Скачать презентацию DEDICA Project Project TE 2005 TE Directory Скачать презентацию DEDICA Project Project TE 2005 TE Directory

fb841ccfae546f27ff5f55d7053dd6f9.ppt

  • Количество слайдов: 34

DEDICA Project : Project TE 2005 (TE) Directory Based EDI Certificate Access and Management DEDICA Project : Project TE 2005 (TE) Directory Based EDI Certificate Access and Management Manuel Medina, Juan Carlos Cruellas, Montse Rubia (DAC/UPC) URL: http: //. www. ac. upc. es/recerca/DISTR/DEDICA/default. htm

AIM OF DEDICA The aim of the project is the rapid and cost effective AIM OF DEDICA The aim of the project is the rapid and cost effective provision of EDI Certificate management infrastructure to EDI users. Addressed to those interested in the use of open standard UN/EDIFACT security services and interworking with electronic mail and other standard services.

OVERVIEW OF DEDICA PROJECT OBJECTIVES • To supply a gateway tool between the X. OVERVIEW OF DEDICA PROJECT OBJECTIVES • To supply a gateway tool between the X. 509 certification infrastructure, and the existing EDI applications that are following the UN/EDIFACT standards for certification and electronic signature mechanisms. • To specify translation rules to convert X. 509 certificates into EDIFACT certificates and viceversa. • To set up demonstrators of its applications in four experimental sites • Disseminate and exploit the results in an operational and industrial way

DEDICA SCENARIO (I) X. 500 DIRECTORY DUA X. 500 Access X. 509 Certificates X. DEDICA SCENARIO (I) X. 500 DIRECTORY DUA X. 500 Access X. 509 Certificates X. 500 Access DEDICA Cert. Map EDIFACT Certificates Mang. Map KEYMAN e-mail and X. 509 certificates users EDIFACT messages and certificates users

DEDICA SCENARIO (II): X. 509 PKI X. 509 CA EDIFACT PKI Gateway certified by DEDICA SCENARIO (II): X. 509 PKI X. 509 CA EDIFACT PKI Gateway certified by X. 509 and EDIFACT CAs. EDIFACT CA DEDICA Cert. Map Mang. Map User X X. 500 Directory User E

DEDICA SCENARIO (II) • User A in an infrastructure IA gives his certificate (generated DEDICA SCENARIO (II) • User A in an infrastructure IA gives his certificate (generated by a CA of IA -initial certificate-) and requests to DEDICA a certificate in the other infrastructure IB (derived certificate). • User A sends a message to user B in infrastructure IB (with the certificate generated by DEDICA) • User B requests DEDICA to validate the derived certificate of A. • DEDICA verifies if the initial certificate of A is still valid. He sends to B the answer to his request.

BLOCK DIAGRAM OF THE DEDICA GATEWAY (I) BLOCK DIAGRAM OF THE DEDICA GATEWAY (I)

BLOCK DIAGRAM OF THE DEDICA GATEWAY (II) CERTMAP • • • Given a valid BLOCK DIAGRAM OF THE DEDICA GATEWAY (II) CERTMAP • • • Given a valid certificate generated by a CA (initial certificate) in one format, to generate a certificate in the other format (derived certificate) Mapping information from the initial to the derived in the new format. Usage of external tools: ASN. 1 and crypto tools. MANGMAP • • • Manage connections with users. Collect requests for generating derived certificates. Verify the initial certificates arrived (access to X. 500) Collect requests of validation of derived certificates. Build response messages

DEVELOPMENT OF CERTMAP • 1: Technical analysis of X. 509 and UN/EDIFACT certificates • DEVELOPMENT OF CERTMAP • 1: Technical analysis of X. 509 and UN/EDIFACT certificates • 2: Definition and specification of the strategy for the mapping of the names • 3: Formal specification of the mapping of the certificates.

