COMMITTEE DRAFT EDIFACT CD 9735-6 Release 1 1996-06-15 Electronic data interchange for administration, commerce and transport (EDIFACT) - Application level syntax rules Part 6: Secure authentication and acknowledgement message (message type - AUTACK) Contents Page Foreword 4 Introduction 5 1 Scope 6 2 Conformance 6 3 References 6 4 Definitions 6 5 Rules for the use of the secure authentication and acknowledgement message 7 Annex A: Directory specification 12 Annex B: Code lists 21 Foreword (To be amended as necessary, according to ISO procedures) ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. Draft International Standards adopted by the technical committees are circulated to the member bodies for approval before their acceptance as International Standards by the ISO Council. They are approved in accordance with ISO procedures requiring at least 75% approval by the member bodies voting. International Standard ISO 9735-1 Amendment 4 was prepared by the UN/ECE Trade Division (as UN/EDIFACT) and was adopted, under the "fast-track procedure" as an existing standard, by Technical Committee ISO TC 154, Documents and data elements in administration; commerce and industry. ISO/IEC 9735 consists (currently) of the following parts, under the general title Electronic data interchange for administration, commerce and transport (EDIFACT) - Application level syntax rules: ISO 9735-1 - Syntax rules common to all parts and the syntax service directories ISO 9735-2 - Syntax rules specific to batch EDI ISO 9735-3 - Syntax rules specific to interactive EDI ISO 9735-4 - Syntax and service report message for batch EDI (message type - CONTRL) ISO 9735-5 - Security rules for batch EDI (authenticity, integrity and non-repudiation of origin) ISO 9735-6 - Secure authentication and acknowledgement message (message type - AUTACK) ISO 9735-7 - Security rules for batch EDI (confidentiality) ISO 9735-8 - Associated data in EDI ISO 9735-9 - Security key and certificate management message (message type - KEYMAN) Further parts may be added in the future. In this Part 6, annex A forms an integral part of this International Standard. Introduction This International Standard includes the rules at the application level for the structuring of data in the interchange of electronic messages in an open environment, based on the requirements of either batch or interactive processing. These rules have been agreed by the United Nations Economic Commission for Europe (UN/ECE) as syntax rules for Electronic Data Interchange for Administration, Commerce and Transport (EDIFACT) and are part of the United Nations Trade Data Interchange Directory (UNTDID) which also includes both batch and interactive Message Design Guidelines. These syntax rules may be used in any application, but messages using these rules may only be referred to as EDIFACT messages if they comply with other guidelines, rules and directories in the UNTDID. For UN/EDIFACT, messages shall comply with the message design rules for batch or interactive usage as applicable. These rules are maintained in the UNTDID. Communications specifications and protocols are outside the scope of this standard. This is a new part, which has been added to ISO 9735. It provides an optional capability of securing an EDIFACT structure i.e. message, package, group or interchange, by means of a secure authentication and acknowlegement message. Electronic data interchange for administration, commerce and transport (EDIFACT) - Application level syntax rules Part 6: Secure authentication and acknowledgement message (message type - AUTACK) 1 Scope This International Standard for EDIFACT security defines the secure authentication and acknowledgement message AUTACK. 2 Conformance Conformance to a standard means that all of its requirements, including all options, are supported. If all options are not supported, any claim of conformance shall include a statement which identifies those options to which conformance is claimed. Data that is interchanged is in conformance if the structure and representation of the data conforms to the syntax rules specified in this International Standard. Devices supporting this International Standard are in conformance when they are capable of creating and/or interpreting the data structured and represented in conformance with the standard. Conformance to this part shall include conformance to Part 1, Part 2 and Part 5 of this International Standard. When identified in this International Standard, provisions defined in related standards shall form part of the conformance criteria. 3 References 3.1 Normative references This International Standard does not refer to other standards. 4 Definitions For the purpose of this International Standard, the definitions in Part 1 annex A and in Part 5 annex A apply. 