Version 1: Release Note 28 November 2014


Command Authenticity and Integrity Verification



Download 4.8 Mb.
Page157/258
Date03.04.2021
Size4.8 Mb.
1   ...   153   154   155   156   157   158   159   160   ...   258

Command Authenticity and Integrity Verification


The Device shall undertake processing according to the requirements of this section before undertaking any other processing of the Command.

The checks should be carried out in the order specified. The Device shall cease checking at the point that any one check fails.

The checks required are shown in Table 13.2.4.3.

Check Number

Criteria that shall be tested by the Device

How the Device shall test the Criteria

1.1

The Message is for the Device

The value in the Business Target ID field of the Message Identifier part of the Command instance must be equal to the Device’s Entity Identifier

1.2

The Message Code is for Provide Security Credentials

The value in the Message Code field of the Command instance must be equal to 0x0008

2.1

The Command was protected cryptographically using the Private Key corresponding to the Remote Party Public Key held in the Trust Anchor Cell identified by authorisingRemotePartyTACellIdentifier

As specified in Section 13.2.4.3.1

Table 13.2.4.3: Provide Security Credentials Command authenticity and integrity verification

Should any of the checks detailed in this Section 13.2.4.3 fail then the Device shall:



  • generate an entry in the Security Log recording failed Authentication;

  • discard the Command without execution and without sending a Response; and

  • send an Alert notifying the failed Authentication, constructed as specified in Section 6.2.4.2, populated with the relevant Alert Code from Section 16 , to the Known Remote Party identified by the Security Credentials it holds in the {supplier, management, digitalSignature} Trust Anchor Cell.

Where all of the checks detailed in this Section 13.2.4.3 succeed the Device shall process the Command and produce a Response.
          1. Command Authenticity and Integrity Verification

The Device shall undertake the following checks until either all are successful or one has failed.

1. If trustAnchorCellUsage is present it has a value of management else this test shall fail.

2. If trustAnchorCellKeyUsage = keyAgreement then

((trustAnchorCellRemotePartyRole = accessControlBroker) and (the MAC calculated by the Device according to Table 13.2.4.3.1 equates to ACB-SMD MAC)

else

((trustAnchorCellKeyUsage = digitalSignature) and (the Device shall use the Public Key in the Trust Anchor Cell identified by authorisingRemotePartyTACellIdentifier to verify that KRP Signature is the Digital Signature across Grouping Header || @ProvideSecurityCredentialDetails.Command)



else

3. This test shall fail.



Input Parameter


Directory: government -> uploads -> system -> uploads -> attachment data -> file
file -> Remove this if sending to pagerunnerr Page Title Light Rail Security Recommended Best Practice
file -> 8 Section 1 : Sport
file -> Notice of exercise of additional powers of seizure under Sections 50 or 51 of the Criminal Justice and Police Act 2001
file -> Home office circular 004/2014 Powers to search for and seize invalid travel documents in Schedule 8 to the Anti-social Behaviour, Crime and Policing Act 2014
file -> Consultation on the Royal Parks and Other Open Spaces (Amendment) (No. 2) Regulations 2012
file -> Crown copyright 2012
file -> This is the Report to Government by the Film Policy Review Panel The brief
file -> Impact Assessment (IA)
file -> Dcms/Wolfson Museums and Galleries Improvement Fund a public-Private Partnership (2002-2010)


Share with your friends:
1   ...   153   154   155   156   157   158   159   160   ...   258




The database is protected by copyright ©essaydocs.org 2020
send message

    Main page