Secure authentication and acknowledgement message
5. Segments Layout
 
Segment number:
6
-
M
99
-
A group of segments identifying the security service and security mechanisms applied and containing the data necessary to carry out the validation calculations.
This segment group shall specify the security service and algorithm(s) applied to the referenced EDIFACT structure. Each security header group shall be linked to a security trailer group, and additionally linked to the USY segment(s).
-
C
2
-
A group of segments containing the data necessary to validate the security methods applied.
-
M
1
-
 
Function:
 
To convey the public key and the credentials of its owner.

Dependency Notes:
1. D5(110,100) If first, then all

Notes:
2. 0536, if a full certificate (including the USR segment) is not used, the only data elements of the certificate shall be a unique certificate reference made of: the certificate reference (0536), the S500 identifying the issuer certification authority or the S500 identifying the certificate owner, including its public key name. In the case of a non-EDIFACT certificate data element 0545 shall also be present.
3. S500/0538, identifies a public key: either of the owner of this certificate, or the public key related to the private key used by the certificate issuer (certification authority or CA) to sign this certificate.
4. 0507, the original character set encoding of the certificate when it was signed. If no value is specified, the character set encoding corresponds to that identified by the character set repertoire standard.
5. 0543, the original character set repertoire of the certificate when it was signed. If no value is specified, the default is defined in the interchange header.
6. S505, when this certificate is transferred, it will use the default service characters defined in part 1 of ISO 9735, or those defined in the service string advice, if used. This data element may specify the service characters used when the certificate was signed. If this data element is not used then they are the default service characters.
7. S501, dates and times involved in the certification process. Four occurrences of this composite data element are possible: one for the certificate generation date and time, one for the certificate start of validity period, one for the certificate end of validity period, one for revocation date and time.
 
EDIFACT
EAN
*
Description
0536
Certificate reference
C
an..35
O
 
If an advanced electronic signature is used, the reference of the qualified certificate is given. This data element is used in combination with DE 0577 (code value 4 = Authenticating party).
S500
SECURITY IDENTIFICATION DETAILS
C
R
   
Security party qualifier
M
an..3
M
*
=
Certificate owner
=
Authenticating party
Identification of the role of the security parties (signature key owner or trusted third party).
0538
Key name
C
an..35
O
 
Identification of the public key to verify the digital signature by the recipient.
0511
Security party identification
C
an..512
O
 
Identification of the trusted third party (trust center) issuing the certificate identified in DE 0536.
For identification of parties it is recommended to use GLN - Format n13.
Security party code list qualifier
C
an..3
D
*
=
GS1
=
Mutually agreed
Security party code list responsible agency, coded
C
an..3
N
   
0586
Security party name
C
an..35
N
   
0586
Security party name
C
an..35
N
   
0586
Security party name
C
an..35
N
   
Certificate syntax and version, coded
C
an..3
D
 
=
X.509
Where it is decided to refer to a non-EDIFACT certificate (such as X.509), the certificate syntax and version shall be identified in data element 0545 of the USC segment. Such certificates may be conveyed in an EDIFACT package.
Filter function, coded
C
an..3
N
   
Original character set encoding, coded
C
an..3
N
   
Certificate original character set repertoire, coded
C
an..3
N
   
0546
User authorisation level
C
an..35
N
   
S505
SERVICE CHARACTER FOR SIGNATURE
C
N
   
Service character for signature qualifier
M
an..3
     
0548
Service character for signature
M
an..4
     
S501
SECURITY DATE AND TIME
C
N
   
Date and time qualifier
M
an..3
     
0338
Event date
C
n..8
     
0314
Event time
C
an..15
     
0336
Time offset
C
n4
     
Security status, coded
C
an..3
N
   
Revocation reason, coded
C
an..3
N
   
Segment Notes:
This segment either contains information regarding the certificate, and identifies the certification authority which has generated the certificate, or is used to identify bilaterally interchanged signature keys.

1. Use of USC for certificate reference:
A certificate reference (DE 0536) and trusted third party (DEG S500, DE  0577 = 4 and DEG S500, DE 511) can be identified.
Example 1:
USC+AXZ4711+4::5412345000006:2+3'

2. Use of USC for reference to signature keys:
Identification of the name of the signature key in DEG S500, DE 0538 (DEG S500, DE 0577 = 3).
The interchange of signature keys and the references have to be bilaterally agreed between the partners.
Example 2:
USC++3:PUBLIC KEY 01'
© Copyright GS1
Edition 2016