ImageVerifierCode 换一换
格式:PDF , 页数:111 ,大小:767.29KB ,
资源ID:431355      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-431355.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI ASC X9 X9.79-1-2001 Part 1 PKI Practices and Policy Framework.pdf)为本站会员(wealthynice100)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI ASC X9 X9.79-1-2001 Part 1 PKI Practices and Policy Framework.pdf

1、American National Standard for Financial Services ANS X9.79-1:2001 Part 1: PKI Practices and Policy Framework Secretariat American Bankers Association Approved: January 2001 American National Standards InstituteANS x9.79-1:2001, Public Key Infrastructure - Practices and Policy Framework 2001 America

2、n Bankers Associationii American National Standard Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the

3、 ANSI Board of Standards Review, directly and materially affected interests have reached substantial agreement. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be

4、made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to

5、 the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of

6、 the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American Na

7、tional Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by: American Bankers Association 1120 Connecticut Ave., NW Washington, DC 20036 USA Customer Service Center + 1 800 338 0626 or + 1 202

8、 663 5087 Fax + 1 202 663 7543 Email X9 Online: http:/www.x9.org Copyright (X9 2000) by American Bankers Association All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Pri

9、nted in the United States of America 2001 American Bankers Association ANS x9.79-1:2001, Public Key Infrastructure - Practices and Policy Frameworkiii Contents 1 SCOPE OF THIS STANDARD . 1 2 NORMATIVE REFERENCE(S) . 2 3 DEFINITIONS. 3 4 SYMBOLS (AND ABBREVIATIONS) 10 5 ORGANIZATION. 11 6 PKI CERTIFI

10、CATE POLICY AND CERTIFICATION PRACTICE STATEMENT. 12 6.1 WHAT IS PKI (PUBLIC-KEY INFRASTRUCTURE)? 12 6.2 PKI MODELS 13 6.2.1 Closed Model 13 6.2.2 Network Model 13 6.2.3 Open Model. 13 6.3 PKI PERSPECTIVES . 14 6.3.1 Functional Perspective 14 6.3.2 Legal Perspective 16 6.3.3 Regulatory Perspective .

11、 16 6.3.4 Business Usage Perspective 16 6.4 RELATIONSHIP BETWEEN CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT 17 6.4.1 Authorship. 17 6.4.2 Purpose . 17 6.4.3 Level of Specificity 17 6.4.4 Approach. 18 6.4.5 Public and Private Access. 18 6.5 CERTIFICATE POLICY (CP) . 19 6.6 CERTIFICATION

12、PRACTICE STATEMENT (CPS) 20 6.7 CERTIFICATE POLICY, CPS, AND CA INTEROPERABILITY 21 7 GENERAL REQUIREMENTS 21 7.1 CERTIFICATE POLICY (CP) . 21 7.2 CERTIFICATION PRACTICE STATEMENTS 23 7.2.1 Segmentation of a Certification Practice Statement. 23 ANNEX A (NORMATIVE) ELEMENTS OF POLICY AND PRACTICE 26

13、A.1 INTRODUCTION . 26 A.1.1 Overview . 26 A.1.2 Identification . 26 A.1.3 Community and Applicability 26 A.1.4 Contact Details 27 A.2 GENERAL PROVISIONS 27 A.2.1 Liability . 27 A.2.2 Obligations 28 ANS x9.79-1:2001, Public Key Infrastructure - Practices and Policy Framework 2001 American Bankers Ass

14、ociationiv A.2.3 Interpretation and Enforcement 29 A.2.4 Publication and Repositories 29 A.2.5 Compliance Audit 29 A.2.6 Confidentiality Policy 29 A.3 IDENTIFICATION AND AUTHENTICATION 30 A.3.1 Initial Registration 30 A.3.2 Routine Re-key 31 A.3.3 Re-key after Revocation - No Key Compromise. 31 A.3.

15、4 Revocation Request . 31 A.4 OPERATIONAL REQUIREMENTS 32 A.4.1 Certificate Application 32 A.4.2 Certificate Issuance. 32 A.4.3 Certificate Acceptance 32 A.4.4 Certificate Suspension and Revocation. 32 A.4.5 Security Audit Procedures. 33 A.4.6 Records Archival. 34 A.4.7 Key Changeover 34 A.4.8 Compr

16、omise and Disaster Recovery . 34 A.4.9 CA Termination. 35 A.5 PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS. 35 A.5.1 Physical Security Controls 35 A.5.2 Procedural Controls 36 A.5.3 Personnel Security Controls 36 A.6 TECHNICAL SECURITY CONTROLS 37 A.6.1 Key Pair Generation and Installation.

