曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
8.1.1. Scope
The eAIP Specification defines an electronic format for the AIP data, which is different from the paper format currently in use. The information content and structure is however exactly the same. The quality system (ICAO Annex 15 requirement) and the static data proced-ures currently implemented in AIS are equally applicable to the eAIP production process. This shall ensure that data issued in the form of an electronic AIP are of the same quality as data issued in the form of a paper AIP.
The way AIP/eAIP data are used for operational needs is subject to specific ATS, ATM, avionics, etc. regulations and is considered outside the scope of the eAIP Specification. This will however fall within the scope of the proposed EUROCONTROL project on end-to-end data integrity.
Therefore, the scope of the safety and security considerations included in the eAIP Specific-ation is limited to demonstrating that the data integrity provided by the electronic format is the same or better than for the paper format.
8.1.2. Data integrity
How can data integrity be ensured on the (electronic) path between the eAIP editor and the eAIP user? The answer to this question does not lie in data format, but in data transmission. If the transmission path is safe, then data are safe as well. However, we know that the Internet, as a public network, is currently not a secure path. In order to have a secure path through an insecure environment, we need to enclose data inside a protection layer. This layer can be provided by technologies such as electronic signature and authentication. These technologies even bring an additional benefit: non-repudiation. Once electronically signed, the originator cannot deny having signed and issued the data.
8.1.3. Documentation
This chapter and the following one discuss general safety / security aspects and risks associated with publishing an eAIP. Additional documentation is available in the User's, Editor's and Developer's manuals. Most eAIP safety and security related documentation is targeted to a
specific audience, as detailed below:
Table 8.1. Intended Audience
All stakeholders eAIP Users eAIP Distributors
eAIP Developers Security Managers and eAIP Distributors
Note
eAIP Security Document
This document
How to check the signature of an eAIP
How to sign an eAIP with x509
How to sign an eAIP with PGP
Technical and procedural choices
How to setup up a x509 signing environment
How to setup up a PGP signing environment
"eAIP Distributors" designates the persons in charge of the distribution of eAIP ma-terial, within the eAIP publishing organisation. In some organisations, this might be the Editors, performing both roles. In other organisations, eAIP distribution might be outsourced. In this case, "eAIP Distributors" means the persons responsible for sending all material to the distribution company.
Disclaimer: Please note that the information contained in these documents should not be considered as ultimate computer security expert advice; they only give a general introduction to the concepts. Security-conscious organisations should seek expert computer security advice before implementing the technologies described hereunder.
Please read also the safety-related questions in the Frequently Asked Questions (FAQ) and the eAIP Security Risks and Mitigating Strategies.
8.2. What kind of security?
There are three different aspects to information security: Confidentiality, Integrity and Availability.
Table 8.2. Security Aspects Security aspect
Confidentiality Integrity Availability
When it applies
when a piece of information must not be read by any unauthorised party
when a piece of information must not be tampered with
when a piece of information must be access-ible without interruption or delays (H24, typ-ically)
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:Electronic AIP Specification(16)