5. Rules for the use of the secure authentication and acknowledgement message 5.1 Functional definition AUTACK is a message authenticating sent, or providing secure acknowledgement of received interchanges, groups, messages or packages. A secure authentication and acknowledgement message can be used to: a) give secure authentication or non-repudiation of origin to messages, packages, groups or interchanges b) give secure acknowledgement or non-repudiation of receipt to secured messages, packages, groups or interchanges 5.2 Field of application The secure authentication and acknowledgement message (AUTACK) may be used for both national and international trade. It is based on universal commercial practice and is not dependent on the type of business or industry. 5.3 Principles The applied security procedures shall be agreed to by trading partners and specified in an interchange agreement. The secure authentication and acknowledgement message (AUTACK) applies security services to separately forwarded EDIFACT structures (messages, packages, groups or interchanges) and provides secure acknowledgement to secured EDIFACT structures. It can be applied to any combination of EDIFACT structures that need to be secured between two parties. The security services are provided by cryptographic mechanisms applied to the content of the original entities. The results of these mechanisms form the body of the AUTACK message, supplemented by relevant data such as references of the cryptographic methods used, the entity reference numbers and the date and time of the original entities. The AUTACK message shall use the standard security header and trailer groups. The AUTACK message can apply to one or more messages, packages or groups from one or more interchanges, or to one or more interchanges. 5.3.1 Use of AUTACK for the authentication function An AUTACK message used as an authentication message shall be sent by the originator of one or more separately forwarded entities, or by a party having authority to act on behalf of the originator. Its purpose is to facilitate the security services defined in Part 5 of this International Standard, i.e. authenticity, integrity, and non-repudiation of origin of its associated entities. An AUTACK authentication message can be implemented in two ways. The first method conveys the hashed values of the referenced entities secured by the AUTACK itself; the second uses the AUTACK only to convey digital signatures of the referenced entities. 5.3.1.1 Authentication using hash values of the referenced entities The secured entity shall be referenced in an occurrence of the USX (security references) segment. For each USX there shall be at least one corresponding USY (security on references) segment which contains the security result, for example the hash value, of the security function performed on the referenced entity. Details about the security function performed shall be contained in the AUTACK security header group. The USY and USH segments for the referenced entity shall be linked using security control reference data elements in both segments. As a final step, all the information conveyed in the AUTACK shall be secured using at least one pair of security header and security trailer groups. Note: AUTACK uses the USX segment to reference one or more messages, packages or groups in one or more interchanges, or to reference an entire interchange. For each USX segment a corresponding USY segment contains the result of the hashing, authentication or non-repudiation method applied to the referenced EDIFACT structure. 5.3.1.2 Authentication using digital signatures of the referenced entities The secured entity shall be referenced in an occurrence of the USX (security references) segment. For each USX at least one corresponding USY (security on references) segment, which contains the digital signature of the referenced entity, shall be present. Details about the security function performed shall be contained in the AUTACK security header group. Because a single referenced entity may be secured more than once, the related USY and security header group shall be linked using security control reference data elements in both segments. If the digital signature of the referenced entity is contained in AUTACK (rather than just a hash value), the AUTACK does not itself require to be secured. 5.3.2 The use of AUTACK for the acknowledgement function An AUTACK message used as an acknowledgement message shall be sent by the recipient of one or more previously received secured entities, or by a party having authority to act on behalf of the recipient. Its purpose is to facilitate confirmation of receipt, validation of integrity of content, validation of completeness and/or non-repudiation of receipt of its associated entities. The acknowledgement function shall be applied only to secured entities. The secured entity shall be referenced in an occurrence of the USX (security references) segment. For each USX there shall be at least one corresponding USY (security on references) segment which contains either the hash value or the digital signature of the referenced entity. The USY shall be linked to a security header group of the referenced entity, or of an AUTACK message securing it, by