CERT-MAP STRUCTURE (CM) CERT-MAP STRUCTURE (CM)

MAPPING FROM X. 509 TO UN/EDIFACT 0. X. 509 certificate arrives. 1. CM_KE passes MAPPING FROM X. 509 TO UN/EDIFACT 0. X. 509 certificate arrives. 1. CM_KE passes DER to ASN. 1 tool. 2. ASN. 1 tool returns X. 509 certificate information in an intern format. 3 to 6 Modules map data elements. 7. CM_CE returns To. Be. Signed part of EDIFACT certificate. 8. CM_KE passes it to Cryptographic module. 9. Cryptographic module returns signature. 10. CM_FF filters signature. 11. CM_CE generates EDIFACT derived certificate.

MAPPING FROM EDIFACT TO X. 509 0. EDIFACT certificate arrives. 1. CM_CE returns certificate MAPPING FROM EDIFACT TO X. 509 0. EDIFACT certificate arrives. 1. CM_CE returns certificate information in an intern format. 2 to 5 Modules perform mapping tasks of X. 509 derived certificate. 6. CM_KE passes info to ASN. 1 tool 7. ASN. 1 tool returns To. Be. Signed. 8. CM_KE passes To. Be. Signed to Cryptographic tool. 9. Crypto tool returns signature. 10. CM_KE passes signature to ASN. 1 tool. 11. ASN. 1 tool returns X. 509 certificate.

MANG-MAP STRUCTURE (I) MANG-MAP STRUCTURE (I)

MANG-MAP STRUCTURE (II) • MK: Mang. Map Kernel. Handles the requests arrived to the MANG-MAP STRUCTURE (II) • MK: Mang. Map Kernel. Handles the requests arrived to the gateway, passes them to the corresponding module, requests the mapping of a given certificate and coordinates the processing inside the gateway • KH: KEYMAN and EDIFACT Interchange Handling. Handles the requesting interchanges and builds the answer interchanges. • XH: X. 509 PKI messages Handling. Handles the incoming messages from X. 509 PKI and builds the corresponding answer messages. .

SEQUENCE OF OPERATIONS UN/EDIFACT derived certificate request (I) • User X, with X. 509 SEQUENCE OF OPERATIONS UN/EDIFACT derived certificate request (I) • User X, with X. 509 certificate requests to the gateway the production of a derived EDIFACT certificate. • User X sends KEYMAN + X. 509 DER encoded within an EDIFACT package (UNO-UNP segments). • DEDICA gateway answers with an EDIFACT certificate within a KEYMAN message DEDICA KEYMAN UNO X. 509 UNP Cert. Map Mang. Map KEYMAN (EDIFACT Cert). User X User E

SEQUENCE OF OPERATIONS UN/EDIFACT derived certificate request (II) SEQUENCE OF OPERATIONS UN/EDIFACT derived certificate request (II)

SEQUENCE OF OPERATIONS • User X sends to user E a secured EDIFACT interchange SEQUENCE OF OPERATIONS • User X sends to user E a secured EDIFACT interchange including the derived EDIFACT certificate. DEDICA Cert. Map Mang. Map Secured Interchange & EDIFACT Cert User X User E

SEQUENCE OF OPERATIONS UN/EDIFACT derived certificate validation request (I) • User E receives secured SEQUENCE OF OPERATIONS UN/EDIFACT derived certificate validation request (I) • User E receives secured interchange with the derived EDIFACT certificate. • User E requests validation of the certificate to the gateway. • The gateway answers the request. • User E proceeds with the interchange. DEDICA Cert. Map Mang. Map User X KEYMAN(& EDIFACT Cert ) KEYMAN (Valid. result) User E

SEQUENCE OF OPERATIONS UN/EDIFACT derived certificate validation request (II) SEQUENCE OF OPERATIONS UN/EDIFACT derived certificate validation request (II)

SEQUENCE OF OPERATIONS • Mang. Map access to X. 500 Directory by using LDAP SEQUENCE OF OPERATIONS • Mang. Map access to X. 500 Directory by using LDAP in order to validate the X. 509 initial certificate. • Mang. Map validates: – Signature in X. 509 certificate. – Revocation List in X. 509 initial certificate issuer’s site. – Certification Path for the X. 509 initial certificate.

