|
|
A group of segments identifying the security service and security mechanisms applied and containing the data necessary to carry out the validation calculations. This segment group shall specify the security service and algorithm(s) applied to the referenced EDIFACT structure. Each security header group shall be linked to a security trailer group, and additionally linked to the USY segment(s). |
|
|
|
|
A group of segments containing the data necessary to validate the security methods applied. |
|
|
|
|
|
Function: |
|
To convey the public key and the credentials of its owner.
Dependency Notes: 1. D5(110,100) If first, then all
Notes: 2. 0536, if a full certificate (including the USR segment) is not used, the only data elements of the certificate shall be a unique certificate reference made of: the certificate reference (0536), the S500 identifying the issuer certification authority or the S500 identifying the certificate owner, including its public key name. In the case of a non-EDIFACT certificate data element 0545 shall also be present. 3. S500/0538, identifies a public key: either of the owner of this certificate, or the public key related to the private key used by the certificate issuer (certification authority or CA) to sign this certificate. 4. 0507, the original character set encoding of the certificate when it was signed. If no value is specified, the character set encoding corresponds to that identified by the character set repertoire standard. 5. 0543, the original character set repertoire of the certificate when it was signed. If no value is specified, the default is defined in the interchange header. 6. S505, when this certificate is transferred, it will use the default service characters defined in part 1 of ISO 9735, or those defined in the service string advice, if used. This data element may specify the service characters used when the certificate was signed. If this data element is not used then they are the default service characters. 7. S501, dates and times involved in the certification process. Four occurrences of this composite data element are possible: one for the certificate generation date and time, one for the certificate start of validity period, one for the certificate end of validity period, one for revocation date and time. |
|
|
|
EAN
|
*
|
|
|
|
|
O
|
|
|
If an advanced electronic signature is used, the reference of the qualified certificate is given. This data element is used in combination with DE 0577 (code value 4 = Authenticating party). |
|
|
|
SECURITY IDENTIFICATION DETAILS |
|
|
R
|
|
|
|
|
|
M
|
*
|
|
|
= |
Certificate owner |
|
|
= |
Authenticating party |
|
Identification of the role of the security parties (signature key owner or trusted third party). |
|
|
|
|
O
|
|
|
Identification of the public key to verify the digital signature by the recipient. |
|
|
|
Security party identification |
|
|
O
|
|
|
Identification of the trusted third party (trust center) issuing the certificate identified in DE 0536. |
|
For identification of parties it is recommended to use GLN - Format n13. |
|
|
|
Security party code list qualifier |
|
|
D
|
*
|
|
|
|
Security party code list responsible agency, coded |
|
|
N
|
|
|
|
|
|
N
|
|
|
|
|
|
N
|
|
|
|
|
|
N
|
|
|
|
|
Certificate syntax and version, coded |
|
|
D
|
|
|
|
= |
X.509 |
|
Where it is decided to refer to a non-EDIFACT certificate (such as X.509), the certificate syntax and version shall be identified in data element 0545 of the USC segment. Such certificates may be conveyed in an EDIFACT package. |
|
|
|
|
N
|
|
|
|
|
Original character set encoding, coded |
|
|
N
|
|
|
|
|
Certificate original character set repertoire, coded |
|
|
N
|
|
|
|
|
|
N
|
|
|
|
|
SERVICE CHARACTER FOR SIGNATURE |
|
|
N
|
|
|
|
|
Service character for signature qualifier |
|
|
|
|
|
|
|
Service character for signature |
|
|
|
|
|
|
|
|
N
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
N
|
|
|
|
|
|
N
|
|
|
|
Segment Notes: |
|
This segment either contains information regarding the certificate, and identifies the certification authority which has generated the certificate, or is used to identify bilaterally interchanged signature keys.
1. Use of USC for certificate reference: A certificate reference (DE 0536) and trusted third party (DEG S500, DE 0577 = 4 and DEG S500, DE 511) can be identified. Example 1: USC+AXZ4711+4::5412345000006:2+3'
2. Use of USC for reference to signature keys: Identification of the name of the signature key in DEG S500, DE 0538 (DEG S500, DE 0577 = 3). The interchange of signature keys and the references have to be bilaterally agreed between the partners. Example 2: USC++3:PUBLIC KEY 01' |
|