Context Navigation

Back to Internal/Rbac/RbacResources

RbacResources: 95948X509A4.ps

File 95948X509A4.ps, 398.8 KB (added by hedinger, 18 years ago)

Line
1	%!PS-Adobe-3.0
2	%%Title: (9594-8 \| X.509)
3	%%Creator: (Microsoft Word: LaserWriter 8 8.1.1)
4	%%CreationDate: (09:43 26 June1994)
5	%%For: (hoyt)
6	%%Pages: 40
7	%%DocumentFonts: Helvetica-Bold Helvetica Helvetica-Oblique Times-Bold Symbol Times-Roman Times-Italic ZapfDingbats
8	%%DocumentNeededFonts: Helvetica-Bold Helvetica Helvetica-Oblique Times-Bold Symbol Times-Roman Times-Italic
9	%%DocumentSuppliedFonts: ZapfDingbats
10	%%DocumentData: Clean7Bit
11	%%PageOrder: Ascend
12	%%Orientation: Portrait
13	%ADO_PaperArea: -12 -13 830 582
14	%ADO_ImageableArea: 0 0 818 568
15	%%EndComments
16	/md 240 dict def md begin
17	/currentpacking where {pop /sc_oldpacking currentpacking def true setpacking}if
18	%%BeginFile: adobe_psp_basic
19	%%Copyright: Copyright 1990-1993 Adobe Systems Incorporated. All Rights Reserved.
20	/bd{bind def}bind def
21	/xdf{exch def}bd
22	/xs{exch store}bd
23	/ld{load def}bd
24	/Z{0 def}bd
25	/T/true
26	/F/false
27	/:L/lineto
28	/lw/setlinewidth
29	/:M/moveto
30	/rl/rlineto
31	/rm/rmoveto
32	/:C/curveto
33	/:T/translate
34	/:K/closepath
35	/:mf/makefont
36	/gS/gsave
37	/gR/grestore
38	/np/newpath
39	14{ld}repeat
40	/$m matrix def
41	/av 81 def
42	/por true def
43	/normland false def
44	/psb-nosave{}bd
45	/pse-nosave{}bd
46	/us Z
47	/psb{/us save store}bd
48	/pse{us restore}bd
49	/level2
50	/languagelevel where
51	{
52	pop languagelevel 2 ge
53	}{
54	false
55	}ifelse
56	def
57	/featurecleanup
58	{
59	stopped
60	cleartomark
61	countdictstack exch sub dup 0 gt
62	{
63	{end}repeat
64	}{
65	pop
66	}ifelse
67	}bd
68	/noload Z
69	/startnoload
70	{
71	{/noload save store}if
72	}bd
73	/endnoload
74	{
75	{noload restore}if
76	}bd
77	level2 startnoload
78	/setjob
79	{
80	statusdict/jobname 3 -1 roll put
81	}bd
82	/setcopies
83	{
84	userdict/#copies 3 -1 roll put
85	}bd
86	level2 endnoload level2 not startnoload
87	/setjob
88	{
89	1 dict begin/JobName xdf currentdict end setuserparams
90	}bd
91	/setcopies
92	{
93	1 dict begin/NumCopies xdf currentdict end setpagedevice
94	}bd
95	level2 not endnoload
96	/pm Z
97	/mT Z
98	/sD Z
99	/realshowpage Z
100	/initializepage
101	{
102	/pm save store mT concat
103	}bd
104	/endp
105	{
106	pm restore showpage
107	}def
108	/$c/DeviceRGB def
109	/rectclip where
110	{
111	pop/rC/rectclip ld
112	}{
113	/rC
114	{
115	np 4 2 roll
116	:M
117	1 index 0 rl
118	0 exch rl
119	neg 0 rl
120	:K
121	clip np
122	}bd
123	}ifelse
124	/rectfill where
125	{
126	pop/rF/rectfill ld
127	}{
128	/rF
129	{
130	gS
131	np
132	4 2 roll
133	:M
134	1 index 0 rl
135	0 exch rl
136	neg 0 rl
137	fill
138	gR
139	}bd
140	}ifelse
141	/rectstroke where
142	{
143	pop/rS/rectstroke ld
144	}{
145	/rS
146	{
147	gS
148	np
149	4 2 roll
150	:M
151	1 index 0 rl
152	0 exch rl
153	neg 0 rl
154	:K
155	stroke
156	gR
157	}bd
158	}ifelse
159	%%EndFile
160	%%BeginFile: adobe_psp_colorspace_level1
161	%%Copyright: Copyright 1991-1993 Adobe Systems Incorporated. All Rights Reserved.
162	/G/setgray ld
163	/:F/setrgbcolor ld
164	%%EndFile
165	level2 startnoload
166	%%BeginFile: adobe_psp_patterns_level1
167	%%Copyright: Copyright 1991-1993 Adobe Systems Incorporated. All Rights Reserved.
168	/patfreq Z
169	/patangle Z
170	/bk Z
171	/fg Z
172	/docolorscreen Z
173	/graystring Z
174	/pattransf{}def
175	/initQDpatterns
176	{
177	/patfreq 9.375 store
178	/patangle
179	1 0 $m defaultmatrix dtransform
180	exch atan
181	por not
182	{90 add}if
183	normland{180 add}if
184	store
185	:a
186	}def
187	/docolorscreen
188	/setcolorscreen where
189	{
190	pop/currentcolorscreen where
191	{
192	pop/setcmykcolor where
193	{
194	pop true
195	}{
196	false
197	}ifelse
198	}{
199	false
200	}ifelse
201	}{
202	false
203	}ifelse
204	def
205	/setgraypattern
206	{
207	/graystring xs
208	patfreq
209	patangle
210	{
211	1 add
212	4 mul
213	cvi
214	graystring
215	exch get
216	exch
217	1 add 4 mul
218	cvi
219	7 sub
220	bitshift
221	1 and
222	}setscreen
223	64 div setgray
224	}bd
225	/:b
226	{
227	/pattransf load settransfer
228	pop pop pop
229	setgraypattern
230	}bd
231	docolorscreen startnoload
232	/screensave 5 array def
233	/:a{currentgray currentscreen currenttransfer screensave astore pop}bd
234	/:e{screensave aload pop settransfer setscreen setgray}bd
235	/:d
236	{
237	pop pop pop
238	/pattransf load settransfer
239	setgraypattern 8{pop}repeat
240	}bd
241	/:c
242	/:d ld
243	docolorscreen endnoload docolorscreen not startnoload
244	/screensave 20 array def
245	/:a{currentcmykcolor currentcolorscreen currentcolortransfer screensave astore pop}bd
246	/:e{screensave aload pop setcolortransfer setcolorscreen setcmykcolor}bd
247	/rstring Z
248	/grstring Z
249	/blstring Z
250	/convroll{64 div 4 -1 roll}bd
251	/setcolorpattern
252	{
253	/graystring xs
254	/blstring xs
255	/grstring xs
256	/rstring xs
257	patfreq
258	patangle
259	{
260	1 add 4 mul cvi rstring
261	exch get exch 1 add 4 mul
262	cvi 7 sub bitshift 1 and
263	}
264	patfreq
265	patangle
266	{
267	1 add 4 mul cvi grstring
268	exch get exch 1 add 4 mul
269	cvi 7 sub bitshift 1 and
270	}
271	patfreq
272	patangle
273	{
274	1 add 4 mul cvi blstring
275	exch get exch 1 add 4 mul
276	cvi 7 sub bitshift 1 and
277	}
278	patfreq
279	patangle
280	{
281	1 add 4 mul cvi graystring
282	exch get exch 1 add 4 mul
283	cvi 7 sub bitshift 1 and
284	}
285	setcolorscreen
286	convroll convroll convroll convroll
287	setcmykcolor
288	}bd
289	/:d
290	{
291	pop pop pop
292	/pattransf load settransfer
293	pop pop setcolorpattern
294	}bd
295	/:c
296	/:d ld
297	docolorscreen not endnoload
298	%%EndFile
299	level2 endnoload level2 not startnoload
300	%%BeginFile: adobe_psp_patterns_level2
301	%%Copyright: Copyright 1990-1993 Adobe Systems Incorporated. All Rights Reserved.
302	/pmtx Z
303	/BGnd Z
304	/FGnd Z
305	/PaintData Z
306	/PatternMtx Z
307	/PatHeight Z
308	/PatWidth Z
309	/$d Z
310	/savecolor 4 array def
311	/savecolorspace Z
312	/:a{
313	mark 0 0 0 currentcolor savecolor astore pop cleartomark
314	/savecolorspace currentcolorspace store
315	}bd
316	/:e{
317	savecolorspace setcolorspace
318	mark savecolor aload pop setcolor cleartomark
319	}bd
320	/initQDpatterns
321	{
322	gS
323	initmatrix
324	mT dup 4 get exch 5 get :T
325	1 0 dtransform round exch round exch idtransform
326	dup mul exch dup mul exch add sqrt
327	0 1 dtransform round exch round exch idtransform
328	dup mul exch dup mul exch add sqrt
329	neg
330	scale
331	0
332	por not{90 add}if
333	normland{180 add}if
334	rotate
335	matrix currentmatrix
336	gR
337	/pmtx xs
338	:a
339	}bd
340	/:t
341	{
342	14 dict begin
343	/BGnd xdf
344	/FGnd xdf
345	/PaintData xdf
346	/PatternType 1 def
347	/PaintType 1 def
348	/BBox[0 0 1 1]def
349	/TilingType 1 def
350	/XStep 1 def
351	/YStep 1 def
352	/PatternMtx[24 0 0 24 0 0]def
353	/PaintProc
354	BGnd null ne
355	{
356	{
357	begin
358	BGnd aload pop :F
359	0 0 1 1 rF
360	FGnd aload pop :F
361	24 24 true PatternMtx PaintData imagemask
362	end
363	}
364	}{
365	{
366	begin
367	FGnd aload pop :F
368	24 24 true PatternMtx PaintData imagemask
369	end
370	}
371	}ifelse
372	def
373	currentdict
374	PatternMtx
375	end
376	gS $c setcolorspace pmtx setmatrix makepattern gR
377	}bd
378	/:u
379	{
380	14 dict begin
381	/$d 8 dict def
382	/PatternType 1 def
383	/PaintType 1 def
384	/BBox[0 0 1 1]def
385	/TilingType 1 def
386	/XStep 1 def
387	/YStep 1 def
388	/PaintData xdf
389	/PatHeight xdf
390	/PatWidth xdf
391	/PatternMtx[PatWidth 0 0 PatHeight 0 0]def
392	$d begin
393	/ImageType 1 def
394	/MultipleDataSource false def
395	/Height PatHeight def
396	/Width PatWidth def
397	/Decode[0 1 0 1 0 1]def
398	/ImageMatrix PatternMtx def
399	/DataSource PaintData def
400	/BitsPerComponent 8 def
401	end
402	/PaintProc
403	{
404	begin
405	$d image
406	end
407	}def
408	currentdict
409	PatternMtx
410	end
411	gS $c setcolorspace pmtx setmatrix makepattern gR
412	}bd
413	/bk[1 1 1]def
414	/fg[0 0 0]def
415	/:b{
416	:t
417	setpattern
418	pop pop
419	}bd
420	/:d{
421	:t
422	setpattern
423	10{pop}repeat
424	}bd
425	/:c{
426	:u
427	setpattern
428	10{pop}repeat
429	}bd
430	%%EndFile
431	level2 not endnoload
432	%%BeginFile: adobe_psp_uniform_graphics
433	%%Copyright: Copyright 1990-1993 Adobe Systems Incorporated. All Rights Reserved.
434	/@a
435	{
436	np :M 0 rl :L 0 exch rl 0 rl :L fill
437	}bd
438	/@b
439	{
440	np :M 0 rl 0 exch rl :L 0 rl 0 exch rl fill
441	}bd
442	/arct where
443	{
444	pop
445	}{
446	/arct
447	{
448	arcto pop pop pop pop
449	}bd
450	}ifelse
451	/x1 Z
452	/x2 Z
453	/y1 Z
454	/y2 Z
455	/rad Z
456	/@q
457	{
458	/rad xs
459	/y2 xs
460	/x2 xs
461	/y1 xs
462	/x1 xs
463	np
464	x2 x1 add 2 div y1 :M
465	x2 y1 x2 y2 rad arct
466	x2 y2 x1 y2 rad arct
467	x1 y2 x1 y1 rad arct
468	x1 y1 x2 y1 rad arct
469	fill
470	}bd
471	/@s
472	{
473	/rad xs
474	/y2 xs
475	/x2 xs
476	/y1 xs
477	/x1 xs
478	np
479	x2 x1 add 2 div y1 :M
480	x2 y1 x2 y2 rad arct
481	x2 y2 x1 y2 rad arct
482	x1 y2 x1 y1 rad arct
483	x1 y1 x2 y1 rad arct
484	:K
485	stroke
486	}bd
487	/@i
488	{
489	np 0 360 arc fill
490	}bd
491	/@j
492	{
493	gS
494	np
495	:T
496	scale
497	0 0 .5 0 360 arc
498	fill
499	gR
500	}bd
501	/@e
502	{
503	np
504	0 360 arc
505	:K
506	stroke
507	}bd
508	/@f
509	{
510	np
511	$m currentmatrix
512	pop
513	:T
514	scale
515	0 0 .5 0 360 arc
516	:K
517	$m setmatrix
518	stroke
519	}bd
520	/@k
521	{
522	gS
523	np
524	:T
525	0 0 :M
526	0 0 5 2 roll
527	arc fill
528	gR
529	}bd
530	/@l
531	{
532	gS
533	np
534	:T
535	0 0 :M
536	scale
537	0 0 .5 5 -2 roll arc
538	fill
539	gR
540	}bd
541	/@m
542	{
543	np
544	arc
545	stroke
546	}bd
547	/@n
548	{
549	np
550	$m currentmatrix
551	pop
552	:T
553	scale
554	0 0 .5 5 -2 roll arc
555	$m setmatrix
556	stroke
557	}bd
558	%%EndFile
559	%%BeginFile: adobe_psp_customps
560	%%Copyright: Copyright 1990-1993 Adobe Systems Incorporated. All Rights Reserved.
561	/$t Z
562	/$p Z
563	/$s Z
564	/$o 1. def
565	/2state? false def
566	/ps Z
567	level2 startnoload
568	/pushcolor/currentrgbcolor ld
569	/popcolor/setrgbcolor ld
570	/setcmykcolor where
571	{
572	pop/currentcmykcolor where
573	{
574	pop/pushcolor/currentcmykcolor ld
575	/popcolor/setcmykcolor ld
576	}if
577	}if
578	level2 endnoload level2 not startnoload
579	/pushcolor
580	{
581	currentcolorspace $c eq
582	{
583	currentcolor currentcolorspace true
584	}{
585	currentcmykcolor false
586	}ifelse
587	}bd
588	/popcolor
589	{
590	{
591	setcolorspace setcolor
592	}{
593	setcmykcolor
594	}ifelse
595	}bd
596	level2 not endnoload
597	/pushstatic
598	{
599	ps
600	2state?
601	$o
602	$t
603	$p
604	$s
605	}bd
606	/popstatic
607	{
608	/$s xs
609	/$p xs
610	/$t xs
611	/$o xs
612	/2state? xs
613	/ps xs
614	}bd
615	/pushgstate
616	{
617	save errordict/nocurrentpoint{pop 0 0}put
618	currentpoint
619	3 -1 roll restore
620	pushcolor
621	currentlinewidth
622	currentlinecap
623	currentlinejoin
624	currentdash exch aload length
625	np clippath pathbbox
626	$m currentmatrix aload pop
627	}bd
628	/popgstate
629	{
630	$m astore setmatrix
631	2 index sub exch
632	3 index sub exch
633	rC
634	array astore exch setdash
635	setlinejoin
636	setlinecap
637	lw
638	popcolor
639	np :M
640	}bd
641	/bu
642	{
643	pushgstate
644	gR
645	pushgstate
646	2state?
647	{
648	gR
649	pushgstate
650	}if
651	pushstatic
652	pm restore
653	mT concat
654	}bd
655	/bn
656	{
657	/pm save store
658	popstatic
659	popgstate
660	gS
661	popgstate
662	2state?
663	{
664	gS
665	popgstate
666	}if
667	}bd
668	/cpat{pop 64 div G 8{pop}repeat}bd
669	%%EndFile
670	%%BeginFile: adobe_psp_basic_text
671	%%Copyright: Copyright 1990-1993 Adobe Systems Incorporated. All Rights Reserved.
672	/S/show ld
673	/A{
674	0.0 exch ashow
675	}bd
676	/R{
677	0.0 exch 32 exch widthshow
678	}bd
679	/W{
680	0.0 3 1 roll widthshow
681	}bd
682	/J{
683	0.0 32 4 2 roll 0.0 exch awidthshow
684	}bd
685	/V{
686	0.0 4 1 roll 0.0 exch awidthshow
687	}bd
688	/fcflg true def
689	/fc{
690	fcflg{
691	vmstatus exch sub 50000 lt{
692	(%%[ Warning: Running out of memory ]%%\r)print flush/fcflg false store
693	}if pop
694	}if
695	}bd
696	/$f[1 0 0 -1 0 0]def
697	/:ff{$f :mf}bd
698	/MacEncoding StandardEncoding 256 array copy def
699	MacEncoding 39/quotesingle put
700	MacEncoding 96/grave put
701	/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute
702	/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave
703	/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute
704	/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis
705	/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls
706	/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash
707	/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation
708	/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash
709	/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft
710	/guillemotright/ellipsis/space/Agrave/Atilde/Otilde/OE/oe
711	/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge
712	/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl
713	/daggerdbl/periodcentered/quotesinglbase/quotedblbase/perthousand
714	/Acircumflex/Ecircumflex/Aacute/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave
715	/Oacute/Ocircumflex/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde
716	/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron
717	MacEncoding 128 128 getinterval astore pop
718	level2 startnoload
719	/copyfontdict
720	{
721	findfont dup length dict
722	begin
723	{
724	1 index/FID ne{def}{pop pop}ifelse
725	}forall
726	}bd
727	level2 endnoload level2 not startnoload
728	/copyfontdict
729	{
730	findfont dup length dict
731	copy
732	begin
733	}bd
734	level2 not endnoload
735	md/fontname known not{
736	/fontname/customfont def
737	}if
738	/Encoding Z
739	/:mre
740	{
741	copyfontdict
742	/Encoding MacEncoding def
743	fontname currentdict
744	end
745	definefont :ff def
746	}bd
747	/:bsr
748	{
749	copyfontdict
750	/Encoding Encoding 256 array copy def
751	Encoding dup
752	}bd
753	/pd{put dup}bd
754	/:esr
755	{
756	pop pop
757	fontname currentdict
758	end
759	definefont :ff def
760	}bd
761	/scf
762	{
763	scalefont def
764	}bd
765	/scf-non
766	{
767	$m scale :mf setfont
768	}bd
769	/ps Z
770	/fz{/ps xs}bd
771	/sf/setfont ld
772	/cF/currentfont ld
773	/mbf
774	{
775	/makeblendedfont where
776	{
777	pop
778	makeblendedfont
779	/ABlend exch definefont
780	}{
781	pop
782	}ifelse
783	def
784	}def
785	%%EndFile
786	%%BeginFile: adobe_psp_derived_styles
787	%%Copyright: Copyright 1990-1993 Adobe Systems Incorporated. All Rights Reserved.
788	/wi
789	version(23.0)eq
790	{
791	{
792	gS 0 0 0 0 rC stringwidth gR
793	}bind
794	}{
795	/stringwidth load
796	}ifelse
797	def
798	/$o 1. def
799	/gl{$o G}bd
800	/ms{:M S}bd
801	/condensedmtx[.82 0 0 1 0 0]def
802	/:mc
803	{
804	condensedmtx :mf def
805	}bd
806	/extendedmtx[1.18 0 0 1 0 0]def
807	/:me
808	{
809	extendedmtx :mf def
810	}bd
811	/basefont Z
812	/basefonto Z
813	/dxa Z
814	/dxb Z
815	/dxc Z
816	/dxd Z
817	/dsdx2 Z
818	/bfproc Z
819	/:fbase
820	{
821	dup/FontType get 0 eq{
822	dup length dict begin
823	dup{1 index/FID ne 2 index/UniqueID ne and{def}{pop pop}ifelse}forall
824	/FDepVector exch/FDepVector get[exch/:fbase load forall]def
825	}/bfproc load ifelse
826	/customfont currentdict end definefont
827	}bd
828	/:mo
829	{
830	/bfproc{
831	dup dup length 2 add dict
832	begin
833	{
834	1 index/FID ne 2 index/UniqueID ne and{def}{pop pop}ifelse
835	}forall
836	/PaintType 2 def
837	/StrokeWidth .012 0 FontMatrix idtransform pop def
838	/customfont currentdict
839	end
840	definefont
841	8 dict begin
842	/basefonto xdf
843	/basefont xdf
844	/FontType 3 def
845	/FontMatrix[1 0 0 1 0 0]def
846	/FontBBox[0 0 1 1]def
847	/Encoding StandardEncoding def
848	/BuildChar
849	{
850	exch begin
851	basefont setfont
852	( )dup 0 4 -1 roll put
853	dup wi
854	setcharwidth
855	0 0 :M
856	gS
857	gl
858	dup show
859	gR
860	basefonto setfont
861	show
862	end
863	}def
864	}store :fbase
865	}bd
866	/:mso
867	{
868	/bfproc{
869	7 dict begin
870	/basefont xdf
871	/FontType 3 def
872	/FontMatrix[1 0 0 1 0 0]def
873	/FontBBox[0 0 1 1]def
874	/Encoding StandardEncoding def
875	/BuildChar
876	{
877	exch begin
878	sD begin
879	/dxa 1 ps div def
880	basefont setfont
881	( )dup 0 4 -1 roll put
882	dup wi
883	1 index 0 ne
884	{
885	exch dxa add exch
886	}if
887	setcharwidth
888	dup 0 0 ms
889	dup dxa 0 ms
890	dup dxa dxa ms
891	dup 0 dxa ms
892	gl
893	dxa 2. div dup ms
894	end
895	end
896	}def
897	}store :fbase
898	}bd
899	/:ms
900	{
901	/bfproc{
902	dup dup length 2 add dict
903	begin
904	{
905	1 index/FID ne 2 index/UniqueID ne and{def}{pop pop}ifelse
906	}forall
907	/PaintType 2 def
908	/StrokeWidth .012 0 FontMatrix idtransform pop def
909	/customfont currentdict
910	end
911	definefont
912	8 dict begin
913	/basefonto xdf
914	/basefont xdf
915	/FontType 3 def
916	/FontMatrix[1 0 0 1 0 0]def
917	/FontBBox[0 0 1 1]def
918	/Encoding StandardEncoding def
919	/BuildChar
920	{
921	exch begin
922	sD begin
923	/dxb .05 def
924	basefont setfont
925	( )dup 0 4 -1 roll put
926	dup wi
927	exch dup 0 ne
928	{
929	dxb add
930	}if
931	exch setcharwidth
932	dup dxb .01 add 0 ms
933	0 dxb :T
934	gS
935	gl
936	dup 0 0 ms
937	gR
938	basefonto setfont
939	0 0 ms
940	end
941	end
942	}def
943	}store :fbase
944	}bd
945	/:mss
946	{
947	/bfproc{
948	7 dict begin
949	/basefont xdf
950	/FontType 3 def
951	/FontMatrix[1 0 0 1 0 0]def
952	/FontBBox[0 0 1 1]def
953	/Encoding StandardEncoding def
954	/BuildChar
955	{
956	exch begin
957	sD begin
958	/dxc 1 ps div def
959	/dsdx2 .05 dxc 2 div add def
960	basefont setfont
961	( )dup 0 4 -1 roll put
962	dup wi
963	exch dup 0 ne
964	{
965	dsdx2 add
966	}if
967	exch setcharwidth
968	dup dsdx2 .01 add 0 ms
969	0 .05 dxc 2 div sub :T
970	dup 0 0 ms
971	dup dxc 0 ms
972	dup dxc dxc ms
973	dup 0 dxc ms
974	gl
975	dxc 2 div dup ms
976	end
977	end
978	}def
979	}store :fbase
980	}bd
981	/:msb
982	{
983	/bfproc{
984	7 dict begin
985	/basefont xdf
986	/FontType 3 def
987	/FontMatrix[1 0 0 1 0 0]def
988	/FontBBox[0 0 1 1]def
989	/Encoding StandardEncoding def
990	/BuildChar
991	{
992	exch begin
993	sD begin
994	/dxd .03 def
995	basefont setfont
996	( )dup 0 4 -1 roll put
997	dup wi
998	1 index 0 ne
999	{
1000	exch dxd add exch
1001	}if
1002	setcharwidth
1003	dup 0 0 ms
1004	dup dxd 0 ms
1005	dup dxd dxd ms
1006	0 dxd ms
1007	end
1008	end
1009	}def
1010	}store :fbase
1011	}bd
1012	/italicmtx[1 0 -.212557 1 0 0]def
1013	/:mi
1014	{
1015	italicmtx :mf def
1016	}bd
1017	/:v
1018	{
1019	[exch dup/FontMatrix get exch
1020	dup/FontInfo known
1021	{
1022	/FontInfo get
1023	dup/UnderlinePosition known
1024	{
1025	dup/UnderlinePosition get
1026	2 index 0
1027	3 1 roll
1028	transform
1029	exch pop
1030	}{
1031	.1
1032	}ifelse
1033	3 1 roll
1034	dup/UnderlineThickness known
1035	{
1036	/UnderlineThickness get
1037	exch 0 3 1 roll
1038	transform
1039	exch pop
1040	abs
1041	}{
1042	pop pop .067
1043	}ifelse
1044	}{
1045	pop pop .1 .067
1046	}ifelse
1047	]
1048	}bd
1049	/$t Z
1050	/$p Z
1051	/$s Z
1052	/:p
1053	{
1054	aload pop
1055	2 index mul/$t xs
1056	1 index mul/$p xs
1057	.012 mul/$s xs
1058	}bd
1059	/:m
1060	{gS
1061	0 $p rm
1062	$t lw
1063	0 rl stroke
1064	gR
1065	}bd
1066	/:n
1067	{
1068	gS
1069	0 $p rm
1070	$t lw
1071	0 rl
1072	gS
1073	gl
1074	stroke
1075	gR
1076	strokepath
1077	$s lw
1078	/setstrokeadjust where{pop
1079	currentstrokeadjust true setstrokeadjust stroke setstrokeadjust
1080	}{
1081	stroke
1082	}ifelse
1083	gR
1084	}bd
1085	/:o
1086	{gS
1087	0 $p rm
1088	$t 2 div dup rm
1089	$t lw
1090	dup 0 rl
1091	stroke
1092	gR
1093	:n
1094	}bd
1095	%%EndFile
1096	/currentpacking where {pop sc_oldpacking setpacking}if
1097	end % md
1098	%%EndProlog
1099	%%BeginSetup
1100	md begin
1101	countdictstack
1102	[
1103	{%stopped
1104	%%BeginFeature: *ManualFeed False
1105	1 dict dup /ManualFeed false put setpagedevice
1106	%%EndFeature
1107	}featurecleanup
1108	countdictstack
1109	[
1110	{%stopped
1111	%%BeginFeature: *PageSize A4
1112
1113	1 dict
1114	dup /Policies 2 dict dup /PageSize 2 put dup /MediaType 0 put put
1115	setpagedevice
1116	2 dict
1117	dup /PageSize [595 842] put
1118	dup /ImagingBBox null put
1119	setpagedevice
1120	%%EndFeature
1121	}featurecleanup
1122	(hoyt)setjob
1123	/pT[1 0 0 -1 13 830]def/mT[1 0 0 -1 13 830]def
1124	initQDpatterns
1125	/sD 16 dict def
1126	300 level2{1 dict dup/WaitTimeout 4 -1 roll put setuserparams}{statusdict/waittimeout 3 -1 roll put}ifelse
1127	%%IncludeFont: Helvetica-Bold
1128	%%IncludeFont: Helvetica
1129	%%IncludeFont: Helvetica-Oblique
1130	%%IncludeFont: Times-Bold
1131	%%IncludeFont: Symbol
1132	%%IncludeFont: Times-Roman
1133	%%IncludeFont: Times-Italic
1134	fc
1135	%%BeginFont: ZapfDingbats
1136	%!PS-AdobeFont-1.0: ZapfDingbats 001.004
1137	%%CreationDate: Fri Dec 1 12:57:36 1989
1138	%%VMusage: 39281 49041
1139	%% ITC Zapf Dingbats is a registered trademark of International Typeface
1140	%% Corporation.
1141	11 dict begin
1142	/FontInfo 10 dict dup begin
1143	/version (001.004) readonly def
1144	/Notice (Copyright (c) 1985, 1987, 1988, 1989 Adobe Systems Incorporated. All rights reserved.ITC Zapf Dingbats is a registered trademark of International Typeface Corporation.) readonly def
1145	/FullName (ITC Zapf Dingbats) readonly def
1146	/FamilyName (ITC Zapf Dingbats) readonly def
1147	/Weight (Medium) readonly def
1148	/ItalicAngle 0 def
1149	/isFixedPitch false def
1150	/UnderlinePosition -98 def
1151	/UnderlineThickness 54 def
1152	end readonly def
1153	/FontName /ZapfDingbats def
1154	/Encoding 256 array
1155	0 1 255 {1 index exch /.notdef put} for
1156	dup 32 /space put
1157	dup 33 /a1 put
1158	dup 34 /a2 put
1159	dup 35 /a202 put
1160	dup 36 /a3 put
1161	dup 37 /a4 put
1162	dup 38 /a5 put
1163	dup 39 /a119 put
1164	dup 40 /a118 put
1165	dup 41 /a117 put
1166	dup 42 /a11 put
1167	dup 43 /a12 put
1168	dup 44 /a13 put
1169	dup 45 /a14 put
1170	dup 46 /a15 put
1171	dup 47 /a16 put
1172	dup 48 /a105 put
1173	dup 49 /a17 put
1174	dup 50 /a18 put
1175	dup 51 /a19 put
1176	dup 52 /a20 put
1177	dup 53 /a21 put
1178	dup 54 /a22 put
1179	dup 55 /a23 put
1180	dup 56 /a24 put
1181	dup 57 /a25 put
1182	dup 58 /a26 put
1183	dup 59 /a27 put
1184	dup 60 /a28 put
1185	dup 61 /a6 put
1186	dup 62 /a7 put
1187	dup 63 /a8 put
1188	dup 64 /a9 put
1189	dup 65 /a10 put
1190	dup 66 /a29 put
1191	dup 67 /a30 put
1192	dup 68 /a31 put
1193	dup 69 /a32 put
1194	dup 70 /a33 put
1195	dup 71 /a34 put
1196	dup 72 /a35 put
1197	dup 73 /a36 put
1198	dup 74 /a37 put
1199	dup 75 /a38 put
1200	dup 76 /a39 put
1201	dup 77 /a40 put
1202	dup 78 /a41 put
1203	dup 79 /a42 put
1204	dup 80 /a43 put
1205	dup 81 /a44 put
1206	dup 82 /a45 put
1207	dup 83 /a46 put
1208	dup 84 /a47 put
1209	dup 85 /a48 put
1210	dup 86 /a49 put
1211	dup 87 /a50 put
1212	dup 88 /a51 put
1213	dup 89 /a52 put
1214	dup 90 /a53 put
1215	dup 91 /a54 put
1216	dup 92 /a55 put
1217	dup 93 /a56 put
1218	dup 94 /a57 put
1219	dup 95 /a58 put
1220	dup 96 /a59 put
1221	dup 97 /a60 put
1222	dup 98 /a61 put
1223	dup 99 /a62 put
1224	dup 100 /a63 put
1225	dup 101 /a64 put
1226	dup 102 /a65 put
1227	dup 103 /a66 put
1228	dup 104 /a67 put
1229	dup 105 /a68 put
1230	dup 106 /a69 put
1231	dup 107 /a70 put
1232	dup 108 /a71 put
1233	dup 109 /a72 put
1234	dup 110 /a73 put
1235	dup 111 /a74 put
1236	dup 112 /a203 put
1237	dup 113 /a75 put
1238	dup 114 /a204 put
1239	dup 115 /a76 put
1240	dup 116 /a77 put
1241	dup 117 /a78 put
1242	dup 118 /a79 put
1243	dup 119 /a81 put
1244	dup 120 /a82 put
1245	dup 121 /a83 put
1246	dup 122 /a84 put
1247	dup 123 /a97 put
1248	dup 124 /a98 put
1249	dup 125 /a99 put
1250	dup 126 /a100 put
1251	dup 161 /a101 put
1252	dup 162 /a102 put
1253	dup 163 /a103 put
1254	dup 164 /a104 put
1255	dup 165 /a106 put
1256	dup 166 /a107 put
1257	dup 167 /a108 put
1258	dup 168 /a112 put
1259	dup 169 /a111 put
1260	dup 170 /a110 put
1261	dup 171 /a109 put
1262	dup 172 /a120 put
1263	dup 173 /a121 put
1264	dup 174 /a122 put
1265	dup 175 /a123 put
1266	dup 176 /a124 put
1267	dup 177 /a125 put
1268	dup 178 /a126 put
1269	dup 179 /a127 put
1270	dup 180 /a128 put
1271	dup 181 /a129 put
1272	dup 182 /a130 put
1273	dup 183 /a131 put
1274	dup 184 /a132 put
1275	dup 185 /a133 put
1276	dup 186 /a134 put
1277	dup 187 /a135 put
1278	dup 188 /a136 put
1279	dup 189 /a137 put
1280	dup 190 /a138 put
1281	dup 191 /a139 put
1282	dup 192 /a140 put
1283	dup 193 /a141 put
1284	dup 194 /a142 put
1285	dup 195 /a143 put
1286	dup 196 /a144 put
1287	dup 197 /a145 put
1288	dup 198 /a146 put
1289	dup 199 /a147 put
1290	dup 200 /a148 put
1291	dup 201 /a149 put
1292	dup 202 /a150 put
1293	dup 203 /a151 put
1294	dup 204 /a152 put
1295	dup 205 /a153 put
1296	dup 206 /a154 put
1297	dup 207 /a155 put
1298	dup 208 /a156 put
1299	dup 209 /a157 put
1300	dup 210 /a158 put
1301	dup 211 /a159 put
1302	dup 212 /a160 put
1303	dup 213 /a161 put
1304	dup 214 /a163 put
1305	dup 215 /a164 put
1306	dup 216 /a196 put
1307	dup 217 /a165 put
1308	dup 218 /a192 put
1309	dup 219 /a166 put
1310	dup 220 /a167 put
1311	dup 221 /a168 put
1312	dup 222 /a169 put
1313	dup 223 /a170 put
1314	dup 224 /a171 put
1315	dup 225 /a172 put
1316	dup 226 /a173 put
1317	dup 227 /a162 put
1318	dup 228 /a174 put
1319	dup 229 /a175 put
1320	dup 230 /a176 put
1321	dup 231 /a177 put
1322	dup 232 /a178 put
1323	dup 233 /a179 put
1324	dup 234 /a193 put
1325	dup 235 /a180 put
1326	dup 236 /a199 put
1327	dup 237 /a181 put
1328	dup 238 /a200 put
1329	dup 239 /a182 put
1330	dup 241 /a201 put
1331	dup 242 /a183 put
1332	dup 243 /a184 put
1333	dup 244 /a197 put
1334	dup 245 /a185 put
1335	dup 246 /a194 put
1336	dup 247 /a198 put
1337	dup 248 /a186 put
1338	dup 249 /a195 put
1339	dup 250 /a187 put
1340	dup 251 /a188 put
1341	dup 252 /a189 put
1342	dup 253 /a190 put
1343	dup 254 /a191 put
1344	readonly def
1345	/PaintType 0 def
1346	/FontType 1 def
1347	/FontMatrix [0.001 0 0 0.001 0 0] readonly def
1348	/UniqueID 26200 def
1349	/FontBBox{-1 -143 981 820}readonly def
1350	currentdict end
1351	currentfile eexec
1352	A059B53B03D4CBFDCEB45275E6B096C91F82E90B0CF465D9FAF3EDD3C50527948A6CE6F1BFF66DF216754D255B9EC9D1D0F8681BA59BC13DECDF2EB2CF6552842714898472EEA9FC64DE7DFC1867A37971F8954238E4BF276B634DB32DEC9DEDD992FF58
1353	8D4B4A01F8D326F5487F6B024DA65D1B5F3283A139FDB55FA68B575FE3E2AEF2BF1BC5A88470EBA537D24713730716340A4A2ABD4199831A52DB9A37CC2F6246E2EA72FBB299EAEA81CBE8E6F30CB12F5E277C6A719096317185D582121102C214436F97
1354	8C196E4DF612D6ACB1851770CBD07717140FDA617A94BF478B823C4DE5ECF1776BC284A9A15876A0ED6BCD7A4395A5AA1779535719FE1E8CE89D32073F240C301863C391E7204F30B50E088A0667FBAA6BBCADE68A5CA8E4FBF6F13C2786CD8C599D60B8
1355	5D99E63F1331EF00FAA7F3052F237C8F0E046427167ADBF3D0AB179C83B6C467055FD31BFE280D71C170650B52545F921AF733CEAEBE0FAF03D189D157CF93F2E0603662051E736C4CAB558D40821A06C40B12FC9EE039C2730CFD4866ECC135478F9648
1356	1A52A154FA0572F06385E203DE08E13EA258868C7BD48C748D3693BFD33FA5076F19AD75922290457BFF612FB2D1080F68775D7CE5C2E5E41DDB33E0560956CCF8DB15A0095E6531695600ADE4842795A7415AB54942D6831B8B44B7E08A004AD0E92294
1357	89DA68FF8B2622B52454B70C5885E0DFB9279EC7C52988A16E784B8C5161F68CBEA6BEA39EF59A3E3B689F36CE581741DCCAC891AAA51336DAF4F63032CC2A33339A93BF182502F57E67F76B8A8B22E68BA03BE7445B8C45669918D7FE20E9A2ACE26941
1358	8D13FF24DCBD12A184CCBFC6ACD47FD6476EE414918C93673770BC050D294A33546ACA34DECC1AC877C54654402BA992C6FE2F9B7ADB69D68E5A70EA4AF8EFE3C1C64FAAD3535B3FAC91E8A0C01661325BF1F8E8CF87BD4420345A9B306587CDC9204B1B
1359	08A8BA652CC89F4C25B56825790847CB86EE745A2F37482B47BC6080348AA8254846AA18D71F364EB47F054894CDDF3C0B6808E6161ED16F5FF5374BFD886632379761BD58514F507CCDAF2AE53000DBB38A25F499743D26A0F4DF3D39EBA6113F85C01F
1360	ED5FEDFBAC677E17EF72E5949236930BD42A5423ADB7E24E5195589BB3581E31CFF24C6B8CF0EBE41A6528A60A077B288DC148B20CF1AB9F7F2321DF550C0F122410AEBACE5F578BB753C853F228AD4AB315297B748B77C91881793FA76BBC65A0F241DC
1361	7863C54653D7F0CA7FCE518AF0EE4A160373A2231655328B6503A7262419311A64399DF396FE88B46D16D273F7DC171DB71B6AAC8A2A5197EB74834BE51253474E7B3445AEBA0393E57B8A1802DF8C4F2D3BD77C5AC2AD93DA1C8CC2300275D3AD0A1E9B
1362	85CD649F87016050A568B1B9BB596C6755F0A5BFD2AC516FC1BEB1856CCA3D28EF11124B2EE8259D08C33CBDA27D0A3B7E30221D39981AEC62748DA8DFDB1968E70E08A13FC67EA21BA097C8F4257F1DF00FC7C82EE1FE5CD110EF3C1E9ACEDA6DA034F8
1363	986C2BBF9B37E7D3A541AC468590D44D61AC1D17F9C751C4F0079B096EEB2EF159F0B13CEF3EFDFAD8BDC0DADBA506F4B9E48A1D2043B34DB7E2FFADFA4D9C35EEE024FFE6B81050F0F795DE914558AB79D44770E647840F105C73570E0208EC0CA9B7CD
1364	5AE58BA01CFABB5036BF6ED78275C27AEA6C723797EDA7DF8A2798A3563C812F2F05E532B3AE9D8490B68AC5B0474F39725C13676E097E0A5FCAC982473860577D54B0C5A47AA88264CB320A51CE5C9327FBEE4045AE744D33C42E503A2FA2BE4B3F4DEA
1365	011DCB18AC909E1DB8232CD2BD2E63A89195A8890D1E287E00529DCC41962475A7A0264E851199B7E9FB9F17858F5A3684B4068CA1EDC755E0EC15277C74DF154D5C457E7558EBC8B92DE979CB6F990BDEB230F7CC0AF5D7BB8D491F0A73AFA01B6F342D
1366	4D45A6E07E0D602083CD9880B823599F69D60EF70071FD59DECF5339946513107503DD283CBA56F9B2CEA63B536C786201247AEF13EEE9F9F670368349D4FDD9F4EF6333717077CF91E14D819B8AB909430C985DAF5F0412CD9AA5D7DE885B513447B34A
1367	FE90576255EB594A9A9E938862B40826700ED99EAA0AA58CD713C8348BF6AB1BA725B4798CF3A66A20FA3F2577EC8DAD284BCF3DF559F7A37955DE5C858C4FFA2579A320FA8E5B029DA475280716837606B8E587604DB4EAC67EE68E91CA2A56B9B218AA
1368	F375BE56AF47F979694CF4E02C33746EA32C5C5A6CFB6A90BA2E1E57BC2008A5B355BFF5C503C98330BB9FEBD3D7E4F726ED79C8888194F45B618FC0FC7ABAAB13A12E21D002E1C45CFC55D5F893C03F88D212A17CF4574455768AE95D4CD1F9181C0AF0
1369	13A5C6A0F807C16FCFED2A4CB0A5874D1E5D5E9686C12ECEA3435791230F995CFC630B487355D8C5B70CAB29E86FDC91A3BE672922E44A2D0216E224B0E4605284D865F3AE678A95639044F347DFA7B68A66F8FF5447FCD62EBDE1905F02E5C13EF14D2B
1370	AB5101E96982F50F03D4D966EDCAE63754A9DC3358054F131C1D25A062667F6510673560723849AB651D7B1790357B64B2DFB28062F588149C84C40CD8E8E8641B77C228204285BD5FEAC92E035D83B64AC63C63B7CA9E411AD2392CD4402B5806EBC729
1371	F557CFEC70D6F537E1F58AC5269DEE08A77E275217DD36352BEEFD6F0A0FDFB7C95328B189A9729E252C76B402A5EE2AB138ECFCAA05F2374625A589F1EB54005EC871BE2D6F91DC798C1332789EE93AA40006C9D009C8C184BFEF812AC91BA8D526E8D6
1372	153C59DFA72CB3CA80BFAE4306AB4FDB800E8437C6BDD81B9CD194213F1AFB3C6138A8FCF18B7AF26A59DA0607CC
1373	C84A153D98B7F0201674B000DCD80C4AFF8036FBFA30194094B28D4E44A84062D2139ABAE20FA504CB6A5E026EDED94E708E9F1AE1111287AD00D2E827A2997F1023D0D86E3E68EF9D1F68FDDB00E900A7DEAD963A386B9C2F0C26E866BF542C24362D66
1374	1D8C23BAB6C9EF7D7FBA14D43455C63CF0A4AE38CECABD0F1BC58949925F60F8FA92AF58B3EDA560A7E3D0F76B16B1970376099FB0BF1C12937200072D85542665FF59F988D71AC33D5F74484D8FB1A9F7FAD8116FCC75A63F15CE541A7E13DFF1685F8C
1375	C643EF4F1D3E12078A6FF2A3744F99A5C604ED939A1AC4A37A56E986F1669223A64B5350CBE5F4BD2E6FE29875F25F6DF79008339038ABDF34226C4A9A5C3118BE490DEECFFEAF392FAE030ED8C72917A46631B74E4483DD252A77D5D4A68AEF87B20AC1
1376	8010010738F4F392EE72A413647D905576F00D3BB778126C46A81ECB31D632E2921ACBF466DD6B37FE03944A0D64CB893FDD354F8CB11086730ECC9AFCDD2F1C1EA4AD9D1FFB76586F01FE26B1B25B84FF415076C1075347E84AE50D56E87A34949DF870
1377	827680189304CE16CAF6ADBFA9F3907879D513A7E9E48B42322217B06B81C0AB5F05852F0715671B5B07F50134CD2A8CEC9F4C91EF1E08F8AAF9E546CF02A7EB2F09244875B1FEC8030CBC40A72521E4F9E3D89D6A260FD5AC4FFA8821B22EB353034349
1378	6571FB1D690AE182E8E9DB2C45887348480BAAAF13DD93FF1551ADFB36767274EE01DF7D8530D4601BC0E7324746B04A126CFD71ACDC695EBC91280DFAA4F4EE88E6647C8B4440636012651995A60BC9F34B2389EB6E8345E5B15CA078787298641E28C6
1379	0E4C1B709716808F4FDA86D328EDACB8E3A59EAB10B25E5EB1C0BC9B6F3F6382ADA60A1D9B06C2C9C16E38CC7F366BE18C334DE970103DC72B50EF4A9E9309B595E8EFA3B82627CA3F08EAE983CE698FC65EDE236CE6E71ECD64E0FD0679E90C74AB7DC1
1380	19CE0A2445F3867CFD8DA2B7D7F50813C7E62E392B6EBDF989420E3177158283427AF94E4DD7CAD5DAB56EDFAA75215E5D3F488C40CF788BC4E4F5CF6580FA717F47B8159573ABCDA24AD2CC13F3D282E44FCDE7A3ADEC34015F59050C70B6B8EA25C51F
1381	6E0D18A5F1D71A4C364491F28CA533446C2D8426BACAB4831A938797FAB24B7EAE0DF0470A9BB7B74324A8D8D7FB998B3F0FC23F3167751007F78AB3C8B3205C15582ADA7191840E9C79B1791F2B099E8D20BB44D721E22F8F92C15E638EB001928CC36C
1382	0575E72EB60D8824622259F602B304B28A04C478A17267802B64324DD61C9A74FF696869C67FDD519C8B73CC9742ECB59F353E88153D2B048E8EE1F9507CBC1E97B8DA308A4894875D905E9AE6DDB64F3286AAF9D924A030D58B7CF1E5AD7E7F0BC592D4
1383	650D425E0CE05BFA5AF6ACA57FE55DC05F140184B180718209BEE9AD78A582CC526C8CDA2E5A5D01B47BD2FDF2EDBF0167455B34119889039DFFCCAB013FA023B10F277B45872E10474D1382C81A9A5311A564DB5CDFACB7D4E1A064E22FEC1410A19CAD
1384	0682203C82141A6458EAA163A7089F5B1403EF48536AC0A9A903F72E9CC2814002534CD3409B5F97548DE5A6DED3F0480EC9186F68F2ADBA0A04F90805D67C1D5C16E25A5CB3FD71F279325AFC13A84DFAC2380AB0466B1A2909F460DFEDAF898011E3D4
1385	55258F6BED88DEF9EB1F1731A4C0B4D9ABE3D83727729D1863E04F2A4549ECDF7A5026040790687F795F57B39E6B5604175EBFE85F53AFEBB65BBFBF3DE454F52DD7134E7026E93089CD02BEB401E5FFB13D9B91469537616C08452C3B931297FCE2C65A
1386	9E327EEFB16B71ABB27FBA8B0C553CD3EAE15D230A65ABF4A422BA1A7A68CD8107D22CB404F2530D366C3E2A83C6E32F10991A4C329E8100BE0F0A1F380DB8B3E7686B0820C3DC11B4092929DFCDED28C01DD0CA2AFD89868379AFA11C401D34F01D86A4
1387	0C6DE02F16EDA27DED0D7E56ED320F6DC34CB43DA84ACC518AB1A3494C281F9CDF0FDCE401D6F5C97CEDDB70BAEEB7B2AFE73EEE82102C6E84534BF19F955743D7A2A40FF0B1ACE46D518D712C631FE8C2EFDBE9711104A0450B2373E238E3D01246EA7C
1388	95EA4E429C8786D02C2334E961E55978182479F78D2884B0FB33C9FB52D2AEDEEA08878D1463EC07E76DADAB08DD18AEA31F29503CBCED97EC44049A72FDDF35EBB8B9848E94300EAACAB8258083572B8D27E924171DE4957EC90D7150813BF56D076851
1389	5A437832EEA65B3066598B1B088468B116A01E87C9D70030D1B62EF3B2D1D94E220E726012E43B6C42AB8576308B512D3B6C3347290B2DBC17662C577D7D04E57520243D895D000A7187053C75D1BFDE45CA32AA8806DBBC29DB66D97F274D6116357F9E
1390	A6ADF926C2C34C7BDCD3EB26FB7AA2B6760A3634E9941C6C7AB14B0C25B2A090CF5FD5C7C1E07CFAAC3F0E660039ED07922B804311EEC484A62E339007B92D0A7EC2F6D73927DD4E5756B838E0DD041715D5A36B3B57948114B96B0F4DE80C46C104153B
1391	379A30DA1B13857EDC3C92A651BF2940DEA2765AD19AB1E10821EA9AC52FFCA7528F780BCC1D35CEE30B3E474D32A3619CB21F0F5F6C295453393A4ED6E47B7F10093594BE30F47CDDFCAE38C54288A5425115834FED9C6A02C8C6E97D8752D63866D4FF
1392	DE121653B3F4816142CBD9685C20245556E16B8EF36EC1B144A2CE24FC0D6D9054B6319CB461D6E85926BB5C4CC50FC97A72EA145B3A9085A8517D996D1CC4694B1E58CD9FA68514DA77395999B6CE9FD4BC6A4967C45738A3065118CCC8DDD174AB4E5C
1393	C3D8A7F5688A6AE4DB1326F173976D570345BE72DD6A840C0ABDCD4D9D65117D1802BBEB557AE2542919FEB8F685
1394	8D4954CA9573358B1F4AE3AD0D183F1FC4359E4B294C726DEBD003B2BD7B7B215492EDA9896C4031D2E63E4A83F407EE9A4D6022DC5D07F7AAF0C9972D18DDFBDD055809118BC3D217ED3166279D65B93D86AC791AE753B77A67A0339C898B71C6807D9B
1395	03F8D4D53C3EB597CC2FD4D0DC7C6619BA3D93992EEF91BD03EBC1EE23A689310AC778E744FA445352732A9BF255FB4659491B87F2391ECA4160F7455558B7288CF5F634F80B42E91F11B226FF7D7EAE70E70195DB6BAD6A6218D645AACFD1859713F508
1396	5A0718A2BA61C253FA656A2C2A324170576A46A9864805BA9B149730C24CDE2B933105DCDCB6AE30375D49658128CD389BE746292D6D8CAA2EB693BBA696D53EB5DB168BFCCE58BAF45017DE0390942DEF2C2997F03A4F47F25E873D5A7CC2EB374C3316
1397	30B2C3D96875CD7122B2B69AB04F2D188F7DDB8881540FCF791E3ACF83C892AA43D38865250C5AF1FED00BEF961A067683660D33C6E7E2F6BDA9E1EACCC39480B5BCCBAFFC94B069AD69BEABA29C541FCC35787B1722B021723E815AEF4AE5DA437F7ABF
1398	062884EB543BC48C3B5A43BF5DF6F39EF0DC34F799FA4A4C7F015DF42D8CEA73997F47736E185B7E439CF01C77B3D6E9B1E2DF0F78EEB98CB35790545D049DB5F478256B54C35B0ED57F29EC6BC2BB9A1E4486F7CEAB57379AE0F3840932E4A5D5D29B23
1399	0980EE07D402CF8A8D4EF0ADB9C5B74FF53A84C63D05013E70675A9DFA2D62E8EB987AE7CC6F024298E6F53F5DFFC577ED15D82D63F364CD1F700C173396124E3A95446ACA32EDEF0666CF51B927F3A4639A9752E74109B75270C634A1F59419BE96C1DD
1400	1C51B6FE1875B1C3FA316ED4F577C56880945B3EB5824F550B320791D363A0878D88D4FB0ACBC97A6AF746A565107E4547F1F441AAB8F2BF3B17993C0F1A853DAAFC28A6F9735801BA5234E49D87F8E9C113360B18A3191A248B7335FFF4A9C79B186549
1401	EF5D4B951B4AD298B421EF36125C5948E848625CAA73E808DA0F7E63415F8D0353E4C58D6DD80F49A199E0847C5B7A67F252A0938A5425CF1C3105EA7DE977945BD6F801B8876E817382B5E5EE129CFAB781C3CB5E67AC2CB7226385FF76EB85842E452B
1402	CEAADC0B18A31D98BA4DF84E07322165C759881F62F192A168D38399C6FD971F4E7579AC732810D7E30321EC5F9AA815B9845376B510C22A725F437F236747424BC0F7DDE3649F48965D5D28E80356D21716C2C049BA0F082F2B07C502994F0E7E73371B
1403	80E6A74A4B338CBB42FDF2851BF288C0B1845239DFF808BA0BA84627790DA9CB46DFC068880C796C7BCD3569FC967E7AD6743F7772DF6BC5DD626D311631902FCAC8B7CE2BE07F2CC7E1DCA8C34638BD2CE04C3F70351CB1CD24F74E3C691CE58F1AC010
1404	546D7AAF052E002D8FDADF9F29F1B011E5F7AABC690EDA90673663C1AC7C6982F9FD5D616A263F09682E75099A489BA3B660B7D30D551684CEBC05399A5E39E18645E337E64A3DB19D1EF0F8A43C43132E1FD4E0D657B21FE0FA82898FB6FF93757781FB
1405	B77191FF3F3ACEF4CCD9B04170118E0754D79205AC88A55E6CC8D15BA346A184FE777C3E30EF458B9A6450DBB230D257F39DB35C230F342D174B0B28AC17568BFE55658C81FF54B8E6E68415959AADB9BBFA9C5A02846437BC3718668548F390336DAB1A
1406	F6B7BDB41326039D3B78B90C6990972F9F1ED00BF91588F6C0738C26D6C84FC346B33E250D8D76A2477083A9AECF97A5933E2F4280A28D468E5D67E0B4BA782336C2E6BB532C78AE67C0E47AC94CD5F1EE2826FE42D8D780D65A5EEA642084E7C36C3A4A
1407	B4372108B1998631345D190748B282AD8F84F47E6494F9378310F2DF1B2C41FBA5B9B72C278BB4CE9739854AA580F5385BB13546A6A753E56545787725FF7F71C490B9D8AF158F0BD80A3558CB21B8E483A6CFC0EA088AA89490E65076CCE2FF0783DA95
1408	11D708B09B521EE38D272638F273931F1E7BB52D175B86F74230BFE8D1E1B7551F94D37FA3C4C99A8762C9943C92B90E8C1FAF5BCF21A575AB23E315F844C32D58C59DFD15BFED9ECFEAE627F6D24566E2303411D5EAA95D14CFDAB03C4C17ADCB841216
1409	305E01680D30A8A5386B6BFDA02B0CDE2E50039080BCA96D091CAD31D233F1DE4B31019BDC89D4B5FCDF8C8696992DD131EF6E46F2511EBE202B3800E298563447036CDABA9CBF5CB864C5BA07F281FEE7E219948825EC0061FBD6BEAC2B3CBFA53ABD57
1410	0E78626FCE8B68576EE6A93BA507CF3DD3F7D933CE56CCC3522E74233AD01207BEC7BE19F1A72BD7F6D7A40505F731DDC509E0EE6087B2C6E7CD3A156B08CEC7EA60B58510732A58010F39EBD0F401F8A9A1F1BDE201EB2C3124036A7D7448C927F20E08
1411	0488C0B52B3934264BB424E27F952196438567D5887F0EFAF996CFD029E2750DCC4E22D9A59BDA8C433C0ABC045933D7D71945AB62C1EDC5643856F48FFDA41263AD678D49F88ACA4EDFCD86AE20292DC5FF0222E57FF55A4D27DFF574CF29E727BDD2E8
1412	515D5CE41054EB9902D55CE6255B36668CC04E751A4D064ED954D7B77CBF9E21DB1FF6A3B5A6B6ECC9C71619AEBFE1739145C791665F3C57B57DC2B15AF8C88736267996A8C9E5546F46350344CCE4E1BB6B8762065DA932243323B6E434219A291470E1
1413	41024AEE489100FE6E6525B089B3ADA82847D4FCE9C6FD342A5F60B595C03E4464ABF9091CEB186C26A199BA92D55E5054A619E2151F0D0FCED6F4BDFD64C9753F3300089EC2584F81FB09C6C25149C8FFA2063FB3138AB75CD620DA2030C90714C53D09
1414	3E1C69CE2B9268A75E32EA783177FA6371F66967C5248F8616501A4C174A27EC5A75D361D1AB38F5853DCC4683C2
1415	581D1B870C63773800F96B5F49A26180379AE45C13DF70B3EC8775CF2171E2476694FCFB13E259F6720FC8117D25A5C43B1DFAFF4BE95F762EC292A74F7003AEBADB8FC59C2B5690A7495D41449FD4D28F4C24DDD717CB6A8C546411540B344EDA442B50
1416	8BB5E6850517E571DBFA6F0BD8EFEB93DBAD4404C077582D1959FAB818163631D22157378F00F564035C507BBB7339A17931E79E2C845FC0166A969BC3DA2BA795DF54F26CCC3F501ABEED2D7A8647CDA9ECC628DDD1D18466F73671CF70B049AC3723F8
1417	9DCC3216534C454C6F243200D09B50EE48C0F697146E6C7DECAACAFEE296E32201478D9764E41F9A5B1886FEDC26A621C9F309537B6A9E7058CC7AA9603A8141DDF5BD48340919A6945F7AFEE33E48F75BD140FB5CE5DF4E7A8C00BBB3052D18488364A5
1418	955D82C4E77886F7A8B9440C1BB3BFDEAA6FF8AAC2918953B624681C2CC5A9C5E31CDE9F85BC20BDC99481ACA57C330AEEF0B0089A2C90E17B05C37934D11B2EE83BD0F49C295F67631D80A521BE3D14F7081C1AD73F7EC6B65D128E4E33A1B544F90CB9
1419	3E4469CE13D75855EBC161326B60170FB93290E624404E5D3BD31ECF8F525ABD04F09407D98FDF494D7AD802ACA6F55736A7850DE98FD67A075A850DB074D9E1D6E5530ADB9D27D1EC42A34D329C1B4DC08AAFF9653DEC1B288AFD10C7370AA9D7902281
1420	F8E0A7A17A014584E135229866DB11FD3C165764F20F29DC4987DAFBCEB49BA2E108D2FB851B71B6BCC37CF055481A1DC44CF120B5DDB7DDB6C6C389E472699186A5CC0A58DED909D93A0A94F465F04393A41D087FD683FB4F7CB3D8C276B65884CCEDFF
1421	818FACCF643924470C0B3FD3C1C1A0E33D9EBD78F74F0BAE5CC1A8C46B632C14B10FFCE6E546EEDF5549CB2864772D820AB8CA4270014A81631ED2C35331B094646481BEECFBCFF9021BCEBDA3B77089423567D941F5171081C0551D0606D87CC52CAB6C
1422	C37947215F2678BCDDB6C5BD1EB6936ECCF538CDF0BDB7171EA404370E09E6FA90265CA53B7CDFE221A7B50E6A40AB3BAD901025157A440BBE93539D853355BB60BD83B57EC4224363940697168837C621ABE91216A2B85FA437CC0D73F244FFB5288B54
1423	85AD7CB6749046CBF804C32A4865F491C024A2EF59E47A2CCA1A91B8742CBB09B72BC067AFAFF558E8380F214A67883B6417671F049B895821CAF4C176CD82C361D0E894CCE6DEB2FB8D0574AB89748F08385B88341B13551D1F137446B1E1FE181D885D
1424	46075FF508D536DBC4386B639D79B510B9A4D1AFE7E8BD1ECD38EB317F803CE1D5760DBB761A3A193C3E6E1F4A2AF62EDED925E370111411F9CCE1FF3064E231AE289E65D7CDF353F7B3A4B7C8151D5CCF409AE816C08BB3FC308B67977288EEB1BD137F
1425	49071174495C8A1930E690647849EDB3DAB8FE0BEF88C53242B0D758F5F989F399CBBDA4570FA7D843DFA54AF0E769B73BE38F0B46832A1918A2D9F06CF8382A03A74CB0C1391BABBD6531B81407C1385E7FEF9A9017177862BA06AF75CD223FBF1D93B7
1426	552C5560D2E03F1446245EC09DA815FE32D8DFFEB086E9A66BD8E9A0C630E028E4CCFF1EC746E05915CC1642F533CA62000F317AE6C8F99FC51EAD6C4D658573F94A438156818EB6105B3D194088F1C3F6F11FA168D4EB35FC2551E17D13689633320127
1427	156FEA5CA45FB9DABF4FD10579E520A9D6BDFA8F19F2BA8604F06CF5F6FFCE2682764319CC883E31CE9D8137BCEB8C80A249848F81E56C923D9764D3FEAA1666455B85D4797AB362BAF5D88E339A46B3B6A4C756173CB3FC718EDCF946FFF332F79DAE7C
1428	F6093434CCBC6FB4CE388B3AD1A97C7F96037D12379B50A40EF1C33044BC86645EA6C9224C60695D747CFCA57C83DC7D9DF4000AFA5531D011BC3AB7FDC66D41056727FE4B015B0F5DA294BF98F023F66BA7F21017D4BFD71469B21D5545FB6364160AF2
1429	73CC64974B88C8DD42093985B9994B959220E7CF2073A40A1A8F5457BB7CA8710E65BBF5FAA8CB599E0430BDAA8F6991D99808C2C87AE3A82A2518ED320090D04A319D070F74E5498C4D4210549A4DD4FE995E34BF5865053FF12DF08DE8C48BCBD5341C
1430	2C8FD4D552FCE26CA1D1486A5D808F74BD500A590694CE738FAA20EEFA331890AC5490234BA6B70D0A98D580863BACCDBB5A08F5E78FD35E22A665B630F24900A3E77AA4BD45E1E3AF4D8AFDD8FA14730AFB8D593AB781BA22E81028AC4CB8A23971E31A
1431	334B16DF1FAC56488D3F87A72621997CD94F63F3A22DE08F6B861F679E8AC4F53AD2BC595383F9578FBAF3F9911BB326D484AD4BA77FA1155337E811D184AE18C518167555E75DECF5450049812DC4AE0675A15AFE226B242CBBC72EE2084ABAB9E0ECD6
1432	B63C185FFE6383BAB02FF9B6F916F30FF5F4C073BC52CEB1D3057F3F30F105A52006E316C01D95B1B5C6DEFDF391293C8A3F2CFFD511A5D66120A6E1F4DF2D9093A7D7EE0206D4DE43C149E2D38880B8C5EDD331028B48FFD99E6E549C11E2E69777F2D9
1433	A79AC4DA449C50AC2ED7C966409B8CD0E66A344D319B12E3D7A2634425F981638D3EF8FD1355F9DDFA6481336F0351FE857B4573EF4C44344993F3F88252836D345C026FC9DF5DB45A52CC11B3BB75DAF2BC4CC6A04EF598CA422128C818832DBB668AD6
1434	939CA963531B9F7CBD52E5962F88CB6DBBABCC03A13292C6731FC344DBB1AC97445FA122C498265155D9C71EDB101123EDC9BFA9F151EC6A7BA98B5267A23E7F06CECFE5B240D61EBAC4352BABD983BC3434E7B4F86013E1304497150542450DE3A4D9EA
1435	77F2333D2DBF63809A772D8845477787FB50074CDE495CC42D970580D076053D6BC6A366D633F8520D38E1553EF4
1436	E3B613BF645FC2BADE56BF34AAD9C789C972679694A415369B375EAA4EAB23576700109F89E64833FE2A0BB3A435EEFEC8F0DA04110331BEF1522C7E1458914FAD3B3F01790A9681D0C2266F2493C8F5D4090CC6C7FF581A6F0D15C5606AD7199260BBB8
1437	A87F03583CFDBF9845F575CCA0D389F899A91D7E7D0933F45B36E826742EE79825879DFB63A3C6A7B7F144AE40ECDF4689A6A22086584825D642D485C25E53F5CB897CF68979837541DBFC98884EA1E86763F87664E7FACEA58795BEAD6F350D16F9FECD
1438	7D2973C449684BF0FA8D138FC88D648EC7650FEEDFD16E164B9993B22F064B19581ED237F517CFE5341267AB5A6664C84584386EFC9982052FF2D04242482193E29940C378B1879CB1EC479D0F7503FED2546657E38B2732664E1D499B895744B6ACF7E9
1439	296ADD59A738B13884DEA4230A97E3D5C14F5B6F874380F9709051507ADB73BBFB671C07AE87DDC1F7DE68998617B79E50182638935F5E9B2867DEFCA641FCC0C9FA8A731FA00F08A2791B27B71F844452B2D496B7E7D663810F44581E7820CEEFD05566
1440	052CAE19A7A9F40C722050BEEA389918DC985EC7E588EAAAF944027BCB36F34FDB1F05170F4DF4153DE8C1817A89AA257F3AAA477C8CCC7047B083D3F8509373A97EFD0EC6854634C4622AC9B6B13D5CC6C2A75A230FCD8ECD8F2917EA0D5795C95FA7AA
1441	ED159248E8B0B0940A5D9843E4224B0C1427DE3347E6A86049698042E7350C7774E8CED47D5EAAB51D2E26640E96DD6CDC691B446E303BC3DF18B6E18E856BAA841F4333E31E169276026C22A214D65C5FDE889123636F363D50FFFEBAA0D6AF900F20BE
1442	14062CACAFD3B2E5B9736915AF1BDBD937B7C3538EBE672ACE3AB7F6367408A319E13AA68921E66441ED2BA0AF9CEDC06778596EFAFB14F2AA2CDAF7A41FDBD9388B012A9DA9858B694D9EE344991BCC2DEA3898BC0C1C0A4AEE486009D6DB8D8E6253E5
1443	53259378F228628C403499866D29437B99304DBEE67908D078C9891FE4ED048C00A7CEF34138119E91BF565C1169A0531D8CF785D1CC8A17A63A27A8D6067EAFD0A2E0C445837BAC1923EA7233010BF349AC4E1AC6E42521F58209151442AEA9C78EE62C
1444	DA10475DE5B2340EE88E018A94CAFC9FE0F78C34D6F1C2D2E63A592871882C6641E6E889C4A5671007C3BC1D5DD6877C56295DBF2484B654D752D2B4127DBD438D141F9D4CF05C56968F39132E556CC09975625FC5622D7C3F12D8C01C7C6BCA6F638A07
1445	C2F9E8089E1B6946F1D45D3556C23507577AD075B9F4EC4F87FAEF14835623664AFC684E82F399DB517CA0997934AA5F9DA973AB1EA37538B7DC59DE448A800777C56A70107859DAE0E652709692DF5267006DB33BF4FC3F39335E9C3D54B7FDE9F54B31
1446	2EE5AB774D263F5A4337730EFC83C6CD0EC5719BFCC8AC4BCAE2DDD6C143B061257D7C881256C234FFA3A481B17C80E931F89ACBBECC4459629CF579118ABFFDBBA40AD1031BBFE9C141BA8B51D9BF01D8FC4576B4E77E20495856F6FA74A4615DD8F020
1447	5D1B1DFF47CF7ABDBD6CE1A5F7991B790DC2D24F5351C41E8E51F99C57FFF14084ADBF05E4C9869EAA5A4C171A0C6FE864C5B207B7F12BE516CF3F75020E1F47D14D0F0805954F870AC420667752282508616FA53368BB06A56D541182AC98E15E47DEB5
1448	9014872E231FBC8816814DF1C6A11481A0EA35612F33A99F42A22EF872055AC164A934747F22296C5CA75FC84F44801552AA1D9CC5A18449241F04416836DB668E8796C462835D4D53814290F9599CEF019286A1BFCB122B8E2D5E11D6A0F93A542E730C
1449	77BC95EE7B87B67AB034B09CAE4E749E091F611A80EDC686DE1E6B5FC8C54D058B6BACE529F17D2FA1BDAEC7A8938A7D4C7087A1A0700386F6F8F321F9A93B39AFA1D244698857DE02CEDC979BD3D3533191FA89195EB5733E7E770F255CAFA7ACEB36D2
1450	A6F16438B1F610180BC138A8BB60AB5A3192A5C283BBECCDD76EF847270CC0ABAEA5E684E122D57B0AE64E5D23B662F4C363314D6A3235D5CC3BFCA45011339620C24DB14EFD66C69C392FC61C398A7940568589D4CFCCBE0538593CBE9ED9B5DA1056F5
1451	DDAF33F7C77D1186A37C62A641DFB6C4E1A4BAF832E80A9832D27E8339E8F907566146F009128C5FAB41B46C523197506165630C131AC38ADB2ECBD3017FB224CE7162E2F69F3CEE27DDBB2A539D858180552B08C35DAA100DF3934C8CE4EA7D66341C94
1452	5DA0AF6397BBCF9E5A5B2648BD42B6EFCE9195F057BEA5C9A53E0D72029D744A90E9B88EDFCA625CFFC44D95D9C1160A913B37B7CE395B498B0AFE10EA396DC1F7D1E90501BC186B46F5DB07206195E6B630C8C592259D5E4BAD3BFD58E7891F1A500FD1
1453	EA5286B3C5A9B7FF59CBC570C75B7979142D25DA9F5D4774A26F6A53AA6CD5862771A3C6343BC39FB49102B8794B3E912E6F11734AC30DE8662E4660F55DB8E09B36F127594B448703223B21E057A0BFA5D1E6BACAE84E1BE32A7F56307109561FE6D54F
1454	D4F76D7F4D7298AE3EDE060B149446810805D852153DF8CB5E62979517663F7514A945E624782C9BE29077256F5D4817545E4651CE3E0DD2734A2DE05FF85F43A31DA146C8F0FFC9B01EAD6805B16B3BF62C7058A39938842353520031C82A84F28C2C91
1455	DE6CA13056B6DB004C53A1509461C351F73CF5888F9FDEC21616BF3549AB5D57884EB0CEC30B394B479C4CE8A50D041F24F36DBFB562FE8B81115E9C3E7043299244D34AB852BAF111A4AB07322070BA56BA8CE0ED376D51CE3766CFB3107773EEB15061
1456	9AF6581039D65BE97FC9900E826E89558C76BFB869968ED47451EDED172CEE6390E560D8F03DA2500F86675F3BC5
1457	8AE16E0994830A0B82D475C07D482A2585B036125155D1E7B3EF99C95B6555F1FE751AA86CBD3BD0F1868B154C533AADD9B15A29B94F24D1CB2EC9F2C09C8B51F392CA9AA4671F9FDD621B3E14E620F76534180DFA6062E619B219DEBDBA0E7548C8841E
1458	27E5DA753695C8C5B4C171E7995C445F8805BEA9BFB22706DC364AF7F0193463257BE93593BBB3AFC0CFA8831CCE2EB5201FA092D40C2247FDD86413898A881685B3A426B9AB05FCAD594A51702C3CCA72B4B64732AE973E8A6FD0ADAE7F39E4AEBFBD53
1459	1BE069E81A4D8AC975A8893172F5974ED982AEF715F0BA9E5F749C10F14647D3902F7EA37E7EA3F773EEB6C8BE02C1532F773065ABE9B86144AF30DDA1DBE2EFBCE7D7F6BFCADD42321068744E2712B7F898F00AC868FB5A0175607DCF8781B28C4EEE65
1460	BD7C150D8866ADB6863FFE1FF9FDE73405075504F427F5702C0915AC8B3468CF576F9B1FA0A77438310577572225E760602B5BAC3FAF68A208ABD0736363A42D260A930E2B06F0D1B6C275DD1A52A9D591515903FF784B3B867B11C0E5A99ED1B2619667
1461	BF37FB422F43775B3C350CB2C4E5AA2DA5F098CD70D87E729D4299C73DD89CA2A49C0C23D20805B20AB24E5A7AFDED69C15E368F94AA3B9F2ED9C002EEA88FBE6805F7F3F19E9FBCB5BE6503EC3E38DBA8108EF0E9C20F5A8971612E64A8A130622EFE56
1462	D8B27D20C77647AD65164D121386ACAF33C92ECB990771FFBDDCD5FFC96CF76B3F818C32989FD2E13568FA4AC83150A154B99141B98EAD2FE3761428F8D917640872C234B34A525F98282C4C75BFA8B3A3058B5DFC8732D63FC8A04D6A79D7A9F478576E
1463	7ABD4D3ACD6F29BFF72AD0C18B038B0977874925D51CBFB5DDD0BA82C9F8325BDFCD2CA3CF0828904DC16E488D72712ACBB0A797EE9751003A6D9933EADB3AEB56A514F8F0F370658DED04247C79E48508923CB3A7AABB95785D61463843BAFBB4D0C57F
1464	C52F5B544849D902C98F228D6BD773CA8F033C2E3EBB7AB73D31770D7016DF2CA492D7758F5298554E4098ACFAB0BFE8013B1EF3FB1F2AA9D35B71A697279A0E5F6AD0A13D1AFC9A6DC4E843A0A2F74BC40112673B80FC6714C826DB267983644B79722F
1465	F043FDA80827A7D56E6B0A3EFC61B29A42ABFEBB14F117A48A7523754590B27E370CD9B6D7D613E1168A1C9316F032E2F7EE3A3C57FBB7BBF56B51DA8B459A376AAE5E9233D420DECB45D348FFC7E95F2C8D7BCAE5E4E5B43028C5CE86E993050516A460
1466	A7FD9B10FA7EBAD7050496EC8EAB9017844681A9DCAF4D4637829DE7A3EFBCEF3764B2464172645036142C5F9DF283A1943334531648BCBF1AF9012B28B9FA2DEF0BA50D13F227807DB0A364514BA4A25E8AFFDC9219780E1D7BCB63A75B411330FA827E
1467	534412900DD11C1DEAF95CEE367E383ABD0B5C4EA1C9E3341907969AB74121B91777428595A35AFE38C6545A22AF2A935A53DAE96B06E899C04794DB84C433B474338ACBB559C33CC06BD08AF2A428725D99FA0DEFB0A051AB7ACDF5A88D58C08C8A68BA
1468	3E12C039549402DB85B49C2EB598219367C4309A569D0F693BDE5CC334D652AFDB4595299350DBF099FE6994F2FA28E4693B55FCE13861DC35D0AFEE8F7DF60B682C61EB3D473116C623C29F947811F9DEC1EEFBDA772D6C72A69FA60CF2D8ED2A505730
1469	B71023824657C337529AD2DF837774868CBF1E257DD92870659EF266FF971C5C1235F27EF448C365CE2E0772C13770959022CC3CFABE4598DF9BC3F9CFADECC81FA50A165498AD7EC42ACA9252886E97F73E12666ABAA8D331158BBC73CC1F21053E82CC
1470	1FCE15B7286319E12F1207CC224CF847FCC02899E45D33FB0015995C430037515182351B637DD7C80313E2E6988FC1224BBD797AA3AC6D46454E15719AAC717F700FCF3220C26EA1C256B7780E29E8C94A317F486F6686F6F510A4E782460239DCB84738
1471	8495436177E52E0EB97B57FBE6B30D01ED1B77D1061C4E9A6D92A0C77D3691B6337180138BB6A67CDCB5F819A6360AE8B957D52F0AAE66D5EEB162F5C88442220DC40159F869375DBA3494C8C48746C3AC638BAEEAC9C772D5506EE9D82F2FAACDB37B93
1472	FEB9A80B863B45D2AE5612B03F7BF5674DC7C35E3E756167A4DDE66D8B0E5BCF2896F996EB29D0CD2EDA89642E72920609D2499D8A889C121A46DD475CB2D32FBDDD1087B2934856B5EB65E31BA8BF1F8CA0EB48476B89546FFEC0345DF71634D49F4843
1473	853D4367D32D750D838609617D91B6B7B07BF107469A02BE656AF96A522949101FA271A29B2F351D82AC66F2B8E4318EB0CC937F05DC720375486A9E187AFCF7880098F383E177F7F9F89F1B0D26BFF97775A1C0BD62142300DA185BFE37A1FCCDE700B2
1474	52D8ABCA2AD7D81193A7949543B4A1126C09708E78C888F81FCC8CEDCA32330F3DCF38D96C24FB6C99CF58629F1B0EA96B1CD22A456F943579465B39F9AFC85004F70FD889FEA285B9D233564F57AA3B486E7105671640366B08387A70A5ADE61C183C58
1475	191745B04E0D477639FCA0C17CB703AF77E1CF7E798F2DF6AF7975DF261AC753965C7573193C84B3EADAB0EB031BFB42942EFA1B29A4FC7751FE6673710C72F5837F719E3EAD03C6B65BF72EC7C9F8233C116BF6E0E9441A36AA3CEBBD430884EA40CFDA
1476	185D8F6A0B56AE8DEEFA4E3DEEB261CB071BB5B9B27B4F976B851EEB187FB998A6AEC579198E9688FD3E8F95DDCD35730247EBD3AB7B005CE983DA3867D7249224F8C0AF5AB2115C0B1BD5890FA6557AD6672D4718D9D39007227F20C78A5F20D19D38F8
1477	675BE778669C8AF1D30A7D542374C05CE6B1D562A05B289FD465A441443E21AF9EE848593B5E4748C560F6BD1481
1478	BEEA4F63838181CEC6777DD49B64BEF4B4E08BABFBEDB367E07A132D7BBDD2262C058626EA224E6E83238CFD5D11EC0A9ADD6B46A2B0530947D9F5880F826EB7EFE73006809DD4F3EE6D708FDBF75480A96A0576DF8865654E6722B36395F4DCAA690576
1479	6DA556379EB870A298F754738D7B741D47E4F714372F33E9733D94F3CBA01C5CDA7B87A98433BE7B8ED1E08C8CA17B7AF235A646DDF334FD7C30B34A8D5692F6B9BF73C6BDA99F0A358EB0E1FFA4607CA72AB970D96627739D1AD017F6309EDEA30C6F96
1480	63CF27401E34E73400007DC78E86C08F4698749703F4837FAD74D9A26C1C2614E9ADD5C9EFF7A62F9028CAF5C10EFC1433091DE1331576B0BBED8829F476E160E53E1BF84FFD689A4521D38950642BB6DB718AE8686618C6A2AAD1A0F66A432164DD74AB
1481	41C06C1EFB65B3A4107728ABAFE274265B231B6C0B3FB3377F7BE7BEB27FB3EC5C58A0DE085A345C8DF6D312BA134A65CCD9E4940B2901470D83B28014A7D91E8FC0D4250D8FB845E582A3B94CC774C66AA27DEF50A9A50C53120C44E0A70908A731CAD4
1482	1DF042D25E131B1AC36D94B4BF17C0C91E7E82FE4A4A8829011B00F6D1448801D8122215920296243928208E271DF788E052688D7A39509DE3E99A4829B463CB8878856D0D291A1EF43E3EEE3AD9072F47EDAD381F07D3B112095048492DAC3E215C336C
1483	8354D0FA0A384013FBD6827E9DC3AF9B68A139940D3811A728594D23384CC1C438260DDC7DACE1C975585A0F0253DA8135F89411DF596F8CF48B280271FB9C22ACEB9035D0E4B764A00C58C168579191B2F6BAF86B953B0A41510B2F9BC3ABA3796B5DDA
1484	92595893A47FFE946116652ED62559BB2D166EFE142118B26E105D3823EF01C7C90B68CFE79FDAC196FDBEBFED4AF9AF912BE52B7F776D207F6A5AEF012B5F05D9ABDD21CF21B60386665DD8E4B314E02D4932BBFF5A8D35022257F6B2CCFCE766C5DC68
1485	AF0DDB70422CA01CB6F19FBB11A8554B0C8242DB5D94B932546029EC7B8DC641A9254C0EAB729111B8C336ACF7B96156902C91EB2181006BC65928DB33CAC694234A8D201499E48D86EE3BBED692E4185F040B21585D37B4E73723446BAF864AFBB56C7F
1486	ADD0812CF13FB12E85DB6C969047133349F57A9F67216550F791E2FF8F7CF72C212E3366FB2EE78672B3E559E82DD938B3D446B4D83B34D83657F99294DA28063E0054E64DE3E435BD14C1127804270148D852A8A82B864F2F6F9CBB872DB6A54DE6BFEE
1487	BAF3EE791A35C235A46A16E02A9BE1D35C84925F286609E7F973934E7015E828C93E9CE4C5285E46E401A01B1032E47B43DE1D9181244337B255283231A0BD0C9DB8131D047D5A24C5BFB2D1E9D6D9D7968DB7717650D73C4E9687A38759851C9C555A65
1488	FE4F947BC24CB2D9B0A14CBC5DB06C0370F0C9105893855B305CB605524E0767B3A70079E85C4665F04D64E0ECE8789CB20A4BE5763E9F9DC919EB79C93752F7BEB47DE10A004D3A31FAB00ECBB5BDC16B2C007E93ED2F1AA63BE2DCC367BE7D53F2C8E6
1489	8ADA40A1D14FBF202C03D37893C676EE2201E1A481E66AFE3DBD02BBC739DF10DF073B54BBFC69DEB82590E7EDBAEA2348E55215742BD92B8D92B594C686E0DF9578CD75E928C6B74DC26F1B3B8308EBED6EBCAF085A4AC6E27F6C2A0A2E9945BE9CDC11
1490	F167506D1961248D16D0FA627C3517A7A6F69BDD332FF0A5B3506F5935FFCD1FFB74E084343836EE696D621A0FB1886410865EBD14A67E5913B6984AC91D33D805114BAD69913C426E4011C011D38943CADB0EAC49A247C185F4C353E5D94FD7B5F5EE20
1491	07E56DA18889CB38E966C9C73BDA002A150645E0D35AFF644BDB69C20116FD62257B786336318AD6918AA2B6CE9CE89ED9A69918040F47624CA1B23722DC123CDA644CBD6DA56C976293A04915FEE4F1DC87618A6ED9C5CD652A19B218253339C1316B2C
1492	BCE2438E8BA52A6ED77C025DCE4E480D03E3B1D3771B3304B3F4D4DE3B7D25C83A60F411F5E6352FEB148CB62A481521FA238A63FB06CA69581C1EF740172900DCB9E98DBD80DAD836D70B9BB27AB962D449CC18CBB9C3D5C28DBCE464442F8ACF95E853
1493	651A299EEF300E5C94EE9AC7BDF2B6CDEBF0D809B5D39FFEC475F2F933E1F7C51B46A37BCA8E47F1B356E661C4C08C577AB39657FED130747CCBB47E53B5031427FA78359C319CDD684D52CC5F0E1358BFFFAD41129120F1F97519977171022341BF6078
1494	955BE25AB65CC9E14F8524466ADC761E96FC183091A45B7BD2BFF173A32DC0380216452A56EB8DE69FC1A7534E5AAB4620F35C60D7997F76B6C07EB8B7C2B814ACAA57FF5F1791C1A14E9B310629DF50666EE140B1F1002E1B52EA7349295E990A50DE9F
1495	F370A420A99641777B4B6F035969F1B70ED5F162F4D0438F2BD4C55344BB2F0F72C910362FD1B5E0536C18D0A33C7DE63DA30D6BE66A7B3D4E7A147BBEA6DC0C300D67B9CCD15CFE55658E4B38D4FD2DBB2F111FAFFDE558563684C29228550C894D7037
1496	D6713BE7CDC2100571BF41EFDBC50F57B80F948388C1A7A6D3860AA95316FCD40A8CC1CD90989EDB4204E5FC5905F30B1062F0DDCAE6F9557804A7B04824135A6B0AC0A80979B2D67BF858BD336A86D51CBFB0B9641F0C696AF6D4B579C3FDEF2909F075
1497	C06F2F1F733F8E63C92D0AC63C21DCDF379FFE1530A50FB60650A1DDD3116CC948BC52E8E446C99ED4DEABA55289A9FCB4DE2F1B08865CA47A2420344025B2E1772E50CD74D6F5BF4757EE6BEEAA6EF48B35700142209BB9DFAC1001070F155FE8C83295
1498	B227D8A7F9083033B95E124D4D0B9565B0024020E23C6A902BBE2F24022E3788BC1456C9F6C794B50601E44436D6
1499	59B0BAD7362736E59D44B41B43EF6269E31B53C53967E87700E01B5285D9D443E4BAF5B3428914013AFA224D3398547D0509EAF91C86351255E95F5CFA9D6BFF6E1E99463E084BE2EE48956E52209ABBFFD44E1DF99D5CA362E7559621B3CEB5154B91FD
1500	8A11BEB8798B34490B0DE95C23407F9021B4451EF6EA63D6DB22E9AE5E4E46BFA37DEBDFEAE598665418368BB73394352B97D216F1FA905779DDE2BDE70C211F23F6FE54F433F4B0B7DDE25F0FC97B33B57594AB20C9280E881B93AF705C10DAEFD35FCE
1501	A2BC10601B5F044D502DD4A947E515662E629E8D29D0DBDB9359D240C276E96EA2C647B8DBEAEB37DF7CC3D7EEB7F7B357044A5285CC97D483E5B73142800E8D4CD8CE7A0B2D31F73FF79782E0C98A58B7C63D67D655EBD360AFA75EEE7DA26991E5DCD2
1502	E51166621C16965F713BFEA2D7B2EA1D34CE73692FAD239CA372447826948219840A79DCB6B73C763A2E69C2242CFF3679260962C91D8DF09438CC220B8449A50E3D327D85FEC35EDC480591092FB96CE3AF283F817742F8B14C856E611E1F02F827FAF3
1503	1C1C22543BACF7AE799F531743CD579EDCDEDD609772B91B8DF1097656149B87ED85F843FC680DD007BAC22FB7ADB38A8E744992A001EAAF3F6D73750160386EB19EDC1D90A4CC7398374E44281CE6C42B0287981CBC1B1DA75FFA254B94449A6A74B614
1504	FBC73AC79FB5E22138EE42755FEC2AA3C530D45F93A7133B8E6212D267CDC21DA10D216CF285B389D086D8DF36CCC7F6C7C97F170AF1C454E7E37D45E5BB4DD5F047C875A99DECA3A2891EB9A5186FF85C09BE83B5FDE56F512B7260C96CCCEB8555F8A3
1505	26A1A41EFE5A2B81EC5D668060B7BD0A2A3AFD69253DABC6D8EC985515E89147231073DDF9A8D153361535B486AF46535F555D91C3ABAE5838A9E998E6AD85AEFC974DD8B12961484E741DA9E3534FA652AFF8F6E0886B49F2A0481941BD91DDCE9D92BB
1506	A81E416E8D9FC05C31AD90A51B32407DCDE19C3CEE5320A56072602220072742CB3479BB8A2C74C3F1399BAB5DB3CDE7F77FB7FF738E7FFDF6AFB5A189C6AC58C144B52D87B0EC881E4FAA382E6DBD35B0D29F9597BC5F754002D6DA2135A486294BFB16
1507	C5EC2C66AC011D5C6565D7EF56EDB70ABEB185B8C4BE5820549E0BB8D89D336CFB08F51FBCB3299B021F5EBEB77F866B4DD719299B854A7EC646EA62091A988EBFD83F39D97A0E021E9EFB24A5977BDFC9A1F94DD842C93BAA53E0C1B91CC1E162DF7529
1508	C2C1BE11C8BD185AD84EF78B313A869F2FAE63EF8D0DEFC6B7BB7ECFA1ABFBF61F8CB8986DBAAC15CC02EFEA5B3DE2D29534F680EB1EF89363BDBC72D638851D2E63BB0A10ABB9EE621047A1EC6413242F93EC37286666606AD8BAD7EF929D21FA5CBF78
1509	AE361A87C0A6335156E83F074ED212F40198314B53DBC4B735117236B2E886286ED52F7FC7E572E4E4D756DDAAA560C42A5095941ECDE23944E9E984EC724D5622F603D6A0ADC5291665EEC38CE7E6D001955A602435FFC2AFCBE63A32A35256C63B8D62
1510	5B67D2445268D6A17A0F7F15ECA3553C219F4724C04D94776FF41AC88959CCF26304DAA65A8C6A6F6241060AFE6B343943A154325A60C4437D4CBACE8A383EEADAC835E976A54DB567C678ED28F2EB491B54529A70F98B43FEB76CFB1237422CD37D5B54
1511	41AF9A24C164998BDDDBD815445081381F366478E53F281204DC3788ED26168C022158F064F6C270CA8A8C64E82FCC6677023FA2C2497CC67ED4EF1B46AC76594E1596FCE2F99A25CB52B51307FCA4969F6057FE44990A60E8EBCF7477DB1D765F4E0D1F
1512	8E0B842C62568D0259B63C2A9EEFF445ACF2EB01BA3C4E9FAB3079CC936166F8F665C299D79FE0DFAE917A6A4D24DD99D3CF727B078A04B0C7262DC9E7E702D78007849A24CE386259677A511A92399926AC439E5F1C62D614E5C0A23E8B9388AB612AD6
1513	AE4E64169F170154F2FE6EEF3F2F1A2E555041F0479C37079519EA5C9D417A350B9C219BA75388AE9786900449C59ECFFFB17BB351DE698CCD9EC08D498FE4D684F84C59315F05AF8412061328492AC598DBB8F71377F32DDFFA2B32C9AB0CFE771A1552
1514	BD5C79561A3E4407B9E065AACA80F943E7622200580CBD14CB61EAEF72723B4D88DA84C589C3ABFBA15F34796BE21E8D6499B0908A4FC4EFFCC224F8492F2200CCB92F9FCE880912B5C87E7C115D332810811A49D9732356BBBFDCFEC7C3937C53242FA7
1515	2D60C8CE4AAB23BA9E59CD58C0417FE2DDC745EDDDE9AC30687843F030F973F7FF6D8AAE11028AC22F3A11569822BD79E1EFA8B6531078FDA9975AB9FA5DBED4CBCF75EEF7CA949214B91F186710396BFB12517FB7D56E4E7484427FFB85E2E346877742
1516	C40D1224025A2D95B6CCF3BA9319419788EC18FAAA0CFA5D545F944970B07D5EFC12D5F2A5942CEC3540C1C2A9C5898F388D3AC3E4F54C713396D78334DDC05CC3E1744A120266AEDD27D9EE8D5D5C3F0CA1FBA73D3FBA73341A81A1A66A0E8EA0F03A48
1517	93837D4893860919244695C3BAA09613A16E0E4CCB514F3493232181B2F425EC87415156ACA5E5181D5D0E24137FBD1829A502ABA859D7B66E0A231F15242C274F2DB749DBBF7495DD4E23BBEA38C7E4BAB0156CDA1EF2CA37510921086789BDC7C460AE