DEDICA AND X. 500 ACCESS DEDICA Cert. Map X. 500 DIRECTORY Mang. Map KH DEDICA AND X. 500 ACCESS DEDICA Cert. Map X. 500 DIRECTORY Mang. Map KH MK XH DUA LDAP SERVER

OTHER POSSIBLE USAGES DEDICA TOOLS could also be used in other environments: • CAs OTHER POSSIBLE USAGES DEDICA TOOLS could also be used in other environments: • CAs with DEDICA modules could issue both kind of certificates without needing to duplicate infrastructure (revocation lists, etc. ) • Currently existing X. 509 CAs could become an EDIFACT CA by incorporating DEDICA tools.

CURRENT STATUS • Conversion rules for X. 509 and EDIFACT certificates specified. • Cert. CURRENT STATUS • Conversion rules for X. 509 and EDIFACT certificates specified. • Cert. Map developed and working in the sense X. 509 -> EDIFACT. • Mang. Map finished. • Pilots starting. Certification services for EDIFACT users.

COOPERATION ACTIVITIES WITH OTHER PROJECTS AND PROGRAM SECTORS • SEMPER Project • ICE-TEL Project COOPERATION ACTIVITIES WITH OTHER PROJECTS AND PROGRAM SECTORS • SEMPER Project • ICE-TEL Project • E 2 S

PLANS FOR DEMONSTRATION, EXPLOITATION, IMPLEMENTATION AND EXPECTED ACHIEVEMENTS • ETS, European Trusted third parties PLANS FOR DEMONSTRATION, EXPLOITATION, IMPLEMENTATION AND EXPECTED ACHIEVEMENTS • ETS, European Trusted third parties Services • Demonstration phase with the involvement of European wide users’ communities • Development and/or enhancement of services.

COMMITMENT AND ABILITY OF THE PARTICIPANTS TO OPERATE IN THE MARKET AREAS INVOLVED • COMMITMENT AND ABILITY OF THE PARTICIPANTS TO OPERATE IN THE MARKET AREAS INVOLVED • INTRASOFT/ INTERBANK – HEDIVAN project • FINSIEL – Italian Custom Administration

TRANSITION TO A SUCCESSFUL EXPLOITATION PHASE • A second users’ meeting will be organised TRANSITION TO A SUCCESSFUL EXPLOITATION PHASE • A second users’ meeting will be organised to demonstrate the capabilities of the DEDICA gateway to different users’ comunities, and to developers of EDI applications.

X. 509 INITIAL CERTIFICATE (I): SHORT DN SEQUENCE (331) { to. Be. Signed SEQUENCE X. 509 INITIAL CERTIFICATE (I): SHORT DN SEQUENCE (331) { to. Be. Signed SEQUENCE (310) { version [0] INTEGER (1) 0 x 00 (0) DEFAULT serial. Number INTEGER (2) 0 x 04 D 2 (1234) signature SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs 1 -md 5 With. RSAEncryption parameters TYPE (2) with { NULL (0) } } issuer SEQUENCE OF (49) RDN { O=CARoot, O=CASP, O=CA_UPC } validity SEQUENCE (30) { not. Before UTCTime (13) "961218111200 Z" not. After UTCTime (13) "971218111200 Z" } subject SEQUENCE OF (44) RDN { C=es, O=upc, CN=medina } subject. Public. Key. Info SEQUENCE (159) { algorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs 1 -rsa. Encryption parameters TYPE (2) with { NULL (0) } } subject. Public. Key BIT STRING (141) Encapsulates { TYPE (140) with { r. SAPublic. Key SEQUENCE (137) { modulus INTEGER (129) 0 x 00 BF 2 B 9 E 56769 AAEB 79564 F 63 D 9 CE 6759 FC 8 CD 851761 F 13 CD 63 EC 6 D ABF 08 A 5 FE 6 C 2219 E 888 D 48 DB 753 E 141 BE 0169 D 3 F 404 F 993 D 7 F 389 DAF 1 D 27370 F 5 D 6 E 173 A 75 BFB 9 D 75 E 13 D 11 DAFDA 2 D 197084355 BA 0159 EE 60 A E 34 B 1 F 1 C 50426 D 323 F 1 E 748 CF 34 C 1 E 0 B 0 FA 7 EC 94 CF 0 FFCD 41 A 3 D 66 C 5 B 6 AF 7 B 64008 D 6 CDD 14806 D 43 A 0 D 461 D 6 F exponent INTEGER (3) 0 x 010001 (65537) } } issuer. UId [1] IMPLICIT BIT STRING OPTIONAL NOT PRESENT subject. UId [2] IMPLICIT BIT STRING OPTIONAL NOT PRESENT extensions [3] SEQUENCE OF OPTIONAL NOT PRESENT } signature. Algorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs 1 -md 5 With. RSAEncryption parameters TYPE (2) with { NULL (0) } } signature BIT STRING (0) }