using security control reference data element. The corresponding security header related to the referenced entity contains the details of the security function performed on the referenced entity by the sender of the original message. As a final step in generation of the acknowledgement message, all the information conveyed in the AUTACK shall be secured using at least one pair of security header and security trailer groups. AUTACK may also be used for non-acknowledgement in case of problems with the verification of the security results. Note : Secure acknowledgement is only meaningful for authentication AUTACKs and secured entities. To prevent endless loops, an AUTACK used for the acknowledgement function shall not require its recipient to send back an AUTACK acknowledgement message. 5.4 Message definition 5.4.1 Data segment clarification 0010 UNH, Message header A service segment starting and uniquely identifying a message. The message type code for the secure authentication and acknowledgement message is AUTACK. The data element message type sub-function identification shall be used to indicate the usage of the AUTACK function as either authentication, acknowledgement or refusal of acknowledgement. Note: messages conforming to this document must contain the following data in segment UNH, composite S009: Data element 0065 AUTACK 0052 4 0054 1 0051 UN 0020 Segment Group 1: USH-USA-SG2 (security header group) A group of segments identifying the security service and security mechanisms applied and containing the data necessary to carry out the validation calculations (as defined in Part 5). This segment group shall specify the security service and algorithm(s) applied to the AUTACK message or to the referenced entity. Each security header group shall be linked to a security trailer group, and some may be linked additionally to USY segments. 0030 USH, Security header A segment specifying a security service applied to the message/package in which the segment is included, or to the referenced entity (as defined in Part 5). The security service data element shall specify the security function applied to the AUTACK message or the referenced entity: - the security services: message origin authentication and non-repudiation of origin shall only be used for the AUTACK message itself. - the security services: referenced entity integrity, referenced entity origin authentication and referenced entity non-repudiation of origin shall only be used by the sender to secure the AUTACK referenced entities. - the security services: receipt authentication and non-repudiation of receipt shall only be used by the receiver of secured entities to secure the acknowledgement. The scope of security application of the security service shall be specified, as defined in Part 5. In an AUTACK message, there are four possible scopes of security application: - the first two scopes are in defined in Part 5 section 5 - the third scope includes the whole entity, in which the scope of the security application is from the first character of the referenced message, package, group or interchange (namely a "U") to the last character of the message, package, group or interchange, inclusive. - the fourth scope is user defined, in which scope the security application is defined in an agreement between sender and receiver. 0040 USA, Security algorithm A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5). 0050 Segment Group 2: USC-USA-USR (certificate group) A group of segments containing the data necessary to validate the security methods applied to the message/package, when asymmetric algorithms are used (as defined in Part 5). 0060 USC, Certificate A segment containing the credentials of the certificate owner and identifying the certification authority which has generated the certificate (as defined in Part 5). 0070 USA, Security algorithm A segment identifying a security algorithm, the technical usage made of it, and containing the technical parameters required (as defined in Part 5). 0080 USR, Security result A segment containing the result of the security functions applied to the certificate by the certification authority (as defined in Part 5). 0090 USB, Secured data identification This segment shall contain identification of the interchange sender and interchange recipient, a security related timestamp of the AUTACK and it shall specify whether a secure acknowledgement from the AUTACK message recipient is required or not. If one is required, the message sender will expect an AUTACK acknowledgement message to be sent back by the message recipient. The interchange sender and interchange recipient in USB shall refer to the sender and the recipient of the interchange in which the AUTACK is present, in order to secure this information. 0100 Segment group 3: USX-USY This segment group shall be used to identify an entity in the security process and to give security information on the referenced entity. 