD63EC6DABF08A5FE6C2219E888D48DB753E141BE0169D3F404F993D7F389DAF1D27370F5D6E173A75BFB9D75E13D11DAFDA2D197084355BA0159EE60AE34B1F1C50426D323F1E748CF34C1E0B0FA7EC94CF0FFCD41A3D66C5B6AF7B64008D6CDD14806D43A0D461D6F
exponent INTEGER (3) 0x010001 (65537) } } } } issuerUId [1] IMPLICIT BIT STRING OPTIONAL NOT PRESENT subjectUId [2] IMPLICIT BIT STRING OPTIONAL NOT PRESENT extensions [3] SEQUENCE OF OPTIONAL NOT PRESENT } signatureAlgorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs1-md5WithRSAEncryption parameters TYPE (2) with { NULL (0) } } signature BIT STRING (0) }
EDIFACT CERTIFICATE CONTENTS AND CODIFICATION (II)
USC (v3) : CERTIFICATE SEGMENT 0536....CERTIFICATE REFERENCE 1 S500: SECURITY IDENTIFICATION DETAILS 0577....Security party qualifier 3 0586....Security party name 1234RegSchemeID561 OU=organisationa 0586....Security party name l unit name, CN=long DN for the sub 0586....Security party name ject (Part 1) 0000000001 S500: SECURITY IDENTIFICATION DETAILS 0577....Security party qualifier 4 0586....Security party name DEDICAName 0544....FORMAT CERTIFICATE VERSION XXY 0505....FILTER FUNCTION, CODED 5 0507....CHARACTER SET ENCODING, CODED 2 0543....CHARACTER REPERTOIRE, CODED 2 S501_V3: SECURITY DATE AND TIME 0517....Date and time qualifier, coded 3 0502....Date 19961218 0504....Time 111200 S501_V3: SECURITY DATE AND TIME 0517....Date and time qualifier, coded 4 0502....Date 19971218
0504. me...Ti 111200 USA (v3) : SECURITY ALGORITHM S502: SECURITY ALGORITHM 0523....Use of algorithm, coded 3 0527....Algorithm, coded 10USA (v3) : SECURITY ALGORITHM S502: SECURITY ALGORITHM 0523....Use of algorithm, coded 4 0527....Algorithm, coded 6USA (v3) : SECURITY ALGORITHM S502: SECURITY ALGORITHM 0523....Use of algorithm, coded 7 0527....Algorithm, coded 10 S503_V3: ALGORITHM PARAMETER 0532....Algorithm parameter value 04J61TB/WLH,PH/D=38MYV-1M5BSJO3A8XH8TSLRM)QJDM=AE/X3 PAI.QJQUBQG94H08HTE)0TQKK7XU,UDKT5-FRLTWCG0NCVQLYIV7 /2KCZ50T0Y168B)G081X07O55ORGRB.5G64/=W0.STPQ(AOLRHNZ AS2ZH-93XTTOCSAYCW8)9TVZS//0.S81Q9UI2P 0531....Algorithm parameter qualifier, coded 12 S503_V3: ALGORITHM PARAMETER 0532....Algorithm parameter value 05/01 0531....Algorithm parameter qualifier, coded 13 S503_V3: ALGORITHM PARAMETER 0532....Algorithm parameter value 1024 0531....Algorithm parameter qualifier, coded 14
