International Organization for Standardization (ISO)
Latest
ISO 20828:2006
Scope
This International Standard establishes a uniform practice for the issuing and management of security certificates for use in Public Key Infrastructure applications. Assuming that all entities, intending to set up a secure data exchange to other entities based on private and public keys, are able to provide their own certificate, the certificate management scheme guarantees that the entities will get all additional information needed to establish trust to other entities, from a single source in a simple and unified format. The certificate management is flexible with respect to the relations between Certification Authorities, not requesting any hierarchical structure. It does not prescribe centralized directories or the like, being accessible by all entities involved. With these properties, the management scheme is optimized for applications in the automotive domain.
This International Standard details the role and responsibilities of the Certification Authority relating to certificate issuing and distribution. It specifies how to handle certificate validity and certificate policies. This is
the prerequisite for each entity to make sure it can actually trust another entity when intending to exchange data of a specific kind with it.
This International Standard prescribes a Certificate format, which is a special implementation of the well-known X.509 certificate according to ISO/IEC 9594-8. It specifies the structure and use of every certificate component such that it complies with the certificate management established.
ISO 20828:2006 Referenced Document
ISO 15764 Road vehicles - Extended data link security
ISO 3779 Road vehicles - Vehicle identification number (VIN) - Content and structure*, 2009-10-01 Update
ISO 3780 Road vehicles - World manufacturer identifier (WMI) code; Technical Corrigendum 1*, 2010-12-15 Update
ISO/IEC 15408-3 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Part 3: Security assurance components*, 2022-08-09 Update
ISO/IEC 8824-1 Information technology -- Abstract Syntax Notation One (ASN.1)-- Part 1:Specification of basic notation*, 2021-06-30 Update
ISO/IEC 8824-2 Information technology -- Abstract Syntax Notation One (ASN.1)-- Part 2:Information object specification*, 2021-06-30 Update
ISO/IEC 8824-3 Information technology -- Abstract Syntax Notation One (ASN.1)-- Part 3:Constraint specification*, 2021-06-30 Update
ISO/IEC 9594-2 Information technology-Open systems interconnection-Part 2: The Directory: Models*, 2024-04-01 Update
ISO/IEC 9594-8 Information technology-Open systems interconnection-Part 8: The Directory: Public-key and attribute certificate frameworks*, 2024-04-01 Update