EDIFACT CERTIFICATE CONTENTS AND CODIFICATION (I) USC (v 3) : CERTIFICATE SEGMENT 0536. . EDIFACT CERTIFICATE CONTENTS AND CODIFICATION (I) USC (v 3) : CERTIFICATE SEGMENT 0536. . CERTIFICATE REFERENCE 1 S 500: SECURITY IDENTIFICATION DETAILS 0577. . Security party qualifier 3 0538. . Key name Manel Medina Key 1 0586. . Security party name EDI Manuel Medina S 500: SECURITY IDENTIFICATION DETAILS 0577. . Security party qualifier 4 0586. . Security party name DEDICAName 0544. . FORMAT CERTIFICATE VERSION XXY 0505. . FILTER FUNCTION, CODED 5 0507. . CHARACTER SET ENCODING, CODED 2 0543. . CHARACTER REPERTOIRE, CODED 2 S 501_V 3: SECURITY DATE AND TIME 0517. . Date and time qualifier, coded 3 0502. . Date 19961218 0504. . Time 111211 S 501_V 3: SECURITY DATE AND TIME 0517. . Date and time qualifier, coded 4 0502. . Date 19971218 0504. . Time 111211 USA (v 3) : SECURITY ALGORITHM S 502: SECURITY ALGORITHM 0523. . Use of algorithm, coded 3 0527. . Algorithm, coded 10 USA (v 3) : SECURITY ALGORITHM S 502: SECURITY ALGORITHM 0523. . Use of algorithm, coded 4 0527. . Algorithm, coded 6 USA (v 3) : SECURITY ALGORITHM S 502: SECURITY ALGORITHM 0523. . Use of algorithm, coded 6 0527. . Algorithm, coded 10 S 503_V 3: ALGORITHM PARAMETER 0532. . Algorithm parameter value 04 J 61 TB/WLH, PH/D=38 MYV-1 M 5 BSJO 3 A 8 XH 8 TSLRM)QJDM=AE/X 3 PAI. QJQUBQG 94 H 08 HTE)0 TQKK 7 XU, UDKT 5 -FRLTWCG 0 NCVQLYIV 7 /2 KCZ 50 T 0 Y 168 B)G 081 X 07 O 55 ORGRB. 5 G 64/=W 0. STPQ(AOLRHNZ AS 2 ZH-93 XTTOCSAYCW 8)9 TVZS//0. S 81 Q 9 UI 2 P 0531. . Algorithm parameter qualifier, coded 12 S 503_V 3: ALGORITHM PARAMETER 0532. . Algorithm parameter value 05/01 0531. . Algorithm parameter qualifier, coded 13 S 503_V 3: ALGORITHM PARAMETER 0532. . Algorithm parameter value 1024 0531. . Algorithm parameter qualifier, coded 14 USC+1+3: : : 1234 Reg. Scheme. ID 560 C=es, O=upc, CN=m: edina+4: : : DEDICAName+XXY+5+2+2++++++3: 19961218: 111200+4: 19971218: 111200' USA+3: : : 10+++++'USA+4: : : 6+++++'USA+7: : : 10+04 J 61 TB/WLH, PH/D=38 MYV-1 M 5 BSJO 3 A 8 XH 8 TSLRM)QJDM=AE/X 3 PAI. QJQUBQG 94 H 0 8 HTE)0 TQKK 7 XU, UDKT 5 -FRLTWCG 0 NCVQLYIV 7/2 KCZ 50 T 0 Y 168 B)G 081 X 07 O 55 ORGRB. 5 G 64/=W 0. STPQ(AOLRHNZAS 2 ZH-93 XTTOC SAYCW 8)9 TVZS//0. S 81 Q 9 UI 2 P: 12+05/01: 13+1024: 14++'USR+P()68 CY 9 D 5 ZW 8 EN 3 ILEOIVE=DYOJHGL 2)2. OISSEIOHT 32 C 95 BVMMJCNIN, EW 6 -225 K. CE/2 Y 5(X 61 WAK 5 ZC 9 RAVWM 55 B 1)DHRUGQ/8 JBOESQI 5 UK, NQ 2 SXW 4 -C 3, =Y. 3 J 2 KTASVEE 2 I 84 MMKDJUUWOX 9 UQXD, JY OBFUELHBVE 7 G 95 S/7 X-IUX 6 Y/DAK 4 S 25'

