ČSN 36 9791 ED.A (369791) Information technology - Country Verifying Certification Authority Key Management Protocol for SPOC (Angl. verze)
- Norma: ČSN 36 9791 ED.A (369791)
- Název: Information technology - Country Verifying Certification Authority Key Management Protocol for SPOC (Angl. verze)
- Kategorie: 3697 - Identifikační karty a ochrana dat
- Katalogový kód:85000
- Dostupnost:Tisk
- Třídící znak:369791
- Platnost:Norma není platná
- Vydání:12/2009
- Účinnost:01/2010 - 12/2018
- Jazyk:Část nebo celá norma je v angličtině.
Anotace textu normy ČSN 36 9791 ED.A (369791)
Machine readable travel documents (MRTD) support advanced security mechanisms for the protection of the data stored in the MRTD. One of these mechanisms is the extended access control (EAC). If data stored in a MRTD is protected by EAC a terminal must be authenticated by the MRTD and must prove its right to the MRTD before the terminal can access the data. EAC as well as other advanced security mechanisms are described in [BSI-EAC]. The terminal authentication to be performed before reading protected data out of a MRTD is based on card verifiable (CV) certificates which can be verified by a MRTD. The access rights given to a terminal are coded within the CV certificate. After verifying the CV certificate the MRTD grants access to its data according to the access rights coded in the CV certificate. A public key infrastructure for the generation and distribution of the CV certificates is outlined in [BSI-EAC]. This EAC-PKI will be constructed by all member states of the EU. A common certificate policy for the entities of the EAC-PKI is given by [EUCP].
Within the EAC-PKI each member state operates its own root CA called country verifying CA (CVCA). The second level of the EAC-PKI is formed by CAs called Document Verifier (DV). Each DV is associated to the national CVCA of its own country. The DV gets its own CV certificates from that national and foreign CVCAs and generates the CV certificates for inspection systems (IS) within its sphere of influence. From this point of view inspection systems are the holder of the end user certificates of the EAC-PKI.
Zdroj: Česká Agentura pro Standardizaci (www.agentura-cas.cz) - smluvní partner
Náhled obsahu normy dočadně není k dispozici.