1518	B201500D63EAC770414389FB217A5FD72986EC1D9B3CAB003D1D29A328ED211DD082A56F79DD2A359CB431078493B038DFEAA46277AC4CA648999FF9A2CBE10E6D4BA1AD57DA5A720DA8578500C61EFE0B551E49D345162FAE3B81CAB01698946F0225BA
1519	AA5E2987F7FD131EFDFF681D13A3815284EB6A5CA1E0B43CF50F0CAE64C04E1DDD48C8E7116DD10C7738814440F3
1520	85F0283FCA7BB4689F123EDED251B321198650BB71A960DE20F87FC42287C12887930812C529A5728610CFDF5A00B28D3193E0A6FBAA85819B5F06E2BA7892EDAA6A7231C95D680DA634110A0F0EA2DC8D138560287397AAB4511D91ACCBC2229AE0EFB6
1521	EB29F414CEAAD41D85D3E6327F1DA63EAC34F5C4A75EE4D5922F35D35C037882F9D5A245A4B4FBA789C976A3AEC145DFF6C855CE0B53F2A0110E81B23DDD4B6501099B48AEE4F47A09D6BD11724F1358B51149F732A4B13E711C7CC8329F1DC1A58B6500
1522	DA6F2F655844DB88595AFD083363756285235CC8266983AB22A99B7A0FBC2F66EBB08585CC2ED0819F4C87F353515C6EE872E5375DEF8C97CD99629087FCC1D221A1BCD6D14EFE50A1B7C5920D99FC0C07B2A7F3B3CAA134CD34713AA30AE35E5A2F22E4
1523	6388307D66F936A78DE830916FFC70B97DDC526B32FC0AAEBD51BA5B270CECC97756E5E5953B26B42875E15435CDCC55C72F919CC597A982677D646C943EA43C80A9E85520CC6788BC576B8711486129AB9B3C3A68E0DFC3D124F15656DF8F94E464BA58
1524	6B43FC3B7FDF1B39A51758F3148F6DCA9B16CCD752EA71D406FA77F4965FAB6BC484D88514EF4B8D29FA04710EE851EF8A272743DCDBB4B73FB3ECB3B6C1D966062D3E001D16DEF774F069D3D31AD1AA43CBF13AB0EB2E5A6358F5306FEB824C8CB4CEF6
1525	100F6938AEC749BBC52343FDE2283A32AFACFA94219FA99B77515B8F265F8B6A9305BE42D6C21D61E3A54DFFFFEC3CC7DD135198D44F4F273EDE335DF02B08996B3CF8A9C7B2360321A968820AF54D3FBFE14E489167C36320CF1AA890A1EBB4C805EEFF
1526	8FECA10EFC4B0DC094D795753508EA079996B66CD4FB63491D871FF4E26FB9905047EC214E1518EC18E225737B863E2643887D5E1F9D8B7DC8E503CF5F4ECAD9A2F371CF92E9AB2191AD7228DCAB04A414479EE93948CDCBC9C76BDC837AC987B921BFA9
1527	DD7B6BBB6A8346DD99FF098EC1952CFB321331AC6D793B95793DDBAC401788B308453A3CBC517758CF916ABCB4ACB7E26632669025BD7791D232E0DF1CAAEAA2412DC843495F42167833AF5DDF5D3A0CCD99F286271E70F11BFF79260F514B6198B57302
1528	6A6B67348E521B7FCF8CE616C1C5CFCA0EAB5D0E6B867D3CF173EA49AAB160FB70583711BDB518E9F53AA6ED60EC26DC34EAD907400EE7FC1BB1D424F99418BB0ABA777B55B10014C4BA1CA00F5EF9579E853ED74A7B03A92018E441138DA79808F8E0FE
1529	778AA323FBD8AA89A66E0487376E0271168FBF2C0AB886F5EDA52A3EDA5F61EB27C1D596836EC45C732713C5D46F5BE292067604DBD971945E884ACBD3087C67E5AE497FC378AB6E7ACD0141EA11D7D9DC0E360489CAD027E5D20AAB3D1B91E807430865
1530	1CC91E001FE9651E4A79FE6CDED67AD29BE33EA4A9AA5C442F40BACCFC5C0FACBFC7CEB4AD5EE4374E8D7E0C93AB1700530C7A76C22D9805B0FE03699CA6BED2881CD148FB53D7318FEB7446E7A590129E3935DF46FBD93557F3E66D71AE1C1143C3D467
1531	A3F8A77DDC75231775468116BE0D84FD9FA1BFE3EDD3DCA6FB61F71680FD5971077751BE352ACC4EB439D073E78B486F9136045DA0AC70C30331049330DAE7FDDA2A8F731A0186915C3C89F3E6F3214104A11FD48F097F8DA783C1B53D2751C4C33B5E03
1532	7525543E14BEFE9F8263E38D02D87A4C4D07EF538228EA30BFF0DAC51A571FD252306760512F0B2871577C0ABF5F75B2A3268551FC46A629DF0DD1278A87F643BF29E3B2427D50C795D5AB4736F65DD7EDAB085F79B1CF150FD9D694B84ACFA37D9C17F2
1533	0381BE70DF89D762FBF98C32800EC88152538464829C71510768FC5C0E2C0BCCFB9722E8092A10FA0CF5CE5A84F6A6FDFB7DA29ABD04F799D1AAF1F4E8F92D3FA8F7EE40E400143F1ADB50072EEA923ED61C20A18B17B59E25E76AF6DB48A3418AE50660
1534	0D18F8CBCCAB32B45E6FF64C3A1827067D743755C520B0AAD3629FE0E5BFE95C03831049AA83448209D474940E23DBA2D6FE28D2C97C01BCB06F1C074A5D5038B64A5F84D46E45F70B6BF1481082CF8E5ECEC030EF06102998D3DB2165A139B00C765564
1535	0422EE1CF9549AAF60A6B8C01C6781AD165990A74FF88B77C4486BC64273EE9AEF39D6586EFD0A802E9F943B90B88781D46776542BD100DDFEE8CA035576CB7242C323D20EBDA078606ABFF3FFC46E0924ADD50F124C2B89F258593C08D4070220B3F5AF
1536	540163D33741A110F5191FDDB1BFE107550513077DE144CF96BE5D1822FFED599E0D53A36EB59F93757A9DE7E35BE6A3E46B62201E6D00AA75596FACB706145AD1D767D084171380CFF9849C77E55397DAE27B79EF658E2AA0A288E4F15CD6314BD9B4C4
1537	14542184C50804700E472168815B51B2047CC18A80945FB49A7815A387F59F326EED4DC44551BD8BA14A1862F521CE8D221F3AB98FEF7105DCB3AC8DF497524D171A3B418743408DCFAA16CADACA295DE9ABFFBF623AE248D79B5C3C1080B456E426AB74
1538	85121BED99804660E7AF07871891329CBDB233464085B8E18812DFA9541F106347FCE73EDFEFFD37232BFDF304AA73B9577AE5CF02E10DBED82BAD414289D14F9C5908DA9C87BD19A44C40B08B6DAAD230D11177CD28160C69163CEC414003E2389F5CA2
1539	620AC4E94E9150329DA73D7600960EC6A057122D03551564A62448C45CED17B3D86EEA2C513CAB593E6BD4B2A64ABBC6403EF03FE36785DCD4108439A6AD0629744C7523F53B8971E35628F0A4966AC5624B88B4CC06777576581BFA74EA793FC121D54F
1540	1745F864B8BA8CB723BEE0CED9E2EF5911D128947D637C82A50D43FA8E02B8BF06DDF5728F4D2811B4BAB2A55CA9
1541	77AB8015BA505862E5B95D2CCA4E0CF27D0FF296B1ABEC982A409F8420A8283EACE78F0628E47DF5BB5171C8E8E23EF486282113771B0A5B17A98288DEEC506F445B3A8F126127B0E3D7574689A04D7DFB71422523356A29DDE4780FB95AB79006DED478
1542	94F09B2BFF6A2E86269E6B7012D7216726309C1FF95B71400CF14D50A7B7A00455159B61C3D719C814BA8B5792C0DDBAC173077A98AEF7E1BBBDF3B088315120390956AC37DC282B63D5E2D667A720A74FA78F4F6671CB03F9075A11C51B26A95832F3E7
1543	C894F2D91F7165859B813B8CACF15E9EF171CD0607BBD0A7B7630CBE4EB9F543ABC4DD530D4366DBEE91F59B3C97E3FB0CE3C9D660C80A1A8A0DCE000BA53753F04D2E4F7076610FA07E97540E8ADFB13FDE82D8E681686964F5DF5699772D70B89DB7FF
1544	5A2B1A643CFC612E49146665AE96D78E8A9163AF59488B9F2E0990D1BD41772A9B10FA2742276CFC8DD65058B0305050EA1510C2CB42B6C05C79B799A2A8DDF7762A470D9B354EA042C8B7F051C66320A42963C40A3DDA899651D41295377D30ACD8EFC8
1545	061F81CD270C44EAA096CC51B3A0E8DF1FA397D224A2A330AB7E115DA56451D74599BEF0412C6D643B3232501B64FE9196311C2745127CB3CBE0AAE1DA46D69B5530705D7D6FCDDEFA7B942BB153BA6B35C148592E61A7A0AB222662F7C68790FD602A09
1546	30CABC878CF4258BE4136D1B72CE669632CC6BC9634691928A4F8E8F545008E940D3D3004CD7DE84EC173748F3F512B145D2DC5CBBA8D6286082451E0314E8D072C8DA7F6F606201DEAD2992E33E3FE42C55EC7A6641AB69EDF109D959C30CACDAB37894
1547	555F2A84E474304A2C125CA6BE5B3500F88A6E8BE148DB64EE516D75B6C3924A1EAA7DE8CEE638F88359950DBF783CD56F56BB1EF629EC37555CAFC1ADC8D0EDB88C47C8E892BDD992D39973137A04EE10D16807D528D77364CAA273E53695BA707D6019
1548	001D6AD5C41E693FDAD1F10B66EC1CF20E9162A663DDD5EAE06FF4934F4C7EC50D12F7E3B096BD858B11050532119A3A5AF5800605598D407B27513D2A0D65945181C63054000E536CC280EA9708D3BD42340E3C756A5BCA240C98B49EF53C5319BD682D
1549	EF0AF3E7DFE03D2E60412F92D1315CC0A942E7AE25223367FE32DD7D279442F35806B41221116F0ABB06401ABD06399C223DDF76D56D845E89D575CEEE24111F1BA6B2A9C73AA59D682BBD6527298793FED5AE6769649D168D6C2B64FB67A6CB29615425
1550	A2344EB65FF54D2230819D5F63AD9366656E6BCB52CE204C9B0C113B07C443351113E60FF4B073A0B92A6E2E584509D0EB7B8DCB747AF541EDEA17653BD41B6427F8E66EAA7C0075B808412C45C19193F33BCE4DCE2558A1BDCC4A70909B7C9ADC826275
1551	0F961AD8ED70663557FCC69F09281215968692D8E5BE2E6B3A4DCD1B2447DA3212D529728452CF1D0BBB0850E119F6FC462C6BA9789423098D7C6471DD4168C8B03B900122DE837B715CA4207BF3A2D0C29F6C819A264B075137B0327CC97FCF04413C7C
1552	1E80314FC0FB3E438587702EB3859E443D358C3CD081BD23E11DD1AE2BB383438218A748DF6C4E85D9DD664D4E7C00E4DB1AB615A6C3DCC7C8256266F1827127724E63954E26414C71591EDC30E53B11771CAA39A4461E3A41DF96E71A6EF2B3031629F6
1553	9A81953BA3A96E865DE3EC4851674AA90F895D6EB0AFC17047903DF78059E7E4AB42CFDDAABA7907F46C77D6E79D15C4E0B667011A3C6FD29B503D48636A79458CFC22EE749101DF30E6390DADE2F1891897907AD528349FEC701F3FB86B7EB528323E6C
1554	4D094E38CD9DDA6E33979C6E82379A2CBA1578F221977F25E65165191EFD69CC83402E3075E0B5593E1C97DBA37DE0ACA09C3E3D6821A35205CBBAF66D321B29620D3FA4E3853D78D04EED1F401001691FF1323613D44791135B9840352BEED92C2717F1
1555	1EEC7B2471E052D94F1007151C4A504BF75C5FF12340390D76C5D3355326548368DA4BD2D24DA0DCB9217B047B8E877DCDE69C8F85699C273E468FEE8BD0E0A222498058F4C3C2D7C773A32314BC061C6A86798EAE51E59C09F7F7056EB3578078AB411C
1556	3649AE051B7EF36E3D2E6D9BA9B167757FDA7A93C001FBE6BEBB9BBD43634E81631616F9EE9AA32D0D74F4E16140B4BA8F26CFF9C86566B5C8C961B60B9A92B1B08043A26B9AF06DF853A009D75738DCC7281065A6B5B60149BA18D8A26834E26D17DD08
1557	116712C2E2E3BF42DD63BBB69B066FAB88B22560A2DAD13F7F6BE49441EA922AAE18FA5622F8D887F0419A77134BE9FFD0B5CC0706400E25D89CE0AC9F7DD8C0C07854344DCA4E3E515A6290BB3635E0E0B3F26886036B43579469D6DA144E27E0D60AE8
1558	541078192F093E315904A2DFFDEF8E875FA7D1D029DCEA8BDAB4D2972FBF2F5BD1632655B38B530B63346D982727E9D4BE1E995FFF1C7DD182F00DCEEE4527DD02C828F1E9AB22605D6FAF0086B11E7155C68C2C835CB1EE31566056C89673579837AB9B
1559	C7BEFD2A71DFF8F4DFDCC274473124A5617D5766608CE9C8103D45B95668F69C8E1EBDE0D75328BC91C8139DFD691CD6915C6BE810E90BCB55F031F12CE7813CBECA7A505AA10641EC9465431A10DD033CFABEE245DC87E157AFC6F7381B344AB9F219BC
1560	5CE47F266C45A60A134D9AC736FE220D20B4A7AFB4814177AEE3B718300E92D6DE8EA8E3B37BA40CBC3299A0641A262DD4621C9A2FFBDD0A5F172DB87E756EBB85CA8E6BCD4A6B007900CB0C685B328F0F1541D45B90A493D65ABA6E04B417A4955BCB1A
1561	8DE0B9FCD415C27D8B5656C754978AC442FF540E19419E24C16BC86BC43F845898ED361F8236E76B1E40D9B76472
1562	962641C1DEC705059AC7E39A2C5FC9F07D19E33A4D0BD5B2DB4B76CDA78DDFFC1F98DE6FB715CC399CC76795216DFAF6D3EE891D0C114A89489F3F4700F46D82C351D4A19892BE4C25FDACC86D5AFC52630108D3C56D7316035238E44A0075E045C0B647
1563	1F1DC3D91159584FE2D56512CDFB9A3EFF1A0172ACB6197CFB8D7D5B3F51B29232E2FE4D886674BA0C837DE00C24E82E88163E7031B5D2A09D1D5889E9133572EAF23D8820DAB2EB066E500B81D1D59B185B3863B7BA31536788E3A81B1C3568C73F571A
1564	6FC1A893D5718F31B7947B28ABFD6390CF8F4BC6FBCE802AE0D42B2F94FCC698BC730F1838CD044D2950D704F3D87641B98E860130B692B3FCC998F386A996C35AC8A77E96F252BB7721C13BDB9FCA1601535AFBA526B7CAA8AA5CFABA46CA96FB562EFE
1565	FF6417D209D8DF300C7928C88BF339FE04513667DBB5A6C949E45FE128AC18779BF8B711750DB16179B75852387DB0CD343D09B493EB798D3A5FF1B2F7BAE886E9BC8A4FBD34BF3A3EBB109F1AA4FF84160A0F45A31FACF62A2DC4E4C5E46B13D9050860
1566	ABDCBADC953C77EE13BD1D818D1C68353480CD33C0A4A301A31A11ADCCDED4FB0C0B5E45EDC75B03C482B60FE6AAEE1D504E34D6D218A214A27AFCE13EF0B15BB0C402C913F818B247D7964D2A734720962FBCF5CDC49C2F7B52AFD2E717265844EB706A
1567	10E5D06D7C47D2FF3605B0A65A8F45F276B09A8BB5A195FAB4BE3A1989090E2C6A5595D2C25F3AA3776B0EFBBAC7B408D243100373E5CD01F78DE7161395621D28CEF74F4EDA1ADDD7225B6E06753F9A0831B3218E72AD94444F84C8D2B1C3927665C61D
1568	FCDD3132D8DC1297AD18C9A7C88022B4735F5B7B5B30FD72AE3DBA744E77C23EC5D496D39977895514608A4C18E7729A786EC789D0B3C2CB86F2C63E59BA9057B58A2131E3748D1E5A0C6E5A756655B2D2DE793F60C6E35AD719157B3B059743D7C1BB7F
1569	F1941A1CF283C1A41706D157AAE98E9C360DDEE97A1D30ECB754CCD09403F82DEB15C3FCEACA049DDE1461094901F26E6B30D36F1744541928B34E54231BCF4DEDCD41F156959E249BC87C5F2E57CB62B174CF67266E327826D202F81718938F758B5D31
1570	F8AE451BD5080F678B7BD86F76C5CB33E620FC17F4AA796D6726C0B47FC703DCB6B3CECAEF56A2498B3298E4BCF56C126954C59C50373E4819A7D3125B6ED4CCBFFDC54B2130808999E00F6DF3141512AC4988CB721B3DAEEE523EB886EE82F5F26BF43A
1571	E138A9E4BBE77F39E6C0E8FB5CA036183BFD989449493C36D9021DC398C36584D235BE1CC291D78C9A50D31C03D5D566B6ADF9FB9669071A07A19B5F97CDB867F9B8CC6EB3C73F254B9080233CA99D5A75947E0136F72B0194ECC07E61D422821A0362A7
1572	C9272947783C114D5C9667982A08F720ABBF2970D46C9468B6EC704D4CD8BEA01B93B4A82223D71ACEF9998E54F3665187B68DED171B719F6C9E6B50CBDFC3A7B2C7422CC42B88E211D210CE907D75A36BF33E8063585DED718895DE7EB9EAB27ACEBD2D
1573	4C134BBD58551B1A776671767850A202D65B4E654CDD8A3C3A810D0DB4CEB5AA67121EFCF0E9B2962A5079B5507C59624235DA8F246BB2A8E30DDE072A91BE801F94F3015F8DE81D9DD16EE8F8B470E71EA8F97255E6A6FF032E67F4B3E35BF5BA0E7DE6
1574	002094D3E1E7AFEEBD4591DC302100BCB8275E598594C970E73C19BF91607F55C5504608A4FCD7F3C3CFF78E9761C084FD294D9725E29AC603F4511A221F47A849DC89DF0CC6F515E93DE6040C67E52CC5A91897EE0D546266C687A9FD110E763563979D
1575	C78B997C1E5F2AA6714A60F0594EBE9CB1DB43427AFD899DA7CC607F6CBA35EA39796B52CF43730732B3B109FC1802983E65C5B52DD146B6BFFD44DB842471039EE684980F46A45D34C630962631C6E2AFED604724120F6931BC3963E3B8E5F2B7C95C1A
1576	5BA8B15F84349A4E025DC9256E582DF3450D51FC05F96438960D1A81D1394341885C63BA79BED9802E46F4A6971F51665D65D2FB94398B725E70F4141B4EB056C76A2CDFA0C57ADA8394BFA364FFF56B4FFF6F583299DDE6C29763D491C9A9CA4D7209C5
1577	F81A73FF4A94F300A934BCDC83E330AB302AB58B2A596673AD42A5B0452419818D8D07CE3CFD8093B445E9D13AFD3825B6E732EFAD91560836D8F8B8434F9924077C513343C2E04E4B319220AF341E3B27AB2C968A0DA5A1A6C85FA17DDB1C127DAAD95F
1578	4E7BBE6EF175A785E35585DBC45DA82DC345796F1D0DC1616ED2B02E3D0D96EE0C2693A680C9966D2A8B4A2F5D6170029A5155F470FE538C08FE4D56E216C1756B50B22675CEA2B74AD9A5B004D606978EC082751035CA2E4E71E1EA0C9A71435FD67199
1579	EDBF4CBFA5BB049D2087FE5249F98772C623EFBE34A61D918E2400D01535A7BC327722029568B621BBB4C7FBE82C547B0910A4A5A4C281C3D0CB7982975B0589B3CD2AD640BF41CC6913AC25B7FB48BE64D4AE52BC78A55B6AE3619F01E91FAD10143EC2
1580	F4EBD54256A5D7A372F03286CB86D79F8295A28181B823870DFF45215B18C0461E9C31E2E4614A41C7223906E77F96ADE9D4E5CD427B5843A591533104C36A63A55B9B0FFFDC220ACD2D6C7DF070435214986809A1B20211E560E44C199D843F56B37D04
1581	572E9C5257755148BA82248611D334F20BA16A7EFBE46494567B8D1FE5A4A6EE9C0C2F15BF2BF7941D8C7C5840746C5143FCECDB6D17F21E446EB3BC7C863E01DAE74AC46F55A6C52FAA529FCF717AB876B6028F3F363912F80AAD61C2FFC2E8AA3055BD
1582	A0447703CBBA2251F80A86D60486D1A857C61DD4A36F316A135BE359A856F2052AE96BCD750367FF6CDD861A1AE9
1583	87FE13C8356276D1E98206700ED0476618311FC6B21235878BAA5CBC16AF9B35BE0AAA1019058CE726BDDA08EB1D3A71A17AB9663F2DDA51A015462E5757A9161A2C4C63E3EB42B3B197EB5601C3BBBFF91EEFBA98FB35FA3AC98BB9B1699EA9B357CA38
1584	F671C13A5CF2C626D6CE66CAD5BC6A6A00F8DD236EC8886A2F03CC81FAF8D844880B896F43F7EA266A66AFC6384DF236442BC600BCD6FD32A22EABDD8E595F3CF98E253A46E2031F5D1EB2AD9A271630EB0A65173D8583FF24DB15ADE4D680278DF57CDA
1585	7064FF7F71ED71E97B437939DDD4222A01AF4A43AB53EB48F8CA595D5CBA0DA0DD42304AF88ED28E2976911BD59CCB77328037000011F6D986327A232CBD03E433426DA9A2733196D58B94B5D8EF11752C993783F5C9A260E2E6BE81D788AAC231DD62D6
1586	B273C0206C1AC689302A371718D3D0932221BEF65509AD2511D89FE47C4938C13A8FF6DE453ADB7CEE3041327EC8DE755B4387982608789B9F7424A60C2922BAC17EA4966B329EB4BB485442308DA25A12F135A0C5E937FD8B342351938BE063BA622E09
1587	936FDF386C24E39DCFAB02B0FC0B5D831D082E5CF23D29E64830548BC7DAF612A7ED4F8B6F6C0FDFE0932AA580B0057FFEDE82CB992CBE1734816A6CB716DC493D8D7E5F37B16672664B7518A654E73760162691B5841A23F883135104D9AECD60CF01EF
1588	2F2273D58C29F5439BABB2C55D0A401FC2739FA50AD5D895E12F4E47F13FE217E67BD343F73676EDD6F5FE3B1249256BCF2F3E671B187B9E1B7C81EBEB585A388C5D84CCAD5C1CB6852DE3F1096BE1DF95BEF4F17CEE9F10CBF589CB4F32CE5B4DC9B6AC
1589	B5AA93B38D24E0F20CA8E73CA5086A513CD4D923129B74AC3F16C571A14EFCEACB07F73D0BF5DDC40FE7EB125AEC0668C8D0561F2BBA253632340FE003160A086252DDB9829477DD7FE34F1798A50B51FABDDD0F6FE22892F68A85BDA23980A29349647B
1590	EBD9E746319E1D52563056935486EB9D4FFE47BC158436766292CDD082F052E90A6362183C7755A8048742001AC5D76142F1E26F30429D5CEB84A06DF0EF1F65494B92D150063B233078845FA4BF38B7BD6F9CDD9B19DFC475835DDB5CF2355EA25FD871
1591	C80C194D4A42997B444CCEB97DAD3B2AB8046C4F1E5C102B97BEF6DE2B08E05C84975075417FAE0D9325D6E83F45D568B2752B638E75BE60CDED4185DBF99368CC389EA883AF7CAAD4723DDAF73B7EC7E6C1A66A8EA17CA0F5B7D5138A1E9D501A63D506
1592	1EF5F0E8D2319AD9ABF3A89934704F13123A3C11C88A73DA5CF80C39C1CA522964918591CBD17AD2FD86457DA955F001A750BAA06CDC7A686248BBC309AC57C15EE4CCC702CFA653511463D2FC6E2413FF20EE22A54A9C3E04518A32C78A57971B8693ED
1593	3D005897BA59191622767B4468CDAD774C0597F84B48B542B026BA70DDCCF6193CA8C8373C5A5A15B66E766C0186A9130EF1B74ED22FBBB0AFE0C1B30068E311A92A08360E7A04680EC072B235101FE4F398E1311D4039FE134A4E887AD4AFF9B1498BDD
1594	0E04F6E1ABBEF9FECAD28089EEE885F6F07BD95ABEBA74B29F43A3C74DC2F1A71DCA854B7DD6444EEC234347465A2533909DEE90456CC171F2DDA282C66DC252BCC19D2C2D5CF58F01D11A122CD86A5D0755EF734442A708B87ECEDC8997D110B7E7A5EF
1595	A8FA4C1C832F8646A05AE489C54D95981AF66FA20A43D1532259AD264EC2FE78215B280B7E38C6BC811370021067B5F4DBAAAF578DB1B12B95BC22546142A729275B8A60541518314471E5AF9A2D754558720F81F50511BED3E70CB7248AD9ED6851E8D3
1596	C26818EAE874D1D817D55A2D00B2EF7D046F56E3452BCBBD9FBA202D50347AE58DB6DCD7BCA886AAE321220BD9A4C504B194372FDB4547840D77BB05C6729500EB1158161CCA40CC77E945B208324F5BB3A2B4BE1BD1359672F09116D777F09CDB91233B
1597	961792129071A797618C12BB6AF8C9781D5B2E849127FDFABBECBDD402EB54D1919580B79AC31A0404F39E922B2A8F44B263FDEE3D242A606DE6C1B8ED62A60BAF021B57984A7BC457067F1F46919C0CEA9B8FFC94EDB54AF8FC56A965F3633FB174D40B
1598	5B404063FA26AD7FC99BD675E92478AAA47CE183C13BAC6F1DB4DE6E290A6907D7FACD03A89E75C65FFD19BD78A977CF522DECE0AA334F2CC1D66B492ECA5052773036B2F08020BB672B59C68FF24DEC40B51F04207C19961E5E00FB47F725BE07F72EAD
1599	BC0D76D319F1A7E2D39B9BC0F2EF1EB80A09A3CC614B13F92B00CB9A169E504724C8F6B351F1D32A68E98182F8892496DCB2DBE16232D58A33BA1D4936AB2D56EE8C164E0380ACA600AF46575FF70F4DB785ED64884BE9CD046FC2265F30236083D32241
1600	D0DECC4ED9B307E68F63206A7ABC466974F37598E59DD0262C097080B0272CFE101DB6B403EEA21FA5D4EABA8042D10F2299DA26E9D829A80131E4443F4E11154AE1C146C3E59228034F323726EB02310FBFC55560B4007A3686C96C97057899D6C0641E
1601	794E73B13BDBAB87B21BDF76680068361A90114BBB9269A9E6CD0CF96618E2A87613FA1C1CB8C5E4375F92BA70C78FA1CCC8FEF151549AFAA7212BB01290E7A8EC44F8F7FB3F6B15E168A4FC1BD08B4F134BE0370A5EDEAA7A8934E18832490FDFEEA9F7
1602	75B586D39AC51E24C8F1283066CA29EA2328BF1B2A55B7C831967DFC5129C5956B2FEC1BAE877F8E9358783FC4C819BBC9F7BE7CBE069267B2877185BD714D16DFF50EB0B5E4C3CA25BF2487D83BD0817E29418D9ABD6F11E8CC23854E65576F1572EFA3
1603	8C58913DC16436D55460874D8C84BAD99FD381135461DBC433E01FDBBF85B1010B09E0720D1EA73A0986DBB9ED2E
1604	3713731A49EC852A6904D47AB7A5BED2C79C5759EDA82495F1F49DC1733C3F9E95E0379F447177FF5332858D90A7E6DE1ED5A7C2B4250C11D79579C8CA242BC5F6BAF88C31261931C6A6BB7B186A84840B7D71E920A2482C6CE8788CCB76544A9B9D7F93
1605	CD0EA2C3C1BCA2B7733FD54FC5815435FA41D7FB75FEEC185A816C11CDE712D1EB5CDA8B35DDAD39DBC6BDFA37F3861566CEA9934B6482FCB71BB28A9051BCDF9D1486A69FF50E30C179EDC1A08303A33D98234A8FDCE069B995C7559157F22A1A9D5001
1606	C725E6D533F7224F3A51496288E87BA07AB4CD0C39C2D98C40674B2DF9DE4326ACEDD5509782AE69AE051CE946598A984E163A2A3D556685395BD8C2415241104E3931EEFE54726CAE824C0113785968D9C93B87AC23354346EC1B741401C7E9F3A0B73A
1607	D811479F16D18FD44E97B2EE5957DC4FDF0E6F3838A1CC6341A04BF6D73948CC0088316D9EB580F4830752464FA77B587737F8AE10EE5800A597FC048E648458C2C7A914E33A6EF5B3EF8ABD3634ECC05E1CE7E2BBD3940471CBE210F847F2C264C8595F
1608	8ABF26199A3EE3B1D8E9DE39BB2597B7F086FD068C6197DF02793E1B0B926CC750F7E2CE612E3D79B54FEF54BA7F5815F21ED0C92A379B33CEF28E946D2D2BB05144F0BB2B5A0BF989BCFB4696CFB9C856AB680DC8EDF26B26BBFDE0873A121B6474703D
1609	3699D34EBDE6C061B2C0ECA17952F220A2F41E82926A2E0A8C50B15BBF7EDD1482A6C82543CF65C06C95574F790E0AB908A7B9E7BD78F0E6A1E4A80D76204710233B633A688321208341F1ABE7F1EABB35B60C3931EAEF93F37FF41042D85F7CE94C24B7
1610	95655F56ADFE298E942AC04448F6E51253922D6930374CC4ADECD56D5C579502AE10C2E79CD07B171B22CB5884FDF1EB4C44A0942699EBE63D9934A8792F9736C616EB9BC3FD927A3582107FFF9FF4C5038697EA117445ECD15B90696C74F2C0A215907E
1611	6AA1CACE8E6041C5CAB8D4D1292968D64A665BB3B52C3590AE61589CC6FA2F96B0CF6E498F0C45F453CF10EF6C9497D44F903E965B8387552D2A2E6C9D588DE273ADBF505171DD88482EB355930797D9F9398E8C01E3AB6F20BF2D3D57316C3FFB301197
1612	F4767BCE568AF4BC59E965EDF4B0192AECCAACF218D949D6F54090D469159A8678EA435724B5E75D422E8E835C07EBF7A0C2AFBE3301F1FE9621A953D6A96FDAAE498F988C88F6A3A2F8AD6AA4FC918DCE5D15A9FD50D6E3473A3B33EEDF854F85B60D0E
1613	3023BCEE6D9C4BA4532E285CA9FC894E0F9C760A4EFC1C87BC329F8AC7905B2DBC93B576C1954ADEFF0740E9B3E8D1E47ACDD0A2C9CF536B1C6B44FEE263E45CFC7C9AAD4ACC99B7BC222B16CC8438824290DD8A477F9A9F6B6664509AB435C7769467E3
1614	97A8EB990B27BD25E62624DF154C8BA92A081EF44E7D9FA758E741583343F36C27054D3A0A8800F86852783676540AAEDA9F9743662FB58DE5F2F108229BF9E3E032A1482213955EAF5C0DB546353336C8D878015996CF67FBDECB57F9D06E928A56F11F
1615	F5FA6A3AD320FE5BEDFCDE652EA324B062B370110E93E1D3E906C215B3B906886F91C8A699AD0090850A7C64F005C7D547A95A8BE3A09E8B5385D1624D341BCC2404453A7A78E1494E4FA5B5A52E2444F85E81A07C05A3B70B67C837C18A5A455C193338
1616	7CF9D4CF4ECFCA705A3B893992BFED27527FB12FDC92886BE06E3D8420D448AA35ED2BB115FFD18CD68DDFEA170EEEBCD69B099C16E6BE95F4684CBAE9805D4323BE370D02D5CFA9046FB58A87CC62E1B5B4C9C87D101C3B96FD5C1DF037E708DFC68943
1617	292DF1117A797BA618C0C43BD1E57ED144CAA89EEE3983FDFF0DB4904AE7AFF76DE02583D81E6DC96809876510F936AC567F09039A55DD917221C70BEF3170DD100D4860E691F3FEA88D5C864E29E64A2C0EF4AF6146ADBFAD28A97FC54E08A20428111A
1618	9F6B397DF32E5DD13DBAA161437D5AC96E98423B447F80EB61075B7C7A3CA250DCB97378937EA9EBEAD1DE523DC1961A66A1872E6A923E2924A546A22163237D5B758D3C491F72ECAB9ABE616DB36252FF79765382F49A2190007DC952744C8B979CCAD4
1619	B46F68E615955BB508C1D20CE1DF06E641E0E572F66B9310913950D49CB2C41CD7A70974AEA5B3F09A9C73E37A2D9E0A52B3FD4BCF462B93E72C7F60B6B6513CAF65923A713467E261E4F8B62B18BC8D5ABDE5F385571F7F92365197BED94FE959A4D7F0
1620	D440517127BB8545F71A758AF1B4CAFA4836D2AF02F728857C32D325F629003BCCC8045E8F76B20541A32A7D0BD5032F0C8C08667CDE883B23E28E995B19C58A3DD37337140A7B4FEC1BAEA2542657FF7E2E74124FFD6C4F2A7054B9F771A7634814F5D4
1621	431557CEC2C8BBBFD6036DAEEF35186CF939221D252D70D06142360FE3BC1D10A63E6F52888CB924FDF999FC1C9B05DCE224C2BA0A4EACB2B7CA1F30D330173024F9717A155A52E0BD3EBD0B3BA5E1D21AB50DE76348577663C3127C1AC7833BC7A97203
1622	D08D1DF07FC67775301CCE1941237171DD38C78578E542733F4D7B87E1EFCDC58921669908C0D944DD1DBFA19A409D9E1702B3E891F3AE036AF8D3628CB8D5266EBDC3C016059CCD152FE4F7F2A97938895C2A1C1ACC97E361F338472BF9D13A7E9DD32F
1623	7B3ED199DA7C070379546BD9CEE565265FA22E4D7470921C154C45FF1DA6F24AE93D6D657A4787F852BB229C88A89C2BAE7F49C3ABE5060CBC3C658C0BAF3532087CEA015230E0B93F6E72FEA700D49BF8A12736DCE07ACD85DDD6050A4253EA13BF2C5D
1624	351D94CD0AE24BC3AFE59845A02588CCFA4682C61135132FE8BA2B7DF8E78FE671C2C132FCE608567FFCA6A9A4F2
1625	79E7A9A1C90EA8676F63D1E0FDBFD11863D4E585BFCED93CB796B7BA409440B56BCB799AC72C66E657FB0330205C41BC5B4F197FA70E8DEF03F5B8AC31D82B018DB910F58306D3B6CF0468884E70650C1444E1FDB8EE4DAEEC91022C2387D3588224ECD7
1626	C645C23527865AC1F177D3A6C0A75E06A15F02332167A11C65F5DED95B01A012B9067DA06F4BD449DA6C95622BC4EB8034C4DA9102EC3983EDF30C40C806C3BD8484FCB387C95D8906B7C5BCDAD8BF4C5E7EB328E145666118CF33A0D245CEB2D1167B7C
1627	8344E1B8B519A4CA68A0DD4F030A6AD80E4FC9E96E9CE461EA3D4442229FDB8E28DB0CA8B43B746F0536897BB4510C636AEBCACDB59374EF96EBA4C7CEB29B8F0D122C8B76D319943198AF3772F6EF63014931DEB54ACE9D8CCB5F035B4DF065D20CB091
1628	660D1ADF32BF70D9153F50F3E7F47B54293B0FCF0065DA483A8E68D0CB916D95EABBE329511DB5AFB64BF17749EE941C33AA74FF03E1382967772D64635850B9EDCC2683AD80F0D447498EF7EC93151A10B16F388B2A19D8BB7456815A78D266DE0126EB
1629	439BA9C815B917B926FE05FAF3ECA51E9538E3CB3870154D678CB66384F5241DF3C05A53F95708567039EA80EB3A2660050081D76C8146E4774A0EDB98117AA04C4F539B22B94397193D6FF48ED833EED96DC052B3DF2BCEE29487CCD951E64071907674
1630	C0D7A25A4269D9F410BD63FE6265986BFEBFBABF2B9E2AE11F9B73478FA37507E79D626B4465A00A19DBD767D924D7D4444A449DE9CFBBB3DAB52A6A62696096DF273565EBD141AA38970A5CA301BE59814C01440A7A8CFBAFD297610EF39003A73A3E67
1631	2F0947DE4769270A60CABEEE4EE01FEC342B41DE97ACBBAA9692D6D49AA96AD78BC02352A796D97CAD21E50F70F2256E27A76D7E254E5DE1F193C3DF13A3DF755D06279E1CE3C7DABCD0A80D3D3EBF08CBE4010FA58DAE1BE7BAFDC184E76E0A976C153E
1632	2A092E9EC7ACE7D37EAC76FEDBD721C9AB9B87841CB62C0FC2E3D931221A3AC22DB07622E92870034BEA416AAA8620159178C6457FC601C0F749E2F49D6F02CF3851F29113A638CF3CC75620ACD40953FE8154EFB3245AFA41BC57ACD5D734C587A7DD90
1633	B8A6A0605B291B7713E623632B2BD9464AFFCE0F97462AC754C27B23D04415C9ACADAC362C30842257D8A95FF55F461E9A3EB851E9C0750FC90604D8895D7EC6798AAE66088056065EFCAFD51E3F04AA987A533A3185091D67C9411FB479ED78566FCE61
1634	31386E6AA6469F79FE95444A83FB209A8300310A0E6E6D779D5F4A2CB3EDBC523A993C26853B74E9C5BD74612DD3DA9165B251044CC7CD80DDC00036A017722217AD9B56C1A10B721A6FAA0ECA7666978131373C546A87E43ED5D0D941BFF2462C52EE67
1635	B745AEFE65BAC7F23516C55D47441447F0BFDB6FC350B73EAFCD3CC3035D87DA7A07A0527186CF77450576F2D82FFAEC29B564910655EEA0D4CCD7166CF0ABDA608056B300BC38F0591EE00810733D371DCA2606CFCA12532A53A3F9F970E77A9A3FB848
1636	303AE0C971465E6A18E57812F385F7BF258343FE34563256D9E3A64D3827DF4D78E67993C438EB1FC4DA8AAA016F2D1BEE87B1B2575AB0FB349C234041B591717E06FA862BDA8344D696A89CCB910F95F4EF39680143E18C7960743D2C69E19069865427
1637	F31914612CC52F9D0902C09AC8E0A6790C6BF9CFBE384C5B91063CC6B229C825E3691AE65E3B6CFBBDCE96F1B576A137680AC9FEFC359F9FAD6F56DDD463E615CFA1E496BB155F033DA9A7A90F74D1D067E94F843B7CEDCCE4F74105835572B8C2E3575D
1638	456AAAA04E61EF6C38711DC49157488F31ACFF8D7E3300E664A2C85A1875107828B99253EC6F59D9E60DD27EAD48CFCAD15DF44B8D9A3805EC18671C67995AB86D0D0C51D02B454AF7A042FC2EF6A12400BB28EFC5809D16AF2D52F9B697E336E5A86ACA
1639	0F95FABD3B1C365EDD2AA49A672BB844A994828DAF1173D5B0EE17996ACA5FAF65D2DF3F191C7FF86781574929AC7E210A35A09A2046F177BF3849DC64E075279A048D49C46630DE2415EEEA7AA4C0808B8A85A24E2063F3ABF51C590A6D780A257D8274
1640	231593A859D30DE8DDAA560876510ED648B92AC012F47D2A9FAD2CCC7F7F81B96D57FE37501CE70B195228B6D7226C3C0FAC51D73D8E1194D34A518AA4D57AC5E9D5FBDE90A3A784EF1AD4B57620B8AC576B4F0661257CA95352F49A237D0D45EB183920
1641	577032F09B6DBC5D1434389854B2E5A1C80D732EB202AF18BBB7F48CE34943A7101E4CA12831D432D27C13E08A4F9363F7C2F536B07830EFD22D84587195A98469DA15D2D2ED25109A8479CCF0762BE55FC974EC3F15F62EA1EC95218AAE3556B97AE960
1642	F0B4C0B1A73F8CD7255C0308FE3571D2AACD4969D345A9458D037B2E605B6A674610CBCA31990C0A70E21CEBA2A710E8DEB94BD55FF032615054C74E85887BB08D1178A439C0F3B3DEF9721C7345F725C9567F21E37A87A9C3CE809DAEE77FD552D05367
1643	39737C8D82E5F88A5AA9B6538D532CD9431905411394D04B41BF40047C203EA3B0979DD9AEABAFA8766AE14E38FD2C339BF0EFE7AF53D6948CDFDC9819269926BA5901211C97F140CB6377A26CB1CE65451BE52FB015D6F8900FA131BBA7815D7B896D51
1644	83291C3BF57911D05DFA7F85FBD132AD726C6387DAE81E459F53E1B699E2C52A266D3A13D6230D510AEC6FC7E58411D0C23F14564C987B525F91EB2FC422C19D0907726529494C642B4DCB6CFAC0272958B8F1A3117E346C574A2CC561C45DFB0B337A9B
1645	1761D013655683EF8285DCE76291884897C892E0F119A57CAB5F7486B47AACEE6CEDAD4C0E35BA5B570C06A9963E
1646	526397FCA78B162BEEC6C3B4CE03527E399E49C76019FA58D0476F0BE41C5F3F707E6ED077B42A9854A323924F068F7B6CA83689CE438DDD390DFBA24B4230A0A8E898803948365C2EB1AF2A127C91BDE9B2FA32E132B1D389E6BBDA2B621D20E656970D
1647	3EA6BB01A20F02FF48E14C2C38995C7E6523C05F9CF2D119CC9B505AAD050B0AC725B11F4280EA3D2AFE0F1AEBEA1EE2835ED722F8ADABE3F633FCA011C7E7359A47AC3E3511E4ADEA304E9ED1D7FDAFA9936E5C633290033D960A5A10026855C9797A17
1648	D6B6A2B8AEFC5A5EDD49927BF1AF24E6C4F6941CBF72377647C385B093C336E91359D0DCB570DB6EE04493FD465AF488FFFF501D7CA53322E05543B2B427D556637FDF8E529975FA5E2542C7B5C875D2A373AA491F4162C771A33F0EE88274A36D1497AD
1649	2A526436976C784CA4D5839B2857299CEA6E88D64E80997A7C122BA1986C584E2F7F6A44125D4BE7DCB6A9B1100CEFB098AF2C8C403625611FF9216A1FD8ABDF7B66BEAC4757857FBD23A0557D5AF6F4B62C0E139E5BD1D12B781EC0F8978184B9CECF02
1650	0340713AB98D01FCFF52935553034AF57C60DA43FB0EEAFE37897A502C0DE2E98AEFBA4DBCB6531F95AEEEBED82B3F05879B6B6CAC8E9151A3A7343E635BF91FEEFCBBA3664E5E07B3924C36FEA030A2DAF436A44DCB7504DD5CB39E91ACDF883F34F46C
1651	7FA4E023A2ADED631429C0B40474BA561EA631BEAF12B56F51820BC8E5F402268F0228135192274A636ECE945E7E0FC18F7426C3EF060812110EE8BE3744708BF50EF6B60A17974D8087CF0313A58DEBD224925AB98639AC9A4F268457F2B785E2974FAD
1652	62A6405661659F01DB5F93B31986344FE6B28F499CD52DAF359766F05D30ADA3F96846250AE80F939D30291ACAE091B907EB4F96F12F7CC5D77B60F0A4AA3AECC539C70677B268576F6F49F215E5FCEF3919A44C9F6C5D5A4B048A553F3F0C9E5AA8A4E2
1653	22B38147C12A97F24CDC625D0693A9C9B11111384835385DCDE4B6F25FC11CC82653D145ACE354739E34AEB8602A59E2CE548A258606FE50787742A2F72DBAE14FC2A4E44A3DAA66A7BF2C5D0B74EC1F266457C843671D47220632591E9AABD53C1D96B6
1654	A2D6F721B14C7845F873B7F58D530651444DA8B783158BD4D31FF07FE145B98CC9B6E50C31051DA29427BDD00E93958A2D3626923143AB47BBDB7F9976B0F1220E0186F04CDBCABC4236577A45754E42808ADC1F877BAE99092824975F03A79A97E32599
1655	26FD9AF3684684ADF5D822F37B21B55FE0ED995B82010C675955245CDF3FF55971F1C7B24F9592376F42411DCB844148286C6EFEF7405B853F67CF73676BA2F23E5788B9C24D49E2C0920BA7DE2B6F2F756DBFEE01C287E7915F13974F4704E4A51F07F9
1656	319290EF82260404211FD889B666B1DC04601E84C74EEB08712F068DCCADC977ADEA3A3941D55C904A1E1E48C728727E6AB8C96832D9F8A28496DB14C497AB64011C424D55BC215780A9DAFE7725815C45E402F6309B7D596D700CA11D6680AE537B017A
1657	ECE192887151C45565C6E58A6FF43041162D372D6C8CDDD33396C1450CE690407A7FEA6097009020C3FC66D37F95C71FEC30CA4B012D93AB051592B292AD2EEBF012E7DE7EBA0DF7ADBC7F6530DB1BA5899671C35A4BE471772CD5EB3C0E4FC8F4938BEE
1658	E6992023D36E1A3264E98CAD4D44A3EF26123CB93EF69C82AE6562FB7308A88524BAE0F543A44C0042F46F0ABC161FC43E15735F532697118756981D87DE35B9C642643D5641FA927E1526E25AC1750F20E9A753AF013B79ED05F32E669C42BDCC0D9625
1659	D687899F2493AB2E0DFBB689AFBEF9B2C0C4EBD923F1D145E11E69AE96AF315624443AA2ADF2F270FF180671D836F8D1D91C8FA2E4841EFFBAEC77C95C4CEB3BD038182B86A9EE3F73E7ACC63C4DB0E3869231EE45CBEFAE765EA800D4F4113818F8F28A
1660	33482B3FBEFE26C088B53060E97F5398445E693B1682F4C25FF38CA4BBA138AD6C9A28F1B863EDA00D4EF6AD750ED6CB3FFBA4EB6CB49DDBE7C020E98F9BD8EB0D74CEC6721014CD0B6FE0324DEE35C31AD7D01F42D68FEF6981C5C229DE831AF278EF2D
1661	509F745B92DD3A577892BAE2ACF27E159FA45CA785BF9A1875969C1FD27684D6052EDAC6325CAD78D2C665398775654B917FBCE0E3C8DA110576FC6033AFE28830285C8BCCAE461B159DD60BD924E153043E7E8D49311300A7E83D1DCBC1970AD27F308D
1662	8C11A31D74FEFA1C4A709BBBCE59501ABCEFF0D3B80E2495B9B879B91CBA346CDFEA4CD5198F28ED24D6A5EC42BAED5246AEB6F0C78D7B48864C6E960B9C235737E7E6309320C0C011C60CC1F98735837F3C6A22A148A257CC97FD0A78F0B6D01E03FC39
1663	B5419889F695EBB40168AF2A5AD34BAC6503C7D8E1A92A2FA44C3FCB29B2EDAEAEB1E98CE1B49965CFDCECF5F96DF71947D54625F395E1A4D68174571D16E2CEE855EC8237A8EC60C815E91BD34B4853C58E3FB1A60F5B1DB1C3C8726F19A7945E07CC41
1664	53B7AC41DD7BA30B22BA9F71BDA891ECE94BA706E64E0B5841EF76C897F837491D5906283BD08AB3591AA7BDC876733FBE50F1AC9C78FEC7206DBB41F86B76FFC09C355D250F32A5F6AC116AA4DFDF25956FA347D342416DB067B856CF35D28190360A22
1665	0054E782A2DF1CE1861B614FD6074BB1E0EE34E8D0D2FABD919C2C1187BA2245FF0509759F7D64839F0950B82BD29E85D071889CBFA2CA7269EBD3343BEE661C7ED88068500188658DE955E9CCEB2CDF61F1DCD14B586D375F3D3B3B35DD335FB1FB70E5
1666	341C3A3E9521CD62C619C1784089904BE0136EECD7EDA6542ED4B5BA47D74DB575CEBBE2A676DE33B466088C508E
1667	CE64B7FBE1ACA167574DB02E53D83D7781784A1797B815DBC78824C124FEDE062B137D3AB285CAEBAACB1E55EFBA958C3CECD08CAB10E14ACCCB9B87C144CEB573095603AC82CB77A280B8B7417EEB645B965AFF8E2090EB7628E50C32A911A7960A42F1
1668	8C4F7CDAF9D4C9A90C27B41A34AE47800309EDCBA22259DD1E8AF03EEE29C703B97AE287C0A6C65593F9863D759213392B18E8D884CB918C4E443F4E5C7F5CED2F0502023DF114C986FF1CB9BDD77CC3C448D1E356309CF1497D516527A5760ED6F206D9
1669	CA18A4EA01C36BCC62CAE84D9D5F1D98B670CC39AD890F92EF953505EBC9AD6747ACD6CC2ABEC367FCE279E6AE1B1159EA5389B048CD532585AFE6814838FAACF6C0282D634DD8C7DEFB04ED5C77B40F60C9FF724AA4DDB95E6D5D10C0BCA8E33E50CB81
1670	BAE80E4B7DFB2FE383E368A1BBA3AA8BB71085FD8E6EF1D5A14DFCBE1B326F3ADA9CEF32569E50F2B2C527BDC44DE25240071893CF3AD13FAE0237D557B22DAB87226FAC50D3109D300F302A524C8524ACD23904F53C20AAE917621F190B0194198E23B1
1671	993A67E5F1336FF2E4E5844DF04FDF8CAF24B2E351DE185CB8EB454273808C621AB14C0C65F4C8E77AA324F3F16CE7A134310887286D01F3EB2AA3316A137B30ACAA966538C7DDF87989D839BCA3E9D4B61536B82E4C67F9B6D8C0996E0A249122E18388
1672	C1EBD0E07FC5C6BB4CFC410F113D73C6B031ECD0F209BF47032FF7CE59495ABC3378BF7E44C419FB01F2B9F45E39F4BDC21B96F7FA0BD064E70D4FA2E794ADB2C30577E88092B4F5A26BFE3E3843D98878E2E4476C4217384EF2017D504DCB62530C34B5
1673	E4907556313868C8992CB8FC0B3C440DFF84B319D329EC270456695C2940881CE9BD4E02FE9392BB92370C3A930A2DA27F59FDC6ED43774E020837716EA1F4C86FB9035EF772EA8770B2AC098C5F5B56A792E5095C47A1C1B4F3F66FE2F0415341DC5D4E
1674	CCA08BC1390326F7A6205139518105E8CA86A5219C85BE645719C5810AD0CE556E77C696816C7654BFA1320332FF42AA7F005C32EF36ECDDCD73AFE5D10FD44BA114354F1B190D5DDD28017AF1D86B33CE8688F8D21C10682BECDDB647B5C728C0808A3C
1675	FA7EEFB253023D8337C5ACA0FB7F4AFD34A60AE1742CC30C1DB3D5952E454F48D885882A5294F9DD1C9318DD814937DBD23C089A9FBBE28DB8E0CE73DEBE2D0B89C49406A24C2A6683D31F4DE189AF6FD856BD614E41B43E8B109DA16500B0A508706490
1676	DC0391F72C0B7ED376FFC1EB4A1CD61E3274BFBDD5C32FC9A498DB5FDC71AE2DC4C8173DCD27BA0EF0EA98C89871E6260F51229B0CD73AA608822C158CE7C118FA44F59AF8C7BAF4ADC83D6C80BE7DC912762131964B511623A95E601A88F2DBFB1EB8EB
1677	A91AB3FA86A7E300BE2C83451261B0E2148A5A675BC15F398644875C6C161A9F977E583544E827026854C078C870F9E8E30611B3390DB9ED6E3A5548AA4EA7754BD943B580FD5037C5F149BA22FFE86FBC278BA7917DEE7B323201EAE8E4721BE6771251
1678	229A03A5557BF61F35CFCB352D490F8262E3AE2B02B7CBC7BF590642E6A557E6B81907F95C99C8825422A77FA3B1B182843C80EFBA4855A933DAA4B8831A05CA332552FDA5786626551F145831076111A5C70B5B8B51D8142514A486B1D8B58CD80C3FA8
1679	82DBE3FC4D2529A26CE29687D73F663F57787DAA96C01433A6CF9236E7BCEB1564B99D6085B09D6B74526C1A09A03CA97AB036FD95DF902EE7CB6A26A06F741107241DA919AC90F949CE87FF565A0DA83856104F808F107061071A0E6D36DA6B68F09B15
1680	AD2D8C551E4DE9040AD390F20DF81DD1899B45EEB6220E1219FBB4F1704D4A5231C3E2890EDA4D9F2588B9B24F233188ACC384E523B51FF4D506E4E4C1319038DA4029E5B4DF792C90C8E232E8033DB075E83F2FEC885BDAEAA7EA05966A7B4CF7FBC956
1681	17FE81F3F551363A1959153513CBB914B0ABB0E9C12E8E1B460DD13CA16FCCCC548D2DD7E6DB30AE0CD9DEE2E678065D3BF17E1E24C20DFBFF837FE9D67C2028EDDABBDA244A278F1FDA86AF5A52A32E417DE9E080863E727C9A4F37513A962B5971F7A9
1682	CFA68A77C246CDB2745E2A6CD2E4F74984EF99A733FC3F2E78B7E8D60379247AAC853DA8C5B295710617AD4971B9A4CE9A7554FBD6FBC52B7D545892BA76F8DB241CE080500D0A25994C555A410BB192E8A2C73B4FCF6EF8C5D6A15D1A0DC3E4548AC126
1683	46C7F30B28B5701C003740C4F3C66040393CC516ED60F340794A75E22DC342E55D22EE7C9E2C852D26293B1CD9CAB470F58CC536DF330ECBDA5AD642BC56ABB0C1AFF77B722BBFF1F71230D809D338EB7851ACFDDE71FD8F87639A1BCD3C3CAC0FB15095
1684	A9EF4DC090E5B321419BD7BA2D139217B4291D55EC059C0CC3CE16DA71E870C2048C473A19145D468AE1A4F8AF266298F20291420BA13334C4BD6C79DE46FB14EAF5BD5CEC25B896FD8778BC566308D0E2AC4A2947DD7FB5C19BFC2AD957FD38E3DDAB2E
1685	3ABD21B9317EDB6D55093DFC0A25C3B57D4C0BD5ADCE9C74AF1A8060F4D16D94DF3EA3A1EEE441C5044978FE10D063C4A8EB067DC96B635901408F29183C9538E3AD6DA700FE12334874738AE7463D994BB95DCA8E6B83F8BF0DC40805C9E8E66E35AFC7
1686	B7F7FF59154F81310AE279425208385972AFB0EEA34BF63822EAB5BAB9D97329967E5F9981DC8D1F94AA81998E3E9A8650257F937437D3CB6DFB06F87200A8A9E9DD9B7C190A3CFBA4D6104C97389EAF2333F683359FCDD776CAEEE5C7280204CE8B4A55
1687	E76FEB7F66E8D0D49E965AC0A1BCC8EAB2C72A86EADC86BE16C304947A7C8281245F15D7CE0908AB53019D4344D8
1688	D113643EFABA60908C5A3800E2197C17246F4B1955B24C2DBC0FB08552E11034864B30FD5E78D1905AC7F227DDFC3136DB52055D5EC7B12181F0E08AD0D8396FB560AF3D6B3174412515C068B0B465A87559736C30042581BA279A00FA8C7E6048C7CD61
1689	DC4D53E76268C41F5D4C68D9FD745B48E97DFBE3A5BC905D2E9A4E048D7B1C0E84160E0D25384C7B1F0D2991ABE4168C5D7B04912620FFDEB5B3767C55EB75F5B6BD98D8D3CFCA83C5FCE7B097350915F0E6B8FB01968247009E43E297CAFBE7B384A935
1690	FF46BF1592B25A9C989B87AA5E90245C9D2717896FBBE1CC9A5C9AD0108EBE6099B34AEFBE54506983824CA3F7A7B28797CE7DD79995C3B6D22D9E90F7C689CAF05D1217E1791E8493C55EAC64482F1BDB640B882DFF4C3A0CE4416671EECF2B5BFA5F02
1691	723AD83C4E5D626D11814F2AD66B09D4C5C9FBDD37990DE88DCBB1CAF30B7E1E6659056DC05AD7CD47CC23D8CD37FA9896FFA7F270F9F0442A0AD0186C88DE27FD8EE1AF745A46B1EA8889D6D99905CE15752363333D5F6C471C2A4326E60A2CA2B811E1
1692	D7FEAB39AAC6E28D9D4737088A4A3AACCDE61DB26F4074D9615794534A6A05E221C5A0A56AE56B1D2907562C753273F409F148B2A6154F1D0DD558BF3E9F055FC0E0B36E346D7FCC22993C97AA7682A60F608F6C6C3EC57017DE30373D62AB1CF3851ED4
1693	F894B000AC1C74039D8F2BC6C53A8D57CA9EACFF745618CA7F05DBD5224DA84384C2C39A9E9BC2A6FF04AB604FF151424EF203B57D1BA282E6312A2A44F67E999386A8DA313F536F07B4518CAEE97AE3599963EA0FA486772A7F944A444D3189827A3543
1694	4BBBF24B6DD8ED7D38E098ED1098008E35881B84B09A94C41B65A5790ECE459FE404622683ACA51E7DBB9933A6F12DABA50AB8B88FFA0E64D740947F5BAC112418BC50CB0046394FA7554C5279FABC852EA622A2988A0622B000EDEC31EFF7018747BCDE
1695	FFB342AD4099CD8ABC044E2C1415B13AA54E8991894D303139BD3A3E5DBDEBA23A0CB149E3A7F99B3BB048F77C3BD6418017A981D255EB3066E4B061F4D2B25CB86B2BB43F0F8A5C8F8F332EC3B6B09B0B7B332733F74A5B187BB02110180C8C47BDC052
1696	D9164A186367952B5885F39A1DD80C642AF1B8A9341ECBF74C04D290DDD0EDF19F502F45FDED14222F6F31BEA3CF06D51F30CFC09F9E25E210009CE08458CFD70DC2061336A1D1D1AE71A6C7C2D879DFC7340041A02D73DC94077747C204D8339AE69A82
1697	DD187C713C80FF1410FCAC3120920DE332D19F795B14BEBEA1B99E5D3CD56B06033789B75D2C0A09CD49ABA29CAAF62496C443C2A7C6B79F846ADC93A817E878D4E38BCDAAF841CEA97670CDA3A89A387ABE3DE63AFB074F9C76CCF4C2BE59D53C645E01
1698	43E30FCF464A70BAF9586A707B4C2EC5D1A2E731A94C19C936683A1BC809D8CE22AFD0DC63240CAC9B9CD177F7DD747076B4253AB8302AB599531F655F2588F128395748A6BE0C380AC34A835F8E83FF42FC5318E3DD02B0ED0C3580C89955C29568DB49
1699	E7FFE03328B41CA230BC1150C212DD837EF2C07E32779279E7231BC7107322F9AC0F884BE5B81038AF49C0EE6DED973475E93DDD5577B0AAA5DE1516671DE7E24035A442F030FF52B46D34691FC0599451BDA8562A805C3CA16F8E1A12D56C3417B3FDF2
1700	86E7DC6BDB2DDFEB2463D1787503C66B70EF4A27654EBB23C64F0AB4804CFDD280E213F45D164988720A509B75AB0443DECEC6EECD86DCB79ED55AD221011F04521117229551737DE7B0D04317529972E78103DFD398DB77449B1B26769684DC96C7B04E
1701	5E499AB54E72980E2DF8FF40F3687C5BFE5F724EE3BA0EEA6E47857511499944AA8755A67F8C0F097F8F65A6AA2C2FA4A2C9B1FF1ECB9054C70497614E18438C285CD05A91ACB8A53502B5ACF5699737E749A931BF9291E6704D7051D84F0A5DD0762A97
1702	026F805B55537CEF887B7269C20433E1BC566E805D14A51729DFDAD11143FBEC34F4612611EE5F977736AF8A83807386416780837653BAE5713BCDC65D029E6BD1A99BB30EB9E12522852C461A6C5D0B424F122B00EAD28EA24D7D7FA394059F3B7A0BCC
1703	F703CC72D44926D1E6DAD12A3ABA8F2E1B087CD850212380E6D93346C39C6F19D3972AE03A4CC376913148225151726C34EC4F1E915BDA1559A2696B29D107989805FDB7FC4EB386F06BC3924C07A2ED978DF02DD4480D23BCDB64ED2E76C908793A8926
1704	5504E46228C21977D1C3BED5FE46E6CD0A199F3F628444106FB3C5717866A49ABAF9DE10E07985F1999EEB5A2DBD93A5E75AF946DDD3067E00DA6D1399496051748614171F66F869C1B6331DDCC8AE3D922B326CB2FE359B6531939A7F937E96C53A7B9D
1705	1A36812C60FEAAFA95AC9529FF7D49F731089EC1C67F6DB6233C50CB833E7EC67185427236549243640DD6163DE87EA9E8BA80636EE8CA6C770A619DC3DD2A902D46607BAEA1881AC1C2A0036A4A8219C425910CBD50DD33BABD69905D2ECE55084BC30A
1706	8A126453E62B6F3918B77B65FC0D15DC5B4740B4A31AB6252C601DE5BD37825E4078FE837E70DE4F6BF44651AA52EAA1C51AA42D4E0D14987F1265BE009AE083E6CD6F06441FAEE7C3389279694D77BF4208B22DE6B40A760C2DF67216F614D0185D4E89
1707	FEF5AD4CEF5A004BA2BD7F741FA5D5B9874D964D53133B83C0AA2CDE3E9F03DACE359D1BE3090616FED6AB8AFE131C512FA6244AC3C256E78A57E7B484EA1182DCD80F056117CE40BE8E2595447DE6782C5ED0020C8B3346A80928D90963C745AAF98D9D
1708	19558CC0E7D17131ACD388E7C46B70363BA43BB8FFBC749D98F35BEF24AA5230B5F1E9A33D422BFCE73622DD2749
1709	3952B82AD94D965B1215DAF02AE3E63E8EF7B02DBAE2A94EEA91EEDFC8E83CD72B2CADF7BD521BAEE532A7DA4D11C724FB458E05807A1D561E0B4DF02E9EA841E88AE0BB4364D641EA254055310D6ECBA905DA78FA6E3CFA7316044C5D2069A41FB69D63
1710	FC5DFCC1BD73981B6D076DCBC79792E7FEBF7751296BB5C16FDFE653BF8830DDD501C9E4F4316E21F8CEDF969C7B26F121D4D5C2C9961725578E0392628A5C71D8BE76B36DD1B28F41BD013E00161B8D24A5E330C726B4D571F740FB804E35C7F7A9EA3F
1711	6B9D0668BD833A44B7BD88E674D5A84E09DC48397168F9297F18D665B61A5496AFA889B8AFBF242CC5B0E8B3530FE3E0522E0E754323A38DDA4C49B6DB29862814DC317BCB1F4D74AA1EF3D59A85CB517CA6589F1C05AA203803D9FFF51E928BC7E8F406
1712	828EA349B66928C9CFFDB6F34E913A4D162D2FFB1A082D23C78B138D89299A11366CA3878B38A818D8DAEA769D7444B54B7961782F9517631F6CFDD53A423D572BD32211A234400BA64DEF96BFA8086B4F23D18FF203B82AA83A5F03E7527D21D12C6EDA
1713	492E715FD5A4A72F53EDB5D9329714FCF123F5D8027171F38D356C3CBEB7E3B8F7B9D082E2F1E7D29137F61D42BA0F83F48FBA7FFE91587AB5F70DB954C51236D7C044DD8FE20B5DDB3AD513DEF0F4DEFA9580C129B2E63DF4F7CE0EDE65D059B14FD594
1714	DD62B86ED889D40803EEF900ADC8689EB17FD583C82AF90FB9A3F2A6012056CE6BB721B3647D10B413BCAE93577B3A9EF4BAEF5520D337FF7DD5AF0642F7DF0E9C36FE4C3714B3605472780C2FAA78F9D7EFC0E8E43E6B842021283D4BD9CDA1F457163A
1715	9CFE43BD53B1E26722775D8D3A0095114DC51809DFB067814DD20743A0B4E6F9EDC748B04D6F0BD621B0A0779BA0215C245A8641DBD521AF282746DC021078A9B84406FFE1A0704733FC970A50A3FCF9F9CEE8F190FFCCC4EC7DBE3AECC6642EC35168DC
1716	A0552F35E9743193F20D06A70A5F041104B1487993C19895BB51DFF1F9CBF895358F369A76EDD3020A2FA186E2705099A6500AABB4CC95E423B6101B60AD86CAB909669753E2560BB98AA16297A17A6832D12EF15C16E2EF4C16688A9DD9D76D29B774E0
1717	5C0F101542A3B317931203D045EF38B9D5EC53503A282AD9F1EB860DFF2E6F66A3AEAA50111B461CBE8D77E2BB644C150C1B6AB477362B6FC8F6A72D854E64FD84CA7CEE73F5400007A45E3B64AC68CD0B733076B5BFD5AF14BEFE885CA8000218A56735
1718	C95E5D3442E2F74056ADE8302FA53F8CAA1A90C111CB4273F3C75DAB21FD6D5B62557E968066E741B7AA7ED5FEEC5572C56ECAEDFFA8CA3152DA96832222304F99EC59F60524205851C5F06AC9985E34F58AF806D29E68ADEED589F4585EDB17BF8DD6A6
1719	2901288FF9CDC3D3CF6BB09BA13AA0F2422E40C70E2018A23F325A21502C24E938E9F0CAF8D4964BE87CE877442EDF20B4FAB1C9C1A5A290110D9DB4CF2C38ED3DDDF70CDF1B372EDE2E1BFCC181AF9C96C6EBA1E0330E9248E6A4AA40C481AD3BBEA7E4
1720	AECA90756BCC67E7EA5C9D60F92A0668C60113C6819068CABA149015A171040900393DD4DBF7DA3D0ACBAF5651D486B71EFFDAF1EAF56B1BB7FB37D6C1FCBA3935A7592CF5179D8B5377E920A75F9A49C50C9260B0F561B5CC5FFD71899BFE7C4F2B78F9
1721	50A42FA0D3361F9B7C1BFA184EC62E6A2B5B292998783BA8FCBACC950FD7C46D96CFF89611E527002CD9250FFE7ED0F96C52300CD1799E0F48749748AF6CD7C4ED1E4C5632404E59B5BF5D5F0A1C956E618C0487751CA5DAE8A95C214F76ED756694EF27
1722	3679CD2D85CB949DF385BD50491649EFEFDA1574921D7460143D42A100D2C76E55F0BC
1723	0000000000000000000000000000000000000000000000000000000000000000
1724	0000000000000000000000000000000000000000000000000000000000000000
1725	0000000000000000000000000000000000000000000000000000000000000000
1726	0000000000000000000000000000000000000000000000000000000000000000
1727	0000000000000000000000000000000000000000000000000000000000000000
1728	0000000000000000000000000000000000000000000000000000000000000000
1729	0000000000000000000000000000000000000000000000000000000000000000
1730	0000000000000000000000000000000000000000000000000000000000000000
1731	cleartomark
1732	%%EndFont
1733	/f0_1/Helvetica-Bold :mre
1734	/f0_18 f0_1 18 scf
1735	/f0_14 f0_1 14 scf
1736	/f0_12 f0_1 12 scf
1737	/f0_10 f0_1 10 scf
1738	/f0_9 f0_1 9 scf
1739	/f0_7 f0_1 7 scf
1740	/f1_1/Helvetica :mre
1741	/f1_18 f1_1 18 scf
1742	/f1_12 f1_1 12 scf
1743	/f1_9 f1_1 9 scf
1744	/f2_1/Helvetica-Oblique :mre
1745	/f2_10 f2_1 10 scf
1746	/f2_9 f2_1 9 scf
1747	/f3_1/Times-Bold :mre
1748	/f3_18 f3_1 18 scf
1749	/f3_14 f3_1 14 scf
1750	/f3_12 f3_1 12 scf
1751	/f3_10 f3_1 10 scf
1752	/f3_9 f3_1 9 scf
1753	/f4_1/Symbol :bsr
1754	240/apple pd
1755	:esr /f4_10 f4_1 10 scf
1756	/f4_9 f4_1 9 scf
1757	/f5_1 f4_1 def
1758	/f5_10 f5_1 10 scf
1759	/f6_1/Times-Roman :mre
1760	/f6_18 f6_1 18 scf
1761	/f6_14 f6_1 14 scf
1762	/f6_12 f6_1 12 scf
1763	/f6_10 f6_1 10 scf
1764	/f6_9 f6_1 9 scf
1765	/f6_7 f6_1 7 scf
1766	/f7_1/Times-Italic :mre
1767	/f7_10 f7_1 10 scf
1768	/f8_1 f4_1 :mi
1769	/f8_10 f8_1 10 scf
1770	/f9_1 f6_1 1.087 scf
1771	/f9_12 f9_1 12 scf
1772	/f10_1/ZapfDingbats :bsr
1773	128/a89 pd
1774	129/a90 pd
1775	130/a93 pd
1776	131/a94 pd
1777	132/a91 pd
1778	133/a92 pd
1779	134/a205 pd
1780	135/a85 pd
1781	136/a206 pd
1782	137/a86 pd
1783	138/a87 pd
1784	139/a88 pd
1785	140/a95 pd
1786	141/a96 pd
1787	:esr /f10_12 f10_1 12 scf
1788	/f10_2 f10_1 2 scf
1789	/Courier findfont[10 0 0 -10 0 0]:mf setfont
1790	%%EndSetup
1791	%%Page: 1 1
1792	%%BeginPageSetup
1793	initializepage
1794	(hoyt; page: 1 of 40)setjob
1795	%%EndPageSetup
1796	gS 0 0 568 818 rC
1797	57 428 -1 2 555 426 1 57 426 @a
1798	59 473 :M
1799	f0_18 sf
1800	-.042(Information technology \321)A
1801	59 504 :M
1802	(Open Systems Interconnection \321)S
1803	59 535 :M
1804	-.025(The Directory: Authentication Framework)A
1805	59 597 :M
1806	f1_18 sf
1807	(Recommendation X.509)S
1808	59 628 :M
1809	(ISO/IEC 9594-8)S
1810	57 666 -1 2 529 664 1 57 664 @a
1811	endp
1812	%%Page: 2 2
1813	%%BeginPageSetup
1814	initializepage
1815	(hoyt; page: 2 of 40)setjob
1816	%%EndPageSetup
1817	-13 -12 :T
1818	gS 13 12 568 818 rC
1819	54 45 :M
1820	f3_10 sf
1821	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
1822	54 803 :M
1823	-.557(ii)A
1824	90 803 :M
1825	-.017(ITU-T Rec. X.509 $1993 E$)A
1826	54 83 :M
1827	f3_14 sf
1828	( )S
1829	72 83 :M
1830	-.093(Contents)A
1831	90 118 :M
1832	f6_10 sf
1833	-.125(Foreword)A
1834	131 118 :M
1835	(........................................................................................................................................................)S
1836	129 118 :M
1837	( )S
1838	513 118 :M
1839	-.167(iii)A
1840	90 137 :M
1841	-.039(Introduction)A
1842	141 137 :M
1843	(....................................................................................................................................................)S
1844	139 137 :M
1845	( )S
1846	513 137 :M
1847	-.778(iv)A
1848	90 161 :M
1849	f6_12 sf
1850	(S)S
1851	97 161 :M
1852	f6_10 sf
1853	-.107(ECTION )A
1854	f6_12 sf
1855	-.134(1: G)A
1856	157 161 :M
1857	f6_10 sf
1858	-.087(ENERAL)A
1859	515 161 :M
1860	f6_12 sf
1861	(1)S
1862	90 177 :M
1863	f6_10 sf
1864	(1)S
1865	117 177 :M
1866	-.109(Scope)A
1867	143 177 :M
1868	-.003(.....................................................................................................................................................)A
1869	141 177 :M
1870	( )S
1871	516 177 :M
1872	(1)S
1873	90 196 :M
1874	(2)S
1875	117 196 :M
1876	-.017(Normative references)A
1877	206 196 :M
1878	(............................................................................................................................)S
1879	203 196 :M
1880	( )S
1881	516 196 :M
1882	(2)S
1883	90 215 :M
1884	(3)S
1885	117 215 :M
1886	-.049(De\336nitions)A
1887	163 215 :M
1888	-.004(.............................................................................................................................................)A
1889	161 215 :M
1890	( )S
1891	516 215 :M
1892	(3)S
1893	90 234 :M
1894	(4)S
1895	117 234 :M
1896	-.054(Abbreviations)A
1897	176 234 :M
1898	(........................................................................................................................................)S
1899	174 234 :M
1900	( )S
1901	516 234 :M
1902	(4)S
1903	90 253 :M
1904	(5)S
1905	117 253 :M
1906	-.055(Conventions)A
1907	171 253 :M
1908	(..........................................................................................................................................)S
1909	168 253 :M
1910	( )S
1911	516 253 :M
1912	(4)S
1913	90 277 :M
1914	f6_12 sf
1915	(S)S
1916	97 277 :M
1917	f6_10 sf
1918	-.074(ECTION )A
1919	f6_12 sf
1920	-.063(2: S)A
1921	f6_10 sf
1922	-.072(IMPLE )A
1923	f6_12 sf
1924	(A)S
1925	196 277 :M
1926	f6_10 sf
1927	-.006(UTHENTICATION)A
1928	515 277 :M
1929	f6_12 sf
1930	(5)S
1931	90 293 :M
1932	f6_10 sf
1933	(6)S
1934	117 293 :M
1935	-.032(Simple authentication procedure)A
1936	248 293 :M
1937	-.005(...........................................................................................................)A
1938	247 293 :M
1939	( )S
1940	516 293 :M
1941	(5)S
1942	90 317 :M
1943	f6_12 sf
1944	(S)S
1945	97 317 :M
1946	f6_10 sf
1947	-.064(ECTION )A
1948	f6_12 sf
1949	-.055(3: S)A
1950	f6_10 sf
1951	-.085(TRONG )A
1952	192 317 :M
1953	f6_12 sf
1954	-.071(A)A
1955	f6_10 sf
1956	-.055(UTHENTICATION)A
1957	515 317 :M
1958	f6_12 sf
1959	(8)S
1960	90 333 :M
1961	f6_10 sf
1962	(7)S
1963	117 333 :M
1964	-.005(Basis of strong authentication)A
1965	238 333 :M
1966	-.005(...............................................................................................................)A
1967	236 333 :M
1968	( )S
1969	516 333 :M
1970	(8)S
1971	90 352 :M
1972	(8)S
1973	117 352 :M
1974	-.026(Obtaining a user\325s public key)A
1975	236 352 :M
1976	(................................................................................................................)S
1977	235 352 :M
1978	( )S
1979	516 352 :M
1980	(8)S
1981	90 371 :M
1982	(9)S
1983	117 371 :M
1984	-.048(Digital signatures)A
1985	191 371 :M
1986	(................................................................................................................................)S
1987	188 371 :M
1988	( )S
1989	511 371 :M
1990	(13)S
1991	90 390 :M
1992	(10)S
1993	117 390 :M
1994	-.005(Strong authentication procedures)A
1995	251 390 :M
1996	(........................................................................................................)S
1997	249 390 :M
1998	( )S
1999	511 390 :M
2000	(14)S
2001	90 409 :M
2002	(11)S
2003	117 409 :M
2004	-.018(Management of keys and certi\336cates)A
2005	266 409 :M
2006	(..................................................................................................)S
2007	264 409 :M
2008	( )S
2009	511 409 :M
2010	(17)S
2011	90 428 :M
2012	-.016(Annex A \321 Authentication Framework in ASN.1)A
2013	291 428 :M
2014	(........................................................................................)S
2015	290 428 :M
2016	( )S
2017	511 428 :M
2018	(19)S
2019	90 447 :M
2020	-.028(Annex B \321 Security requirements)A
2021	231 447 :M
2022	(................................................................................................................)S
2023	229 447 :M
2024	( )S
2025	511 447 :M
2026	(22)S
2027	90 466 :M
2028	-.019(Annex C \321 An introduction to public key cryptography)A
2029	316 466 :M
2030	(..............................................................................)S
2031	315 466 :M
2032	( )S
2033	511 466 :M
2034	(25)S
2035	90 485 :M
2036	-.003(Annex D \321 The RSA Public Key Cryptosystem)A
2037	286 485 :M
2038	(..........................................................................................)S
2039	284 485 :M
2040	( )S
2041	511 485 :M
2042	(27)S
2043	90 504 :M
2044	-.023(Annex E \321 Hash functions)A
2045	203 504 :M
2046	-.004(...........................................................................................................................)A
2047	201 504 :M
2048	( )S
2049	511 504 :M
2050	(30)S
2051	90 523 :M
2052	-.008(Annex F \321 Threats protected against by the strong authentication method)A
2053	388 523 :M
2054	-.01(.................................................)A
2055	387 523 :M
2056	( )S
2057	511 523 :M
2058	(31)S
2059	90 542 :M
2060	-.002(Annex G \321 Data confidentiality)A
2061	223 542 :M
2062	-.004(...................................................................................................................)A
2063	221 542 :M
2064	( )S
2065	511 542 :M
2066	(32)S
2067	90 561 :M
2068	-.007(Annex H \321 Reference definition of algorithm object identifiers)A
2069	346 561 :M
2070	(..................................................................)S
2071	345 561 :M
2072	( )S
2073	511 561 :M
2074	(33)S
2075	90 580 :M
2076	-.028(Annex J \321 Amendments & corrigenda)A
2077	248 580 :M
2078	-.005(.........................................................................................................)A
2079	247 580 :M
2080	( )S
2081	511 580 :M
2082	(34)S
2083	endp
2084	%%Page: 3 3
2085	%%BeginPageSetup
2086	initializepage
2087	(hoyt; page: 3 of 40)setjob
2088	%%EndPageSetup
2089	-13 -12 :T
2090	gS 13 12 568 818 rC
2091	427 45 :M
2092	f3_10 sf
2093	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
2094	390 803 :M
2095	-.017(ITU-T Rec. X.509 $1993 E$)A
2096	533 803 :M
2097	-.167(iii)A
2098	72 95 :M
2099	f3_14 sf
2100	-.012(Foreword)A
2101	72 114 :M
2102	f6_10 sf
2103	.489 .049(ISO $the International Organization for Standardization$ and IEC $the International Electrotechnical Commission$)J
2104	72 125 :M
2105	1.354 .135(form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC)J
2106	72 136 :M
2107	.055 .005(participate in the development of International Standards through technical committees established by the respective)J
2108	72 147 :M
2109	.717 .072(organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in)J
2110	72 158 :M
2111	.043 .004(fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO)J
2112	72 169 :M
2113	-.025(and IEC, also take part in the work.)A
2114	72 192 :M
2115	.464 .046(In the field of information technology ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.)J
2116	72 203 :M
2117	.376 .038(Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting.)J
2118	72 214 :M
2119	-.007(Publication as an International Standard requires approval by at least 75% of the national bodies casting a vote.)A
2120	72 237 :M
2121	.706 .071(International Standard ISO/IEC 9594-8 was prepared by Joint Technical committee ISO/IEC JTC 1, )J
2122	492 237 :M
2123	f7_10 sf
2124	-.077(Information)A
2125	72 248 :M
2126	-.097(technology)A
2127	116 248 :M
2128	f6_10 sf
2129	.101 .01(, Subcommittee SC21, )J
2130	210 248 :M
2131	f7_10 sf
2132	.135 .014(Information retrieval, transfer and management for open systems interconnection)J
2133	72 259 :M
2134	($OSI$)S
2135	f6_10 sf
2136	-.008(, in collaboration with ITU-T. The identical text is published as ITU-T Recommendation X.509.)A
2137	72 282 :M
2138	1.164 .116(This second edition technically revises and enhances, but does not replace, the first edition of ISO/IEC 9594.)J
2139	72 293 :M
2140	-.003(Implementations may still claim conformance to the first edition.)A
2141	72 316 :M
2142	-.008(This second edition of ISO/IEC 9594 specifies version 1 of the Directory service and protocols. The first edition also)A
2143	72 327 :M
2144	1.063 .106(specifies version 1. Differences between the service and between the protocols defined in the two editions are)J
2145	72 338 :M
2146	-.012(accommodated using the rules of extensibility defined in part 5 of this edition.)A
2147	72 361 :M
2148	1.147 .115(ISO/IEC 9594 consists of the following parts, under the general title )J
2149	369 361 :M
2150	f7_10 sf
2151	.956 .096(Information technology \321 Open systems)J
2152	72 372 :M
2153	-.019(Interconnection \321 The Directory)A
2154	206 372 :M
2155	f6_10 sf
2156	(:)S
2157	108 389 :M
2158	f7_10 sf
2159	-.012(\321 Part 1: Overview of concepts, models, and services)A
2160	108 406 :M
2161	-.062(\321 Part 2: Models)A
2162	108 423 :M
2163	(\321 Part 3: Abstract service definition)S
2164	108 440 :M
2165	-.021(\321 Part 4: Procedures for distributed operation)A
2166	108 457 :M
2167	-.03(\321 Part 5: Protocol specifications)A
2168	108 474 :M
2169	-.024(\321 Part 6: Selected attribute types)A
2170	108 491 :M
2171	-.017(\321 Part 7: Selected object classes)A
2172	108 508 :M
2173	-.006(\321 Part 8: Authentication framework)A
2174	108 525 :M
2175	-.03(\321 Part 9: Replication)A
2176	endp
2177	%%Page: 4 4
2178	%%BeginPageSetup
2179	initializepage
2180	(hoyt; page: 4 of 40)setjob
2181	%%EndPageSetup
2182	-13 -12 :T
2183	gS 13 12 568 818 rC
2184	54 45 :M
2185	f3_10 sf
2186	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
2187	54 803 :M
2188	-.778(iv)A
2189	90 803 :M
2190	-.017(ITU-T Rec. X.509 $1993 E$)A
2191	54 95 :M
2192	f3_14 sf
2193	-.019(Introduction)A
2194	54 114 :M
2195	f6_10 sf
2196	.161 .016(This Recommendation \| International Standard, together with other Recommendations \| International Standards, has)J
2197	54 125 :M
2198	-.01(been produced to facilitate the interconnection of information processing systems to provide directory services. A set)A
2199	54 136 :M
2200	.673 .067(of such systems, together with the directory information which they hold, can be viewed as an integrated whole,)J
2201	54 147 :M
2202	(called the )S
2203	f7_10 sf
2204	(Directory)S
2205	135 147 :M
2206	f6_10 sf
2207	.365 .036(. The information held by the Directory, collectively known as the Directory Information Base)J
2208	54 158 :M
2209	.89 .089($DIB$, is typically used to facilitate communication between, with or about objects such as application-entities,)J
2210	54 169 :M
2211	-.013(people, terminals and distribution lists.)A
2212	54 192 :M
2213	.265 .026(The Directory plays a significant role in Open Systems Interconnection, whose aim is to allow, with a minimum of)J
2214	54 203 :M
2215	1.644 .164(technical agreement outside of the interconnection standards themselves, the interconnection of information)J
2216	54 214 :M
2217	-.039(processing systems:)A
2218	72 231 :M
2219	-.5(\321 )A
2220	90 231 :M
2221	-.029(from different manufacturers;)A
2222	72 248 :M
2223	(\321)S
2224	90 248 :M
2225	-.035(under different managements;)A
2226	72 265 :M
2227	(\321)S
2228	90 265 :M
2229	-.003(of different levels of complexity; and)A
2230	72 282 :M
2231	(\321)S
2232	90 282 :M
2233	(of different ages.)S
2234	54 305 :M
2235	.607 .061(Many applications have requirements for security to protect against threats to the communication of information.)J
2236	54 316 :M
2237	.843 .084(Some commonly known threats, together with the security services and mechanisms that can be used to protect)J
2238	54 327 :M
2239	.458 .046(against them, are brie\337y described in Annex B. Virtually all security services are dependent upon the identities of)J
2240	54 338 :M
2241	-.013(the communicating parties being reliably known, i.e., authentication.)A
2242	54 361 :M
2243	.361 .036(This Recommendation \| International Standard defines a framework for the provision of authentication services by)J
2244	54 372 :M
2245	.572 .057(the Directory to its users. These users include the Directory itself, as well as other applications and services. The)J
2246	54 383 :M
2247	.125 .013(Directory can usefully be involved in meeting their needs for authentication and other security services because it is)J
2248	54 394 :M
2249	-.003(a natural place from which communicating parties can obtain authentication information of each other \321 knowledge)A
2250	54 405 :M
2251	.671 .067(which is the basis of authentication. The Directory is a natural place because it holds other information which is)J
2252	54 416 :M
2253	1.522 .152(required for communication and obtained prior to communication taking place. Obtaining the authentication)J
2254	54 427 :M
2255	.302 .03(information of a potential communication partner from the Directory is, with this approach, similar to obtaining an)J
2256	54 438 :M
2257	2.075 .208(address. Owing to the wide reach of the Directory for communications purposes, it is expected that this)J
2258	54 449 :M
2259	-.012(authentication framework will be widely used by a range of applications.)A
2260	54 472 :M
2261	-.006(This second edition technically revises and enhances, but does not replace, the first edition of this Recommendation \|)A
2262	54 483 :M
2263	-.004(International Standard. Implementations may still claim conformance to the first edition.)A
2264	54 506 :M
2265	.018 .002(This second edition specifies version 1 of the Directory service and protocols. The first edition also specifies version)J
2266	54 517 :M
2267	.256 .026(1. Differences between the services and between the protocols defined in the two editions are accommodated using)J
2268	54 528 :M
2269	-.003(the rules of extensibility defined in this edition of X.519 \| ISO/IEC 9594-5.)A
2270	54 551 :M
2271	.575 .058(Annex A, which is an integral part of this Recommendation \| International Standard, provides the ASN.1 module)J
2272	54 562 :M
2273	-.002(which contains all of the definitions associated with the authentication framework.)A
2274	54 585 :M
2275	1.607 .161(Annex B, which is not an integral part of this Recommendation \| International Standard, describes security)J
2276	54 596 :M
2277	-.058(requirements.)A
2278	54 619 :M
2279	.155 .015(Annex C, which is not an integral part of this Recommendation \| International Standard, is an introduction to public)J
2280	54 630 :M
2281	-.047(key cryptography.)A
2282	54 653 :M
2283	.351 .035(Annex D, which is not an integral part of this Recommendation \| International Standard, describes the RSA Public)J