0110 USX, Security references This segment shall contain references to the entity involved in the security process. The composite data element security date and time may contain the original generation date and time of the referenced entity. The composite data element security reference identication shall contain a reference to the entity to be secured whenever 0020, 0048, 0062, 0800 are not convenient to provide it. If 0020 is present and none of: 0048, 0062 and 0800 are present, the whole interchange is referenced. If 0020 and 0048 are present and none of: 0062 and 0800 are present, the group is referenced. 0120 USY, Security on references A segment containing a link to a security header group and the result of the security services applied to the referenced entity as specified in this linked security header group. When the referenced entities are secured by the same security service, with the same related security parameters many USY segments may be linked to the same security header group. In this case the link value between the security header group and the related USYs shall be the same. When AUTACK is used for the acknowledgement function the corresponding security header group shall be either one of the referenced entity or of an AUTACK message that is used to provide the referenced entity with the authentication function. In a USY segment the value of 0534 shall be identical to the value in 0534 in the corresponding USH segment of either: - the current AUTACK, if the authentication function is used (security services: referenced entity origin authenticity, referenced entity integrity or referenced entity non-repudiation of origin) - the referenced entity itself, or an AUTACK message providing the referenced entity with the authentication function, if the akcknowlegement function is used (security services: non-repudiation of receipt or receipt authentication) 0130 Segment Group 4: UST-USR (security trailer group) A group of segments containing a link with security header segment group and the result of the security functions applied to the message/package (as defined in Part 5). USR segment may be omitted if the security trailer group is linked to a security header group related to a referenced entity. In this case the corresponding results of the security function shall be found a the USY segment which are linked to the same security header group as the current security trailer group. 0140 UST, Security trailer A segment establishing a link between security header and security trailer (as defined in Part 5). 0150 USR, Security result A segment containing the result of the security functions applied to the message/package as specified in the linked security header group (as defined in Part 5). The security result in this segment shall be applied to the AUTACK message itself. 0160 UNT, Message trailer A service segment ending a message, giving the total number of segments and the control reference number of the message. 5.4.2 Message structure 5.4.2.1 Segment table POS TAG Name S R Notes 0010 UNH Message header M 1 0020 ------ Segment group 1 ---- M 99 0030 USH Security header M 1 0040 USA Security algorithm C 1 0050 Segment group 2 --- C 2 0060 USC Certificate M 1 0070 USA Security algorithm C 3 0080 USR Security result C 1 0090 USB Secured data identification M 1 0100 Segment group 3 ------------M 9999 0110 USX Security references M 1 0120 USY Security on references M 9 0130 Segment group 4 ----- M 99 0140 UST Security trailer M 1 0150 USR Security result C 1 0160 UNT Message trailer M 1 ANNEX A (normative) DIRECTORY SPECIFICATION A.1. Segment directory A.1.1 Legend Function The function of the segment POS The sequential position number of the segment or stand-alone data element or composite data element in the segment table TAG The tag for the segment of for the data elements contained in the segment. All service composite data elements are preceded by the letter "S", and all service simple data elements start with the figure "0" Name Name of a SEGMENT in capital letters Name of a COMPOSITE DATA ELEMENT in capital letters Name of a STAND-ALONE DATA ELEMENT in capital letters Name of a component data element in small letters S The status of the segment in the structure or of the stand-alone data element or composite data element in the segment, or of the components in the composite (where M = Mandatory, C = Conditional) R The maximum number of occurrences of the segment in the structure or of the standalone data element or composite data element in the segment Repr. Data value representation of the stand-alone data element or component data element in the composite a alphabetic characters n numeric characters an alphanumeric characters a3 3 alphabetic characters, fixed length n3 3 numeric characters, fixed length an3 3 alphanumeric characters, fixed length a..3 up to 3 alphabetic characters n..3 up to 3 numeric characters an..3 up to 3 alphanumeric characters Notes Segment note number(s) A.1.2 Dependency notes identifiers Code Name D1 One and only one D2 All or none D3 One or more D4 One or none D5 If first, then all D6 If first, then