OID: {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) aca-ee(1) major-version-2(2) minor-version-4(4)}
This is the parent structure for all structures exchanged between the ACA and the EE. The ACA - EE interface is a logical interface rather than a direct communications interface in that there is no direct message flow between the ACA and the EE: Messages from the ACA are stored by the RA and subsequently forwarded to the EE. The PDUs are identified as ACA-EE PDUs even though the RA acts as a forwarder for them because those PDUs are created by the ACA and encrypted for the EE, and not modified and frequently not read by the RA. An overview of this structure is as follows:
AcaEeInterfacePdu ::= CHOICE {
acaEeCertResponse AcaEeCertResponse,
...
}
This structure contains a certificate and associated data as generated by the ACA for the EE that will be the holder of that certificate. An overview of this structure is as follows:
version of type Uint8 (2)
contains the current version of the structure.
generationTime of type Time32
contains the generation time of AcaEeCertResponse.
certificate of type Certificate
contains an authorization certificate generated by the
ACA. It is of the type indicated by the type field in the corresponding
request (if the requester requested an incorrect type, the response would
be an error not an instance of this structure).
privateKeyInfo of type OCTET STRING (SIZE (32)) OPTIONAL
shall be:
NOTE: In the case where the butterfly expansion function is used to set certEncKey in RaAcaCertRequest, the value j is not communicated to the ACA. However, the EE that receives the certificate response can only decrypt the response if it knows j. The RA is therefore anticipated to store j so that it can be associated with the appropriate certificate response. The RA encodes j in the filename.
AcaEeCertResponse ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
certificate Certificate,
privateKeyInfo OCTET STRING (SIZE (32)) OPTIONAL,
...
}