X. 509 INITIAL CERTIFICATE (II): LONG DN SEQUENCE (439) { to. Be. Signed SEQUENCE X. 509 INITIAL CERTIFICATE (II): LONG DN SEQUENCE (439) { to. Be. Signed SEQUENCE (418) { version [0] INTEGER (1) 0 x 00 (0) DEFAULT serial. Number INTEGER (2) 0 x 04 D 2 (1234) signature SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs 1 -md 5 With. RSAEncryption parameters TYPE (2) with { NULL (0) } } issuer SEQUENCE OF (49) RDN { O=CARoot, O=CASP, O=CA_UPC } validity SEQUENCE (30) { not. Before UTCTime (13) "961218111200 Z" not. After UTCTime (13) "971218111200 Z" } subject SEQUENCE OF (151) RDN { C=es, O=This is an example of very long organisation name, OU=organisational unit name, CN=long DN for the subject (Part 1) } subject. Public. Key. Info SEQUENCE (159) { algorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs 1 -rsa. Encryption parameters TYPE (2) with { NULL (0) } } subject. Public. Key BIT STRING (141) Encapsulates { TYPE (140) with { r. SAPublic. Key SEQUENCE (137) { modulus INTEGER (129) 0 x 00 BF 2 B 9 E 56769 AAEB 79564 F 63 D 9 CE 6759 FC 8 CD 851761 F 13 CD 63 EC 6 DABF 08 A 5 F E 6 C 2219 E 888 D 48 DB 753 E 141 BE 0169 D 3 F 404 F 993 D 7 F 389 DAF 1 D 27370 F 5 D 6 E 173 A 75 B FB 9 D 75 E 13 D 11 DAFDA 2 D 197084355 BA 0159 EE 60 AE 34 B 1 F 1 C 50426 D 323 F 1 E 748 CF 34 C 1 E 0 B 0 FA 7 EC 94 CF 0 FFCD 41 A 3 D 66 C 5 B 6 AF 7 B 64008 D 6 CDD 14806 D 43 A 0 D 461 D 6 F exponent INTEGER (3) 0 x 010001 (65537) } } issuer. UId [1] IMPLICIT BIT STRING OPTIONAL NOT PRESENT subject. UId [2] IMPLICIT BIT STRING OPTIONAL NOT PRESENT extensions [3] SEQUENCE OF OPTIONAL NOT PRESENT } signature. Algorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs 1 -md 5 With. RSAEncryption parameters TYPE (2) with { NULL (0) } } signature BIT STRING (0) }