2284	54 664 :M
2285	-.013(Key Cryptosystem.)A
2286	54 687 :M
2287	-.003(Annex E, which is not an integral part of this Recommendation \| International Standard, describes hash functions.)A
2288	54 710 :M
2289	.27 .027(Annex F, which is not an integral part of this Recommendation \| International Standard, describes threats protected)J
2290	54 721 :M
2291	-.004(against by the strong authentication method.)A
2292	54 744 :M
2293	2.208 .221(Annex G, which is not an integral part of this Recommendation \| International Standard, describes data)J
2294	54 755 :M
2295	-.054(confidentiality.)A
2296	endp
2297	%%Page: 5 5
2298	%%BeginPageSetup
2299	initializepage
2300	(hoyt; page: 5 of 40)setjob
2301	%%EndPageSetup
2302	-13 -12 :T
2303	gS 13 12 568 818 rC
2304	427 45 :M
2305	f3_10 sf
2306	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
2307	390 803 :M
2308	-.017(ITU-T Rec. X.509 $1993 E$)A
2309	536 803 :M
2310	(v)S
2311	72 81 :M
2312	f6_10 sf
2313	1.089 .109(Annex H, which is an integral part of this Recommendation \| International Standard, defines object identifiers)J
2314	72 92 :M
2315	-.01(assigned to authentication and encryption algorithms, in the absence of a formal register.)A
2316	72 115 :M
2317	.509 .051(Annex J, which is not an integral part of this Recommendation \| International Standard, lists the amendments and)J
2318	72 126 :M
2319	-.007(defect reports that have been incorporated to form this edition of this Recommendation \| International Standard.)A
2320	endp
2321	%%Page: 6 6
2322	%%BeginPageSetup
2323	initializepage
2324	(hoyt; page: 6 of 40)setjob
2325	%%EndPageSetup
2326	-13 -12 :T
2327	gS 13 12 568 818 rC
2328	297 420 :M
2329	f9_12 sf
2330	.739 .074( )J
2331	endp
2332	%%Page: 7 7
2333	%%BeginPageSetup
2334	initializepage
2335	(hoyt; page: 7 of 40)setjob
2336	%%EndPageSetup
2337	-13 -12 :T
2338	gS 13 12 568 818 rC
2339	427 45 :M
2340	f3_10 sf
2341	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
2342	390 803 :M
2343	-.017(ITU-T Rec. X.509 $1993 E$)A
2344	536 803 :M
2345	(1)S
2346	72 81 :M
2347	-.028(INTERNATIONAL STANDARD)A
2348	72 104 :M
2349	-.049(ITU-T RECOMMENDATION)A
2350	75 155 :M
2351	f3_18 sf
2352	-.043(Information technology)A
2353	f3_14 sf
2354	( )S
2355	260 155 :M
2356	f3_18 sf
2357	-.101(\321)A
2358	f3_14 sf
2359	( )S
2360	f3_18 sf
2361	-.049(Open Systems Interconnection)A
2362	516 155 :M
2363	f6_10 sf
2364	( )S
2365	519 155 :M
2366	f3_18 sf
2367	(\321)S
2368	141 174 :M
2369	-.009(The Directory: Authentication Framework)A
2370	230 229 :M
2371	f6_18 sf
2372	-.127(S)A
2373	f6_14 sf
2374	-.116(ECTION )A
2375	295 229 :M
2376	f6_18 sf
2377	-.064(1: G)A
2378	f6_14 sf
2379	-.089(ENERAL)A
2380	72 275 :M
2381	f3_14 sf
2382	(1)S
2383	94 275 :M
2384	-.248(Scope)A
2385	72 294 :M
2386	f6_10 sf
2387	-.016(This Recommendation \| International Standard:)A
2388	90 311 :M
2389	(\321)S
2390	108 311 :M
2391	-.004(speci\336es the form of authentication information held by the Directory;)A
2392	90 328 :M
2393	(\321)S
2394	108 328 :M
2395	-.008(describes how authentication information may be obtained from the Directory;)A
2396	90 345 :M
2397	(\321)S
2398	108 345 :M
2399	-.009(states the assumptions made about how authentication information is formed and placed in the Directory;)A
2400	90 362 :M
2401	(\321)S
2402	108 362 :M
2403	.156 .016(de\336nes three ways in which applications may use this authentication information to perform authentication)J
2404	108 373 :M
2405	-.006(and describes how other security services may be supported by authentication.)A
2406	72 390 :M
2407	.097 .01(This Recommendation \| International Standard describes two levels of authentication: simple authentication, using a)J
2408	72 401 :M
2409	1.421 .142(password as a verification of claimed identity; and strong authentication, involving credentials formed using)J
2410	72 412 :M
2411	.411 .041(cryptographic techniques. While simple authentication offers some limited protection against unauthorized access,)J
2412	72 423 :M
2413	.476 .048(only strong authentication should be used as the basis for providing secure services. It is not intended to establish)J
2414	72 434 :M
2415	.654 .065(this as a general framework for authentication, but it can be of general use for applications which consider these)J
2416	72 445 :M
2417	-.015(techniques adequate.)A
2418	72 468 :M
2419	-.007(Authentication $and other security services$ can only be provided within the context of a de\336ned security policy. It is)A
2420	72 479 :M
2421	.635 .064(a matter for users of an application to de\336ne their own security policy which may be constrained by the services)J
2422	72 490 :M
2423	-.039(provided by a standard.)A
2424	72 513 :M
2425	.741 .074(It is a matter for standards de\336ning applications which )J
2426	f7_10 sf
2427	.327(use)A
2428	318 513 :M
2429	f6_10 sf
2430	.704 .07( the authentication framework to specify the protocol)J
2431	72 524 :M
2432	.115 .012(exchanges which need to be performed in order to achieve authentication based upon the authentication information)J
2433	72 535 :M
2434	1.103 .11(obtained from the Directory. The protocol used by applications to obtain credentials from the Directory is the)J
2435	72 546 :M
2436	-.01(Directory Access Protocol $DAP$, speci\336ed in ITU-T Recomendation X.519 \| ISO/IEC\3129594-5.)A
2437	72 569 :M
2438	.38 .038(The strong authentication method speci\336ed in this Recommendation \| International Standard is based upon public)J
2439	536 569 :M
2440	(-)S
2441	72 580 :M
2442	.072 .007(key cryptosystems. It is a major advantage of such systems that user certificates may be held within the Directory as)J
2443	72 591 :M
2444	.354 .035(attributes, and may be freely communicated within the Directory System and obtained by users of the Directory in)J
2445	72 602 :M
2446	-.007(the same manner as other Directory information. The user certificates are assumed to be formed by \322off-line\323 means,)A
2447	72 613 :M
2448	1.112 .111(and placed in the Directory by their creator. The generation of user certificates is performed by some off-line)J
2449	72 624 :M
2450	1.103 .11(Certification Authority which is completely separate from the DSAs in the Directory. In particular, no special)J
2451	72 635 :M
2452	-.002(requirements are placed upon Directory providers to store or communicate user certificates in a secure manner.)A
2453	72 658 :M
2454	-.008(A brief introduction to public-key cryptography can be found in Annex C.)A
2455	72 681 :M
2456	1.258 .126(In general, the authentication framework is not dependent on the use of a particular cryptographic algorithm,)J
2457	72 692 :M
2458	.223 .022(provided it has the properties described in 7.1. Potentially a number of different algorithms may be used. However,)J
2459	72 703 :M
2460	.114 .011(two users wishing to authenticate shall support the same cryptographic algorithm for authentication to be performed)J
2461	72 714 :M
2462	.763 .076(correctly. Thus, within the context of a set of related applications, the choice of a single algorithm will serve to)J
2463	72 725 :M
2464	.805 .081(maximize the community of users able to authenticate and communicate securely. One example of a public key)J
2465	72 736 :M
2466	-.015(cryptographic algorithm can be found in Annex D.)A
2467	72 759 :M
2468	1.261 .126(Similarly, two users wishing to authenticate shall support the same hash function $see 3.3f$ \(used in forming)J
2469	72 770 :M
2470	.26 .026(credentials and authentication tokens\). Again, in principle, a number of alternative hash functions could be used, at)J
2471	endp
2472	%%Page: 8 8
2473	%%BeginPageSetup
2474	initializepage
2475	(hoyt; page: 8 of 40)setjob
2476	%%EndPageSetup
2477	-13 -12 :T
2478	gS 13 12 568 818 rC
2479	54 45 :M
2480	f3_10 sf
2481	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
2482	54 803 :M
2483	(2)S
2484	90 803 :M
2485	-.017(ITU-T Rec. X.509 $1993 E$)A
2486	54 81 :M
2487	f6_10 sf
2488	.5 .05(the cost of narrowing the communities of users able to authenticate. A brief introduction to hash functions can be)J
2489	54 92 :M
2490	-.055(found in Annex E.)A
2491	54 129 :M
2492	f3_14 sf
2493	(2)S
2494	76 129 :M
2495	-.033(Normative references)A
2496	54 148 :M
2497	f6_10 sf
2498	.643 .064(The following Recommendations and International Standards contain provisions which, through reference in this)J
2499	54 159 :M
2500	.895 .09(text, constitute provisions of this Recommendation \| International Standard part. At the time of publication, the)J
2501	54 170 :M
2502	.03 .003(editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements)J
2503	54 181 :M
2504	.163 .016(based on this Recommendation \| International Standard are encouraged to investigate the possibility of applying the)J
2505	54 192 :M
2506	1.143 .114(most recent editions of the Recommendations and Standards listed below. Members of IEC and ISO maintain)J
2507	54 203 :M
2508	.937 .094(registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU)J
2509	54 214 :M
2510	-.008(maintains a list of currently valid ITU-T Recommendations.)A
2511	54 238 :M
2512	f3_12 sf
2513	(2.1)S
2514	81 238 :M
2515	-.005(Identical Recommendations \| International Standards)A
2516	72 256 :M
2517	f6_10 sf
2518	(\321)S
2519	90 256 :M
2520	.389 .039(ITU-T Recommendation X.500 $1993$ \| ISO/IEC 9594-1:1993, )J
2521	352 256 :M
2522	f7_10 sf
2523	.313 .031(Information Technology \321 Open Systems)J
2524	90 267 :M
2525	-.013(Interconnection \321 The Directory: Overview of Concepts, Models and Services)A
2526	f6_10 sf
2527	(.)S
2528	72 284 :M
2529	(\321)S
2530	90 284 :M
2531	.389 .039(ITU-T Recommendation X.501 $1993$ \| ISO/IEC 9594-2:1993, )J
2532	352 284 :M
2533	f7_10 sf
2534	.313 .031(Information Technology \321 Open Systems)J
2535	90 295 :M
2536	-.021(Interconnection \321The Directory: Models)A
2537	f6_10 sf
2538	(.)S
2539	72 312 :M
2540	(\321)S
2541	90 312 :M
2542	.389 .039(ITU-T Recommendation X.511 $1993$ \| ISO/IEC 9594-3:1993, )J
2543	352 312 :M
2544	f7_10 sf
2545	.313 .031(Information Technology \321 Open Systems)J
2546	90 323 :M
2547	-.004(Interconnection \321The Directory: Abstract Service Definition.)A
2548	72 340 :M
2549	f6_10 sf
2550	(\321)S
2551	90 340 :M
2552	.389 .039(ITU-T Recommendation X.518 $1993$ \| ISO/IEC 9594-4:1993, )J
2553	352 340 :M
2554	f7_10 sf
2555	.313 .031(Information Technology \321 Open Systems)J
2556	90 351 :M
2557	-.004(Interconnection \321The Directory: Procedures for Distributed Operation.)A
2558	72 368 :M
2559	f6_10 sf
2560	(\321)S
2561	90 368 :M
2562	.389 .039(ITU-T Recommendation X.519 $1993$ \| ISO/IEC 9594-5:1993, )J
2563	352 368 :M
2564	f7_10 sf
2565	.313 .031(Information Technology \321 Open Systems)J
2566	90 379 :M
2567	-.018(Interconnection \321The Directory: Protocol Specifications.)A
2568	72 396 :M
2569	f6_10 sf
2570	(\321)S
2571	90 396 :M
2572	.389 .039(ITU-T Recommendation X.520 $1993$ \| ISO/IEC 9594-6:1993, )J
2573	352 396 :M
2574	f7_10 sf
2575	.313 .031(Information Technology \321 Open Systems)J
2576	90 407 :M
2577	-.01(Interconnection \321The Directory: Selected Attribute Types.)A
2578	72 424 :M
2579	f6_10 sf
2580	(\321)S
2581	90 424 :M
2582	.389 .039(ITU-T Recommendation X.521 $1993$ \| ISO/IEC 9594-7:1993, )J
2583	352 424 :M
2584	f7_10 sf
2585	.313 .031(Information Technology \321 Open Systems)J
2586	90 435 :M
2587	-.016(Interconnection \321The Directory: Selected Object Classes.)A
2588	72 452 :M
2589	f6_10 sf
2590	(\321)S
2591	90 452 :M
2592	.389 .039(ITU-T Recommendation X.525 $1993$ \| ISO/IEC 9594-9:1993, )J
2593	352 452 :M
2594	f7_10 sf
2595	.313 .031(Information Technology \321 Open Systems)J
2596	90 463 :M
2597	-.011(Interconnection \321 The Directory: Replication)A
2598	72 480 :M
2599	f6_10 sf
2600	(\321)S
2601	90 480 :M
2602	.389 .039(ITU-T Recommendation X.680 $1994$ \| ISO/IEC 8824-1:1994, )J
2603	352 480 :M
2604	f7_10 sf
2605	.313 .031(Information Technology \321 Open Systems)J
2606	90 491 :M
2607	-.007(Interconnection \321 Abstract Syntax Notation One $ASN.1$: Specification of basic notation.)A
2608	72 508 :M
2609	f6_10 sf
2610	(\321)S
2611	90 508 :M
2612	.389 .039(ITU-T Recommendation X.681 $1994$ \| ISO/IEC 8824-2:1994, )J
2613	352 508 :M
2614	f7_10 sf
2615	.313 .031(Information Technology \321 Open Systems)J
2616	90 519 :M
2617	-.011(Interconnection \321 Abstract Syntax Notation One $ASN.1$: Information object specification.)A
2618	72 536 :M
2619	f6_10 sf
2620	(\321)S
2621	90 536 :M
2622	.389 .039(ITU-T Recommendation X.682 $1994$ \| ISO/IEC 8824-3:1994, )J
2623	352 536 :M
2624	f7_10 sf
2625	.313 .031(Information Technology \321 Open Systems)J
2626	90 547 :M
2627	(Interconnection \321 Abstract Syntax Notation One $ASN.1$: Constraint specification.)S
2628	72 564 :M
2629	f6_10 sf
2630	(\321)S
2631	90 564 :M
2632	.389 .039(ITU-T Recommendation X.683 $1994$ \| ISO/IEC 8824-4:1994, )J
2633	352 564 :M
2634	f7_10 sf
2635	.313 .031(Information Technology \321 Open Systems)J
2636	90 575 :M
2637	-.002(Interconnection \321 Abstract Syntax Notation One $ASN.1$: Parameterization of ASN.1 specifications.)A
2638	72 592 :M
2639	f6_10 sf
2640	(\321)S
2641	90 592 :M
2642	.389 .039(ITU-T Recommendation X.690 $1994$ \| ISO/IEC 8825-1:1994, )J
2643	352 592 :M
2644	f7_10 sf
2645	.313 .031(Information Technology \321 Open Systems)J
2646	90 603 :M
2647	.395 .04(Interconnection \321 Specification of ASN.1 encoding rules: Basic, Canonical, and Distinguished Encoding)J
2648	90 614 :M
2649	-.143(Rules.)A
2650	72 631 :M
2651	f6_10 sf
2652	(\321)S
2653	90 631 :M
2654	-.019(ITU-T Recommendation X.880 $1994$ \| ISO/IEC 13712-1:1994, )A
2655	351 631 :M
2656	f7_10 sf
2657	(Information technology \321 Remote)S
2658	90 642 :M
2659	-.008(Operations: Concepts, model and notation.)A
2660	72 659 :M
2661	f6_10 sf
2662	(\321)S
2663	90 659 :M
2664	-.001(ITU-T Recommendation X.881 $1994$ \| ISO/IEC 13712-2:1994, )A
2665	f7_10 sf
2666	(Information technology \321 Remote)S
2667	90 670 :M
2668	-.007(Operations: OSI Realizations \321 Remote Operations Service Element $ROSE$ service definition.)A
2669	54 688 :M
2670	f3_12 sf
2671	(2.2)S
2672	81 688 :M
2673	-.003(Paired Recommendations \| International Standards equivalent in technical content)A
2674	72 706 :M
2675	f6_10 sf
2676	(\321)S
2677	90 706 :M
2678	-.003(CCITT Recommendation X.800 $1991$, )A
2679	f7_10 sf
2680	-.003(Security Architecture for Open Systems Interconnection for CCITT)A
2681	90 717 :M
2682	-.05(Applications)A
2683	141 717 :M
2684	f6_10 sf
2685	(.)S
2686	72 734 :M
2687	(\321)S
2688	90 734 :M
2689	.646 .065(ISO 7498-2:1987, )J
2690	f7_10 sf
2691	.653 .065(Information Processing Systems \321 Open Systems Interconnection \321 Basic Reference)J
2692	90 745 :M
2693	-.022(Model \321 Part 2: Security Architecture)A
2694	246 745 :M
2695	f6_10 sf
2696	(.)S
2697	endp
2698	%%Page: 9 9
2699	%%BeginPageSetup
2700	initializepage
2701	(hoyt; page: 9 of 40)setjob
2702	%%EndPageSetup
2703	-13 -12 :T
2704	gS 13 12 568 818 rC
2705	427 45 :M
2706	f3_10 sf
2707	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
2708	390 803 :M
2709	-.017(ITU-T Rec. X.509 $1993 E$)A
2710	536 803 :M
2711	(3)S
2712	72 83 :M
2713	f3_14 sf
2714	(3)S
2715	94 83 :M
2716	-.061(De\336nitions)A
2717	72 102 :M
2718	f6_10 sf
2719	-0(For the purposes of this CCITT Recommendation \| International Standard, the following definitions apply.)A
2720	72 120 :M
2721	f3_12 sf
2722	(3.1)S
2723	99 120 :M
2724	-.017(OSI Reference Model security architecture definitions)A
2725	72 138 :M
2726	f6_10 sf
2727	-.007(The following terms are de\336ned in CCITT Rec. X.800 \| ISO\3127498-2:)A
2728	90 155 :M
2729	-.766(a\))A
2730	108 155 :M
2731	f7_10 sf
2732	-.028(asymmetric $encipherment$)A
2733	218 155 :M
2734	f6_10 sf
2735	(;)S
2736	90 172 :M
2737	-.328(b\))A
2738	108 172 :M
2739	f7_10 sf
2740	-.034(authentication exchange)A
2741	f6_10 sf
2742	(;)S
2743	90 189 :M
2744	-.766(c\))A
2745	108 189 :M
2746	f7_10 sf
2747	-.048(authentication information)A
2748	f6_10 sf
2749	(;)S
2750	90 206 :M
2751	-.328(d\))A
2752	108 206 :M
2753	f7_10 sf
2754	-.055(confidentiality)A
2755	166 206 :M
2756	f6_10 sf
2757	(;)S
2758	90 223 :M
2759	-.766(e\))A
2760	108 223 :M
2761	f7_10 sf
2762	-.103(credentials)A
2763	f6_10 sf
2764	(;)S
2765	90 240 :M
2766	-.655(f\))A
2767	108 240 :M
2768	f7_10 sf
2769	-.079(cryptography)A
2770	162 240 :M
2771	f6_10 sf
2772	-.278( ;)A
2773	90 257 :M
2774	-.328(g\))A
2775	108 257 :M
2776	f7_10 sf
2777	-.04(data origin authentication)A
2778	213 257 :M
2779	f6_10 sf
2780	(;)S
2781	90 274 :M
2782	-.328(h\))A
2783	108 274 :M
2784	f7_10 sf
2785	-.053(decipherment)A
2786	f6_10 sf
2787	-.062( ;)A
2788	90 291 :M
2789	-.106(i\))A
2790	108 291 :M
2791	f7_10 sf
2792	-.053(encipherment)A
2793	f6_10 sf
2794	-.062( ;)A
2795	90 308 :M
2796	-.106(j\))A
2797	108 308 :M
2798	f7_10 sf
2799	-.142(key)A
2800	f6_10 sf
2801	-.169( ;)A
2802	90 325 :M
2803	-.328(k\))A
2804	108 325 :M
2805	f7_10 sf
2806	-.068(password)A
2807	f6_10 sf
2808	-.074( ;)A
2809	90 342 :M
2810	-.106(l\))A
2811	108 342 :M
2812	f7_10 sf
2813	-.023(peer-entity authentication)A
2814	212 342 :M
2815	f6_10 sf
2816	-.278( ;)A
2817	90 359 :M
2818	-.106(m\))A
2819	108 359 :M
2820	f7_10 sf
2821	-.026(symmetric $encipherment$)A
2822	f6_10 sf
2823	(.)S
2824	72 383 :M
2825	f3_12 sf
2826	(3.2)S
2827	99 383 :M
2828	-.024(Directory model definitions)A
2829	72 401 :M
2830	f6_10 sf
2831	-.006(The following terms are de\336ned in ITU-T Recommendation X.501 \| ISO/IEC\3129594-2:)A
2832	90 418 :M
2833	-.766(a\))A
2834	108 418 :M
2835	f7_10 sf
2836	-.069(attribute)A
2837	f6_10 sf
2838	-.096( ;)A
2839	90 435 :M
2840	-.328(b\))A
2841	108 435 :M
2842	f7_10 sf
2843	-.013(Directory Information Base)A
2844	f6_10 sf
2845	( ;)S
2846	90 452 :M
2847	-.766(c\))A
2848	108 452 :M
2849	f7_10 sf
2850	-.039(Directory Information Tree)A
2851	218 452 :M
2852	f6_10 sf
2853	-.278( ;)A
2854	90 469 :M
2855	-.328(d\))A
2856	108 469 :M
2857	f7_10 sf
2858	-.046(Directory System Agent)A
2859	203 469 :M
2860	f6_10 sf
2861	(;)S
2862	90 486 :M
2863	-.766(e\))A
2864	108 486 :M
2865	f7_10 sf
2866	-.033(Directory User Agent)A
2867	195 486 :M
2868	f6_10 sf
2869	(;)S
2870	90 503 :M
2871	-.655(f\))A
2872	108 503 :M
2873	f7_10 sf
2874	-.04(distinguished name)A
2875	f6_10 sf
2876	( ;)S
2877	90 520 :M
2878	-.328(g\))A
2879	108 520 :M
2880	f7_10 sf
2881	-.136(entry)A
2882	129 520 :M
2883	f6_10 sf
2884	-.278( ;)A
2885	90 537 :M
2886	-.328(h\))A
2887	108 537 :M
2888	f7_10 sf
2889	-.098(object)A
2890	f6_10 sf
2891	-.126( ;)A
2892	90 554 :M
2893	-.106(i\))A
2894	108 554 :M
2895	f7_10 sf
2896	-.223(root)A
2897	125 554 :M
2898	f6_10 sf
2899	( .)S
2900	72 578 :M
2901	f3_12 sf
2902	(3.3)S
2903	99 578 :M
2904	-.027(Authentication framework definitions)A
2905	72 596 :M
2906	f6_10 sf
2907	-.013(The following terms are defined in this Recommendation \| International Standard:)A
2908	90 613 :M
2909	f7_10 sf
2910	-.328(a\))A
2911	108 613 :M
2912	.056 .006(authentication token $token$)J
2913	222 613 :M
2914	f6_10 sf
2915	.169 .017(: Information conveyed during a strong authentication exchange, which can be)J
2916	108 624 :M
2917	-.024(used to authenticate its sender;)A
2918	90 641 :M
2919	f7_10 sf
2920	-.328(b\))A
2921	108 641 :M
2922	.336 .034(user certificate $certi\336cate$)J
2923	220 641 :M
2924	f6_10 sf
2925	.784 .078( : The public keys of a user, together with some other information, rendered)J
2926	108 652 :M
2927	(unforgeable by encipherment with the private key of the certi\336cation authority which issued it;)S
2928	90 669 :M
2929	f7_10 sf
2930	-.766(c\))A
2931	108 669 :M
2932	2.715 .271(certi\336cation authority)J
2933	f6_10 sf
2934	1.387 .139( : An authority trusted by one or more users to create and assign certificates.)J
2935	108 680 :M
2936	-.014(Optionally the certfication authority may create the users\325 keys;)A
2937	90 697 :M
2938	f7_10 sf
2939	-.328(d\))A
2940	108 697 :M
2941	-.037(certi\336cation path)A
2942	177 697 :M
2943	f6_10 sf
2944	.008 .001( : An ordered sequence of certi\336cates of objects in the DIT which, together with the public)J
2945	108 708 :M
2946	-.007(key of the initial object in the path, can be processed to obtain that of the \336nal object in the path;)A
2947	90 725 :M
2948	f7_10 sf
2949	-.766(e\))A
2950	108 725 :M
2951	1.074 .107(cryptographic system)J
2952	f6_10 sf
2953	.156 .016(, )J
2954	f7_10 sf
2955	.163(cryptosystem)A
2956	f6_10 sf
2957	.571 .057( : A collection of transformations from plain text into ciphertext and)J
2958	108 736 :M
2959	1.013 .101(vice versa, the particular transformation$s$ to be used being selected by keys. The transformations are)J
2960	108 747 :M
2961	-.017(normally de\336ned by a mathematical algorithm.)A
2962	endp
2963	%%Page: 10 10
2964	%%BeginPageSetup
2965	initializepage
2966	(hoyt; page: 10 of 40)setjob
2967	%%EndPageSetup
2968	-13 -12 :T
2969	gS 13 12 568 818 rC
2970	54 45 :M
2971	f3_10 sf
2972	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
2973	54 803 :M
2974	(4)S
2975	90 803 :M
2976	-.017(ITU-T Rec. X.509 $1993 E$)A
2977	72 81 :M
2978	f7_10 sf
2979	-.106(f\))A
2980	90 81 :M
2981	.868 .087(hash function)J
2982	f6_10 sf
2983	.587 .059( : A $mathematical$ function which maps values from a large $possibly very large$ domain)J
2984	90 92 :M
2985	.064 .006(into a smaller range. A \322good\323 hash function is such that the results of applying the function to a $large$ set)J
2986	90 103 :M
2987	-.009(of values in the domain will be evenly distributed $and apparently at random$ over the range;)A
2988	72 120 :M
2989	f7_10 sf
2990	-.328(g\))A
2991	90 120 :M
2992	-.011(one-way function)A
2993	f6_10 sf
2994	-.01( : A $mathematical$ function f which is easy to compute, but which for a general value y in)A
2995	90 131 :M
2996	.305 .03(the range, it is computationally dif\336cult to \336nd a value x in the domain such that f$x$ = y. There may be a)J
2997	90 142 :M
2998	-.014(few values y for which finding x is not computationally difficult;)A
2999	72 159 :M
3000	f7_10 sf
3001	-.328(h\))A
3002	90 159 :M
3003	-.09(public key)A
3004	131 159 :M
3005	f6_10 sf
3006	-.004( : $In a public key cryptosystem$ that key of a user\325s key pair which is publicly known;)A
3007	72 176 :M
3008	f7_10 sf
3009	-.106(i\))A
3010	90 176 :M
3011	-.078(private key)A
3012	f6_10 sf
3013	-.113( \()A
3014	140 176 :M
3015	f7_10 sf
3016	-.076(secret key)A
3017	180 176 :M
3018	f6_10 sf
3019	.093 .009( \321 deprecated\): $In a public key cryptosystem$ that key of a user\325s key pair which is)J
3020	90 187 :M
3021	-.039(known only by that user;)A
3022	72 204 :M
3023	f7_10 sf
3024	-.106(j\))A
3025	90 204 :M
3026	-.006(simple authentication)A
3027	f6_10 sf
3028	-.006( : Authentication by means of simple password arrangements;)A
3029	72 221 :M
3030	f7_10 sf
3031	-.766(k\))A
3032	90 221 :M
3033	.173 .017(security policy)J
3034	150 221 :M
3035	f6_10 sf
3036	.675 .068( : The set of rules laid down by the security authority governing the use and provision of)J
3037	90 232 :M
3038	-.031(security services and facilities;)A
3039	72 249 :M
3040	f7_10 sf
3041	-.106(l\))A
3042	90 249 :M
3043	-.041(strong authentication)A
3044	176 249 :M
3045	f6_10 sf
3046	-.01( : Authentication by means of cryptographically derived credentials;)A
3047	72 266 :M
3048	f7_10 sf
3049	-.547(m\))A
3050	90 266 :M
3051	.367(trust)A
3052	f6_10 sf
3053	1.349 .135(: Generally, an entity can be said to \322trust\323 a second entity when it $the first entity$ makes the)J
3054	90 277 :M
3055	.281 .028(assumption that the second entity will behave exactly as the first entity expects. This trust may apply only)J
3056	90 288 :M
3057	1.514 .151(for some specific function. The key role of trust in the authentication framework is to describe the)J
3058	90 299 :M
3059	.246 .025(relationship between an authenticating entity and a certification authority; an authenticating entity shall be)J
3060	90 310 :M
3061	-.005(certain that it can trust the certification authority to create only valid and reliable certificates;)A
3062	72 327 :M
3063	f7_10 sf
3064	-.328(n\))A
3065	90 327 :M
3066	1.957 .196(certificate serial number)J
3067	f6_10 sf
3068	1.461 .146(: An integer value, unique within the issuing CA, which is unambiguously)J
3069	90 338 :M
3070	-.003(associated with a certificate issued by that CA.)A
3071	54 375 :M
3072	f3_14 sf
3073	(4)S
3074	76 375 :M
3075	-.064(Abbreviations)A
3076	72 394 :M
3077	f6_10 sf
3078	-.889(CA)A
3079	126 394 :M
3080	-.017(Certi\336cation Authority)A
3081	72 411 :M
3082	-.108(DIB)A
3083	126 411 :M
3084	-.02(Directory Information Base)A
3085	72 428 :M
3086	-.328(DIT)A
3087	126 428 :M
3088	-.015(Directory Information Tree)A
3089	72 445 :M
3090	-.499(DSA)A
3091	126 445 :M
3092	-.009(Directory System Agent)A
3093	72 462 :M
3094	-.329(DUA)A
3095	126 462 :M
3096	-.033(Directory User Agent)A
3097	72 479 :M
3098	(PKCS)S
3099	126 479 :M
3100	-.014(Public key cryptosystem)A
3101	54 516 :M
3102	f3_14 sf
3103	(5)S
3104	76 516 :M
3105	-.066(Conventions)A
3106	54 535 :M
3107	f6_10 sf
3108	1.241 .124(With minor exceptions this Directory Specification has been prepared according to the \322Presentation of ITU)J
3109	518 535 :M
3110	(-)S
3111	54 546 :M
3112	-.003(TS/ISO/IEC common text\323 guidelines in the Guide for ITU-TS and ISO/IEC JTC 1 Cooperation, March 1993.)A
3113	54 569 :M
3114	.115 .012(The term \322Directory Specification\323 $as in \322this Directory Specification\323$ shall be taken to mean ITU-T Rec. X.509 \|)J
3115	54 580 :M
3116	.159 .016(ISO/IEC 9594-8. The term \322Directory Specifications\323 shall be taken to mean the X.500 series of Recommendations)J
3117	54 591 :M
3118	-.006(and all parts of ISO/IEC 9594.)A
3119	54 614 :M
3120	.551 .055(This Directory Specification uses the term \3221988 edition systems\323 to refer to systems conforming to the previous)J
3121	54 625 :M
3122	.007 .001($1988$ edition of the Directory Specifications, i.e., the 1988 edition of the series of CCITT X.500 Recommendations)J
3123	54 636 :M
3124	.445 .045(and the ISO/IEC 9594:1990 edition. Systems conforming to the current Directory Specifications are referred to as)J
3125	54 647 :M
3126	-.037(\3221993 edition systems\323.)A
3127	54 670 :M
3128	.158 .016(If the items in a list are numbered $as opposed to using \322\321\323 or letters$, then the items shall be considered steps in a)J
3129	54 681 :M
3130	-.052(procedure.)A
3131	endp
3132	%%Page: 11 11
3133	%%BeginPageSetup
3134	initializepage
3135	(hoyt; page: 11 of 40)setjob
3136	%%EndPageSetup
3137	-13 -12 :T
3138	gS 13 12 568 818 rC
3139	427 45 :M
3140	f3_10 sf
3141	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
3142	390 803 :M
3143	-.017(ITU-T Rec. X.509 $1993 E$)A
3144	536 803 :M
3145	(5)S
3146	72 81 :M
3147	f6_10 sf
3148	-.007(The notation used in this Directory Specification is defined in Table 1 below.)A
3149	90 102 :M
3150	f3_9 sf
3151	-.329(Note)A
3152	108 102 :M
3153	f6_9 sf
3154	.303 .03( - in the table, the symbols X, X)J
3155	f6_7 sf
3156	0 3 rm
3157	(1)S
3158	0 -3 rm
3159	231 102 :M
3160	f6_9 sf
3161	(, X)S
3162	243 105 :M
3163	f6_7 sf
3164	(2)S
3165	247 102 :M
3166	f6_9 sf
3167	.355 .035( etc. occur in place of the names of users, while the symbol I occurs in place of)J
3168	90 113 :M
3169	-.036(arbitrary information)A
3170	259 137 :M
3171	f3_10 sf
3172	-.036(TABLE 1 \321 Notation)A
3173	81 156 :M
3174	-.063(NOTATION)A
3175	288 156 :M
3176	-.072(MEANING)A
3177	68 147 -1 2 70 145 1 68 145 @a
3178	-1 -2 70 147 1 2 68 145 @b
3179	70 147 -1 2 542 145 1 70 145 @a
3180	542 147 -1 2 544 145 1 542 145 @a
3181	-1 -2 544 147 1 2 542 145 @b
3182	68 160 -1 2 70 158 1 68 158 @a
3183	-1 -2 70 160 1 2 68 158 @b
3184	70 160 -1 2 542 158 1 70 158 @a
3185	542 160 -1 2 544 158 1 542 158 @a
3186	-1 -2 544 160 1 2 542 158 @b
3187	-1 -2 70 158 1 2 68 147 @b
3188	-1 -2 544 158 1 2 542 147 @b
3189	-1 -1 163 160 1 1 162 145 @b
3190	81 176 :M
3191	f6_10 sf
3192	-.36(Xp )A
3193	171 176 :M
3194	-.003(public key of a user X.)A
3195	-1 -1 70 167 1 1 69 166 @b
3196	-1 -1 70 167 1 1 69 166 @b
3197	70 167 -1 1 542 166 1 70 166 @a
3198	-1 -1 543 167 1 1 542 166 @b
3199	-1 -1 543 167 1 1 542 166 @b
3200	-1 -1 70 178 1 1 69 167 @b
3201	-1 -1 543 178 1 1 542 167 @b
3202	-1 -1 163 178 1 1 162 166 @b
3203	81 188 :M
3204	-.108(Xs)A
3205	171 188 :M
3206	-.047(private key of X.)A
3207	-1 -1 70 179 1 1 69 178 @b
3208	70 179 -1 1 542 178 1 70 178 @a
3209	-1 -1 543 179 1 1 542 178 @b
3210	-1 -1 70 190 1 1 69 179 @b
3211	-1 -1 543 190 1 1 542 179 @b
3212	-1 -1 163 190 1 1 162 178 @b
3213	81 200 :M
3214	-.14(Xp[I] )A
3215	171 200 :M
3216	-.012(encipherment of some information, I, using the public key of X.)A
3217	-1 -1 70 191 1 1 69 190 @b
3218	70 191 -1 1 542 190 1 70 190 @a
3219	-1 -1 543 191 1 1 542 190 @b
3220	-1 -1 70 202 1 1 69 191 @b
3221	-1 -1 543 202 1 1 542 191 @b
3222	-1 -1 163 202 1 1 162 190 @b
3223	81 212 :M
3224	-.023(Xs[I])A
3225	171 212 :M
3226	-.005(encipherment of I using the private key of X.)A
3227	-1 -1 70 203 1 1 69 202 @b
3228	70 203 -1 1 542 202 1 70 202 @a
3229	-1 -1 543 203 1 1 542 202 @b
3230	-1 -1 70 214 1 1 69 203 @b
3231	-1 -1 543 214 1 1 542 203 @b
3232	-1 -1 163 214 1 1 162 202 @b
3233	81 224 :M
3234	-.162(X{I} )A
3235	171 224 :M
3236	-.009(the signing of I by user X. It consists of I with an enciphered summary appended.)A
3237	-1 -1 70 215 1 1 69 214 @b
3238	70 215 -1 1 542 214 1 70 214 @a
3239	-1 -1 543 215 1 1 542 214 @b
3240	-1 -1 70 226 1 1 69 215 @b
3241	-1 -1 543 226 1 1 542 215 @b
3242	-1 -1 163 226 1 1 162 214 @b
3243	81 236 :M
3244	-.053(CA$X$ )A
3245	171 236 :M
3246	-.015(a certi\336cation authority of user X.)A
3247	-1 -1 70 227 1 1 69 226 @b
3248	70 227 -1 1 542 226 1 70 226 @a
3249	-1 -1 543 227 1 1 542 226 @b
3250	-1 -1 70 238 1 1 69 227 @b
3251	-1 -1 543 238 1 1 542 227 @b
3252	-1 -1 163 238 1 1 162 226 @b
3253	81 248 :M
3254	-.889(CA)A
3255	95 245 :M
3256	f6_9 sf
3257	(n)S
3258	100 248 :M
3259	f6_10 sf
3260	-.437($X$)A
3261	171 248 :M
3262	-.017($where n>1$: CA$CA\(...n times...\(X$\)\))A
3263	-1 -1 70 239 1 1 69 238 @b
3264	70 239 -1 1 542 238 1 70 238 @a
3265	-1 -1 543 239 1 1 542 238 @b
3266	-1 -1 70 251 1 1 69 239 @b
3267	-1 -1 543 251 1 1 542 239 @b
3268	-1 -1 163 251 1 1 162 238 @b
3269	81 261 :M
3270	-.443(X)A
3271	f6_9 sf
3272	0 2 rm
3273	(1)S
3274	0 -2 rm
3275	93 261 :M
3276	f6_10 sf
3277	-.263(\307X)A
3278	f6_9 sf
3279	0 2 rm
3280	(2)S
3281	0 -2 rm
3282	110 261 :M
3283	f6_10 sf
3284	(\310)S
3285	171 261 :M
3286	-.036(the certi\336cate of user X)A
3287	265 263 :M
3288	f6_9 sf
3289	(2)S
3290	270 261 :M
3291	f6_10 sf
3292	-.017( issued by certi\336cation authority X)A
3293	409 263 :M
3294	f6_9 sf
3295	(1)S
3296	414 261 :M
3297	f6_10 sf
3298	(.)S
3299	-1 -1 70 252 1 1 69 251 @b
3300	70 252 -1 1 542 251 1 70 251 @a
3301	-1 -1 543 252 1 1 542 251 @b
3302	-1 -1 70 265 1 1 69 252 @b
3303	-1 -1 543 265 1 1 542 252 @b
3304	-1 -1 163 265 1 1 162 251 @b
3305	81 275 :M
3306	-.443(X)A
3307	f6_9 sf
3308	0 2 rm
3309	(1)S
3310	0 -2 rm
3311	93 275 :M
3312	f6_10 sf
3313	-.263(\307X)A
3314	f6_9 sf
3315	0 2 rm
3316	(2)S
3317	0 -2 rm
3318	110 275 :M
3319	f6_10 sf
3320	-.36(\310 X)A
3321	125 277 :M
3322	f6_9 sf
3323	(2)S
3324	130 275 :M
3325	f6_10 sf
3326	-.263(\307X)A
3327	f6_9 sf
3328	0 2 rm
3329	(3)S
3330	0 -2 rm
3331	147 275 :M
3332	f6_10 sf
3333	(\310)S
3334	171 275 :M
3335	-.007(a chain of certi\336cates $can be of arbitrary length$, where each item is the certi\336cate for the)A
3336	-1 -1 70 266 1 1 69 265 @b
3337	70 266 -1 1 542 265 1 70 265 @a
3338	-1 -1 543 266 1 1 542 265 @b
3339	-1 -1 70 279 1 1 69 266 @b
3340	-1 -1 543 279 1 1 542 266 @b
3341	-1 -1 163 279 1 1 162 265 @b
3342	171 288 :M
3343	(certi\336cation authority which produced the next. It is functionally equivalent to the following)S
3344	-1 -1 70 290 1 1 69 279 @b
3345	-1 -1 543 290 1 1 542 279 @b
3346	-1 -1 163 290 1 1 162 278 @b
3347	171 299 :M
3348	-.053(certi\336cate X)A
3349	223 301 :M
3350	f6_9 sf
3351	(1)S
3352	228 299 :M
3353	f6_10 sf
3354	(\307X)S
3355	f6_9 sf
3356	0 2 rm
3357	-.019(n+1)A
3358	0 -2 rm
3359	f6_10 sf
3360	-.017(\310. For example, possession of A\307B\310B\307C\310 provides the same)A
3361	-1 -1 70 303 1 1 69 290 @b
3362	-1 -1 543 303 1 1 542 290 @b
3363	-1 -1 163 303 1 1 162 289 @b
3364	171 312 :M
3365	-.009(capability as A\307C\310, namely the ability to \336nd out Cp given Ap.)A
3366	-1 -1 70 314 1 1 69 303 @b
3367	-1 -1 543 314 1 1 542 303 @b
3368	-1 -1 163 314 1 1 162 302 @b
3369	81 326 :M
3370	-.443(X)A
3371	f6_9 sf
3372	0 2 rm
3373	(1)S
3374	0 -2 rm
3375	93 326 :M
3376	f6_10 sf
3377	-.5(p )A
3378	101 326 :M
3379	f6_14 sf
3380	-.542(\245)A
3381	f6_10 sf
3382	-1.075( X)A
3383	115 328 :M
3384	f6_9 sf
3385	(1)S
3386	120 326 :M
3387	f6_12 sf
3388	-.244(\307)A
3389	f6_10 sf
3390	-.293(X)A
3391	f6_9 sf
3392	0 2 rm
3393	(2)S
3394	0 -2 rm
3395	138 326 :M
3396	f6_12 sf
3397	(\310)S
3398	171 326 :M
3399	f6_10 sf
3400	-.007(the operation of unwrapping a certi\336cate $or certi\336cate chain$ to extract a public key. It is)A
3401	-1 -1 70 315 1 1 69 314 @b
3402	70 315 -1 1 542 314 1 70 314 @a
3403	-1 -1 543 315 1 1 542 314 @b
3404	-1 -1 70 330 1 1 69 315 @b
3405	-1 -1 543 330 1 1 542 315 @b
3406	-1 -1 163 330 1 1 162 314 @b
3407	171 339 :M
3408	-.006(an in\336x operator, whose left operand is the public key of a certi\336cation authority, and)A
3409	-1 -1 70 341 1 1 69 330 @b
3410	-1 -1 543 341 1 1 542 330 @b
3411	-1 -1 163 341 1 1 162 329 @b
3412	171 350 :M
3413	-.004(whose right operand is a certi\336cate issued by that certi\336cation authority. The outcome is the)A
3414	-1 -1 70 352 1 1 69 341 @b
3415	-1 -1 543 352 1 1 542 341 @b
3416	-1 -1 163 352 1 1 162 340 @b
3417	171 361 :M
3418	-.008(public key of the user whose certi\336cate is the right operand. For example:)A
3419	-1 -1 70 363 1 1 69 352 @b
3420	-1 -1 543 363 1 1 542 352 @b
3421	-1 -1 163 363 1 1 162 351 @b
3422	-1 -1 70 374 1 1 69 363 @b
3423	-1 -1 543 374 1 1 542 363 @b
3424	-1 -1 163 374 1 1 162 362 @b
3425	216 385 :M
3426	-.36(Ap )A
3427	231 385 :M
3428	f6_14 sf
3429	(\245)S
3430	236 385 :M
3431	f6_10 sf
3432	-.091(A\307B\310 B\307C\310)A
3433	-1 -1 70 389 1 1 69 374 @b
3434	-1 -1 543 389 1 1 542 374 @b
3435	-1 -1 163 389 1 1 162 373 @b
3436	-1 -1 70 400 1 1 69 389 @b
3437	-1 -1 543 400 1 1 542 389 @b
3438	-1 -1 163 400 1 1 162 388 @b
3439	171 409 :M
3440	-.01(denotes the operation of using the public key of A to obtain B\325s public key, Bp, from its)A
3441	-1 -1 70 411 1 1 69 400 @b
3442	-1 -1 543 411 1 1 542 400 @b
3443	-1 -1 163 411 1 1 162 399 @b
3444	171 420 :M
3445	-.003(certi\336cate, followed by using Bp to unwrap C\325s certi\336cate. The outcome of the operation is)A
3446	-1 -1 70 422 1 1 69 411 @b
3447	-1 -1 543 422 1 1 542 411 @b
3448	-1 -1 163 422 1 1 162 410 @b
3449	171 431 :M
3450	-.036(the public key of C, Cp.)A
3451	-1 -1 70 433 1 1 69 422 @b
3452	-1 -1 543 433 1 1 542 422 @b
3453	-1 -1 163 433 1 1 162 421 @b
3454	81 444 :M
3455	-.138(A)A
3456	f10_12 sf
3457	-.212(\336)A
3458	f6_10 sf
3459	-.175(B )A
3460	171 444 :M
3461	-.003(a certi\336cation path from A to B, formed of a chain of certi\336cates, starting with)A
3462	-1 -1 70 434 1 1 69 433 @b
3463	70 434 -1 1 542 433 1 70 433 @a
3464	-1 -1 543 434 1 1 542 433 @b
3465	-1 -1 70 447 1 1 69 434 @b
3466	-1 -1 543 447 1 1 542 434 @b
3467	-1 -1 163 447 1 1 162 433 @b
3468	171 456 :M
3469	-.093(CA$A$\307CA)A
3470	218 453 :M
3471	f6_7 sf
3472	(2)S
3473	222 456 :M
3474	f6_10 sf
3475	-.024($A$\310 and ending with CA$B$\307B\310.)A
3476	-1 -1 70 459 1 1 69 458 @b
3477	-1 -1 70 459 1 1 69 458 @b
3478	70 459 -1 1 542 458 1 70 458 @a
3479	-1 -1 543 459 1 1 542 458 @b
3480	-1 -1 543 459 1 1 542 458 @b
3481	-1 -1 70 458 1 1 69 447 @b
3482	-1 -1 543 458 1 1 542 447 @b
3483	-1 -1 163 459 1 1 162 446 @b
3484	173 497 :M
3485	f6_18 sf
3486	-.127(S)A
3487	f6_14 sf
3488	-.116(ECTION )A
3489	238 497 :M
3490	f6_18 sf
3491	-.096(2: S)A
3492	f6_14 sf
3493	-.123(IMPLE )A
3494	312 497 :M
3495	f6_18 sf
3496	(A)S
3497	325 497 :M
3498	f6_14 sf
3499	-.042(UTHENTICATION)A
3500	72 543 :M
3501	f3_14 sf
3502	(6)S
3503	94 543 :M
3504	-.032(Simple authentication procedure)A
3505	72 562 :M
3506	f6_10 sf
3507	.892 .089(Simple authentication is intended to provide local authorization based upon the distinguished name of a user, a)J
3508	72 573 :M
3509	1.333 .133(bilaterally agreed $optional$ password, and a bilateral understanding of the means of using and handling this)J
3510	72 584 :M
3511	.287 .029(password within a single domain. Utilization of simple authentication is primarily intended for local use only, i.e.,)J
3512	72 595 :M
3513	1.585 .158(for peer entity authentication between one DUA and one DSA or between one DSA and one DSA. Simple)J
3514	72 606 :M
3515	-.01(authentication may be achieved by several means:)A
3516	90 623 :M
3517	-.766(a\))A
3518	108 623 :M
3519	.714 .071(the transfer of the user\325s distinguished name and $optional$ password in the clear $non-protected$ to the)J
3520	108 634 :M
3521	-.003(recipient for evaluation;)A
3522	90 651 :M
3523	-.328(b\))A
3524	108 651 :M
3525	.521 .052(the transfer of the user\325s distinguished name, password, and a random number and/or a timestamp, all of)J
3526	108 662 :M
3527	-.006(which are protected by applying a one-way function;)A
3528	90 679 :M
3529	-.766(c\))A
3530	108 679 :M
3531	-.012(the transfer of the protected information described in b\) together with a random number and/or a timestamp,)A
3532	108 690 :M
3533	-.014(all of which is protected by applying a one-way function.)A
3534	90 711 :M
3535	f3_9 sf
3536	-.122(Notes)A
3537	90 726 :M
3538	f6_9 sf
3539	(1)S
3540	103 726 :M
3541	-.002(There is no requirement that the one-way functions applied be different.)A
3542	90 741 :M
3543	(2)S
3544	103 741 :M
3545	-.009(The signaling of procedures for protecting passwords may be a matter for extension to the document.)A
3546	72 765 :M
3547	f6_10 sf
3548	.244 .024(Where passwords are not protected, a minimal degree of security is provided for preventing unauthorized access. It)J
3549	72 776 :M
3550	-.003(should not be considered a basis for secure services. Protecting the user\325s distinguished name and password provides)A
3551	endp
3552	%%Page: 12 12
3553	%%BeginPageSetup
3554	initializepage
3555	(hoyt; page: 12 of 40)setjob
3556	%%EndPageSetup
3557	-13 -12 :T
3558	gS 13 12 568 818 rC
3559	54 45 :M
3560	f3_10 sf
3561	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
3562	54 803 :M
3563	(6)S
3564	90 803 :M
3565	-.017(ITU-T Rec. X.509 $1993 E$)A
3566	54 81 :M
3567	f6_10 sf
3568	.466 .047(greater degrees of security. The algorithms to be used for the protection mechanism are typically non-enciphering)J
3569	54 92 :M
3570	-.016(one-way functions that are very simple to implement.)A
3571	:a
3572	36 <3049883AB59CF039
3573	><3030304949498888883A3A3AB5B5B59C9C9CF0F0F0393939
3574	>fg null :b
3575	126 106 328 109 rC
3576	0 <FFFFFFFFFFFFFFFF
3577	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
3578	>fg null :b
3579	740 375 :M
3580	%%DSIDICT:_cv
3581	userdict /_cv known not dup {userdict /_cv 20 dict put}if
3582	_cv begin
3583	/bdf{bind def}bind def
3584	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
3585	/setcmykcolor where{/setcmykcolor get /cvcmyk exch def}{/cvcmyk{1 sub 4 1 roll 3{3 index add neg dup 0 lt{pop 0}if 3 1 roll}repeat setrgbcolor pop}bdf }ifelse
3586	/stg{isDeviceColor {cf ca /cs load setscreen setgray}{pop}ifelse}bdf
3587	/strgb{isDeviceColor {cf ca /cs load setscreen setrgbcolor}{pop pop pop}ifelse}bdf
3588	/stcmyk{isDeviceColor {cf ca /cs load setscreen cvcmyk}{pop pop pop pop}ifelse}bdf
3589	/min1{dup 0 eq{pop 1}if}bdf
3590	currentscreen/cs exch def/ca exch def/cf exch def
3591	end
3592	:e
3593	0 0 0 0 rC
3594	740 375 :M
3595	0 G
3596	f10_2 sf
3597	(.)S
3598	742 375 :M
3599	(.)S
3600	744 375 :M
3601	(.)S
3602	:a
3603	0 <FFFFFFFFFFFFFFFF
3604	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
3605	>fg null :b
3606	gR
3607	:a
3608	0 <FFFFFFFFFFFFFFFF
3609	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
3610	>fg null :b
3611	gS 126 106 328 109 rC
3612	745 375 :M
3613	psb
3614	pse
3615	:e
3616	0 G
3617	126 106 :M
3618	psb
3619
3620	currentpoint
3621	pse
3622	454 215 :M
3623	psb
3624	%%CopyWithEps
3625
3626	currentpoint
3627	2 index sub exch 3 index sub
3628	328 div exch 109 div 3 index 183 sub 3 index 106 sub 4 2 roll 5 index 5 index translate
3629	scale
3630	4 2 roll neg exch neg exch translate translate
3631	%!PS-Adobe-2.0 EPSF-1.2
3632	%%Title: EPSFile
3633	%%Creator: Canvas 3.5
3634	%%For: hoyt
3635	%%CreationDate: 17 May 1994 21:40
3636	%%BoundingBox: 181 105 512 216
3637	%%DocumentProcSets: CanvasDict
3638	%%DocumentSuppliedProcSets: CanvasDict
3639	%%Copyright ©1988-91 Deneba Systems, Inc. - All Rights Reserved Worldwide
3640	%%DocumentFonts: Helvetica-Bold
3641	%%+ ZapfDingbats
3642	%%+ Helvetica
3643	%%DocumentNeededFonts: Helvetica-Bold
3644	%%+ ZapfDingbats
3645	%%+ Helvetica
3646	%%EndComments
3647	%%BeginProcSet:CanvasDict
3648	/CanvasDict where not{/CanvasDict 250 dict def}{pop}ifelse
3649	CanvasDict begin
3650	systemdict/setpacking known{/origpack currentpacking def true setpacking}if
3651	/bdf{bind def}bind def
3652	/_cv 20 dict begin
3653	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
3654	/stg{isDeviceColor{setgray}{pop}ifelse}bdf
3655	/strgb{isDeviceColor{setrgbcolor}{pop pop pop}ifelse}bdf
3656	/stcmyk{isDeviceColor{setcmykcolor}{pop pop pop pop}ifelse}bdf
3657	currentdict end def
3658	/xdf{exch bind def}bdf
3659	/min{2 copy gt{exch}if pop}bdf
3660	/edf{exch def}bdf
3661	/max{2 copy lt{exch}if pop}bdf
3662	/cvmtx matrix def
3663	/tpmx matrix def
3664	/currot 0 def
3665	/rotmtx matrix def
3666	/origmtx matrix def
3667	/cvangle{360 exch sub 90 add 360 mod}bdf
3668	/setrot{/currot edf rotmtx currentmatrix pop 2 copy translate currot rotate neg exch neg exch translate}bdf
3669	/endrot{rotmtx setmatrix /currot 0 def}bdf
3670	/i systemdict/image get def/T true def/F false def/dbg F def
3671	/ncolors 0 def/st0 ()def/st1 ()def/proc0 {}def
3672	/penh 1 def/penv 1 def/penv2 0 def/penh2 0 def/samplesize 0 def/width 0 def/height 0 def
3673	/setcmykcolor where not{/setcmykcolor{/b edf 3{b add 1.0 exch sub 0.0 max 1.0 min 3 1 roll}repeat systemdict begin setrgbcolor end}bdf}{pop}ifelse
3674	/doeoclip{closepath{eoclip}stopped{currentflat dup 2 mul setflat eoclip setflat}if}bdf
3675	/SpaceExtra 0 def/LetterSpace 0 def/StringLength 0 def/NumSpaces 0 def/JustOffset 0 def
3676	/f0{eofill} def
3677	/s0{1 setlinewidth cvmtx currentmatrix pop penh penv scale stroke cvmtx setmatrix}bdf
3678	/f1{_bp _fp impat}def
3679	/s1{cvmtx currentmatrix pop 1 setlinewidth penh penv scale
3680	{strokepath}stopped{currentflat dup 2 mul setflat strokepath setflat}if
3681	_bp
3682	cvmtx setmatrix _fp impat}def
3683	/filltype 0 def
3684	/stroketype 0 def
3685	/f{filltype 0 eq{f0}{f1}ifelse}bdf
3686	/s{stroketype 0 eq{s0}{s1}ifelse}bdf
3687	/_fp{}def
3688	/_bp{}def
3689	/_fg 1 def
3690	/_pg 0 def
3691	/_bkg 1 def
3692	/_frg 0 def
3693	/_frgb 3 array def
3694	/_frrgb [0 0 0] def
3695	/_fcmyk 4 array def
3696	/_frcmyk [0 0 0 1] def
3697	/_prgb 3 array def
3698	/_pcmyk 4 array def
3699	/_bkrgb [1 1 1] def
3700	/_bkcmyk [0 0 0 0] def
3701	/fg{/_fg exch def /filltype 0 def/fills{_fg setgray}def}def
3702	/frgb{_frgb astore pop /filltype 0 def/fills{_frgb aload pop setrgbcolor}def}def
3703	/fcmyk{_fcmyk astore pop /filltype 0 def/fills{_fcmyk aload pop setcmykcolor}def}def
3704	/pg{/_pg exch def /stroketype 0 def/pens{_pg setgray}def}def
3705	/prgb{_prgb astore pop /stroketype 0 def/pens{_prgb aload pop setrgbcolor}def}def
3706	/pcmyk{_pcmyk astore pop /stroketype 0 def/pens{_pcmyk aload pop setcmykcolor}def}def
3707	/fpat{/fstr edf/filltype 1 def/fills{/patstr fstr def}bdf}bdf
3708	/ppat{/sstr edf/stroketype 1 def/pens{/patstr sstr def}bdf}bdf
3709	/bkg{ /_bkg exch def /_bp{gsave _bkg setgray fill grestore}def}def
3710	/bkrgb{_bkrgb astore pop/_bp{gsave _bkrgb aload pop setrgbcolor fill grestore}def}def
3711	/bkcmyk{_bkcmyk astore pop/_bp{gsave _bkcmyk aload pop setcmykcolor fill grestore}def}def
3712	/frg{ /_frg exch def /_fp{_frg setgray}def}def
3713	/frrgb{_frrgb astore pop/_fp{_frrgb aload pop setrgbcolor}def}def
3714	/frcmyk{_frcmyk astore pop/_fp{_frcmyk aload pop setcmykcolor}def}def
3715	/icomp{/ncolors edf
3716	ncolors 1 gt{/proc0 edf
3717	dup dup 0 get ncolors div cvi exch 0 3 -1 roll put
3718	4 -1 roll ncolors div cvi 4 1 roll{proc0 dup/st0 edf
3719	0 exch ncolors exch length
3720	dup ncolors sub exch ncolors div cvi string/st1 edf
3721	{dup 0 exch dup 1 exch
3722	2 add{st0 exch get add}bind for
3723	3 div ncolors 4 eq{exch dup 3 1 roll 3 add st0 exch get add 255 exch sub dup 0 lt{pop 0}if}if cvi
3724	dup 255 gt{pop 255}if
3725	exch ncolors div cvi exch
3726	st1 3 1 roll put}bind for
3727	st1}}if i}bdf
3728	/ci
3729	{/colorimage where
3730	{pop false exch colorimage}
3731	{icomp}
3732	ifelse}bdf
3733	/impat
3734	{/cnt 0 def
3735	/MySave save def
3736	currot 0 ne{currot neg rotate}if
3737	clip
3738	flattenpath
3739	pathbbox
3740	3 -1 roll
3741	8 div floor 8 mul dup/starty edf
3742	sub abs 8 div ceiling 8 mul cvi/height edf
3743	exch 8 div floor 8 mul dup/startx edf
3744	sub abs 8 div ceiling 8 mul cvi/width edf
3745	startx starty translate
3746	width height scale
3747	/height height 8 mul def
3748	/st0 width string def
3749	width height T [width 0 0 height neg 0 height]
3750	{patstr
3751	cnt 8 mod
3752	get/st1 edf
3753	0 1
3754	st0 length 1 sub dup 0 le{pop 1}if
3755	{st0 exch
3756	st1
3757	put}bind for/cnt cnt 1 add def
3758	st0}bind
3759	imagemask
3760	MySave restore
3761	newpath}bdf
3762	/cm{/ncolors edf
3763	translate
3764	scale/height edf/colorimage where
3765	{pop}
3766	{ncolors mul}ifelse/width edf
3767	/tbitstr width string def
3768	width height 8 [width 0 0 height neg 0 height]
3769	{currentfile tbitstr readhexstring pop}bind
3770	ncolors
3771	dup 3 eq {ci}{icomp}ifelse}bdf
3772	/im{translate
3773	scale
3774	/height edf
3775	/width edf
3776	/tbitstr width 7 add 8 div cvi string def
3777	width height 1 [width 0 0 height neg 0 height]
3778	{currentfile tbitstr readhexstring pop}bind
3779	i}bdf
3780	/imk{/invFlag edf
3781	translate
3782	scale
3783	/height edf
3784	/width edf
3785	/tbitstr width 7 add 8 div cvi string def
3786	width height invFlag [width 0 0 height neg 0 height]
3787	{currentfile tbitstr readhexstring pop}bind
3788	imagemask}bdf
3789	/BeginEPSF
3790	{/MySave save def
3791	/dict_count countdictstack def
3792	/op_count count 1 sub def
3793	userdict begin
3794	/showpage {} def
3795	0 setgray 0 setlinecap
3796	1 setlinewidth 0 setlinejoin
3797	10 setmiterlimit [] 0 setdash newpath
3798	/languagelevel where
3799	{pop languagelevel 1 ne{false setstrokeadjust false setoverprint}if}if
3800	}bdf
3801	/EndEPSF
3802	{count op_count sub {pop}repeat
3803	countdictstack dict_count sub {end}repeat
3804	MySave restore}bdf
3805	/rectpath {/cv_r edf/cv_b edf/cv_l edf/cv_t edf
3806	cv_l cv_t moveto cv_r cv_t lineto cv_r cv_b lineto cv_l cv_b lineto cv_l cv_t lineto closepath}bdf
3807	/setpen{/penh edf/penv edf/penv2 penv 2 div def/penh2 penh 2 div def}bdf
3808	/dostroke{not pens 1.0 currentgray ne or {s}{newpath}ifelse}bdf
3809	/dodashfill{not fills 1.0 currentgray ne or
3810	{gsave f grestore gsave [] 0 setdash
3811	stroketype/stroketype filltype def
3812	s/stroketype edf grestore}{newpath}ifelse}bdf
3813	/dofill{not fills 1.0 currentgray ne or {f}{newpath}ifelse}bdf
3814	/dofillsave{not fills 1.0 currentgray ne or {gsave f grestore}if}bdf
3815	/doline{not pens 1.0 currentgray ne or {filltype/filltype stroketype def f/filltype edf}{newpath}ifelse}bdf
3816	/spx{SpaceExtra 0 32 4 -1 roll widthshow}bdf
3817	/lsx{SpaceExtra 0 32 LetterSpace 0 6 -1 roll awidthshow}bdf
3818	/Rjust{stringwidth pop JustOffset exch sub /JustOffset edf}bdf
3819	/Cjust{stringwidth pop 2 div JustOffset exch sub /JustOffset edf}bdf
3820	/adjfit{stringwidth pop LetterSpace StringLength 1 sub mul add SpaceExtra NumSpaces mul add dup /pw edf JustOffset exch
3821	sub dup /wdif edf StringLength div LetterSpace add /LetterSpace edf}bdf
3822	/ulb{currentpoint pop /underlinpt edf}bdf
3823	/ule{gsave currentpoint newpath moveto currentfont dup /ft1 known{dup /ft1 get begin /FontMatrix get FontMatrix tpmx concatmatrix pop}
3824	{begin FontMatrix tpmx copy pop}ifelse currentfont /FontInfo known {FontInfo begin UnderlinePosition UnderlineThickness end}{100 1}ifelse end dup tpmx
3825	dtransform pop setlinewidth dup tpmx dtransform pop 0 exch rmoveto underlinpt currentpoint pop sub 0 rlineto stroke grestore}bdf
3826	/fittext{ /SpaceExtra edf /LetterSpace edf /StringLength edf /NumSpaces edf /JustOffset edf not 1 currentgray ne or
3827	{dup {ulb}if exch
3828	dup adjfit
3829	lsx {ule}if}{pop pop}ifelse}bdf
3830	/cvRecFont{/encod edf FontDirectory 2 index known{cleartomark}{findfont dup length 1 add dict begin
3831	{1 index/FID ne{def}{pop pop}ifelse}forall encod{/Encoding CVvec def}if
3832	currentdict end definefont cleartomark}ifelse}bdf
3833	/wrk1 ( ) def/wdict 16 dict def
3834	/Work75 75 string def /Nmk{Work75 cvs dup}bdf /Npt{put cvn}bdf /dhOdh{Nmk 2 79 Npt}bdf /dhodh{Nmk 2 111 Npt}bdf /dhSdh{Nmk 2 83 Npt}bdf
3835	/sfWidth{gsave 0 0 moveto 0 0 lineto 0 0 lineto 0 0 lineto closepath clip stringwidth grestore}bdf
3836	/MakOF{dup dhodh FontDirectory 1 index known{exch pop}{exch findfont dup length 1 add dict begin
3837	{1 index/FID ne 2 index /UniqueID ne and{def}{pop pop}ifelse}forall
3838	/PaintType 2 def
3839	/StrokeWidth .24 1000 mul ftSize div dup 12 lt{pop 12}if def
3840	dup currentdict end definefont pop}ifelse}bdf
3841	/fts{dup/ftSize edf}def
3842	/mkFT{/tempFT 11 dict def tempFT begin
3843	/FontMatrix [1 0 0 1 0 0] def/FontType 3 def
3844	FontDirectory 3 index get /Encoding get/Encoding exch def
3845	/proc2 edf/ft2 exch findfont def/ft1 exch findfont def/FontBBox [0 0 1 1] def
3846	/BuildChar{wdict begin/chr edf/ftdt edf/chrst wrk1 dup 0 chr put def ftdt/proc2 get exec end}def
3847	end tempFT definefont pop}bdf
3848	/OLFt{dup dhOdh FontDirectory 1 index known{exch pop}
3849	{dup 3 -1 roll dup MakOF {outproc} mkFT}ifelse}bdf
3850	/mshw{moveto show}bdf
3851	/outproc{ftdt/ft1 get setfont gsave chrst sfWidth grestore setcharwidth dblsh}bdf
3852	/dblsh{currentgray 1 setgray chrst 0 0 mshw setgray ftdt/ft2 get setfont chrst 0 0 mshw}bdf
3853	/ShadChar{ftdt/ft1 get setfont gsave chrst sfWidth 1 index 0 ne{exch .05 add exch}if grestore setcharwidth
3854	chrst .06 0 mshw 0 .05 translate dblsh}bdf
3855	/ShFt{dup dhSdh FontDirectory 1 index known{exch pop}
3856	{dup 3 -1 roll dup MakOF {ShadChar} mkFT}ifelse}bdf
3857	/LswUnits{72 75 div dup scale}bdf
3858	/erasefill{_bp}def
3859	/CVvec 256 array def
3860	/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US
3861	CVvec 0 32 getinterval astore pop
3862	CVvec 32/Times-Roman findfont/Encoding get
3863	32 96 getinterval putinterval CVvec dup 39/quotesingle put 96/grave put
3864	/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute
3865	/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave
3866	/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute
3867	/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis
3868	/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls
3869	/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash
3870	/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation
3871	/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash
3872	/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft
3873	/guillemotright/ellipsis/blank/Agrave/Atilde/Otilde/OE/oe
3874	/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge
3875	/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl
3876	/daggerdbl/periodcentered/quotesinglbase/quotedblbase/perthousand/Acircumflex/Ecircumflex/Aacute
3877	/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex
3878	/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde
3879	/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron
3880	CVvec 128 128 getinterval astore pop
3881	end
3882	%%EndProcSet
3883	%%BeginSetup
3884	CanvasDict begin
3885	0 setlinecap
3886	0 setlinejoin
3887	4 setmiterlimit
3888	/currot 0 def
3889	origmtx currentmatrix pop
3890	[] 0 setdash
3891	1 1 setpen
3892	1 fg
3893	0 pg
3894	0 frg
3895	1 bkg
3896	newpath
3897	/dbg F def
3898	347 160.5 translate
3899	1 -1 scale
3900	-347 -160.5 translate
3901	%%EndSetup
3902	% ---- Object #1:1 Obj Type: 99
3903	% ---- Object #2:35 Obj Type: 10
3904	0 setlinecap
3905	0 setlinejoin
3906	378.5 166.5 moveto
3907	400 198.5 426 208 462 200.5 curveto
3908	F dofillsave
3909	F dostroke
3910	gsave
3911	newpath
3912	450.2204 198.2105 moveto
3913	449.6623 201.0822 450.0863 203.7593 451.5047 206.3179 curveto
3914	456.7523 203.409 456.7523 203.409 462 200.5 curveto
3915	462 200.5 450.2204 198.2105 450.2204 198.2105 curveto
3916	closepath
3917	F doline
3918	grestore
3919	% ---- Object #3:4 Obj Type: 99
3920	% ---- Object #4:5 Obj Type: 6
3921	0 setlinecap
3922	0 setlinejoin
3923	233.5 145.5 moveto
3924	233.5 131.7865 222.2135 120.5 208.5 120.5 curveto
3925	194.7865 120.5 183.5 131.7865 183.5 145.5 curveto
3926	183.5 159.2135 194.7865 170.5 208.5 170.5 curveto
3927	222.2135 170.5 233.5 159.2135 233.5 145.5 curveto
3928	closepath
3929	F dofillsave
3930	F dostroke
3931	% ---- Object #5:7 Obj Type: 2
3932	0 0 setpen
3933	save
3934	0 setgray
3935	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
3936	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
3937	0 setgray
3938	203.375 140.5 moveto
3939	(A)
3940	show
3941	restore
3942	% ---- Object #6:26 Obj Type: 99
3943	% ---- Object #7:6 Obj Type: 6
3944	1 1 setpen
3945	0 setlinecap
3946	0 setlinejoin
3947	390 145.75 moveto
3948	390 132.0365 378.7135 120.75 365 120.75 curveto
3949	351.2865 120.75 340 132.0365 340 145.75 curveto
3950	340 159.4635 351.2865 170.75 365 170.75 curveto
3951	378.7135 170.75 390 159.4635 390 145.75 curveto
3952	closepath
3953	F dofillsave
3954	F dostroke
3955	% ---- Object #8:25 Obj Type: 2
3956	0 0 setpen
3957	save
3958	0 setgray
3959	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
3960	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
3961	0 setgray
3962	360.375 140.75 moveto
3963	(B)
3964	show
3965	restore
3966	% ---- Object #9:27 Obj Type: 10
3967	1 1 setpen
3968	0 setlinecap
3969	0 setlinejoin
3970	226.8333 163.6667 moveto
3971	256.8333 184.1667 314.5 186 346.5 163.5 curveto
3972	F dofillsave
3973	F dostroke
3974	gsave
3975	newpath
3976	334.6478 165.3773 moveto
3977	335.1054 168.2668 336.4195 170.6374 338.6274 172.5566 curveto
3978	342.5637 168.0283 342.5637 168.0283 346.5 163.5 curveto
3979	346.5 163.5 334.6478 165.3773 334.6478 165.3773 curveto
3980	closepath
3981	F doline
3982	grestore
3983	% ---- Object #10:29 Obj Type: 10
3984	0 setlinecap
3985	0 setlinejoin
3986	346 128 moveto
3987	316 107.5 258.3333 105.6667 226.3333 128.1667 curveto
3988	F dofillsave
3989	F dostroke
3990	gsave
3991	newpath
3992	238.151 126.0829 moveto
3993	237.643 123.2019 236.2878 120.8546 234.0468 118.9741 curveto
3994	230.19 123.5704 230.19 123.5704 226.3333 128.1667 curveto
3995	226.3333 128.1667 238.151 126.0829 238.151 126.0829 curveto
3996	closepath
3997	F doline
3998	grestore
3999	% ---- Object #11:30 Obj Type: 2
4000	0 0 setpen
4001	save
4002	0 setgray
4003	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
4004	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
4005	0 setgray
4006	242.125 161.25 moveto
4007	(\312)
4008	show
4009	restore
4010	% ---- Object #12:28 Obj Type: 2
4011	save
4012	0 setgray
4013	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
4014	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
4015	0 setgray
4016	389.625 169 moveto
4017	(\313)
4018	show
4019	restore
4020	% ---- Object #13:31 Obj Type: 99
4021	% ---- Object #14:33 Obj Type: 6
4022	1 1 setpen
4023	0 setlinecap
4024	0 setlinejoin
4025	510.5 190 moveto
4026	510.5 176.2865 499.2135 165 485.5 165 curveto
4027	471.7865 165 460.5 176.2865 460.5 190 curveto
4028	460.5 203.7135 471.7865 215 485.5 215 curveto
4029	499.2135 215 510.5 203.7135 510.5 190 curveto
4030	closepath
4031	F dofillsave
4032	F dostroke
4033	% ---- Object #15:32 Obj Type: 2
4034	0 0 setpen
4035	save
4036	0 setgray
4037	mark /\|___Helvetica /Helvetica T cvRecFont
4038	12 fts /\|___Helvetica findfont exch scalefont setfont
4039	0 setgray
4040	461.375 185.75 moveto
4041	(Directory)
4042	F F 47.957 0 9 0 0 fittext
4043	restore
4044	% ---- Object #16:36 Obj Type: 10
4045	1 1 setpen
4046	0 setlinecap
4047	0 setlinejoin
4048	471 168.5 moveto
4049	449.5 136.5 423.5 127 387.5 134.5 curveto
4050	F dofillsave
4051	F dostroke
4052	gsave
4053	newpath
4054	399.2795 136.7897 moveto
4055	399.8377 133.918 399.4137 131.2409 397.9954 128.6823 curveto
4056	392.7477 131.5911 392.7477 131.5911 387.5 134.5 curveto
4057	387.5 134.5 399.2795 136.7897 399.2795 136.7897 curveto
4058	closepath
4059	F doline
4060	grestore
4061	% ---- Object #17:37 Obj Type: 2
4062	0 0 setpen
4063	save
4064	0 setgray
4065	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
4066	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
4067	0 setgray
4068	322.875 122.5 moveto
4069	(\315)
4070	show
4071	restore
4072	% ---- Object #18:38 Obj Type: 2
4073	save
4074	0 setgray
4075	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
4076	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
4077	0 setgray
4078	451.375 160 moveto
4079	(\314)
4080	show
4081	restore
4082	origmtx setmatrix
4083	systemdict /setpacking known {origpack setpacking} if end
4084	%%EndDocument:
4085	pse
4086	gR
4087	:e
4088	gS 13 12 568 818 rC
4089	168 228 :M
4090	0 G
4091	f3_9 sf
4092	-.008(Figure 1\321 The Unprotected Simple Authentication Procedure)A
4093	54 252 :M
4094	f6_10 sf
4095	-.005(The general procedure for achieving simple authentication is shown in Figure 1.)A
4096	54 275 :M
4097	-.013(The following steps are involved:)A
4098	72 292 :M
4099	-.328(1\))A
4100	90 292 :M
4101	-.01( an originating user A sends its distinguished name and password to a recipient user B;)A
4102	72 309 :M
4103	-.328(2\))A
4104	90 309 :M
4105	1.028 .103(B sends the purported distinguished name and password of A to the Directory, where the password is)J
4106	90 320 :M
4107	.916 .092(checked against that held as the )J
4108	f0_9 sf
4109	.376(UserPassword)A
4110	295 320 :M
4111	f6_10 sf
4112	1.377 .138( attribute within the directory entry for A \(using the)J
4113	90 332 :M
4114	-.011(Compare operation of the Directory\);)A
4115	72 349 :M
4116	-.328(3\))A
4117	90 349 :M
4118	-.014( the Directory con\336rms $or denies$ to B that the credentials are valid;)A
4119	72 366 :M
4120	-.328(4\))A
4121	90 366 :M
4122	-.003( the success $or failure$ of authentication may be conveyed to A.)A
4123	54 389 :M
4124	.341 .034(The most basic form of simple authentication involves only step 1 and after B has checked the distinguished name)J
4125	54 400 :M
4126	-.014(and password, may include step 4.)A
4127	54 424 :M
4128	f3_12 sf
4129	(6.1)S
4130	81 424 :M
4131	-.005(Generation of protected identifying information)A
4132	54 442 :M
4133	f6_10 sf
4134	-.012(Figure 2 illustrates two approaches by which protected identifying information may be generated. )A
4135	447 442 :M
4136	f4_10 sf
4137	-.076(\246)A
4138	f6_10 sf
4139	-.062(1 and )A
4140	f4_10 sf
4141	-.076(\246)A
4142	f6_10 sf
4143	-.07(2 are one)A
4144	518 442 :M
4145	(-)S
4146	54 453 :M
4147	.719 .072(way functions $either identical or different$ and the timestamps and random numbers are optional and subject to)J
