BS ISO 15782-1:2009
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
Certificate management for financial services Public key certificates
Hardcopy , PDF
17-04-2018
English
31-12-2009
Important note : All end users must be registered with an Account prior to user licenses being assigned.
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviations
5 Public key infrastructure
6 Certification authority systems
7 Data elements and relationships
8 Public key certificate and Certificate Revocation List
extensions
Annex A (normative) - Certification Authority audit journal
contents and use
Annex B (informative) - Alternative trust models
Annex C (informative) - Suggested requirements for the
acceptance of certificate request data
Annex D (informative) - Multiple algorithm certificate
validation example
Annex E (informative) - Certification Authority techniques for
disaster recovery
Annex F (informative) - Distribution of certificates and
Certificate Revocation Lists
Bibliography
Describes a certificate management system for financial industry use for legal and natural persons that includes: - credentials and certificate contents, - Certification Authority systems, including certificates for digital signatures and for encryption key management, - certificate generation, distribution, validation and renewal, - authentication structure and certification paths, and - revocation and recovery procedures.
| Committee |
IST/12
|
| DevelopmentNote |
Supersedes 07/30169475 DC. (12/2009)
|
| DocumentType |
Standard
|
| Pages |
60
|
| PublisherName |
British Standards Institution
|
| Status |
Superseded
|
| SupersededBy | |
| Supersedes |
This part of ISO15782 defines a certificate management system for financial industry use for legal and natural persons that includes
-
credentials and certificate contents,
-
Certification Authority systems, including certificates for digital signatures and for encryption key management,
-
certificate generation, distribution, validation and renewal,
-
authentication structure and certification paths, and
-
revocation and recovery procedures.
This part of ISO15782 also recommends some useful operational procedures (e.g. distribution mechanisms, acceptance criteria for submitted credentials).
Implementation of this part of ISO15782 will also be based on business risks and legal requirements.
This part of ISO15782 does not include
-
the protocol messages used between the participants in the certificate management process,
-
requirements for notary and time stamping,
-
Certificate Policy and Certification Practices requirements, or
-
Attribute Certificates.
While this part of ISO15782 provides for the generation of certificates that could include a public key used for encryption key management, it does not address the generation or transport of keys used for encryption.
Implementers wishing to comply with ISO/IEC9594-8 can utilize the certificate structures defined by that International Standard. Those wishing to implement compatible certificate and certificate revocation structures but without the overhead associated with the X.500 series can utilize the ASN.1 structures defined in ISO15782-2. ISO15782-2 can also be referred to for a financial services profile of certificate and CRL extensions.
ISO21188 provides additional information for implementers on Certificate Policies, Certification Practice Statements, and PKI controls. ISO21188 sets out a framework of requirements to manage a PKI through Certificate Policies and Certification Practice Statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks.
NOTE The use of a bold sans serif font, such as CertReqData or CRLEntry, denotes the use of abstract syntax notation (ASN.1), as defined in ISO/IEC8824-1 to ISO/IEC8824-4 and ISO/IEC8825-1 and ISO/IEC8825-2. Where it makes sense to do so, the ASN.1 term is used in place of normal text. Refer to ISO15782-2 for related ASN.1 modules.
| Standards | Relationship |
| ISO 15782-1:2009 | Identical |
| ANSI X9.30.1 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - PART 1: THE DIGITAL SIGNATURE ALGORITHM (DSA) |
| ANSI X9.57 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: CERTIFICATE MANAGEMENT |
| FIPS PUB 140 : 0001 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
| ANSI X9.55 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: EXTENSIONS TO PUBLIC KEY CERTIFICATES AND CERTIFICATE REVOCATION LISTS |
| ISO/IEC 8825-2:2015 | Information technology ASN.1 encoding rules: Specification of Packed Encoding Rules (PER) Part 2: |
| ISO/IEC TR 14516:2002 | Information technology Security techniques Guidelines for the use and management of Trusted Third Party services |
| ISO/IEC 8825-1:2015 | Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1: |
| ISO/IEC 15945:2002 | Information technology — Security techniques — Specification of TTP services to support the application of digital signatures |
| ISO/IEC 9834-1:2012 | Information technology — Procedures for the operation of object identifier registration authorities — Part 1: General procedures and top arcs of the international object identifier tree |
| ISO/IEC 18033-2:2006 | Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers |
| ISO 13491-1:2016 | Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
| ISO/IEC 8824-2:2015 | Information technology Abstract Syntax Notation One (ASN.1): Information object specification Part 2: |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
| ISO 15782-2:2001 | Banking Certificate management Part 2: Certificate extensions |
| ISO/IEC 9594-6:2017 | Information technology Open Systems Interconnection The Directory Part 6: Selected attribute types |
| ISO/IEC 8824-4:2015 | Information technology Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications Part 4: |
| ISO/IEC 10118-3:2004 | Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions |
| ANSI X9.79-1 : 2001 | FINANCIAL SERVICES PUBLIC KEY INFRASTRUCTURE - PART 1: PKI PRACTICES AND POLICY FRAMEWORK |
| ISO/IEC 8824-1:2015 | Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation Part 1: |
| ISO 21188:2006 | Public key infrastructure for financial services Practices and policy framework |
| ISO/IEC 9594-2:2017 | Information technology Open Systems Interconnection The Directory Part 2: Models |
| ISO/IEC 9594-1:2017 | Information technology Open Systems Interconnection The Directory Part 1: Overview of concepts, models and services |
| ISO/IEC 8824-3:2015 | Information technology Abstract Syntax Notation One (ASN.1): Constraint specification Part 3: |
| ANSI X9.31 : 1998 | DIGITAL SIGNATURES USING REVERSIBLE PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY (RDSA) |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.