ImageVerifierCode 换一换
格式:PDF , 页数:29 ,大小:438.17KB ,
资源ID:431352      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-431352.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI ASC X9 X9.69-2017 Framework for Key Management Extensions.pdf)为本站会员(wealthynice100)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI ASC X9 X9.69-2017 Framework for Key Management Extensions.pdf

1、 ASC X9, Inc. 2017 All rights reserved American National Standard for Financial Services ANSI X9.692017 Framework for Key Management Extensions Developed by Accredited Standards Committee X9, Incorporated Financial Industry Standards Date Approved: September 19, 2017 American National Standards Inst

2、itute American National Standards, Technical Reports and Guides developed through the Accredited Standards Committee X9, Inc., are copyrighted. Copying these documents for personal or commercial use outside X9 membership agreements is prohibited without express written permission of the Accredited S

3、tandards Committee X9, Inc. For additional information please contact ASC X9, Inc., 275 West Street, Suite 107, Annapolis, MD 21401. ANSI X9.692017 2 ASC X9, Inc. 2017 All rights reserved Contents Page Forword . 4 Introduction . 5 1 Scope 14 2 Normative references 14 3 Terms, symbols and abbreviated

4、 terms 15 4 Application . 15 4.1 General . 17 4.2 The Use of Constructive Key Management 17 4.3 The Use of Key Usage Control Vector . 17 4.4 System Algorithm and System Key . 17 5 Constructive Key Management 17 5.1 Overview . 17 5.2 CKM Administration 19 5.2.1 Credentials . 19 5.2.2 Splits . 19 5.3

5、Token Distribution . 20 5.3.1 Workstation 20 5.3.2 Token 20 5.4 Key Creation. 20 5.4.1 Key Component Selection 21 5.4.2 Key Combiner 21 5.4.3 Key Reconstruction . 21 6 Key Usage Control 22 6.1 Overview . 22 6.2 Key Binding Methods 23 6.2.1 Binding Method 1 23 6.2.2 Binding Method 2 23 6.2.3 Binding

6、Method 3 24 6.2.4 Binding Method 4 24 6.2.5 Binding Method 5 24 6.2.6 Binding Method 6 25 Annex A (informative) Example Key Usage Vector Formats 26 A.1 General . 26 A.2 Examples 26 Bibliography 29 ANSI X9.692017 ASC X9, Inc. 2017 All rights reserved 3 Figures Figure 1 - Token Distribution . 18 Figur

7、e 2 - Combiner Function 21 Figure 3 - Key Usage Vector Fields . 23 ANSI X9.692017 4 ASC X9, Inc. 2017 All rights reserved Foreword Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met b

8、y the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensu

9、s requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturin

10、g, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right

11、or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American Nation

12、al Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporate

13、d Financial Industry Standards 275 West Street, Suite 107 Annapolis, MD 21401 USA X9 Online http:/www.x9.org Copyright 2017 ASC X9, Inc. All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of

14、 the publisher. Published in the United States of America. ANSI X9.692017 ASC X9, Inc. 2017 All rights reserved 5 Introduction This Standard is concerned with symmetric key systems in which the encrypting key and decrypting key are identical. The security and reliability of any process based on a sy

15、mmetric cryptographic algorithm is directly dependent on the protection afforded to the secret quantity, called the key. Thus, no matter how strong the algorithm, the system is only as secure as its key management method. This Standard defines two specific key management methods for controlling and

16、handling keys, called (1) Constructive Key Management and (2) Key Usage Control. Each method can be used independently; or the methods can be used in combination. However, the combined use of the methods is highly recommended by the ASC X9 Subcommittee responsible for this Standard. Each method is d

17、escribed in a separate section of the Standard. The section on CONSTRUCTIVE KEY MANAGEMENT, systematizes key creation, implementing “dual control” or “split knowledge” by using key components to construct the final working key. This working key may be used in several ways including as a session key,

18、 for a store-and-forward (i.e. e-mail) application, and for file encryption applications, such as archiving, or protecting filed information until needed again by the user. Other applications are also possible. Until now, this practice of split knowledge key creation has been used mainly to transpor

19、t key parts into systems where “master keys” were used to protect keys in storage, and to recover the working keys for a current application. With the methodology of this Standard, a working key will be created as needed for a specific encryption process, and re-created when needed to decrypt the ob

20、ject. Depending on the application, the key may be saved or destroyed after each use. The working key is never transmitted; the application program only knows it while it is in use. The section on KEY USAGE CONTROL, allows the creator of a key to specify the allowed uses of the key. For example, key

21、 usage control information can be used to distinguish key types (data, PIN, or key-encrypting). The type “data key” can be further sub-divided to distinguish data privacy keyskeys used to encrypt and decrypt datafrom Message Authentication Code (MAC) keys -keys used to protect the integrity of data.