EDIFACT CERTIFICATE CONTENTS AND CODIFICATION (II) USC (v 3) : CERTIFICATE SEGMENT 0536. . EDIFACT CERTIFICATE CONTENTS AND CODIFICATION (II) USC (v 3) : CERTIFICATE SEGMENT 0536. . CERTIFICATE REFERENCE 1 S 500: SECURITY IDENTIFICATION DETAILS 0577. . Security party qualifier 3 0586. . Security party name 1234 Reg. Scheme. ID 561 OU=organisationa 0586. . Security party name l unit name, CN=long DN for the sub 0586. . Security party name ject (Part 1) 000001 S 500: SECURITY IDENTIFICATION DETAILS 0577. . Security party qualifier 4 0586. . Security party name DEDICAName 0544. . FORMAT CERTIFICATE VERSION XXY 0505. . FILTER FUNCTION, CODED 5 0507. . CHARACTER SET ENCODING, CODED 2 0543. . CHARACTER REPERTOIRE, CODED 2 S 501_V 3: SECURITY DATE AND TIME 0517. . Date and time qualifier, coded 3 0502. . Date 19961218 0504. . Time 111200 S 501_V 3: SECURITY DATE AND TIME 0517. . Date and time qualifier, coded 4 0502. . Date 19971218 0504. me. . . Ti 111200 USA (v 3) : SECURITY ALGORITHM S 502: SECURITY ALGORITHM 0523. . Use of algorithm, coded 3 0527. . Algorithm, coded 10 USA (v 3) : SECURITY ALGORITHM S 502: SECURITY ALGORITHM 0523. . Use of algorithm, coded 4 0527. . Algorithm, coded 6 USA (v 3) : SECURITY ALGORITHM S 502: SECURITY ALGORITHM 0523. . Use of algorithm, coded 7 0527. . Algorithm, coded 10 S 503_V 3: ALGORITHM PARAMETER 0532. . Algorithm parameter value 04 J 61 TB/WLH, PH/D=38 MYV-1 M 5 BSJO 3 A 8 XH 8 TSLRM)QJDM=AE/X 3 PAI. QJQUBQG 94 H 08 HTE)0 TQKK 7 XU, UDKT 5 -FRLTWCG 0 NCVQLYIV 7 /2 KCZ 50 T 0 Y 168 B)G 081 X 07 O 55 ORGRB. 5 G 64/=W 0. STPQ(AOLRHNZ AS 2 ZH-93 XTTOCSAYCW 8)9 TVZS//0. S 81 Q 9 UI 2 P 0531. . Algorithm parameter qualifier, coded 12 S 503_V 3: ALGORITHM PARAMETER 0532. . Algorithm parameter value 05/01 0531. . Algorithm parameter qualifier, coded 13 S 503_V 3: ALGORITHM PARAMETER 0532. . Algorithm parameter value 1024 0531. . Algorithm parameter qualifier, coded 14 USC+1+3: : : 1234 Reg. Scheme. ID 561 OU=organisationa: l unit name, CN=long DN for the sub: ject (Part 1) 000001+4: : : DEDICAName+XXY+5+2+2++++++3: 19961218: 111200 +4: 19971218: 111200'USA+3: : : 10+++++'USA+4: : : 6+++++'USA+7: : : 10+04 J 61 TB/WLH, PH/D=38 MYV-1 M 5 BSJO 3 A 8 XH 8 TSLRM)QJDM=AE/X 3 PAI. QJQUBQG 94 H 08 HTE)0 TQKK 7 XU , UDKT 5 -FRLTWCG 0 NCVQLYIV 7/2 KCZ 50 T 0 Y 168 B)G 081 X 07 O 55 ORGRB. 5 G 64/=W 0. STPQ(AOLRHNZAS 2 ZH-93 XTTOCSAYCW 8)9 TVZS//0. S 81 Q 9 UI 2 P: 12+05/01: 13+1024: 14++'U SR+BCHQ 8 UV)LPE, Y 14 VJO 2 D 6 E)TS, WYU 74 QZF(WUAUS 7 JNLN 0 A 8 D 2 FOMCJDNMZIESDNDI 2 O /4 QNB, H 61, M 3, WO 74)SI, CM 4 QKU. GHUIBU 2 JIG 6 LPLOOK 3 PEUWB H 2 V 6 O=27 M 361 QM/9 XRIJNP 5 YSNDIR 73 UBRQX 9 QT, N), NUWY 8 FUA 8 Q=XXLRFVSBA-G 2 HHOFVW('