4148	54 464 :M
4149	-.014(bilateral agreements.)A
4150	:a
4151	36 <3049883AB59CF039
4152	><3030304949498888883A3A3AB5B5B59C9C9CF0F0F0393939
4153	>fg null :b
4154	161 478 259 127 rC
4155	0 <FFFFFFFFFFFFFFFF
4156	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
4157	>fg null :b
4158	1122 922 :M
4159	%%DSIDICT:_cv
4160	userdict /_cv known not dup {userdict /_cv 20 dict put}if
4161	_cv begin
4162	/bdf{bind def}bind def
4163	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
4164	/setcmykcolor where{/setcmykcolor get /cvcmyk exch def}{/cvcmyk{1 sub 4 1 roll 3{3 index add neg dup 0 lt{pop 0}if 3 1 roll}repeat setrgbcolor pop}bdf }ifelse
4165	/stg{isDeviceColor {cf ca /cs load setscreen setgray}{pop}ifelse}bdf
4166	/strgb{isDeviceColor {cf ca /cs load setscreen setrgbcolor}{pop pop pop}ifelse}bdf
4167	/stcmyk{isDeviceColor {cf ca /cs load setscreen cvcmyk}{pop pop pop pop}ifelse}bdf
4168	/min1{dup 0 eq{pop 1}if}bdf
4169	currentscreen/cs exch def/ca exch def/cf exch def
4170	end
4171	0 <FFFFFFFFFFFFFFFF
4172	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
4173	>fg null :b
4174	0 0 0 0 rC
4175	gR
4176	:a
4177	0 <FFFFFFFFFFFFFFFF
4178	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
4179	>fg null :b
4180	gS 161 478 259 127 rC
4181	1122 922 :M
4182	psb
4183	pse
4184	:e
4185	0 G
4186	161 478 :M
4187	psb
4188
4189	currentpoint
4190	pse
4191	420 605 :M
4192	psb
4193	%%CopyWithEps
4194
4195	currentpoint
4196	2 index sub exch 3 index sub
4197	259 div exch 127 div 3 index 151 sub 3 index 105 sub 4 2 roll 5 index 5 index translate
4198	scale
4199	4 2 roll neg exch neg exch translate translate
4200	%!PS-Adobe-2.0 EPSF-1.2
4201	%%Title: EPSFile
4202	%%Creator: Canvas 3.5
4203	%%For: hoyt
4204	%%CreationDate: 26 Jun1994 09:05
4205	%%BoundingBox: 149 104 411 233
4206	%%DocumentProcSets: CanvasDict
4207	%%DocumentSuppliedProcSets: CanvasDict
4208	%%Copyright ©1988-91 Deneba Systems, Inc. - All Rights Reserved Worldwide
4209	%%DocumentFonts: Helvetica
4210	%%DocumentNeededFonts: Helvetica
4211	%%EndComments
4212	%%BeginProcSet:CanvasDict
4213	/CanvasDict where not{/CanvasDict 250 dict def}{pop}ifelse
4214	CanvasDict begin
4215	systemdict/setpacking known{/origpack currentpacking def true setpacking}if
4216	/bdf{bind def}bind def
4217	/_cv 20 dict begin
4218	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
4219	/stg{isDeviceColor{setgray}{pop}ifelse}bdf
4220	/strgb{isDeviceColor{setrgbcolor}{pop pop pop}ifelse}bdf
4221	/stcmyk{isDeviceColor{setcmykcolor}{pop pop pop pop}ifelse}bdf
4222	currentdict end def
4223	/xdf{exch bind def}bdf
4224	/min{2 copy gt{exch}if pop}bdf
4225	/edf{exch def}bdf
4226	/max{2 copy lt{exch}if pop}bdf
4227	/cvmtx matrix def
4228	/tpmx matrix def
4229	/currot 0 def
4230	/rotmtx matrix def
4231	/origmtx matrix def
4232	/cvangle{360 exch sub 90 add 360 mod}bdf
4233	/setrot{/currot edf rotmtx currentmatrix pop 2 copy translate currot rotate neg exch neg exch translate}bdf
4234	/endrot{rotmtx setmatrix /currot 0 def}bdf
4235	/i systemdict/image get def/T true def/F false def/dbg F def
4236	/ncolors 0 def/st0 ()def/st1 ()def/proc0 {}def
4237	/penh 1 def/penv 1 def/penv2 0 def/penh2 0 def/samplesize 0 def/width 0 def/height 0 def
4238	/setcmykcolor where not{/setcmykcolor{/b edf 3{b add 1.0 exch sub 0.0 max 1.0 min 3 1 roll}repeat systemdict begin setrgbcolor end}bdf}{pop}ifelse
4239	/doeoclip{closepath{eoclip}stopped{currentflat dup 2 mul setflat eoclip setflat}if}bdf
4240	/SpaceExtra 0 def/LetterSpace 0 def/StringLength 0 def/NumSpaces 0 def/JustOffset 0 def
4241	/f0{eofill} def
4242	/s0{1 setlinewidth cvmtx currentmatrix pop penh penv scale stroke cvmtx setmatrix}bdf
4243	/f1{_bp _fp impat}def
4244	/s1{cvmtx currentmatrix pop 1 setlinewidth penh penv scale
4245	{strokepath}stopped{currentflat dup 2 mul setflat strokepath setflat}if
4246	_bp
4247	cvmtx setmatrix _fp impat}def
4248	/filltype 0 def
4249	/stroketype 0 def
4250	/f{filltype 0 eq{f0}{f1}ifelse}bdf
4251	/s{stroketype 0 eq{s0}{s1}ifelse}bdf
4252	/_fp{}def
4253	/_bp{}def
4254	/_fg 1 def
4255	/_pg 0 def
4256	/_bkg 1 def
4257	/_frg 0 def
4258	/_frgb 3 array def
4259	/_frrgb [0 0 0] def
4260	/_fcmyk 4 array def
4261	/_frcmyk [0 0 0 1] def
4262	/_prgb 3 array def
4263	/_pcmyk 4 array def
4264	/_bkrgb [1 1 1] def
4265	/_bkcmyk [0 0 0 0] def
4266	/fg{/_fg exch def /filltype 0 def/fills{_fg setgray}def}def
4267	/frgb{_frgb astore pop /filltype 0 def/fills{_frgb aload pop setrgbcolor}def}def
4268	/fcmyk{_fcmyk astore pop /filltype 0 def/fills{_fcmyk aload pop setcmykcolor}def}def
4269	/pg{/_pg exch def /stroketype 0 def/pens{_pg setgray}def}def
4270	/prgb{_prgb astore pop /stroketype 0 def/pens{_prgb aload pop setrgbcolor}def}def
4271	/pcmyk{_pcmyk astore pop /stroketype 0 def/pens{_pcmyk aload pop setcmykcolor}def}def
4272	/fpat{/fstr edf/filltype 1 def/fills{/patstr fstr def}bdf}bdf
4273	/ppat{/sstr edf/stroketype 1 def/pens{/patstr sstr def}bdf}bdf
4274	/bkg{ /_bkg exch def /_bp{gsave _bkg setgray fill grestore}def}def
4275	/bkrgb{_bkrgb astore pop/_bp{gsave _bkrgb aload pop setrgbcolor fill grestore}def}def
4276	/bkcmyk{_bkcmyk astore pop/_bp{gsave _bkcmyk aload pop setcmykcolor fill grestore}def}def
4277	/frg{ /_frg exch def /_fp{_frg setgray}def}def
4278	/frrgb{_frrgb astore pop/_fp{_frrgb aload pop setrgbcolor}def}def
4279	/frcmyk{_frcmyk astore pop/_fp{_frcmyk aload pop setcmykcolor}def}def
4280	/icomp{/ncolors edf
4281	ncolors 1 gt{/proc0 edf
4282	dup dup 0 get ncolors div cvi exch 0 3 -1 roll put
4283	4 -1 roll ncolors div cvi 4 1 roll{proc0 dup/st0 edf
4284	0 exch ncolors exch length
4285	dup ncolors sub exch ncolors div cvi string/st1 edf
4286	{dup 0 exch dup 1 exch
4287	2 add{st0 exch get add}bind for
4288	3 div ncolors 4 eq{exch dup 3 1 roll 3 add st0 exch get add 255 exch sub dup 0 lt{pop 0}if}if cvi
4289	dup 255 gt{pop 255}if
4290	exch ncolors div cvi exch
4291	st1 3 1 roll put}bind for
4292	st1}}if i}bdf
4293	/ci
4294	{/colorimage where
4295	{pop false exch colorimage}
4296	{icomp}
4297	ifelse}bdf
4298	/impat
4299	{/cnt 0 def
4300	/MySave save def
4301	currot 0 ne{currot neg rotate}if
4302	clip
4303	flattenpath
4304	pathbbox
4305	3 -1 roll
4306	8 div floor 8 mul dup/starty edf
4307	sub abs 8 div ceiling 8 mul cvi/height edf
4308	exch 8 div floor 8 mul dup/startx edf
4309	sub abs 8 div ceiling 8 mul cvi/width edf
4310	startx starty translate
4311	width height scale
4312	/height height 8 mul def
4313	/st0 width string def
4314	width height T [width 0 0 height neg 0 height]
4315	{patstr
4316	cnt 8 mod
4317	get/st1 edf
4318	0 1
4319	st0 length 1 sub dup 0 le{pop 1}if
4320	{st0 exch
4321	st1
4322	put}bind for/cnt cnt 1 add def
4323	st0}bind
4324	imagemask
4325	MySave restore
4326	newpath}bdf
4327	/cm{/ncolors edf
4328	translate
4329	scale/height edf/colorimage where
4330	{pop}
4331	{ncolors mul}ifelse/width edf
4332	/tbitstr width string def
4333	width height 8 [width 0 0 height neg 0 height]
4334	{currentfile tbitstr readhexstring pop}bind
4335	ncolors
4336	dup 3 eq {ci}{icomp}ifelse}bdf
4337	/im{translate
4338	scale
4339	/height edf
4340	/width edf
4341	/tbitstr width 7 add 8 div cvi string def
4342	width height 1 [width 0 0 height neg 0 height]
4343	{currentfile tbitstr readhexstring pop}bind
4344	i}bdf
4345	/imk{/invFlag edf
4346	translate
4347	scale
4348	/height edf
4349	/width edf
4350	/tbitstr width 7 add 8 div cvi string def
4351	width height invFlag [width 0 0 height neg 0 height]
4352	{currentfile tbitstr readhexstring pop}bind
4353	imagemask}bdf
4354	/BeginEPSF
4355	{/MySave save def
4356	/dict_count countdictstack def
4357	/op_count count 1 sub def
4358	userdict begin
4359	/showpage {} def
4360	0 setgray 0 setlinecap
4361	1 setlinewidth 0 setlinejoin
4362	10 setmiterlimit [] 0 setdash newpath
4363	/languagelevel where
4364	{pop languagelevel 1 ne{false setstrokeadjust false setoverprint}if}if
4365	}bdf
4366	/EndEPSF
4367	{count op_count sub {pop}repeat
4368	countdictstack dict_count sub {end}repeat
4369	MySave restore}bdf
4370	/rectpath {/cv_r edf/cv_b edf/cv_l edf/cv_t edf
4371	cv_l cv_t moveto cv_r cv_t lineto cv_r cv_b lineto cv_l cv_b lineto cv_l cv_t lineto closepath}bdf
4372	/setpen{/penh edf/penv edf/penv2 penv 2 div def/penh2 penh 2 div def}bdf
4373	/dostroke{not pens 1.0 currentgray ne or {s}{newpath}ifelse}bdf
4374	/dodashfill{not fills 1.0 currentgray ne or
4375	{gsave f grestore gsave [] 0 setdash
4376	stroketype/stroketype filltype def
4377	s/stroketype edf grestore}{newpath}ifelse}bdf
4378	/dofill{not fills 1.0 currentgray ne or {f}{newpath}ifelse}bdf
4379	/dofillsave{not fills 1.0 currentgray ne or {gsave f grestore}if}bdf
4380	/doline{not pens 1.0 currentgray ne or {filltype/filltype stroketype def f/filltype edf}{newpath}ifelse}bdf
4381	/spx{SpaceExtra 0 32 4 -1 roll widthshow}bdf
4382	/lsx{SpaceExtra 0 32 LetterSpace 0 6 -1 roll awidthshow}bdf
4383	/Rjust{stringwidth pop JustOffset exch sub /JustOffset edf}bdf
4384	/Cjust{stringwidth pop 2 div JustOffset exch sub /JustOffset edf}bdf
4385	/adjfit{stringwidth pop LetterSpace StringLength 1 sub mul add SpaceExtra NumSpaces mul add dup /pw edf JustOffset exch
4386	sub dup /wdif edf StringLength div LetterSpace add /LetterSpace edf}bdf
4387	/ulb{currentpoint pop /underlinpt edf}bdf
4388	/ule{gsave currentpoint newpath moveto currentfont dup /ft1 known{dup /ft1 get begin /FontMatrix get FontMatrix tpmx concatmatrix pop}
4389	{begin FontMatrix tpmx copy pop}ifelse currentfont /FontInfo known {FontInfo begin UnderlinePosition UnderlineThickness end}{100 1}ifelse end dup tpmx
4390	dtransform pop setlinewidth dup tpmx dtransform pop 0 exch rmoveto underlinpt currentpoint pop sub 0 rlineto stroke grestore}bdf
4391	/fittext{ /SpaceExtra edf /LetterSpace edf /StringLength edf /NumSpaces edf /JustOffset edf not 1 currentgray ne or
4392	{dup {ulb}if exch
4393	dup adjfit
4394	lsx {ule}if}{pop pop}ifelse}bdf
4395	/cvRecFont{/encod edf FontDirectory 2 index known{cleartomark}{findfont dup length 1 add dict begin
4396	{1 index/FID ne{def}{pop pop}ifelse}forall encod{/Encoding CVvec def}if
4397	currentdict end definefont cleartomark}ifelse}bdf
4398	/wrk1 ( ) def/wdict 16 dict def
4399	/Work75 75 string def /Nmk{Work75 cvs dup}bdf /Npt{put cvn}bdf /dhOdh{Nmk 2 79 Npt}bdf /dhodh{Nmk 2 111 Npt}bdf /dhSdh{Nmk 2 83 Npt}bdf
4400	/sfWidth{gsave 0 0 moveto 0 0 lineto 0 0 lineto 0 0 lineto closepath clip stringwidth grestore}bdf
4401	/MakOF{dup dhodh FontDirectory 1 index known{exch pop}{exch findfont dup length 1 add dict begin
4402	{1 index/FID ne 2 index /UniqueID ne and{def}{pop pop}ifelse}forall
4403	/PaintType 2 def
4404	/StrokeWidth .24 1000 mul ftSize div dup 12 lt{pop 12}if def
4405	dup currentdict end definefont pop}ifelse}bdf
4406	/fts{dup/ftSize edf}def
4407	/mkFT{/tempFT 11 dict def tempFT begin
4408	/FontMatrix [1 0 0 1 0 0] def/FontType 3 def
4409	FontDirectory 3 index get /Encoding get/Encoding exch def
4410	/proc2 edf/ft2 exch findfont def/ft1 exch findfont def/FontBBox [0 0 1 1] def
4411	/BuildChar{wdict begin/chr edf/ftdt edf/chrst wrk1 dup 0 chr put def ftdt/proc2 get exec end}def
4412	end tempFT definefont pop}bdf
4413	/OLFt{dup dhOdh FontDirectory 1 index known{exch pop}
4414	{dup 3 -1 roll dup MakOF {outproc} mkFT}ifelse}bdf
4415	/mshw{moveto show}bdf
4416	/outproc{ftdt/ft1 get setfont gsave chrst sfWidth grestore setcharwidth dblsh}bdf
4417	/dblsh{currentgray 1 setgray chrst 0 0 mshw setgray ftdt/ft2 get setfont chrst 0 0 mshw}bdf
4418	/ShadChar{ftdt/ft1 get setfont gsave chrst sfWidth 1 index 0 ne{exch .05 add exch}if grestore setcharwidth
4419	chrst .06 0 mshw 0 .05 translate dblsh}bdf
4420	/ShFt{dup dhSdh FontDirectory 1 index known{exch pop}
4421	{dup 3 -1 roll dup MakOF {ShadChar} mkFT}ifelse}bdf
4422	/LswUnits{72 75 div dup scale}bdf
4423	/erasefill{_bp}def
4424	/CVvec 256 array def
4425	/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US
4426	CVvec 0 32 getinterval astore pop
4427	CVvec 32/Times-Roman findfont/Encoding get
4428	32 96 getinterval putinterval CVvec dup 39/quotesingle put 96/grave put
4429	/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute
4430	/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave
4431	/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute
4432	/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis
4433	/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls
4434	/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash
4435	/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation
4436	/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash
4437	/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft
4438	/guillemotright/ellipsis/blank/Agrave/Atilde/Otilde/OE/oe
4439	/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge
4440	/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl
4441	/daggerdbl/periodcentered/quotesinglbase/quotedblbase/perthousand/Acircumflex/Ecircumflex/Aacute
4442	/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex
4443	/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde
4444	/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron
4445	CVvec 128 128 getinterval astore pop
4446	end
4447	%%EndProcSet
4448	%%BeginSetup
4449	CanvasDict begin
4450	0 setlinecap
4451	0 setlinejoin
4452	4 setmiterlimit
4453	/currot 0 def
4454	origmtx currentmatrix pop
4455	[] 0 setdash
4456	1 1 setpen
4457	1 fg
4458	0 pg
4459	0 frg
4460	1 bkg
4461	newpath
4462	/dbg F def
4463	280.5 168.5 translate
4464	1 -1 scale
4465	-280.5 -168.5 translate
4466	%%EndSetup
4467	% ---- Object #1:1 Obj Type: 99
4468	% ---- Object #2:4 Obj Type: 4
4469	0 setlinecap
4470	0 setlinejoin
4471	232 207.5 105.5 341 rectpath
4472	F dostroke
4473	% ---- Object #3:8 Obj Type: 4
4474	0 setlinecap
4475	0 setlinejoin
4476	215.5 225 153 262 rectpath
4477	F dofillsave
4478	F dostroke
4479	% ---- Object #4:7 Obj Type: 4
4480	0 setlinecap
4481	0 setlinejoin
4482	185 291 121.5 328.5 rectpath
4483	F dofillsave
4484	F dostroke
4485	% ---- Object #5:9 Obj Type: 2
4486	0 0 setpen
4487	save
4488	0 setgray
4489	mark /\|___Helvetica /Helvetica T cvRecFont
4490	12 fts /\|___Helvetica findfont exch scalefont setfont
4491	0 setgray
4492	233.875 180.5 moveto
4493	( \3041)
4494	F F 16.6758 1 3 0 0 fittext
4495	restore
4496	% ---- Object #6:6 Obj Type: 2
4497	save
4498	0 setgray
4499	mark /\|___Helvetica /Helvetica T cvRecFont
4500	12 fts /\|___Helvetica findfont exch scalefont setfont
4501	0 setgray
4502	300.375 149.5 moveto
4503	( \3042)
4504	F F 16.6758 1 3 0 0 fittext
4505	restore
4506	% ---- Object #7:13 Obj Type: 3
4507	1 1 setpen
4508	2 setlinecap
4509	0 setlinejoin
4510	gsave
4511	newpath
4512	213.9737 201.8958 moveto
4513	212.9731 204.6449 212.9731 207.3553 213.9737 210.1044 curveto
4514	219.6119 208.0522 219.6119 208.0522 225.25 206 curveto
4515	225.25 206 213.9737 201.8958 213.9737 201.8958 curveto
4516	closepath
4517	F doline
4518	grestore
4519	gsave
4520	newpath
4521	186.5 206 moveto
4522	213.5 206 lineto
4523	F dostroke
4524	grestore
4525	% ---- Object #8:11 Obj Type: 3
4526	2 setlinecap
4527	0 setlinejoin
4528	gsave
4529	newpath
4530	213.9737 184.2956 moveto
4531	212.9731 187.0447 212.9731 189.7551 213.9737 192.5041 curveto
4532	219.6119 190.452 219.6119 190.452 225.25 188.3998 curveto
4533	225.25 188.3998 213.9737 184.2956 213.9737 184.2956 curveto
4534	closepath
4535	F doline
4536	grestore
4537	gsave
4538	newpath
4539	186.5 188.3998 moveto
4540	213.5 188.3998 lineto
4541	F dostroke
4542	grestore
4543	% ---- Object #9:12 Obj Type: 3
4544	2 setlinecap
4545	0 setlinejoin
4546	gsave
4547	newpath
4548	213.9737 169.6954 moveto
4549	212.9731 172.4444 212.9731 175.1549 213.9737 177.9039 curveto
4550	219.6119 175.8517 219.6119 175.8517 225.25 173.7996 curveto
4551	225.25 173.7996 213.9737 169.6954 213.9737 169.6954 curveto
4552	closepath
4553	F doline
4554	grestore
4555	gsave
4556	newpath
4557	186.5 173.7996 moveto
4558	213.5 173.7996 lineto
4559	F dostroke
4560	grestore
4561	% ---- Object #10:14 Obj Type: 3
4562	2 setlinecap
4563	0 setlinejoin
4564	gsave
4565	newpath
4566	213.9737 154.0952 moveto
4567	212.9731 156.8442 212.9731 159.5546 213.9737 162.3037 curveto
4568	219.6119 160.2515 219.6119 160.2515 225.25 158.1993 curveto
4569	225.25 158.1993 213.9737 154.0952 213.9737 154.0952 curveto
4570	closepath
4571	F doline
4572	grestore
4573	gsave
4574	newpath
4575	186.5 158.1993 moveto
4576	213.5 158.1993 lineto
4577	F dostroke
4578	grestore
4579	% ---- Object #11:15 Obj Type: 3
4580	2 setlinecap
4581	0 setlinejoin
4582	gsave
4583	newpath
4584	279.2237 139.7449 moveto
4585	278.2231 142.494 278.2231 145.2044 279.2237 147.9535 curveto
4586	284.8619 145.9013 284.8619 145.9013 290.5 143.8491 curveto
4587	290.5 143.8491 279.2237 139.7449 279.2237 139.7449 curveto
4588	closepath
4589	F doline
4590	grestore
4591	gsave
4592	newpath
4593	186.5 143.8491 moveto
4594	278.75 143.8491 lineto
4595	F dostroke
4596	grestore
4597	% ---- Object #12:17 Obj Type: 3
4598	2 setlinecap
4599	0 setlinejoin
4600	gsave
4601	newpath
4602	279.9737 123.3947 moveto
4603	278.9731 126.1438 278.9731 128.8542 279.9737 131.6033 curveto
4604	285.6119 129.5511 285.6119 129.5511 291.25 127.4989 curveto
4605	291.25 127.4989 279.9737 123.3947 279.9737 123.3947 curveto
4606	closepath
4607	F doline
4608	grestore
4609	gsave
4610	newpath
4611	186.5 127.4989 moveto
4612	279.5 127.4989 lineto
4613	F dostroke
4614	grestore
4615	% ---- Object #13:19 Obj Type: 2
4616	0 0 setpen
4617	save
4618	0 setgray
4619	mark /\|___Helvetica /Helvetica T cvRecFont
4620	12 fts /\|___Helvetica findfont exch scalefont setfont
4621	0 setgray
4622	171.875 206 moveto
4623	(A)
4624	show
4625	restore
4626	% ---- Object #14:20 Obj Type: 2
4627	save
4628	0 setgray
4629	mark /\|___Helvetica /Helvetica T cvRecFont
4630	12 fts /\|___Helvetica findfont exch scalefont setfont
4631	0 setgray
4632	150.875 189 moveto
4633	(passw)
4634	F F 34.0049 0 5 0 0 fittext
4635	0 setgray
4636	mark /\|___Helvetica /Helvetica T cvRecFont
4637	9 fts /\|___Helvetica findfont exch scalefont setfont
4638	0 setgray
4639	184.875 192 moveto
4640	(A)
4641	show
4642	restore
4643	% ---- Object #15:10 Obj Type: 2
4644	save
4645	0 setgray
4646	mark /\|___Helvetica /Helvetica T cvRecFont
4647	12 fts /\|___Helvetica findfont exch scalefont setfont
4648	0 setgray
4649	171.875 173.75 moveto
4650	(t1)
4651	F F 10.0049 0 2 0 0 fittext
4652	0 setgray
4653	mark /\|___Helvetica /Helvetica T cvRecFont
4654	9 fts /\|___Helvetica findfont exch scalefont setfont
4655	0 setgray
4656	181.875 176.75 moveto
4657	(A)
4658	show
4659	restore
4660	% ---- Object #16:21 Obj Type: 2
4661	save
4662	0 setgray
4663	mark /\|___Helvetica /Helvetica T cvRecFont
4664	12 fts /\|___Helvetica findfont exch scalefont setfont
4665	0 setgray
4666	171.875 158.5 moveto
4667	(q1)
4668	F F 13.3418 0 2 0 0 fittext
4669	0 setgray
4670	mark /\|___Helvetica /Helvetica T cvRecFont
4671	9 fts /\|___Helvetica findfont exch scalefont setfont
4672	0 setgray
4673	185.125 161.5 moveto
4674	(A)
4675	show
4676	restore
4677	% ---- Object #17:22 Obj Type: 2
4678	save
4679	0 setgray
4680	mark /\|___Helvetica /Helvetica T cvRecFont
4681	12 fts /\|___Helvetica findfont exch scalefont setfont
4682	0 setgray
4683	171.875 143.5 moveto
4684	(t2)
4685	F F 10.0049 0 2 0 0 fittext
4686	0 setgray
4687	mark /\|___Helvetica /Helvetica T cvRecFont
4688	9 fts /\|___Helvetica findfont exch scalefont setfont
4689	0 setgray
4690	181.875 146.5 moveto
4691	(A)
4692	show
4693	restore
4694	% ---- Object #18:23 Obj Type: 2
4695	save
4696	0 setgray
4697	mark /\|___Helvetica /Helvetica T cvRecFont
4698	12 fts /\|___Helvetica findfont exch scalefont setfont
4699	0 setgray
4700	171.875 127 moveto
4701	(q2)
4702	F F 13.3418 0 2 0 0 fittext
4703	0 setgray
4704	mark /\|___Helvetica /Helvetica T cvRecFont
4705	9 fts /\|___Helvetica findfont exch scalefont setfont
4706	0 setgray
4707	185.125 130 moveto
4708	(A)
4709	show
4710	restore
4711	% ---- Object #19:25 Obj Type: 3
4712	1 1 setpen
4713	2 setlinecap
4714	0 setlinejoin
4715	gsave
4716	newpath
4717	262 184.6667 moveto
4718	274 184.6667 lineto
4719	F dostroke
4720	grestore
4721	% ---- Object #20:27 Obj Type: 3
4722	2 setlinecap
4723	0 setlinejoin
4724	gsave
4725	newpath
4726	274.4996 195.6667 moveto
4727	274.4996 173.6667 lineto
4728	F dostroke
4729	grestore
4730	% ---- Object #21:28 Obj Type: 3
4731	2 setlinecap
4732	0 setlinejoin
4733	gsave
4734	newpath
4735	371.5808 191.6101 moveto
4736	370.5802 194.3592 370.5802 197.0696 371.5808 199.8186 curveto
4737	377.219 197.7665 377.219 197.7665 382.8571 195.7143 curveto
4738	382.8571 195.7143 371.5808 191.6101 371.5808 191.6101 curveto
4739	closepath
4740	F doline
4741	grestore
4742	gsave
4743	newpath
4744	274.5714 195.7143 moveto
4745	371.1071 195.7143 lineto
4746	F dostroke
4747	grestore
4748	% ---- Object #22:26 Obj Type: 3
4749	2 setlinecap
4750	0 setlinejoin
4751	gsave
4752	newpath
4753	280.1522 169.3244 moveto
4754	279.1517 172.0735 279.1517 174.7839 280.1523 177.5329 curveto
4755	285.7904 175.4808 285.7904 175.4808 291.4285 173.4286 curveto
4756	291.4285 173.4286 280.1522 169.3244 280.1522 169.3244 curveto
4757	closepath
4758	F doline
4759	grestore
4760	gsave
4761	newpath
4762	274.5714 173.4286 moveto
4763	279.6785 173.4286 lineto
4764	F dostroke
4765	grestore
4766	% ---- Object #23:29 Obj Type: 3
4767	2 setlinecap
4768	0 setlinejoin
4769	gsave
4770	newpath
4771	371.7236 149.4958 moveto
4772	370.7231 152.2449 370.7231 154.9553 371.7237 157.7044 curveto
4773	377.3618 155.6522 377.3618 155.6522 383 153.6 curveto
4774	383 153.6 371.7236 149.4958 371.7236 149.4958 curveto
4775	closepath
4776	F doline
4777	grestore
4778	gsave
4779	newpath
4780	328.4 153.6 moveto
4781	371.25 153.6 lineto
4782	F dostroke
4783	grestore
4784	% ---- Object #24:30 Obj Type: 2
4785	0 0 setpen
4786	save
4787	0 setgray
4788	mark /\|___Helvetica /Helvetica T cvRecFont
4789	12 fts /\|___Helvetica findfont exch scalefont setfont
4790	0 setgray
4791	351.875 202.25 moveto
4792	(Protected1)
4793	F F 58.0195 0 10 0 0 fittext
4794	restore
4795	% ---- Object #25:31 Obj Type: 2
4796	save
4797	0 setgray
4798	mark /\|___Helvetica /Helvetica T cvRecFont
4799	12 fts /\|___Helvetica findfont exch scalefont setfont
4800	0 setgray
4801	351.875 159.25 moveto
4802	(Protected2)
4803	F F 58.0195 0 10 0 0 fittext
4804	restore
4805	origmtx setmatrix
4806	systemdict /setpacking known {origpack setpacking} if end
4807	%%EndDocument:
4808	pse
4809	gR
4810	:e
4811	gS 13 12 568 818 rC
4812	90 620 :M
4813	0 G
4814	f3_10 sf
4815	-.133(Legend)A
4816	99 637 :M
4817	f6_10 sf
4818	(A)S
4819	139 637 :M
4820	(=)S
4821	162 637 :M
4822	-.036(user\325s distinguished name)A
4823	99 648 :M
4824	(t)S
4825	102 645 :M
4826	f6_9 sf
4827	-.555(A)A
4828	0 3 rm
4829	( )S
4830	0 -3 rm
4831	139 648 :M
4832	f6_10 sf
4833	(=)S
4834	162 648 :M
4835	-.061(timestamps)A
4836	99 660 :M
4837	-.147(passw)A
4838	f6_9 sf
4839	0 -3 rm
4840	(A)S
4841	0 3 rm
4842	139 660 :M
4843	f6_10 sf
4844	(=)S
4845	162 660 :M
4846	-.026(password of A)A
4847	99 672 :M
4848	-.356(q)A
4849	f6_9 sf
4850	0 -3 rm
4851	-.463(A)A
4852	0 3 rm
4853	f6_10 sf
4854	( )S
4855	139 672 :M
4856	(=)S
4857	162 672 :M
4858	-.013(random numbers, optionally with a counter included)A
4859	202 688 :M
4860	f3_9 sf
4861	-.005(Figure 2 \321 Protected Simple Authentication)A
4862	endp
4863	%%Page: 13 13
4864	%%BeginPageSetup
4865	initializepage
4866	(hoyt; page: 13 of 40)setjob
4867	%%EndPageSetup
4868	-13 -12 :T
4869	gS 13 12 568 818 rC
4870	427 45 :M
4871	f3_10 sf
4872	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
4873	390 803 :M
4874	-.017(ITU-T Rec. X.509 $1993 E$)A
4875	536 803 :M
4876	(7)S
4877	72 82 :M
4878	f3_12 sf
4879	(6.2)S
4880	99 82 :M
4881	-.013(Procedure for protected simple authentication)A
4882	72 100 :M
4883	f6_10 sf
4884	-.012(Figure 3 illustrates the procedure for protected simple authentication.)A
4885	:a
4886	36 <3049883AB59CF039
4887	><3030304949498888883A3A3AB5B5B59C9C9CF0F0F0393939
4888	>fg null :b
4889	202 114 208 97 rC
4890	0 <FFFFFFFFFFFFFFFF
4891	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
4892	>fg null :b
4893	760 348 :M
4894	%%DSIDICT:_cv
4895	userdict /_cv known not dup {userdict /_cv 20 dict put}if
4896	_cv begin
4897	/bdf{bind def}bind def
4898	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
4899	/setcmykcolor where{/setcmykcolor get /cvcmyk exch def}{/cvcmyk{1 sub 4 1 roll 3{3 index add neg dup 0 lt{pop 0}if 3 1 roll}repeat setrgbcolor pop}bdf }ifelse
4900	/stg{isDeviceColor {cf ca /cs load setscreen setgray}{pop}ifelse}bdf
4901	/strgb{isDeviceColor {cf ca /cs load setscreen setrgbcolor}{pop pop pop}ifelse}bdf
4902	/stcmyk{isDeviceColor {cf ca /cs load setscreen cvcmyk}{pop pop pop pop}ifelse}bdf
4903	/min1{dup 0 eq{pop 1}if}bdf
4904	currentscreen/cs exch def/ca exch def/cf exch def
4905	end
4906	:e
4907	0 0 0 0 rC
4908	760 348 :M
4909	0 G
4910	f10_2 sf
4911	(.)S
4912	762 348 :M
4913	(.)S
4914	764 348 :M
4915	-1.644(..)A
4916	767 348 :M
4917	(.)S
4918	:a
4919	0 <FFFFFFFFFFFFFFFF
4920	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
4921	>fg null :b
4922	gR
4923	:a
4924	0 <FFFFFFFFFFFFFFFF
4925	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
4926	>fg null :b
4927	gS 202 114 208 97 rC
4928	769 348 :M
4929	psb
4930	pse
4931	:e
4932	0 G
4933	202 114 :M
4934	psb
4935
4936	currentpoint
4937	pse
4938	410 211 :M
4939	psb
4940	%%CopyWithEps
4941
4942	currentpoint
4943	2 index sub exch 3 index sub
4944	208 div exch 97 div 3 index 183 sub 3 index 127 sub 4 2 roll 5 index 5 index translate
4945	scale
4946	4 2 roll neg exch neg exch translate translate
4947	%!PS-Adobe-2.0 EPSF-1.2
4948	%%Title: EPSFile
4949	%%Creator: Canvas 3.5
4950	%%For: hoyt
4951	%%CreationDate: 17 May 1994 21:42
4952	%%BoundingBox: 181 126 392 225
4953	%%DocumentProcSets: CanvasDict
4954	%%DocumentSuppliedProcSets: CanvasDict
4955	%%Copyright ©1988-91 Deneba Systems, Inc. - All Rights Reserved Worldwide
4956	%%DocumentFonts: Helvetica-Bold
4957	%%+ ZapfDingbats
4958	%%DocumentNeededFonts: Helvetica-Bold
4959	%%+ ZapfDingbats
4960	%%EndComments
4961	%%BeginProcSet:CanvasDict
4962	/CanvasDict where not{/CanvasDict 250 dict def}{pop}ifelse
4963	CanvasDict begin
4964	systemdict/setpacking known{/origpack currentpacking def true setpacking}if
4965	/bdf{bind def}bind def
4966	/_cv 20 dict begin
4967	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
4968	/stg{isDeviceColor{setgray}{pop}ifelse}bdf
4969	/strgb{isDeviceColor{setrgbcolor}{pop pop pop}ifelse}bdf
4970	/stcmyk{isDeviceColor{setcmykcolor}{pop pop pop pop}ifelse}bdf
4971	currentdict end def
4972	/xdf{exch bind def}bdf
4973	/min{2 copy gt{exch}if pop}bdf
4974	/edf{exch def}bdf
4975	/max{2 copy lt{exch}if pop}bdf
4976	/cvmtx matrix def
4977	/tpmx matrix def
4978	/currot 0 def
4979	/rotmtx matrix def
4980	/origmtx matrix def
4981	/cvangle{360 exch sub 90 add 360 mod}bdf
4982	/setrot{/currot edf rotmtx currentmatrix pop 2 copy translate currot rotate neg exch neg exch translate}bdf
4983	/endrot{rotmtx setmatrix /currot 0 def}bdf
4984	/i systemdict/image get def/T true def/F false def/dbg F def
4985	/ncolors 0 def/st0 ()def/st1 ()def/proc0 {}def
4986	/penh 1 def/penv 1 def/penv2 0 def/penh2 0 def/samplesize 0 def/width 0 def/height 0 def
4987	/setcmykcolor where not{/setcmykcolor{/b edf 3{b add 1.0 exch sub 0.0 max 1.0 min 3 1 roll}repeat systemdict begin setrgbcolor end}bdf}{pop}ifelse
4988	/doeoclip{closepath{eoclip}stopped{currentflat dup 2 mul setflat eoclip setflat}if}bdf
4989	/SpaceExtra 0 def/LetterSpace 0 def/StringLength 0 def/NumSpaces 0 def/JustOffset 0 def
4990	/f0{eofill} def
4991	/s0{1 setlinewidth cvmtx currentmatrix pop penh penv scale stroke cvmtx setmatrix}bdf
4992	/f1{_bp _fp impat}def
4993	/s1{cvmtx currentmatrix pop 1 setlinewidth penh penv scale
4994	{strokepath}stopped{currentflat dup 2 mul setflat strokepath setflat}if
4995	_bp
4996	cvmtx setmatrix _fp impat}def
4997	/filltype 0 def
4998	/stroketype 0 def
4999	/f{filltype 0 eq{f0}{f1}ifelse}bdf
5000	/s{stroketype 0 eq{s0}{s1}ifelse}bdf
5001	/_fp{}def
5002	/_bp{}def
5003	/_fg 1 def
5004	/_pg 0 def
5005	/_bkg 1 def
5006	/_frg 0 def
5007	/_frgb 3 array def
5008	/_frrgb [0 0 0] def
5009	/_fcmyk 4 array def
5010	/_frcmyk [0 0 0 1] def
5011	/_prgb 3 array def
5012	/_pcmyk 4 array def
5013	/_bkrgb [1 1 1] def
5014	/_bkcmyk [0 0 0 0] def
5015	/fg{/_fg exch def /filltype 0 def/fills{_fg setgray}def}def
5016	/frgb{_frgb astore pop /filltype 0 def/fills{_frgb aload pop setrgbcolor}def}def
5017	/fcmyk{_fcmyk astore pop /filltype 0 def/fills{_fcmyk aload pop setcmykcolor}def}def
5018	/pg{/_pg exch def /stroketype 0 def/pens{_pg setgray}def}def
5019	/prgb{_prgb astore pop /stroketype 0 def/pens{_prgb aload pop setrgbcolor}def}def
5020	/pcmyk{_pcmyk astore pop /stroketype 0 def/pens{_pcmyk aload pop setcmykcolor}def}def
5021	/fpat{/fstr edf/filltype 1 def/fills{/patstr fstr def}bdf}bdf
5022	/ppat{/sstr edf/stroketype 1 def/pens{/patstr sstr def}bdf}bdf
5023	/bkg{ /_bkg exch def /_bp{gsave _bkg setgray fill grestore}def}def
5024	/bkrgb{_bkrgb astore pop/_bp{gsave _bkrgb aload pop setrgbcolor fill grestore}def}def
5025	/bkcmyk{_bkcmyk astore pop/_bp{gsave _bkcmyk aload pop setcmykcolor fill grestore}def}def
5026	/frg{ /_frg exch def /_fp{_frg setgray}def}def
5027	/frrgb{_frrgb astore pop/_fp{_frrgb aload pop setrgbcolor}def}def
5028	/frcmyk{_frcmyk astore pop/_fp{_frcmyk aload pop setcmykcolor}def}def
5029	/icomp{/ncolors edf
5030	ncolors 1 gt{/proc0 edf
5031	dup dup 0 get ncolors div cvi exch 0 3 -1 roll put
5032	4 -1 roll ncolors div cvi 4 1 roll{proc0 dup/st0 edf
5033	0 exch ncolors exch length
5034	dup ncolors sub exch ncolors div cvi string/st1 edf
5035	{dup 0 exch dup 1 exch
5036	2 add{st0 exch get add}bind for
5037	3 div ncolors 4 eq{exch dup 3 1 roll 3 add st0 exch get add 255 exch sub dup 0 lt{pop 0}if}if cvi
5038	dup 255 gt{pop 255}if
5039	exch ncolors div cvi exch
5040	st1 3 1 roll put}bind for
5041	st1}}if i}bdf
5042	/ci
5043	{/colorimage where
5044	{pop false exch colorimage}
5045	{icomp}
5046	ifelse}bdf
5047	/impat
5048	{/cnt 0 def
5049	/MySave save def
5050	currot 0 ne{currot neg rotate}if
5051	clip
5052	flattenpath
5053	pathbbox
5054	3 -1 roll
5055	8 div floor 8 mul dup/starty edf
5056	sub abs 8 div ceiling 8 mul cvi/height edf
5057	exch 8 div floor 8 mul dup/startx edf
5058	sub abs 8 div ceiling 8 mul cvi/width edf
5059	startx starty translate
5060	width height scale
5061	/height height 8 mul def
5062	/st0 width string def
5063	width height T [width 0 0 height neg 0 height]
5064	{patstr
5065	cnt 8 mod
5066	get/st1 edf
5067	0 1
5068	st0 length 1 sub dup 0 le{pop 1}if
5069	{st0 exch
5070	st1
5071	put}bind for/cnt cnt 1 add def
5072	st0}bind
5073	imagemask
5074	MySave restore
5075	newpath}bdf
5076	/cm{/ncolors edf
5077	translate
5078	scale/height edf/colorimage where
5079	{pop}
5080	{ncolors mul}ifelse/width edf
5081	/tbitstr width string def
5082	width height 8 [width 0 0 height neg 0 height]
5083	{currentfile tbitstr readhexstring pop}bind
5084	ncolors
5085	dup 3 eq {ci}{icomp}ifelse}bdf
5086	/im{translate
5087	scale
5088	/height edf
5089	/width edf
5090	/tbitstr width 7 add 8 div cvi string def
5091	width height 1 [width 0 0 height neg 0 height]
5092	{currentfile tbitstr readhexstring pop}bind
5093	i}bdf
5094	/imk{/invFlag edf
5095	translate
5096	scale
5097	/height edf
5098	/width edf
5099	/tbitstr width 7 add 8 div cvi string def
5100	width height invFlag [width 0 0 height neg 0 height]
5101	{currentfile tbitstr readhexstring pop}bind
5102	imagemask}bdf
5103	/BeginEPSF
5104	{/MySave save def
5105	/dict_count countdictstack def
5106	/op_count count 1 sub def
5107	userdict begin
5108	/showpage {} def
5109	0 setgray 0 setlinecap
5110	1 setlinewidth 0 setlinejoin
5111	10 setmiterlimit [] 0 setdash newpath
5112	/languagelevel where
5113	{pop languagelevel 1 ne{false setstrokeadjust false setoverprint}if}if
5114	}bdf
5115	/EndEPSF
5116	{count op_count sub {pop}repeat
5117	countdictstack dict_count sub {end}repeat
5118	MySave restore}bdf
5119	/rectpath {/cv_r edf/cv_b edf/cv_l edf/cv_t edf
5120	cv_l cv_t moveto cv_r cv_t lineto cv_r cv_b lineto cv_l cv_b lineto cv_l cv_t lineto closepath}bdf
5121	/setpen{/penh edf/penv edf/penv2 penv 2 div def/penh2 penh 2 div def}bdf
5122	/dostroke{not pens 1.0 currentgray ne or {s}{newpath}ifelse}bdf
5123	/dodashfill{not fills 1.0 currentgray ne or
5124	{gsave f grestore gsave [] 0 setdash
5125	stroketype/stroketype filltype def
5126	s/stroketype edf grestore}{newpath}ifelse}bdf
5127	/dofill{not fills 1.0 currentgray ne or {f}{newpath}ifelse}bdf
5128	/dofillsave{not fills 1.0 currentgray ne or {gsave f grestore}if}bdf
5129	/doline{not pens 1.0 currentgray ne or {filltype/filltype stroketype def f/filltype edf}{newpath}ifelse}bdf
5130	/spx{SpaceExtra 0 32 4 -1 roll widthshow}bdf
5131	/lsx{SpaceExtra 0 32 LetterSpace 0 6 -1 roll awidthshow}bdf
5132	/Rjust{stringwidth pop JustOffset exch sub /JustOffset edf}bdf
5133	/Cjust{stringwidth pop 2 div JustOffset exch sub /JustOffset edf}bdf
5134	/adjfit{stringwidth pop LetterSpace StringLength 1 sub mul add SpaceExtra NumSpaces mul add dup /pw edf JustOffset exch
5135	sub dup /wdif edf StringLength div LetterSpace add /LetterSpace edf}bdf
5136	/ulb{currentpoint pop /underlinpt edf}bdf
5137	/ule{gsave currentpoint newpath moveto currentfont dup /ft1 known{dup /ft1 get begin /FontMatrix get FontMatrix tpmx concatmatrix pop}
5138	{begin FontMatrix tpmx copy pop}ifelse currentfont /FontInfo known {FontInfo begin UnderlinePosition UnderlineThickness end}{100 1}ifelse end dup tpmx
5139	dtransform pop setlinewidth dup tpmx dtransform pop 0 exch rmoveto underlinpt currentpoint pop sub 0 rlineto stroke grestore}bdf
5140	/fittext{ /SpaceExtra edf /LetterSpace edf /StringLength edf /NumSpaces edf /JustOffset edf not 1 currentgray ne or
5141	{dup {ulb}if exch
5142	dup adjfit
5143	lsx {ule}if}{pop pop}ifelse}bdf
5144	/cvRecFont{/encod edf FontDirectory 2 index known{cleartomark}{findfont dup length 1 add dict begin
5145	{1 index/FID ne{def}{pop pop}ifelse}forall encod{/Encoding CVvec def}if
5146	currentdict end definefont cleartomark}ifelse}bdf
5147	/wrk1 ( ) def/wdict 16 dict def
5148	/Work75 75 string def /Nmk{Work75 cvs dup}bdf /Npt{put cvn}bdf /dhOdh{Nmk 2 79 Npt}bdf /dhodh{Nmk 2 111 Npt}bdf /dhSdh{Nmk 2 83 Npt}bdf
5149	/sfWidth{gsave 0 0 moveto 0 0 lineto 0 0 lineto 0 0 lineto closepath clip stringwidth grestore}bdf
5150	/MakOF{dup dhodh FontDirectory 1 index known{exch pop}{exch findfont dup length 1 add dict begin
5151	{1 index/FID ne 2 index /UniqueID ne and{def}{pop pop}ifelse}forall
5152	/PaintType 2 def
5153	/StrokeWidth .24 1000 mul ftSize div dup 12 lt{pop 12}if def
5154	dup currentdict end definefont pop}ifelse}bdf
5155	/fts{dup/ftSize edf}def
5156	/mkFT{/tempFT 11 dict def tempFT begin
5157	/FontMatrix [1 0 0 1 0 0] def/FontType 3 def
5158	FontDirectory 3 index get /Encoding get/Encoding exch def
5159	/proc2 edf/ft2 exch findfont def/ft1 exch findfont def/FontBBox [0 0 1 1] def
5160	/BuildChar{wdict begin/chr edf/ftdt edf/chrst wrk1 dup 0 chr put def ftdt/proc2 get exec end}def
5161	end tempFT definefont pop}bdf
5162	/OLFt{dup dhOdh FontDirectory 1 index known{exch pop}
5163	{dup 3 -1 roll dup MakOF {outproc} mkFT}ifelse}bdf
5164	/mshw{moveto show}bdf
5165	/outproc{ftdt/ft1 get setfont gsave chrst sfWidth grestore setcharwidth dblsh}bdf
5166	/dblsh{currentgray 1 setgray chrst 0 0 mshw setgray ftdt/ft2 get setfont chrst 0 0 mshw}bdf
5167	/ShadChar{ftdt/ft1 get setfont gsave chrst sfWidth 1 index 0 ne{exch .05 add exch}if grestore setcharwidth
5168	chrst .06 0 mshw 0 .05 translate dblsh}bdf
5169	/ShFt{dup dhSdh FontDirectory 1 index known{exch pop}
5170	{dup 3 -1 roll dup MakOF {ShadChar} mkFT}ifelse}bdf
5171	/LswUnits{72 75 div dup scale}bdf
5172	/erasefill{_bp}def
5173	/CVvec 256 array def
5174	/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US
5175	CVvec 0 32 getinterval astore pop
5176	CVvec 32/Times-Roman findfont/Encoding get
5177	32 96 getinterval putinterval CVvec dup 39/quotesingle put 96/grave put
5178	/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute
5179	/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave
5180	/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute
5181	/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis
5182	/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls
5183	/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash
5184	/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation
5185	/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash
5186	/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft
5187	/guillemotright/ellipsis/blank/Agrave/Atilde/Otilde/OE/oe
5188	/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge
5189	/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl
5190	/daggerdbl/periodcentered/quotesinglbase/quotedblbase/perthousand/Acircumflex/Ecircumflex/Aacute
5191	/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex
5192	/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde
5193	/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron
5194	CVvec 128 128 getinterval astore pop
5195	end
5196	%%EndProcSet
5197	%%BeginSetup
5198	CanvasDict begin
5199	0 setlinecap
5200	0 setlinejoin
5201	4 setmiterlimit
5202	/currot 0 def
5203	origmtx currentmatrix pop
5204	[] 0 setdash
5205	1 1 setpen
5206	1 fg
5207	0 pg
5208	0 frg
5209	1 bkg
5210	newpath
5211	/dbg F def
5212	287 175.5 translate
5213	1 -1 scale
5214	-287 -175.5 translate
5215	%%EndSetup
5216	% ---- Object #1:1 Obj Type: 99
5217	% ---- Object #2:4 Obj Type: 99
5218	% ---- Object #3:5 Obj Type: 6
5219	0 setlinecap
5220	0 setlinejoin
5221	233.5 175.5 moveto
5222	233.5 161.7865 222.2135 150.5 208.5 150.5 curveto
5223	194.7865 150.5 183.5 161.7865 183.5 175.5 curveto
5224	183.5 189.2135 194.7865 200.5 208.5 200.5 curveto
5225	222.2135 200.5 233.5 189.2135 233.5 175.5 curveto
5226	closepath
5227	F dofillsave
5228	F dostroke
5229	% ---- Object #4:7 Obj Type: 2
5230	0 0 setpen
5231	save
5232	0 setgray
5233	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
5234	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
5235	0 setgray
5236	203.375 170.5 moveto
5237	(A)
5238	show
5239	restore
5240	% ---- Object #5:27 Obj Type: 10
5241	1 1 setpen
5242	0 setlinecap
5243	0 setlinejoin
5244	226.8333 193.6667 moveto
5245	256.8333 214.1667 314.5 216 346.5 193.5 curveto
5246	F dofillsave
5247	F dostroke
5248	gsave
5249	newpath
5250	334.6478 195.3773 moveto
5251	335.1054 198.2668 336.4195 200.6374 338.6274 202.5566 curveto
5252	342.5637 198.0283 342.5637 198.0283 346.5 193.5 curveto
5253	346.5 193.5 334.6478 195.3773 334.6478 195.3773 curveto
5254	closepath
5255	F doline
5256	grestore
5257	% ---- Object #6:29 Obj Type: 10
5258	0 setlinecap
5259	0 setlinejoin
5260	346 158 moveto
5261	316 137.5 258.3333 135.6667 226.3333 158.1667 curveto
5262	F dofillsave
5263	F dostroke
5264	gsave
5265	newpath
5266	238.151 156.0829 moveto
5267	237.643 153.2019 236.2878 150.8546 234.0468 148.9741 curveto
5268	230.19 153.5704 230.19 153.5704 226.3333 158.1667 curveto
5269	226.3333 158.1667 238.151 156.0829 238.151 156.0829 curveto
5270	closepath
5271	F doline
5272	grestore
5273	% ---- Object #7:30 Obj Type: 2
5274	0 0 setpen
5275	save
5276	0 setgray
5277	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
5278	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
5279	0 setgray
5280	241.125 188.75 moveto
5281	(\312)
5282	show
5283	restore
5284	% ---- Object #8:28 Obj Type: 2
5285	save
5286	0 setgray
5287	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
5288	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
5289	0 setgray
5290	326.125 155 moveto
5291	(\313)
5292	show
5293	restore
5294	% ---- Object #9:26 Obj Type: 99
5295	% ---- Object #10:6 Obj Type: 6
5296	1 1 setpen
5297	0 setlinecap
5298	0 setlinejoin
5299	390 175.75 moveto
5300	390 162.0365 378.7135 150.75 365 150.75 curveto
5301	351.2865 150.75 340 162.0365 340 175.75 curveto
5302	340 189.4635 351.2865 200.75 365 200.75 curveto
5303	378.7135 200.75 390 189.4635 390 175.75 curveto
5304	closepath
5305	F dofillsave
5306	F dostroke
5307	% ---- Object #11:25 Obj Type: 2
5308	0 0 setpen
5309	save
5310	0 setgray
5311	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
5312	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
5313	0 setgray
5314	360.375 170.75 moveto
5315	(B)
5316	show
5317	restore
5318	origmtx setmatrix
5319	systemdict /setpacking known {origpack setpacking} if end
5320	%%EndDocument:
5321	pse
5322	gR
5323	:e
5324	gS 13 12 568 818 rC
5325	190 224 :M
5326	0 G
5327	f3_9 sf
5328	-.012(Figure 3 \321 The Protected Simple Authentication Procedure)A
5329	72 248 :M
5330	f6_10 sf
5331	-.01(The following steps are involved \(initially using )A
5332	f4_10 sf
5333	(\246)S
5334	f6_10 sf
5335	-.012(1 only\):)A
5336	90 265 :M
5337	-.328(1\))A
5338	108 265 :M
5339	1.724 .172(an originating user, user A, sends its protected identifying information $Authenticator1$ to user B.)J
5340	108 276 :M
5341	.945 .094(Protection is achieved by applying the one-way function \()J
5342	f4_10 sf
5343	.279(\246)A
5344	f6_10 sf
5345	.864 .086(1\) of Figure 2, where the timestamp and/or)J
5346	108 287 :M
5347	-.012(random number $when used$ is used to minimize replay and to conceal the password.)A
5348	108 304 :M
5349	(The protection of A\325s password is of the form:)S
5350	144 321 :M
5351	-.054(Protected1 = )A
5352	f4_10 sf
5353	-.065(\246)A
5354	f6_10 sf
5355	-.061(1 \(t1)A
5356	221 318 :M
5357	f6_9 sf
5358	-.133(A)A
5359	f6_10 sf
5360	0 3 rm
5361	-.077(, q1)A
5362	0 -3 rm
5363	f6_9 sf
5364	-.133(A)A
5365	f6_10 sf
5366	0 3 rm
5367	-.094( , A, passwA\))A
5368	0 -3 rm
5369	108 339 :M
5370	-.021(The information conveyed to B is of the form:)A
5371	144 356 :M
5372	-.046(Authenticator1 = t1)A
5373	f6_9 sf
5374	0 -3 rm
5375	-.072(A)A
5376	0 3 rm
5377	f6_10 sf
5378	-.041(, q1)A
5379	f6_9 sf
5380	0 -3 rm
5381	-.072(A)A
5382	0 3 rm
5383	f6_10 sf
5384	-.046( , A, Protected1)A
5385	108 374 :M
5386	.23 .023(B verifies the protected identifying information offered by A by generating \(using the distinguished name)J
5387	108 385 :M
5388	.097 .01(and optional timestamp and/or random number provided by A, together with a local copy of A\325s password\))J
5389	108 396 :M
5390	.695 .069(a local protected copy of A\325s password $of the form Protected1$. B compares for equality the purported)J
5391	108 407 :M
5392	-.003(identifying information $Protected1$ with the locally generated value.)A
5393	90 424 :M
5394	-.328(2\))A
5395	108 424 :M
5396	-.009(B confirms or denies to A the verification of the protected identifying information.)A
5397	72 447 :M
5398	-.009(The procedure can be modified to afford greater protection using )A
5399	337 447 :M
5400	f4_10 sf
5401	(\246)S
5402	f6_10 sf
5403	-.025(1 and )A
5404	f4_10 sf
5405	(\246)S
5406	f6_10 sf
5407	-.026(2. The main differences are as follows:)A
5408	90 464 :M
5409	-.328(1\))A
5410	108 464 :M
5411	.424 .042( A sends its additionally protected identifying information $Authenticator2$ to B. Additional protection is)J
5412	108 475 :M
5413	.222 .022(achieved by applying a further one-way function, )J
5414	f4_10 sf
5415	.066(\246)A
5416	f6_10 sf
5417	.184 .018(2, as illustrated in Figure 2. The further protection is of)J
5418	108 486 :M
5419	-.116(the form:)A
5420	144 503 :M
5421	-.054(Protected2 = )A
5422	f4_10 sf
5423	-.065(\246)A
5424	f6_10 sf
5425	-.061(2 \(t2)A
5426	221 500 :M
5427	f6_9 sf
5428	-.089(A)A
5429	f6_10 sf
5430	0 3 rm
5431	-.051(, q2)A
5432	0 -3 rm
5433	f6_9 sf
5434	-.089(A)A
5435	f6_10 sf
5436	0 3 rm
5437	-.058(, Protected1\))A
5438	0 -3 rm
5439	108 521 :M
5440	-.021(The information conveyed to B is of the form:)A
5441	144 538 :M
5442	-.07(Authenticator2 = t1)A
5443	f6_9 sf
5444	0 -3 rm
5445	-.111(A)A
5446	0 3 rm
5447	f6_10 sf
5448	-.073(, t2)A
5449	241 535 :M
5450	f6_9 sf
5451	-.147(A)A
5452	f6_10 sf
5453	0 3 rm
5454	-.085(, q1)A
5455	0 -3 rm
5456	f6_9 sf
5457	-.147(A)A
5458	f6_10 sf
5459	0 3 rm
5460	-.085(, q2)A
5461	0 -3 rm
5462	f6_9 sf
5463	-.147(A)A
5464	f6_10 sf
5465	0 3 rm
5466	-.097(, A, Protected2)A
5467	0 -3 rm
5468	108 556 :M
5469	1.006 .101(For comparison, B generates a local value of A\325s additionally protected password and compares it for)J
5470	108 567 :M
5471	-.001(equality with that of Protected2 $this is similar in principle to step 1 of clause 6.4.1$.)A
5472	90 584 :M
5473	-.328(2\))A
5474	108 584 :M
5475	-.009(B confirms or denies to A the verification of the protected identifying information.)A
5476	90 599 :M
5477	f3_9 sf
5478	-.329(Note)A
5479	108 599 :M
5480	f6_9 sf
5481	.072 .007( \321 The procedures defined in these clauses are specified in terms of A and B. As applied to the Directory \(specified in)J
5482	90 609 :M
5483	.452 .045(ITU-T Rec. X.511 \| ISO/IEC\3129594-3 and ITU-T Rec. X.518 \| ISO/IEC\3129594-4\), A could be a DUA binding to a DSA, B;)J
5484	90 619 :M
5485	-.012(alternatively, A could be a DSA binding to another DSA, B.)A
5486	72 644 :M
5487	f3_12 sf
5488	(6.3)S
5489	99 644 :M
5490	-.022(User Password attribute type)A
5491	72 662 :M
5492	f6_10 sf
5493	.663 .066(A User Password attribute type contains the password of an object. An attribute value for the user password is a)J
5494	72 673 :M
5495	(string specified by the object.)S
5496	103 696 :M
5497	f0_9 sf
5498	-.047(userPassword)A
5499	219 696 :M
5500	-.123(ATTRIBUTE)A
5501	281 696 :M
5502	-.123(::=)A
5503	312 696 :M
5504	({)S
5505	130 707 :M
5506	-.045(WITH SYNTAX )A
5507	281 707 :M
5508	-.024(OCTET STRING $SIZE \(0..ub-user-password$\))A
5509	130 718 :M
5510	-.023(EQUALITY MATCHING RULE)A
5511	281 718 :M
5512	-.032(octetStringMatch)A
5513	130 729 :M
5514	-.998(ID)A
5515	281 729 :M
5516	-.026(id-at-userPassword })A
5517	endp
5518	%%Page: 14 14
5519	%%BeginPageSetup
5520	initializepage
5521	(hoyt; page: 14 of 40)setjob
5522	%%EndPageSetup
5523	-13 -12 :T
5524	gS 13 12 568 818 rC
5525	54 45 :M
5526	f3_10 sf
5527	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
5528	54 803 :M
5529	(8)S
5530	90 803 :M
5531	-.017(ITU-T Rec. X.509 $1993 E$)A
5532	152 86 :M
5533	f6_18 sf
5534	-.127(S)A
5535	f6_14 sf
5536	-.116(ECTION )A
5537	217 86 :M
5538	f6_18 sf
5539	-.108(3: S)A
5540	f6_14 sf
5541	-.157(TRONG )A
5542	297 86 :M
5543	f6_18 sf
5544	(A)S
5545	310 86 :M
5546	f6_14 sf
5547	-.042(UTHENTICATION)A
5548	54 132 :M
5549	f3_14 sf
5550	(7)S
5551	76 132 :M
5552	-.024(Basis of strong authentication)A
5553	54 151 :M
5554	f6_10 sf
5555	-.01(The approach to strong authentication taken in this Directory Specification makes use of the properties of a family of)A
5556	54 162 :M
5557	1.594 .159(cryptographic systems, known as public-key cryptosystems $PKCS$. These cryptosystems, also described as)J
5558	54 173 :M
5559	1.704 .17(asymmetric, involve a pair of keys, one secret and one public, rather than a single key as in conventional)J
5560	54 184 :M
5561	.576 .058(cryptographic systems. Annex C gives a brief introduction to these cryptosystems and the properties which make)J
5562	54 195 :M
5563	.133 .013(them useful in authentication. For a PKCS to be usable in this authentication framework at this present time, it shall)J
5564	54 206 :M
5565	.551 .055(have the property that both keys in the key pair can be used for encipherment, with the private key being used to)J
5566	54 217 :M
5567	.264 .026(decipher if the public key was used, and the public key being used to decipher if the private key was used. In other)J
5568	54 228 :M
5569	.222 .022(words, X)J
5570	0 2 rm
5571	.055(p)A
5572	0 -2 rm
5573	.075 .007( \245 X)J
5574	113 230 :M
5575	(s)S
5576	117 228 :M
5577	.061 .006( = X)J
5578	136 230 :M
5579	(s)S
5580	140 228 :M
5581	.123 .012( \245 X)J
5582	157 230 :M
5583	(p, )S
5584	168 228 :M
5585	-.024(where X)A
5586	203 230 :M
5587	-.778(p/)A
5588	211 228 :M
5589	-.72(X)A
5590	0 2 rm
5591	(s)S
5592	0 -2 rm
5593	222 228 :M
5594	.256 .026( are encipherment/decipherment functions using the public/private keys of)J
5595	54 240 :M
5596	-.146(user X.)A
5597	72 261 :M
5598	f3_9 sf
5599	-.059(Note )A
5600	93 261 :M
5601	f6_9 sf
5602	.242 .024(\321 Alternative types of PKCS, i.e., ones which do not require the property of permutability and that can be supported)J
5603	72 271 :M
5604	-.001(without great modification to this Directory Specification, are a possible future extension.)A
5605	54 295 :M
5606	f6_10 sf
5607	.07 .007(This authentication framework does not mandate a particular cryptosystem for use. It is intended that the framework)J
5608	54 306 :M
5609	.143 .014(shall be applicable to any suitable public key cryptosystem, and shall thus support changes to the methods used as a)J
5610	54 317 :M
5611	.787 .079(result of future advances in cryptography, mathematical techniques or computational capabilities. However, two)J
5612	54 328 :M
5613	.82 .082(users wishing to authenticate shall support the same cryptographic algorithm for authentication to be performed)J
5614	54 339 :M
5615	.652 .065(correctly. Thus, within the context of a set of related applications, the choice of a single algorithm shall serve to)J
5616	54 350 :M
5617	.3 .03(maximize the community of users able to authenticate and communicate securely. One example of a cryptographic)J
5618	54 361 :M
5619	-.021(algorithm can be found in Annex D.)A
5620	54 384 :M
5621	.102 .01(Authentication relies on each user possessing a unique distinguished name. The allocation of distinguished names is)J
5622	54 395 :M
5623	.763 .076(the responsibility of the Naming Authorities. Each user shall therefore trust the Naming Authorities not to issue)J
5624	54 406 :M
5625	(duplicate distinguished names.)S
5626	54 429 :M
5627	.503 .05(Each user is identi\336ed by its possession of its private key. A second user is able to determine if a communication)J
5628	54 440 :M
5629	.288 .029(partner is in possession of the private key, and can use this to corroborate that the communication partner is in fact)J
5630	54 451 :M
5631	-.007(the user. The validity of this corroboration depends on the private key remaining con\336dential to the user.)A
5632	54 474 :M
5633	.199 .02(For a user to determine that a communication partner is in possession of another user\325s private key, it shall itself be)J
5634	54 485 :M
5635	.66 .066(in possession of that user\325s public key. Whilst obtaining the value of this public key from the user\325s entry in the)J
5636	54 496 :M
5637	.241 .024(Directory is straightforward, verifying its correctness is more problematic. There are many possible ways for doing)J
5638	54 507 :M
5639	.552 .055(this: clause 8 describes a process whereby a user\325s public key can be checked by reference to the Directory. This)J
5640	54 518 :M
5641	.19 .019(process can only operate if there is an unbroken chain of trusted points in the Directory between the users requiring)J
5642	54 529 :M
5643	.116 .012(to authenticate. Such a chain can be constructed by identifying a common point of trust. This common point of trust)J
5644	54 540 :M
5645	-.006(shall be linked to each user by an unbroken chain of trusted points.)A
5646	54 577 :M
5647	f3_14 sf
5648	(8)S
5649	76 577 :M
5650	-.028(Obtaining a user\325s public key)A
5651	54 596 :M
5652	f6_10 sf
5653	.151 .015(In order for a user to trust the authentication procedure, it shall obtain the other user\325s public key from a source that)J
5654	54 607 :M
5655	.187 .019(it trusts. Such a source, called a certi\336cation authority $CA$, uses the public key algorithm to certify the public key,)J
5656	54 618 :M
5657	1.296 .13(producing a )J
5658	109 618 :M
5659	f7_10 sf
5660	-.109(certi\336cate)A
5661	149 618 :M
5662	f6_10 sf
5663	1.526 .153(. The certi\336cate, the form of which is speci\336ed later in this clause, has the following)J
5664	54 629 :M
5665	-.076(properties:)A
5666	72 646 :M
5667	(\321)S
5668	90 646 :M
5669	.433 .043(any user with access to the public key of the certi\336cation authority can recover the public key which was)J
5670	90 657 :M
5671	-.067(certi\336ed;)A
5672	72 674 :M
5673	(\321)S
5674	90 674 :M
5675	1.535 .154(no party other than the certi\336cation authority can modify the certi\336cate without this being detected)J
5676	90 685 :M
5677	-.014($certi\336cates are unforgeable$.)A
5678	54 708 :M
5679	.097 .01(Because certi\336cates are unforgeable, they can be published by being placed in the Directory, without the need for the)J
5680	54 719 :M
5681	-.008(latter to make special efforts to protect them.)A
5682	72 740 :M
5683	f3_9 sf
5684	-.329(Note)A
5685	90 740 :M
5686	f6_9 sf
5687	.342 .034( - Although the CAs are unambiguously defined by a distinguished name in the DIT, this does not imply that there is)J
5688	72 750 :M
5689	-.01(any relationship between the organization of the CAs and the DIT.)A
5690	54 774 :M
5691	f6_10 sf
5692	.782 .078(A certification authority produces the certificate of a user by signing $see Clause 9$ a collection of information,)J
5693	54 785 :M
5694	-.01(including the user\325s distinguished name and public key, as well as an optional )A
5695	368 785 :M
5696	f7_10 sf
5697	-.051(unique identifier )A
5698	437 785 :M
5699	f6_10 sf
5700	-.035(containing additional)A
5701	endp
5702	%%Page: 15 15
5703	%%BeginPageSetup
5704	initializepage
5705	(hoyt; page: 15 of 40)setjob
5706	%%EndPageSetup
5707	-13 -12 :T
5708	gS 13 12 568 818 rC
5709	427 45 :M
5710	f3_10 sf
5711	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
5712	390 803 :M
5713	-.017(ITU-T Rec. X.509 $1993 E$)A
5714	536 803 :M
5715	(9)S
5716	72 81 :M
5717	f6_10 sf
5718	1.02 .102(information about the user. The exact form of the unique identifier contents is unspecified here and left to the)J
5719	72 92 :M
5720	.629 .063(certification authority and might be, for example, an object identifier, a certificate, a date, or some other form of)J
5721	72 103 :M
5722	.118 .012(certification on the validity of the distinguished name. Specifically, the certificate of a user with distinguished name)J
5723	72 114 :M
5724	.246 .025(A and unique identifier UA, produced by the certification authority with name CA and unique identifier UCA, has)J
5725	72 125 :M
5726	-.017(the following form:)A
5727	108 150 :M
5728	-.015(CA<<A>> = CA{V,SN,AI,CA,UCA,A,UA,Ap,T)A
5729	307 147 :M
5730	-.612(A)A
5731	0 3 rm
5732	(})S
5733	0 -3 rm
5734	72 173 :M
5735	.019 .002(where V is the version of the certificate, SN is the serial number of the certificate, AI is the identifier of the algorithm)J
5736	72 184 :M
5737	.198 .02(used to sign the certificate, UCA is the optional unique identifier of the CA , UA is the optional unique identifier of)J
5738	72 197 :M
5739	-.017(the user A, T)A
5740	125 194 :M
5741	.079(A)A
5742	0 3 rm
5743	.15 .015( indicates the period of validity of the certificate, and consists of two dates, the first and last on which)J
5744	0 -3 rm
5745	72 208 :M
5746	.834 .083(the certificate is valid. Since T)J
5747	202 205 :M
5748	f6_9 sf
5749	.474(A)A
5750	f6_10 sf
5751	0 3 rm
5752	.951 .095( is assumed to be changed in periods not less than 24 hours, it is expected that)J
5753	0 -3 rm
5754	72 220 :M
5755	.92 .092(systems would use Coordinated Universal Time as a reference time base. The signature in the certificate can be)J
5756	72 231 :M
5757	.475 .048(checked for validity by any user with knowledge of CAp. The following ASN.1 data type can be used to represent)J
5758	72 242 :M
5759	-.052(certificates:)A
5760	103 265 :M
5761	f0_9 sf
5762	-.1(Certificate)A
5763	219 265 :M
5764	-.123(::=)A
5765	250 265 :M
5766	-.028(SIGNED { SEQUENCE {)A
5767	130 276 :M
5768	(version)S
5769	250 276 :M
5770	-.164([0] )A
5771	281 276 :M
5772	-.028(Version DEFAULT v1,)A
5773	130 287 :M
5774	-.046(serialNumber)A
5775	281 287 :M
5776	(CertificateSerialNumber,)S
5777	130 298 :M
5778	-.062(signature)A
5779	281 298 :M
5780	-.052(AlgorithmIdentifier,)A
5781	130 309 :M
5782	-.102(issuer)A
5783	281 309 :M
5784	(Name,)S
5785	130 320 :M
5786	(validity)S
5787	281 320 :M
5788	-.063(Validity,)A
5789	130 331 :M
5790	-.083(subject)A
5791	281 331 :M
5792	(Name,)S
5793	130 342 :M
5794	-.026(subjectPublicKeyInfo)A
5795	281 342 :M
5796	-.05(SubjectPublicKeyInfo,)A
5797	130 353 :M
5798	-.047(issuerUniqueIdentifier)A
5799	250 353 :M
5800	-.496([1])A
5801	281 353 :M
5802	-.029(IMPLICIT UniqueIdentifier OPTIONAL,)A
5803	312 364 :M
5804	f2_9 sf
5805	(-- if present, version must be v2)S
5806	130 375 :M
5807	f0_9 sf
5808	-.045(subjectUniqueIdentifier)A
5809	250 375 :M
5810	-.496([2])A
5811	281 375 :M
5812	-.014(IMPLICIT UniqueIdentifier OPTIONAL)A
5813	312 386 :M
5814	f2_9 sf
5815	-.028(-- if present, version must be v2 -- )A
5816	449 386 :M
5817	f0_9 sf
5818	(}})S
5819	103 403 :M
5820	(Version)S
5821	219 403 :M
5822	-.123(::=)A
5823	250 403 :M
5824	-.022(INTEGER { v1$0$, v2$1$ })A
5825	103 420 :M
5826	-.023(CertificateSerialNumber)A
5827	219 420 :M
5828	-.123(::=)A
5829	250 420 :M
5830	-.167(INTEGER)A
5831	103 437 :M
5832	-.027(AlgorithmIdentifier)A
5833	219 437 :M
5834	-.123(::=)A
5835	250 437 :M
5836	-.056(SEQUENCE {)A
5837	130 448 :M
5838	-.124(algorithm)A
5839	219 448 :M
5840	-.026(ALGORITHM.&id ${SupportedAlgorithms}$,)A
5841	130 459 :M
5842	-.057(parameters)A
5843	219 459 :M
5844	-.012(ALGORITHM.&Type ${SupportedAlgorithms}{ @algorithm}$ OPTIONAL })A
5845	103 470 :M
5846	f2_9 sf
5847	-.99(--)A
5848	130 470 :M
5849	-.007(Definition of the following information object set is deferred, perhaps to standardized)A
5850	103 481 :M
5851	-.99(--)A
5852	130 481 :M
5853	(profiles or to protocol implementation conformance statements. The set is required to)S
5854	103 492 :M
5855	-.99(--)A
5856	130 492 :M
5857	-.012(specify a table constraint on the )A
5858	f0_9 sf
5859	-.017(parameters)A
5860	308 492 :M
5861	f2_9 sf
5862	-.031(component of )A
5863	f0_9 sf
5864	-.03(AlgorithmIdentifier)A
5865	f2_9 sf
5866	(.)S
5867	103 503 :M
5868	f0_9 sf
5869	-.99(--)A
5870	130 503 :M
5871	-.027(SupportedAlgorithms)A
5872	250 503 :M
5873	-.06(ALGORITHM)A
5874	312 503 :M
5875	-.123(::=)A
5876	343 503 :M
5877	-.044({ ... \| ... })A
5878	103 520 :M
5879	(Validity)S
5880	219 520 :M
5881	-.123(::=)A
5882	250 520 :M
5883	-.056(SEQUENCE {)A
5884	130 531 :M
5885	-.11(notBefore )A
5886	188 531 :M
5887	-.142(UTCTime,)A
5888	130 542 :M
5889	-.14(notAfter)A
5890	188 542 :M
5891	-.062(UTCTime })A
5892	103 559 :M
5893	-.026(SubjectPublicKeyInfo)A
5894	219 559 :M
5895	-.249(::= )A
5896	250 559 :M
5897	-.056(SEQUENCE {)A
5898	130 570 :M
5899	-.124(algorithm)A
5900	219 570 :M
5901	-.052(AlgorithmIdentifier,)A
5902	130 581 :M
5903	(subjectPublicKey)S
5904	219 581 :M
5905	-.09(BIT STRING })A
5906	90 596 :M
5907	f3_9 sf
5908	-.329(Note)A
5909	108 596 :M
5910	f6_9 sf
5911	.044 .004( \321 In situations where a distinguished name might be reassigned to a different user by the Naming Authority, CAs can)J
5912	90 606 :M
5913	.706 .071(use the unique identifier to distinguish between reused instances. However, if the same user is provided certificates by)J
5914	90 616 :M
5915	.817 .082(multiple CAs, it is recommended that the CAs coordinate on the assignment of unique identifiers as part of their user)J
5916	90 626 :M
5917	-.042(registration procedures.)A
5918	72 650 :M
5919	f6_10 sf
5920	.593 .059(The directory entry of each user, A, who is participating in strong authentication, contains the certi\336cate$s$ of A.)J
5921	72 661 :M
5922	.909 .091(Such a certificate is generated by a Certification Authority of A, which is an entity in the DIT. A Certification)J