17、 38 A.6.2 Private Key Protection 38 A.6.3 Other Aspects of Key Pair Management . 39 A.6.4 Activation Data . 40 A.6.5 Computer Security Controls 40 A.6.6 Life Cycle Security Controls . 40 A.6.7 Network Security Controls 40 A.6.8 Cryptographic Module Engineering Controls. 40 A.7 CERTIFICATE AND CRL PR

18、OFILES 41 A.7.1 Certificate Profile 41 A.7.2 CRL Profile . 41 A.7.3 OCSP Profile. 41 A.8 PRACTICES ADMINISTRATION . 42 A.8.1 Change procedures . 42 A.8.2 Publication and Notification Procedures 43 A.8.3 Approval Procedures 43 ANNEX B (NORMATIVE) CERTIFICATION AUTHORITY CONTROL OBJECTIVES. 44 B.1 CA

19、ENVIRONMENTAL CONTROLS. 47 B.1.1 Certification Practice Statement and Certificate Policy Management . 47 B.1.2 Security Management 48 B.1.3 Asset Classification and Management 50 B.1.4 Personnel Security 50 B.1.5 Physical and Environmental Security . 51 B.1.6 Operations Management. 54 B.1.7 System A

20、ccess Management 56 B.1.8 Systems Development and Maintenance .58 B.1.9 Business Continuity Management . 58 B.1.10 Monitoring and Compliance. 61 B.1.11 Event Journaling 62 2001 American Bankers Association ANS x9.79-1:2001, Public Key Infrastructure - Practices and Policy Frameworkv B.2 KEY MANAGEME

21、NT LIFE CYCLE CONTROLS 67 B.2.1 CA Key Generation . 67 B.2.2 CA Key Storage, Backup and Recovery 68 B.2.3 CA Public Key Distribution. 69 B.2.4 CA Key Escrow (if supported). 70 B.2.5 CA Key Usage . 70 B.2.6 CA Key Destruction. 70 B.2.7 CA Key Archival 71 B.2.8 CA Cryptographic Hardware Life Cycle Man

22、agement. 72 B.2.9 CA-Provided Subscriber Key Management Services (if supported). 74 B.3 CERTIFICATE LIFE CYCLE CONTROLS. 76 B.3.1 Subscriber Registration. 76 B.3.2 Certificate Renewal (if supported) 78 B.3.3 Certificate Rekey . 79 B.3.4 Certificate Issuance. 81 B.3.5 Certificate Distribution . 82 B.

23、3.6 Certificate Revocation. 82 B.3.7 Certificate Suspension (if supported) 83 B.3.8 Certificate Status Information Processing 85 B.3.9 Integrated Circuit Card (ICC) Life Cycle Management (if supported). 86 B.4. MAPPING TO RFC 2527 AND X9.79 ANNEX A . 89 ANNEX C (INFORMATIVE) X.509 CERTIFICATE FIELDS

24、. 91 C.1 EXPLANATION OF X.509 EXTENTIONS. 91 C.1.1 Certificate Policies Extension . 91 C.1.2 Policy Mappings Extension. 92 C.1.3 Policy Constraints Extension 92 C.2 POLICY QUALIFIERS. 93 ANNEX D (INFORMATIVE) BIBLIOGRAPHY . 94 D.1 IETF REQUEST FOR COMMENT DRAFTS 94 D.2 NATIONAL AUTOMATED CLEARING HO

25、USE ASSOCIATION (NACHA) . 94 D.3 DRAFT GUIDELINE FROM OFFICE COMPTROLLER OF CURRENCY 94 D.4 AMERICAN BAR ASSOCIATION (ABARA), INFORMATION SECURITY COMMITTEE 94 D.5 AMERICAN INSTITUTE OF CERTIFIED PUBLIC ACCOUNTANTS (AICPA) AND CANADIAN INSTITUTE OF CHARTERED ACCOUNTANTS (CICA) 94 D.6 BRITISH STANDAR

26、DS INSTITUTION . 95 D.7 INTERNATIONAL ORGANISATION FOR STANDARDISATION 95 ANNEX E (INFORMATIVE) OBJECT IDENTIFIERS (OID) . 96 E.1 WHAT IS AN OID? 96 E.2 OIDS SHALL BE REGISTERED:. 96 E.3 ESTABLISHING AN OID.96 E.4 OID LOOKUP 97 E.5 INTERNATIONAL NAME REGISTRATION 97 ANS x9.79-1:2001, Public Key Infr

27、astructure - Practices and Policy Framework 2001 American Bankers Associationvi Figures FIGURE 1: MODEL CA HIERARCHY . 45 FIGURE 2: REGISTRATION PROCESS WITH AN RA 45 FIGURE 3: REGISTRATION PROCESS WITHOUT AN RA 46 2001 American Bankers Association ANS x9.79-1:2001, Public Key Infrastructure - Pract

28、ices and Policy Frameworkvii Tables TABLE 1: NORMATIVE ANNEXES. 11 TABLE 2: INFORMATIVE ANNEXES 11 TABLE 3: CROSS-REFERENCE OF BASIC CRYPTOGRAPHIC FUNCTIONS TO SECURITY SERVICES. 12 TABLE B-4: CONTROL PROCEDURES CERTIFICATION PRACTICE STATEMENT AND CERTIFICATE POLICY MANAGEMENT . 47 TABLE B-5: CONTR

