AUTACK Secure authentication and acknowledgement
Syntax Development Group (SDG)
AUTACK is a message authenticating sent, or providing secure acknowledgement of received interchanges, groups, messages or packages.
A secure authentication and acknowledgement message can be used to:
a) give secure authentication, integrity or non-repudiation of origin to messages, packages, groups or interchanges.
b) give secure acknowledgement or non-repudiation of receipt to secured messages, packages, groups or interchanges.
Header
- 0010Message headerMandatoryMax 1
To head, identify and specify a message.
1. Data element S009/0057 is retained for upward compatibility. The use ofS016 and/or S017 is encouraged in preference.2. The combination of the values carried in data elements 0062 and S009 shallbe used to identify uniquely the message within its group (if used) or ifnot used, within its interchange, for the purpose of acknowledgement. - Segment group 1Repeat 99
- 0030Security headerMandatoryMax 1
To specify a security mechanism applied to a EDIFACT structure (i.e.: either message/package, group or interchange).
1. 0541, if not present the default scope is the current security headersegment group and the message body or object itself.2. 0507, the original character set encoding of the EDIFACT structure when itwas secured. If no value is specified, the character set encodingcorresponds to that identified by the syntax identifier characterrepertoire in the UNB segment.3. S500, two occurrences are possible: one for the security originator, onefor the security recipient.4. S500/0538, may be used to establish the key relationship between thesending and receiving parties.5. S501, may be used as a security timestamp. It is security related and maydiffer from any dates and times that may appear elsewhere in the EDIFACTstructure. It may be used to provide sequence integrity. - 0040Security algorithmConditionalMax 3
To identify a security algorithm, the technical usage made of it, and to contain the technical parameters required.
1. S503, provides space for one parameter. The number of repetitions of S503actually used will depend on the algorithm used. The order of theparameters is arbitrary but, in each case, the actual value is preceded bya coded algorithm parameter qualifier. - Segment group 2Repeat 2
- 0060CertificateMandatoryMax 1
To convey the public key and the credentials of its owner.
1. D5(110, 100) If first, then all2. 0536, if a full certificate (including the USR segment) is not used, theonly data elements of the certificate shall be a unique certificatereference made of: the certificate reference (0536), the S500 identifyingthe issuer certification authority or the S500 identifying the certificateowner, including its public key name. In the case of a non-EDIFACTcertificate data element 0545 shall also be present.3. S500/0538, identifies a public key: either of the owner of thiscertificate, or the public key related to the private key used by thecertificate issuer (certification authority or CA) to sign thiscertificate.4. 0507, the original character set encoding of the certificate when it wassigned. If no value is specified, the character set encoding correspondsto that identified by the character set repertoire standard.5. 0543, the original character set repertoire of the certificate when it wassigned. If no value is specified, the default is defined in theinterchange header.6. S505, when this certificate is transferred, it will use the defaultservice characters defined in part 1 of ISO 9735, or those defined in theservice string advice, if used. This data element may specify the servicecharacters used when the certificate was signed. If this data element isnot used then they are the default service characters.7. S501, dates and times involved in the certification process. Fouroccurrences of this composite data element are possible: one for thecertificate generation date and time, one for the certificate start ofvalidity period, one for the certificate end of validity period, one forrevocation date and time. - 0070Security algorithmConditionalMax 3
To identify a security algorithm, the technical usage made of it, and to contain the technical parameters required.
1. S503, provides space for one parameter. The number of repetitions of S503actually used will depend on the algorithm used. The order of theparameters is arbitrary but, in each case, the actual value is preceded bya coded algorithm parameter qualifier. - 0080Security resultConditionalMax 1
To contain the result of the security mechanisms.
1. S508, two occurrences shall be used in the case of signature algorithmsrequiring two parameters to express the result.In the case of an RSA signature, only one occurrence of S508 shall beused.In the case of a DSA signature two occurrences of S508 shall be used.
- 0060CertificateMandatoryMax 1
- 0030Security headerMandatoryMax 1
- 0090Secured data identificationMandatoryMax 1
To contain details related to the AUTACK.
- Segment group 3Repeat 9999
- 0110Security referencesMandatoryMax 1
To refer to the secured EDIFACT structure and its associated date and time.
1. D5(050, 040) If first, then all2. D1(070, 090) One and only one3. D5(060, 040) If first, then all4. D5(080, 070) If first, then all - 0120Security on referencesMandatoryMax 9
To identify the applicable header, and to contain the security result and/or to indicate the possible cause of security rejection for the referred value.
1. D3(020, 030) One or more
- 0110Security referencesMandatoryMax 1
- Segment group 4Repeat 99
- 0140Security trailerMandatoryMax 1
To establish a link between security header and security trailer segment groups.
- 0150Security resultConditionalMax 1
To contain the result of the security mechanisms.
1. S508, two occurrences shall be used in the case of signature algorithmsrequiring two parameters to express the result.In the case of an RSA signature, only one occurrence of S508 shall beused.In the case of a DSA signature two occurrences of S508 shall be used.
- 0140Security trailerMandatoryMax 1
- 0160Message trailerMandatoryMax 1
To end and check the completeness of a message.
1. 0062, the value shall be identical to the value in 0062 in thecorresponding UNH segment.