| 0010 |
|
| |
UNH |
Message header |
| |
|
A service segment starting and uniquely identifying a message.
The message type code for the security key and certificate management message is KEYMAN.
Note: messages conforming to this document must contain the following data in segment UNH, composite S009:
Data element 0065 KEYMAN
0052 4
0054 1
0051 UN |
|
|
|
1 |
|
| 0020 |
|
| |
SG1 |
USE-USX-SG2 |
| |
|
A group of segments containing all information necessary to carry key, certificate or certification path management requests, deliveries and notices. |
|
|
|
999 |
|
| 0030 |
|
| |
USE |
Security message relation |
| |
|
A segment identifying a relationship to an earlier message, such as a KEYMAN request. |
|
|
|
1 |
|
| 0040 |
|
| |
USX |
Security references |
| |
|
A segment identifying a link to an earlier message, such as a request. The composite data element "security date and time" may contain the original generation date and time of the referenced message. |
|
|
|
1 |
|
| 0050 |
|
| |
SG2 |
USF-USA-SG3 |
| |
|
A group of segments containing a single key, single certificate, or group of certificates forming a certification path. |
|
|
|
9 |
|
| 0060 |
|
| |
USF |
Key management function |
| |
|
A segment identifying the function of the group it triggers, either a request or a delivery. When used for indicating elements of the certification paths, the certificate sequence number shall indicate the position of the following certificate within the certification path. It may be used on its own for list retrieval, with no certificate present. There may be several different USF segments within the same message, if more than one key or certificate is handled. However, there shall be no mixture of request functions and delivery functions. The USF segment may also specify the filter function used for binary fields of the USA segment immediately following this segment. |
|
|
|
1 |
|
| 0070 |
|
| |
USA |
Security algorithm |
| |
|
A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). This segment shall be used for symmetric key requests, discontinuation or delivery. It may also be used for an asymmetric key pair request. |
|
|
|
1 |
|
| 0080 |
|
| |
SG3 |
USC-USA-USR |
| |
|
A group of segments containing the data necessary to validate the security methods applied to the message/package, when asymmetric algorithms are used (as defined in Part 5 of ISO 9735). This group shall be used in the request or delivery of keys and certificates.
Either the full certificate segment group (including the USR segment), or the only data elements necessary to identify unambiguously the asymmetric key pair used, shall be present in the USC segment. The presence of a full certificate may be avoided if the certificate has already been exchanged by the two parties, or if it may be retrieved from a database.
Where it is desired to refer to a non-EDIFACT certificate (such as X.509), the certificate syntax and version shall be identified in data element 0545 of the USC segment.. Such certificates may be conveyed in an EDIFACT packagereference in USC (0536) shall contain the reference identification number (0802) from the UNO segment of the package containing the non-EDIFACT certificate, and no other data elements (in order to distinguish it from an EDIFACT certificate reference). |
|
|
|
1 |
|
| 0090 |
|
| |
USC |
Certificate |
| |
|
A segment containing the credentials of the certificate owner and identifying the certification authority which has generated the certificate (as defined in Part 5 of ISO 9735). This segment shall be used for certificate requests such as renewal, or asymmetric key requests such as discontinuation, and for certificate deliveries. |
|
|
|
1 |
|
| 0100 |
|
| |
USA |
Security algorithm |
| |
|
A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). This segment shall be used for certificate requests such as credentials registration, and for certificate deliveries. |
|
|
|
3 |
|
| 0110 |
|
| |
USR |
Security result |
| |
|
A segment containing the result of the security functions applied to the certificate by the certification authority (as defined in Part 5 of ISO 9735). This segment shall be used for certificate validation or certificate deliveries. |
|
|
|
1 |
|
| 0120 |
|
| |
SG4 |
USL-SG5 |
| |
|
A group of segments containing lists of certificates or public keys. The group shall be used to group together certificates of similar status - ie which are still valid, or which may be invalid for some reason. |
|
|
|
99 |
|
| 0130 |
|
| |
USL |
Security list status |
| |
|
A segment identifying valid, revoked, unknown or discontinued items. These items may be certificates (eg valid, revoked) or public keys (eg valid or discontinued). There may be several different USL segments within this message, if the delivery implies more than one list of certificates or public keys. The different lists may be identified by the list parameters. |
|
|
|
1 |
|
| 0140 |
|
| |
SG5 |
USC-USA-USR |
| |
|
A group of segments containing the data necessary to validate the security methods applied to the message/package, when asymmetric algorithms are used (as defined in Part 5 of ISO 9735). This group shall be used in the delivery of lists of keys or certificates of similar status. |
|
|
|
9999 |
|
| 0150 |
|
| |
USC |
Certificate |
| |
|
A segment containing the credentials of the certificate owner and identifying the certification authority which has generated the certificate (as defined in Part 5 of ISO 9735). This segment shall be used either in the full certificate using in addition the USA and USR segments, or may alternatively indicate the certificate reference number or key name, in which case the message shall be signed using security header and trailer segment groups. |
|
|
|
1 |
|
| 0160 |
|
| |
USA |
Security algorithm |
| |
|
A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). If it is required to indicate the algorithms used with a certificate, this segment shall be used. |
|
|
|
3 |
|
| 0170 |
|
| |
USR |
Security result |
| |
|
A segment containing the result of the security functions applied to the certificate by the certification authority (as defined in Part 5 of ISO 9735). If it is required to sign a certificate, this segment shall be used. |
|
|
|
1 |
|
| 0180 |
|
| |
UNT |
Message trailer |
| |
|
A service segment ending a message, giving the total number of segments and the control reference number of the message. |
|
|
|
1 |
|