22、 The method attaches or binds a “key usage vector” to each generated key, for the life of the key, and is used by the system to ensure that keys are used properly. In short, the key usage vector prevents abuses and attacks against the key. The key usage vector can be used to protect keys stored with

23、in a single system, or to protect keys transmitted from one system to another. This Standard is algorithm independent, and as new cryptographic algorithms with perhaps longer key lengths than currently in use are developed and adopted by the Financial Community this Standard will still apply. This s

24、tandard includes a Constructive Key Management working key for a symmetric encryption capability. Studies are surfacing that asymmetrical key can be subject to Quantum Computing attack.1 NOTE The users attention is called to the possibility that compliance with this standard may require use of an in

25、vention covered by patent rights. By publication of this standard, no position is taken with respect to the validity of this claim or of any patent rights in connection therewith. The patent holder has, however, filed a statement of willingness to grant a license under these rights on reasonable and

26、 nondiscriminatory terms and conditions to applicants desiring to obtain such a license. Details may be obtained from the standards developer. 1 NISTIR 8105 Report on Post-Quantum Cryptography Feb 2016 ANSI X9.692017 6 ASC X9, Inc. 2017 All rights reserved Suggestions for the improvement or revision

27、 of this Standard are welcome. They should be sent to the X9 Committee Secretariat, Accredited Standards Committee X9, Inc., Financial Industry Standards, 275 West Street, Suite 107 Annapolis, MD 21401 USA. This Standard was processed and approved for submittal to ANSI by the Accredited Standards Co

28、mmittee on Financial Services, X9. Committee approval of the Standard does not necessarily imply that all the committee members voted for its approval. The X9 committee had the following members: Roy DeCicco, X9 Chairman Angela Hendershott, X9 Vice-Chairman Steve Stevens, Executive Director Janet Bu

29、sch, Program Manager Organization Represented . Representative ACI Worldwide . Doug Grote ACI Worldwide . Dan Kinney American Bankers Association . Diane Poole American Express Company . David Moore Bank of America . Daniel Welch Bank of New York Mellon . Kevin Barnes Blackhawk Network . Anthony Red

30、ondo Bloomberg LP Corby Dear Capital One . Marie LaQuerre Citigroup, Inc. . Karla McKenna CLS Bank Ram Komarraju Conexxus, Inc. . Michael Davis Conexxus, Inc. . Gray Taylor CUSIP Service Bureau Gerard Faulkner Delap LLP Andrea Beatty Delap LLP Darlene Kargel Deluxe Corporation . Angela Hendershott D

31、iebold Nixdorf Bruce Chapa Discover Financial Services Michelle Zhang eCurrency . David Wen Federal Reserve Bank Mary Hughes Federal Reserve Bank Janet LaFrence FIS . Stephen Gibson-Saxty Fiserv . Dan Otten FIX Protocol Ltd - FPL Jim Northey Futurex . Ryan Smith Gilbarco . Bruce Welch Harland Clarke

32、 . John McCleary Hewlett Packard Susan Langford IBM Corporation Todd Arnold Independent Community Bankers of America . Cary Whaley Ingenico Rob Martin ISITC . Jason Brasile J.P. Morgan Chase Roy DeCicco KPMG LLP Mark Lundin MagTek, Inc. Roger Applewhite MagTek, Inc. . Mimi Hart MasterCard Europe Spr

33、l . Mark Kamers NACHA The Electronic Payments Association Priscilla Holland ANSI X9.692017 ASC X9, Inc. 2017 All rights reserved 7 National Security Agency. Paul Timmel Nautilus Hyosung . Joe Militello NCR Corporation David Norris Office of Financial Research, U.S. Treasury Department Justin Stekerv

34、etz PCI Security Standards Council Troy Leach RouteOne Chris Irving RouteOne Jenna Wolfe Symcor Inc. Debbi Fitzpatrick TECSEC Incorporated Ed Scheidt The Clearing House Sharon Jablon U.S. Bank . John King U.S. Commodity Futures Trading Commission (CFTC) . Robert Stowsky USDA Food and Nutrition Servi

35、ce . Kathy Ottobre Vantiv LLC . Gary Zempich VeriFone, Inc. Dave Faoro VISA Kim Wagner Wayne Fueling Systems . Steven Bowles Wells Fargo Bank Mark Schaffer ANSI X9.692017 8 ASC X9, Inc. 2017 All rights reserved The X9F subcommittee on Information Security had the following members: Dave Faoro, X9F C

36、hair Sandra Lambert, X9F Vice Chair Organization Represented Representative ACI Worldwide . Doug Grote ACI Worldwide . Dan Kinney ACI Worldwide Julie Samson American Bankers Association .Tom Judd American Express Company . Farid Hatefi American Express Company John Timar American Express Company Kev

37、in Welsh Bank of America Amanda Adams Bank of America . Peter Capraro Bank of America . Andi Coleman Bank of America . Lawrence LaBella Bank of America Will Robinson Bank of America . Michael Smith Bank of America Daniel Welch BlackBerry Limited Daniel Brown BlackBerry Limited Sandra Lambert Blackha

