|
0010
|
|
|
|
Message header |
A service segment starting and uniquely identifying a message. The message type code for the secure authentication and acknowledgement message is AUTACK.
The data element message type sub-function identification shall be used to indicate the usage of the AUTACK function as either authentication, acknowledgement or refusal of acknowledgement.
Note:
messages conforming to this document must contain the following data in segment UNH, composite S009:
Data element 0065 AUTACK
0052 4
0054 1
0051 UN |
|
M
|
1
|
|
|
0020
|
|
|
|
USH-USA-SG2 |
A group of segments identifying the security service and security mechanisms applied and containing the data necessary to carry out the validation calculations (as defined in Part 5 of ISO 9735).
This segment group shall specify the security service and algorithm(s) applied to the AUTACK message or applied to the referenced EDIFACT structure.
Each security header group shall be linked to a security trailer group, and some may be linked additionally to USY segments. |
|
M
|
99
|
|
|
0030
|
|
|
|
Security header |
A segment specifying a security service applied to the message/package in which the segment is included, or to the referenced EDIFACT structure (as defined in Part 5 of ISO 9735).
The security service data element shall specify the security function applied to the AUTACK message or the referenced EDIFACT structure:
- the security services: message origin authentication and non-repudiation of origin shall only be used for the AUTACK message itself.
- the security services: referenced EDIFACT structure integrity, referenced EDIFACT structure origin authentication and referenced EDIFACT structure non-repudiation of origin shall only be used by the sender to secure the AUTACK referenced EDIFACT structures.
- the security services: receipt authentication and non-repudiation of receipt shall only be used by the receiver of secured EDIFACT structures to secure the acknowledgement.
The scope of security application of the security service shall be specified, as defined in Part 5 of ISO 9735. In an AUTACK message, there are four possible scopes of security application:
- the first two scopes are as defined in Part 5 of ISO 9735 section 5.
- the third scope includes the whole EDIFACT structure, in which the scope of the security application is from the first character of the referenced message, package, group or interchange (namely a "U") to the last character of the message, package, group or interchange, inclusive.
- the fourth scope is user defined, in which scope the security application is defined in an agreement between sender and receiver. |
|
M
|
1
|
|
|
0040
|
|
|
|
Security algorithm |
A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). |
|
C
|
3
|
|
|
0050
|
|
|
|
USC-USA-USR |
A group of segments containing the data necessary to validate the security methods applied to the message/package, when asymmetric algorithms are used (as defined in Part 5 of ISO 9735). |
|
C
|
2
|
|
|
0060
|
|
|
|
Certificate |
A segment containing the credentials of the certificate owner and identifying the certification authority which has generated the certificate (as defined in Part 5 of ISO 9735). |
|
M
|
1
|
|
|
0070
|
|
|
|
Security algorithm |
A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5 of ISO 9735). |
|
C
|
3
|
|
|
0080
|
|
|
|
Security result |
A segment containing the result of the security functions applied to the certificate by the certification authority (as defined in Part 5 of ISO 9735). |
|
C
|
1
|
|
|
0090
|
|
|
|
Secured data identification |
This segment shall contain identification of the interchange sender and interchange recipient, a security related timestamp of the AUTACK and it shall specify whether a secure acknowledgement from the AUTACK message recipient is required or not. If one is required, the message sender will expect an AUTACK acknowledgement message to be sent back by the message recipient.
The interchange sender and interchange recipient in USB shall refer to the sender and the recipient of the interchange in which the AUTACK is present, in order to secure this information. |
|
M
|
1
|
|
|
0100
|
|
|
|
USX-USY |
This segment group shall be used to identify a party in the security process and to give security information on the referenced EDIFACT structure. |
|
M
|
9999
|
|
|
0110
|
|
|
|
Security references |
This segment shall contain references to the party involved in the security process.
The composite data element security date and time may contain the original generation date and time of the referenced EDIFACT structure.
If data element 0020 is present and none of: 0048, 0062 and 0800 are present, the whole interchange is referenced.
If data elements 0020 and 0048 are present and none of: 0062 and 0800 are present, the group is referenced. |
|
M
|
1
|
|
|
0120
|
|
|
|
Security on references |
A segment containing a link to a security header group and the result of the security services applied to the referenced EDIFACT structure as specified in this linked security header group.
When the referenced EDIFACT structures are secured by the same security service, with the same related security parameters many USY segments may be linked to the same security header group. In this case the link value between the security header group and the related USYs shall be the same.
When AUTACK is used for the acknowledgement function the corresponding security header group shall be either one of the referenced EDIFACT structure or of an AUTACK message that is used to provide the referenced EDIFACT structure with the authentication function.
In a USY segment the value of data element 0534 shall be identical to the value in 0534 in the corresponding USH segment of either:
- the current AUTACK, if the authentication function is used (security services: referenced EDIFACT structure origin authenticity, referenced EDIFACT structure integrity or referenced EDIFACT structure non-repudiation of origin)
- the referenced EDIFACT structure itself, or an AUTACK message providing the referenced EDIFACT structure with the authentication function, if the acknowledgement function is used (security services: non-repudiation of receipt or receipt authentication) |
|
M
|
9
|
|
|
0130
|
|
|
|
UST-USR |
A group of segments containing a link with security header segment group and the result of the security functions applied to the message/package (as defined in Part 5 of ISO 9735).
USR segment may be omitted if the security trailer group is linked to a security header group related to a referenced EDIFACT structure. In this case the corresponding results of the security function shall be found in the USY segments which are linked to the relevant security header group. |
|
M
|
99
|
|
|
0140
|
|
|
|
Security trailer |
A segment establishing a link between security header and security trailer segment group and stating the number of security segments contained in these groups (as defined in Part 5 of ISO 9735). |
|
M
|
1
|
|
|
0150
|
|
|
|
Security result |
A segment containing the result of the security functions applied to the message/package as specified in the linked security header group (as defined in Part 5 of ISO 9735). The security result in this segment shall be applied to the AUTACK message itself. |
|
C
|
1
|
|
|
0160
|
|
|
|
Message trailer |
A service segment ending a message, giving the total number of segments and the control reference number of the message. |
|
M
|
1
|
|