at least one more D7 If first, then none of the others See clause 11.5 in Part 1 for the definition of the dependency note identifiers. A.1.3 Index of segments by tag TAG Name UNH Message header UNT Message trailer USA Security algorithm USB Secured data identification USC Certificate USH Security header USR Security result UST Security trailer USX Security references USY Security on references A.1.4 Index of segments by name TAG Name USC Certificate UNH Message header UNT Message trailer USB Secured data identification USA Security algorithm USH Security header USY Security on references USX Security references USR Security result UST Security trailer A.1.5 Segment specifications Note: Only segments not defined in other parts of this International standard are included here. --------------------------------------------------------------------------- USB SECURED DATA IDENTIFICATION Function: To contain details related to the AUTACK. POS TAG Name S R Repr. Notes 010 0503 RESPONSE TYPE, CODED M 1 an..3 020 S501 SECURITY DATE AND TIME C 1 0517 Date and time qualifier M an..3 0338 Event date C n..8 0314 Event time C an..15 0336 Time offset C n4 030 S002 INTERCHANGE SENDER M 1 0004 Interchange sender identification M an..35 0007 Identification code qualifier C an..4 0008 Interchange sender internal identification C an..35 0042 Interchange sender internal sub-identification C an..35 040 S003 INTERCHANGE RECIPIENT M 1 0010 Interchange recipient identification M an..35 0007 Identification code qualifier C an..4 0014 Interchange recipient internal identification C an..35 0046 Interchange recipient internal sub-identification C an..35 --------------------------------------------------------------------------- --------------------------------------------------------------------------- USX SECURITY REFERENCES Function: To refer to the security entity and its associated date and time. POS TAG Name S R Repr. Notes 010 0020 INTERCHANGE CONTROL REFERENCE C 1 an..14 1,2,3,4, 5,6 020 S002 INTERCHANGE SENDER C 1 2 0004 Interchange sender identification M an..35 0007 Identification code qualifier C an..4 0008 Interchange sender internal identification C an..35 0042 Interchange sender internal sub-identification C an..35 030 S003 INTERCHANGE RECIPIENT C 1 3 0010 Interchange recipient identification M an..35 0007 Identification code qualifier C an..4 0014 Interchange recipient internal identification C an..35 0046 Interchange recipient internal sub-identification C an..35 040 0048 GROUP REFERENCE NUMBER C 1 an..14 4,8,9 050 S006 APPLICATION SENDER IDENTIFICATION C 1 8 0040 Application sender identification M an..35 0007 Identification code qualifier C an..4 060 S007 APPLICATION RECIPIENT IDENTIFICATION C 1 9 0044 Application recipient identification M an..35 0007 Identification code qualifier C an..4 070 0062 MESSAGE REFERENCE NUMBER C 1 an..14 5,7,10 080 S009 MESSAGE IDENTIFIER M 1 10 0065 Message type M an..6 0052 Message version number M an..3 0054 Message release number M an..3 0051 Controlling agency, coded M an..3 0057 Association assigned code C an..6 0110 Code list directory version number C an..6 0113 Message type sub-function identification C an..6 090 0800 PACKAGE REFERENCE NUMBER C 1 an..14 6,7 100 S501 SECURITY DATE AND TIME C 1 0517 Date and time qualifier M an..3 0338 Event date C n..8 0314 Event time C an..15 0336 Time offset C n4 110 S509 SECURITY REFERENCE IDENTIFICATION C 1 1 0591 Security reference qualifier M an..3 0588 Security reference C an..256 DEPENDENCY NOTES: 1. D1 (010, 110) One and only one 2. D5 (020, 010) If first, then all 3. D5 (030, 010) If first, then all 4. D5 (040, 010) If first, then all 5. D5 (070, 010) If first, then all 6. D5 (090, 010) If first, then all 7. D1 (070, 090) One and only one 8. D5 (050, 040) If first, then all 9. D5 (060, 040) If first, then all 10. D5 (080, 070) If first, then all --------------------------------------------------------------------------- USY SECURITY ON REFERENCES Function: To identify the applicable header, and to contain the security result and/or to indicate the possible cause of security rejection for the referred value. POS TAG Name S R Repr. Notes 010 0534 SECURITY REFERENCE NUMBER M 1 an..14 020 S508 VALIDATION RESULT C 1 1 0563 Validation value qualifier M an..3 0560 Validation value C an..256 030 0571 SECURITY ERROR, CODED C 1 an..3 1 NOTES: 1. D3 (020, 030) One or more --------------------------------------------------------------------------- A.2 Composite data element directory A.2.1 Legend POS The sequential position number of the component data element in the composite data element TAG The tag for the component data element contained in the composite data element. All service composite data elements are preceded by the letter "S", and all service simple data elements start with the figure "0" Name Name of a component data element in small letters S The status of the component data element in the composite data element (where M = Mandatory and C = Conditional) Repr. Data value