5923	72 672 :M
5924	.182 .018(Authority of A, which may not be unique, is denoted CA$A$, or simply CA if A is understood. The public key of A)J
5925	72 683 :M
5926	-.004(can thus be discovered by any user knowing the public key of CA. Discovering public keys is thus recursive.)A
5927	72 706 :M
5928	-.012(If user A, trying to obtain the public key of user B, has already obtained the public key of CA$B$, then the process is)A
5929	72 717 :M
5930	(complete. In order to enable A to obtain the public key of CA$B$, the directory entry of each Certification Authority,)S
5931	72 728 :M
5932	.708 .071(X, contains a number of certificates. These certificates are of two types. First there are forward certificates of X)J
5933	72 739 :M
5934	.011 .001(generated by other Certification Authorities. Second there are reverse certificates generated by X itself which are the)J
5935	72 750 :M
5936	.437 .044(certi\336ed public keys of other certi\336cation authorities. The existence of these certificates enables users to construct)J
5937	72 761 :M
5938	-.002(certification paths from one point to another.)A
5939	endp
5940	%%Page: 16 16
5941	%%BeginPageSetup
5942	initializepage
5943	(hoyt; page: 16 of 40)setjob
5944	%%EndPageSetup
5945	-13 -12 :T
5946	gS 13 12 568 818 rC
5947	54 45 :M
5948	f3_10 sf
5949	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
5950	54 803 :M
5951	(10)S
5952	90 803 :M
5953	-.017(ITU-T Rec. X.509 $1993 E$)A
5954	54 81 :M
5955	f6_10 sf
5956	.156 .016(A list of certi\336cates needed to allow a particular user to obtain the public key of another, is known as a )J
5957	f7_10 sf
5958	.052(certi\336cation)A
5959	54 92 :M
5960	-.259(path)A
5961	72 92 :M
5962	f6_10 sf
5963	.123 .012(. Each item in the list is a certi\336cate of the certi\336cation authority of the next item in the list. A certi\336cation path)J
5964	54 104 :M
5965	-.038(from A to B \(denoted A)A
5966	150 104 :M
5967	f10_12 sf
5968	-.425(\336)A
5969	f6_10 sf
5970	-.244(B\):)A
5971	72 122 :M
5972	(\321)S
5973	90 122 :M
5974	-.011(starts with a certi\336cate produced by CA$A$, namely CA$A$\307X)A
5975	340 119 :M
5976	f6_9 sf
5977	(1)S
5978	345 122 :M
5979	f6_10 sf
5980	-.042(\310 for some entity X)A
5981	423 119 :M
5982	f6_9 sf
5983	(1)S
5984	428 122 :M
5985	f6_10 sf
5986	(;)S
5987	72 140 :M
5988	(\321)S
5989	90 140 :M
5990	-.023(continues with further certi\336cates X)A
5991	234 137 :M
5992	f6_9 sf
5993	(i)S
5994	237 140 :M
5995	f6_10 sf
5996	-.205(\307X)A
5997	f6_9 sf
5998	0 -3 rm
5999	-.135(i+1)A
6000	0 3 rm
6001	f6_10 sf
6002	-.26(\310;)A
6003	72 158 :M
6004	(\321)S
6005	90 158 :M
6006	-.025(ends with the certi\336cate of B.)A
6007	54 181 :M
6008	.513 .051(A certi\336cation path logically forms an unbroken chain of trusted points in the Directory Information Tree between)J
6009	54 193 :M
6010	.022 .002(two users wishing to authenticate. The precise method employed by users A and B to obtain certification paths A)J
6011	508 193 :M
6012	f10_12 sf
6013	-.504(\336)A
6014	f6_10 sf
6015	(B)S
6016	54 206 :M
6017	-.152(and B)A
6018	78 206 :M
6019	f10_12 sf
6020	(\336)S
6021	f6_10 sf
6022	.041 .004(A may vary. One way to facilitate this is to arrange a hierarchy of CAs, which may or may not coincide with)J
6023	54 218 :M
6024	.847 .085(all or part of the DIT hierarchy. The benefit of this is that users who have CAs in the hierarchy may establish a)J
6025	54 229 :M
6026	.106 .011(certification path between them using the Directory without any prior information. In order to allow for this each CA)J
6027	54 240 :M
6028	-.004(may store one certificate and one reverse certificate designated as corresponding to its superior CA.)A
6029	54 263 :M
6030	3.214 .321(Certi\336cates are held within directory entries as attributes of type )J
6031	368 263 :M
6032	f0_9 sf
6033	-.071(UserCertificate)A
6034	432 263 :M
6035	f6_10 sf
6036	.269 .027(, )J
6037	f0_9 sf
6038	.307(CACertificate)A
6039	499 263 :M
6040	f6_10 sf
6041	3.893 .389( and)J
6042	54 275 :M
6043	f0_9 sf
6044	-.027(CrossCertificatePair)A
6045	141 275 :M
6046	f6_10 sf
6047	.495 .05(. These attribute types are known to the Directory. These attributes can be operated on using)J
6048	54 287 :M
6049	.795 .08(the same protocol operations as other attributes. The definition of these types can be found in clause 3.3 of this)J
6050	54 298 :M
6051	-.008(Directory Specification; the speci\336cation of these attribute types is as follows:)A
6052	85 321 :M
6053	f0_9 sf
6054	(userCertificate)S
6055	201 321 :M
6056	-.123(ATTRIBUTE)A
6057	263 321 :M
6058	-.123(::=)A
6059	294 321 :M
6060	({)S
6061	112 332 :M
6062	-.045(WITH SYNTAX )A
6063	201 332 :M
6064	-.1(Certificate)A
6065	112 343 :M
6066	-.998(ID)A
6067	201 343 :M
6068	-.023(id-at-userCertificate})A
6069	85 360 :M
6070	-.041(cACertificate)A
6071	201 360 :M
6072	-.123(ATTRIBUTE)A
6073	263 360 :M
6074	-.123(::=)A
6075	294 360 :M
6076	({)S
6077	112 371 :M
6078	-.045(WITH SYNTAX )A
6079	201 371 :M
6080	-.1(Certificate)A
6081	112 382 :M
6082	-.998(ID)A
6083	201 382 :M
6084	-.049(id-at-cAcertificate })A
6085	85 399 :M
6086	(crossCertificatePair)S
6087	201 399 :M
6088	-.123(ATTRIBUTE)A
6089	263 399 :M
6090	-.123(::=)A
6091	294 399 :M
6092	({)S
6093	112 410 :M
6094	-.099(WITH SYNTAX)A
6095	201 410 :M
6096	(CertificatePair)S
6097	112 421 :M
6098	-.998(ID)A
6099	201 421 :M
6100	-.037(id-at-crossCertificatePair })A
6101	85 438 :M
6102	(CertificatePair)S
6103	201 438 :M
6104	-.123(::=)A
6105	232 438 :M
6106	-.056(SEQUENCE {)A
6107	112 449 :M
6108	-.166(forward)A
6109	170 449 :M
6110	-.496([0])A
6111	201 449 :M
6112	-.025(Certificate OPTIONAL,)A
6113	112 460 :M
6114	(reverse)S
6115	170 460 :M
6116	-.496([1])A
6117	201 460 :M
6118	-.052(Certificate OPTIONAL)A
6119	201 471 :M
6120	f2_9 sf
6121	-.011(-- at least one of the pair shall be present --)A
6122	f1_9 sf
6123	( )S
6124	376 471 :M
6125	f0_9 sf
6126	(})S
6127	54 488 :M
6128	f6_10 sf
6129	.611 .061(A user may obtain one or more certificates from one or more Certification Authorities. Each certificate bears the)J
6130	54 499 :M
6131	1.07 .107(name of the Certification Authority which issued it. The following ASN.1 data types can be used to represent)J
6132	54 510 :M
6133	(certificates and a certification path:)S
6134	85 533 :M
6135	f0_9 sf
6136	-.091(Certificates)A
6137	201 533 :M
6138	-.123(::=)A
6139	232 533 :M
6140	-.056(SEQUENCE {)A
6141	112 544 :M
6142	(userCertificate)S
6143	232 544 :M
6144	-.045(Certificate,)A
6145	112 555 :M
6146	-.031(certificationPath)A
6147	232 555 :M
6148	-.03(ForwardCertificationPath OPTIONAL})A
6149	85 572 :M
6150	-.062(CertificationPath)A
6151	201 572 :M
6152	-.123(::=)A
6153	232 572 :M
6154	-.056(SEQUENCE {)A
6155	112 583 :M
6156	(userCertificate)S
6157	232 583 :M
6158	-.045(Certificate,)A
6159	112 594 :M
6160	-.031(theCACertificates)A
6161	232 594 :M
6162	-.014(SEQUENCE OF CertificatePair OPTIONAL})A
6163	54 611 :M
6164	f6_10 sf
6165	.293 .029(In addition, the following ASN.1 data type can be used to represent the forward certification path. This component)J
6166	54 622 :M
6167	-.01(contains the certification path which can point back to the originator.)A
6168	85 645 :M
6169	f0_9 sf
6170	-.021(ForwardCertificationPath)A
6171	201 645 :M
6172	-.123(::=)A
6173	232 645 :M
6174	-.018(SEQUENCE OF CrossCertificates)A
6175	85 662 :M
6176	-.031(CrossCertificates)A
6177	201 662 :M
6178	-.123(::=)A
6179	232 662 :M
6180	-.059(SET OF Certificate)A
6181	54 697 :M
6182	f3_12 sf
6183	(8.1)S
6184	81 697 :M
6185	-.013(Optimization of the amount of information obtained from the Directory)A
6186	54 715 :M
6187	f6_10 sf
6188	.141 .014(In the general case, before users can mutually authenticate, the Directory shall supply the complete certi\336cation and)J
6189	54 726 :M
6190	1.43 .143(return certi\336cation paths. However, in practice, the amount of information which shall be obtained from the)J
6191	54 737 :M
6192	-.002(Directory can be reduced for a particular instance of authentication by:)A
6193	72 754 :M
6194	-.766(a\))A
6195	90 754 :M
6196	-.004(if the two users that want to authenticate are served by the same certi\336cation authority, then the certi\336cation)A
6197	90 765 :M
6198	-.006(path becomes trivial, and the users unwrap each other\325s certi\336cates directly;)A
6199	endp
6200	%%Page: 17 17
6201	%%BeginPageSetup
6202	initializepage
6203	(hoyt; page: 17 of 40)setjob
6204	%%EndPageSetup
6205	-13 -12 :T
6206	gS 13 12 568 818 rC
6207	427 45 :M
6208	f3_10 sf
6209	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
6210	390 803 :M
6211	-.017(ITU-T Rec. X.509 $1993 E$)A
6212	531 803 :M
6213	(11)S
6214	90 81 :M
6215	f6_10 sf
6216	-.328(b\))A
6217	108 81 :M
6218	.96 .096(if the CAs of the users are arranged in a hierarchy, a user could store the public keys, certi\336cates and)J
6219	108 92 :M
6220	.375 .038(reverse certificates of all certi\336cation authorities between the user and the root of the DIT. Typically, this)J
6221	108 103 :M
6222	1.245 .125(would involve the user in knowing the public keys and certi\336cates of only three or four certi\336cation)J
6223	108 114 :M
6224	.626 .063(authorities. The user would then only require to obtain the certi\336cation paths from the common point of)J
6225	108 125 :M
6226	-.009(trust ;)A
6227	90 142 :M
6228	-.766(c\))A
6229	108 142 :M
6230	.57 .057(if a user frequently communicates with users certi\336ed by a particular other CA, that user could learn the)J
6231	108 153 :M
6232	.757 .076(certi\336cation path to that CA and the return certi\336cation path from that CA, making it necessary only to)J
6233	108 164 :M
6234	-.001(obtain the certi\336cate of the other user itself from the Directory;)A
6235	90 181 :M
6236	-.328(d\))A
6237	108 181 :M
6238	.692 .069(certi\336cation authorities can cross-certify one another by bilateral agreement. The result is to shorten the)J
6239	108 192 :M
6240	-.044(certification path;)A
6241	90 209 :M
6242	-.766(e\))A
6243	108 209 :M
6244	1.398 .14(if two users have communicated before and have learned one another\325s certi\336cates, they are able to)J
6245	108 220 :M
6246	-.019(authenticate without any recourse to the Directory.)A
6247	72 243 :M
6248	.293 .029(In any case, having learned each other's certificates from the certification path, the users shall check the validity of)J
6249	72 254 :M
6250	-.017(the received certificates.)A
6251	72 278 :M
6252	f3_12 sf
6253	(8.2)S
6254	99 278 :M
6255	-.055(Example)A
6256	197 287 214 209 rC
6257	187 277 :M
6258	f1_12 sf
6259	-.334( )A
6260	f0_12 sf
6261	-.334(\312)A
6262	f1_12 sf
6263	(\312)S
6264	199 277 :M
6265	psb
6266	pse
6267	psb
6268	userdict /md known {/CricketAdjust true def} {/CricketAdjust false def} ifelse /mypsb /psb load def /mypse /pse load def /psb {} store /pse {} store /XDEF {exch def} def pse
6269	197 287 :M
6270	psb
6271	currentpoint /POY XDEF /POX XDEF pse
6272	411 496 :M
6273	psb
6274	currentpoint POY sub 209 div /YSCL XDEF POX sub 214 div /XSCL XDEF pse
6275	psb
6276	%!PS-Adobe-2.0
6277	%%Title:8-4
6278	%%Creator:Cricket Draw 1.1
6279	%%CreationDate:10/7/90 9:43 PM
6280	%%DocumentFonts: Helvetica
6281	%%+ Helvetica-Bold
6282	%%BoundingBox:0 0 214 209
6283	%%Pages:(atend)
6284	%%EndComments
6285	/vmstate save def
6286	/$cricket 210 dict def
6287	$cricket begin CricketAdjust {POX POY translate XSCL YSCL scale} if
6288	2 setlinecap
6289	/d /def load def
6290	/b {bind d}bind d
6291	/l {load d}b
6292	/e /exch l
6293	/x {e d}b
6294	/C /closepath l
6295	/CP /currentpoint l
6296	/SH /show l
6297	/g /gsave l
6298	/G /grestore l
6299	/i /if l
6300	/I /ifelse l
6301	/v /getinterval l
6302	/V /putinterval l
6303	/W /stringwidth l
6304	/SG /setgray l
6305	/N /newpath l
6306	/M /moveto l
6307	/L /lineto l
6308	/R /rlineto l
6309	/T /translate l
6310	/D /dup l
6311	/* /mul l
6312	/+ /add l
6313	/- /sub l
6314	/? /div l
6315	/ma {* +}b
6316	/h {D * e D ma sqrt}d
6317	/np {} d
6318	systemdict D /setpacking known D {/packstate currentpacking d D setpacking}i /pack? x
6319	begin /settransfer load /setscreen load end
6320	/setscreen x /settransfer x
6321	systemdict /setcmykcolor known not { /setcmykcolor {pop pop pop pop 0 SG} d} if
6322	/dt [ currenttransfer ] cvx d
6323	/ds [ currentscreen D [ e ] cvx /devSpot x ] cvx d
6324	/jp {e [ 3 1 roll aload pop counttomark -1 roll aload pop ] cvx}b
6325	/settransfer {dt jp settransfer}b
6326	/macvec dup where not { 256 array d
6327	macvec 0 StandardEncoding
6328	0 128 getinterval putinterval
6329	macvec 16#27 /quotesingle put
6330	macvec 16#60 /grave put
6331	/Adieresis /Aring /Ccedilla /Eacute /Ntilde /Odieresis /Udieresis /aacute
6332	/agrave /acircumflex /adieresis /atilde /aring /ccedilla /eacute /egrave
6333	/ecircumflex /edieresis /iacute /igrave /icircumflex /idieresis /ntilde /oacute
6334	/ograve /ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex /udieresis
6335	/dagger /degree /cent /sterling /section /bullet /paragraph /germandbls
6336	/registersans /copyrightsans /trademarksans /acute /dieresis /notequal /AE /Oslash
6337	/infinity /plusminus /lessequal /greaterequal /yen /mu /partialdiff /summation
6338	/product /pi /integral /ordfeminine /ordmasculine /Omega /ae /oslash
6339	/questiondown /exclamdown /logicalnot /radical /florin /approxequal /Delta /guillemotleft
6340	/guillemotright /ellipsis /space /Aacute /Atilde /Otilde /OE /oe
6341	/endash /emdash /quotedblleft /quotedblright /quoteleft /quoteright /divide /lozenge
6342	/ydieresis /Ydieresis /fraction /currency /guilsinglleft /guilsinglright /fi /fl
6343	/daggerdbl /periodcentered /quotesinglbase /quotedblbase /perthousand
6344	/Acircumflex /Ecircumflex /Agrave
6345	/Edieresis /Egrave /Iacute /Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex
6346	/apple /Ograve /Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde
6347	/macron /breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
6348	macvec 128 128 v astore pop}{pop pop}I
6349	/ad {+ d}b
6350	/sd {- d}b
6351	/td {* d}b
6352	/dd {? d}b
6353	/c {2 ? e 2 ? e}b
6354	/n0 {D 0 eq {pop}}b
6355	/m1 matrix d /m2 matrix d /m3 matrix d
6356	/ct 0 d
6357	/s+ 0 d
6358	/po 0 d
6359	/ts 40 string d
6360	/s1 (\|______) d
6361	ts 0 s1 V
6362	/sp ( ) d
6363	/SM {/m3 m3 currentmatrix d}b
6364	/RM {m3 setmatrix}b
6365	/dpi 72 0 matrix defaultmatrix dtransform h d
6366	/inch {72 *}b
6367	/cm {28.3465 *}b
6368	/pi 3.1415923 d
6369	/fs 256 string d
6370	/sh {m1 m2 copy 2 3 -1 roll sin put m2 concat}b
6371	/fc {T n0 {rotate}I scale n0 {sh}I}b
6372	/a {/ea x /sa x SM -1 * scale 0 0 1 sa ea 2 copy gt {arcn}{arc}I RM}b
6373	/cn {SM T x1 y1 scale 0 0 1 ct 90 * D 90 + arc /ct ct 1 ad RM}b
6374	/rr {/y1 x /x1 x /ct 0 d c y1 - /yr x x1 - /xr x N xr yr cn xr neg yr cn xr neg yr neg cn xr yr neg cn C}b
6375	/dg
6376	{/lc x clip rotate T /dy x /dx x
6377	0 eq {N
6378	1 eq {1 10 lc ? 10{log dy * 0 e neg M dx 0 R}for lc 10 gt{dy 0 e neg M dx 0 R}i}
6379	{lc 1 eq {0 0 e neg M dx 0 R}{/st dy lc 1 - dd 0 1 lc 1 - {st * 0 e neg M dx 0 R}for}I}I
6380	stroke}
6381	{1 eq {/st 0 d /inc 10 lc 1 + dd dx dy lt {/rd dx d}{/rd dy d}I
6382	1 1 lc {/di st 1 + log 10 log ? rd td N dx di - dy di - 0 360 a C stroke /st st inc ad}for}
6383	{dx dy lt {/st dx lc dd}{/st dy lc dd}I lc {N dx dy 0 360 a C stroke /dx dx st sd /dy dy st sd}repeat} I
6384	}I}b
6385	/sb {/ea x /ia x /sa x /yr x /xr x ea sa lt{/ia ia neg d}i N sa ia ea{D /x1 e cos xr td /y1 e sin yr * neg d x1 y1 M 0 0 L}for}b
6386	/bm {/y1 x /x1 x bitgray SG x1 y1 /md where {pop md /invertflag 2 copy known {get not}{pop pop true}I }{true}I
6387	[x1 0 0 y1 0 0] {currentfile picstring readhexstring pop}imagemask}b
6388	/c1 .166667 d /c2 .833333 d /c3 .5 d
6389	/p3 {+ c3 *}b
6390	/dc{/y2 x /x2 x x0 c1 * x1 c2 ma y0 c1 * y1 c2 ma x1 c2 * x2 c1 ma y1 c2 * y2 c1 ma x1 x2 p3 y1 y2 p3 curveto}b
6391	/mp {/x0 x1 d /y0 y1 d /x1 x2 d /y1 y2 d}b
6392	/SPOLY_INIT
6393	{/SPOLY_SAVE save d /cls x
6394	/M {2 copy /y0 x /x0 x moveto /M /moveto load d}d
6395	/L {/y1 x /x1 x x0 x1 p3 y0 y1 p3
6396	cls {/yy y1 d /xx x1 d /C {mp xx yy dc systemdict /closepath get exec}d M}
6397	{lineto}I /L {{dc mp}stopped {/L {pop pop}d /noerr false d}i}d}d}d
6398	/SPOLY_END {SPOLY_SAVE restore}b
6399	/ah {g 2 copy T 3 -1 roll - 3 1 roll e - atan rotate os 0 M hl hw R 0 hw 2 * neg R C fill G}b
6400	/da
6401	{/bp x /ep x g stroke G
6402	currentlinewidth dup .24 lt {pop .24}i
6403	D -10 * D /hl x -2 ? /os x 2 * /hw x
6404	flattenpath /out? false d
6405	bp{g {/by x /bx x}
6406	{2 copy by eq e bx eq and {pop pop}{/out? true d}I out? {exit}i}
6407	/np load dup pathforall N bx by ah G}i
6408	ep{/out? false d reversepath {/ey x /ex x}
6409	{2 copy ey eq e ex eq and {pop pop}{/out? true d}I out? {exit}i}
6410	/np load dup pathforall N ex ey ah}i}b
6411	/tp {sm0 transform}b
6412	/sfp {} d
6413	/op {{tp moveto}{tp lineto}{3{tp 6 2 roll}repeat curveto}{C} pathforall sfp stroke}b
6414	/sm0 matrix d /sm1 matrix d
6415	/so
6416	{SG /eg x /tg x /yt x /xt x
6417	xt 0 ne yt 0 ne or {
6418	xt abs yt abs gt {/tt xt abs d}{/tt yt abs d}I
6419	tt 144 gt {/ct dpi 2 dd /sfp{g eofill G}d}
6420	{tt 72 gt {/ct dpi 4 dd /sfp{g eofill G}d}
6421	{/ct dpi 4 dd}I}I
6422	/ig tg eg - ct ? neg d
6423	/x1 xt ct ? neg d /y1 yt ct dd
6424	1 0 0 1 xt yt sm0 astore pop
6425	1 0 0 1 x1 y1 neg sm1 astore pop
6426	g op G
6427	1 1 ct{g ig * tg + SG sm0 D sm1 e concatmatrix pop op G}for}i}b
6428	/css {T 0 0 M xsp 0 32 Txt widthshow}b
6429	/sc
6430	{g /xsp x /tg x /eg x /sg x /y1 x /x1 x /Txt x
6431	/sst dpi 4 dd /y2 y1 sst dd /x2 x1 neg sst dd
6432	eg sg eq {/sg sg .001 sd}i
6433	/ig eg sg - sst ? neg d
6434	g tg SG x1 y1 neg css
6435	eg ig + ig sg {SG x2 y2 css}for G
6436	x2 y2 css CP G T 0 0 M}b
6437	/gbb {pathbbox /y1 x /x1 x /y2 x /x2 x /x3 x1 x2 sd /y3 y1 y2 sd}b
6438	/radf
6439	{/dn dpi 300 ? 8 * 24 ad /ig rg 255 ? dn dd
6440	sg 255 ? SG eoclip gbb
6441	x2 x3 2 ? + y2 y3 2 ? + T N
6442	x3 y3 h 2 ? D dn ? neg 1
6443	{0 0 3 -1 roll 0 360 arc C fill currentgray ig + SG}for}b
6444	/dof
6445	{/ff x
6446	eoclip 180 - rotate gbb
6447	x1 y1 T 180 rotate x3 y3 scale
6448	0 1 255 {fs e D 255 ? ff rg * sg + round cvi put}for
6449	1 256 8 [1 0 0 256 0 0] fs image}b
6450	/gft {radf {{} dof}{{1 e - 9 * 1 + log 1 e -}dof}}b
6451	/df
6452	{g 2 copy eq {SG pop 0 ne {pop}i fill}{255 * e 255 * e 1 index - /rg x /sg x /gft load e get exec}I G}b
6453	/oc
6454	{/tl x /ju x /di 0 d
6455	g flattenpath
6456	{/y1 x /x1 x}{/y2 x /x2 x /dx x2 x1 sd /dy y2 y1 sd /di dx D * dy D ma sqrt di ad /x1 x2 d /y1 y2 d}
6457	{}{/y2 x /x2 x /dx x2 x1 sd /dy y2 y1 sd /di dx D * dy D ma sqrt d}pathforall
6458	ju 0 eq{/po 0 store}i
6459	ju 1 eq{/po di tl - 2 ? store}i
6460	ju 2 eq{/po di tl - store}i G}b
6461	/pt {/FM true d /os x /sr x /os os sr 0 1 v W pop 2 ? ad /pd 0 d /sl os d /ct 0 d g flattenpath {mtp}{ltp}{ctp}{cpp}pathforall G}b
6462	/mtp {/y1 x /x1 x /x2 x1 d /y2 y1 d /ovr FM {os /FM false d}{0}I d x1 y1 transform /cpy x /cpx x}b
6463	/ltp
6464	{/x3 x1 d /y3 y1 d /y1 x /x1 x /dx x1 x3 sd /dy y1 y3 sd /di dx D * dy D ma sqrt d
6465	/di 0 ne
6466	{/dsx dx di ? ovr td /dsy dy di ? ovr td x3 dsx + y3 dsy + transform
6467	/cpy x /cpx x /pd pd di ad {sl pd le {ct sr length lt{sch}{exit}I}{/ovr sl pd sd exit}I}loop}i}b
6468	/ctp {}b
6469	/cpp {x2 y2 ltp x2 y2 mtp}b
6470	/sch
6471	{/ch sr ct 1 v d /ct ct 1 ad
6472	/cw ch W pop 2 dd
6473	g cpx cpy itransform T dy dx atan rotate cw neg 0 M ch SH
6474	ct sr length lt{sr ct 1 v W pop 2 ? 0 rmoveto}i
6475	CP transform /cpy x /cpx x G
6476	/sl sl cw ad /po po cw 2 ma store ct sr length lt{/sl sl sr ct 1 v W pop 2 ? ad}i}b
6477	/cpd {/newslots x D length newslots + dict D 3 1 roll begin {1 index /FID ne {def}i}forall pop pop end}b
6478	/fn? {FontDirectory exch known} b
6479	/mof
6480	{/ui 0 d
6481	/pw 1000 24 dd
6482	/nn x
6483	/bn x
6484	ui 0 eq
6485	{/ui bn findfont
6486	dup /UniqueID known
6487	{/UniqueID get 1 add}{pop 1}ifelse
6488	def} if
6489	/bfd bn findfont def
6490	/ct bfd maxlength 1 ad
6491	bfd /UniqueID known not
6492	{/ct ct 1 ad} if
6493	/ofd ct dict def
6494	bfd
6495	{ exch dup /FID ne
6496	{exch ofd 3 1 roll put}
6497	{pop pop} ifelse
6498	}forall
6499	ofd /FontName nn put
6500	ofd /PaintType 2 put
6501	ofd /StrokeWidth pw put
6502	ofd /UniqueID ui put
6503	nn ofd definefont pop}b
6504	/muf
6505	{20 dict begin
6506	/ui x
6507	e /BaseFont e findfont d
6508	ui 0 eq
6509	{/ui BaseFont D /UniqueID known
6510	{/UniqueID get 1 +}{pop 1}I d}i
6511	/FontType 3 d
6512	/Upos BaseFont /FontInfo 2 copy known
6513	{get /UnderlinePosition 2 copy known
6514	{get}{pop pop -100 }I}{ pop pop -100 }I d
6515	/Uwid BaseFont /FontInfo 2 copy known
6516	{get /UnderlineThickness 2 copy known
6517	{get}{pop pop 50}I}
6518	{pop pop 50}I d
6519	/FontMatrix BaseFont /FontMatrix get d
6520	/FontBBox BaseFont /FontBBox get
6521	D 1 get Upos gt {D 1 Upos put}i d
6522	/Encoding BaseFont /Encoding get d
6523	/theChar 1 string d
6524	/BuildChar
6525	{e begin
6526	theChar 0 3 -1 roll put
6527	BaseFont 1000 scalefont setfont
6528	theChar W FontBBox setcachedevice
6529	0 0 M
6530	theChar show
6531	0 Upos rmoveto 0 Upos L
6532	Uwid setlinewidth stroke
6533	end}d
6534	currentdict
6535	end
6536	definefont pop}b
6537	/of {dup fn? {pop pop}{mof}I}b
6538	/uf {1 index fn? {pop pop pop}{muf}I}b
6539	/ns {g CP m3 currentmatrix nulldevice setmatrix T 0 0 M Txt CP pop G}b
6540	/ft {/ftsave save d CP 3 1 roll + e T 0 0 M /show /myshow l Txt ftsave restore}b
6541	/ls {/Txt x 0 ft}b
6542	/cs {/Txt x ns 2 ? neg ft}b
6543	/rs {/Txt x ns neg ft}b
6544	/slp {/sproc x /sr x 0 1 sr length 1 - {sr e 1 v sproc}for}b
6545	/ss
6546	{/Txt x /fsave save d
6547	CP 2 copy T 0 0 M
6548	/ffsave save d pop - /lw x ns /tw x /wsp lw tw sd /nsp 0 d
6549	/show {nsp e {sp eq {1 +}i}slp /nsp x}d
6550	Txt 0 nsp 0 gt {wsp nsp ? +}i ffsave restore /s+ x
6551	/myshow load D systemdict /show get ne
6552	{D D length 1 - get cvlit /charshadow eq {[ e aload pop e pop s+ e ] cvx}i}
6553	{pop {s+ 0 32 4 -1 roll widthshow}}I
6554	/show x Txt fsave restore}b
6555	/cf{D /fn x length 7 + string /ts x ts 0 s1 V ts 7 fn V /fnm ts cvn d
6556	FontDirectory fnm known not {fn cvn findfont 0 cpd /nfd x nfd D /FontName fnm put /Encoding macvec put fnm nfd definefont pop}i}b
6557	pack? {packstate setpacking}i
6558
6559	%-----------------------------------
6560	%Encode PS Fonts to match Mac Fonts
6561	(Helvetica) cf
6562	(Helvetica-Bold) cf
6563	%-----------------------------------
6564
6565	%----- Begin Main Program -----%
6566	g 0 1 1 0 102 45.75 fc
6567	newpath
6568	-9 1.75 M
6569	-4.5 -6.25 7.5 -4.25 9 6.25 curveto
6570	1 setlinewidth 0 SG stroke
6571	G
6572	g 0 1 1 0 158.25 118.5 fc
6573	newpath
6574	7.25 2 M
6575	4.25 -7 -7.25 -6.5 -6.25 7 curveto
6576	1 setlinewidth 0 SG stroke
6577	G
6578	g 0 1 1 0 141 77.5 fc
6579	newpath
6580	-6.5 6 M
6581	-8.5 -6 5 -7.5 8.5 7.5 curveto
6582	1 setlinewidth 0 SG stroke
6583	G
6584	g 0 1 1 0 68 77.75 fc
6585	newpath
6586	-11 0.75 M
6587	-12.5 -7.75 12.5 -6.75 9.5 7.75 curveto
6588	1 setlinewidth 0 SG stroke
6589	G
6590	g 0 1 1 0 40 114.75 fc
6591	newpath
6592	-10 -1.75 M
6593	4 -7.75 10 -1.75 9 7.75 curveto
6594	1 setlinewidth 0 SG stroke
6595	G
6596	g 0 1 1 0 180.5 188.25 fc
6597	newpath
6598	-22 -7.75 M
6599	8.5 -12.75 22 12.75 -11 7.25 curveto
6600	1 setlinewidth 0 SG stroke
6601	G
6602	g 0 1 1 0 37.75 187 fc
6603	newpath
6604	-12.25 -7.5 M
6605	5.25 -7 12.25 7.5 -3.25 7.5 curveto
6606	1 setlinewidth 0 SG stroke
6607	G
6608	g 0 1 1 0 99.25 188 fc
6609	newpath
6610	-13.25 -9 M
6611	6.75 -6 13.25 9 -4.75 7.5 curveto
6612	1 setlinewidth 0 SG stroke
6613	G
6614	g 0 1 1 0 152 157 fc
6615	newpath
6616	0 -20 M
6617	0 20 L
6618	2 setlinewidth 0 SG
6619	0 setlinecap stroke
6620	G
6621	g 0 1 1 0 67 154 fc
6622	newpath
6623	-11 -22 M
6624	11 22 L
6625	2 setlinewidth 0 SG
6626	0 setlinecap stroke
6627	G
6628	g 0 1 1 0 35.25 153.75 fc
6629	newpath
6630	13.25 -21.75 M
6631	-13.25 21.75 L
6632	2 setlinewidth 0 SG
6633	0 setlinecap stroke
6634	G
6635	g 0 1 1 0 142.5 109 fc
6636	newpath
6637	-6.5 -16.5 M
6638	6.5 16.5 L
6639	2 setlinewidth 0 SG
6640	0 setlinecap stroke
6641	G
6642	g 0 1 1 0 123 73.25 fc
6643	newpath
6644	-8.5 -11.75 M
6645	8.5 11.75 L
6646	2 setlinewidth 0 SG
6647	0 setlinecap stroke
6648	G
6649	g 0 1 1 0 65 109 fc
6650	newpath
6651	10.5 -14.5 M
6652	-10.5 14.5 L
6653	2 setlinewidth 0 SG
6654	0 setlinecap stroke
6655	G
6656	g 0 1 1 0 95 73.5 fc
6657	newpath
6658	13 -13 M
6659	-13 13 L
6660	2 setlinewidth 0 SG
6661	0 setlinecap stroke
6662	G
6663	g 0 1 1 0 160.5 9 fc
6664	newpath
6665	8 -8 M
6666	-8 8 L
6667	2 setlinewidth 0 SG
6668	0 setlinecap stroke
6669	G
6670	g 0 1 1 0 130 39.5 fc
6671	newpath
6672	15.5 -15.5 M
6673	-15.5 15.5 L
6674	2 setlinewidth 0 SG
6675	0 setlinecap stroke
6676	G
6677	g 0 1 1 0 179 130 fc
6678	newpath
6679	-13 -18.5 M
6680	13 -18.5 L
6681	13 18.5 L
6682	-13 18.5 L
6683	closepath
6684	g 1 SG fill G
6685	1 setlinewidth 0 SG
6686	0 setlinecap stroke
6687	G
6688	g 0 1 1 0 164 88 fc
6689	newpath
6690	-14 -12.5 M
6691	14 -12.5 L
6692	14 12.5 L
6693	-14 12.5 L
6694	closepath
6695	g 1 SG fill G
6696	1 setlinewidth 0 SG
6697	0 setlinecap stroke
6698	G
6699	g 0 1 1 0 154 196 fc
6700	newpath
6701	-15 -6 M
6702	15 -6 L
6703	15 6 L
6704	-15 6 L
6705	closepath
6706	g 1 SG fill G
6707	1 setlinewidth 0 SG
6708	0 setlinecap stroke
6709	G
6710	g 0 1 1 0 81 193.5 fc
6711	newpath
6712	-14 -6 M
6713	14 -6 L
6714	14 6 L
6715	-14 6 L
6716	closepath
6717	g 1 SG fill G
6718	1 setlinewidth 0 SG
6719	0 setlinecap stroke
6720	G
6721	g 0 1 1 0 20 193.5 fc
6722	newpath
6723	-14 -6 M
6724	14 -6 L
6725	14 6 L
6726	-14 6 L
6727	closepath
6728	g 1 SG fill G
6729	1 setlinewidth 0 SG
6730	0 setlinecap stroke
6731	G
6732	g 0 1 1 0 16 124 fc
6733	newpath
6734	-14 -17.5 M
6735	14 -17.5 L
6736	14 17.5 L
6737	-14 17.5 L
6738	closepath
6739	g 1 SG fill G
6740	1 setlinewidth 0 SG
6741	0 setlinecap stroke
6742	G
6743	g 0 1 1 0 40.5 85.5 fc
6744	newpath
6745	-16.5 -13 M
6746	16.5 -13 L
6747	16.5 13 L
6748	-16.5 13 L
6749	closepath
6750	g 1 SG fill G
6751	1 setlinewidth 0 SG
6752	0 setlinecap stroke
6753	G
6754	g 0 1 1 0 79 54.5 fc
6755	newpath
6756	-14 -13 M
6757	14 -13 L
6758	14 13 L
6759	-14 13 L
6760	closepath
6761	g 1 SG fill G
6762	1 setlinewidth 0 SG
6763	0 setlinecap stroke
6764	G
6765	g 0 1 -1 0 21 178.5 fc
6766	/myshow /show load def
6767	0 SG
6768	-18 -2 M
6769	/\|______Helvetica-Bold findfont 12 scalefont setfont
6770	{
6771	(C) show
6772	}ls
6773	G
6774	g 0 1 -1 0 152 178.5 fc
6775	/myshow /show load def
6776	0 SG
6777	-18 -2 M
6778	/\|______Helvetica-Bold findfont 12 scalefont setfont
6779	{
6780	(B) show
6781	}ls
6782	G
6783	g 0 1 -1 0 81 178.5 fc
6784	/myshow /show load def
6785	0 SG
6786	-18 -2 M
6787	/\|______Helvetica-Bold findfont 12 scalefont setfont
6788	{
6789	(A) show
6790	}ls
6791	G
6792	g 0 1 -1 0 144 130.5 fc
6793	/myshow /show load def
6794	0 SG
6795	-18 -2 M
6796	/\|______Helvetica-Bold findfont 12 scalefont setfont
6797	{
6798	(Z) show
6799	}ls
6800	G
6801	g 0 1 -1 0 84 128.5 fc
6802	/myshow /show load def
6803	0 SG
6804	-18 -2 M
6805	/\|______Helvetica-Bold findfont 12 scalefont setfont
6806	{
6807	(X) show
6808	}ls
6809	G
6810	g 0 1 -1 0 140 91.5 fc
6811	/myshow /show load def
6812	0 SG
6813	-18 -2 M
6814	/\|______Helvetica-Bold findfont 12 scalefont setfont
6815	{
6816	(Y) show
6817	}ls
6818	G
6819	g 0 1 -1 0 106 91.5 fc
6820	/myshow /show load def
6821	0 SG
6822	-18 -2 M
6823	/\|______Helvetica-Bold findfont 12 scalefont setfont
6824	{
6825	(W) show
6826	}ls
6827	G
6828	g 0 1 -1 0 138 57.5 fc
6829	/myshow /show load def
6830	0 SG
6831	-18 -2 M
6832	/\|______Helvetica-Bold findfont 12 scalefont setfont
6833	{
6834	(V) show
6835	}ls
6836	G
6837	g 0 1 -1 0 151 20.5 fc
6838	/myshow /show load def
6839	0 SG
6840	-18 -2 M
6841	/\|______Helvetica-Bold findfont 12 scalefont setfont
6842	{
6843	(U) show
6844	}ls
6845	G
6846	g 0 1 1 0 148 19.5 fc
6847	newpath
6848	5 5 0 360 a
6849	g 0.45 SG fill G
6850	1 setlinewidth 0 SG
6851	0 setlinecap stroke
6852	G
6853	g 0 1 1 0 112 57.5 fc
6854	newpath
6855	5 5 0 360 a
6856	g 0.45 SG fill G
6857	1 setlinewidth 0 SG
6858	0 setlinecap stroke
6859	G
6860	g 0 1 1 0 79 89.5 fc
6861	newpath
6862	5 5 0 360 a
6863	g 0.45 SG fill G
6864	1 setlinewidth 0 SG
6865	0 setlinecap stroke
6866	G
6867	g 0 1 1 0 52 127.5 fc
6868	newpath
6869	5 5 0 360 a
6870	g 0.45 SG fill G
6871	1 setlinewidth 0 SG
6872	0 setlinecap stroke
6873	G
6874	g 0 1 1 0 20 179.5 fc
6875	newpath
6876	5 5 0 360 a
6877	g 0.45 SG fill G
6878	1 setlinewidth 0 SG
6879	0 setlinecap stroke
6880	G
6881	g 0 1 1 0 135 89.5 fc
6882	newpath
6883	5 5 0 360 a
6884	g 0.45 SG fill G
6885	1 setlinewidth 0 SG
6886	0 setlinecap stroke
6887	G
6888	g 0 1 1 0 151 130.5 fc
6889	newpath
6890	5 5 0 360 a
6891	g 0.45 SG fill G
6892	1 setlinewidth 0 SG
6893	0 setlinecap stroke
6894	G
6895	g 0 1 1 0 153 181.5 fc
6896	newpath
6897	5 5 0 360 a
6898	g 0.45 SG fill G
6899	1 setlinewidth 0 SG
6900	0 setlinecap stroke
6901	G
6902	g 0 1 1 0 81 179.5 fc
6903	newpath
6904	5 5 0 360 a
6905	g 0.45 SG fill G
6906	1 setlinewidth 0 SG
6907	0 setlinecap stroke
6908	G
6909	g 0 1 -1 0 92 60 fc
6910	/myshow /show load def
6911	0 SG
6912	-24 8 M
6913	/\|______Helvetica findfont 9 scalefont setfont
6914	{
6915	(UÇVÈ) show
6916	}ls
6917	-24 -2 M
6918	{
6919	(VÇUÈ) show
6920	}ls
6921	G
6922	g 0 1 -1 0 26.5 135 fc
6923	/myshow /show load def
6924	0 SG
6925	-24 16 M
6926	/\|______Helvetica findfont 9 scalefont setfont
6927	{
6928	(WÇXÈ) show
6929	}ls
6930	-24 6 M
6931	{
6932	(XÇWÈ) show
6933	}ls
6934	-24 -4 M
6935	{
6936	(XÇZÈ) show
6937	}ls
6938	G
6939	g 0 1 -1 0 189 138 fc
6940	/myshow /show load def
6941	0 SG
6942	-20 16 M
6943	/\|______Helvetica findfont 9 scalefont setfont
6944	{
6945	(YÇZÈ) show
6946	}ls
6947	-20 6 M
6948	{
6949	(ZÇYÈ) show
6950	}ls
6951	-20 -4 M
6952	{
6953	(ZÇXÈ) show
6954	}ls
6955	G
6956	g 0 1 -1 0 51.5 92 fc
6957	/myshow /show load def
6958	0 SG
6959	-24 8 M
6960	/\|______Helvetica findfont 9 scalefont setfont
6961	{
6962	(VÇWÈ) show
6963	}ls
6964	-24 -2 M
6965	{
6966	(WÇVÈ) show
6967	}ls
6968	G
6969	g 0 1 -1 0 173 93.5 fc
6970	/myshow /show load def
6971	0 SG
6972	-20 8 M
6973	/\|______Helvetica findfont 9 scalefont setfont
6974	{
6975	(VÇYÈ) show
6976	}ls
6977	-20 -2 M
6978	{
6979	(YÇVÈ) show
6980	}ls
6981	G
6982	g 0 1 -1 0 34.5 196 fc
6983	/myshow /show load def
6984	0 SG
6985	-26 -1 M
6986	/\|______Helvetica findfont 9 scalefont setfont
6987	{
6988	(XÇCÈ) show
6989	}ls
6990	G
6991	g 0 1 -1 0 94.5 196.5 fc
6992	/myshow /show load def
6993	0 SG
6994	-25 0 M
6995	/\|______Helvetica findfont 9 scalefont setfont
6996	{
6997	(XÇAÈ) show
6998	}ls
6999	G
7000	g 0 1 -1 0 166.5 198.5 fc
7001	/myshow /show load def
7002	0 SG
7003	-25 0 M
7004	/\|______Helvetica findfont 9 scalefont setfont
7005	{
7006	(ZÇBÈ) show
7007	}ls
7008	G
7009
7010	%------ End Main Program ------%
7011
7012	end
7013	vmstate restore
7014
7015	%%Trailer
7016
7017	%%Pages:1
7018
7019	pse
7020	psb
7021	pse
7022	psb
7023	/psb /mypsb load store /pse /mypse load store pse
7024	gR
7025	gS 13 12 568 818 rC
7026	205 509 :M
7027	f3_9 sf
7028	-.015(Figure 4.\321CA Hierarchy \320 A Hypothetical Example)A
7029	72 533 :M
7030	f6_10 sf
7031	1.342 .134(Figure 4 illustrates a hypothetical example of a DIT fragment, where the CAs form a hierarchy. Besides the)J
7032	72 544 :M
7033	.318 .032(information shown at the CAs, we assume that each user knows the public key of its certi\336cation authority, and its)J
7034	72 555 :M
7035	-.009(own public and private keys.)A
7036	72 578 :M
7037	.446 .045(If the CAs of the users are arranged in a hierarchy, A can acquire the following certi\336cates from the Directory to)J
7038	72 589 :M
7039	-.004(establish a certi\336cation path to B:)A
7040	90 612 :M
7041	-.032(X\307W\310, W\307V\310, V\307Y\310, Y\307Z\310, Z\307B\310)A
7042	72 635 :M
7043	.441 .044(When A has obtained these certi\336cates, it can unwrap the certi\336cation path in sequence to yield the contents of the)J
7044	72 646 :M
7045	-.005(certi\336cate of B, including Bp:)A
7046	90 665 :M
7047	-.015(Bp = Xp )A
7048	f6_14 sf
7049	(\245 )S
7050	f6_10 sf
7051	-.019(X\307W\310 W\307V\310 V\307Y\310 Y\307Z\310 )A
7052	247 665 :M
7053	f6_14 sf
7054	-.17( )A
7055	f6_10 sf
7056	-.369(Z\307B\310)A
7057	72 690 :M
7058	.039 .004(In general, A also has to acquire the following certi\336cates from the Directory to establish the return certi\336cation path)J
7059	72 701 :M
7060	-.034(from B to A:)A
7061	90 718 :M
7062	(Z\307Y\310, Y\307V\310, V\307W\310, W\307X\310, X\307A\310.)S
7063	72 741 :M
7064	-.009(When B receives these certi\336cates from A, it can unwrap the return certi\336cation path in sequence to yield the contents)A
7065	72 752 :M
7066	-.022(of the certi\336cate of A, including Ap:)A
7067	90 771 :M
7068	-.088(Ap = Zp )A
7069	f6_14 sf
7070	-.162(\245 )A
7071	135 771 :M
7072	f6_10 sf
7073	-.023(Z\307Y\310 Y\307V\310 V\307W\310 W\307X\310 X\307A\310)A
7074	endp
7075	%%Page: 18 18
7076	%%BeginPageSetup
7077	initializepage
7078	(hoyt; page: 18 of 40)setjob
7079	%%EndPageSetup
7080	-13 -12 :T
7081	gS 13 12 568 818 rC
7082	54 45 :M
7083	f3_10 sf
7084	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
7085	54 803 :M
7086	(12)S
7087	90 803 :M
7088	-.017(ITU-T Rec. X.509 $1993 E$)A
7089	54 81 :M
7090	f6_10 sf
7091	(Applying the optimizations of 8.1:)S
7092	72 98 :M
7093	-.766(a\))A
7094	90 98 :M
7095	.45 .045(taking A and C, for example: both know Xp, so that A simply has to directly acquire the certi\336cate of C.)J
7096	90 109 :M
7097	-.018(Unwrapping the certi\336cation path reduces to:)A
7098	126 128 :M
7099	-.102(Cp = Xp )A
7100	f6_14 sf
7101	(\245)S
7102	168 128 :M
7103	f6_10 sf
7104	-.097( X\307C\310)A
7105	90 147 :M
7106	-.017(and unwrapping the return certi\336cation Path reduces to:)A
7107	126 166 :M
7108	-.097(Ap = Xp )A
7109	f6_14 sf
7110	(\245)S
7111	171 166 :M
7112	f6_10 sf
7113	-.235( X\307A\310)A
7114	72 185 :M
7115	-.328(b\))A
7116	90 185 :M
7117	.073 .007(assuming that A would thus know W\307X\310, Wp, V\307W\310, Vp, U\307V\310, Up, etc., reduces the information which)J
7118	90 196 :M
7119	-.003(A has to obtain from the Directory to form the certi\336cation path to:)A
7120	126 213 :M
7121	-.036(V\307Y\310, Y\307Z\310, Z\307B\310)A
7122	90 230 :M
7123	-.009(and the information which A has to obtain from the Directory to form the return certi\336cation path to:)A
7124	126 247 :M
7125	-.027(Z\307Y\310, Y\307V\310.)A
7126	72 264 :M
7127	-.766(c\))A
7128	90 264 :M
7129	.427 .043(assuming that A frequently communicates with users certi\336ed by Z, it can learn \(in addition to the public)J
7130	90 275 :M
7131	.271 .027(keys learned in b\) above\) V\307Y\310, Y\307V\310, Y\307Z\310, and Z\307Y\310. To communicate with B, it need therefore only)J
7132	90 286 :M
7133	-.008(obtain Z\307B\310 from the Directory.)A
7134	72 303 :M
7135	-.328(d\))A
7136	90 303 :M
7137	-.01(assuming that users certi\336ed by X and Z frequently communicate, then X\307Z\310 would be held in the directory)A
7138	90 314 :M
7139	-.002(entry for X, and vice versa $this is shown in Figure 4$. If A wants to authenticate to B, A need only obtain:)A
7140	126 331 :M
7141	-.012(X\307Z\310, Z\307B\310)A
7142	90 348 :M
7143	-.018(to form the certi\336cation path, and:)A
7144	126 365 :M
7145	-.109(Z\307X\310)A
7146	90 382 :M
7147	-.008(to form the return certi\336cation path.)A
7148	72 399 :M
7149	-.766(e\))A
7150	90 399 :M
7151	.337 .034(assuming users A and C have communicated before and have learned one another\325s certificates, they may)J
7152	90 410 :M
7153	-.014(use each other\325s public key directly, i.e.,)A
7154	126 429 :M
7155	-.102(Cp = Xp )A
7156	f6_14 sf
7157	(\245)S
7158	168 429 :M
7159	f6_10 sf
7160	-.097( X\307C\310)A
7161	90 448 :M
7162	-.219(and)A
7163	126 467 :M
7164	-.083(Ap = Xp )A
7165	164 467 :M
7166	f6_14 sf
7167	-.282(\245)A
7168	f6_10 sf
7169	-.388( X\307A\310)A
7170	159 483 254 129 rC
7171	149 473 :M
7172	f1_12 sf
7173	-.501( \312)A
7174	158 473 :M
7175	psb
7176	pse
7177	psb
7178	userdict /md known {/CricketAdjust true def} {/CricketAdjust false def} ifelse /mypsb /psb load def /mypse /pse load def /psb {} store /pse {} store /XDEF {exch def} def pse
7179	159 483 :M
7180	psb
7181	currentpoint /POY XDEF /POX XDEF pse
7182	413 612 :M
7183	psb
7184	currentpoint POY sub 129 div /YSCL XDEF POX sub 254 div /XSCL XDEF pse
7185	psb
7186	%!PS-Adobe-2.0
7187	%%Title:8-5
7188	%%Creator:Cricket Draw 1.1
7189	%%CreationDate:8/21/89 1:04 AM
7190	%%DocumentFonts: Helvetica
7191	%%BoundingBox:0 0 254 129
7192	%%Pages:(atend)
7193	%%EndComments
7194	/vmstate save def
7195	/$cricket 210 dict def
7196	$cricket begin CricketAdjust {POX POY translate XSCL YSCL scale} if
7197	2 setlinecap
7198	/d /def load def
7199	/b {bind d}bind d
7200	/l {load d}b
7201	/e /exch l
7202	/x {e d}b
7203	/C /closepath l
7204	/CP /currentpoint l
7205	/SH /show l
7206	/g /gsave l
7207	/G /grestore l
7208	/i /if l
7209	/I /ifelse l
7210	/v /getinterval l
7211	/V /putinterval l
7212	/W /stringwidth l
7213	/SG /setgray l
7214	/N /newpath l
7215	/M /moveto l
7216	/L /lineto l
7217	/R /rlineto l
7218	/T /translate l
7219	/D /dup l
7220	/* /mul l
7221	/+ /add l
7222	/- /sub l
7223	/? /div l
7224	/ma {* +}b
7225	/h {D * e D ma sqrt}d
7226	/np {} d
7227	systemdict D /setpacking known D {/packstate currentpacking d D setpacking}i /pack? x
7228	begin /settransfer load /setscreen load end
7229	/setscreen x /settransfer x
7230	systemdict /setcmykcolor known not { /setcmykcolor {pop pop pop pop 0 SG} d} if
7231	/dt [ currenttransfer ] cvx d
7232	/ds [ currentscreen D [ e ] cvx /devSpot x ] cvx d
7233	/jp {e [ 3 1 roll aload pop counttomark -1 roll aload pop ] cvx}b
7234	/settransfer {dt jp settransfer}b
7235	/macvec dup where not { 256 array d
7236	macvec 0 StandardEncoding
7237	0 128 getinterval putinterval
7238	macvec 16#27 /quotesingle put
7239	macvec 16#60 /grave put
7240	/Adieresis /Aring /Ccedilla /Eacute /Ntilde /Odieresis /Udieresis /aacute
7241	/agrave /acircumflex /adieresis /atilde /aring /ccedilla /eacute /egrave
7242	/ecircumflex /edieresis /iacute /igrave /icircumflex /idieresis /ntilde /oacute
7243	/ograve /ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex /udieresis
7244	/dagger /degree /cent /sterling /section /bullet /paragraph /germandbls
7245	/registersans /copyrightsans /trademarksans /acute /dieresis /notequal /AE /Oslash
7246	/infinity /plusminus /lessequal /greaterequal /yen /mu /partialdiff /summation
7247	/product /pi /integral /ordfeminine /ordmasculine /Omega /ae /oslash
7248	/questiondown /exclamdown /logicalnot /radical /florin /approxequal /Delta /guillemotleft
7249	/guillemotright /ellipsis /space /Aacute /Atilde /Otilde /OE /oe
7250	/endash /emdash /quotedblleft /quotedblright /quoteleft /quoteright /divide /lozenge
7251	/ydieresis /Ydieresis /fraction /currency /guilsinglleft /guilsinglright /fi /fl
7252	/daggerdbl /periodcentered /quotesinglbase /quotedblbase /perthousand
7253	/Acircumflex /Ecircumflex /Agrave
7254	/Edieresis /Egrave /Iacute /Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex
7255	/apple /Ograve /Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde
7256	/macron /breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron
7257	macvec 128 128 v astore pop}{pop pop}I
7258	/ad {+ d}b
7259	/sd {- d}b
7260	/td {* d}b
7261	/dd {? d}b
7262	/c {2 ? e 2 ? e}b
7263	/n0 {D 0 eq {pop}}b
7264	/m1 matrix d /m2 matrix d /m3 matrix d
7265	/ct 0 d
7266	/s+ 0 d
7267	/po 0 d
7268	/ts 40 string d
7269	/s1 (\|______) d
7270	ts 0 s1 V
7271	/sp ( ) d
7272	/SM {/m3 m3 currentmatrix d}b
7273	/RM {m3 setmatrix}b
7274	/dpi 72 0 matrix defaultmatrix dtransform h d
7275	/inch {72 *}b
7276	/cm {28.3465 *}b
7277	/pi 3.1415923 d
7278	/fs 256 string d
7279	/sh {m1 m2 copy 2 3 -1 roll sin put m2 concat}b
7280	/fc {T n0 {rotate}I scale n0 {sh}I}b
7281	/a {/ea x /sa x SM -1 * scale 0 0 1 sa ea 2 copy gt {arcn}{arc}I RM}b
7282	/cn {SM T x1 y1 scale 0 0 1 ct 90 * D 90 + arc /ct ct 1 ad RM}b
7283	/rr {/y1 x /x1 x /ct 0 d c y1 - /yr x x1 - /xr x N xr yr cn xr neg yr cn xr neg yr neg cn xr yr neg cn C}b
7284	/dg
7285	{/lc x clip rotate T /dy x /dx x
7286	0 eq {N
7287	1 eq {1 10 lc ? 10{log dy * 0 e neg M dx 0 R}for lc 10 gt{dy 0 e neg M dx 0 R}i}
7288	{lc 1 eq {0 0 e neg M dx 0 R}{/st dy lc 1 - dd 0 1 lc 1 - {st * 0 e neg M dx 0 R}for}I}I
7289	stroke}
7290	{1 eq {/st 0 d /inc 10 lc 1 + dd dx dy lt {/rd dx d}{/rd dy d}I
7291	1 1 lc {/di st 1 + log 10 log ? rd td N dx di - dy di - 0 360 a C stroke /st st inc ad}for}
7292	{dx dy lt {/st dx lc dd}{/st dy lc dd}I lc {N dx dy 0 360 a C stroke /dx dx st sd /dy dy st sd}repeat} I
7293	}I}b
7294	/sb {/ea x /ia x /sa x /yr x /xr x ea sa lt{/ia ia neg d}i N sa ia ea{D /x1 e cos xr td /y1 e sin yr * neg d x1 y1 M 0 0 L}for}b
7295	/bm {/y1 x /x1 x bitgray SG x1 y1 /md where {pop md /invertflag 2 copy known {get not}{pop pop true}I }{true}I
7296	[x1 0 0 y1 0 0] {currentfile picstring readhexstring pop}imagemask}b
7297	/c1 .166667 d /c2 .833333 d /c3 .5 d
7298	/p3 {+ c3 *}b
7299	/dc{/y2 x /x2 x x0 c1 * x1 c2 ma y0 c1 * y1 c2 ma x1 c2 * x2 c1 ma y1 c2 * y2 c1 ma x1 x2 p3 y1 y2 p3 curveto}b
7300	/mp {/x0 x1 d /y0 y1 d /x1 x2 d /y1 y2 d}b
7301	/SPOLY_INIT
7302	{/SPOLY_SAVE save d /cls x
7303	/M {2 copy /y0 x /x0 x moveto /M /moveto load d}d
7304	/L {/y1 x /x1 x x0 x1 p3 y0 y1 p3
7305	cls {/yy y1 d /xx x1 d /C {mp xx yy dc systemdict /closepath get exec}d M}
7306	{lineto}I /L {{dc mp}stopped {/L {pop pop}d /noerr false d}i}d}d}d
7307	/SPOLY_END {SPOLY_SAVE restore}b
7308	/ah {g 2 copy T 3 -1 roll - 3 1 roll e - atan rotate os 0 M hl hw R 0 hw 2 * neg R C fill G}b
7309	/da
7310	{/bp x /ep x g stroke G
7311	currentlinewidth dup .24 lt {pop .24}i
7312	D -10 * D /hl x -2 ? /os x 2 * /hw x
7313	flattenpath /out? false d
7314	bp{g {/by x /bx x}
7315	{2 copy by eq e bx eq and {pop pop}{/out? true d}I out? {exit}i}
7316	/np load dup pathforall N bx by ah G}i
7317	ep{/out? false d reversepath {/ey x /ex x}
7318	{2 copy ey eq e ex eq and {pop pop}{/out? true d}I out? {exit}i}
7319	/np load dup pathforall N ex ey ah}i}b
7320	/tp {sm0 transform}b
7321	/sfp {} d
7322	/op {{tp moveto}{tp lineto}{3{tp 6 2 roll}repeat curveto}{C} pathforall sfp stroke}b
7323	/sm0 matrix d /sm1 matrix d
7324	/so
7325	{SG /eg x /tg x /yt x /xt x
7326	xt 0 ne yt 0 ne or {
7327	xt abs yt abs gt {/tt xt abs d}{/tt yt abs d}I
7328	tt 144 gt {/ct dpi 2 dd /sfp{g eofill G}d}
7329	{tt 72 gt {/ct dpi 4 dd /sfp{g eofill G}d}
7330	{/ct dpi 4 dd}I}I
7331	/ig tg eg - ct ? neg d
7332	/x1 xt ct ? neg d /y1 yt ct dd
7333	1 0 0 1 xt yt sm0 astore pop
7334	1 0 0 1 x1 y1 neg sm1 astore pop
7335	g op G
7336	1 1 ct{g ig * tg + SG sm0 D sm1 e concatmatrix pop op G}for}i}b
7337	/css {T 0 0 M xsp 0 32 Txt widthshow}b
7338	/sc
7339	{g /xsp x /tg x /eg x /sg x /y1 x /x1 x /Txt x
7340	/sst dpi 4 dd /y2 y1 sst dd /x2 x1 neg sst dd
7341	eg sg eq {/sg sg .001 sd}i
7342	/ig eg sg - sst ? neg d
7343	g tg SG x1 y1 neg css
7344	eg ig + ig sg {SG x2 y2 css}for G
7345	x2 y2 css CP G T 0 0 M}b
7346	/gbb {pathbbox /y1 x /x1 x /y2 x /x2 x /x3 x1 x2 sd /y3 y1 y2 sd}b
7347	/radf
7348	{/dn dpi 300 ? 8 * 24 ad /ig rg 255 ? dn dd
7349	sg 255 ? SG eoclip gbb
7350	x2 x3 2 ? + y2 y3 2 ? + T N
7351	x3 y3 h 2 ? D dn ? neg 1
7352	{0 0 3 -1 roll 0 360 arc C fill currentgray ig + SG}for}b
7353	/dof
7354	{/ff x
7355	eoclip 180 - rotate gbb
7356	x1 y1 T 180 rotate x3 y3 scale
7357	0 1 255 {fs e D 255 ? ff rg * sg + round cvi put}for
7358	1 256 8 [1 0 0 256 0 0] fs image}b
7359	/gft {radf {{} dof}{{1 e - 9 * 1 + log 1 e -}dof}}b
7360	/df
7361	{g 2 copy eq {SG pop 0 ne {pop}i fill}{255 * e 255 * e 1 index - /rg x /sg x /gft load e get exec}I G}b
7362	/oc
7363	{/tl x /ju x /di 0 d
7364	g flattenpath
7365	{/y1 x /x1 x}{/y2 x /x2 x /dx x2 x1 sd /dy y2 y1 sd /di dx D * dy D ma sqrt di ad /x1 x2 d /y1 y2 d}
7366	{}{/y2 x /x2 x /dx x2 x1 sd /dy y2 y1 sd /di dx D * dy D ma sqrt d}pathforall
7367	ju 0 eq{/po 0 store}i
7368	ju 1 eq{/po di tl - 2 ? store}i
7369	ju 2 eq{/po di tl - store}i G}b
7370	/pt {/FM true d /os x /sr x /os os sr 0 1 v W pop 2 ? ad /pd 0 d /sl os d /ct 0 d g flattenpath {mtp}{ltp}{ctp}{cpp}pathforall G}b
7371	/mtp {/y1 x /x1 x /x2 x1 d /y2 y1 d /ovr FM {os /FM false d}{0}I d x1 y1 transform /cpy x /cpx x}b
7372	/ltp
7373	{/x3 x1 d /y3 y1 d /y1 x /x1 x /dx x1 x3 sd /dy y1 y3 sd /di dx D * dy D ma sqrt d
7374	/di 0 ne
7375	{/dsx dx di ? ovr td /dsy dy di ? ovr td x3 dsx + y3 dsy + transform
7376	/cpy x /cpx x /pd pd di ad {sl pd le {ct sr length lt{sch}{exit}I}{/ovr sl pd sd exit}I}loop}i}b
7377	/ctp {}b
7378	/cpp {x2 y2 ltp x2 y2 mtp}b
7379	/sch
7380	{/ch sr ct 1 v d /ct ct 1 ad
7381	/cw ch W pop 2 dd
7382	g cpx cpy itransform T dy dx atan rotate cw neg 0 M ch SH
7383	ct sr length lt{sr ct 1 v W pop 2 ? 0 rmoveto}i
7384	CP transform /cpy x /cpx x G
7385	/sl sl cw ad /po po cw 2 ma store ct sr length lt{/sl sl sr ct 1 v W pop 2 ? ad}i}b
7386	/cpd {/newslots x D length newslots + dict D 3 1 roll begin {1 index /FID ne {def}i}forall pop pop end}b
7387	/fn? {FontDirectory exch known} b
7388	/mof
7389	{/ui 0 d
7390	/pw 1000 24 dd
7391	/nn x
7392	/bn x
7393	ui 0 eq
7394	{/ui bn findfont
7395	dup /UniqueID known
7396	{/UniqueID get 1 add}{pop 1}ifelse
7397	def} if
7398	/bfd bn findfont def
7399	/ct bfd maxlength 1 ad
7400	bfd /UniqueID known not
7401	{/ct ct 1 ad} if
7402	/ofd ct dict def
7403	bfd
7404	{ exch dup /FID ne
7405	{exch ofd 3 1 roll put}
7406	{pop pop} ifelse
7407	}forall
7408	ofd /FontName nn put
7409	ofd /PaintType 2 put
7410	ofd /StrokeWidth pw put
7411	ofd /UniqueID ui put
7412	nn ofd definefont pop}b
7413	/muf
7414	{20 dict begin
7415	/ui x
7416	e /BaseFont e findfont d
7417	ui 0 eq
7418	{/ui BaseFont D /UniqueID known
7419	{/UniqueID get 1 +}{pop 1}I d}i
7420	/FontType 3 d
7421	/Upos BaseFont /FontInfo 2 copy known
7422	{get /UnderlinePosition 2 copy known
7423	{get}{pop pop -100 }I}{ pop pop -100 }I d
7424	/Uwid BaseFont /FontInfo 2 copy known
7425	{get /UnderlineThickness 2 copy known
7426	{get}{pop pop 50}I}
7427	{pop pop 50}I d
7428	/FontMatrix BaseFont /FontMatrix get d
7429	/FontBBox BaseFont /FontBBox get
7430	D 1 get Upos gt {D 1 Upos put}i d
7431	/Encoding BaseFont /Encoding get d
7432	/theChar 1 string d
7433	/BuildChar
7434	{e begin
7435	theChar 0 3 -1 roll put
7436	BaseFont 1000 scalefont setfont
7437	theChar W FontBBox setcachedevice
7438	0 0 M
7439	theChar show
7440	0 Upos rmoveto 0 Upos L
7441	Uwid setlinewidth stroke
7442	end}d
7443	currentdict
7444	end
7445	definefont pop}b
7446	/of {dup fn? {pop pop}{mof}I}b
7447	/uf {1 index fn? {pop pop pop}{muf}I}b
7448	/ns {g CP m3 currentmatrix nulldevice setmatrix T 0 0 M Txt CP pop G}b
7449	/ft {/ftsave save d CP 3 1 roll + e T 0 0 M /show /myshow l Txt ftsave restore}b
7450	/ls {/Txt x 0 ft}b
7451	/cs {/Txt x ns 2 ? neg ft}b
7452	/rs {/Txt x ns neg ft}b
7453	/slp {/sproc x /sr x 0 1 sr length 1 - {sr e 1 v sproc}for}b
7454	/ss
7455	{/Txt x /fsave save d
7456	CP 2 copy T 0 0 M
7457	/ffsave save d pop - /lw x ns /tw x /wsp lw tw sd /nsp 0 d
7458	/show {nsp e {sp eq {1 +}i}slp /nsp x}d
7459	Txt 0 nsp 0 gt {wsp nsp ? +}i ffsave restore /s+ x
7460	/myshow load D systemdict /show get ne
7461	{D D length 1 - get cvlit /charshadow eq {[ e aload pop e pop s+ e ] cvx}i}
7462	{pop {s+ 0 32 4 -1 roll widthshow}}I
7463	/show x Txt fsave restore}b
7464	/cf{D /fn x length 7 + string /ts x ts 0 s1 V ts 7 fn V /fnm ts cvn d
7465	FontDirectory fnm known not {fn cvn findfont 0 cpd /nfd x nfd D /FontName fnm put /Encoding macvec put fnm nfd definefont pop}i}b
7466	pack? {packstate setpacking}i
7467
7468	%-----------------------------------
7469	%Encode PS Fonts to match Mac Fonts
7470	(Helvetica) cf
7471	%-----------------------------------
7472
7473	%----- Begin Main Program -----%
7474	g 0 1 1 0 49.25 111.25 fc
7475	newpath
7476	5.25 -13.75 M
7477	-5.25 13.75 L
7478	1 setlinewidth 0 SG
7479	0 setlinecap [3] 0 setdash
7480	stroke
7481	G
7482	g 0 1 1 0 61 110.5 fc
7483	newpath
7484	-7 -13 M
7485	7 13 L
7486	1 setlinewidth 0 SG
7487	0 setlinecap [3] 0 setdash
7488	stroke
7489	G
7490	g 0 1 1 0 110.25 72.75 fc
7491	newpath
7492	-3.75 -20.25 M
7493	3.75 20.25 L
7494	1 setlinewidth 0 SG
7495	0 setlinecap [3] 0 setdash
7496	stroke
7497	G
7498	g 0 1 1 0 103.75 73.75 fc
7499	newpath
7500	3.25 -21.75 M
7501	-3.25 21.75 L
7502	1 setlinewidth 0 SG
7503	0 setlinecap [3] 0 setdash
7504	stroke
7505	G
7506	g 0 1 -1 0 105 89 fc
7507	/myshow /show load def
7508	0 SG
7509	-18 -2 M
7510	/\|______Helvetica findfont 12 scalefont setfont
7511	{
7512	(U) show
7513	}ls
7514	G
7515	g 0 1 1 0 157.75 92.75 fc
7516	newpath
7517	13.75 -26.25 M
7518	-13.75 26.25 L
7519	1 setlinewidth 0 SG
7520	0 setlinecap [3] 0 setdash
7521	stroke
7522	G
7523	g 0 1 1 0 179.75 85.5 fc
7524	newpath
7525	-7.75 -19 M
7526	7.75 19 L
7527	1 setlinewidth 0 SG
7528	0 setlinecap [3] 0 setdash
7529	stroke
7530	G
7531	g 0 1 1 0 201.75 84 fc
7532	newpath
7533	-20.25 -19 M
7534	20.25 -4 -12.75 6 -6.25 19 curveto
7535	3 setlinewidth 0 SG stroke
7536	G
7537	g 0 1 1 0 151 42 fc
7538	newpath
7539	-23 -4.5 M
7540	-10 13.5 11 -13.5 23 5.5 curveto
7541	3 setlinewidth 0 SG stroke
7542	G
7543	g 0 1 1 0 35 68.5 fc
7544	newpath
7545	-4 -9 M
7546	-6 0 1 5 6 9 curveto
7547	3 setlinewidth 0 SG stroke
7548	G
7549	g 0 1 1 0 77.5 58.75 fc
7550	newpath
7551	-13.5 19.25 M
7552	9.5 8.75 -6.5 -8.25 13.5 -19.25 curveto
7553	3 setlinewidth 0 SG stroke
7554	G
7555	g 0 1 1 0 21.5 48 fc
7556	newpath
7557	-20.5 -10 M
7558	20.5 -10 L
7559	20.5 10 L
7560	-20.5 10 L
7561	closepath
7562	1 setlinewidth 0 SG
7563	0 setlinecap stroke
7564	G
7565	g 0 1 1 0 60 87.5 fc
7566	newpath
7567	-20 -10.5 M
7568	20 -10.5 L
7569	20 10.5 L
7570	-20 10.5 L
7571	closepath
7572	g 1 SG fill G
7573	1 setlinewidth 0 SG
7574	0 setlinecap stroke
7575	G
7576	g 0 1 1 0 110 36.75 fc
7577	newpath
7578	-20 -15.749 M
7579	20 -15.749 L
7580	20 15.749 L
7581	-20 15.749 L
7582	closepath
7583	g 1 SG eofill G
7584	1 setlinewidth 0 SG
7585	0 setlinecap stroke
7586	G
7587	g 0 1 1 0 182 57 fc
7588	newpath
7589	-20 -10 M
7590	20 -10 L
7591	20 10 L
7592	-20 10 L
7593	closepath
7594	g 1 SG fill G
7595	1 setlinewidth 0 SG
7596	0 setlinecap stroke
7597	G
7598	g 0 1 1 0 190.5 115 fc
7599	newpath
7600	-19.5 -10 M
7601	19.5 -10 L
7602	19.5 10 L
7603	-19.5 10 L
7604	closepath
7605	g 1 SG fill G
7606	1 setlinewidth 0 SG
7607	0 setlinecap stroke
7608	G
7609	g 0 1 -1 0 36 51 fc
7610	/myshow /show load def
7611	0 SG
7612	-31 -2 M
7613	/\|______Helvetica findfont 12 scalefont setfont
7614	{
7615	(UÇDÈ) show
7616	}ls
7617	G
7618	g 0 1 -1 0 56 48 fc
7619	/myshow /show load def
7620	0 SG
7621	-11 -4 M
7622	/\|______Helvetica findfont 12 scalefont setfont
7623	{
7624	(D) show
7625	}ls
7626	G
7627	g 0 1 -1 0 151 19 fc
7628	/myshow /show load def
7629	0 SG
7630	-18 -2 M
7631	/\|______Helvetica findfont 12 scalefont setfont
7632	{
7633	(V) show
7634	}ls
7635	G
7636	g 0 1 -1 0 227 61 fc
7637	/myshow /show load def
7638	0 SG
7639	-18 -2 M
7640	/\|______Helvetica findfont 12 scalefont setfont
7641	{
7642	(W) show
7643	}ls
7644	G
7645	g 0 1 -1 0 232 117 fc
7646	/myshow /show load def
7647	0 SG
7648	-18 -2 M
7649	/\|______Helvetica findfont 12 scalefont setfont
7650	{
7651	(E) show
7652	}ls
7653	G
7654	g 0 1 -1 0 110.999 37.249 fc
7655	/myshow /show load def
7656	0 SG
7657	-18 2 M
7658	/\|______Helvetica findfont 12 scalefont setfont
7659	{
7660	(WÇVÈ) show
7661	}ls
7662	-18 -12 M
7663	{
7664	(UÇVÈ) show
7665	}ls
7666	G
7667	g 0 1 -1 0 72.5 91 fc
7668	/myshow /show load def
7669	0 SG
7670	-31 -2 M
7671	/\|______Helvetica findfont 12 scalefont setfont
7672	{
7673	(VÇUÈ) show
7674	}ls
7675	G
7676	g 0 1 -1 0 183 60.75 fc
7677	/myshow /show load def
7678	0 SG
7679	-19 -2 M
7680	/\|______Helvetica findfont 12 scalefont setfont
7681	{
7682	(VÇWÈ) show
7683	}ls
7684	G
7685	g 0 1 -1 0 190 115 fc
7686	/myshow /show load def
7687	0 SG
7688	-18 -4 M
7689	/\|______Helvetica findfont 12 scalefont setfont
7690	{
7691	(WÇEÈ) show
7692	}ls
7693	G
7694	g 0 1 1 0 166.25 29 fc
7695	newpath
7696	13.75 17.5 M
7697	-13.75 -17.5 L
7698	1 setlinewidth 0 SG
7699	0 setlinecap [3] 0 setdash
7700	stroke
7701	G
7702	g 0 1 1 0 96 10.75 fc
7703	newpath
7704	4.5 9.75 M
7705	-4.5 -9.75 L
7706	1 setlinewidth 0 SG
7707	0 setlinecap [3] 0 setdash
7708	stroke
7709	G
7710	g 0 1 1 0 59 56.25 fc
7711	newpath
7712	2 20.75 M
7713	-2 -20.75 L
7714	1 setlinewidth 0 SG
7715	0 setlinecap [3] 0 setdash
7716	stroke
7717	G
7718
7719	%------ End Main Program ------%
7720
7721	end
7722	vmstate restore
7723
7724	%%Trailer
7725
7726	%%Pages:1
7727
7728	pse
7729	psb
7730	pse
7731	psb
7732	/psb /mypsb load store /pse /mypse load store pse
7733	gR
7734	gS 13 12 568 818 rC
7735	168 625 :M
7736	f3_9 sf
7737	-.007(Figure 5 \321 Non-hierarchical Certification Path \320 An Example)A
7738	54 649 :M
7739	f6_10 sf
7740	1.21 .121(In the more general case the Certification Authorities do not relate in a hierarchical manner. Referring to the)J
7741	54 660 :M
7742	.148 .015(hypothetical example in Figure 5, suppose a user D, certified by U, wishes to authenticate to user E, certified by W.)J
7743	54 671 :M
7744	-.005(The Directory entry of user D shall hold the certificate U\307D\310 and the entry of user E shall hold the certificate W\307E\310.)A
7745	54 694 :M
7746	.215 .021(Let V be a CA with whom CAs U and W have at some previous time exchanged public keys in a trusted way. As a)J
7747	54 705 :M
7748	.145 .015(result, certificates U\307V\310, V\307U\310, W\307V\310 and V\307W\310 have been generated and stored in the Directory. Assume U\307V\310)J
7749	54 716 :M
7750	-.003(and W\307V\310 are stored in the entry of V, V\307U\310 is stored in U\325s entry, and V\307W\310 is stored in W\325s entry.)A
7751	54 739 :M
7752	.407 .041(User D must find a certification path to E. Various strategies could be used. One such strategy would be to regard)J
7753	54 750 :M
7754	.064 .006(the users and CAs as nodes, and the certificates as arcs in a directed graph. in these terms, D has to perform a search)J
7755	54 761 :M
7756	.243 .024(in the graph to find a path from U to E, one such being U\307V\310, V\307W\310, W\307E\310. When this path has been discovered,)J
7757	54 772 :M
7758	-.006(the reverse path W\307V\310, V\307U\310, U\307D\310 can also be constructed.)A
7759	endp
7760	%%Page: 19 19
7761	%%BeginPageSetup
7762	initializepage
7763	(hoyt; page: 19 of 40)setjob
7764	%%EndPageSetup
7765	-13 -12 :T
7766	gS 13 12 568 818 rC
7767	427 45 :M
7768	f3_10 sf
7769	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
7770	390 803 :M
7771	-.017(ITU-T Rec. X.509 $1993 E$)A
7772	531 803 :M
7773	(13)S
7774	72 83 :M
7775	f3_14 sf
7776	(9)S
7777	94 83 :M
7778	-.021(Digital signatures)A
7779	72 102 :M
7780	f6_10 sf
7781	.199 .02(This clause is not intended to specify a standard for digital signatures in general, but to specify the means by which)J
7782	72 113 :M
7783	-.011(the tokens are signed in the Directory.)A
7784	72 136 :M
7785	-.01(Information $info$ is signed by appending to it an enciphered summary of the information. The summary is produced)A
7786	72 147 :M
7787	.451 .045(by means of a one-way hash function, while the enciphering is carried out using the private key of the signer \(see)J
7788	72 158 :M
7789	-.066(Figure 6\). Thus)A
7790	90 175 :M
7791	-.013(X{Info} = Info, Xs[h $Info$])A
7792	90 196 :M
7793	f3_9 sf
7794	-.081(Note \321 )A
7795	122 196 :M
7796	f6_9 sf
7797	-.001(The encipherment using the private key ensures that the signature cannot be forged. The one-way nature of the hash)A
7798	90 206 :M
7799	1.154 .115(function ensures that false information, generated so as to have the same hash result $and thus signature$, cannot be)J
7800	90 216 :M
7801	-.022(substituted.)A
7802	:a
7803	36 <3049883AB59CF039
7804	><3030304949498888883A3A3AB5B5B59C9C9CF0F0F0393939
7805	>fg null :b
7806	161 231 286 141 rC
7807	0 <FFFFFFFFFFFFFFFF
7808	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
7809	>fg null :b
7810	861 294 :M
7811	%%DSIDICT:_cv
7812	userdict /_cv known not dup {userdict /_cv 20 dict put}if
7813	_cv begin
7814	/bdf{bind def}bind def
7815	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
7816	/setcmykcolor where{/setcmykcolor get /cvcmyk exch def}{/cvcmyk{1 sub 4 1 roll 3{3 index add neg dup 0 lt{pop 0}if 3 1 roll}repeat setrgbcolor pop}bdf }ifelse
7817	/stg{isDeviceColor {cf ca /cs load setscreen setgray}{pop}ifelse}bdf
7818	/strgb{isDeviceColor {cf ca /cs load setscreen setrgbcolor}{pop pop pop}ifelse}bdf
7819	/stcmyk{isDeviceColor {cf ca /cs load setscreen cvcmyk}{pop pop pop pop}ifelse}bdf
7820	/min1{dup 0 eq{pop 1}if}bdf
7821	currentscreen/cs exch def/ca exch def/cf exch def
7822	end
7823	0 <FFFFFFFFFFFFFFFF
7824	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
7825	>fg null :b
7826	0 0 0 0 rC
7827	gR
7828	:a
7829	0 <FFFFFFFFFFFFFFFF
7830	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
7831	>fg null :b
7832	gS 161 231 286 141 rC
7833	861 294 :M
7834	psb
7835	pse
7836	:e
7837	0 G
7838	161 231 :M
7839	psb
7840
7841	currentpoint
7842	pse
7843	447 372 :M
7844	psb
7845	%%CopyWithEps
7846
7847	currentpoint
7848	2 index sub exch 3 index sub
7849	260 div exch 129 div 3 index 164 sub 3 index 104 sub 4 2 roll 5 index 5 index translate
7850	scale
7851	4 2 roll neg exch neg exch translate translate
7852	%!PS-Adobe-2.0 EPSF-1.2
7853	%%Title: EPSFile
7854	%%Creator: Canvas 3.5
7855	%%For: hoyt
7856	%%CreationDate: 17 May 1994 20:58
7857	%%BoundingBox: 162 103 425 234
7858	%%DocumentProcSets: CanvasDict
7859	%%DocumentSuppliedProcSets: CanvasDict
7860	%%Copyright ©1988-91 Deneba Systems, Inc. - All Rights Reserved Worldwide
7861	%%DocumentFonts: Helvetica
7862	%%DocumentNeededFonts: Helvetica
7863	%%EndComments
7864	%%BeginProcSet:CanvasDict
7865	/CanvasDict where not{/CanvasDict 250 dict def}{pop}ifelse
7866	CanvasDict begin
7867	systemdict/setpacking known{/origpack currentpacking def true setpacking}if
7868	/bdf{bind def}bind def
7869	/_cv 20 dict begin
7870	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
7871	/stg{isDeviceColor{setgray}{pop}ifelse}bdf
7872	/strgb{isDeviceColor{setrgbcolor}{pop pop pop}ifelse}bdf
7873	/stcmyk{isDeviceColor{setcmykcolor}{pop pop pop pop}ifelse}bdf
7874	currentdict end def
7875	/xdf{exch bind def}bdf
7876	/min{2 copy gt{exch}if pop}bdf
7877	/edf{exch def}bdf
7878	/max{2 copy lt{exch}if pop}bdf
7879	/cvmtx matrix def
7880	/tpmx matrix def
7881	/currot 0 def
7882	/rotmtx matrix def
7883	/origmtx matrix def
7884	/cvangle{360 exch sub 90 add 360 mod}bdf
7885	/setrot{/currot edf rotmtx currentmatrix pop 2 copy translate currot rotate neg exch neg exch translate}bdf
7886	/endrot{rotmtx setmatrix /currot 0 def}bdf
7887	/i systemdict/image get def/T true def/F false def/dbg F def
7888	/ncolors 0 def/st0 ()def/st1 ()def/proc0 {}def
7889	/penh 1 def/penv 1 def/penv2 0 def/penh2 0 def/samplesize 0 def/width 0 def/height 0 def
7890	/setcmykcolor where not{/setcmykcolor{/b edf 3{b add 1.0 exch sub 0.0 max 1.0 min 3 1 roll}repeat systemdict begin setrgbcolor end}bdf}{pop}ifelse
7891	/doeoclip{closepath{eoclip}stopped{currentflat dup 2 mul setflat eoclip setflat}if}bdf
7892	/SpaceExtra 0 def/LetterSpace 0 def/StringLength 0 def/NumSpaces 0 def/JustOffset 0 def
7893	/f0{eofill} def
7894	/s0{1 setlinewidth cvmtx currentmatrix pop penh penv scale stroke cvmtx setmatrix}bdf
7895	/f1{_bp _fp impat}def
7896	/s1{cvmtx currentmatrix pop 1 setlinewidth penh penv scale
7897	{strokepath}stopped{currentflat dup 2 mul setflat strokepath setflat}if
7898	_bp
7899	cvmtx setmatrix _fp impat}def
7900	/filltype 0 def