USC+1+3:::::1234RegSchemeID561 OU=organisationa:l unit name, CN=long DN for the sub:ject (Part 1) 0000000001+4:::::DEDICAName+XXY+5+2+2++++++3:19961218:111200+4:19971218:111200'USA+3:::10+++++'USA+4:::6+++++'USA+7:::10+04J61TB/WLH,PH/D=38MYV-1M5BSJO3A8XH8TSLRM)QJDM=AE/X3PAI.QJQUBQG94H08HTE)0TQKK7XU,UDKT5-FRLTWCG0NCVQLYIV7/2KCZ50T0Y168B)G081X07O55ORGRB.5G64/=W0.STPQ(AOLRHNZAS2ZH-93XTTOCSAYCW8)9TVZS//0.S81Q9UI2P:12+05/01:13+1024:14++'USR+BCHQ8UV)LPE,Y14VJO2D6E)TS,WYU74QZF(WUAUS7JNLN0A8D2FOMCJDNMZIESDNDI2O/4QNB,H61,M3,WO74)SI,CM4QKU.GHUIBU2JIG6LPLOOK3PEUWBH2V6O=27M361QM/9XRIJNP5YSNDIR73UBRQX9QT,N),NUWY8FUA8Q=XXLRFVSBA-G2HHOFVW('
X.509 INITIAL CERTIFICATE (III): EXTENSIONS
SEQUENCE (424) { toBeSigned SEQUENCE (403) { version [0] INTEGER (1) 0x02 (2) serialNumber INTEGER (2) 0x04D2 (1234) signature SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs1-md5WithRSAEncryption parameters TYPE (2) with { NULL (0) } } issuer SEQUENCE OF (49) RDN { O=CARoot, O=CASP, O=CA_UPC } validity SEQUENCE (30) { notBefore UTCTime (13) "961218111200Z" notAfter UTCTime (13) "971218111200Z" } subject SEQUENCE OF (44) RDN { C=es, O=upc, CN=medina } subjectPublicKeyInfo SEQUENCE (159) { algorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs1-rsaEncryption parameters TYPE (2) with { NULL (0) } } subjectPublicKey BIT STRING (141) Encapsulates { TYPE (140) with { rSAPublicKey SEQUENCE (137) { modulus INTEGER (129)
0x00BF2B9E56769AAEB79564F63D9CE6759FC8CD851761F13CD63EC6DABF08A5FE6C2219E888D48DB753E141BE0169D3F404F993D7F389DAF1D27370F5D6E173A75BFB9D75E13D11DAFDA2D197084355BA0159EE60AE34B1F1C50426D323F1E748CF34C1E0B0FA7EC94CF0FFCD41A3D66C5B6AF7B64008D6CDD14806D43A0D461D6F
exponent INTEGER (3) 0x010001 (65537) } } } } issuerUId [1] IMPLICIT BIT STRING OPTIONAL NOT PRESENT subjectUId [2] IMPLICIT BIT STRING OPTIONAL NOT PRESENT
extensions [3] SEQUENCE OF (84) { extension SEQUENCE (14) { extnId OBJECT IDENTIFIER (3) id-ce-keyUsage critical BOOLEAN (1) TRUE extnValue OCTET STRING (4) Encapsulates { TYPE (4) with { BIT STRING (2) 07 80 } } } extension SEQUENCE (30) { extnId OBJECT IDENTIFIER (3) id-ce-subjectKeyIdentifier critical BOOLEAN (1) TRUE extnValue OCTET STRING (20) Encapsulates { TYPE (20) with { OCTET STRING (18) "Manel Medina Key 1" } } } extension SEQUENCE (34) { extnId OBJECT IDENTIFIER (3) id-ce-subjectAltName critical BOOLEAN (1) TRUE extnValue OCTET STRING (24) Encapsulates { TYPE (24) with { SEQUENCE OF (22) { generalName CHOICE (22) { ediPartyName [5] IMPLICIT SEQUENCE (20) { nameAssigner [0] CHOICE OPTIONAL NOT PRESENT partyName [1] CHOICE (18) { PrintableString (16) "EDI Manel Medina" } } } } } } } } } signatureAlgorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs1-md5WithRSAEncryption parameters TYPE (2) with { NULL (0) } } signature BIT STRING (0) }
EDIFACT CERTIFICATE CONTENTS AND CODIFICATION (III)
