ISO 19626-2 pdf free download
ISO 19626-2-2021 pdf free download.Processes, data elements and documents in commerce, industry and administration一Trusted communication platform for electronic documents – Part 2: Applications.
4.3 Functionalities of TCP components
4.3.1 TTP identity directory
4.3.1.1 General
TTP identity directory provides a service to store and retrieve e-identity information on the entity after identifying and authenticating the entity participating in trusted communication in a reliable method. The entity becomes a member of TCP as a communication client after registering an e-identity in the TTP identity directory. In one TCP, only one TTP identity directory that has e-identity information on all communication clients shall exist logically. In other words, even if the e-identity information is physically distributed or replicated information exists in various places, there should be only one integrated e-identity information logically and one shall be able to obtain the same information no matter when or by whom the information is searched or retrieved.
TTP identity directory provides the 5 functions defined in 4.3.1.2 to 4.3.1.6.
4.3.1.2 To register and manage trusted list of TCP communication server
— A TCP communication server shall perform the function to transmit or receive e-documents by receiving the request of the communication client. For doing it, this server shall be registered in the TTP identity directory.
— Before the TTP identity directory registers a TCP communication server, methods or procedures to verify functional security requirements, conformity of standards and interoperability shall be determined according to TCP main’ policy. However, such a policy of the TTP identity directory shall reach a mutual agreement between the participants of TCP,
— After the communication server goes through verification on whether the concerned server is implemented by conforming to the standard and whether the necessary functional requirements are implemented, the network address of communication server and the information necessary for security, etc. shall be registered at the trusted list in the TTP identity directory.
— The trusted list of registered communication servers is managed as the whitelist and only the communication server listed in the whitelist can participate in trusted communication. The whitelist consists of a trusted list of TCP communication servers in the process of communication server registration.
4.3.1.3 To identify entity
— TTP identity directory shall check and authenticate whether the information provided by the entity is identical to its actual information in the real world (e.g. if the entity is a person or an organization, name or unique ID of the entity such as resident registration number, social security number or DUNS number, etc. and in case of a loT device, it includes device ID, IP number and etc.) in the process of registering, modifying or deleting e-identity information.
— Criteria or methods for verifying the identity of an entity are determined according to the policy of the TTP identity directory and these shall be agreed between the participants who are performing trusted communication under the concerned TCP system.
4.3.1.4 To register and manage Information of entity
— To perform trusted communication under a TCP system, the entity shall register e.identity information to the TTP identity directory.
— The entity may be a person or a conceptual subject such as a company, an organization, or loT device, etc.
— For the entity to register its information, information on which communication server is used for sending or receiving e-documents in trusted mode is also necessary in addition to the basic information on the entity such as unique ID which represents an e-identity, entity name, and an ID commonly used in the real world (offline).
— In TCP, an entity is represented as an e-identity; and only an entity that has registered its e.identity may participate in trusted communication of e-documents as a TCP communication client.
4.3.1.5 To search eidentity information
— If the transmitting client intends to send an e-document to a receiving client in TCP, the transmitting server which receives a request of sending an e-document from the transmitting client shall query to the TTP identity directory in order to obtain information on the receiving server which receives e-documents on the behalf of the receiving client.
— For this, the transmitting server requests to retrieve information which includes the network address of the receiving server used by the receiving client to the TTP identity directory using the e-identity ID value of the receiving client. After retrieving the requested information, the TTP identity directory returns the retrieved information to the transmitting server.
— Also, in order to verify whether the transmitting server that has sent the message is the legitimate communication server performing the role as an agent of transmission for the transmitting client at the time of receiving the message, the receiving server shall query on this to the TTP identity directory.
4.3.1.6 To handle spam messages, blacklist and whitelist
— Once the received message is determined as a spam message, the receiving client reports this message as a spam message to the TTP identity directory through the receiving server. The identity directory shall review the spam message status of this message after receiving the report of the spam message.
— Once the TTP identity directory determines the reported message as the spam message, the TTP identity directory shall add the originator (i.e. the e-identity of transmitting client) of the concerned message in blacklist and shall notify the updated blacklist to all communication servers in TCP. Unlike the whitelist managed as a list of communication servers, the blacklist is registered and managed as a list ole-identities.
— Criteria or procedures to decide whether the submitted report of the spam message is appropriate are determined according to the policy of the TTP identity directory and shall be agreed between TCPSPS (TCP service providers) who are performing trusted communication under the concerned TCP system.
4.3.2 TCP communication server
4.3.2.1 General
TCP communication server provides a service to send or receive e-documents using a trusted method by receiving a request of communication clients under a TCP system. All communication servers in one TCP shall be implemented according to mutually agreed transmission or reception protocols inside the TCR Accordingly, all communication servers shall he verified in advance on whether the system
© ISO 2021 – All rights reserved 5
ISO 19626-2:2021(E)
operates by conforming to the standards agreed in TCP main and whether it is interoperable with other components in order to participate in TCP.
Methods or procedures to verify conformity with standards or interoperability on the communication server shall be determined by mutual agreement between the TCPSPs.
TCP communication server shall provide the functions defined in 4.3.2.2 to 4.3.2.11. ISO 19626-2 pdf download.