38、wk Network Vijay Bolina Blackhawk Network Anthony Redondo Bloomberg LP Erik Anderson Bloomberg LP Corby Dear Capital One . Marie LaQuerre Capital One Johnny Lee Cipherithm . Scott Spiker comForte 21 GmbH . Thomas Gloerfeld comForte 21 GmbH Henning Horst Communications Security Establishment Jonathan

39、 Hammell Communications Security Establishment . David Smith Conexxus, Inc. . Alan Thiemann CUSIP Service Bureau . Scott Preiss Delap LLP Andrea Beatty Delap LLP David Buchanan Delap LLP Darlene Kargel Deluxe Corporation . Angela Hendershott Deluxe Corporation Margiore Romay Deluxe Corporation . And

40、y Vo Diebold Nixdorf . Christoph Bruecher Diebold Nixdorf Andrea Carozzi Diebold Nixdorf Bruce Chapa Diebold Nixdorf . Michael Nolte Diebold Nixdorf Michael Ott Diebold Nixdorf Dave Phister Discover Financial Services .Cheryl Mish Discover Financial Services . Diana Pauliks Discover Financial Servic

41、es . Jordan Schaefer eCurrency David Wen Federal Reserve Bank . Patrick Adler Federal Reserve Bank Guy Berg Federal Reserve Bank . Marianne Crowe Federal Reserve Bank . Amanda Dorphy ANSI X9.692017 ASC X9, Inc. 2017 All rights reserved 9 Federal Reserve Bank Mary Hughes Federal Reserve Bank Heather

42、Hultquist Federal Reserve Bank Janet LaFrence Federal Reserve Bank Susan Pandy Federal Reserve Bank . Patti Ritter Federal Reserve Bank Daniel Rozycki First Data Corporation Annmarie Corrigan First Data Corporation Lisa Curry First National Bank of Omaha Kristi White FIS Chelsea Lopez FIS John Soare

43、s FIS . Sunny Wear Fiserv . Bud Beattie Fiserv . Dan Otten Futurex . Ryan Smith GEOBRIDGE Corporation Donna Gem GEOBRIDGE Corporation Jason Way Gilbarco . Scott Turner Gilbarco Bruce Welch Harland Clarke Joseph Filer Heartland Payment Systems Scott Meeker Hewlett Packard Susan Langford Hewlett Packa

44、rd Luther Martin Hewlett Packard Terence Spies IBM Corporation Todd Arnold Independent Community Bankers of America . Cary Whaley Ingenico . Rob Martin ITS, Inc. (SHAZAM Networks) Manish Nathwani J.P. Morgan Chase Bruce Geller J.P. Morgan Chase Kathleen Krupa J.P. Morgan Chase . Jackie Pagn J.P. Mor

45、gan Chase Darryl Scott K3DES LLC . Azie Amini KPMG LLP Mark Lundin MagTek, Inc. . Jeff Duncan MagTek, Inc. . Mimi Hart MasterCard Europe Sprl . Mark Kamers MasterCard Europe Sprl . Joshua Knopp MasterCard Europe Sprl Larry Newell MasterCard Europe Sprl Adam Sommer MasterCard Europe Sprl Michael Ward

46、 National Institute of Standards and Technology (NIST) . Elaine Barker National Institute of Standards and Technology (NIST) . Lily Chen National Security Agency Mike Boyle National Security Agency . Paul Timmel Nautilus Hyosung . Joe Militello Nautilus Hyosung Jay Shin NCR Corporation Tanika Eng NC

47、R Corporation Charlie Harrow NCR Corporation. David Norris Onboard Security Mark Etzel Onboard Security . William Whyte Onboard Security Lee Wilson Onboard Security Zhenfei Zhang PCI Security Standards Council . Leon Fell PCI Security Standards Council . Troy Leach ANSI X9.692017 10 ASC X9, Inc. 201

48、7 All rights reserved PCI Security Standards Council .Ralph Poore RSA, The Security Division of EMC . Steve Schmalz SafeNet, Inc. . Amit Sinha TECSEC Incorporated Ed Scheidt TECSEC Incorporated Dr. Wai Tsang TECSEC Incorporated Jay Wack Thales UK Limited Larry Hines Thales UK Limited . James Torjuss

49、en The Clearing House . Henry Farrar The Clearing House Sharon Jablon Trustwave. John Amaral Trustwave Tim Hollebeek U.S. Bank . Stephen Case U.S. Bank . Peter Skirvin Vantiv LLC . Jeffrey Singleton Vantiv LLC . Bill Weingart Vantiv LLC . Gary Zempich Vantiv LLC James Zerfas VeriFone, Inc. John Barrowman VeriFone, Inc. David Ezell VeriFone, Inc. . Dave Faoro VeriFone, Inc. . Doug Manchester VeriFone, Inc. . Brad McGuinness VeriFone, Inc. . Joachim Vance VISA Shahzad Khan VISA Kim Wagner Wayne Fueling Systems . Steven Bowles Wells Fargo

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1