representation of the component data element in the composite. a alphabetic characters n numeric characters an alphanumeric characters a3 3 alphabetic characters, fixed length n3 3 numeric characters, fixed length an3 3 alphanumeric characters, fixed length a..3 up to 3 alphabetic characters n..3 up to 3 numeric characters an..3 up to 3 alphanumeric characters Desc. Description of the composite data element Notes Composite data element note number(s) A.2.2 Dependency notes identifiers Code Name D1 One and only one D2 All or none D3 One or more D4 One or none D5 If first , then all D6 If first, then at least one more D7 If first, then none of the others See clause 11.5 in Part 1 for the definition of the dependency note identifiers A.2.3 Index of composite data element by TAG TAG Name S002 Interchange sender S003 Interchange recipient S006 Application sender identification S007 Application recipient identification S501 Security date and time S508 Validation result S509 Security reference identification A.2.4 Index of composite data element by name TAG Name S007 Application recipient identification S006 Application sender identification S003 Interchange recipient S002 Interchange sender S501 Security date and time S509 Security reference identification S508 Validation result A.2.5 Composite data element specifications Note: Only composite data elements not defined in other parts of this International standard are included here. --------------------------------------------------------------------------- S509 SECURITY REFERENCE IDENTIFICATION Desc: To provide a security reference. POS TAG Name S Repr. Notes 010 0591 Security reference qualifier M an..3 020 0588 Security reference M an..256 --------------------------------------------------------------------------- A.3 Simple data element directory A.3.1 Legend TAG The tag for the simple data element. All service simple data elements start with the figure "0" Name Name of a simple data element Desc. Description of the simple data element Repr. Data value representation of the simple data element : a alphabetic characters n numeric characters an alphanumeric characters a3 3 alphabetic characters, fixed length n3 3 numeric characters, fixed length an3 3 alphanumeric characters, fixed length a..3 up to 3 alphabetic characters n..3 up to 3 numeric characters an..3 up to 3 alphanumeric characters Notes Simple data element note number(s) A.3.2 Index of simple data element by tag TAG Name 0020 Interchange control reference 0048 Group reference number 0062 Message reference number 0503 Response type, coded 0534 Security reference number 0571 Security error, coded 0588 Security reference 0591 Security reference qualifier 0800 Package reference number A.3.3 Index of simple data element by name TAG Name 0048 Group reference number 0020 Interchange control reference 0062 Message reference number 0800 Package reference number 0503 Response type, coded 0571 Security error, coded 0588 Security reference 0534 Security reference number 0591 Security reference qualifier A.3.4 Simple data element specifications Note: Only simple data elements not defined in other parts of this International standard are included here. --------------------------------------------------------------------------- 0571 SECURITY ERROR, CODED Desc: Identifies the security error causing the rejection of the entity. Repr: an..3 Note 1: This element shall specify the security error encountered. These may be the reason for non-acknowledgement by a request for secure acknowledgement, or may be sent on the initiative of the receiver of an AUTACK or secured entity which contains error. --------------------------------------------------------------------------- 0588 SECURITY REFERENCE Desc: Reference of the entity according to a security entity reference system. Repr: an..256 Note 1: This data element may be used whenever a user agreed security entity reference scheme is used. For instance, it may refer to a non EDIFACT entity such as a file for compatibility with BCS (Banking Communication Standard). --------------------------------------------------------------------------- 0591 SECURITY REFERENCE QUALIFIER Desc: Qualifier of the security entity reference system. Repr: an..3 --------------------------------------------------------------------------- ANNEX B (informative) CODE LISTS 0571 Security error, coded Desc: Identifies the security error causing the rejection of the entity. Repr: an..3 1 Wrong authenticator The validation is wrong. 2 Wrong certificate The certificate is wrong. 3 Certification path The certification path is incomplete. Cannot verify. 4 Algorithm not supported The algorithm is not supported. 5 Hashing method not supported The hashing method is not supported. ---------------------------------------------------------------------- 0591 Security reference qualifier Desc: Qualifier of the security entity reference system. Repr: an..3 ZZZ Mutually defined Self explanatory. ----------------------------------------------------------------------