7901	/stroketype 0 def
7902	/f{filltype 0 eq{f0}{f1}ifelse}bdf
7903	/s{stroketype 0 eq{s0}{s1}ifelse}bdf
7904	/_fp{}def
7905	/_bp{}def
7906	/_fg 1 def
7907	/_pg 0 def
7908	/_bkg 1 def
7909	/_frg 0 def
7910	/_frgb 3 array def
7911	/_frrgb [0 0 0] def
7912	/_fcmyk 4 array def
7913	/_frcmyk [0 0 0 1] def
7914	/_prgb 3 array def
7915	/_pcmyk 4 array def
7916	/_bkrgb [1 1 1] def
7917	/_bkcmyk [0 0 0 0] def
7918	/fg{/_fg exch def /filltype 0 def/fills{_fg setgray}def}def
7919	/frgb{_frgb astore pop /filltype 0 def/fills{_frgb aload pop setrgbcolor}def}def
7920	/fcmyk{_fcmyk astore pop /filltype 0 def/fills{_fcmyk aload pop setcmykcolor}def}def
7921	/pg{/_pg exch def /stroketype 0 def/pens{_pg setgray}def}def
7922	/prgb{_prgb astore pop /stroketype 0 def/pens{_prgb aload pop setrgbcolor}def}def
7923	/pcmyk{_pcmyk astore pop /stroketype 0 def/pens{_pcmyk aload pop setcmykcolor}def}def
7924	/fpat{/fstr edf/filltype 1 def/fills{/patstr fstr def}bdf}bdf
7925	/ppat{/sstr edf/stroketype 1 def/pens{/patstr sstr def}bdf}bdf
7926	/bkg{ /_bkg exch def /_bp{gsave _bkg setgray fill grestore}def}def
7927	/bkrgb{_bkrgb astore pop/_bp{gsave _bkrgb aload pop setrgbcolor fill grestore}def}def
7928	/bkcmyk{_bkcmyk astore pop/_bp{gsave _bkcmyk aload pop setcmykcolor fill grestore}def}def
7929	/frg{ /_frg exch def /_fp{_frg setgray}def}def
7930	/frrgb{_frrgb astore pop/_fp{_frrgb aload pop setrgbcolor}def}def
7931	/frcmyk{_frcmyk astore pop/_fp{_frcmyk aload pop setcmykcolor}def}def
7932	/icomp{/ncolors edf
7933	ncolors 1 gt{/proc0 edf
7934	dup dup 0 get ncolors div cvi exch 0 3 -1 roll put
7935	4 -1 roll ncolors div cvi 4 1 roll{proc0 dup/st0 edf
7936	0 exch ncolors exch length
7937	dup ncolors sub exch ncolors div cvi string/st1 edf
7938	{dup 0 exch dup 1 exch
7939	2 add{st0 exch get add}bind for
7940	3 div ncolors 4 eq{exch dup 3 1 roll 3 add st0 exch get add 255 exch sub dup 0 lt{pop 0}if}if cvi
7941	dup 255 gt{pop 255}if
7942	exch ncolors div cvi exch
7943	st1 3 1 roll put}bind for
7944	st1}}if i}bdf
7945	/ci
7946	{/colorimage where
7947	{pop false exch colorimage}
7948	{icomp}
7949	ifelse}bdf
7950	/impat
7951	{/cnt 0 def
7952	/MySave save def
7953	currot 0 ne{currot neg rotate}if
7954	clip
7955	flattenpath
7956	pathbbox
7957	3 -1 roll
7958	8 div floor 8 mul dup/starty edf
7959	sub abs 8 div ceiling 8 mul cvi/height edf
7960	exch 8 div floor 8 mul dup/startx edf
7961	sub abs 8 div ceiling 8 mul cvi/width edf
7962	startx starty translate
7963	width height scale
7964	/height height 8 mul def
7965	/st0 width string def
7966	width height T [width 0 0 height neg 0 height]
7967	{patstr
7968	cnt 8 mod
7969	get/st1 edf
7970	0 1
7971	st0 length 1 sub dup 0 le{pop 1}if
7972	{st0 exch
7973	st1
7974	put}bind for/cnt cnt 1 add def
7975	st0}bind
7976	imagemask
7977	MySave restore
7978	newpath}bdf
7979	/cm{/ncolors edf
7980	translate
7981	scale/height edf/colorimage where
7982	{pop}
7983	{ncolors mul}ifelse/width edf
7984	/tbitstr width string def
7985	width height 8 [width 0 0 height neg 0 height]
7986	{currentfile tbitstr readhexstring pop}bind
7987	ncolors
7988	dup 3 eq {ci}{icomp}ifelse}bdf
7989	/im{translate
7990	scale
7991	/height edf
7992	/width edf
7993	/tbitstr width 7 add 8 div cvi string def
7994	width height 1 [width 0 0 height neg 0 height]
7995	{currentfile tbitstr readhexstring pop}bind
7996	i}bdf
7997	/imk{/invFlag edf
7998	translate
7999	scale
8000	/height edf
8001	/width edf
8002	/tbitstr width 7 add 8 div cvi string def
8003	width height invFlag [width 0 0 height neg 0 height]
8004	{currentfile tbitstr readhexstring pop}bind
8005	imagemask}bdf
8006	/BeginEPSF
8007	{/MySave save def
8008	/dict_count countdictstack def
8009	/op_count count 1 sub def
8010	userdict begin
8011	/showpage {} def
8012	0 setgray 0 setlinecap
8013	1 setlinewidth 0 setlinejoin
8014	10 setmiterlimit [] 0 setdash newpath
8015	/languagelevel where
8016	{pop languagelevel 1 ne{false setstrokeadjust false setoverprint}if}if
8017	}bdf
8018	/EndEPSF
8019	{count op_count sub {pop}repeat
8020	countdictstack dict_count sub {end}repeat
8021	MySave restore}bdf
8022	/rectpath {/cv_r edf/cv_b edf/cv_l edf/cv_t edf
8023	cv_l cv_t moveto cv_r cv_t lineto cv_r cv_b lineto cv_l cv_b lineto cv_l cv_t lineto closepath}bdf
8024	/setpen{/penh edf/penv edf/penv2 penv 2 div def/penh2 penh 2 div def}bdf
8025	/dostroke{not pens 1.0 currentgray ne or {s}{newpath}ifelse}bdf
8026	/dodashfill{not fills 1.0 currentgray ne or
8027	{gsave f grestore gsave [] 0 setdash
8028	stroketype/stroketype filltype def
8029	s/stroketype edf grestore}{newpath}ifelse}bdf
8030	/dofill{not fills 1.0 currentgray ne or {f}{newpath}ifelse}bdf
8031	/dofillsave{not fills 1.0 currentgray ne or {gsave f grestore}if}bdf
8032	/doline{not pens 1.0 currentgray ne or {filltype/filltype stroketype def f/filltype edf}{newpath}ifelse}bdf
8033	/spx{SpaceExtra 0 32 4 -1 roll widthshow}bdf
8034	/lsx{SpaceExtra 0 32 LetterSpace 0 6 -1 roll awidthshow}bdf
8035	/Rjust{stringwidth pop JustOffset exch sub /JustOffset edf}bdf
8036	/Cjust{stringwidth pop 2 div JustOffset exch sub /JustOffset edf}bdf
8037	/adjfit{stringwidth pop LetterSpace StringLength 1 sub mul add SpaceExtra NumSpaces mul add dup /pw edf JustOffset exch
8038	sub dup /wdif edf StringLength div LetterSpace add /LetterSpace edf}bdf
8039	/ulb{currentpoint pop /underlinpt edf}bdf
8040	/ule{gsave currentpoint newpath moveto currentfont dup /ft1 known{dup /ft1 get begin /FontMatrix get FontMatrix tpmx concatmatrix pop}
8041	{begin FontMatrix tpmx copy pop}ifelse currentfont /FontInfo known {FontInfo begin UnderlinePosition UnderlineThickness end}{100 1}ifelse end dup tpmx
8042	dtransform pop setlinewidth dup tpmx dtransform pop 0 exch rmoveto underlinpt currentpoint pop sub 0 rlineto stroke grestore}bdf
8043	/fittext{ /SpaceExtra edf /LetterSpace edf /StringLength edf /NumSpaces edf /JustOffset edf not 1 currentgray ne or
8044	{dup {ulb}if exch
8045	dup adjfit
8046	lsx {ule}if}{pop pop}ifelse}bdf
8047	/cvRecFont{/encod edf FontDirectory 2 index known{cleartomark}{findfont dup length 1 add dict begin
8048	{1 index/FID ne{def}{pop pop}ifelse}forall encod{/Encoding CVvec def}if
8049	currentdict end definefont cleartomark}ifelse}bdf
8050	/wrk1 ( ) def/wdict 16 dict def
8051	/Work75 75 string def /Nmk{Work75 cvs dup}bdf /Npt{put cvn}bdf /dhOdh{Nmk 2 79 Npt}bdf /dhodh{Nmk 2 111 Npt}bdf /dhSdh{Nmk 2 83 Npt}bdf
8052	/sfWidth{gsave 0 0 moveto 0 0 lineto 0 0 lineto 0 0 lineto closepath clip stringwidth grestore}bdf
8053	/MakOF{dup dhodh FontDirectory 1 index known{exch pop}{exch findfont dup length 1 add dict begin
8054	{1 index/FID ne 2 index /UniqueID ne and{def}{pop pop}ifelse}forall
8055	/PaintType 2 def
8056	/StrokeWidth .24 1000 mul ftSize div dup 12 lt{pop 12}if def
8057	dup currentdict end definefont pop}ifelse}bdf
8058	/fts{dup/ftSize edf}def
8059	/mkFT{/tempFT 11 dict def tempFT begin
8060	/FontMatrix [1 0 0 1 0 0] def/FontType 3 def
8061	FontDirectory 3 index get /Encoding get/Encoding exch def
8062	/proc2 edf/ft2 exch findfont def/ft1 exch findfont def/FontBBox [0 0 1 1] def
8063	/BuildChar{wdict begin/chr edf/ftdt edf/chrst wrk1 dup 0 chr put def ftdt/proc2 get exec end}def
8064	end tempFT definefont pop}bdf
8065	/OLFt{dup dhOdh FontDirectory 1 index known{exch pop}
8066	{dup 3 -1 roll dup MakOF {outproc} mkFT}ifelse}bdf
8067	/mshw{moveto show}bdf
8068	/outproc{ftdt/ft1 get setfont gsave chrst sfWidth grestore setcharwidth dblsh}bdf
8069	/dblsh{currentgray 1 setgray chrst 0 0 mshw setgray ftdt/ft2 get setfont chrst 0 0 mshw}bdf
8070	/ShadChar{ftdt/ft1 get setfont gsave chrst sfWidth 1 index 0 ne{exch .05 add exch}if grestore setcharwidth
8071	chrst .06 0 mshw 0 .05 translate dblsh}bdf
8072	/ShFt{dup dhSdh FontDirectory 1 index known{exch pop}
8073	{dup 3 -1 roll dup MakOF {ShadChar} mkFT}ifelse}bdf
8074	/LswUnits{72 75 div dup scale}bdf
8075	/erasefill{_bp}def
8076	/CVvec 256 array def
8077	/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US
8078	CVvec 0 32 getinterval astore pop
8079	CVvec 32/Times-Roman findfont/Encoding get
8080	32 96 getinterval putinterval CVvec dup 39/quotesingle put 96/grave put
8081	/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute
8082	/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave
8083	/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute
8084	/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis
8085	/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls
8086	/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash
8087	/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation
8088	/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash
8089	/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft
8090	/guillemotright/ellipsis/blank/Agrave/Atilde/Otilde/OE/oe
8091	/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge
8092	/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl
8093	/daggerdbl/periodcentered/quotesinglbase/quotedblbase/perthousand/Acircumflex/Ecircumflex/Aacute
8094	/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex
8095	/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde
8096	/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron
8097	CVvec 128 128 getinterval astore pop
8098	end
8099	%%EndProcSet
8100	%%BeginSetup
8101	CanvasDict begin
8102	0 setlinecap
8103	0 setlinejoin
8104	4 setmiterlimit
8105	/currot 0 def
8106	origmtx currentmatrix pop
8107	[] 0 setdash
8108	1 1 setpen
8109	1 fg
8110	0 pg
8111	0 frg
8112	1 bkg
8113	newpath
8114	/dbg F def
8115	294 168.5 translate
8116	1 -1 scale
8117	-294 -168.5 translate
8118	%%EndSetup
8119	% ---- Object #1:1 Obj Type: 99
8120	% ---- Object #2:37 Obj Type: 99
8121	% ---- Object #3:5 Obj Type: 4
8122	0 setlinecap
8123	0 setlinejoin
8124	[10 4] 0 setdash
8125	231.5 183.5 115.5 249.5 rectpath
8126	F dodashfill
8127	F dostroke
8128	% ---- Object #4:6 Obj Type: 4
8129	0 setlinecap
8130	0 setlinejoin
8131	[10 4] 0 setdash
8132	232.5 304.5 117.5 368.5 rectpath
8133	F dodashfill
8134	F dostroke
8135	% ---- Object #5:22 Obj Type: 99
8136	% ---- Object #6:8 Obj Type: 4
8137	0 setlinecap
8138	0 setlinejoin
8139	[] 0 setdash
8140	169.5 189.5 151.5 206.5 rectpath
8141	F dofillsave
8142	F dostroke
8143	% ---- Object #7:9 Obj Type: 2
8144	save
8145	0 setgray
8146	mark /\|___Helvetica /Helvetica T cvRecFont
8147	12 fts /\|___Helvetica findfont exch scalefont setfont
8148	0 setgray
8149	194.375 156.25 moveto
8150	(h)
8151	show
8152	restore
8153	% ---- Object #8:20 Obj Type: 99
8154	% ---- Object #9:10 Obj Type: 4
8155	0 setlinecap
8156	0 setlinejoin
8157	169.5 311.5 152.5 325.5 rectpath
8158	F dofillsave
8159	F dostroke
8160	% ---- Object #10:11 Obj Type: 2
8161	save
8162	0 setgray
8163	mark /\|___Helvetica /Helvetica T cvRecFont
8164	12 fts /\|___Helvetica findfont exch scalefont setfont
8165	0 setgray
8166	314.875 156.75 moveto
8167	(h)
8168	show
8169	restore
8170	% ---- Object #11:18 Obj Type: 99
8171	% ---- Object #12:12 Obj Type: 4
8172	0 setlinecap
8173	0 setlinejoin
8174	202.5 218.5 181.5 238.5 rectpath
8175	F dostroke
8176	% ---- Object #13:13 Obj Type: 2
8177	save
8178	0 setgray
8179	mark /\|___Helvetica /Helvetica T cvRecFont
8180	12 fts /\|___Helvetica findfont exch scalefont setfont
8181	0 setgray
8182	223.875 187.75 moveto
8183	(E)
8184	show
8185	restore
8186	% ---- Object #14:19 Obj Type: 99
8187	% ---- Object #15:34 Obj Type: 4
8188	0 setlinecap
8189	0 setlinejoin
8190	202.5 339.5 180.5 357.5 rectpath
8191	F dostroke
8192	% ---- Object #16:36 Obj Type: 2
8193	save
8194	0 setgray
8195	mark /\|___Helvetica /Helvetica T cvRecFont
8196	12 fts /\|___Helvetica findfont exch scalefont setfont
8197	0 setgray
8198	343.375 187.25 moveto
8199	(D)
8200	show
8201	restore
8202	% ---- Object #17:27 Obj Type: 2
8203	save
8204	0 setgray
8205	mark /\|___Helvetica /Helvetica T cvRecFont
8206	9 fts /\|___Helvetica findfont exch scalefont setfont
8207	0 setgray
8208	373.125 181 moveto
8209	(compare)
8210	F F 34.9417 0 7 0 0 fittext
8211	restore
8212	% ---- Object #18:28 Obj Type: 2
8213	save
8214	0 setgray
8215	mark /\|___Helvetica /Helvetica T cvRecFont
8216	9 fts /\|___Helvetica findfont exch scalefont setfont
8217	0 setgray
8218	197.875 106.25 moveto
8219	(signer $X$)
8220	F F 38.9272 1 10 0 0 fittext
8221	restore
8222	% ---- Object #19:29 Obj Type: 2
8223	save
8224	0 setgray
8225	mark /\|___Helvetica /Helvetica T cvRecFont
8226	9 fts /\|___Helvetica findfont exch scalefont setfont
8227	0 setgray
8228	320.375 105.25 moveto
8229	(recipient)
8230	F F 33.9436 0 9 0 0 fittext
8231	restore
8232	% ---- Object #20:30 Obj Type: 2
8233	save
8234	0 setgray
8235	mark /\|___Helvetica /Helvetica T cvRecFont
8236	9 fts /\|___Helvetica findfont exch scalefont setfont
8237	0 setgray
8238	193.375 222.25 moveto
8239	(private key)
8240	F F 43.4303 1 11 0 0 fittext
8241	0 setgray
8242	193.375 212.5 moveto
8243	($Xs$)
8244	F F 16.4641 0 4 0 0 fittext
8245	restore
8246	% ---- Object #21:31 Obj Type: 2
8247	save
8248	0 setgray
8249	mark /\|___Helvetica /Helvetica T cvRecFont
8250	9 fts /\|___Helvetica findfont exch scalefont setfont
8251	0 setgray
8252	315.875 222.25 moveto
8253	(public key)
8254	F F 39.9384 1 10 0 0 fittext
8255	0 setgray
8256	315.875 212.5 moveto
8257	($Xp$)
8258	F F 16.9663 0 4 0 0 fittext
8259	restore
8260	% ---- Object #22:32 Obj Type: 2
8261	save
8262	0 setgray
8263	mark /\|___Helvetica /Helvetica T cvRecFont
8264	9 fts /\|___Helvetica findfont exch scalefont setfont
8265	0 setgray
8266	253.625 195.5 moveto
8267	(Xs[h$info$])
8268	F F 40.9298 0 11 0 0 fittext
8269	restore
8270	% ---- Object #23:33 Obj Type: 2
8271	save
8272	0 setgray
8273	mark /\|___Helvetica /Helvetica T cvRecFont
8274	9 fts /\|___Helvetica findfont exch scalefont setfont
8275	0 setgray
8276	263.375 132.25 moveto
8277	(info)
8278	F F 14.479 0 4 0 0 fittext
8279	restore
8280	% ---- Object #24:35 Obj Type: 3
8281	2 setlinecap
8282	0 setlinejoin
8283	gsave
8284	newpath
8285	411.7237 125.3958 moveto
8286	410.7231 128.1449 410.7231 130.8553 411.7237 133.6044 curveto
8287	417.3619 131.5522 417.3619 131.5522 423 129.5 curveto
8288	423 129.5 411.7237 125.3958 411.7237 125.3958 curveto
8289	closepath
8290	F doline
8291	grestore
8292	gsave
8293	newpath
8294	166 129.5 moveto
8295	411.25 129.5 lineto
8296	F dostroke
8297	grestore
8298	% ---- Object #25:4 Obj Type: 3
8299	2 setlinecap
8300	0 setlinejoin
8301	gsave
8302	newpath
8303	200.6042 140.7237 moveto
8304	197.8551 139.7231 195.1447 139.7231 192.3956 140.7237 curveto
8305	194.4478 146.3619 194.4478 146.3619 196.5 152 curveto
8306	196.5 152 200.6042 140.7237 200.6042 140.7237 curveto
8307	closepath
8308	F doline
8309	grestore
8310	gsave
8311	newpath
8312	196.5 130 moveto
8313	196.5 140.25 lineto
8314	F dostroke
8315	grestore
8316	% ---- Object #26:7 Obj Type: 3
8317	2 setlinecap
8318	0 setlinejoin
8319	gsave
8320	newpath
8321	322.1042 141.4737 moveto
8322	319.3551 140.4731 316.6447 140.4731 313.8956 141.4737 curveto
8323	315.9478 147.1119 315.9478 147.1119 318 152.75 curveto
8324	318 152.75 322.1042 141.4737 322.1042 141.4737 curveto
8325	closepath
8326	F doline
8327	grestore
8328	gsave
8329	newpath
8330	318 130 moveto
8331	318 141 lineto
8332	F dostroke
8333	grestore
8334	% ---- Object #27:17 Obj Type: 3
8335	2 setlinecap
8336	0 setlinejoin
8337	gsave
8338	newpath
8339	196.3333 170.6 moveto
8340	196.3333 192.35 lineto
8341	F dostroke
8342	grestore
8343	% ---- Object #28:21 Obj Type: 3
8344	2 setlinecap
8345	0 setlinejoin
8346	gsave
8347	newpath
8348	206.857 188.2958 moveto
8349	205.8564 191.0449 205.8564 193.7553 206.857 196.5044 curveto
8350	212.4952 194.4522 212.4952 194.4522 218.1333 192.4 curveto
8351	218.1333 192.4 206.857 188.2958 206.857 188.2958 curveto
8352	closepath
8353	F doline
8354	grestore
8355	gsave
8356	newpath
8357	196.3333 192.4 moveto
8358	206.3833 192.4 lineto
8359	F dostroke
8360	grestore
8361	% ---- Object #29:15 Obj Type: 3
8362	2 setlinecap
8363	0 setlinejoin
8364	gsave
8365	newpath
8366	327.2237 188.1458 moveto
8367	326.2231 190.8949 326.2231 193.6053 327.2237 196.3544 curveto
8368	332.8619 194.3022 332.8619 194.3022 338.5 192.25 curveto
8369	338.5 192.25 327.2237 188.1458 327.2237 188.1458 curveto
8370	closepath
8371	F doline
8372	grestore
8373	gsave
8374	newpath
8375	238.25 192.25 moveto
8376	326.75 192.25 lineto
8377	F dostroke
8378	grestore
8379	% ---- Object #30:25 Obj Type: 3
8380	2 setlinecap
8381	0 setlinejoin
8382	gsave
8383	newpath
8384	411.7237 187.8958 moveto
8385	410.7231 190.6449 410.7231 193.3553 411.7237 196.1044 curveto
8386	417.3619 194.0522 417.3619 194.0522 423 192 curveto
8387	423 192 411.7237 187.8958 411.7237 187.8958 curveto
8388	closepath
8389	F doline
8390	grestore
8391	gsave
8392	newpath
8393	357.5 192.25 moveto
8394	411.2501 192.0448 lineto
8395	F dostroke
8396	grestore
8397	% ---- Object #31:14 Obj Type: 3
8398	2 setlinecap
8399	0 setlinejoin
8400	gsave
8401	newpath
8402	318 169.75 moveto
8403	318 174.75 lineto
8404	F dostroke
8405	grestore
8406	% ---- Object #32:24 Obj Type: 3
8407	2 setlinecap
8408	0 setlinejoin
8409	gsave
8410	newpath
8411	411.7237 171.1458 moveto
8412	410.7231 173.8949 410.7231 176.6053 411.7237 179.3544 curveto
8413	417.3619 177.3022 417.3619 177.3022 423 175.25 curveto
8414	423 175.25 411.7237 171.1458 411.7237 171.1458 curveto
8415	closepath
8416	F doline
8417	grestore
8418	gsave
8419	newpath
8420	318 175.25 moveto
8421	411.25 175.25 lineto
8422	F dostroke
8423	grestore
8424	% ---- Object #33:23 Obj Type: 3
8425	2 setlinecap
8426	0 setlinejoin
8427	gsave
8428	newpath
8429	343.8958 213.7763 moveto
8430	346.6449 214.7769 349.3553 214.7769 352.1044 213.7763 curveto
8431	350.0522 208.1381 350.0522 208.1381 348 202.5 curveto
8432	348 202.5 343.8958 213.7763 343.8958 213.7763 curveto
8433	closepath
8434	F doline
8435	grestore
8436	gsave
8437	newpath
8438	348 221 moveto
8439	348 214.25 lineto
8440	F dostroke
8441	grestore
8442	% ---- Object #34:26 Obj Type: 3
8443	2 setlinecap
8444	0 setlinejoin
8445	gsave
8446	newpath
8447	224.3958 213.7763 moveto
8448	227.1449 214.7769 229.8553 214.7769 232.6044 213.7763 curveto
8449	230.5522 208.1381 230.5522 208.1381 228.5 202.5 curveto
8450	228.5 202.5 224.3958 213.7763 224.3958 213.7763 curveto
8451	closepath
8452	F doline
8453	grestore
8454	gsave
8455	newpath
8456	228.5 221 moveto
8457	228.5 214.25 lineto
8458	F dostroke
8459	grestore
8460	origmtx setmatrix
8461	systemdict /setpacking known {origpack setpacking} if end
8462	%%EndDocument:
8463	pse
8464	gR
8465	:e
8466	gS 13 12 568 818 rC
8467	248 385 :M
8468	0 G
8469	f3_9 sf
8470	-.035(Figure 6 \321 Digital Signatures)A
8471	72 409 :M
8472	f6_10 sf
8473	-.004(The recipient of signed information veri\336es the signature by:)A
8474	90 426 :M
8475	(\321)S
8476	108 426 :M
8477	-.009(applying the one-way hash function to the information,)A
8478	90 443 :M
8479	(\321)S
8480	108 443 :M
8481	-.002(comparing the result with that obtained by deciphering the signature using the public key of the signer.)A
8482	72 466 :M
8483	.531 .053(This authentication framework does not mandate a single one-way hash function for use in signing. It is intended)J
8484	72 477 :M
8485	.271 .027(that the framework shall be applicable to any suitable hash function, and shall thus support changes to the methods)J
8486	72 488 :M
8487	1.634 .163(used as a result of future advances in cryptography, mathematical techniques or computational capabilities.)J
8488	72 499 :M
8489	.151 .015(However, two users wishing to authenticate shall support the same hash function for authentication to be performed)J
8490	72 510 :M
8491	.836 .084(correctly. Thus, within the context of a set of related applications, the choice of a single function shall serve to)J
8492	72 521 :M
8493	-.012(maximize the community of users able to authenticate and communicate securely.)A
8494	72 544 :M
8495	.196 .02(The signed information includes indicators that identify the hashing algorithm and the encryption algorithm used to)J
8496	72 555 :M
8497	-.029(compute the digital signature.)A
8498	72 578 :M
8499	-.011(The encipherment of some data item may be described using the following ASN.1:)A
8500	103 595 :M
8501	f0_9 sf
8502	-.018(ENCRYPTED { ToBeEnciphered })A
8503	250 595 :M
8504	-.123(::=)A
8505	281 595 :M
8506	-.035(BIT STRING \( CONSTRAINED BY {)A
8507	130 606 :M
8508	f2_9 sf
8509	(-- must be the result of applying an encipherment procedure --)S
8510	130 617 :M
8511	-.012(-- to the BER-encoded octets of a value of -- )A
8512	309 617 :M
8513	f0_9 sf
8514	-.066(ToBeEnciphered}\))A
8515	72 634 :M
8516	f6_10 sf
8517	.609 .061(The value of the bit string is generated by taking the octets which form the complete encoding \(using the ASN.1)J
8518	72 645 :M
8519	1.055 .105(Basic Encoding Rules \321 ITU-T Rec. X.690 \| ISO/IEC 8825-1\) of the value of the )J
8520	428 645 :M
8521	f0_9 sf
8522	-.038(ToBeEnciphered)A
8523	500 645 :M
8524	f6_10 sf
8525	.837 .084( type and)J
8526	72 657 :M
8527	-.011(applying an encipherment procedure to those octets.)A
8528	90 678 :M
8529	f3_9 sf
8530	-.122(Notes)A
8531	90 693 :M
8532	f6_9 sf
8533	(1)S
8534	103 693 :M
8535	.215 .021(The encryption procedure requires agreement on the algorithm to be applied, including any parameters of the algorithm)J
8536	90 703 :M
8537	1.326 .133(such as any necessary keys, initialization values, and padding instructions. It is the responsibility of the encryption)J
8538	90 713 :M
8539	.023 .002(procedures to specify the means by which synchronization of the sender and receiver of data is achieved, which may include)J
8540	90 723 :M
8541	-.005(information in the bits to be transmitted.)A
8542	90 738 :M
8543	(2)S
8544	103 738 :M
8545	-.003(The encryption procedure is required to take as input a string of octets and to generate a single string of bits as its result.)A
8546	90 753 :M
8547	.227 .023(3 )J
8548	103 753 :M
8549	.193 .019(Mechanisms for secure agreement on the encryption algorithm and its parameters by the sender and receiver of data are)J
8550	90 763 :M
8551	-.014(outside the scope of this Directory Specification.)A
8552	endp
8553	%%Page: 20 20
8554	%%BeginPageSetup
8555	initializepage
8556	(hoyt; page: 20 of 40)setjob
8557	%%EndPageSetup
8558	-13 -12 :T
8559	gS 13 12 568 818 rC
8560	54 45 :M
8561	f3_10 sf
8562	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
8563	54 803 :M
8564	(14)S
8565	90 803 :M
8566	-.017(ITU-T Rec. X.509 $1993 E$)A
8567	54 81 :M
8568	f6_10 sf
8569	.153 .015(In the case where a signature must be appended to a data type, the following ASN.1 may be used to define the data)J
8570	54 92 :M
8571	-.005(type resulting from applying a signature to the given data type.)A
8572	85 109 :M
8573	f0_9 sf
8574	-.025(SIGNED { ToBeSigned })A
8575	232 109 :M
8576	-.123(::=)A
8577	263 109 :M
8578	-.056(SEQUENCE {)A
8579	112 120 :M
8580	-.11(toBeSigned)A
8581	232 120 :M
8582	-.1(ToBeSigned,)A
8583	112 131 :M
8584	-.076(COMPONENTS OF )A
8585	232 131 :M
8586	-.02(SIGNATURE { ToBeSigned }})A
8587	54 148 :M
8588	f6_10 sf
8589	.59 .059(In the case where only the signature is required, the following ASN.1 macro may be used to define the data type)J
8590	54 159 :M
8591	-.01(resulting from applying a signature to the given data type.)A
8592	85 176 :M
8593	f0_9 sf
8594	-.041(SIGNATURE { OfSignature })A
8595	232 176 :M
8596	-.123(::=)A
8597	263 176 :M
8598	-.056(SEQUENCE {)A
8599	112 187 :M
8600	-.055(algorithmIdentifier)A
8601	232 187 :M
8602	-.052(AlgorithmIdentifier,)A
8603	112 198 :M
8604	(encrypted)S
8605	232 198 :M
8606	-.028(ENCRYPTED { HASHED { OfSignature }}})A
8607	54 215 :M
8608	f6_10 sf
8609	.535 .053(In order to enable the validation of )J
8610	202 215 :M
8611	f0_9 sf
8612	.113(SIGNED)A
8613	f6_10 sf
8614	.159 .016( and )J
8615	258 215 :M
8616	f0_9 sf
8617	-.124(SIGNATURE)A
8618	311 215 :M
8619	f6_10 sf
8620	.463 .046( types in a distributed environment, a distinguished)J
8621	54 227 :M
8622	1.137 .114(encoding is required. A distinguished encoding of a )J
8623	279 227 :M
8624	f0_9 sf
8625	.381(SIGNED)A
8626	f6_10 sf
8627	.384 .038( or )J
8628	331 227 :M
8629	f0_9 sf
8630	-.124(SIGNATURE)A
8631	384 227 :M
8632	f6_10 sf
8633	1.201 .12( data value shall be obtained by)J
8634	54 239 :M
8635	-.005(applying the Basic Encoding Rules defined in ISO 8825, with the following restrictions:)A
8636	72 256 :M
8637	-.766(a\))A
8638	90 256 :M
8639	-.011(the definite form of length encoding shall be used, encoded in the minimum number of octets;)A
8640	72 273 :M
8641	-.328(b\))A
8642	90 273 :M
8643	-.007(for string types, the constructed form of encoding shall not be used;)A
8644	72 290 :M
8645	-.766(c\))A
8646	90 290 :M
8647	-.011(if the value of a type is its default value, it shall be absent;)A
8648	72 307 :M
8649	-.328(d\))A
8650	90 307 :M
8651	-.007(the components of a Set type shall be encoded in ascending order of their tag value;)A
8652	72 324 :M
8653	-.766(e\))A
8654	90 324 :M
8655	-.005(the components of a Set-of type shall be encoded in ascending order of their octet value;)A
8656	72 341 :M
8657	-.655(f\))A
8658	90 341 :M
8659	-.008(if the value of a Boolean type is true, the encoding shall have its contents octet set to \322FF\323)A
8660	451 343 :M
8661	f6_9 sf
8662	-.297(16)A
8663	f6_10 sf
8664	0 -2 rm
8665	(;)S
8666	0 2 rm
8667	72 360 :M
8668	-.328(g\))A
8669	90 360 :M
8670	-.005(each unused bits in the final octet of the encoding of a Bit String value, if there are any, shall be set to zero;)A
8671	72 377 :M
8672	-.328(h\))A
8673	90 377 :M
8674	.264 .026(the encoding of a Real type shall be such that bases 8, 10, and 16 shall not be used, and the binary scaling)J
8675	90 388 :M
8676	-.042(factor shall be zero.)A
8677	54 425 :M
8678	f3_14 sf
8679	(10)S
8680	76 425 :M
8681	-.02(Strong authentication procedures)A
8682	54 445 :M
8683	f3_12 sf
8684	(10.1)S
8685	81 445 :M
8686	-.044(Overview)A
8687	54 463 :M
8688	f6_10 sf
8689	-.01(The basic approach to authentication has been outlined above, namely the corroboration of identity by demonstrating)A
8690	54 474 :M
8691	.816 .082(possession of a private key. However, many authentication procedures employing this approach are possible. In)J
8692	54 485 :M
8693	.125 .013(general it is the business of a speci\336c application to determine the appropriate procedures, so as to meet the security)J
8694	54 496 :M
8695	.954 .095(policy of the application. This clause describes three particular authentication procedures, which may be found)J
8696	54 507 :M
8697	-.019(useful across a range of applications.)A
8698	72 528 :M
8699	f3_9 sf
8700	-.329(Note)A
8701	90 528 :M
8702	f6_9 sf
8703	.627 .063( - This Directory Specification does not specify the procedures to the detail required for implementation. However,)J
8704	72 538 :M
8705	-.005(additional standards could be envisaged which would do so, either in an application-speci\336c or in a general-purpose way.)A
8706	54 562 :M
8707	f6_10 sf
8708	1.191 .119(The three procedures involve different numbers of exchanges of authentication information, and consequently)J
8709	54 573 :M
8710	-.003(provide different types of assurance to their participants. Speci\336cally,)A
8711	72 590 :M
8712	-.766(a\))A
8713	90 590 :M
8714	.982 .098(one-way authentication, described in 10.2, involves a single transfer of information from one user $A$)J
8715	90 601 :M
8716	(intended for another $B$, and establishes the following:)S
8717	90 618 :M
8718	(\321)S
8719	108 618 :M
8720	-.005(the identity of A, and that the authentication token actually was generated by A;)A
8721	90 635 :M
8722	(\321)S
8723	108 635 :M
8724	-.011(the identity of B, and that the authentication token actually was intended to be sent to B;)A
8725	90 652 :M
8726	(\321)S
8727	108 652 :M
8728	-.002(the integrity and \322originality\323 $the property of not having been sent two or more times$ of the)A
8729	108 663 :M
8730	-.01(authentication token being transferred.)A
8731	90 680 :M
8732	-.007(The latter properties can also be established for arbitrary additional data accompanying the transfer.)A
8733	72 697 :M
8734	-.328(b\))A
8735	90 697 :M
8736	.874 .087(two-way authentication, described in 10.3, involves, in addition, a reply from B to A. It establishes, in)J
8737	90 708 :M
8738	-.007(addition, the following:)A
8739	90 725 :M
8740	(\321)S
8741	108 725 :M
8742	-.003(that the authentication token generated in the reply actually was generated by B and was intended to be)A
8743	108 736 :M
8744	-.098(sent to A;)A
8745	90 753 :M
8746	(\321)S
8747	108 753 :M
8748	-.007(the integrity and originality of the authentication token sent in the reply;)A
8749	90 770 :M
8750	(\321)S
8751	108 770 :M
8752	-.004($optionally$ the mutual secrecy of part of the tokens.)A
8753	endp
8754	%%Page: 21 21
8755	%%BeginPageSetup
8756	initializepage
8757	(hoyt; page: 21 of 40)setjob
8758	%%EndPageSetup
8759	-13 -12 :T
8760	gS 13 12 568 818 rC
8761	427 45 :M
8762	f3_10 sf
8763	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
8764	390 803 :M
8765	-.017(ITU-T Rec. X.509 $1993 E$)A
8766	531 803 :M
8767	(15)S
8768	90 81 :M
8769	f6_10 sf
8770	-.766(c\))A
8771	108 81 :M
8772	1.474 .147(three-way authentication, described in 10.4, involves, in addition, a further transfer from A to B. It)J
8773	108 92 :M
8774	.099 .01(establishes, the same properties as the two-way authentication, but does so without the need for association)J
8775	108 103 :M
8776	-.013(time stamp checking.)A
8777	72 126 :M
8778	1.192 .119(In each case where Strong Authentication is to take place, A must obtain the public key of B, and the return)J
8779	72 137 :M
8780	.458 .046(certi\336cation path from B to A, prior to any exchange of information. This may involve access to the Directory, as)J
8781	72 148 :M
8782	-.006(described in clause 7 above. Any such access is not mentioned again in the description of the procedures below.)A
8783	72 171 :M
8784	.059 .006(The checking of timestamps as mentioned in the following clauses only applies when either synchronized clocks are)J
8785	72 182 :M
8786	1.134 .113(used in a local environment, or if clocks are logically synchronized by bilateral agreements. In any case, it is)J
8787	72 193 :M
8788	-.006(recommended that Coordinated Universal Time be used.)A
8789	72 216 :M
8790	.178 .018(For each of the three authentication procedures described below, it is assumed that party A has checked the validity)J
8791	72 227 :M
8792	-.014(of all of the certificates in the certification path.)A
8793	72 251 :M
8794	f3_12 sf
8795	(10.2)S
8796	99 251 :M
8797	-.046(One-way authentication)A
8798	:a
8799	36 <3049883AB59CF039
8800	><3030304949498888883A3A3AB5B5B59C9C9CF0F0F0393939
8801	>fg null :b
8802	202 260 208 74 rC
8803	0 <FFFFFFFFFFFFFFFF
8804	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
8805	>fg null :b
8806	595 437 :M
8807	%%DSIDICT:_cv
8808	userdict /_cv known not dup {userdict /_cv 20 dict put}if
8809	_cv begin
8810	/bdf{bind def}bind def
8811	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
8812	/setcmykcolor where{/setcmykcolor get /cvcmyk exch def}{/cvcmyk{1 sub 4 1 roll 3{3 index add neg dup 0 lt{pop 0}if 3 1 roll}repeat setrgbcolor pop}bdf }ifelse
8813	/stg{isDeviceColor {cf ca /cs load setscreen setgray}{pop}ifelse}bdf
8814	/strgb{isDeviceColor {cf ca /cs load setscreen setrgbcolor}{pop pop pop}ifelse}bdf
8815	/stcmyk{isDeviceColor {cf ca /cs load setscreen cvcmyk}{pop pop pop pop}ifelse}bdf
8816	/min1{dup 0 eq{pop 1}if}bdf
8817	currentscreen/cs exch def/ca exch def/cf exch def
8818	end
8819	:e
8820	0 0 0 0 rC
8821	595 437 :M
8822	0 G
8823	f10_2 sf
8824	(.)S
8825	:a
8826	0 <FFFFFFFFFFFFFFFF
8827	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
8828	>fg null :b
8829	gR
8830	:a
8831	0 <FFFFFFFFFFFFFFFF
8832	><FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
8833	>fg null :b
8834	gS 202 260 208 74 rC
8835	597 437 :M
8836	psb
8837	pse
8838	:e
8839	0 G
8840	202 260 :M
8841	psb
8842
8843	currentpoint
8844	pse
8845	410 334 :M
8846	psb
8847	%%CopyWithEps
8848
8849	currentpoint
8850	2 index sub exch 3 index sub
8851	208 div exch 74 div 3 index 183 sub 3 index 127 sub 4 2 roll 5 index 5 index translate
8852	scale
8853	4 2 roll neg exch neg exch translate translate
8854	%!PS-Adobe-2.0 EPSF-1.2
8855	%%Title: EPSFile
8856	%%Creator: Canvas 3.5
8857	%%For: hoyt
8858	%%CreationDate: 17 May 1994 21:49
8859	%%BoundingBox: 181 126 392 202
8860	%%DocumentProcSets: CanvasDict
8861	%%DocumentSuppliedProcSets: CanvasDict
8862	%%Copyright ©1988-91 Deneba Systems, Inc. - All Rights Reserved Worldwide
8863	%%DocumentFonts: Helvetica-Bold
8864	%%+ ZapfDingbats
8865	%%DocumentNeededFonts: Helvetica-Bold
8866	%%+ ZapfDingbats
8867	%%EndComments
8868	%%BeginProcSet:CanvasDict
8869	/CanvasDict where not{/CanvasDict 250 dict def}{pop}ifelse
8870	CanvasDict begin
8871	systemdict/setpacking known{/origpack currentpacking def true setpacking}if
8872	/bdf{bind def}bind def
8873	/_cv 20 dict begin
8874	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
8875	/stg{isDeviceColor{setgray}{pop}ifelse}bdf
8876	/strgb{isDeviceColor{setrgbcolor}{pop pop pop}ifelse}bdf
8877	/stcmyk{isDeviceColor{setcmykcolor}{pop pop pop pop}ifelse}bdf
8878	currentdict end def
8879	/xdf{exch bind def}bdf
8880	/min{2 copy gt{exch}if pop}bdf
8881	/edf{exch def}bdf
8882	/max{2 copy lt{exch}if pop}bdf
8883	/cvmtx matrix def
8884	/tpmx matrix def
8885	/currot 0 def
8886	/rotmtx matrix def
8887	/origmtx matrix def
8888	/cvangle{360 exch sub 90 add 360 mod}bdf
8889	/setrot{/currot edf rotmtx currentmatrix pop 2 copy translate currot rotate neg exch neg exch translate}bdf
8890	/endrot{rotmtx setmatrix /currot 0 def}bdf
8891	/i systemdict/image get def/T true def/F false def/dbg F def
8892	/ncolors 0 def/st0 ()def/st1 ()def/proc0 {}def
8893	/penh 1 def/penv 1 def/penv2 0 def/penh2 0 def/samplesize 0 def/width 0 def/height 0 def
8894	/setcmykcolor where not{/setcmykcolor{/b edf 3{b add 1.0 exch sub 0.0 max 1.0 min 3 1 roll}repeat systemdict begin setrgbcolor end}bdf}{pop}ifelse
8895	/doeoclip{closepath{eoclip}stopped{currentflat dup 2 mul setflat eoclip setflat}if}bdf
8896	/SpaceExtra 0 def/LetterSpace 0 def/StringLength 0 def/NumSpaces 0 def/JustOffset 0 def
8897	/f0{eofill} def
8898	/s0{1 setlinewidth cvmtx currentmatrix pop penh penv scale stroke cvmtx setmatrix}bdf
8899	/f1{_bp _fp impat}def
8900	/s1{cvmtx currentmatrix pop 1 setlinewidth penh penv scale
8901	{strokepath}stopped{currentflat dup 2 mul setflat strokepath setflat}if
8902	_bp
8903	cvmtx setmatrix _fp impat}def
8904	/filltype 0 def
8905	/stroketype 0 def
8906	/f{filltype 0 eq{f0}{f1}ifelse}bdf
8907	/s{stroketype 0 eq{s0}{s1}ifelse}bdf
8908	/_fp{}def
8909	/_bp{}def
8910	/_fg 1 def
8911	/_pg 0 def
8912	/_bkg 1 def
8913	/_frg 0 def
8914	/_frgb 3 array def
8915	/_frrgb [0 0 0] def
8916	/_fcmyk 4 array def
8917	/_frcmyk [0 0 0 1] def
8918	/_prgb 3 array def
8919	/_pcmyk 4 array def
8920	/_bkrgb [1 1 1] def
8921	/_bkcmyk [0 0 0 0] def
8922	/fg{/_fg exch def /filltype 0 def/fills{_fg setgray}def}def
8923	/frgb{_frgb astore pop /filltype 0 def/fills{_frgb aload pop setrgbcolor}def}def
8924	/fcmyk{_fcmyk astore pop /filltype 0 def/fills{_fcmyk aload pop setcmykcolor}def}def
8925	/pg{/_pg exch def /stroketype 0 def/pens{_pg setgray}def}def
8926	/prgb{_prgb astore pop /stroketype 0 def/pens{_prgb aload pop setrgbcolor}def}def
8927	/pcmyk{_pcmyk astore pop /stroketype 0 def/pens{_pcmyk aload pop setcmykcolor}def}def
8928	/fpat{/fstr edf/filltype 1 def/fills{/patstr fstr def}bdf}bdf
8929	/ppat{/sstr edf/stroketype 1 def/pens{/patstr sstr def}bdf}bdf
8930	/bkg{ /_bkg exch def /_bp{gsave _bkg setgray fill grestore}def}def
8931	/bkrgb{_bkrgb astore pop/_bp{gsave _bkrgb aload pop setrgbcolor fill grestore}def}def
8932	/bkcmyk{_bkcmyk astore pop/_bp{gsave _bkcmyk aload pop setcmykcolor fill grestore}def}def
8933	/frg{ /_frg exch def /_fp{_frg setgray}def}def
8934	/frrgb{_frrgb astore pop/_fp{_frrgb aload pop setrgbcolor}def}def
8935	/frcmyk{_frcmyk astore pop/_fp{_frcmyk aload pop setcmykcolor}def}def
8936	/icomp{/ncolors edf
8937	ncolors 1 gt{/proc0 edf
8938	dup dup 0 get ncolors div cvi exch 0 3 -1 roll put
8939	4 -1 roll ncolors div cvi 4 1 roll{proc0 dup/st0 edf
8940	0 exch ncolors exch length
8941	dup ncolors sub exch ncolors div cvi string/st1 edf
8942	{dup 0 exch dup 1 exch
8943	2 add{st0 exch get add}bind for
8944	3 div ncolors 4 eq{exch dup 3 1 roll 3 add st0 exch get add 255 exch sub dup 0 lt{pop 0}if}if cvi
8945	dup 255 gt{pop 255}if
8946	exch ncolors div cvi exch
8947	st1 3 1 roll put}bind for
8948	st1}}if i}bdf
8949	/ci
8950	{/colorimage where
8951	{pop false exch colorimage}
8952	{icomp}
8953	ifelse}bdf
8954	/impat
8955	{/cnt 0 def
8956	/MySave save def
8957	currot 0 ne{currot neg rotate}if
8958	clip
8959	flattenpath
8960	pathbbox
8961	3 -1 roll
8962	8 div floor 8 mul dup/starty edf
8963	sub abs 8 div ceiling 8 mul cvi/height edf
8964	exch 8 div floor 8 mul dup/startx edf
8965	sub abs 8 div ceiling 8 mul cvi/width edf
8966	startx starty translate
8967	width height scale
8968	/height height 8 mul def
8969	/st0 width string def
8970	width height T [width 0 0 height neg 0 height]
8971	{patstr
8972	cnt 8 mod
8973	get/st1 edf
8974	0 1
8975	st0 length 1 sub dup 0 le{pop 1}if
8976	{st0 exch
8977	st1
8978	put}bind for/cnt cnt 1 add def
8979	st0}bind
8980	imagemask
8981	MySave restore
8982	newpath}bdf
8983	/cm{/ncolors edf
8984	translate
8985	scale/height edf/colorimage where
8986	{pop}
8987	{ncolors mul}ifelse/width edf
8988	/tbitstr width string def
8989	width height 8 [width 0 0 height neg 0 height]
8990	{currentfile tbitstr readhexstring pop}bind
8991	ncolors
8992	dup 3 eq {ci}{icomp}ifelse}bdf
8993	/im{translate
8994	scale
8995	/height edf
8996	/width edf
8997	/tbitstr width 7 add 8 div cvi string def
8998	width height 1 [width 0 0 height neg 0 height]
8999	{currentfile tbitstr readhexstring pop}bind
9000	i}bdf
9001	/imk{/invFlag edf
9002	translate
9003	scale
9004	/height edf
9005	/width edf
9006	/tbitstr width 7 add 8 div cvi string def
9007	width height invFlag [width 0 0 height neg 0 height]
9008	{currentfile tbitstr readhexstring pop}bind
9009	imagemask}bdf
9010	/BeginEPSF
9011	{/MySave save def
9012	/dict_count countdictstack def
9013	/op_count count 1 sub def
9014	userdict begin
9015	/showpage {} def
9016	0 setgray 0 setlinecap
9017	1 setlinewidth 0 setlinejoin
9018	10 setmiterlimit [] 0 setdash newpath
9019	/languagelevel where
9020	{pop languagelevel 1 ne{false setstrokeadjust false setoverprint}if}if
9021	}bdf
9022	/EndEPSF
9023	{count op_count sub {pop}repeat
9024	countdictstack dict_count sub {end}repeat
9025	MySave restore}bdf
9026	/rectpath {/cv_r edf/cv_b edf/cv_l edf/cv_t edf
9027	cv_l cv_t moveto cv_r cv_t lineto cv_r cv_b lineto cv_l cv_b lineto cv_l cv_t lineto closepath}bdf
9028	/setpen{/penh edf/penv edf/penv2 penv 2 div def/penh2 penh 2 div def}bdf
9029	/dostroke{not pens 1.0 currentgray ne or {s}{newpath}ifelse}bdf
9030	/dodashfill{not fills 1.0 currentgray ne or
9031	{gsave f grestore gsave [] 0 setdash
9032	stroketype/stroketype filltype def
9033	s/stroketype edf grestore}{newpath}ifelse}bdf
9034	/dofill{not fills 1.0 currentgray ne or {f}{newpath}ifelse}bdf
9035	/dofillsave{not fills 1.0 currentgray ne or {gsave f grestore}if}bdf
9036	/doline{not pens 1.0 currentgray ne or {filltype/filltype stroketype def f/filltype edf}{newpath}ifelse}bdf
9037	/spx{SpaceExtra 0 32 4 -1 roll widthshow}bdf
9038	/lsx{SpaceExtra 0 32 LetterSpace 0 6 -1 roll awidthshow}bdf
9039	/Rjust{stringwidth pop JustOffset exch sub /JustOffset edf}bdf
9040	/Cjust{stringwidth pop 2 div JustOffset exch sub /JustOffset edf}bdf
9041	/adjfit{stringwidth pop LetterSpace StringLength 1 sub mul add SpaceExtra NumSpaces mul add dup /pw edf JustOffset exch
9042	sub dup /wdif edf StringLength div LetterSpace add /LetterSpace edf}bdf
9043	/ulb{currentpoint pop /underlinpt edf}bdf
9044	/ule{gsave currentpoint newpath moveto currentfont dup /ft1 known{dup /ft1 get begin /FontMatrix get FontMatrix tpmx concatmatrix pop}
9045	{begin FontMatrix tpmx copy pop}ifelse currentfont /FontInfo known {FontInfo begin UnderlinePosition UnderlineThickness end}{100 1}ifelse end dup tpmx
9046	dtransform pop setlinewidth dup tpmx dtransform pop 0 exch rmoveto underlinpt currentpoint pop sub 0 rlineto stroke grestore}bdf
9047	/fittext{ /SpaceExtra edf /LetterSpace edf /StringLength edf /NumSpaces edf /JustOffset edf not 1 currentgray ne or
9048	{dup {ulb}if exch
9049	dup adjfit
9050	lsx {ule}if}{pop pop}ifelse}bdf
9051	/cvRecFont{/encod edf FontDirectory 2 index known{cleartomark}{findfont dup length 1 add dict begin
9052	{1 index/FID ne{def}{pop pop}ifelse}forall encod{/Encoding CVvec def}if
9053	currentdict end definefont cleartomark}ifelse}bdf
9054	/wrk1 ( ) def/wdict 16 dict def
9055	/Work75 75 string def /Nmk{Work75 cvs dup}bdf /Npt{put cvn}bdf /dhOdh{Nmk 2 79 Npt}bdf /dhodh{Nmk 2 111 Npt}bdf /dhSdh{Nmk 2 83 Npt}bdf
9056	/sfWidth{gsave 0 0 moveto 0 0 lineto 0 0 lineto 0 0 lineto closepath clip stringwidth grestore}bdf
9057	/MakOF{dup dhodh FontDirectory 1 index known{exch pop}{exch findfont dup length 1 add dict begin
9058	{1 index/FID ne 2 index /UniqueID ne and{def}{pop pop}ifelse}forall
9059	/PaintType 2 def
9060	/StrokeWidth .24 1000 mul ftSize div dup 12 lt{pop 12}if def
9061	dup currentdict end definefont pop}ifelse}bdf
9062	/fts{dup/ftSize edf}def
9063	/mkFT{/tempFT 11 dict def tempFT begin
9064	/FontMatrix [1 0 0 1 0 0] def/FontType 3 def
9065	FontDirectory 3 index get /Encoding get/Encoding exch def
9066	/proc2 edf/ft2 exch findfont def/ft1 exch findfont def/FontBBox [0 0 1 1] def
9067	/BuildChar{wdict begin/chr edf/ftdt edf/chrst wrk1 dup 0 chr put def ftdt/proc2 get exec end}def
9068	end tempFT definefont pop}bdf
9069	/OLFt{dup dhOdh FontDirectory 1 index known{exch pop}
9070	{dup 3 -1 roll dup MakOF {outproc} mkFT}ifelse}bdf
9071	/mshw{moveto show}bdf
9072	/outproc{ftdt/ft1 get setfont gsave chrst sfWidth grestore setcharwidth dblsh}bdf
9073	/dblsh{currentgray 1 setgray chrst 0 0 mshw setgray ftdt/ft2 get setfont chrst 0 0 mshw}bdf
9074	/ShadChar{ftdt/ft1 get setfont gsave chrst sfWidth 1 index 0 ne{exch .05 add exch}if grestore setcharwidth
9075	chrst .06 0 mshw 0 .05 translate dblsh}bdf
9076	/ShFt{dup dhSdh FontDirectory 1 index known{exch pop}
9077	{dup 3 -1 roll dup MakOF {ShadChar} mkFT}ifelse}bdf
9078	/LswUnits{72 75 div dup scale}bdf
9079	/erasefill{_bp}def
9080	/CVvec 256 array def
9081	/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US
9082	CVvec 0 32 getinterval astore pop
9083	CVvec 32/Times-Roman findfont/Encoding get
9084	32 96 getinterval putinterval CVvec dup 39/quotesingle put 96/grave put
9085	/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute
9086	/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave
9087	/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute
9088	/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis
9089	/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls
9090	/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash
9091	/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation
9092	/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash
9093	/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft
9094	/guillemotright/ellipsis/blank/Agrave/Atilde/Otilde/OE/oe
9095	/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge
9096	/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl
9097	/daggerdbl/periodcentered/quotesinglbase/quotedblbase/perthousand/Acircumflex/Ecircumflex/Aacute
9098	/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex
9099	/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde
9100	/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron
9101	CVvec 128 128 getinterval astore pop
9102	end
9103	%%EndProcSet
9104	%%BeginSetup
9105	CanvasDict begin
9106	0 setlinecap
9107	0 setlinejoin
9108	4 setmiterlimit
9109	/currot 0 def
9110	origmtx currentmatrix pop
9111	[] 0 setdash
9112	1 1 setpen
9113	1 fg
9114	0 pg
9115	0 frg
9116	1 bkg
9117	newpath
9118	/dbg F def
9119	287 164 translate
9120	1 -1 scale
9121	-287 -164 translate
9122	%%EndSetup
9123	% ---- Object #1:1 Obj Type: 99
9124	% ---- Object #2:4 Obj Type: 99
9125	% ---- Object #3:5 Obj Type: 6
9126	0 setlinecap
9127	0 setlinejoin
9128	233.5 152.5 moveto
9129	233.5 138.7865 222.2135 127.5 208.5 127.5 curveto
9130	194.7865 127.5 183.5 138.7865 183.5 152.5 curveto
9131	183.5 166.2135 194.7865 177.5 208.5 177.5 curveto
9132	222.2135 177.5 233.5 166.2135 233.5 152.5 curveto
9133	closepath
9134	F dofillsave
9135	F dostroke
9136	% ---- Object #4:7 Obj Type: 2
9137	0 0 setpen
9138	save
9139	0 setgray
9140	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
9141	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
9142	0 setgray
9143	203.375 147.5 moveto
9144	(A)
9145	show
9146	restore
9147	% ---- Object #5:27 Obj Type: 10
9148	1 1 setpen
9149	0 setlinecap
9150	0 setlinejoin
9151	226.8333 170.6667 moveto
9152	256.8333 191.1667 314.5 193 346.5 170.5 curveto
9153	F dofillsave
9154	F dostroke
9155	gsave
9156	newpath
9157	334.6478 172.3773 moveto
9158	335.1054 175.2668 336.4195 177.6374 338.6274 179.5566 curveto
9159	342.5637 175.0283 342.5637 175.0283 346.5 170.5 curveto
9160	346.5 170.5 334.6478 172.3773 334.6478 172.3773 curveto
9161	closepath
9162	F doline
9163	grestore
9164	% ---- Object #6:30 Obj Type: 2
9165	0 0 setpen
9166	save
9167	0 setgray
9168	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
9169	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
9170	0 setgray
9171	221.125 173.75 moveto
9172	(\312)
9173	show
9174	restore
9175	% ---- Object #7:28 Obj Type: 2
9176	save
9177	0 setgray
9178	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
9179	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
9180	0 setgray
9181	278.125 176 moveto
9182	(\313)
9183	show
9184	restore
9185	% ---- Object #8:26 Obj Type: 99
9186	% ---- Object #9:6 Obj Type: 6
9187	1 1 setpen
9188	0 setlinecap
9189	0 setlinejoin
9190	390 152.75 moveto
9191	390 139.0365 378.7135 127.75 365 127.75 curveto
9192	351.2865 127.75 340 139.0365 340 152.75 curveto
9193	340 166.4635 351.2865 177.75 365 177.75 curveto
9194	378.7135 177.75 390 166.4635 390 152.75 curveto
9195	closepath
9196	F dofillsave
9197	F dostroke
9198	% ---- Object #10:25 Obj Type: 2
9199	0 0 setpen
9200	save
9201	0 setgray
9202	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
9203	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
9204	0 setgray
9205	360.375 147.75 moveto
9206	(B)
9207	show
9208	restore
9209	% ---- Object #11:32 Obj Type: 2
9210	save
9211	0 setgray
9212	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
9213	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
9214	0 setgray
9215	342.375 173.5 moveto
9216	(\314)
9217	show
9218	restore
9219	origmtx setmatrix
9220	systemdict /setpacking known {origpack setpacking} if end
9221	%%EndDocument:
9222	pse
9223	gR
9224	:e
9225	gS 13 12 568 818 rC
9226	236 347 :M
9227	0 G
9228	f3_9 sf
9229	-.03(Figure 7 \321 One-way Authentication)A
9230	72 371 :M
9231	f6_10 sf
9232	-.008(The following steps are involved, as depicted in Figure 7:)A
9233	90 388 :M
9234	-.328(1\))A
9235	108 388 :M
9236	-.008(A generates r)A
9237	f6_7 sf
9238	0 -3 rm
9239	(A)S
9240	0 3 rm
9241	f6_10 sf
9242	-.008(, a non-repeating number, which is used to detect replay attacks and to prevent forgery.)A
9243	90 405 :M
9244	-.328(2\))A
9245	108 405 :M
9246	-.019(A sends the following message to B:)A
9247	144 423 :M
9248	(B)S
9249	151 423 :M
9250	f10_12 sf
9251	-.293(\336)A
9252	f6_10 sf
9253	-.111(A, A{t)A
9254	f6_7 sf
9255	0 -3 rm
9256	-.133(A)A
9257	0 3 rm
9258	f6_10 sf
9259	-.073(, r)A
9260	f6_7 sf
9261	0 -3 rm
9262	-.133(A)A
9263	0 3 rm
9264	f6_10 sf
9265	-.125(, B}.)A
9266	108 441 :M
9267	-.117(where t)A
9268	138 438 :M
9269	f6_7 sf
9270	-.076(A)A
9271	f6_10 sf
9272	0 3 rm
9273	-.06( is a timestamp. t)A
9274	0 -3 rm
9275	211 438 :M
9276	f6_7 sf
9277	(A)S
9278	f6_10 sf
9279	0 3 rm
9280	-.013( consists of one or two dates: the generation time of the token $which is optional$)A
9281	0 -3 rm
9282	108 452 :M
9283	.051 .005(and the expiry date. Alternatively, if data origin authentication of \322sgnData\323 is to be provided by the digital)J
9284	108 463 :M
9285	-.048(signature:)A
9286	144 481 :M
9287	(B)S
9288	151 481 :M
9289	f10_12 sf
9290	-.175(\336)A
9291	f6_10 sf
9292	-.066(A, A{t)A
9293	f6_7 sf
9294	0 -3 rm
9295	-.079(A)A
9296	0 3 rm
9297	f6_10 sf
9298	-.044(, r)A
9299	f6_7 sf
9300	0 -3 rm
9301	-.079(A)A
9302	0 3 rm
9303	f6_10 sf
9304	-.069(, B, sgnData}.)A
9305	108 499 :M
9306	1.214 .121(In cases where information is to be conveyed which will subsequently be used as a private key \(this)J
9307	108 510 :M
9308	-.008(information is referred to as \322encData\323 \):)A
9309	144 528 :M
9310	(B)S
9311	151 528 :M
9312	f10_12 sf
9313	-.123(\336)A
9314	f6_10 sf
9315	-.046(A, A{t)A
9316	f6_7 sf
9317	0 -3 rm
9318	-.056(A)A
9319	0 3 rm
9320	f6_10 sf
9321	-.031(, r)A
9322	f6_7 sf
9323	0 -3 rm
9324	-.056(A)A
9325	0 3 rm
9326	f6_10 sf
9327	-.048(, B, sgnData, Bp[encData]}.)A
9328	108 546 :M
9329	.423 .042(The use of \322encData\323 as a private key implies that it shall be chosen carefully, e.g. to be a strong key for)J
9330	108 557 :M
9331	-.002(whatever cryptosystem is used as indicated in the \322sgnData\323 field of the token.)A
9332	90 574 :M
9333	-.328(3\))A
9334	108 574 :M
9335	-.022(B carries out the following actions:)A
9336	108 592 :M
9337	-.766(a\))A
9338	126 592 :M
9339	-.044(obtains Ap from B)A
9340	201 592 :M
9341	f10_12 sf
9342	(\336)S
9343	f6_10 sf
9344	-.003(A, checking that A\325s certi\336cate has not expired;)A
9345	108 610 :M
9346	-.328(b\))A
9347	126 610 :M
9348	-.009(veri\336es the signature, and thus the integrity of the signed information;)A
9349	108 627 :M
9350	-.766(c\))A
9351	126 627 :M
9352	-.009(checks that B itself is the intended recipient;)A
9353	108 644 :M
9354	-.328(d\))A
9355	126 644 :M
9356	-.005(checks that the timestamp is \322current\323;)A
9357	108 661 :M
9358	-.766(e\))A
9359	126 661 :M
9360	-.006(optionally, checks that r)A
9361	f6_7 sf
9362	0 -3 rm
9363	(A)S
9364	0 3 rm
9365	f6_10 sf
9366	-.006( has not been replayed. This could, for example, be achieved by having r)A
9367	f6_7 sf
9368	0 -3 rm
9369	(A)S
9370	0 3 rm
9371	126 672 :M
9372	f6_10 sf
9373	-.008(include a sequential part that is checked by a local implementation for its value uniqueness.)A
9374	126 689 :M
9375	(r)S
9376	f6_7 sf
9377	0 -3 rm
9378	(A)S
9379	0 3 rm
9380	f6_10 sf
9381	-.017( is valid until the expiry date indicated by t)A
9382	f6_7 sf
9383	0 -3 rm
9384	(A)S
9385	0 3 rm
9386	f6_10 sf
9387	(. r)S
9388	f6_7 sf
9389	0 -3 rm
9390	(A)S
9391	0 3 rm
9392	f6_10 sf
9393	-.019( is always accompanied by a sequential part, which)A
9394	126 700 :M
9395	-.013(indicates that A shall not repeat the token during the timerange t)A
9396	383 697 :M
9397	f6_7 sf
9398	(A)S
9399	f6_10 sf
9400	0 3 rm
9401	-.006( and therefore that checking of the)A
9402	0 -3 rm
9403	126 711 :M
9404	-.018(value of r)A
9405	f6_7 sf
9406	0 -3 rm
9407	(A)S
9408	0 3 rm
9409	f6_10 sf
9410	-.018( itself is not required.)A
9411	126 728 :M
9412	-.009(In any case it is reasonable for party B to store the sequential part together with timestamp t)A
9413	493 725 :M
9414	f6_7 sf
9415	-.176(A)A
9416	f6_10 sf
9417	0 3 rm
9418	-.145( in the)A
9419	0 -3 rm
9420	126 739 :M
9421	-.008(clear and together with the hashed part of the token during timerange t)A
9422	408 736 :M
9423	f6_7 sf
9424	-.37(A)A
9425	f6_10 sf
9426	0 3 rm
9427	(.)S
9428	0 -3 rm
9429	endp
9430	%%Page: 22 22
9431	%%BeginPageSetup
9432	initializepage
9433	(hoyt; page: 22 of 40)setjob
9434	%%EndPageSetup
9435	-13 -12 :T
9436	gS 13 12 568 818 rC
9437	54 45 :M
9438	f3_10 sf
9439	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
9440	54 803 :M
9441	(16)S
9442	90 803 :M
9443	-.017(ITU-T Rec. X.509 $1993 E$)A
9444	54 82 :M
9445	f3_12 sf
9446	(10.3)S
9447	81 82 :M
9448	-.015(Two-way authentication)A
9449	:a
9450	36 <3049883AB59CF039
9451	><3030304949498888883A3A3AB5B5B59C9C9CF0F0F0393939
9452	>fg bk :b
9453	183 91 211 79 rC
9454	:e
9455	0 G
9456	1154 1468 :M
9457	%%DSIDICT:_cv
9458	userdict /_cv known not dup {userdict /_cv 20 dict put}if
9459	_cv begin
9460	/bdf{bind def}bind def
9461	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
9462	/setcmykcolor where{/setcmykcolor get /cvcmyk exch def}{/cvcmyk{1 sub 4 1 roll 3{3 index add neg dup 0 lt{pop 0}if 3 1 roll}repeat setrgbcolor pop}bdf }ifelse
9463	/stg{isDeviceColor {cf ca /cs load setscreen setgray}{pop}ifelse}bdf
9464	/strgb{isDeviceColor {cf ca /cs load setscreen setrgbcolor}{pop pop pop}ifelse}bdf
9465	/stcmyk{isDeviceColor {cf ca /cs load setscreen cvcmyk}{pop pop pop pop}ifelse}bdf
9466	/min1{dup 0 eq{pop 1}if}bdf
9467	currentscreen/cs exch def/ca exch def/cf exch def
9468	end
9469	0 0 0 0 rC
9470	1154 1468 :M
9471	f10_2 sf
9472	(.)S
9473	gR
9474	gS 183 91 211 79 rC
9475	1156 1468 :M
9476	psb
9477	pse
9478	183 91 :M
9479	psb
9480
9481	currentpoint
9482	pse
9483	394 170 :M
9484	psb
9485	%%CopyWithEps
9486
9487	currentpoint
9488	2 index sub exch 3 index sub
9489	211 div exch 79 div 3 index 181 sub 3 index 127 sub 4 2 roll 5 index 5 index translate
9490	scale
9491	4 2 roll neg exch neg exch translate translate
9492	%!PS-Adobe-2.0 EPSF-1.2
9493	%%Title: EPSFile
9494	%%Creator: Canvas 3.5
9495	%%For: hoyt
9496	%%CreationDate: 17 May 1994 21:54
9497	%%BoundingBox: 179 126 393 207
9498	%%DocumentProcSets: CanvasDict
9499	%%DocumentSuppliedProcSets: CanvasDict
9500	%%Copyright ©1988-91 Deneba Systems, Inc. - All Rights Reserved Worldwide
9501	%%DocumentFonts: Helvetica-Bold
9502	%%+ ZapfDingbats
9503	%%DocumentNeededFonts: Helvetica-Bold
9504	%%+ ZapfDingbats
9505	%%EndComments
9506	%%BeginProcSet:CanvasDict
9507	/CanvasDict where not{/CanvasDict 250 dict def}{pop}ifelse
9508	CanvasDict begin
9509	systemdict/setpacking known{/origpack currentpacking def true setpacking}if
9510	/bdf{bind def}bind def
9511	/_cv 20 dict begin
9512	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
9513	/stg{isDeviceColor{setgray}{pop}ifelse}bdf
9514	/strgb{isDeviceColor{setrgbcolor}{pop pop pop}ifelse}bdf
9515	/stcmyk{isDeviceColor{setcmykcolor}{pop pop pop pop}ifelse}bdf
9516	currentdict end def
9517	/xdf{exch bind def}bdf
9518	/min{2 copy gt{exch}if pop}bdf
9519	/edf{exch def}bdf
9520	/max{2 copy lt{exch}if pop}bdf
9521	/cvmtx matrix def
9522	/tpmx matrix def
9523	/currot 0 def
9524	/rotmtx matrix def
9525	/origmtx matrix def
9526	/cvangle{360 exch sub 90 add 360 mod}bdf
9527	/setrot{/currot edf rotmtx currentmatrix pop 2 copy translate currot rotate neg exch neg exch translate}bdf
9528	/endrot{rotmtx setmatrix /currot 0 def}bdf
9529	/i systemdict/image get def/T true def/F false def/dbg F def
9530	/ncolors 0 def/st0 ()def/st1 ()def/proc0 {}def
9531	/penh 1 def/penv 1 def/penv2 0 def/penh2 0 def/samplesize 0 def/width 0 def/height 0 def
9532	/setcmykcolor where not{/setcmykcolor{/b edf 3{b add 1.0 exch sub 0.0 max 1.0 min 3 1 roll}repeat systemdict begin setrgbcolor end}bdf}{pop}ifelse
9533	/doeoclip{closepath{eoclip}stopped{currentflat dup 2 mul setflat eoclip setflat}if}bdf
9534	/SpaceExtra 0 def/LetterSpace 0 def/StringLength 0 def/NumSpaces 0 def/JustOffset 0 def
9535	/f0{eofill} def
9536	/s0{1 setlinewidth cvmtx currentmatrix pop penh penv scale stroke cvmtx setmatrix}bdf
9537	/f1{_bp _fp impat}def
9538	/s1{cvmtx currentmatrix pop 1 setlinewidth penh penv scale
9539	{strokepath}stopped{currentflat dup 2 mul setflat strokepath setflat}if
9540	_bp
9541	cvmtx setmatrix _fp impat}def
9542	/filltype 0 def
9543	/stroketype 0 def
9544	/f{filltype 0 eq{f0}{f1}ifelse}bdf
9545	/s{stroketype 0 eq{s0}{s1}ifelse}bdf
9546	/_fp{}def
9547	/_bp{}def
9548	/_fg 1 def
9549	/_pg 0 def
9550	/_bkg 1 def
9551	/_frg 0 def
9552	/_frgb 3 array def
9553	/_frrgb [0 0 0] def
9554	/_fcmyk 4 array def
9555	/_frcmyk [0 0 0 1] def
9556	/_prgb 3 array def
9557	/_pcmyk 4 array def
9558	/_bkrgb [1 1 1] def
9559	/_bkcmyk [0 0 0 0] def
9560	/fg{/_fg exch def /filltype 0 def/fills{_fg setgray}def}def
9561	/frgb{_frgb astore pop /filltype 0 def/fills{_frgb aload pop setrgbcolor}def}def
9562	/fcmyk{_fcmyk astore pop /filltype 0 def/fills{_fcmyk aload pop setcmykcolor}def}def
9563	/pg{/_pg exch def /stroketype 0 def/pens{_pg setgray}def}def
9564	/prgb{_prgb astore pop /stroketype 0 def/pens{_prgb aload pop setrgbcolor}def}def
9565	/pcmyk{_pcmyk astore pop /stroketype 0 def/pens{_pcmyk aload pop setcmykcolor}def}def
9566	/fpat{/fstr edf/filltype 1 def/fills{/patstr fstr def}bdf}bdf
9567	/ppat{/sstr edf/stroketype 1 def/pens{/patstr sstr def}bdf}bdf
9568	/bkg{ /_bkg exch def /_bp{gsave _bkg setgray fill grestore}def}def
9569	/bkrgb{_bkrgb astore pop/_bp{gsave _bkrgb aload pop setrgbcolor fill grestore}def}def
9570	/bkcmyk{_bkcmyk astore pop/_bp{gsave _bkcmyk aload pop setcmykcolor fill grestore}def}def
9571	/frg{ /_frg exch def /_fp{_frg setgray}def}def
9572	/frrgb{_frrgb astore pop/_fp{_frrgb aload pop setrgbcolor}def}def
9573	/frcmyk{_frcmyk astore pop/_fp{_frcmyk aload pop setcmykcolor}def}def
9574	/icomp{/ncolors edf
9575	ncolors 1 gt{/proc0 edf
9576	dup dup 0 get ncolors div cvi exch 0 3 -1 roll put
9577	4 -1 roll ncolors div cvi 4 1 roll{proc0 dup/st0 edf
9578	0 exch ncolors exch length
9579	dup ncolors sub exch ncolors div cvi string/st1 edf
9580	{dup 0 exch dup 1 exch
9581	2 add{st0 exch get add}bind for
9582	3 div ncolors 4 eq{exch dup 3 1 roll 3 add st0 exch get add 255 exch sub dup 0 lt{pop 0}if}if cvi
9583	dup 255 gt{pop 255}if
9584	exch ncolors div cvi exch
9585	st1 3 1 roll put}bind for
9586	st1}}if i}bdf
9587	/ci
9588	{/colorimage where
9589	{pop false exch colorimage}
9590	{icomp}
9591	ifelse}bdf
9592	/impat
9593	{/cnt 0 def
9594	/MySave save def
9595	currot 0 ne{currot neg rotate}if
9596	clip
9597	flattenpath
9598	pathbbox
9599	3 -1 roll
9600	8 div floor 8 mul dup/starty edf
9601	sub abs 8 div ceiling 8 mul cvi/height edf
9602	exch 8 div floor 8 mul dup/startx edf
9603	sub abs 8 div ceiling 8 mul cvi/width edf
9604	startx starty translate
9605	width height scale
9606	/height height 8 mul def
9607	/st0 width string def
9608	width height T [width 0 0 height neg 0 height]
9609	{patstr
9610	cnt 8 mod
9611	get/st1 edf
9612	0 1
9613	st0 length 1 sub dup 0 le{pop 1}if
9614	{st0 exch
9615	st1
9616	put}bind for/cnt cnt 1 add def
9617	st0}bind
9618	imagemask
9619	MySave restore
9620	newpath}bdf
9621	/cm{/ncolors edf
9622	translate
9623	scale/height edf/colorimage where
9624	{pop}
9625	{ncolors mul}ifelse/width edf
9626	/tbitstr width string def
9627	width height 8 [width 0 0 height neg 0 height]
9628	{currentfile tbitstr readhexstring pop}bind
9629	ncolors
9630	dup 3 eq {ci}{icomp}ifelse}bdf
9631	/im{translate
9632	scale
9633	/height edf
9634	/width edf
9635	/tbitstr width 7 add 8 div cvi string def
9636	width height 1 [width 0 0 height neg 0 height]
9637	{currentfile tbitstr readhexstring pop}bind
9638	i}bdf
9639	/imk{/invFlag edf
9640	translate
9641	scale
9642	/height edf
9643	/width edf
9644	/tbitstr width 7 add 8 div cvi string def
9645	width height invFlag [width 0 0 height neg 0 height]
9646	{currentfile tbitstr readhexstring pop}bind
9647	imagemask}bdf
9648	/BeginEPSF
9649	{/MySave save def
9650	/dict_count countdictstack def
9651	/op_count count 1 sub def
9652	userdict begin
9653	/showpage {} def
9654	0 setgray 0 setlinecap
9655	1 setlinewidth 0 setlinejoin
9656	10 setmiterlimit [] 0 setdash newpath