X. 509 INITIAL CERTIFICATE (III): EXTENSIONS SEQUENCE (424) { to. Be. Signed SEQUENCE (403) X. 509 INITIAL CERTIFICATE (III): EXTENSIONS SEQUENCE (424) { to. Be. Signed SEQUENCE (403) { version [0] INTEGER (1) 0 x 02 (2) serial. Number INTEGER (2) 0 x 04 D 2 (1234) signature SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs 1 -md 5 With. RSAEncryption parameters TYPE (2) with { NULL (0) } } issuer SEQUENCE OF (49) RDN { O=CARoot, O=CASP, O=CA_UPC } validity SEQUENCE (30) { not. Before UTCTime (13) "961218111200 Z" not. After UTCTime (13) "971218111200 Z" } subject SEQUENCE OF (44) RDN { C=es, O=upc, CN=medina } subject. Public. Key. Info SEQUENCE (159) { algorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs 1 -rsa. Encryption parameters TYPE (2) with { NULL (0) } } subject. Public. Key BIT STRING (141) Encapsulates { TYPE (140) with { r. SAPublic. Key SEQUENCE (137) { modulus INTEGER (129) 0 x 00 BF 2 B 9 E 56769 AAEB 79564 F 63 D 9 CE 6759 FC 8 CD 851761 F 13 CD 63 EC 6 DABF 08 A 5 FE 6 C 2219 E 888 D 48 DB 753 E 141 BE 0169 D 3 F 404 F 993 D 7 F 389 DAF 1 D 27370 F 5 D 6 E 173 A 75 BFB 9 D 75 E 13 D 11 DAFDA 2 D 197084355 BA 0159 EE 60 AE 34 B 1 F 1 C 50426 D 323 F 1 E 748 CF 34 C 1 E 0 B 0 FA 7 EC 94 CF 0 FFCD 41 A 3 D 66 C 5 B 6 AF 7 B 64008 D 6 CDD 14806 D 43 A 0 D 461 D 6 F exponent INTEGER (3) 0 x 010001 (65537) } } issuer. UId [1] IMPLICIT BIT STRING OPTIONAL NOT PRESENT subject. UId [2] IMPLICIT BIT STRING OPTIONAL NOT PRESENT extensions [3] SEQUENCE OF (84) { extension SEQUENCE (14) { extn. Id OBJECT IDENTIFIER (3) id-ce-key. Usage critical BOOLEAN (1) TRUE extn. Value OCTET STRING (4) Encapsulates { TYPE (4) with { BIT STRING (2) 07 80 } } } extension SEQUENCE (30) { extn. Id OBJECT IDENTIFIER (3) id-ce-subject. Key. Identifier critical BOOLEAN (1) TRUE extn. Value OCTET STRING (20) Encapsulates { TYPE (20) with { OCTET STRING (18) "Manel Medina Key 1" } } } extension SEQUENCE (34) { extn. Id OBJECT IDENTIFIER (3) id-ce-subject. Alt. Name critical BOOLEAN (1) TRUE extn. Value OCTET STRING (24) Encapsulates { TYPE (24) with { SEQUENCE OF (22) { general. Name CHOICE (22) { edi. Party. Name [5] IMPLICIT SEQUENCE (20) { name. Assigner [0] CHOICE OPTIONAL NOT PRESENT party. Name [1] CHOICE (18) { Printable. String (16) "EDI Manel Medina" } } } } } signature. Algorithm SEQUENCE (13) { algorithm OBJECT IDENTIFIER (9) pkcs 1 -md 5 With. RSAEncryption parameters TYPE (2) with { NULL (0) } } signature BIT STRING (0) }