USC (v3) : CERTIFICATE SEGMENT 0536....CERTIFICATE REFERENCE 1 S500: SECURITY IDENTIFICATION DETAILS 0577....Security party qualifier 3 0538....Key name Manel Medina Key 1 0586....Security party name EDI Manel Medina S500: SECURITY IDENTIFICATION DETAILS 0577....Security party qualifier 4 0586....Security party name DEDICAName 0544....FORMAT CERTIFICATE VERSION XXY 0505....FILTER FUNCTION, CODED 5 0507....CHARACTER SET ENCODING, CODED 2 0543....CHARACTER REPERTOIRE, CODED 2 S501_V3: SECURITY DATE AND TIME 0517....Date and time qualifier, coded 3 0502....Date 19961218 0504....Time 111200 S501_V3: SECURITY DATE AND TIME 0517....Date and time qualifier, coded 4 0502....Date 19971218 0504....Time 111200
USA (v3) : SECURITY ALGORITHM S502: SECURITY ALGORITHM 0523....Use of algorithm, coded 3 0527....Algorithm, coded 10USA (v3) : SECURITY ALGORITHM S502: SECURITY ALGORITHM 0523....Use of algorithm, coded 4 0527....Algorithm, coded 6USA (v3) : SECURITY ALGORITHM S502: SECURITY ALGORITHM 0523....Use of algorithm, coded 6 0527....Algorithm, coded 10 S503_V3: ALGORITHM PARAMETER 0532....Algorithm parameter value 04J61TB/WLH,PH/D=38MYV-1M5BSJO3A8XH8TSLRM)QJDM=AE/X3 PAI.QJQUBQG94H08HTE)0TQKK7XU,UDKT5-FRLTWCG0NCVQLYIV7 /2KCZ50T0Y168B)G081X07O55ORGRB.5G64/=W0.STPQ(AOLRHNZ AS2ZH-93XTTOCSAYCW8)9TVZS//0.S81Q9UI2P 0531....Algorithm parameter qualifier, coded 12 S503_V3: ALGORITHM PARAMETER 0532....Algorithm parameter value 05/01 0531....Algorithm parameter qualifier, coded 13 S503_V3: ALGORITHM PARAMETER 0532....Algorithm parameter value 1024 0531....Algorithm parameter qualifier, coded 14
USC+1+3:Manel Medina Key 1::::EDI Manel Medina+4:::::DEDICAName+XXY+5+2+2++++++3:19961218:111200+4:19971218:111200'USA+3:::10+++++'USA+4:::6+++++'USA+6:::10+04J61TB/WLH,PH/D=38MYV-1M5BSJO3A8XH8TSLRM)QJDM=AE/X3PAI.QJQUBQG94H08HTE)0TQKK7XU,UDKT5-FRLTWCG0NCVQLYIV7/2KCZ50T0Y168B)G081X07O55ORGRB.5G64/=W0.STPQ(AOLRHNZAS2ZH-93XTTOCSAYCW8)9TVZS//0.S81Q9UI2P:12+
05/01:13+1024:14++'USR+F93IFAG3.94T8GIFH13O.INHVT/BPC8KIO3XN77LHHL4L214LOVYO=83ZU.86010Z6WL96O8G.1I004NSVWJR29U(L6JIUL/3J8H=WYD7HIW0C0RP1E4S52ZFDOHJO3J66/92.BT8,PIR1D5Z425T48E,51EP37I.M3FP2P1PB3CA4M(VU(,6OV8FHAG/YLY'
DELIVERABLES LIST
ID Title
D03.1 Technical description of X509 and UN/EDIFACT certificates.
Specific user requirements on certificate data elements mapping.
D03.2 Naming conversion rules specification
functional requirements.
D03.3 Final specification of CertMap conversion rules.
D05.1 EDI security functions API’s specification
D05.2 Secure EDI communications API specification
D06.1 Specification of the CertMap data types and architecture.
D07.1 Functional specification of MangMap.
D07.2 Final specificatio of MangMap Conversion Rules.