9657	/languagelevel where
9658	{pop languagelevel 1 ne{false setstrokeadjust false setoverprint}if}if
9659	}bdf
9660	/EndEPSF
9661	{count op_count sub {pop}repeat
9662	countdictstack dict_count sub {end}repeat
9663	MySave restore}bdf
9664	/rectpath {/cv_r edf/cv_b edf/cv_l edf/cv_t edf
9665	cv_l cv_t moveto cv_r cv_t lineto cv_r cv_b lineto cv_l cv_b lineto cv_l cv_t lineto closepath}bdf
9666	/setpen{/penh edf/penv edf/penv2 penv 2 div def/penh2 penh 2 div def}bdf
9667	/dostroke{not pens 1.0 currentgray ne or {s}{newpath}ifelse}bdf
9668	/dodashfill{not fills 1.0 currentgray ne or
9669	{gsave f grestore gsave [] 0 setdash
9670	stroketype/stroketype filltype def
9671	s/stroketype edf grestore}{newpath}ifelse}bdf
9672	/dofill{not fills 1.0 currentgray ne or {f}{newpath}ifelse}bdf
9673	/dofillsave{not fills 1.0 currentgray ne or {gsave f grestore}if}bdf
9674	/doline{not pens 1.0 currentgray ne or {filltype/filltype stroketype def f/filltype edf}{newpath}ifelse}bdf
9675	/spx{SpaceExtra 0 32 4 -1 roll widthshow}bdf
9676	/lsx{SpaceExtra 0 32 LetterSpace 0 6 -1 roll awidthshow}bdf
9677	/Rjust{stringwidth pop JustOffset exch sub /JustOffset edf}bdf
9678	/Cjust{stringwidth pop 2 div JustOffset exch sub /JustOffset edf}bdf
9679	/adjfit{stringwidth pop LetterSpace StringLength 1 sub mul add SpaceExtra NumSpaces mul add dup /pw edf JustOffset exch
9680	sub dup /wdif edf StringLength div LetterSpace add /LetterSpace edf}bdf
9681	/ulb{currentpoint pop /underlinpt edf}bdf
9682	/ule{gsave currentpoint newpath moveto currentfont dup /ft1 known{dup /ft1 get begin /FontMatrix get FontMatrix tpmx concatmatrix pop}
9683	{begin FontMatrix tpmx copy pop}ifelse currentfont /FontInfo known {FontInfo begin UnderlinePosition UnderlineThickness end}{100 1}ifelse end dup tpmx
9684	dtransform pop setlinewidth dup tpmx dtransform pop 0 exch rmoveto underlinpt currentpoint pop sub 0 rlineto stroke grestore}bdf
9685	/fittext{ /SpaceExtra edf /LetterSpace edf /StringLength edf /NumSpaces edf /JustOffset edf not 1 currentgray ne or
9686	{dup {ulb}if exch
9687	dup adjfit
9688	lsx {ule}if}{pop pop}ifelse}bdf
9689	/cvRecFont{/encod edf FontDirectory 2 index known{cleartomark}{findfont dup length 1 add dict begin
9690	{1 index/FID ne{def}{pop pop}ifelse}forall encod{/Encoding CVvec def}if
9691	currentdict end definefont cleartomark}ifelse}bdf
9692	/wrk1 ( ) def/wdict 16 dict def
9693	/Work75 75 string def /Nmk{Work75 cvs dup}bdf /Npt{put cvn}bdf /dhOdh{Nmk 2 79 Npt}bdf /dhodh{Nmk 2 111 Npt}bdf /dhSdh{Nmk 2 83 Npt}bdf
9694	/sfWidth{gsave 0 0 moveto 0 0 lineto 0 0 lineto 0 0 lineto closepath clip stringwidth grestore}bdf
9695	/MakOF{dup dhodh FontDirectory 1 index known{exch pop}{exch findfont dup length 1 add dict begin
9696	{1 index/FID ne 2 index /UniqueID ne and{def}{pop pop}ifelse}forall
9697	/PaintType 2 def
9698	/StrokeWidth .24 1000 mul ftSize div dup 12 lt{pop 12}if def
9699	dup currentdict end definefont pop}ifelse}bdf
9700	/fts{dup/ftSize edf}def
9701	/mkFT{/tempFT 11 dict def tempFT begin
9702	/FontMatrix [1 0 0 1 0 0] def/FontType 3 def
9703	FontDirectory 3 index get /Encoding get/Encoding exch def
9704	/proc2 edf/ft2 exch findfont def/ft1 exch findfont def/FontBBox [0 0 1 1] def
9705	/BuildChar{wdict begin/chr edf/ftdt edf/chrst wrk1 dup 0 chr put def ftdt/proc2 get exec end}def
9706	end tempFT definefont pop}bdf
9707	/OLFt{dup dhOdh FontDirectory 1 index known{exch pop}
9708	{dup 3 -1 roll dup MakOF {outproc} mkFT}ifelse}bdf
9709	/mshw{moveto show}bdf
9710	/outproc{ftdt/ft1 get setfont gsave chrst sfWidth grestore setcharwidth dblsh}bdf
9711	/dblsh{currentgray 1 setgray chrst 0 0 mshw setgray ftdt/ft2 get setfont chrst 0 0 mshw}bdf
9712	/ShadChar{ftdt/ft1 get setfont gsave chrst sfWidth 1 index 0 ne{exch .05 add exch}if grestore setcharwidth
9713	chrst .06 0 mshw 0 .05 translate dblsh}bdf
9714	/ShFt{dup dhSdh FontDirectory 1 index known{exch pop}
9715	{dup 3 -1 roll dup MakOF {ShadChar} mkFT}ifelse}bdf
9716	/LswUnits{72 75 div dup scale}bdf
9717	/erasefill{_bp}def
9718	/CVvec 256 array def
9719	/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US
9720	CVvec 0 32 getinterval astore pop
9721	CVvec 32/Times-Roman findfont/Encoding get
9722	32 96 getinterval putinterval CVvec dup 39/quotesingle put 96/grave put
9723	/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute
9724	/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave
9725	/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute
9726	/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis
9727	/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls
9728	/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash
9729	/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation
9730	/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash
9731	/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft
9732	/guillemotright/ellipsis/blank/Agrave/Atilde/Otilde/OE/oe
9733	/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge
9734	/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl
9735	/daggerdbl/periodcentered/quotesinglbase/quotedblbase/perthousand/Acircumflex/Ecircumflex/Aacute
9736	/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex
9737	/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde
9738	/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron
9739	CVvec 128 128 getinterval astore pop
9740	end
9741	%%EndProcSet
9742	%%BeginSetup
9743	CanvasDict begin
9744	0 setlinecap
9745	0 setlinejoin
9746	4 setmiterlimit
9747	/currot 0 def
9748	origmtx currentmatrix pop
9749	[] 0 setdash
9750	1 1 setpen
9751	1 fg
9752	0 pg
9753	0 frg
9754	1 bkg
9755	newpath
9756	/dbg F def
9757	286.5 166.5 translate
9758	1 -1 scale
9759	-286.5 -166.5 translate
9760	%%EndSetup
9761	% ---- Object #1:1 Obj Type: 99
9762	% ---- Object #2:4 Obj Type: 99
9763	% ---- Object #3:5 Obj Type: 6
9764	0 setlinecap
9765	0 setlinejoin
9766	233.5 157.5 moveto
9767	233.5 143.7865 222.2135 132.5 208.5 132.5 curveto
9768	194.7865 132.5 183.5 143.7865 183.5 157.5 curveto
9769	183.5 171.2135 194.7865 182.5 208.5 182.5 curveto
9770	222.2135 182.5 233.5 171.2135 233.5 157.5 curveto
9771	closepath
9772	F dofillsave
9773	F dostroke
9774	% ---- Object #4:7 Obj Type: 2
9775	0 0 setpen
9776	save
9777	0 setgray
9778	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
9779	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
9780	0 setgray
9781	203.375 152.5 moveto
9782	(A)
9783	show
9784	restore
9785	% ---- Object #5:27 Obj Type: 10
9786	1 1 setpen
9787	0 setlinecap
9788	0 setlinejoin
9789	226.8333 175.6667 moveto
9790	256.8333 196.1667 314.5 198 346.5 175.5 curveto
9791	F dofillsave
9792	F dostroke
9793	gsave
9794	newpath
9795	334.6478 177.3773 moveto
9796	335.1054 180.2668 336.4195 182.6374 338.6274 184.5566 curveto
9797	342.5637 180.0283 342.5637 180.0283 346.5 175.5 curveto
9798	346.5 175.5 334.6478 177.3773 334.6478 177.3773 curveto
9799	closepath
9800	F doline
9801	grestore
9802	% ---- Object #6:30 Obj Type: 2
9803	0 0 setpen
9804	save
9805	0 setgray
9806	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
9807	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
9808	0 setgray
9809	221.125 178.75 moveto
9810	(\312)
9811	show
9812	restore
9813	% ---- Object #7:28 Obj Type: 2
9814	save
9815	0 setgray
9816	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
9817	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
9818	0 setgray
9819	278.125 181 moveto
9820	(\313)
9821	show
9822	restore
9823	% ---- Object #8:26 Obj Type: 99
9824	% ---- Object #9:6 Obj Type: 6
9825	1 1 setpen
9826	0 setlinecap
9827	0 setlinejoin
9828	390 157.75 moveto
9829	390 144.0365 378.7135 132.75 365 132.75 curveto
9830	351.2865 132.75 340 144.0365 340 157.75 curveto
9831	340 171.4635 351.2865 182.75 365 182.75 curveto
9832	378.7135 182.75 390 171.4635 390 157.75 curveto
9833	closepath
9834	F dofillsave
9835	F dostroke
9836	% ---- Object #10:25 Obj Type: 2
9837	0 0 setpen
9838	save
9839	0 setgray
9840	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
9841	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
9842	0 setgray
9843	360.375 152.75 moveto
9844	(B)
9845	show
9846	restore
9847	% ---- Object #11:32 Obj Type: 2
9848	save
9849	0 setgray
9850	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
9851	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
9852	0 setgray
9853	342.375 178.5 moveto
9854	(\314)
9855	show
9856	restore
9857	% ---- Object #12:29 Obj Type: 3
9858	1 1 setpen
9859	2 setlinecap
9860	0 setlinejoin
9861	gsave
9862	newpath
9863	244.2763 161.1042 moveto
9864	245.2769 158.3551 245.2769 155.6447 244.2763 152.8956 curveto
9865	238.6381 154.9478 238.6381 154.9478 233 157 curveto
9866	233 157 244.2763 161.1042 244.2763 161.1042 curveto
9867	closepath
9868	F doline
9869	grestore
9870	gsave
9871	newpath
9872	339.5 157 moveto
9873	244.75 157 lineto
9874	F dostroke
9875	grestore
9876	% ---- Object #13:34 Obj Type: 2
9877	0 0 setpen
9878	save
9879	0 setgray
9880	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
9881	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
9882	0 setgray
9883	278.125 145.5 moveto
9884	(\316)
9885	show
9886	restore
9887	% ---- Object #14:35 Obj Type: 2
9888	save
9889	0 setgray
9890	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
9891	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
9892	0 setgray
9893	181.375 130.5 moveto
9894	(\317)
9895	show
9896	restore
9897	% ---- Object #15:36 Obj Type: 2
9898	save
9899	0 setgray
9900	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
9901	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
9902	0 setgray
9903	382.375 130.5 moveto
9904	(\315)
9905	show
9906	restore
9907	origmtx setmatrix
9908	systemdict /setpacking known {origpack setpacking} if end
9909	%%EndDocument:
9910	pse
9911	gR
9912	gS 13 12 568 818 rC
9913	217 183 :M
9914	f3_9 sf
9915	-.03(Figure 8 \321 Two-way Authentication)A
9916	54 207 :M
9917	f6_10 sf
9918	-.008(The following steps are involved, as depicted in Figure 8:)A
9919	54 224 :M
9920	-.328(1\))A
9921	72 224 :M
9922	-.089(as for 10.2.)A
9923	54 241 :M
9924	-.328(2\))A
9925	72 241 :M
9926	-.089(as for 10.2.)A
9927	54 258 :M
9928	-.328(3\))A
9929	72 258 :M
9930	-.048(as for 10.2)A
9931	54 275 :M
9932	-.328(4\))A
9933	72 275 :M
9934	-.062(B generates r)A
9935	125 272 :M
9936	f6_7 sf
9937	(B)S
9938	130 275 :M
9939	f6_10 sf
9940	-.01(, a non-repeating number, used for similar purpose$s$ to r)A
9941	f6_7 sf
9942	0 -3 rm
9943	(A)S
9944	0 3 rm
9945	f6_10 sf
9946	(.)S
9947	54 292 :M
9948	-.328(5\))A
9949	72 292 :M
9950	-.003(B sends the following authentication token to A:)A
9951	90 306 :M
9952	-.23(B{t)A
9953	f6_7 sf
9954	0 -3 rm
9955	(B)S
9956	0 3 rm
9957	109 306 :M
9958	f6_10 sf
9959	-.213(, r)A
9960	f6_7 sf
9961	0 -3 rm
9962	(B)S
9963	0 3 rm
9964	122 306 :M
9965	f6_10 sf
9966	-.109(, A, r)A
9967	143 303 :M
9968	f6_7 sf
9969	-.144(A)A
9970	f6_10 sf
9971	0 3 rm
9972	-.209(}.)A
9973	0 -3 rm
9974	72 320 :M
9975	-.117(where t)A
9976	102 317 :M
9977	f6_7 sf
9978	(B)S
9979	107 320 :M
9980	f6_10 sf
9981	-.013( is a timestamp defined in the same way as t)A
9982	f6_7 sf
9983	0 -3 rm
9984	(A)S
9985	0 3 rm
9986	f6_10 sf
9987	(.)S
9988	72 337 :M
9989	-.001(Alternatively, if data origin authentication of \322sgnData\323 is to be provided by the digital signature:)A
9990	90 351 :M
9991	-.23(B{t)A
9992	f6_7 sf
9993	0 -3 rm
9994	(B)S
9995	0 3 rm
9996	109 351 :M
9997	f6_10 sf
9998	-.213(, r)A
9999	f6_7 sf
10000	0 -3 rm
10001	(B)S
10002	0 3 rm
10003	122 351 :M
10004	f6_10 sf
10005	-.109(, A, r)A
10006	143 348 :M
10007	f6_7 sf
10008	(A)S
10009	f6_10 sf
10010	0 3 rm
10011	-.011(, sgnData}.)A
10012	0 -3 rm
10013	72 365 :M
10014	.029 .003(In cases where information is to be conveyed which will subsequently be used as a private key \(this information)J
10015	72 376 :M
10016	-.022(is referred to as \322encData\323 \):)A
10017	90 390 :M
10018	-.23(B{t)A
10019	f6_7 sf
10020	0 -3 rm
10021	(B)S
10022	0 3 rm
10023	109 390 :M
10024	f6_10 sf
10025	-.213(, r)A
10026	f6_7 sf
10027	0 -3 rm
10028	(B)S
10029	0 3 rm
10030	122 390 :M
10031	f6_10 sf
10032	-.109(, A, r)A
10033	143 387 :M
10034	f6_7 sf
10035	(A)S
10036	f6_10 sf
10037	0 3 rm
10038	-.011(,sgnData, Ap[encData]}.)A
10039	0 -3 rm
10040	72 404 :M
10041	.991 .099(The use of \322encData\323 as a private key implies that it shall be chosen carefully, e.g. to be a strong key for)J
10042	72 415 :M
10043	-.002(whatever cryptosystem is used as indicated in the \322sgnData\323 field of the token.)A
10044	54 429 :M
10045	-.328(6\))A
10046	72 429 :M
10047	-.01(A carries out the following actions:)A
10048	72 443 :M
10049	-.766(a\))A
10050	90 443 :M
10051	-.003(verifies the signature, and thus the integrity of the signed information;)A
10052	72 457 :M
10053	-.328(b\))A
10054	90 457 :M
10055	-.013(checks that A is the intended recipient;)A
10056	72 471 :M
10057	-.766(c\))A
10058	90 471 :M
10059	-.033(checks that the timestamp t)A
10060	199 468 :M
10061	f6_7 sf
10062	(B)S
10063	204 471 :M
10064	f6_10 sf
10065	-.071( is \322current\323)A
10066	72 485 :M
10067	-.328(d\))A
10068	90 485 :M
10069	-.029(optionally, checks that r)A
10070	f6_7 sf
10071	0 -3 rm
10072	(B)S
10073	0 3 rm
10074	191 485 :M
10075	f6_10 sf
10076	-.023( has not been replayed $see 10.2 step 3d$.)A
10077	54 509 :M
10078	f3_12 sf
10079	(10.4)S
10080	81 509 :M
10081	-.013(Three-way authentication)A
10082	:a
10083	36 <3049883AB59CF039
10084	><3030304949498888883A3A3AB5B5B59C9C9CF0F0F0393939
10085	>fg bk :b
10086	173 518 230 96 rC
10087	:e
10088	0 G
10089	1153 1895 :M
10090	%%DSIDICT:_cv
10091	userdict /_cv known not dup {userdict /_cv 20 dict put}if
10092	_cv begin
10093	/bdf{bind def}bind def
10094	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
10095	/setcmykcolor where{/setcmykcolor get /cvcmyk exch def}{/cvcmyk{1 sub 4 1 roll 3{3 index add neg dup 0 lt{pop 0}if 3 1 roll}repeat setrgbcolor pop}bdf }ifelse
10096	/stg{isDeviceColor {cf ca /cs load setscreen setgray}{pop}ifelse}bdf
10097	/strgb{isDeviceColor {cf ca /cs load setscreen setrgbcolor}{pop pop pop}ifelse}bdf
10098	/stcmyk{isDeviceColor {cf ca /cs load setscreen cvcmyk}{pop pop pop pop}ifelse}bdf
10099	/min1{dup 0 eq{pop 1}if}bdf
10100	currentscreen/cs exch def/ca exch def/cf exch def
10101	end
10102	0 0 0 0 rC
10103	1153 1895 :M
10104	f10_2 sf
10105	(.)S
10106	gR
10107	gS 173 518 230 96 rC
10108	1155 1895 :M
10109	psb
10110	pse
10111	173 518 :M
10112	psb
10113
10114	currentpoint
10115	pse
10116	403 614 :M
10117	psb
10118	%%CopyWithEps
10119
10120	currentpoint
10121	2 index sub exch 3 index sub
10122	230 div exch 96 div 3 index 172 sub 3 index 127 sub 4 2 roll 5 index 5 index translate
10123	scale
10124	4 2 roll neg exch neg exch translate translate
10125	%!PS-Adobe-2.0 EPSF-1.2
10126	%%Title: EPSFile
10127	%%Creator: Canvas 3.5
10128	%%For: hoyt
10129	%%CreationDate: 17 May 1994 22:02
10130	%%BoundingBox: 170 126 403 224
10131	%%DocumentProcSets: CanvasDict
10132	%%DocumentSuppliedProcSets: CanvasDict
10133	%%Copyright ©1988-91 Deneba Systems, Inc. - All Rights Reserved Worldwide
10134	%%DocumentFonts: Helvetica-Bold
10135	%%+ ZapfDingbats
10136	%%DocumentNeededFonts: Helvetica-Bold
10137	%%+ ZapfDingbats
10138	%%EndComments
10139	%%BeginProcSet:CanvasDict
10140	/CanvasDict where not{/CanvasDict 250 dict def}{pop}ifelse
10141	CanvasDict begin
10142	systemdict/setpacking known{/origpack currentpacking def true setpacking}if
10143	/bdf{bind def}bind def
10144	/_cv 20 dict begin
10145	/isDeviceColor {/currentcolorspace where{pop currentcolorspace 0 get dup /DeviceGray eq exch dup /DeviceRGB eq exch /DeviceCMYK eq or or}{T}ifelse}bdf
10146	/stg{isDeviceColor{setgray}{pop}ifelse}bdf
10147	/strgb{isDeviceColor{setrgbcolor}{pop pop pop}ifelse}bdf
10148	/stcmyk{isDeviceColor{setcmykcolor}{pop pop pop pop}ifelse}bdf
10149	currentdict end def
10150	/xdf{exch bind def}bdf
10151	/min{2 copy gt{exch}if pop}bdf
10152	/edf{exch def}bdf
10153	/max{2 copy lt{exch}if pop}bdf
10154	/cvmtx matrix def
10155	/tpmx matrix def
10156	/currot 0 def
10157	/rotmtx matrix def
10158	/origmtx matrix def
10159	/cvangle{360 exch sub 90 add 360 mod}bdf
10160	/setrot{/currot edf rotmtx currentmatrix pop 2 copy translate currot rotate neg exch neg exch translate}bdf
10161	/endrot{rotmtx setmatrix /currot 0 def}bdf
10162	/i systemdict/image get def/T true def/F false def/dbg F def
10163	/ncolors 0 def/st0 ()def/st1 ()def/proc0 {}def
10164	/penh 1 def/penv 1 def/penv2 0 def/penh2 0 def/samplesize 0 def/width 0 def/height 0 def
10165	/setcmykcolor where not{/setcmykcolor{/b edf 3{b add 1.0 exch sub 0.0 max 1.0 min 3 1 roll}repeat systemdict begin setrgbcolor end}bdf}{pop}ifelse
10166	/doeoclip{closepath{eoclip}stopped{currentflat dup 2 mul setflat eoclip setflat}if}bdf
10167	/SpaceExtra 0 def/LetterSpace 0 def/StringLength 0 def/NumSpaces 0 def/JustOffset 0 def
10168	/f0{eofill} def
10169	/s0{1 setlinewidth cvmtx currentmatrix pop penh penv scale stroke cvmtx setmatrix}bdf
10170	/f1{_bp _fp impat}def
10171	/s1{cvmtx currentmatrix pop 1 setlinewidth penh penv scale
10172	{strokepath}stopped{currentflat dup 2 mul setflat strokepath setflat}if
10173	_bp
10174	cvmtx setmatrix _fp impat}def
10175	/filltype 0 def
10176	/stroketype 0 def
10177	/f{filltype 0 eq{f0}{f1}ifelse}bdf
10178	/s{stroketype 0 eq{s0}{s1}ifelse}bdf
10179	/_fp{}def
10180	/_bp{}def
10181	/_fg 1 def
10182	/_pg 0 def
10183	/_bkg 1 def
10184	/_frg 0 def
10185	/_frgb 3 array def
10186	/_frrgb [0 0 0] def
10187	/_fcmyk 4 array def
10188	/_frcmyk [0 0 0 1] def
10189	/_prgb 3 array def
10190	/_pcmyk 4 array def
10191	/_bkrgb [1 1 1] def
10192	/_bkcmyk [0 0 0 0] def
10193	/fg{/_fg exch def /filltype 0 def/fills{_fg setgray}def}def
10194	/frgb{_frgb astore pop /filltype 0 def/fills{_frgb aload pop setrgbcolor}def}def
10195	/fcmyk{_fcmyk astore pop /filltype 0 def/fills{_fcmyk aload pop setcmykcolor}def}def
10196	/pg{/_pg exch def /stroketype 0 def/pens{_pg setgray}def}def
10197	/prgb{_prgb astore pop /stroketype 0 def/pens{_prgb aload pop setrgbcolor}def}def
10198	/pcmyk{_pcmyk astore pop /stroketype 0 def/pens{_pcmyk aload pop setcmykcolor}def}def
10199	/fpat{/fstr edf/filltype 1 def/fills{/patstr fstr def}bdf}bdf
10200	/ppat{/sstr edf/stroketype 1 def/pens{/patstr sstr def}bdf}bdf
10201	/bkg{ /_bkg exch def /_bp{gsave _bkg setgray fill grestore}def}def
10202	/bkrgb{_bkrgb astore pop/_bp{gsave _bkrgb aload pop setrgbcolor fill grestore}def}def
10203	/bkcmyk{_bkcmyk astore pop/_bp{gsave _bkcmyk aload pop setcmykcolor fill grestore}def}def
10204	/frg{ /_frg exch def /_fp{_frg setgray}def}def
10205	/frrgb{_frrgb astore pop/_fp{_frrgb aload pop setrgbcolor}def}def
10206	/frcmyk{_frcmyk astore pop/_fp{_frcmyk aload pop setcmykcolor}def}def
10207	/icomp{/ncolors edf
10208	ncolors 1 gt{/proc0 edf
10209	dup dup 0 get ncolors div cvi exch 0 3 -1 roll put
10210	4 -1 roll ncolors div cvi 4 1 roll{proc0 dup/st0 edf
10211	0 exch ncolors exch length
10212	dup ncolors sub exch ncolors div cvi string/st1 edf
10213	{dup 0 exch dup 1 exch
10214	2 add{st0 exch get add}bind for
10215	3 div ncolors 4 eq{exch dup 3 1 roll 3 add st0 exch get add 255 exch sub dup 0 lt{pop 0}if}if cvi
10216	dup 255 gt{pop 255}if
10217	exch ncolors div cvi exch
10218	st1 3 1 roll put}bind for
10219	st1}}if i}bdf
10220	/ci
10221	{/colorimage where
10222	{pop false exch colorimage}
10223	{icomp}
10224	ifelse}bdf
10225	/impat
10226	{/cnt 0 def
10227	/MySave save def
10228	currot 0 ne{currot neg rotate}if
10229	clip
10230	flattenpath
10231	pathbbox
10232	3 -1 roll
10233	8 div floor 8 mul dup/starty edf
10234	sub abs 8 div ceiling 8 mul cvi/height edf
10235	exch 8 div floor 8 mul dup/startx edf
10236	sub abs 8 div ceiling 8 mul cvi/width edf
10237	startx starty translate
10238	width height scale
10239	/height height 8 mul def
10240	/st0 width string def
10241	width height T [width 0 0 height neg 0 height]
10242	{patstr
10243	cnt 8 mod
10244	get/st1 edf
10245	0 1
10246	st0 length 1 sub dup 0 le{pop 1}if
10247	{st0 exch
10248	st1
10249	put}bind for/cnt cnt 1 add def
10250	st0}bind
10251	imagemask
10252	MySave restore
10253	newpath}bdf
10254	/cm{/ncolors edf
10255	translate
10256	scale/height edf/colorimage where
10257	{pop}
10258	{ncolors mul}ifelse/width edf
10259	/tbitstr width string def
10260	width height 8 [width 0 0 height neg 0 height]
10261	{currentfile tbitstr readhexstring pop}bind
10262	ncolors
10263	dup 3 eq {ci}{icomp}ifelse}bdf
10264	/im{translate
10265	scale
10266	/height edf
10267	/width edf
10268	/tbitstr width 7 add 8 div cvi string def
10269	width height 1 [width 0 0 height neg 0 height]
10270	{currentfile tbitstr readhexstring pop}bind
10271	i}bdf
10272	/imk{/invFlag edf
10273	translate
10274	scale
10275	/height edf
10276	/width edf
10277	/tbitstr width 7 add 8 div cvi string def
10278	width height invFlag [width 0 0 height neg 0 height]
10279	{currentfile tbitstr readhexstring pop}bind
10280	imagemask}bdf
10281	/BeginEPSF
10282	{/MySave save def
10283	/dict_count countdictstack def
10284	/op_count count 1 sub def
10285	userdict begin
10286	/showpage {} def
10287	0 setgray 0 setlinecap
10288	1 setlinewidth 0 setlinejoin
10289	10 setmiterlimit [] 0 setdash newpath
10290	/languagelevel where
10291	{pop languagelevel 1 ne{false setstrokeadjust false setoverprint}if}if
10292	}bdf
10293	/EndEPSF
10294	{count op_count sub {pop}repeat
10295	countdictstack dict_count sub {end}repeat
10296	MySave restore}bdf
10297	/rectpath {/cv_r edf/cv_b edf/cv_l edf/cv_t edf
10298	cv_l cv_t moveto cv_r cv_t lineto cv_r cv_b lineto cv_l cv_b lineto cv_l cv_t lineto closepath}bdf
10299	/setpen{/penh edf/penv edf/penv2 penv 2 div def/penh2 penh 2 div def}bdf
10300	/dostroke{not pens 1.0 currentgray ne or {s}{newpath}ifelse}bdf
10301	/dodashfill{not fills 1.0 currentgray ne or
10302	{gsave f grestore gsave [] 0 setdash
10303	stroketype/stroketype filltype def
10304	s/stroketype edf grestore}{newpath}ifelse}bdf
10305	/dofill{not fills 1.0 currentgray ne or {f}{newpath}ifelse}bdf
10306	/dofillsave{not fills 1.0 currentgray ne or {gsave f grestore}if}bdf
10307	/doline{not pens 1.0 currentgray ne or {filltype/filltype stroketype def f/filltype edf}{newpath}ifelse}bdf
10308	/spx{SpaceExtra 0 32 4 -1 roll widthshow}bdf
10309	/lsx{SpaceExtra 0 32 LetterSpace 0 6 -1 roll awidthshow}bdf
10310	/Rjust{stringwidth pop JustOffset exch sub /JustOffset edf}bdf
10311	/Cjust{stringwidth pop 2 div JustOffset exch sub /JustOffset edf}bdf
10312	/adjfit{stringwidth pop LetterSpace StringLength 1 sub mul add SpaceExtra NumSpaces mul add dup /pw edf JustOffset exch
10313	sub dup /wdif edf StringLength div LetterSpace add /LetterSpace edf}bdf
10314	/ulb{currentpoint pop /underlinpt edf}bdf
10315	/ule{gsave currentpoint newpath moveto currentfont dup /ft1 known{dup /ft1 get begin /FontMatrix get FontMatrix tpmx concatmatrix pop}
10316	{begin FontMatrix tpmx copy pop}ifelse currentfont /FontInfo known {FontInfo begin UnderlinePosition UnderlineThickness end}{100 1}ifelse end dup tpmx
10317	dtransform pop setlinewidth dup tpmx dtransform pop 0 exch rmoveto underlinpt currentpoint pop sub 0 rlineto stroke grestore}bdf
10318	/fittext{ /SpaceExtra edf /LetterSpace edf /StringLength edf /NumSpaces edf /JustOffset edf not 1 currentgray ne or
10319	{dup {ulb}if exch
10320	dup adjfit
10321	lsx {ule}if}{pop pop}ifelse}bdf
10322	/cvRecFont{/encod edf FontDirectory 2 index known{cleartomark}{findfont dup length 1 add dict begin
10323	{1 index/FID ne{def}{pop pop}ifelse}forall encod{/Encoding CVvec def}if
10324	currentdict end definefont cleartomark}ifelse}bdf
10325	/wrk1 ( ) def/wdict 16 dict def
10326	/Work75 75 string def /Nmk{Work75 cvs dup}bdf /Npt{put cvn}bdf /dhOdh{Nmk 2 79 Npt}bdf /dhodh{Nmk 2 111 Npt}bdf /dhSdh{Nmk 2 83 Npt}bdf
10327	/sfWidth{gsave 0 0 moveto 0 0 lineto 0 0 lineto 0 0 lineto closepath clip stringwidth grestore}bdf
10328	/MakOF{dup dhodh FontDirectory 1 index known{exch pop}{exch findfont dup length 1 add dict begin
10329	{1 index/FID ne 2 index /UniqueID ne and{def}{pop pop}ifelse}forall
10330	/PaintType 2 def
10331	/StrokeWidth .24 1000 mul ftSize div dup 12 lt{pop 12}if def
10332	dup currentdict end definefont pop}ifelse}bdf
10333	/fts{dup/ftSize edf}def
10334	/mkFT{/tempFT 11 dict def tempFT begin
10335	/FontMatrix [1 0 0 1 0 0] def/FontType 3 def
10336	FontDirectory 3 index get /Encoding get/Encoding exch def
10337	/proc2 edf/ft2 exch findfont def/ft1 exch findfont def/FontBBox [0 0 1 1] def
10338	/BuildChar{wdict begin/chr edf/ftdt edf/chrst wrk1 dup 0 chr put def ftdt/proc2 get exec end}def
10339	end tempFT definefont pop}bdf
10340	/OLFt{dup dhOdh FontDirectory 1 index known{exch pop}
10341	{dup 3 -1 roll dup MakOF {outproc} mkFT}ifelse}bdf
10342	/mshw{moveto show}bdf
10343	/outproc{ftdt/ft1 get setfont gsave chrst sfWidth grestore setcharwidth dblsh}bdf
10344	/dblsh{currentgray 1 setgray chrst 0 0 mshw setgray ftdt/ft2 get setfont chrst 0 0 mshw}bdf
10345	/ShadChar{ftdt/ft1 get setfont gsave chrst sfWidth 1 index 0 ne{exch .05 add exch}if grestore setcharwidth
10346	chrst .06 0 mshw 0 .05 translate dblsh}bdf
10347	/ShFt{dup dhSdh FontDirectory 1 index known{exch pop}
10348	{dup 3 -1 roll dup MakOF {ShadChar} mkFT}ifelse}bdf
10349	/LswUnits{72 75 div dup scale}bdf
10350	/erasefill{_bp}def
10351	/CVvec 256 array def
10352	/NUL/SOH/STX/ETX/EOT/ENQ/ACK/BEL/BS/HT/LF/VT/FF/CR/SO/SI/DLE/DC1/DC2/DC3/DC4/NAK/SYN/ETB/CAN/EM/SUB/ESC/FS/GS/RS/US
10353	CVvec 0 32 getinterval astore pop
10354	CVvec 32/Times-Roman findfont/Encoding get
10355	32 96 getinterval putinterval CVvec dup 39/quotesingle put 96/grave put
10356	/Adieresis/Aring/Ccedilla/Eacute/Ntilde/Odieresis/Udieresis/aacute
10357	/agrave/acircumflex/adieresis/atilde/aring/ccedilla/eacute/egrave
10358	/ecircumflex/edieresis/iacute/igrave/icircumflex/idieresis/ntilde/oacute
10359	/ograve/ocircumflex/odieresis/otilde/uacute/ugrave/ucircumflex/udieresis
10360	/dagger/degree/cent/sterling/section/bullet/paragraph/germandbls
10361	/registered/copyright/trademark/acute/dieresis/notequal/AE/Oslash
10362	/infinity/plusminus/lessequal/greaterequal/yen/mu/partialdiff/summation
10363	/product/pi/integral/ordfeminine/ordmasculine/Omega/ae/oslash
10364	/questiondown/exclamdown/logicalnot/radical/florin/approxequal/Delta/guillemotleft
10365	/guillemotright/ellipsis/blank/Agrave/Atilde/Otilde/OE/oe
10366	/endash/emdash/quotedblleft/quotedblright/quoteleft/quoteright/divide/lozenge
10367	/ydieresis/Ydieresis/fraction/currency/guilsinglleft/guilsinglright/fi/fl
10368	/daggerdbl/periodcentered/quotesinglbase/quotedblbase/perthousand/Acircumflex/Ecircumflex/Aacute
10369	/Edieresis/Egrave/Iacute/Icircumflex/Idieresis/Igrave/Oacute/Ocircumflex
10370	/apple/Ograve/Uacute/Ucircumflex/Ugrave/dotlessi/circumflex/tilde
10371	/macron/breve/dotaccent/ring/cedilla/hungarumlaut/ogonek/caron
10372	CVvec 128 128 getinterval astore pop
10373	end
10374	%%EndProcSet
10375	%%BeginSetup
10376	CanvasDict begin
10377	0 setlinecap
10378	0 setlinejoin
10379	4 setmiterlimit
10380	/currot 0 def
10381	origmtx currentmatrix pop
10382	[] 0 setdash
10383	1 1 setpen
10384	1 fg
10385	0 pg
10386	0 frg
10387	1 bkg
10388	newpath
10389	/dbg F def
10390	287 175 translate
10391	1 -1 scale
10392	-287 -175 translate
10393	%%EndSetup
10394	% ---- Object #1:1 Obj Type: 99
10395	% ---- Object #2:4 Obj Type: 99
10396	% ---- Object #3:5 Obj Type: 6
10397	0 setlinecap
10398	0 setlinejoin
10399	233.5 174.5 moveto
10400	233.5 160.7865 222.2135 149.5 208.5 149.5 curveto
10401	194.7865 149.5 183.5 160.7865 183.5 174.5 curveto
10402	183.5 188.2135 194.7865 199.5 208.5 199.5 curveto
10403	222.2135 199.5 233.5 188.2135 233.5 174.5 curveto
10404	closepath
10405	F dofillsave
10406	F dostroke
10407	% ---- Object #4:7 Obj Type: 2
10408	0 0 setpen
10409	save
10410	0 setgray
10411	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
10412	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
10413	0 setgray
10414	203.375 169.5 moveto
10415	(A)
10416	show
10417	restore
10418	% ---- Object #5:27 Obj Type: 10
10419	1 1 setpen
10420	0 setlinecap
10421	0 setlinejoin
10422	226.8333 192.6667 moveto
10423	256.8333 213.1667 314.5 215 346.5 192.5 curveto
10424	F dofillsave
10425	F dostroke
10426	gsave
10427	newpath
10428	334.6478 194.3773 moveto
10429	335.1054 197.2668 336.4195 199.6374 338.6274 201.5566 curveto
10430	342.5637 197.0283 342.5637 197.0283 346.5 192.5 curveto
10431	346.5 192.5 334.6478 194.3773 334.6478 194.3773 curveto
10432	closepath
10433	F doline
10434	grestore
10435	% ---- Object #6:30 Obj Type: 2
10436	0 0 setpen
10437	save
10438	0 setgray
10439	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
10440	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
10441	0 setgray
10442	221.125 195.75 moveto
10443	(\312)
10444	show
10445	restore
10446	% ---- Object #7:28 Obj Type: 2
10447	save
10448	0 setgray
10449	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
10450	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
10451	0 setgray
10452	278.125 198 moveto
10453	(\313)
10454	show
10455	restore
10456	% ---- Object #8:26 Obj Type: 99
10457	% ---- Object #9:6 Obj Type: 6
10458	1 1 setpen
10459	0 setlinecap
10460	0 setlinejoin
10461	390 174.75 moveto
10462	390 161.0365 378.7135 149.75 365 149.75 curveto
10463	351.2865 149.75 340 161.0365 340 174.75 curveto
10464	340 188.4635 351.2865 199.75 365 199.75 curveto
10465	378.7135 199.75 390 188.4635 390 174.75 curveto
10466	closepath
10467	F dofillsave
10468	F dostroke
10469	% ---- Object #10:25 Obj Type: 2
10470	0 0 setpen
10471	save
10472	0 setgray
10473	mark /\|___Helvetica-Bold /Helvetica-Bold T cvRecFont
10474	14 fts /\|___Helvetica-Bold findfont exch scalefont setfont
10475	0 setgray
10476	360.375 169.75 moveto
10477	(B)
10478	show
10479	restore
10480	% ---- Object #11:32 Obj Type: 2
10481	save
10482	0 setgray
10483	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
10484	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
10485	0 setgray
10486	342.375 195.5 moveto
10487	(\314)
10488	show
10489	restore
10490	% ---- Object #12:29 Obj Type: 3
10491	1 1 setpen
10492	2 setlinecap
10493	0 setlinejoin
10494	gsave
10495	newpath
10496	244.2763 178.1042 moveto
10497	245.2769 175.3551 245.2769 172.6447 244.2763 169.8956 curveto
10498	238.6381 171.9478 238.6381 171.9478 233 174 curveto
10499	233 174 244.2763 178.1042 244.2763 178.1042 curveto
10500	closepath
10501	F doline
10502	grestore
10503	gsave
10504	newpath
10505	339.5 174 moveto
10506	244.75 174 lineto
10507	F dostroke
10508	grestore
10509	% ---- Object #13:34 Obj Type: 2
10510	0 0 setpen
10511	save
10512	0 setgray
10513	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
10514	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
10515	0 setgray
10516	278.125 162.5 moveto
10517	(\316)
10518	show
10519	restore
10520	% ---- Object #14:35 Obj Type: 2
10521	save
10522	0 setgray
10523	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
10524	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
10525	0 setgray
10526	172.375 170 moveto
10527	(\317)
10528	show
10529	restore
10530	% ---- Object #15:36 Obj Type: 2
10531	save
10532	0 setgray
10533	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
10534	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
10535	0 setgray
10536	391.875 172 moveto
10537	(\315)
10538	show
10539	restore
10540	% ---- Object #16:37 Obj Type: 10
10541	1 1 setpen
10542	0 setlinecap
10543	0 setlinejoin
10544	228.3333 157.8333 moveto
10545	258.3333 137.3333 316 135.5 348 158 curveto
10546	F dofillsave
10547	F dostroke
10548	gsave
10549	newpath
10550	340.1272 148.9435 moveto
10551	337.9194 150.8628 336.6053 153.2334 336.1477 156.1229 curveto
10552	342.0739 157.0614 342.0739 157.0614 348 158 curveto
10553	348 158 340.1272 148.9435 340.1272 148.9435 curveto
10554	closepath
10555	F doline
10556	grestore
10557	% ---- Object #17:38 Obj Type: 2
10558	0 0 setpen
10559	save
10560	0 setgray
10561	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
10562	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
10563	0 setgray
10564	352.375 139.5 moveto
10565	(\276)
10566	show
10567	restore
10568	% ---- Object #18:39 Obj Type: 2
10569	save
10570	0 setgray
10571	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
10572	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
10573	0 setgray
10574	278.125 130 moveto
10575	(\275)
10576	show
10577	restore
10578	% ---- Object #19:40 Obj Type: 2
10579	save
10580	0 setgray
10581	mark /\|___ZapfDingbats /ZapfDingbats F cvRecFont
10582	12 fts /\|___ZapfDingbats findfont exch scalefont setfont
10583	0 setgray
10584	191.375 139.5 moveto
10585	(\274)
10586	show
10587	restore
10588	origmtx setmatrix
10589	systemdict /setpacking known {origpack setpacking} if end
10590	%%EndDocument:
10591	pse
10592	gR
10593	gS 13 12 568 818 rC
10594	214 627 :M
10595	f3_9 sf
10596	-.028(Figure 9 \321 Three-way Authentication)A
10597	54 651 :M
10598	f6_10 sf
10599	-.008(The following steps are involved, as depicted in Figure 9:)A
10600	72 668 :M
10601	-.328(1\))A
10602	90 668 :M
10603	-.069(As for 10.3.)A
10604	72 685 :M
10605	-.328(2\))A
10606	90 685 :M
10607	-.023(As for 10.3. Timestamp t)A
10608	191 682 :M
10609	f6_7 sf
10610	-.078(A)A
10611	f6_10 sf
10612	0 3 rm
10613	-.07( may be zero.)A
10614	0 -3 rm
10615	72 702 :M
10616	-.328(3\))A
10617	90 702 :M
10618	-.001(As for 10.3, except that the timestamp need not be checked.)A
10619	72 719 :M
10620	-.328(4\))A
10621	90 719 :M
10622	-.069(As for 10.3.)A
10623	72 736 :M
10624	-.328(5\))A
10625	90 736 :M
10626	-.023(As for 10.3. Timestamp t)A
10627	191 733 :M
10628	f6_7 sf
10629	(B)S
10630	196 736 :M
10631	f6_10 sf
10632	-.072( may be zero.)A
10633	72 753 :M
10634	-.328(6\))A
10635	90 753 :M
10636	-.001(As for 10.3, except that the timestamp need not be checked.)A
10637	72 770 :M
10638	-.328(7\))A
10639	90 770 :M
10640	-.027(A checks that the received r)A
10641	f6_7 sf
10642	0 -3 rm
10643	(A)S
10644	0 3 rm
10645	f6_10 sf
10646	-.025( is identical to the r)A
10647	283 767 :M
10648	f6_7 sf
10649	(A)S
10650	f6_10 sf
10651	0 3 rm
10652	-.009( which was sent.)A
10653	0 -3 rm
10654	endp
10655	%%Page: 23 23
10656	%%BeginPageSetup
10657	initializepage
10658	(hoyt; page: 23 of 40)setjob
10659	%%EndPageSetup
10660	-13 -12 :T
10661	gS 13 12 568 818 rC
10662	427 45 :M
10663	f3_10 sf
10664	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
10665	390 803 :M
10666	-.017(ITU-T Rec. X.509 $1993 E$)A
10667	531 803 :M
10668	(17)S
10669	90 81 :M
10670	f6_10 sf
10671	-.328(8\))A
10672	108 81 :M
10673	-.003(A sends the following authentication token to B:)A
10674	144 98 :M
10675	-.26(A{r)A
10676	f6_7 sf
10677	0 -3 rm
10678	(B)S
10679	0 3 rm
10680	164 98 :M
10681	f6_10 sf
10682	-.157(,B}.)A
10683	90 115 :M
10684	-.328(9\))A
10685	108 115 :M
10686	-.022(B carries out the following actions:)A
10687	108 132 :M
10688	-.766(a\))A
10689	126 132 :M
10690	-.013(checks the signature and thus the integrity of the signed information;)A
10691	108 149 :M
10692	-.328(b\))A
10693	126 149 :M
10694	-.033(Checks that the received r)A
10695	230 146 :M
10696	f6_7 sf
10697	(B)S
10698	235 149 :M
10699	f6_10 sf
10700	-.044( is identical to the r)A
10701	312 146 :M
10702	f6_7 sf
10703	(B)S
10704	317 149 :M
10705	f6_10 sf
10706	-.038( which was sent by B.)A
10707	72 186 :M
10708	f3_14 sf
10709	(11)S
10710	94 186 :M
10711	-.021(Management of keys and certi\336cates)A
10712	72 206 :M
10713	f3_12 sf
10714	(11.1)S
10715	99 206 :M
10716	-.044(Generation of key pairs)A
10717	72 224 :M
10718	f6_10 sf
10719	.732 .073(The overall security management policy of an implementation shall de\336ne the lifecycle of key pairs, and is thus)J
10720	72 235 :M
10721	.505 .051(outside the scope of the authentication framework. However, it is vital to the overall security that all private keys)J
10722	72 246 :M
10723	-.013(remain known only to the user to whom they belong.)A
10724	72 269 :M
10725	.17 .017(Key data is not easy for a human user to remember, so a suitable method for storing it in a convenient transportable)J
10726	72 280 :M
10727	-.008(manner shall be employed. One possible mechanism would be to use a \322Smart Card\323. This would hold the secret and)A
10728	72 291 :M
10729	.213 .021($optionally$ public keys of the user, the user\325s certi\336cate, and a copy of the certi\336cation authority\325s public key. The)J
10730	72 302 :M
10731	1.397 .14(use of this card shall additionally be secured by e.g. at least use of a PIN $Personal Identi\336cation Number$,)J
10732	72 313 :M
10733	.619 .062(increasing the security of the system by requiring the user to possess the card and to know how to access it. The)J
10734	72 324 :M
10735	-.006(exact method chosen for storing such data, however, is beyond the scope of this Directory Specification.)A
10736	72 347 :M
10737	-.012(Three ways in which a user\325s key pair may be produced are:)A
10738	90 364 :M
10739	f6_9 sf
10740	-.99(a\))A
10741	108 364 :M
10742	f6_10 sf
10743	1.024 .102(The user generates its own key pair. This method has the advantage that a user\325s private key is never)J
10744	108 376 :M
10745	-.005(released to another entity, but requires a certain level of competence by the user as described in Annex D.)A
10746	90 393 :M
10747	f6_9 sf
10748	-.495(b\))A
10749	108 393 :M
10750	f6_10 sf
10751	.785 .078(The key pair is generated by a third party.)J
10752	286 393 :M
10753	f3_10 sf
10754	.149 .015( )J
10755	f6_10 sf
10756	.853 .085(The third party shall release the private key to the user in a)J
10757	108 405 :M
10758	.241 .024(physically secure manner, then actively destroy all information relating to the creation of the key pair plus)J
10759	108 416 :M
10760	.504 .05(the keys themselves. Suitable physical security measures shall be employed to ensure that the third party)J
10761	108 427 :M
10762	-.014(and the data operations are free from tampering.)A
10763	90 444 :M
10764	-.766(c\))A
10765	108 444 :M
10766	-.008(The key pair is generated by the CA. This is a special case of b\), and the considerations there apply.)A
10767	117 459 :M
10768	f3_9 sf
10769	-.329(Note)A
10770	135 459 :M
10771	f6_9 sf
10772	.252 .025( - The certi\336cation authority already exhibits trusted functionality with respect to the user, and shall be subject)J
10773	117 469 :M
10774	.341 .034(to the necessary physical security measures. This method has the advantage of not requiring secure data transfer to)J
10775	117 479 :M
10776	-.042(the CA for certi\336cation.)A
10777	72 503 :M
10778	(T)S
10779	f6_10 sf
10780	-.008(he cryptosystem in use imposes particular $technical$ constraints on key generation.)A
10781	72 528 :M
10782	f3_12 sf
10783	(11.2)S
10784	99 528 :M
10785	-.024(Management of certi\336cates)A
10786	72 546 :M
10787	f6_10 sf
10788	-.006(A certi\336cate associates the public key and unique distinguished name of the user it describes. Thus:)A
10789	90 563 :M
10790	-.766(a\))A
10791	108 563 :M
10792	-.009(a certi\336cation authority shall be satis\336ed of the identity of a user before creating a certi\336cate for it;)A
10793	90 580 :M
10794	-.328(b\))A
10795	108 580 :M
10796	-.008(a certi\336cation authority shall not issue certi\336cates for two users with the same name.)A
10797	72 603 :M
10798	1.656 .166(The production of a certi\336cate occurs of\337ine and shall not be performed with an automatic query/response)J
10799	72 614 :M
10800	.291 .029(mechanism. The advantage of this certi\336cation is that because the private key of the certi\336cation authority, CAs, is)J
10801	72 625 :M
10802	.674 .067(never known except in the isolated and physically secure CA, the CA private key may then only be learnt by an)J
10803	72 636 :M
10804	-.02(attack on CA itself, making compromise unlikely.)A
10805	72 659 :M
10806	.017 .002(It is important that the transfer of information to the certi\336cation authority is not compromised, and suitable physical)J
10807	72 670 :M
10808	-.019(security measures shall be taken. In this regard:)A
10809	90 687 :M
10810	-.766(a\))A
10811	108 687 :M
10812	.342 .034(It would be a serious breach of security if the CA issued a certi\336cate for a user with a public key that had)J
10813	108 698 :M
10814	-.02(been tampered with.)A
10815	90 715 :M
10816	-.328(b\))A
10817	108 715 :M
10818	-.004(If the means of generation of key pairs of 11.1 c\) is employed, no secure transfer is needed.)A
10819	90 732 :M
10820	-.766(c\))A
10821	108 732 :M
10822	.648 .065(If the means of generation of key pairs of 11.1 a\) or of 11.1. b\) is employed, the user may use different)J
10823	108 743 :M
10824	.083 .008(methods $on-line or off-line$ to communicate its public key to the CA in a secure manner. On-line methods)J
10825	108 754 :M
10826	-.002(may provide some additional flexibility for remote operations performed between the user and the CA.)A
10827	endp
10828	%%Page: 24 24
10829	%%BeginPageSetup
10830	initializepage
10831	(hoyt; page: 24 of 40)setjob
10832	%%EndPageSetup
10833	-13 -12 :T
10834	gS 13 12 568 818 rC
10835	54 45 :M
10836	f3_10 sf
10837	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
10838	54 803 :M
10839	(18)S
10840	90 803 :M
10841	-.017(ITU-T Rec. X.509 $1993 E$)A
10842	54 81 :M
10843	f6_10 sf
10844	-.007(A certi\336cate is a publicly available piece of information, and no speci\336c security measures need to be employed with)A
10845	54 92 :M
10846	.524 .052(respect to its transportation to the Directory. As it is produced by an off-line certi\336cation authority on behalf of a)J
10847	54 103 :M
10848	.237 .024(user who shall be given a copy of it, the user need only store this information in its directory entry on a subsequent)J
10849	54 114 :M
10850	-.009(access to the Directory. Alternatively the CA could lodge the certi\336cate for the user, in which case this agent shall be)A
10851	54 125 :M
10852	-.022(given suitable access rights.)A
10853	54 148 :M
10854	-.003(Certi\336cates shall have a lifetime associated with them, at the end of which they expire. In order to provide continuity)A
10855	54 159 :M
10856	1.656 .166(of service, the CA shall ensure timely availability of replacement certificates to supersede expired/expiring)J
10857	54 170 :M
10858	-.008(certificates. Two related points are:)A
10859	72 187 :M
10860	f3_10 sf
10861	(\321)S
10862	90 187 :M
10863	f6_10 sf
10864	.109 .011(Validity of certificates may be designed so that each becomes valid at the time of expiry of its predecessor,)J
10865	90 198 :M
10866	.921 .092(or an overlap may be allowed. The latter prevents the CA from having to install and distribute a large)J
10867	90 209 :M
10868	-.003(number of certificates that may run out at the same expiration date.)A
10869	72 226 :M
10870	f3_10 sf
10871	(\321)S
10872	90 226 :M
10873	f6_10 sf
10874	.264 .026(Expired certi\336cates will normally be removed from the Directory. It is a matter for the security policy and)J
10875	90 237 :M
10876	.326 .033(responsibility of the CA to keep old certificates for a period of time if a non repudiation of data service is)J
10877	90 248 :M
10878	(provided.)S
10879	54 271 :M
10880	1.873 .187(Certificates may be revoked prior to their expiration time, e.g. if the user\325s private key is assumed to be)J
10881	54 282 :M
10882	1.356 .136(compromised, or the user is no longer to be certified by the CA, or if the CA\325s certificate is assumed to be)J
10883	54 293 :M
10884	-.012(compromised. Four related points are:)A
10885	72 310 :M
10886	f3_10 sf
10887	(\321)S
10888	90 310 :M
10889	f6_10 sf
10890	.098 .01(The revocation of a user certificate or CA certificate shall be made known by the CA, and a new certificate)J
10891	90 321 :M
10892	.935 .094(shall be made available, if appropriate. The CA may then inform the owner of the certificate about its)J
10893	90 332 :M
10894	-.02(revocation by some off-line procedure.)A
10895	72 349 :M
10896	f3_10 sf
10897	(\321)S
10898	90 349 :M
10899	f6_10 sf
10900	-.028(The CA shall maintain:)A
10901	90 366 :M
10902	-.766(a\))A
10903	108 366 :M
10904	-.01(a time-stamped list of the certificates it issued which have been revoked;)A
10905	90 383 :M
10906	-.328(b\))A
10907	108 383 :M
10908	-.001(a time-stamped list of revoked certificates of all CAs know to the CA, certified by the CA.)A
10909	90 400 :M
10910	-.002(Both certified lists shall exist, even if empty.)A
10911	72 417 :M
10912	f3_10 sf
10913	(\321)S
10914	90 417 :M
10915	f6_10 sf
10916	1.049 .105(The maintenance of Directory entries affected by the CA\325s revocation lists is the responsibility of the)J
10917	90 428 :M
10918	.082 .008(Directory and its users, acting in accordance with the security policy. For example, the user may modify its)J
10919	90 439 :M
10920	.188 .019(object entry by replacing the old certificate with a new one. the latter shall then be used to authenticate the)J
10921	90 450 :M
10922	-.046(user to the Directory.)A
10923	72 467 :M
10924	f3_10 sf
10925	(\321)S
10926	90 467 :M
10927	f6_10 sf
10928	.076 .008(The revocation lists $\322black-lists\323$ are held within entries as attributes of types \322CertificateRevocationList\323)J
10929	90 478 :M
10930	.322 .032(and \322Authority)J
10931	152 478 :M
10932	.786 .079(RevocationList\323. These attributes can be operated on using the same operations as other)J
10933	90 489 :M
10934	-.014(attributes. These attribute types are defined as follows:)A
10935	85 512 :M
10936	f0_9 sf
10937	-.02(certificateRevocationList )A
10938	201 512 :M
10939	-.123(ATTRIBUTE)A
10940	263 512 :M
10941	-.123(::=)A
10942	294 512 :M
10943	({)S
10944	112 523 :M
10945	-.099(WITH SYNTAX)A
10946	201 523 :M
10947	-.071(CertificateList)A
10948	112 534 :M
10949	-.998(ID)A
10950	201 534 :M
10951	-.031(id-at-certificateRevocationList })A
10952	85 551 :M
10953	-.045(authorityRevocationList)A
10954	201 551 :M
10955	-.123(ATTRIBUTE)A
10956	263 551 :M
10957	-.123(::=)A
10958	294 551 :M
10959	({)S
10960	112 562 :M
10961	-.099(WITH SYNTAX)A
10962	201 562 :M
10963	-.071(CertificateList)A
10964	112 573 :M
10965	-.998(ID)A
10966	201 573 :M
10967	-.032(id-at-authorityRevocationList })A
10968	85 590 :M
10969	-.071(CertificateList)A
10970	201 590 :M
10971	-.123(::=)A
10972	232 590 :M
10973	-.028(SIGNED { SEQUENCE {)A
10974	112 601 :M
10975	-.062(signature)A
10976	232 601 :M
10977	-.052(AlgorithmIdentifier,)A
10978	112 612 :M
10979	-.102(issuer)A
10980	232 612 :M
10981	(Name,)S
10982	112 623 :M
10983	-.054(thisUpdate)A
10984	232 623 :M
10985	-.142(UTCTime,)A
10986	112 634 :M
10987	-.11(nextUpdate)A
10988	232 634 :M
10989	-.062(UTCTime OPTIONAL,)A
10990	112 645 :M
10991	-.028(revokedCertificates)A
10992	232 645 :M
10993	-.024(SEQUENCE OF SEQUENCE {)A
10994	139 656 :M
10995	(userCertificate)S
10996	263 656 :M
10997	(CertificateSerialNumber,)S
10998	139 667 :M
10999	-.077(revocationDate)A
11000	263 667 :M
11001	-.026(UTCTime } OPTIONAL}})A
11002	72 682 :M
11003	f3_9 sf
11004	-.122(Notes)A
11005	72 697 :M
11006	f6_9 sf
11007	(1)S
11008	85 697 :M
11009	-.014(The checking of the entire list of certificates is a local matter.)A
11010	72 712 :M
11011	(2)S
11012	85 712 :M
11013	.154 .015(If a non-repudiation of data service is dependent on keys provided by the CA, the service should ensure that all relevant)J
11014	72 722 :M
11015	-.002(keys of the CA $revoked or expired$ and the timestamped revocation lists are archived and certified by a current authority.)A
11016	endp
11017	%%Page: 25 25
11018	%%BeginPageSetup
11019	initializepage
11020	(hoyt; page: 25 of 40)setjob
11021	%%EndPageSetup
11022	-13 -12 :T
11023	gS 13 12 568 818 rC
11024	427 45 :M
11025	f3_10 sf
11026	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
11027	390 803 :M
11028	-.017(ITU-T Rec. X.509 $1993 E$)A
11029	531 803 :M
11030	(19)S
11031	159 95 :M
11032	f3_14 sf
11033	-.008(Annex A \321 Authentication Framework in ASN.1)A
11034	136 114 :M
11035	f6_10 sf
11036	-.004($This Annex forms an integral part of this Recommendation \| International Standard$)A
11037	72 137 :M
11038	.085 .008(This annex includes all of the ASN.1 type, value and information object class definitions contained in this Directory)J
11039	72 148 :M
11040	-.014(Specification, in the form of the ASN.1 module, \322)A
11041	272 148 :M
11042	f0_9 sf
11043	-.045(AuthenticationFramework)A
11044	383 148 :M
11045	f6_10 sf
11046	-.938(\323.)A
11047	89 181 -1 1 530 180 1 89 180 @a
11048	89 183 -1 1 530 182 1 89 182 @a
11049	103 209 :M
11050	f0_9 sf
11051	-.011(AuthenticationFramework {joint-iso-ccitt ds$5$ module$1$ authenticationFramework$7$ 2})A
11052	103 220 :M
11053	-.053(DEFINITIONS ::=)A
11054	103 231 :M
11055	-.125(BEGIN)A
11056	103 248 :M
11057	-.062(-- EXPORTS All --)A
11058	103 265 :M
11059	f2_9 sf
11060	-.001(-- The types and values defined in this module are exported for use in the other ASN.1 modules contained)A
11061	103 276 :M
11062	-.005(-- within the Directory Specifications, and for the use of other applications which will use them to access)A
11063	103 287 :M
11064	(-- Directory services. Other applications may use them for their own purposes, but this will not constrain)S
11065	103 298 :M
11066	(-- extensions and modifications needed to maintain or improve the Directory service.)S
11067	103 315 :M
11068	f0_9 sf
11069	-.166(IMPORTS)A
11070	130 326 :M
11071	-.012(id-at, informationFramework, upperBounds, selectedAttributeTypes, basicAccessControl)A
11072	157 337 :M
11073	-.005(FROM UsefulDefinitions {joint-iso-ccitt ds$5$ module$1$ usefulDefinitions$0$ 2})A
11074	130 354 :M
11075	-.035(Name, ATTRIBUTE)A
11076	157 365 :M
11077	-.011(FROM InformationFramework informationFramework)A
11078	130 382 :M
11079	-.066(ub-user-password)A
11080	157 393 :M
11081	-.017(FROM UpperBounds upperBounds)A
11082	130 410 :M
11083	-.055(AuthenticationLevel)A
11084	157 421 :M
11085	-.012(FROM BasicAccessControl basicAccessControl)A
11086	130 438 :M
11087	-.029(UniqueIdentifier, octetStringMatch)A
11088	157 449 :M
11089	-.01(FROM SelectedAttributeTypes selectedAttributeTypes)A
11090	405 449 :M
11091	(;)S
11092	103 472 :M
11093	f2_10 sf
11094	-.076(-- types --)A
11095	103 489 :M
11096	f0_9 sf
11097	-.1(Certificate)A
11098	219 489 :M
11099	-.123(::=)A
11100	250 489 :M
11101	-.028(SIGNED { SEQUENCE {)A
11102	130 500 :M
11103	(version)S
11104	250 500 :M
11105	-.164([0] )A
11106	281 500 :M
11107	-.028(Version DEFAULT v1,)A
11108	130 511 :M
11109	-.046(serialNumber)A
11110	281 511 :M
11111	(CertificateSerialNumber,)S
11112	130 522 :M
11113	-.062(signature)A
11114	281 522 :M
11115	-.052(AlgorithmIdentifier,)A
11116	130 533 :M
11117	-.102(issuer)A
11118	281 533 :M
11119	(Name,)S
11120	130 544 :M
11121	(validity)S
11122	281 544 :M
11123	-.063(Validity,)A
11124	130 555 :M
11125	-.083(subject)A
11126	281 555 :M
11127	(Name,)S
11128	130 566 :M
11129	-.026(subjectPublicKeyInfo)A
11130	281 566 :M
11131	-.05(SubjectPublicKeyInfo,)A
11132	130 577 :M
11133	-.047(issuerUniqueIdentifier)A
11134	250 577 :M
11135	-.496([1])A
11136	281 577 :M
11137	-.029(IMPLICIT UniqueIdentifier OPTIONAL,)A
11138	312 588 :M
11139	f2_9 sf
11140	(-- if present, version must be v2)S
11141	130 599 :M
11142	f0_9 sf
11143	-.045(subjectUniqueIdentifier)A
11144	250 599 :M
11145	-.496([2])A
11146	281 599 :M
11147	-.014(IMPLICIT UniqueIdentifier OPTIONAL)A
11148	312 610 :M
11149	f2_9 sf
11150	-.028(-- if present, version must be v2 -- )A
11151	449 610 :M
11152	f0_9 sf
11153	(}})S
11154	103 627 :M
11155	(Version)S
11156	219 627 :M
11157	-.123(::=)A
11158	250 627 :M
11159	-.022(INTEGER { v1$0$, v2$1$ })A
11160	103 644 :M
11161	-.023(CertificateSerialNumber)A
11162	219 644 :M
11163	-.123(::=)A
11164	250 644 :M
11165	-.167(INTEGER)A
11166	103 661 :M
11167	-.027(AlgorithmIdentifier)A
11168	219 661 :M
11169	-.123(::=)A
11170	250 661 :M
11171	-.056(SEQUENCE {)A
11172	130 672 :M
11173	-.124(algorithm)A
11174	219 672 :M
11175	-.026(ALGORITHM.&id ${SupportedAlgorithms}$,)A
11176	130 683 :M
11177	-.057(parameters)A
11178	219 683 :M
11179	-.012(ALGORITHM.&Type ${SupportedAlgorithms}{ @algorithm}$ OPTIONAL })A
11180	103 694 :M
11181	f2_9 sf
11182	-.99(--)A
11183	130 694 :M
11184	-.007(Definition of the following information object set is deferred, perhaps to standardized)A
11185	103 705 :M
11186	-.99(--)A
11187	130 705 :M
11188	(profiles or to protocol implementation conformance statements. The set is required to)S
11189	103 716 :M
11190	-.99(--)A
11191	130 716 :M
11192	-.012(specify a table constraint on the )A
11193	f0_9 sf
11194	-.017(parameters)A
11195	308 716 :M
11196	f2_9 sf
11197	-.031(component of )A
11198	f0_9 sf
11199	-.03(AlgorithmIdentifier)A
11200	f2_9 sf
11201	(.)S
11202	103 727 :M
11203	f0_9 sf
11204	-.99(--)A
11205	130 727 :M
11206	-.027(SupportedAlgorithms)A
11207	250 727 :M
11208	-.06(ALGORITHM)A
11209	312 727 :M
11210	-.123(::=)A
11211	343 727 :M
11212	-.044({ ... \| ... })A
11213	103 744 :M
11214	(Validity)S
11215	219 744 :M
11216	-.123(::=)A
11217	250 744 :M
11218	-.056(SEQUENCE {)A
11219	130 755 :M
11220	-.11(notBefore )A
11221	188 755 :M
11222	-.142(UTCTime,)A
11223	130 766 :M
11224	-.14(notAfter)A
11225	188 766 :M
11226	-.062(UTCTime })A
11227	endp
11228	%%Page: 26 26
11229	%%BeginPageSetup
11230	initializepage
11231	(hoyt; page: 26 of 40)setjob
11232	%%EndPageSetup
11233	-13 -12 :T
11234	gS 13 12 568 818 rC
11235	54 45 :M
11236	f3_10 sf
11237	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
11238	54 803 :M
11239	(20)S
11240	90 803 :M
11241	-.017(ITU-T Rec. X.509 $1993 E$)A
11242	85 81 :M
11243	f0_9 sf
11244	-.026(SubjectPublicKeyInfo)A
11245	201 81 :M
11246	-.249(::= )A
11247	232 81 :M
11248	-.056(SEQUENCE {)A
11249	112 92 :M
11250	-.124(algorithm)A
11251	201 92 :M
11252	-.052(AlgorithmIdentifier,)A
11253	112 103 :M
11254	(subjectPublicKey)S
11255	201 103 :M
11256	-.09(BIT STRING })A
11257	85 120 :M
11258	-.091(Certificates)A
11259	201 120 :M
11260	-.123(::=)A
11261	232 120 :M
11262	-.056(SEQUENCE {)A
11263	112 131 :M
11264	(userCertificate)S
11265	232 131 :M
11266	-.045(Certificate,)A
11267	112 142 :M
11268	-.031(certificationPath)A
11269	232 142 :M
11270	-.03(ForwardCertificationPath OPTIONAL})A
11271	85 159 :M
11272	-.021(ForwardCertificationPath)A
11273	201 159 :M
11274	-.123(::=)A
11275	232 159 :M
11276	-.018(SEQUENCE OF CrossCertificates)A
11277	85 176 :M
11278	-.062(CertificationPath)A
11279	201 176 :M
11280	-.123(::=)A
11281	232 176 :M
11282	-.056(SEQUENCE {)A
11283	112 187 :M
11284	(userCertificate)S
11285	232 187 :M
11286	-.045(Certificate,)A
11287	112 198 :M
11288	-.031(theCACertificates)A
11289	232 198 :M
11290	-.014(SEQUENCE OF CertificatePair OPTIONAL})A
11291	85 215 :M
11292	-.031(CrossCertificates)A
11293	201 215 :M
11294	-.123(::=)A
11295	232 215 :M
11296	-.059(SET OF Certificate)A
11297	85 232 :M
11298	-.071(CertificateList)A
11299	201 232 :M
11300	-.123(::=)A
11301	232 232 :M
11302	-.028(SIGNED { SEQUENCE {)A
11303	112 243 :M
11304	-.062(signature)A
11305	232 243 :M
11306	-.052(AlgorithmIdentifier,)A
11307	112 254 :M
11308	-.102(issuer)A
11309	232 254 :M
11310	(Name,)S
11311	112 265 :M
11312	-.054(thisUpdate)A
11313	232 265 :M
11314	-.142(UTCTime,)A
11315	112 276 :M
11316	-.11(nextUpdate)A
11317	232 276 :M
11318	-.062(UTCTime OPTIONAL,)A
11319	112 287 :M
11320	-.028(revokedCertificates)A
11321	232 287 :M
11322	-.024(SEQUENCE OF SEQUENCE {)A
11323	139 298 :M
11324	(userCertificate)S
11325	263 298 :M
11326	(CertificateSerialNumber,)S
11327	139 309 :M
11328	-.077(revocationDate)A
11329	263 309 :M
11330	-.026(UTCTime } OPTIONAL}})A
11331	85 326 :M
11332	(CertificatePair)S
11333	201 326 :M
11334	-.123(::=)A
11335	232 326 :M
11336	-.056(SEQUENCE {)A
11337	112 337 :M
11338	-.166(forward)A
11339	170 337 :M
11340	-.496([0])A
11341	201 337 :M
11342	-.025(Certificate OPTIONAL,)A
11343	112 348 :M
11344	(reverse)S
11345	170 348 :M
11346	-.496([1])A
11347	201 348 :M
11348	-.052(Certificate OPTIONAL)A
11349	201 359 :M
11350	f2_9 sf
11351	-.011(-- at least one of the pair shall be present --)A
11352	f1_9 sf
11353	( )S
11354	376 359 :M
11355	f0_9 sf
11356	(})S
11357	85 382 :M
11358	f2_10 sf
11359	-.033(-- attribute types --)A
11360	85 399 :M
11361	f0_9 sf
11362	-.047(userPassword)A
11363	201 399 :M
11364	-.123(ATTRIBUTE)A
11365	263 399 :M
11366	-.123(::=)A
11367	294 399 :M
11368	({)S
11369	112 410 :M
11370	-.045(WITH SYNTAX )A
11371	263 410 :M
11372	-.024(OCTET STRING $SIZE \(0..ub-user-password$\))A
11373	112 421 :M
11374	-.023(EQUALITY MATCHING RULE)A
11375	263 421 :M
11376	-.032(octetStringMatch)A
11377	112 432 :M
11378	-.998(ID)A
11379	263 432 :M
11380	-.026(id-at-userPassword })A
11381	85 449 :M
11382	(userCertificate)S
11383	201 449 :M
11384	-.123(ATTRIBUTE)A
11385	263 449 :M
11386	-.123(::=)A
11387	294 449 :M
11388	({)S
11389	112 460 :M
11390	-.045(WITH SYNTAX )A
11391	201 460 :M
11392	-.1(Certificate)A
11393	112 471 :M
11394	-.998(ID)A
11395	201 471 :M
11396	-.023(id-at-userCertificate})A
11397	85 488 :M
11398	-.041(cACertificate)A
11399	201 488 :M
11400	-.123(ATTRIBUTE)A
11401	263 488 :M
11402	-.123(::=)A
11403	294 488 :M
11404	({)S
11405	112 499 :M
11406	-.045(WITH SYNTAX )A
11407	201 499 :M
11408	-.1(Certificate)A
11409	112 510 :M
11410	-.998(ID)A
11411	201 510 :M
11412	-.049(id-at-cAcertificate })A
11413	85 527 :M
11414	-.045(authorityRevocationList)A
11415	201 527 :M
11416	-.123(ATTRIBUTE)A
11417	263 527 :M
11418	-.123(::=)A
11419	294 527 :M
11420	({)S
11421	112 538 :M
11422	-.099(WITH SYNTAX)A
11423	201 538 :M
11424	-.071(CertificateList)A
11425	112 549 :M
11426	-.998(ID)A
11427	201 549 :M
11428	-.032(id-at-authorityRevocationList })A
11429	85 566 :M
11430	-.02(certificateRevocationList )A
11431	201 566 :M
11432	-.123(ATTRIBUTE)A
11433	263 566 :M
11434	-.123(::=)A
11435	294 566 :M
11436	({)S
11437	112 577 :M
11438	-.099(WITH SYNTAX)A
11439	201 577 :M
11440	-.071(CertificateList)A
11441	112 588 :M
11442	-.998(ID)A
11443	201 588 :M
11444	-.031(id-at-certificateRevocationList })A
11445	85 605 :M
11446	(crossCertificatePair)S
11447	201 605 :M
11448	-.123(ATTRIBUTE)A
11449	263 605 :M
11450	-.123(::=)A
11451	294 605 :M
11452	({)S
11453	112 616 :M
11454	-.099(WITH SYNTAX)A
11455	201 616 :M
11456	(CertificatePair)S
11457	112 627 :M
11458	-.998(ID)A
11459	201 627 :M
11460	-.037(id-at-crossCertificatePair })A
11461	85 650 :M
11462	f2_10 sf
11463	-.028(-- information object classes --)A
11464	85 667 :M
11465	f0_9 sf
11466	-.06(ALGORITHM)A
11467	170 667 :M
11468	-.123(::=)A
11469	201 667 :M
11470	-.035(TYPE-IDENTIFIER)A
11471	85 690 :M
11472	f2_10 sf
11473	-.018(-- parameterized types --)A
11474	85 707 :M
11475	f0_9 sf
11476	-.025(HASHED { ToBeHashed })A
11477	232 707 :M
11478	-.123(::=)A
11479	263 707 :M
11480	-.016(OCTET STRING \( CONSTRAINED-BY {)A
11481	112 718 :M
11482	f2_9 sf
11483	(-- must be the result of applying a hashing procedure to the --)S
11484	112 729 :M
11485	(-- DER-encoded $see 8.7$ octets --)S
11486	112 740 :M
11487	-.039(-- of a value of -- )A
11488	f0_9 sf
11489	-.06(ToBeHashed }\))A
11490	85 757 :M
11491	-.018(ENCRYPTED { ToBeEnciphered })A
11492	232 757 :M
11493	-.123(::=)A
11494	263 757 :M
11495	-.035(BIT STRING \( CONSTRAINED BY {)A
11496	112 768 :M
11497	f2_9 sf
11498	(-- must be the result of applying an encipherment procedure --)S
11499	112 779 :M
11500	-.012(-- to the BER-encoded octets of a value of -- )A
11501	291 779 :M
11502	f0_9 sf
11503	-.066(ToBeEnciphered}\))A
11504	endp
11505	%%Page: 27 27
11506	%%BeginPageSetup
11507	initializepage
11508	(hoyt; page: 27 of 40)setjob
11509	%%EndPageSetup
11510	-13 -12 :T
11511	gS 13 12 568 818 rC
11512	427 45 :M
11513	f3_10 sf