EDIFACT CERTIFICATE CONTENTS AND CODIFICATION (III) USC (v 3) : CERTIFICATE SEGMENT 0536. . EDIFACT CERTIFICATE CONTENTS AND CODIFICATION (III) USC (v 3) : CERTIFICATE SEGMENT 0536. . CERTIFICATE REFERENCE 1 S 500: SECURITY IDENTIFICATION DETAILS 0577. . Security party qualifier 3 0538. . Key name Manel Medina Key 1 0586. . Security party name EDI Manel Medina S 500: SECURITY IDENTIFICATION DETAILS 0577. . Security party qualifier 4 0586. . Security party name DEDICAName 0544. . FORMAT CERTIFICATE VERSION XXY 0505. . FILTER FUNCTION, CODED 5 0507. . CHARACTER SET ENCODING, CODED 2 0543. . CHARACTER REPERTOIRE, CODED 2 S 501_V 3: SECURITY DATE AND TIME 0517. . Date and time qualifier, coded 3 0502. . Date 19961218 0504. . Time 111200 S 501_V 3: SECURITY DATE AND TIME 0517. . Date and time qualifier, coded 4 0502. . Date 19971218 0504. . Time 111200 USA (v 3) : SECURITY ALGORITHM S 502: SECURITY ALGORITHM 0523. . Use of algorithm, coded 3 0527. . Algorithm, coded 10 USA (v 3) : SECURITY ALGORITHM S 502: SECURITY ALGORITHM 0523. . Use of algorithm, coded 4 0527. . Algorithm, coded 6 USA (v 3) : SECURITY ALGORITHM S 502: SECURITY ALGORITHM 0523. . Use of algorithm, coded 6 0527. . Algorithm, coded 10 S 503_V 3: ALGORITHM PARAMETER 0532. . Algorithm parameter value 04 J 61 TB/WLH, PH/D=38 MYV-1 M 5 BSJO 3 A 8 XH 8 TSLRM)QJDM=AE/X 3 PAI. QJQUBQG 94 H 08 HTE)0 TQKK 7 XU, UDKT 5 -FRLTWCG 0 NCVQLYIV 7 /2 KCZ 50 T 0 Y 168 B)G 081 X 07 O 55 ORGRB. 5 G 64/=W 0. STPQ(AOLRHNZ AS 2 ZH-93 XTTOCSAYCW 8)9 TVZS//0. S 81 Q 9 UI 2 P 0531. . Algorithm parameter qualifier, coded 12 S 503_V 3: ALGORITHM PARAMETER 0532. . Algorithm parameter value 05/01 0531. . Algorithm parameter qualifier, coded 13 S 503_V 3: ALGORITHM PARAMETER 0532. . Algorithm parameter value 1024 0531. . Algorithm parameter qualifier, coded 14 USC+1+3: Manel Medina Key 1: : EDI Manel Medina+4: : : DEDICAName+XXY+5+2+2++++++3: 19961218: 111200+4: 19971218: 111200'USA+3: : : 10+++++' USA+4: : : 6+++++'USA+6: : : 10+04 J 61 TB/WLH, PH/D=38 MYV-1 M 5 BSJO 3 A 8 XH 8 TSLRM)QJDM=AE/X 3 PAI. QJQUBQG 94 H 08 HTE)0 TQKK 7 XU, UDKT 5 FRLTWCG 0 NCVQLYIV 7/2 KCZ 50 T 0 Y 168 B)G 081 X 07 O 55 ORGRB. 5 G 64/=W 0. STPQ(AOLRHNZAS 2 ZH-93 XTTOCSAYCW 8)9 TVZS//0. S 81 Q 9 UI 2 P: 12+ 05/01: 13+1024: 14++'USR+F 93 IFAG 3. 94 T 8 GIFH 13 O. INHVT/BPC 8 KIO 3 XN 77 LHHL 4 L 214 LOVYO=83 ZU. 86010 Z 6 WL 96 O 8 G. 1 I 004 NSVWJR 29 U(L 6 JIUL /3 J 8 H=WYD 7 HIW 0 C 0 RP 1 E 4 S 52 ZFDOHJO 3 J 66/92. BT 8, PIR 1 D 5 Z 425 T 48 E, 51 EP 37 I. M 3 FP 2 P 1 PB 3 CA 4 M(VU(, 6 OV 8 FHAG/YLY'

DELIVERABLES LIST ID D 03. 1 D 03. 2 D 03. 3 D 05. DELIVERABLES LIST ID D 03. 1 D 03. 2 D 03. 3 D 05. 1 D 05. 2 D 06. 1 D 07. 2 Title Technical description of X 509 and UN/EDIFACT certificates. Specific user requirements on certificate data elements mapping. Naming conversion rules specification functional requirements. Final specification of Cert. Map conversion rules. EDI security functions API’s specification Secure EDI communications API specification Specification of the Cert. Map data types and architecture. Functional specification of Mang. Map. Final specificatio of Mang. Map Conversion Rules.