11514	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
11515	390 803 :M
11516	-.017(ITU-T Rec. X.509 $1993 E$)A
11517	531 803 :M
11518	(21)S
11519	103 81 :M
11520	f0_9 sf
11521	-.025(SIGNED { ToBeSigned })A
11522	250 81 :M
11523	-.123(::=)A
11524	281 81 :M
11525	-.056(SEQUENCE {)A
11526	130 92 :M
11527	-.11(toBeSigned)A
11528	250 92 :M
11529	-.1(ToBeSigned,)A
11530	130 103 :M
11531	-.076(COMPONENTS OF )A
11532	250 103 :M
11533	-.02(SIGNATURE { ToBeSigned }})A
11534	103 120 :M
11535	-.041(SIGNATURE { OfSignature })A
11536	250 120 :M
11537	-.123(::=)A
11538	281 120 :M
11539	-.056(SEQUENCE {)A
11540	130 131 :M
11541	-.055(algorithmIdentifier)A
11542	250 131 :M
11543	-.052(AlgorithmIdentifier,)A
11544	130 142 :M
11545	(encrypted)S
11546	250 142 :M
11547	-.028(ENCRYPTED { HASHED { OfSignature }}})A
11548	103 165 :M
11549	f2_10 sf
11550	-.029(-- object identifier assignments --)A
11551	103 182 :M
11552	f0_9 sf
11553	-.029(id-at-userPassword)A
11554	250 182 :M
11555	-.062(OBJECT IDENTIFIER)A
11556	374 182 :M
11557	-.123(::=)A
11558	405 182 :M
11559	-.055({id-at 35})A
11560	103 193 :M
11561	-.049(id-at-userCertificate)A
11562	250 193 :M
11563	-.062(OBJECT IDENTIFIER)A
11564	374 193 :M
11565	-.123(::=)A
11566	405 193 :M
11567	-.055({id-at 36})A
11568	103 204 :M
11569	-.026(id-at-cAcertificate )A
11570	250 204 :M
11571	-.062(OBJECT IDENTIFIER)A
11572	374 204 :M
11573	-.123(::=)A
11574	405 204 :M
11575	-.055({id-at 37})A
11576	103 215 :M
11577	-.035(id-at-authorityRevocationList)A
11578	250 215 :M
11579	-.062(OBJECT IDENTIFIER)A
11580	374 215 :M
11581	-.123(::=)A
11582	405 215 :M
11583	-.055({id-at 38})A
11584	103 226 :M
11585	-.033(id-at-certificateRevocationList)A
11586	250 226 :M
11587	-.062(OBJECT IDENTIFIER)A
11588	374 226 :M
11589	-.123(::=)A
11590	405 226 :M
11591	-.055({id-at 39})A
11592	103 237 :M
11593	-.04(id-at-crossCertificatePair)A
11594	250 237 :M
11595	-.062(OBJECT IDENTIFIER)A
11596	374 237 :M
11597	-.123(::=)A
11598	405 237 :M
11599	-.055({id-at 40})A
11600	103 254 :M
11601	-.499(END)A
11602	89 263 -1 1 530 262 1 89 262 @a
11603	89 265 -1 1 530 264 1 89 264 @a
11604	endp
11605	%%Page: 28 28
11606	%%BeginPageSetup
11607	initializepage
11608	(hoyt; page: 28 of 40)setjob
11609	%%EndPageSetup
11610	-13 -12 :T
11611	gS 13 12 568 818 rC
11612	54 45 :M
11613	f3_10 sf
11614	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
11615	54 803 :M
11616	(22)S
11617	90 803 :M
11618	-.017(ITU-T Rec. X.509 $1993 E$)A
11619	182 95 :M
11620	f3_14 sf
11621	-.017(Annex B \321 Security requirements)A
11622	f3_9 sf
11623	0 -3 rm
11624	(1)S
11625	0 3 rm
11626	103 114 :M
11627	f6_10 sf
11628	-.009($This annex does not form an integral part of this Recommendation \| International Standard$)A
11629	54 137 :M
11630	1.643 .164(Many OSI applications, CCITT-de\336ned services and non-CCITT-de\336ned services will have requirements for)J
11631	54 148 :M
11632	.831 .083(security. Such requirements derive from the need to protect the transfer of information from a range of potential)J
11633	54 159 :M
11634	-.021(threats.)A
11635	54 183 :M
11636	f3_12 sf
11637	(B.1)S
11638	81 183 :M
11639	-.165(Threats)A
11640	54 201 :M
11641	f6_10 sf
11642	-.013(Some commonly known threats are:)A
11643	72 218 :M
11644	-.133(a\) )A
11645	90 218 :M
11646	f7_10 sf
11647	.122 .012(Identity Interception)J
11648	f6_10 sf
11649	.06 .006( : the identity of one or more of the users involved in a communication is observed for)J
11650	90 229 :M
11651	-.046(misuse.)A
11652	72 246 :M
11653	-.328(b\))A
11654	90 246 :M
11655	f7_10 sf
11656	-.109(Masquerade)A
11657	140 246 :M
11658	f6_10 sf
11659	.854 .085( : the pretense by a user to be a different user in order to gain access to information or to)J
11660	90 257 :M
11661	-.012(acquire additional privileges.)A
11662	72 274 :M
11663	-.766(c\))A
11664	90 274 :M
11665	f7_10 sf
11666	-.153(Replay)A
11667	118 274 :M
11668	f6_10 sf
11669	-.005( : the recording and subsequent replay of a communication at some later date.)A
11670	72 291 :M
11671	-.328(d\))A
11672	90 291 :M
11673	f7_10 sf
11674	-.007(Data Interception)A
11675	f6_10 sf
11676	-.007( : the observation of user data during a communication by an unauthorized user.)A
11677	72 308 :M
11678	-.766(e\))A
11679	90 308 :M
11680	f7_10 sf
11681	.048(Manipulation)A
11682	f6_10 sf
11683	.168 .017( : the replacement, insertion, deletion or misordering of user data during a communication by)J
11684	90 319 :M
11685	-.015(an unauthorized user)A
11686	72 336 :M
11687	-.655(f\))A
11688	90 336 :M
11689	f7_10 sf
11690	-.088(Repudiation)A
11691	139 336 :M
11692	f6_10 sf
11693	-.005( : the denial by a user of having participated in part or all of a communication.)A
11694	72 353 :M
11695	-.328(g\))A
11696	90 353 :M
11697	f7_10 sf
11698	1.995 .2(Denial of Service)J
11699	f6_10 sf
11700	1.614 .161( : the prevention or interruption of a communication or the delay of time-critical)J
11701	90 364 :M
11702	-.072(operations)A
11703	72 381 :M
11704	f3_10 sf
11705	-.328(Note)A
11706	92 381 :M
11707	f6_10 sf
11708	.026 .003( \321 This security threat is a more general one and depends on the individual application or on the intention)J
11709	90 392 :M
11710	1.552 .155(of the unauthorized disruption and is therefore not explicitly within the scope of the authentication)J
11711	90 403 :M
11712	-.04(framework.)A
11713	72 420 :M
11714	-.328(h\))A
11715	90 420 :M
11716	f7_10 sf
11717	-.077(Mis-routing)A
11718	138 420 :M
11719	f6_10 sf
11720	-.004( : the mis-routing of a communication path intended for one user to another)A
11721	99 435 :M
11722	f3_9 sf
11723	-.329(Note)A
11724	117 435 :M
11725	f6_9 sf
11726	.171 .017( \321 Mis-routing will naturally occur in OSI layers 1 through 3. Therefore mis-routing is outside of the scope of)J
11727	99 445 :M
11728	.952 .095(the authentication framework. However, it may be possible to avoid the consequences of mis-routing by using)J
11729	99 455 :M
11730	-.008(appropriate security services as provided within the authentication framework.)A
11731	72 473 :M
11732	f6_10 sf
11733	-.106(i\))A
11734	90 473 :M
11735	f7_10 sf
11736	4.3 .43(Traf\336c Analysis)J
11737	f6_10 sf
11738	2.828 .283( : the observation of information about a communication between users \(e.g.)J
11739	90 484 :M
11740	-.011(absence/presence, frequency, direction, sequence, type, amount, etc.\).)A
11741	99 499 :M
11742	f3_9 sf
11743	-.329(Note)A
11744	117 499 :M
11745	f6_9 sf
11746	1.127 .113( - Traf\336c analysis threats are naturally not restricted to a certain OSI layer. Therefore Traf\336c analysis is)J
11747	99 509 :M
11748	.725 .072(generally outside the scope of the authentication framework. However, traf\336c analysis can be partially protected)J
11749	99 519 :M
11750	-.008(against by generating additional unintelligible traf\336c $traf\336c padding$, using enciphered or random data.)A
11751	54 544 :M
11752	f3_12 sf
11753	(B.2)S
11754	81 544 :M
11755	-.039(Security services)A
11756	54 562 :M
11757	f6_10 sf
11758	.895 .089(In order to protect against perceived threats, various security services need to be provided. Security services as)J
11759	54 573 :M
11760	.353 .035(provided by the authentication framework are performed by means of the security mechanisms described in clause)J
11761	54 584 :M
11762	-.048(B.3 of this annex.)A
11763	72 601 :M
11764	-.766(a\))A
11765	90 601 :M
11766	f7_10 sf
11767	2.376 .238(peer entity authentication)J
11768	f6_10 sf
11769	1.496 .15( : This service provides corroboration that a user in a certain instance of)J
11770	90 612 :M
11771	-.005(communication is the one claimed. Two different peer entity authentication services may be requested:)A
11772	90 629 :M
11773	(\321)S
11774	108 629 :M
11775	f7_10 sf
11776	-.032(single entity authentication)A
11777	217 629 :M
11778	f6_10 sf
11779	-.037( \(either )A
11780	f7_10 sf
11781	-.048(data origin)A
11782	293 629 :M
11783	f6_10 sf
11784	-.038( entity authentication or )A
11785	f7_10 sf
11786	-.044(data recipient)A
11787	446 629 :M
11788	f6_10 sf
11789	-.046( entity)A
11790	108 640 :M
11791	-.05(authentication\);)A
11792	90 657 :M
11793	(\321)S
11794	108 657 :M
11795	f7_10 sf
11796	-.009(mutual authentication)A
11797	f6_10 sf
11798	-.009(, where both users communicating authenticate each other.)A
11799	90 680 :M
11800	.325 .033(When requesting a peer entity authentication service, the two users agree whether their identities shall be)J
11801	90 691 :M
11802	-.05(protected or not.)A
11803	90 708 :M
11804	1.043 .104(The peer entity authentication service is supported by the authentication framework. It can be used to)J
11805	90 719 :M
11806	-.006(protect against masquerade and replay, concerning the users\325 identities.)A
11807	-4096 -4095 -1 1 -4094 -4095 1 -4096 -4096 @a
11808	54 747.24 -.24 .24 197.24 747 .24 54 747 @a
11809	54 769 :M
11810	f6_9 sf
11811	(1)S
11812	59 772 :M
11813	f6_10 sf
11814	-.027(For further information see ISO 7498-2)A
11815	endp
11816	%%Page: 29 29
11817	%%BeginPageSetup
11818	initializepage
11819	(hoyt; page: 29 of 40)setjob
11820	%%EndPageSetup
11821	-13 -12 :T
11822	gS 13 12 568 818 rC
11823	427 45 :M
11824	f3_10 sf
11825	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
11826	390 803 :M
11827	-.017(ITU-T Rec. X.509 $1993 E$)A
11828	531 803 :M
11829	(23)S
11830	90 81 :M
11831	f6_10 sf
11832	-.328(b\))A
11833	108 81 :M
11834	f7_10 sf
11835	.671 .067(access control)J
11836	f6_10 sf
11837	.404 .04( : This service can be used to protect against the unauthorized use of resources. The access)J
11838	108 92 :M
11839	.723 .072(control service is provided by the Directory or another application and is therefore not a concern of the)J
11840	108 103 :M
11841	-.021(authentication framework.)A
11842	90 120 :M
11843	-.766(c\))A
11844	108 120 :M
11845	f7_10 sf
11846	2.799 .28(data con\336dentiality)J
11847	f6_10 sf
11848	1.502 .15( : This service can be used to provide for protection of data from unauthorized)J
11849	108 131 :M
11850	.208 .021(disclosure. The data con\336dentiality service is supported by the authentication framework. It can be used to)J
11851	108 142 :M
11852	-.015(protect against data interception.)A
11853	90 159 :M
11854	-.328(d\))A
11855	108 159 :M
11856	f7_10 sf
11857	.266 .027(data integrity )J
11858	f6_10 sf
11859	.239 .024( : This service provides proof of the integrity of data in a communication. The data integrity)J
11860	108 170 :M
11861	1.779 .178(service is supported by the authentication framework. It can be used to detect and protect against)J
11862	108 181 :M
11863	-.022(manipulation.)A
11864	90 198 :M
11865	-.766(e\))A
11866	108 198 :M
11867	f7_10 sf
11868	-.071(non-repudiation)A
11869	173 198 :M
11870	f6_10 sf
11871	.206 .021( : This service provides proof of the integrity and origin of data \321 both in an unforgeable)J
11872	108 209 :M
11873	-.004(relationship \321 which can be veri\336ed by any third party at any time.)A
11874	72 233 :M
11875	f3_12 sf
11876	(B.3)S
11877	99 233 :M
11878	-.016(Security mechanisms)A
11879	72 251 :M
11880	f6_10 sf
11881	-.007(The security mechanisms outline here perform the security services described in clause B.2.)A
11882	90 268 :M
11883	-.766(a\))A
11884	108 268 :M
11885	f7_10 sf
11886	-.046(authentication exchange)A
11887	206 268 :M
11888	f6_10 sf
11889	-.016( : There are two grades of authentication mechanism provided by the authentication)A
11890	108 279 :M
11891	-.071(framework:)A
11892	108 296 :M
11893	f7_10 sf
11894	-.019(simple authentication)A
11895	195 296 :M
11896	f6_10 sf
11897	.272 .027(: relies on the originator supplying its name and password, which are checked by the)J
11898	108 307 :M
11899	-.084(recipient;)A
11900	108 324 :M
11901	f7_10 sf
11902	.058 .006(strong authentication)J
11903	195 324 :M
11904	f6_10 sf
11905	.518 .052(: relies on the use of cryptographic techniques to protect the exchange of validating)J
11906	108 335 :M
11907	-.009(information. In the authentication framework, strong authentication is based upon an asymmetric scheme.)A
11908	108 352 :M
11909	-.01(The authentication exchange mechanism is used to support the peer entity authentication service.)A
11910	90 369 :M
11911	-.328(b\))A
11912	108 369 :M
11913	f7_10 sf
11914	.149(encipherment)A
11915	f6_10 sf
11916	.57 .057( : The authentication framework envisages the encipherment of data during transfer. Either)J
11917	108 380 :M
11918	.339 .034(asymmetric or symmetric schemes may be used. The necessary key exchange for either case is performed)J
11919	108 391 :M
11920	.193 .019(either within a preceding authentication exchange or off-line any time before the intended communication.)J
11921	108 402 :M
11922	-.007(The latter case is outside the scope of the authentication framework. The encipherment mechanism supports)A
11923	108 413 :M
11924	-.031(the data con\336dentiality service.)A
11925	90 430 :M
11926	-.766(c\))A
11927	108 430 :M
11928	f7_10 sf
11929	.046 .005(data integrity)J
11930	f6_10 sf
11931	.03 .003( : This mechanism involves the encipherment of a compressed string of the relevant data to be)J
11932	108 441 :M
11933	.765 .077(transferred. Together with the plain data, this message is sent to the recipient. The recipient repeats the)J
11934	108 452 :M
11935	-.01(compressing and subsequent encipherment of the plain data and compares the result with that created by the)A
11936	108 463 :M
11937	-.029(originator to prove integrity.)A
11938	108 480 :M
11939	.364 .036(The data integrity mechanism can be provided by encipherment of the compressed plain data by either an)J
11940	108 491 :M
11941	.338 .034(asymmetric scheme or a symmetric scheme. \(With the symmetric scheme, compression and encipherment)J
11942	108 502 :M
11943	-.002(of data might be processed simultaneously\). The mechanism is not explicitly provided by the authentication)A
11944	108 513 :M
11945	.266 .027(framework. However it is fully provided as a part of the digital signature mechanism $see below$ using an)J
11946	108 524 :M
11947	-.037(asymmetric scheme.)A
11948	108 541 :M
11949	1.561 .156(The data integrity mechanism supports the data integrity service. It also partially supports the non)J
11950	537 541 :M
11951	(-)S
11952	108 552 :M
11953	.185 .019(repudiation service \(that service also needs the digital signature mechanism for its requirements to be fully)J
11954	108 563 :M
11955	-.206(met\).)A
11956	90 580 :M
11957	-.328(d\))A
11958	108 580 :M
11959	f7_10 sf
11960	2.287 .229(digital signature)J
11961	f6_10 sf
11962	1.445 .145( : This mechanism involves the encipherment, by the originator\325s private key, of a)J
11963	108 591 :M
11964	.082 .008(compressed string of the relevant data to be transferred. The digital signature together with the plain data is)J
11965	108 602 :M
11966	.078 .008(sent to the recipient. Similarly to the case of the data integrity mechanism, this message is processed by the)J
11967	108 613 :M
11968	.35 .035(recipient to prove integrity. The digital signature mechanism also proves the authenticity of the originator)J
11969	108 624 :M
11970	-.004(and the unambiguous relationship between the originator and the data that was transferred.)A
11971	108 641 :M
11972	-.007(The authentication framework supports the digital signature mechanism using an asymmetric scheme.)A
11973	108 658 :M
11974	.296 .03(The digital signature mechanism supports the data integrity service and also supports the non-repudiation)J
11975	108 669 :M
11976	-.116(service.)A
11977	72 693 :M
11978	f3_12 sf
11979	(B.4 )S
11980	99 693 :M
11981	-.011(Threats protected against by the security services)A
11982	72 711 :M
11983	f6_10 sf
11984	.509 .051(Table B-1 indicates the security threats which each security service can protect against. The presence of an bullet)J
11985	72 722 :M
11986	-.003($\322\245\323$ indicates that a certain security service affords protection against a certain threat.)A
11987	72 746 :M
11988	f3_12 sf
11989	(B.5)S
11990	99 746 :M
11991	-.02(Negotiation of security services and mechanisms)A
11992	72 764 :M
11993	f6_10 sf
11994	.59 .059(The provision of security features during an instance of communication requires the negotiation of the context in)J
11995	72 775 :M
11996	1.274 .127(which security services are required. This entails agreement on the type of security mechanisms and security)J
11997	endp
11998	%%Page: 30 30
11999	%%BeginPageSetup
12000	initializepage
12001	(hoyt; page: 30 of 40)setjob
12002	%%EndPageSetup
12003	-13 -12 :T
12004	gS 13 12 568 818 rC
12005	54 45 :M
12006	f3_10 sf
12007	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
12008	54 803 :M
12009	(24)S
12010	90 803 :M
12011	-.017(ITU-T Rec. X.509 $1993 E$)A
12012	54 81 :M
12013	f6_10 sf
12014	.011 .001(parameters that are necessary to provide such security services. The procedures required for negotiating mechanisms)J
12015	54 92 :M
12016	.064 .006(and parameters can either be carried out as an integral part of the normal connection establishment procedure or as a)J
12017	54 103 :M
12018	-.002(separate process. The precise details of these procedures for negotiation are not speci\336ed in this annex.)A
12019	210 126 :M
12020	f3_10 sf
12021	-.008(Table B-1 \321 Threats and protection)A
12022	327 150 :M
12023	f0_10 sf
12024	(S)S
12025	334 150 :M
12026	f0_9 sf
12027	-.084(ERVICES)A
12028	53 138 -1 2 55 136 1 53 136 @a
12029	-1 -2 55 138 1 2 53 136 @b
12030	55 138 -1 2 161 136 1 55 136 @a
12031	161 138 -1 2 163 136 1 161 136 @a
12032	163 138 -1 2 537 136 1 163 136 @a
12033	537 138 -1 2 539 136 1 537 136 @a
12034	-1 -2 539 138 1 2 537 136 @b
12035	-1 -2 55 156 1 2 53 138 @b
12036	-1 -2 163 156 1 2 161 138 @b
12037	-1 -2 539 156 1 2 537 138 @b
12038	58 170 :M
12039	f0_10 sf
12040	-.156(T)A
12041	f0_9 sf
12042	-.189(HREATS)A
12043	196 168 :M
12044	-.199(Entity)A
12045	177 178 :M
12046	-.075(Authentication)A
12047	293 168 :M
12048	-.166(Data)A
12049	272 178 :M
12050	-.035(Confidentiality)A
12051	387 168 :M
12052	-.166(Data)A
12053	379 178 :M
12054	-.062(Integrity)A
12055	480 168 :M
12056	-.165(Non\320)A
12057	465 178 :M
12058	-.099(Repudiation)A
12059	-1 -2 55 158 1 2 53 156 @b
12060	-1 -2 163 158 1 2 161 156 @b
12061	163 158 -1 2 255 156 1 163 156 @a
12062	255 158 -1 2 257 156 1 255 156 @a
12063	257 158 -1 2 349 156 1 257 156 @a
12064	349 158 -1 2 351 156 1 349 156 @a
12065	351 158 -1 2 443 156 1 351 156 @a
12066	443 158 -1 2 445 156 1 443 156 @a
12067	445 158 -1 2 537 156 1 445 156 @a
12068	-1 -2 539 158 1 2 537 156 @b
12069	-1 -2 55 184 1 2 53 158 @b
12070	-1 -2 163 184 1 2 161 158 @b
12071	-1 -2 257 184 1 2 255 158 @b
12072	-1 -2 351 184 1 2 349 158 @b
12073	-1 -2 445 184 1 2 443 158 @b
12074	-1 -2 539 184 1 2 537 158 @b
12075	58 196 :M
12076	-.049(Identity Interception)A
12077	202 201 :M
12078	f0_14 sf
12079	(\245)S
12080	207 201 :M
12081	f1_9 sf
12082	-.09($ if req\325d $)A
12083	-1 -2 55 186 1 2 53 184 @b
12084	55 185 -1 1 161 184 1 55 184 @a
12085	-1 -2 163 186 1 2 161 184 @b
12086	163 186 -1 2 255 184 1 163 184 @a
12087	255 186 -1 2 257 184 1 255 184 @a
12088	257 186 -1 2 349 184 1 257 184 @a
12089	349 186 -1 2 351 184 1 349 184 @a
12090	351 186 -1 2 443 184 1 351 184 @a
12091	443 186 -1 2 445 184 1 443 184 @a
12092	445 186 -1 2 537 184 1 445 184 @a
12093	-1 -2 539 186 1 2 537 184 @b
12094	-1 -2 55 207 1 2 53 186 @b
12095	-1 -2 163 207 1 2 161 186 @b
12096	-1 -1 256 207 1 1 255 186 @b
12097	-1 -1 350 207 1 1 349 186 @b
12098	-1 -1 444 207 1 1 443 186 @b
12099	-1 -2 539 207 1 2 537 186 @b
12100	58 218 :M
12101	f0_9 sf
12102	-.031(Data Interception)A
12103	296 223 :M
12104	f0_14 sf
12105	(\245)S
12106	-1 -2 55 208 1 2 53 207 @b
12107	55 208 -1 1 161 207 1 55 207 @a
12108	-1 -2 163 208 1 2 161 207 @b
12109	163 208 -1 1 255 207 1 163 207 @a
12110	-1 -1 256 208 1 1 255 207 @b
12111	256 208 -1 1 349 207 1 256 207 @a
12112	-1 -1 350 208 1 1 349 207 @b
12113	350 208 -1 1 443 207 1 350 207 @a
12114	-1 -1 444 208 1 1 443 207 @b
12115	444 208 -1 1 537 207 1 444 207 @a
12116	-1 -2 539 208 1 2 537 207 @b
12117	-1 -2 55 229 1 2 53 208 @b
12118	-1 -2 163 229 1 2 161 208 @b
12119	-1 -1 256 229 1 1 255 208 @b
12120	-1 -1 350 229 1 1 349 208 @b
12121	-1 -1 444 229 1 1 443 208 @b
12122	-1 -2 539 229 1 2 537 208 @b
12123	58 240 :M
12124	f0_9 sf
12125	-.056(Masquerade)A
12126	202 245 :M
12127	f0_14 sf
12128	(\245)S
12129	-1 -2 55 230 1 2 53 229 @b
12130	55 230 -1 1 161 229 1 55 229 @a
12131	-1 -2 163 230 1 2 161 229 @b
12132	163 230 -1 1 255 229 1 163 229 @a
12133	-1 -1 256 230 1 1 255 229 @b
12134	256 230 -1 1 349 229 1 256 229 @a
12135	-1 -1 350 230 1 1 349 229 @b
12136	350 230 -1 1 443 229 1 350 229 @a
12137	-1 -1 444 230 1 1 443 229 @b
12138	444 230 -1 1 537 229 1 444 229 @a
12139	-1 -2 539 230 1 2 537 229 @b
12140	-1 -2 55 251 1 2 53 230 @b
12141	-1 -2 163 251 1 2 161 230 @b
12142	-1 -1 256 251 1 1 255 230 @b
12143	-1 -1 350 251 1 1 349 230 @b
12144	-1 -1 444 251 1 1 443 230 @b
12145	-1 -2 539 251 1 2 537 230 @b
12146	58 262 :M
12147	f0_9 sf
12148	-.101(Replay)A
12149	202 267 :M
12150	f0_14 sf
12151	(\245)S
12152	207 267 :M
12153	f1_9 sf
12154	-.1($ identity$)A
12155	390 267 :M
12156	f0_14 sf
12157	(\245)S
12158	395 267 :M
12159	f1_9 sf
12160	-.071($ data $)A
12161	484 267 :M
12162	f0_14 sf
12163	(\245)S
12164	-1 -2 55 252 1 2 53 251 @b
12165	55 252 -1 1 161 251 1 55 251 @a
12166	-1 -2 163 252 1 2 161 251 @b
12167	163 252 -1 1 255 251 1 163 251 @a
12168	-1 -1 256 252 1 1 255 251 @b
12169	256 252 -1 1 349 251 1 256 251 @a
12170	-1 -1 350 252 1 1 349 251 @b
12171	350 252 -1 1 443 251 1 350 251 @a
12172	-1 -1 444 252 1 1 443 251 @b
12173	444 252 -1 1 537 251 1 444 251 @a
12174	-1 -2 539 252 1 2 537 251 @b
12175	-1 -2 55 273 1 2 53 252 @b
12176	-1 -2 163 273 1 2 161 252 @b
12177	-1 -1 256 273 1 1 255 252 @b
12178	-1 -1 350 273 1 1 349 252 @b
12179	-1 -1 444 273 1 1 443 252 @b
12180	-1 -2 539 273 1 2 537 252 @b
12181	58 284 :M
12182	f0_9 sf
12183	-.044(Manipulation)A
12184	390 289 :M
12185	f0_14 sf
12186	(\245)S
12187	-1 -2 55 274 1 2 53 273 @b
12188	55 274 -1 1 161 273 1 55 273 @a
12189	-1 -2 163 274 1 2 161 273 @b
12190	163 274 -1 1 255 273 1 163 273 @a
12191	-1 -1 256 274 1 1 255 273 @b
12192	256 274 -1 1 349 273 1 256 273 @a
12193	-1 -1 350 274 1 1 349 273 @b
12194	350 274 -1 1 443 273 1 350 273 @a
12195	-1 -1 444 274 1 1 443 273 @b
12196	444 274 -1 1 537 273 1 444 273 @a
12197	-1 -2 539 274 1 2 537 273 @b
12198	-1 -2 55 295 1 2 53 274 @b
12199	-1 -2 163 295 1 2 161 274 @b
12200	-1 -1 256 295 1 1 255 274 @b
12201	-1 -1 350 295 1 1 349 274 @b
12202	-1 -1 444 295 1 1 443 274 @b
12203	-1 -2 539 295 1 2 537 274 @b
12204	58 306 :M
12205	f0_9 sf
12206	-.099(Repudiation)A
12207	484 311 :M
12208	f0_14 sf
12209	(\245)S
12210	-1 -2 55 296 1 2 53 295 @b
12211	55 296 -1 1 161 295 1 55 295 @a
12212	-1 -2 163 296 1 2 161 295 @b
12213	163 296 -1 1 255 295 1 163 295 @a
12214	-1 -1 256 296 1 1 255 295 @b
12215	256 296 -1 1 349 295 1 256 295 @a
12216	-1 -1 350 296 1 1 349 295 @b
12217	350 296 -1 1 443 295 1 350 295 @a
12218	-1 -1 444 296 1 1 443 295 @b
12219	444 296 -1 1 537 295 1 444 295 @a
12220	-1 -2 539 296 1 2 537 295 @b
12221	-1 -2 55 317 1 2 53 296 @b
12222	53 319 -1 2 55 317 1 53 317 @a
12223	-1 -2 55 319 1 2 53 317 @b
12224	55 319 -1 2 161 317 1 55 317 @a
12225	-1 -2 163 317 1 2 161 296 @b
12226	161 319 -1 2 163 317 1 161 317 @a
12227	163 319 -1 2 255 317 1 163 317 @a
12228	-1 -1 256 317 1 1 255 296 @b
12229	255 319 -1 2 257 317 1 255 317 @a
12230	257 319 -1 2 349 317 1 257 317 @a
12231	-1 -1 350 317 1 1 349 296 @b
12232	349 319 -1 2 351 317 1 349 317 @a
12233	351 319 -1 2 443 317 1 351 317 @a
12234	-1 -1 444 317 1 1 443 296 @b
12235	443 319 -1 2 445 317 1 443 317 @a
12236	445 319 -1 2 537 317 1 445 317 @a
12237	-1 -2 539 317 1 2 537 296 @b
12238	537 319 -1 2 539 317 1 537 317 @a
12239	-1 -2 539 319 1 2 537 317 @b
12240	endp
12241	%%Page: 31 31
12242	%%BeginPageSetup
12243	initializepage
12244	(hoyt; page: 31 of 40)setjob
12245	%%EndPageSetup
12246	-13 -12 :T
12247	gS 13 12 568 818 rC
12248	427 45 :M
12249	f3_10 sf
12250	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
12251	390 803 :M
12252	-.017(ITU-T Rec. X.509 $1993 E$)A
12253	531 803 :M
12254	(25)S
12255	136 95 :M
12256	f3_14 sf
12257	-.013(Annex C \321 An introduction to public key cryptography)A
12258	f3_9 sf
12259	0 -3 rm
12260	(1)S
12261	0 3 rm
12262	121 114 :M
12263	f6_10 sf
12264	-.009($This annex does not form an integral part of this Recommendation \| International Standard$)A
12265	72 137 :M
12266	.217 .022(In conventional cryptographic systems, the key used to encipher information by the originator of a secret message is)J
12267	72 148 :M
12268	-.005(the same as that used to decipher the message by the legitimate recipient.)A
12269	72 171 :M
12270	.185 .019(In public key cryptosystems $PKCS$, however, keys come in pairs, one key of which is used for enciphering and the)J
12271	72 182 :M
12272	.207 .021(other for deciphering. Each key pair is associated with a particular user X. One of the keys, known as the public key)J
12273	72 193 :M
12274	.588 .059($Xp$ is publicly known, and)J
12275	f3_10 sf
12276	.087 .009( )J
12277	192 193 :M
12278	f6_10 sf
12279	.556 .056(can be used by any user to encipher data. Only X, who possesses the complementary)J
12280	72 204 :M
12281	.481 .048(private key $Xs$ may decipher the data. $This is represented notationally by D = Xs[Xp[D]]$. It is computationally)J
12282	72 215 :M
12283	.651 .065(infeasible to derive the private key from knowledge of the public key. Any user can thus communicate a piece of)J
12284	72 226 :M
12285	.726 .073(information which only X can \336nd out, by enciphering it under Xp. By extension, two users can communicate in)J
12286	72 237 :M
12287	-.006(secret, by using each other\325s public key to encipher the data, as shown in Figure C.1.)A
12288	200 251 212 76 rC
12289	-90 0 135 27 306 286 @n
12290	180 270 135 27 306 286 @n
12291	0 90 135 18 306 294.5 @n
12292	90 180 135 27 306 290 @n
12293	254 266 :M
12294	1.597 0 rm
12295	(e = Bp[x])S
12296	356 320 :M
12297	1.449 0 rm
12298	(e' = Ap[x'])S
12299	372 264 :M
12300	1.708 0 rm
12301	(x = Bs[e])S
12302	233 323 :M
12303	1.56 0 rm
12304	(x' = As[e'])S
12305	237 267 :M
12306	.546 0 rm
12307	f10_12 sf
12308	(\254)S
12309	353 264 :M
12310	.546 0 rm
12311	(\301)S
12312	338 321 :M
12313	.546 0 rm
12314	(\302)S
12315	215 323 :M
12316	.546 0 rm
12317	(\303)S
12318	1 G
12319	41 42 385.5 289 @j
12320	0 G
12321	40 41 385.5 289 @f
12322	381 291 :M
12323	f1_12 sf
12324	(B)S
12325	1 G
12326	43 42 224.5 289 @j
12327	0 G
12328	42 41 224.5 289 @f
12329	220 291 :M
12330	(A)S
12331	360 272 -1 1 368 280 1 360 271 @a
12332	358 281 -1 1 368 280 1 358 280 @a
12333	-1 -1 244 297 1 1 250 291 @b
12334	243 297 -1 1 249 300 1 243 296 @a
12335	gR
12336	gS 13 12 568 818 rC
12337	188 340 :M
12338	f3_9 sf
12339	-.003(Figure C.1 \321 Use of a PKCS to Exchange Secret Information)A
12340	72 364 :M
12341	f6_10 sf
12342	-.003(User A has public key Ap and private key As, and user B has another set of keys, Bp and Bs. A and B both know the)A
12343	72 375 :M
12344	.511 .051(public keys of each other, but are unaware of the private key of the other party. A and B may therefore exchange)J
12345	72 386 :M
12346	-.007(secret information with one another using the following steps $illustrated in Figure B.1$.)A
12347	90 404 :M
12348	f10_12 sf
12349	(\254)S
12350	108 404 :M
12351	f6_10 sf
12352	.447 .045(A wishes to send some secret information x to B. A therefore enciphers x under B\325s enciphering key and)J
12353	108 416 :M
12354	-.003(sends the enciphered information e to B. This is represented by:)A
12355	144 433 :M
12356	-.1(e = Bp[x].)A
12357	90 451 :M
12358	f10_12 sf
12359	(\301)S
12360	108 451 :M
12361	f6_10 sf
12362	.236 .024(B may now decipher this encipherment e to obtain the information x by using the secret decipherment key)J
12363	108 463 :M
12364	.89 .089(Bs. Note that B is the only possessor of Bs, and because this key may never be disclosed or sent, it is)J
12365	108 474 :M
12366	.222 .022(impossible for any other party to obtain the information x. The possession of Bs determines the identity of)J
12367	108 485 :M
12368	-.009(B. The decipherment operation is represented by:)A
12369	144 502 :M
12370	-.011(x = Bs[e], or x = Bs[Bp[x]].)A
12371	90 520 :M
12372	f10_12 sf
12373	(\302)S
12374	108 520 :M
12375	f6_10 sf
12376	-.008(B may now similarly send some secret information, x', to A, under A\325s enciphering key, Ap:)A
12377	108 538 :M
12378	-.005(e' = Ap[x'].)A
12379	90 556 :M
12380	f10_12 sf
12381	(\303)S
12382	108 556 :M
12383	f6_10 sf
12384	-.021(A obtains x' by deciphering e':)A
12385	108 574 :M
12386	-.021(x' = As[e'], or x' = As[Ap[x']].)A
12387	72 597 :M
12388	-.001(By this means, A and B have exchanged secret information x and x'. This information may not be obtained by anyone)A
12389	72 608 :M
12390	-.003(other than A and B, providing that their private keys are not revealed.)A
12391	72 631 :M
12392	.313 .031(Such an exchange can, as well as transferring secret information between the parties, serve to verify their identities.)J
12393	72 642 :M
12394	.038 .004(Speci\336cally, A and B are identi\336ed by their possession of the secret deciphering keys, As and Bs respectively. A may)J
12395	72 653 :M
12396	.23 .023(determine if B is in possession of the secret deciphering key, Bs, by having returned part of his information x in B\325s)J
12397	72 664 :M
12398	.137 .014(message x'. This indicates to A that communication is taking place with the possessor of Bs. B may similarly test the)J
12399	72 675 :M
12400	-.046(identity of A.)A
12401	72 698 :M
12402	.006 .001(It is a property of some PKCS that the steps of decipherment and encipherment can be reversed, as in D=Xp[Xs[D]].)J
12403	72 709 :M
12404	-.013(This allows a piece of information which could only have been originated by X, to be readable by any user \(who has)A
12405	-4096 -4095 -1 1 -4094 -4095 1 -4096 -4096 @a
12406	72 725.24 -.24 .24 215.24 725 .24 72 725 @a
12407	72 747 :M
12408	f6_9 sf
12409	(1)S
12410	77 750 :M
12411	f6_10 sf
12412	-.03(For further information, see:)A
12413	90 762 :M
12414	-.016(Dif\336e, W. and Hellman, M.E. New Directions in Cryptography, )A
12415	348 762 :M
12416	f7_10 sf
12417	-.026(IEEE Transactions on Information Theory)A
12418	518 762 :M
12419	f6_10 sf
12420	-.191(, IT-)A
12421	90 773 :M
12422	-.003(22, No. 6, $November 1976$.)A
12423	endp
12424	%%Page: 32 32
12425	%%BeginPageSetup
12426	initializepage
12427	(hoyt; page: 32 of 40)setjob
12428	%%EndPageSetup
12429	-13 -12 :T
12430	gS 13 12 568 818 rC
12431	54 45 :M
12432	f3_10 sf
12433	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
12434	54 803 :M
12435	(26)S
12436	90 803 :M
12437	-.017(ITU-T Rec. X.509 $1993 E$)A
12438	54 81 :M
12439	f6_10 sf
12440	.762 .076(possession of Xp\). This can therefore be used in the certifying of the source of information, and is the basis for)J
12441	54 92 :M
12442	.63 .063(digital signatures. Only PKCS which have this $permutability$ property are suitable for use in this authentication)J
12443	54 103 :M
12444	-.007(framework. One such algorithm is described in Annex D.)A
12445	endp
12446	%%Page: 33 33
12447	%%BeginPageSetup
12448	initializepage
12449	(hoyt; page: 33 of 40)setjob
12450	%%EndPageSetup
12451	-13 -12 :T
12452	gS 13 12 568 818 rC
12453	427 45 :M
12454	f3_10 sf
12455	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
12456	390 803 :M
12457	-.017(ITU-T Rec. X.509 $1993 E$)A
12458	531 803 :M
12459	(27)S
12460	159 95 :M
12461	f3_14 sf
12462	-.047(Annex D \321 The RSA)A
12463	f3_9 sf
12464	0 -4 rm
12465	(1)S
12466	0 4 rm
12467	292 91 :M
12468	f3_14 sf
12469	( )S
12470	0 4 rm
12471	-.058(Public Key Cryptosystem)A
12472	0 -4 rm
12473	f3_9 sf
12474	(2)S
12475	123 114 :M
12476	f6_10 sf
12477	-.003(\(This annex does not form an integral part of this Recommendation \| International Standard})A
12478	72 138 :M
12479	f3_12 sf
12480	-.331(D.1)A
12481	99 138 :M
12482	-.011(Scope and Field of Application)A
12483	72 156 :M
12484	f6_10 sf
12485	.069 .007(It is beyond the scope of this annex to discuss RSA fully. However, a brief description is given on the method, which)J
12486	72 167 :M
12487	-.018(relies on the use of modular exponentiation.)A
12488	72 191 :M
12489	f3_12 sf
12490	-.331(D.2)A
12491	99 191 :M
12492	-.099(Definitions)A
12493	90 209 :M
12494	f7_10 sf
12495	-.013(Public Key:)A
12496	f6_10 sf
12497	-.013( the pair of parameters consisting of the Public Exponent and the Arithmetic Modulus;)A
12498	117 224 :M
12499	f3_9 sf
12500	-.059(Note )A
12501	138 224 :M
12502	f6_9 sf
12503	.127 .013(\321 The ASN.1 data element )J
12504	f0_9 sf
12505	.043(subjectPublicKey)A
12506	f6_9 sf
12507	.096 .01(, defined as )J
12508	362 224 :M
12509	f0_7 sf
12510	.244 .024(BIT STRING)J
12511	f6_9 sf
12512	.173 .017( $see Annex A$, should be interpreted)J
12513	117 234 :M
12514	-.013(in the case of RSA as being of type:)A
12515	130 249 :M
12516	f0_7 sf
12517	-.03(SEQUENCE {INTEGER, INTEGER})A
12518	117 264 :M
12519	f6_9 sf
12520	.031 .003(where the first integer is the Arithmetic Modulus and the second is the Public Exponent. The sequence is represented)J
12521	117 274 :M
12522	-.005(by means of the ASN.1 Basic Encoding Rules.)A
12523	90 292 :M
12524	f7_10 sf
12525	-.009(Private key)A
12526	f6_10 sf
12527	-.009(: the pair of parameters consisting of the Secret Exponent and the Arithmetic Modulus.)A
12528	72 316 :M
12529	f6_12 sf
12530	(D)S
12531	81 316 :M
12532	f3_12 sf
12533	(.3)S
12534	99 316 :M
12535	-.028(Symbols and abbreviations)A
12536	72 334 :M
12537	f6_10 sf
12538	-.469(X,Y)A
12539	101 334 :M
12540	-.014(data blocks which are arithmetically less than the modulus)A
12541	72 357 :M
12542	(n)S
12543	101 357 :M
12544	-.004(the Arithmetic Modulus)A
12545	72 380 :M
12546	(e)S
12547	101 380 :M
12548	-.005(the Public Exponent)A
12549	72 403 :M
12550	(d)S
12551	101 403 :M
12552	-.029(the Secret Exponent)A
12553	72 426 :M
12554	-.25(p,q)A
12555	101 426 :M
12556	-.01(the prime numbers whose product forms the Arithmetic Modulus $n$)A
12557	90 447 :M
12558	f3_9 sf
12559	-.329(Note)A
12560	108 447 :M
12561	f6_9 sf
12562	.179 .018( \321 While the prime numbers are preferably two in number, the use of a Modulus with three- or more prime factors is)J
12563	90 457 :M
12564	-.037(not precluded.)A
12565	72 481 :M
12566	f6_10 sf
12567	-.498(lcm)A
12568	101 481 :M
12569	-.032(least common multiple)A
12570	72 504 :M
12571	-.07(mod n)A
12572	108 504 :M
12573	-.005(arithmetic modulo n)A
12574	72 528 :M
12575	f3_12 sf
12576	-.331(D.4)A
12577	99 528 :M
12578	-.031(Description)A
12579	72 546 :M
12580	f6_10 sf
12581	-.005(This asymmetric algorithm uses the power function for transformation of data blocks such that)A
12582	90 563 :M
12583	-.185(Y = X)A
12584	f6_9 sf
12585	0 -3 rm
12586	(e)S
12587	0 3 rm
12588	119 563 :M
12589	f6_10 sf
12590	-.156( mod n)A
12591	252 563 :M
12592	-.048(with 0 )A
12593	cF f4_10 sf
12594	-.048(\243)A
12595	sf
12596	-.048( X < n)A
12597	90 581 :M
12598	-.098(X = Y)A
12599	f6_9 sf
12600	0 -3 rm
12601	(d)S
12602	0 3 rm
12603	120 581 :M
12604	f6_10 sf
12605	-.156( mod n)A
12606	252 581 :M
12607	-.048(with 0 )A
12608	cF f4_10 sf
12609	-.048(\243)A
12610	sf
12611	-.048( Y < n)A
12612	-4096 -4095 -1 1 -4094 -4095 1 -4096 -4096 @a
12613	72 611.24 -.24 .24 215.24 611 .24 72 611 @a
12614	72 633 :M
12615	f6_9 sf
12616	(1)S
12617	77 636 :M
12618	f6_10 sf
12619	-.016(The cryptosystem speci\336ed in this annex is widely known as )A
12620	322 636 :M
12621	f7_10 sf
12622	-.05(RSA)A
12623	f6_10 sf
12624	-.04(, Rivst-Shamir-Adleman.)A
12625	72 657 :M
12626	f6_9 sf
12627	(2)S
12628	77 660 :M
12629	f6_10 sf
12630	-.03(For further information, see:)A
12631	72 675 :M
12632	-.107(General)A
12633	90 689 :M
12634	1.589 .159(Rivest, R.L., Shamir, A., and Adleman, L. A Method for Obtaining Digital Signatures and Public-key)J
12635	90 700 :M
12636	-.019(Cryptosystems, )A
12637	f7_10 sf
12638	-.022(Communications of the ACM)A
12639	271 700 :M
12640	f6_10 sf
12641	-.018(, 21, 2 $February 1978$, 120-126.)A
12642	72 717 :M
12643	-.026(Key Generation Reference)A
12644	90 731 :M
12645	-.02(Gordon, J Strong RSA Keys, )A
12646	f7_10 sf
12647	-.019(Electronics Letters)A
12648	287 731 :M
12649	f6_10 sf
12650	-.052(, 20, 5, 514-516.)A
12651	72 748 :M
12652	-.031(Decipherment Reference)A
12653	72 762 :M
12654	.513 .051(Quisquater, J.J., and Couvreur, C. Fast Decipherment Algorithm for RSA Public-key Cryptosystems, )J
12655	494 762 :M
12656	f7_10 sf
12657	-.054(Electronics)A
12658	72 773 :M
12659	-.128(Letters)A
12660	100 773 :M
12661	f6_10 sf
12662	-.019(, 18, 21 $October 14, 1982$, 905-907.)A
12663	endp
12664	%%Page: 34 34
12665	%%BeginPageSetup
12666	initializepage
12667	(hoyt; page: 34 of 40)setjob
12668	%%EndPageSetup
12669	-13 -12 :T
12670	gS 13 12 568 818 rC
12671	54 45 :M
12672	f3_10 sf
12673	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
12674	54 803 :M
12675	(28)S
12676	90 803 :M
12677	-.017(ITU-T Rec. X.509 $1993 E$)A
12678	54 81 :M
12679	f6_10 sf
12680	-.025(which may be satisfied, for example, by)A
12681	72 98 :M
12682	-.007(ed mod lcm$p-1,q-1$ = 1,)A
12683	198 98 :M
12684	-.328(or)A
12685	72 115 :M
12686	-.041(ed mod $p-1$$q-1$ = 1)A
12687	54 138 :M
12688	.152 .015(To effect this process, a data block shall be interpreted as an integer. This is accomplished by considering the entire)J
12689	54 149 :M
12690	.522 .052(data block to be an ordered sequence of bits \(of length )J
12691	f4_10 sf
12692	(l)S
12693	289 149 :M
12694	f6_10 sf
12695	.542 .054(\). The integer is then formed as the sum of the bits after)J
12696	54 162 :M
12697	-.028(giving a weight of 2)A
12698	135 159 :M
12699	f4_10 sf
12700	-.324(l)A
12701	f6_10 sf
12702	-.492(-1)A
12703	149 162 :M
12704	-.006( to the first bit and dividing by 2 for each subsequent bit $the last bit has a weight of 1$.)A
12705	54 185 :M
12706	.692 .069(The data block length should be the largest number of octets containing fewer bits that the modulus. Incomplete)J
12707	54 196 :M
12708	-.006(blocks should be padded in any way desired. Any number of blocks of additional padding may be added.)A
12709	54 220 :M
12710	f3_12 sf
12711	-.331(D.5)A
12712	81 220 :M
12713	-.014(Security requirements)A
12714	54 238 :M
12715	f3_10 sf
12716	-.055(D.5.1)A
12717	94 238 :M
12718	-.027(Key lengths)A
12719	54 255 :M
12720	f6_10 sf
12721	.624 .062(It is recognized that the acceptable key length is likely to change with time, subject to the cost and availability of)J
12722	54 266 :M
12723	.429 .043(hardware, the time taken, advances in techniques and the level of security required. It is recommended that a value)J
12724	54 277 :M
12725	-.008(for the length of n of 512 bits be adopted initially, but subject to )A
12726	313 277 :M
12727	f7_10 sf
12728	-.065(further study)A
12729	f6_10 sf
12730	(.)S
12731	54 300 :M
12732	f3_10 sf
12733	-.055(D.5.2)A
12734	94 300 :M
12735	-.02(Key generation)A
12736	54 317 :M
12737	f6_10 sf
12738	1.387 .139(The security of RSA relies on the dif\336culty of factorizing n. There are many algorithms for performing this)J
12739	54 328 :M
12740	.933 .093(operation, and in order to thwart the use of any currently known technique, the values p and q shall be chosen)J
12741	54 339 :M
12742	-.007(carefully, according to the following rules $e.g., see footnote 2, \322Key Generation Reference\323 $:)A
12743	72 356 :M
12744	-.133(a\) )A
12745	90 356 :M
12746	-.017(They should be chosen randomly;)A
12747	72 373 :M
12748	-.414(b\) )A
12749	90 373 :M
12750	-.046(They should be large;)A
12751	72 390 :M
12752	-.133(c\) )A
12753	90 390 :M
12754	-.013(They should be prime;)A
12755	72 407 :M
12756	-.414(d\) )A
12757	90 407 :M
12758	-.035(\|p-q should be large;)A
12759	72 424 :M
12760	-.133(e\) )A
12761	90 424 :M
12762	($p+1$ shall possess a large prime factor;)S
12763	72 441 :M
12764	-.078(f\) )A
12765	90 441 :M
12766	($q+1$ shall possess a large prime factor;)S
12767	72 458 :M
12768	-.414(g\) )A
12769	90 458 :M
12770	-.018($p-1$ shall possess a large prime factor, say r;)A
12771	72 475 :M
12772	-.414(h\) )A
12773	90 475 :M
12774	-.009($q-1$ shall possess a large prime factor, say s;)A
12775	72 492 :M
12776	-.303(i\) )A
12777	90 492 :M
12778	($r-1$ shall possess a large prime factor;)S
12779	72 509 :M
12780	-.303(j\) )A
12781	90 509 :M
12782	-.008($s-1$ shall possess a large prime factor.)A
12783	54 533 :M
12784	.869 .087(After generating the public and private keys, e.g. \322Xp\323 and \322Xs\323 as defined in clauses 3 and 4 of this Directory)J
12785	54 545 :M
12786	-.002(Specification, which consist of d, e and n, the values p and q together with all other data produced such as the product)A
12787	54 557 :M
12788	.112 .011($p-1$$q-1$ and the large prime factors should preferably be destroyed. However, keeping p and q locally can improve)J
12789	54 569 :M
12790	.372 .037(throughput in decryption by two to four times. The decision to keep p and q is considered to be a local matter \( see)J
12791	54 581 :M
12792	-.005(footnote 2 \322Decipherment Reference\323 \).)A
12793	54 604 :M
12794	.556 .056(It must be ensured that e > log)J
12795	182 607 :M
12796	f6_9 sf
12797	(2)S
12798	187 604 :M
12799	f6_10 sf
12800	.59 .059($n$. If not, then the simple operation of taking the integer e\325th root of a ciphertext)J
12801	54 618 :M
12802	-.021(block will disclose the plaintext.)A
12803	54 642 :M
12804	f3_12 sf
12805	-.331(D.6)A
12806	81 642 :M
12807	-.023(Public exponent)A
12808	54 660 :M
12809	f6_10 sf
12810	.241 .024(The Public Exponent $e$ could be common to the whole environment, in order to minimize the length of that part of)J
12811	54 671 :M
12812	1.415 .142(the public key that actually has to be distributed, in order to reduce transmission capacity and complexity of)J
12813	54 682 :M
12814	-.019(transformation $see note 1$.)A
12815	54 705 :M
12816	1.511 .151(Exponent e should be large enough but such that exponentiation can be performed efficiently with regard to)J
12817	54 716 :M
12818	-.011(processing time and storage capacity. If a fixed public exponent e is desired, there are notable merits for the use of the)A
12819	54 727 :M
12820	-.046(Fermat Number F)A
12821	126 729 :M
12822	f6_9 sf
12823	(4)S
12824	131 727 :M
12825	f6_10 sf
12826	-.049( $see note 2$.)A
12827	90 760 :M
12828	(F)S
12829	96 763 :M
12830	f6_9 sf
12831	(4)S
12832	101 760 :M
12833	f6_10 sf
12834	-.213( = 2)A
12835	117 756 :M
12836	-.125(2)A
12837	0 -4 rm
12838	-.125(4)A
12839	0 4 rm
12840	0 4 rm
12841	-.13( + 1)A
12842	0 -4 rm
12843	90 781 :M
12844	-.038(= 65537 decimal, and)A
12845	endp
12846	%%Page: 35 35
12847	%%BeginPageSetup
12848	initializepage
12849	(hoyt; page: 35 of 40)setjob
12850	%%EndPageSetup
12851	-13 -12 :T
12852	gS 13 12 568 818 rC
12853	427 45 :M
12854	f3_10 sf
12855	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
12856	390 803 :M
12857	-.017(ITU-T Rec. X.509 $1993 E$)A
12858	531 803 :M
12859	(29)S
12860	108 81 :M
12861	f6_10 sf
12862	-.006(= 1 0000 0000 0000 0001 binary)A
12863	90 102 :M
12864	f3_9 sf
12865	-.122(Notes)A
12866	90 117 :M
12867	f6_9 sf
12868	(1)S
12869	103 117 :M
12870	.055 .005(Although both Modulus n and Exponent e are public, the Modulus should not be the part which is common to a group of)J
12871	90 127 :M
12872	.023 .002(users. Knowledge of Modulus \322n\323, Public Exponent \322e\323, and Secret Exponent \322d\323 is sufficient to determine the factorization)J
12873	90 137 :M
12874	.605 .061(of \322n\323. Therefore, if the modulus were common, everyone could deduce its factors, thereby determining everyone else\325s)J
12875	90 147 :M
12876	-.031(secret exponent.)A
12877	90 162 :M
12878	(2)S
12879	103 162 :M
12880	.239 .024(The fixed exponent should be large and prime but it should also provide efficient processing. Fermat Number F)J
12881	512 164 :M
12882	(4)S
12883	517 162 :M
12884	-.048( meets)A
12885	90 173 :M
12886	-.005(these requirements, e.g. authentication takes only 17 multiplications and is on the average 30 times faster than decipherment.)A
12887	72 198 :M
12888	f3_12 sf
12889	-.331(D.7)A
12890	99 198 :M
12891	-.097(Conformance)A
12892	72 216 :M
12893	f6_10 sf
12894	.31 .031(Whilst this annex specifies an algorithm for the public and secret functions, it does not define the method whereby)J
12895	72 227 :M
12896	.722 .072(the calculations are carried out; therefore there may be different products which comply with this annex and are)J
12897	72 238 :M
12898	-.052(mutually compatible.)A
12899	endp
12900	%%Page: 36 36
12901	%%BeginPageSetup
12902	initializepage
12903	(hoyt; page: 36 of 40)setjob
12904	%%EndPageSetup
12905	-13 -12 :T
12906	gS 13 12 568 818 rC
12907	54 45 :M
12908	f3_10 sf
12909	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
12910	54 803 :M
12911	(30)S
12912	90 803 :M
12913	-.017(ITU-T Rec. X.509 $1993 E$)A
12914	206 95 :M
12915	f3_14 sf
12916	-.024(Annex E \321 Hash functions)A
12917	103 114 :M
12918	f6_10 sf
12919	-.009($This annex does not form an integral part of this Recommendation \| International Standard$)A
12920	54 137 :M
12921	.279 .028(The square-mod hash function that was described in this annex in the first edition of this Directory Specification is)J
12922	54 148 :M
12923	-.08(deprecated.)A
12924	54 172 :M
12925	f3_12 sf
12926	(E.1)S
12927	81 172 :M
12928	-.021(Requirements for hash functions)A
12929	54 190 :M
12930	f6_10 sf
12931	.512 .051(To use a hash function as a secure one-way function, it shall not be possible to obtain easily the same hash result)J
12932	54 201 :M
12933	-.004(from different combinations of the input message.)A
12934	54 224 :M
12935	-.004(A strong hash function shall meet the following requirements:)A
12936	72 241 :M
12937	-.766(a\))A
12938	90 241 :M
12939	1.506 .151(The hash function shall be one-way, i.e., given any possible hash result it shall be computationally)J
12940	90 252 :M
12941	-.003(infeasible to construct an input message which hashes to this result.)A
12942	72 269 :M
12943	-.328(b\))A
12944	90 269 :M
12945	.033 .003(The hash function shall be collision-free, i.e., it shall be computationally infeasible to construct two distinct)J
12946	90 280 :M
12947	-.019(input messages which hash to the same result.)A
12948	endp
12949	%%Page: 37 37
12950	%%BeginPageSetup
12951	initializepage
12952	(hoyt; page: 37 of 40)setjob
12953	%%EndPageSetup
12954	-13 -12 :T
12955	gS 13 12 568 818 rC
12956	427 45 :M
12957	f3_10 sf
12958	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
12959	390 803 :M
12960	-.017(ITU-T Rec. X.509 $1993 E$)A
12961	531 803 :M
12962	(31)S
12963	83 95 :M
12964	f3_14 sf
12965	-.008(Annex F \321 Threats protected against by the strong authentication method)A
12966	121 114 :M
12967	f6_10 sf
12968	-.009($This annex does not form an integral part of this Recommendation \| International Standard$)A
12969	72 138 :M
12970	.703 .07(The strong authentication method described in this Directory Specification offers protection against the threats as)J
12971	72 150 :M
12972	-.005(described in Annex B for strong authentication.)A
12973	72 174 :M
12974	-.001(In addition, there is a range of potential threats that are speci\336c to the strong authentication method itself. These are:)A
12975	72 198 :M
12976	f7_10 sf
12977	.477 .048(Compromise of the user\325s private key)J
12978	f6_10 sf
12979	.383 .038( - one of the basic principles of strong authentication is that the user\325s private)J
12980	72 210 :M
12981	.259 .026(key remain secure. A number of practical methods are available for the user to hold his private key in a manner that)J
12982	72 222 :M
12983	1.599 .16(provides adequate security. The consequences of the compromise is limited to subversion of communication)J
12984	72 234 :M
12985	-.026(involving that user.)A
12986	72 258 :M
12987	f7_10 sf
12988	.333 .033(Compromise of the CA\325s private key)J
12989	221 258 :M
12990	f6_10 sf
12991	.408 .041( - that the private key of a CA remain secure is also a basic principle of strong)J
12992	72 270 :M
12993	1.136 .114(authentication. Physical security and \322need to know\323 methods apply. The consequences of the compromise are)J
12994	72 282 :M
12995	(limited to subversion of communication involving any user certi\336ed by that CA.)S
12996	72 306 :M
12997	f7_10 sf
12998	-.004(Misleading CA into producing an invalid certi\336cate)A
12999	280 306 :M
13000	f6_10 sf
13001	.034 .003( - the fact that CAs are off-line affords some protection. The onus)J
13002	72 318 :M
13003	.004 0(is on the CA to check that purported strong credentials are valid before creating a certi\336cate. The consequences of the)J
13004	72 330 :M
13005	.094 .009(compromise are limited to subversion of communication involving the user for whom the certi\336cate was created, and)J
13006	72 342 :M
13007	-.023(anyone impacted by the invalid certi\336cate.)A
13008	72 366 :M
13009	f7_10 sf
13010	.627 .063(Collusion between a rogue CA and user)J
13011	239 366 :M
13012	f6_10 sf
13013	.722 .072( - such a collusive attack will defeat the method. This would constitute a)J
13014	72 378 :M
13015	.278 .028(betrayal of the trust placed in the CA. The consequences of a rogue CA are limited to subversion of communication)J
13016	72 390 :M
13017	-.015(involving any user certi\336ed by that CA.)A
13018	72 414 :M
13019	f7_10 sf
13020	.186 .019(Forging of a certi\336cate)J
13021	167 414 :M
13022	f6_10 sf
13023	.333 .033( - the strong authentication method protects against the forging of a certi\336cate by having the)J
13024	72 426 :M
13025	-.003(CA sign it. The method depends on maintaining the secrecy of the CA\325s private key.)A
13026	72 450 :M
13027	f7_10 sf
13028	.582 .058(Forging of a token)J
13029	f6_10 sf
13030	.556 .056( - the strong authentication method protects against the forging of a token by having the sender)J
13031	72 462 :M
13032	(sign it. The method depends on maintaining the secrecy of the sender\325s private key.)S
13033	72 486 :M
13034	f7_10 sf
13035	1.153 .115(Replay of a token)J
13036	148 486 :M
13037	f6_10 sf
13038	1.25 .125( - the one- and two-way authentication methods protect against the replay of a token by the)J
13039	72 498 :M
13040	-.003(inclusion of a timestamp in the token. The three-way method does so by checking the random numbers.)A
13041	72 522 :M
13042	f7_10 sf
13043	.726 .073(Attack on the cryptographic system)J
13044	f6_10 sf
13045	.57 .057(- the likelihood of effective cryptanalysis of the system, based on advances in)J
13046	72 534 :M
13047	-.002(computational number theory and leading to the need for a greater key length are reasonably predictable.)A
13048	endp
13049	%%Page: 38 38
13050	%%BeginPageSetup
13051	initializepage
13052	(hoyt; page: 38 of 40)setjob
13053	%%EndPageSetup
13054	-13 -12 :T
13055	gS 13 12 568 818 rC
13056	54 45 :M
13057	f3_10 sf
13058	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
13059	54 803 :M
13060	(32)S
13061	90 803 :M
13062	-.017(ITU-T Rec. X.509 $1993 E$)A
13063	191 95 :M
13064	f3_14 sf
13065	-.029(Annex G \321 Data confidentiality)A
13066	103 114 :M
13067	f6_10 sf
13068	-.009($This annex does not form an integral part of this Recommendation \| International Standard$)A
13069	54 138 :M
13070	f3_12 sf
13071	-.167(G.1)A
13072	81 138 :M
13073	-.029(Introduction)A
13074	54 156 :M
13075	f6_10 sf
13076	.214 .021(The process of data con\336dentiality can be initiated after the necessary keys for encipherment have been exchanged.)J
13077	54 167 :M
13078	1.008 .101(This might be provided by a preceding authentication exchange as described in clause 9 or by some other key)J
13079	54 178 :M
13080	-.011(exchange process, the latter being outside the scope of this Directory Specification.)A
13081	54 201 :M
13082	(Data con\336dentiality can be provided either by the application of an asymmetric or symmetric enciphering scheme.)S
13083	54 225 :M
13084	f3_12 sf
13085	-.167(G.2)A
13086	81 225 :M
13087	-.005(Data con\336dentiality by asymmetric encipherment)A
13088	54 243 :M
13089	f6_10 sf
13090	.54 .054(In this case Data Con\336dentiality is performed by means of an originator enciphering the data to be sent using the)J
13091	54 254 :M
13092	-.005(intended recipient\325s public key: the recipient shall then decipher it using its private key.)A
13093	54 278 :M
13094	f3_12 sf
13095	-.167(G.3)A
13096	81 278 :M
13097	-.006(Data con\336dentiality by symmetric encipherment)A
13098	54 296 :M
13099	f6_10 sf
13100	.347 .035(In this case Data Con\336dentiality is achieved by the use of a symmetric enciphering algorithm. Its choice is outside)J
13101	54 307 :M
13102	(the scope of the authentication framework.)S
13103	54 330 :M
13104	.054 .005(Where an authentication exchange according to clause 9 has been carried out by the two parties involved, then a key)J
13105	54 341 :M
13106	.351 .035(for the usage of a symmetric algorithm can be derived. Choosing private keys depends on the transformation to be)J
13107	54 352 :M
13108	.797 .08(used. The parties shall be sure that they are strong keys. This Directory Specification does not specify how this)J
13109	54 363 :M
13110	1.257 .126(choice is made, although clearly this would need to be agreed by the parties concerned, or speci\336ed in other)J
13111	54 374 :M
13112	-.029(standards.)A
13113	endp
13114	%%Page: 39 39
13115	%%BeginPageSetup
13116	initializepage
13117	(hoyt; page: 39 of 40)setjob
13118	%%EndPageSetup
13119	-13 -12 :T
13120	gS 13 12 568 818 rC
13121	427 45 :M
13122	f3_10 sf
13123	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
13124	390 803 :M
13125	-.017(ITU-T Rec. X.509 $1993 E$)A
13126	531 803 :M
13127	(33)S
13128	117 95 :M
13129	f3_14 sf
13130	-.001(Annex H \321 Reference definition of algorithm object identifiers)A
13131	137 114 :M
13132	f6_10 sf
13133	-.007($This annex forms an integral part of this Recommendation \| International Standard$)A
13134	72 137 :M
13135	-.007(This annex defines object identifiers assigned to authentication and encryption algorithms, in the absence of a formal)A
13136	72 148 :M
13137	.502 .05(register. It is intended to make use of such a register as it becomes available. The definitions take the form of the)J
13138	72 159 :M
13139	-.023(ASN.1 module, \322)A
13140	f0_9 sf
13141	-.023(AlgorithmObjectIdentifiers)A
13142	255 159 :M
13143	f6_10 sf
13144	-.938(\323.)A
13145	89 192 -1 1 530 191 1 89 191 @a
13146	89 194 -1 1 530 193 1 89 193 @a
13147	103 220 :M
13148	f0_9 sf
13149	-.01(AlgorithmObjectIdentifiers {joint-iso-ccitt ds$5$ module$1$ algorithmObjectIdentifiers$8$ 2})A
13150	103 231 :M
13151	-.053(DEFINITIONS ::=)A
13152	103 242 :M
13153	-.125(BEGIN)A
13154	103 259 :M
13155	-.062(-- EXPORTS All --)A
13156	103 276 :M
13157	f2_9 sf
13158	-.001(-- The types and values defined in this module are exported for use in the other ASN.1 modules contained)A
13159	103 287 :M
13160	-.005(-- within the Directory Specifications, and for the use of other applications which will use them to access)A
13161	103 298 :M
13162	(-- Directory services. Other applications may use them for their own purposes, but this will not constrain)S
13163	103 309 :M
13164	(-- extensions and modifications needed to maintain or improve the Directory service.)S
13165	103 326 :M
13166	f0_9 sf
13167	-.166(IMPORTS)A
13168	130 337 :M
13169	-.015(algorithm, authenticationFramework)A
13170	157 348 :M
13171	-.005(FROM UsefulDefinitions {joint-iso-ccitt ds$5$ module$1$ usefulDefinitions$0$ 2})A
13172	130 359 :M
13173	-.06(ALGORITHM)A
13174	157 370 :M
13175	-.019(FROM AuthenticationFramework authenticationFramework)A
13176	436 370 :M
13177	(;)S
13178	103 393 :M
13179	f2_10 sf
13180	-.003(-- categories of object identifier --)A
13181	103 410 :M
13182	f0_9 sf
13183	-.027(encryptionAlgorithm)A
13184	219 410 :M
13185	-.062(OBJECT IDENTIFIER)A
13186	343 410 :M
13187	-.123(::=)A
13188	374 410 :M
13189	-.041({algorithm 1})A
13190	103 421 :M
13191	-.041(hashAlgorithm)A
13192	219 421 :M
13193	-.062(OBJECT IDENTIFIER)A
13194	343 421 :M
13195	-.123(::=)A
13196	374 421 :M
13197	-.041({algorithm 2})A
13198	103 432 :M
13199	-.058(signatureAlgorithm)A
13200	219 432 :M
13201	-.062(OBJECT IDENTIFIER)A
13202	343 432 :M
13203	-.123(::=)A
13204	374 432 :M
13205	-.041({algorithm 3})A
13206	103 455 :M
13207	f2_10 sf
13208	-.067(-- synonyms --)A
13209	103 472 :M
13210	f0_9 sf
13211	-.25(id-ea)A
13212	130 472 :M
13213	-.062(OBJECT IDENTIFIER)A
13214	250 472 :M
13215	-.123(::=)A
13216	281 472 :M
13217	-.027(encryptionAlgorithm)A
13218	103 483 :M
13219	-.123(id-ha)A
13220	130 483 :M
13221	-.062(OBJECT IDENTIFIER)A
13222	250 483 :M
13223	-.123(::=)A
13224	281 483 :M
13225	-.041(hashAlgorithm)A
13226	103 494 :M
13227	-.25(id-sa)A
13228	130 494 :M
13229	-.062(OBJECT IDENTIFIER)A
13230	250 494 :M
13231	-.123(::=)A
13232	281 494 :M
13233	-.058(signatureAlgorithm)A
13234	103 517 :M
13235	f2_10 sf
13236	-.065(-- algorithms --)A
13237	103 534 :M
13238	f0_9 sf
13239	-.253(rsa)A
13240	130 534 :M
13241	-.06(ALGORITHM)A
13242	250 534 :M
13243	-.123(::=)A
13244	281 534 :M
13245	({)S
13246	130 545 :M
13247	-.085(KeySize)A
13248	130 556 :M
13249	-.083(IDENTIFIED BY)A
13250	219 556 :M
13251	-.05(id-ea-rsa })A
13252	103 573 :M
13253	-.085(KeySize)A
13254	188 573 :M
13255	-.123(::=)A
13256	219 573 :M
13257	-.167(INTEGER)A
13258	103 596 :M
13259	f2_10 sf
13260	-.029(-- object identifier assignments --)A
13261	103 613 :M
13262	f0_9 sf
13263	-.063(id-ea-rsa)A
13264	219 613 :M
13265	-.062(OBJECT IDENTIFIER)A
13266	343 613 :M
13267	-.123(::=)A
13268	374 613 :M
13269	-.063({id-ea 1})A
13270	103 636 :M
13271	f2_10 sf
13272	-.002(-- the following object identifier assignments reserve values assigned to deprecated functions)A
13273	103 653 :M
13274	f0_9 sf
13275	-.081(id-ha-sqMod-n)A
13276	219 653 :M
13277	-.062(OBJECT IDENTIFIER)A
13278	343 653 :M
13279	-.123(::=)A
13280	374 653 :M
13281	-.125({id-ha 1})A
13282	103 664 :M
13283	-.051(id-sa-sqMod-nWithRSA)A
13284	219 664 :M
13285	-.062(OBJECT IDENTIFIER)A
13286	343 664 :M
13287	-.123(::=)A
13288	374 664 :M
13289	-.063({id-sa 1})A
13290	103 681 :M
13291	-.499(END)A
13292	89 690 -1 1 530 689 1 89 689 @a
13293	89 692 -1 1 530 691 1 89 691 @a
13294	endp
13295	%%Page: 40 40
13296	%%BeginPageSetup
13297	initializepage
13298	(hoyt; page: 40 of 40)setjob
13299	%%EndPageSetup
13300	-13 -12 :T
13301	gS 13 12 568 818 rC
13302	54 45 :M
13303	f3_10 sf
13304	-.018(ISO/IEC 9594\3208 : 1993 $E$)A
13305	54 803 :M
13306	(34)S
13307	90 803 :M
13308	-.017(ITU-T Rec. X.509 $1993 E$)A
13309	171 95 :M
13310	f3_14 sf
13311	-.021(Annex J \321 Amendments & corrigenda)A
13312	103 114 :M
13313	f6_10 sf
13314	-.009($This annex does not form an integral part of this Recommendation \| International Standard$)A
13315	54 137 :M
13316	-.008(This edition of this Directory Specification includes the following amendments:)A
13317	72 154 :M
13318	(\321)S
13319	90 154 :M
13320	-.033(Amendment 1 for Access Control)A
13321	54 171 :M
13322	.217 .022(This edition of this Directory Specification includes the following technical corrigenda correcting the defects in the)J
13323	54 182 :M
13324	-.008(following defect reports \(some parts of some of the following Technical Corrigenda may have been subsumed by the)A
13325	54 193 :M
13326	-.008(amendments that formed this edition of this Directory Specification\):)A
13327	72 210 :M
13328	(\321)S
13329	90 210 :M
13330	-.009(Technical Corrigendum 1 $covering Defect Reports 009, 015, 016, 019, 031$.)A
13331	endp
13332	%%Trailer
13333	end % md
13334	%%EOF

Download in other formats:

Original Format