29、OL PROCEDURES SECURITY MANAGEMENT . 48 TABLE B-6: CONTROL PROCEDURES ASSET CLASSIFICATION AND MANAGEMENT 50 TABLE B-7: CONTROL PROCEDURES PERSONNEL SECURITY 50 TABLE B-8: CONTROL PROCEDURES PHYSICAL AND ENVIRONMENT SECURITY. 52 TABLE B-9: CONTROL PROCEDURES OPERATIONS MANAGEMENT. 54 TABLE B-10: CONT

30、ROL PROCEDURES SYSTEM ACCESS MANAGEMENT. 56 TABLE B-11: CONTROL PROCEDURES SYSTEMS DEVELOPMENT AND MAINTENANCE 58 TABLE B-12: CONTROL PROCEDURES BUSINESS CONTINUITY MANAGEMENT. 59 TABLE B-13: CONTROL PROCEDURES MONITORING AND COMPLIANCE. 61 TABLE B-14: CONTROL PROCEDURES EVENT JOURNALING 62 TABLE B-

31、15: CONTROL PROCEDURES CA KEY GENERATION 67 TABLE B-16: CONTROL PROCEDURES CA KEY STORAGE, BACKUP AND RECOVERY. 68 TABLE B-17: CONTROL PROCEDURES CA PUBLIC KEY DISTRIBUTION 69 TABLE B-18: CONTROL PROCEDURES CA KEY ESCROW 70 TABLE B-19: CONTROL PROCEDURES CA KEY USAGE 70 TABLE B-20: CONTROL PROCEDURE

32、S CA KEY DESTRUCTION. 70 TABLE B-21: CONTROL PROCEDURES CA KEY ARCHIVAL 71 TABLE B-22: CONTROL PROCEDURES CA CRYPTOGRAPHIC HARDWARE LIFE CYCLE MANAGEMENT 72 TABLE B-23: CONTROL PROCEDURES CA-PROVIDED SUBSCRIBER KEY MANAGEMENT SERVICES . 74 TABLE B-24: CONTROL PROCEDURES SUBSCRIBER REGISTRATION . 76

33、TABLE B-25: CONTROL PROCEDURES CERTIFICATE RENEWAL 78 TABLE B-26: CONTROL PROCEDURES CERTIFICATE REKEY. 79 TABLE B-27: CONTROL PROCEDURES CERTIFICATE ISSUANCE 81 TABLE B-28: CONTROL PROCEDURES CERTIFICATE DISTRIBUTION . 82 TABLE B-29: CONTROL PROCEDURES CERTIFICATE REVOCATION. 82 TABLE B-30: CONTROL

34、 PROCEDURES CERTIFICATE SUSPENSION 83 TABLE B-31: CONTROL PROCEDURES CERTIFICATE STATUS INFORMATION PROCESSING 85 TABLE B-32: CONTROL PROCEDURES INTEGRATED CIRCUIT LIFE CYCLE MANAGEMENT . 87 TABLE B-33: CROSS-REFERENCE RFC 2527 SECTIONS AND CONTROL OBJECTIVES 89 ANS x9.79-1:2001, Public Key Infrastr

35、ucture - Practices and Policy Framework 2001 American Bankers Associationviii Foreword Institutions and intermediaries are building infrastructures to provide new electronic financial transaction capabilities to consumers, corporations, and government entities. As the volume of electronic financial

36、transactions continues to grow, advanced security technology employing digital signatures and authority systems can become part of the financial transaction process. Financial transaction systems incorporating advance security technology have requirements to ensure the privacy, authenticity, and int

37、egrity of financial transactions conducted over communications networks. The financial services industry relies on several time-honored methods of electronically identifying, authorizing, and authenticating entities and protect financial transactions. These methods include, but are not limited to: P

38、ersonal Identification Numbers (PINs) and Message Authentication Codes (MACs) for retail and wholesale financial transactions, user IDs and passwords for network and computer access, and key management for network connectivity. Over the last twenty years banks, investment, and insurance companies ha

39、ve developed risk management processes and policies to support the use of these technologies in financial applications. The expanded use of Internet technologies by the financial services industry and the needs of the industry in general to provide safe, private, and reliable financial transaction a

40、nd computing systems have given rise to advanced security technology incorporating public key cryptography. Public-key cryptography requires a business-optimized infrastructure of technology, management, and policy (a public-key infrastructure or PKI, as defined in this Standard) to satisfy requirem

41、ents of electronic identification, authentication, and authorization in financial application systems. The use of standard practices for electronic identification, authentication, and authorization in a PKI ensures more consistent and predictable security in these systems and confidence in electroni

42、c communications. Confidence (e.g., trust) can be achieved when compliance to standard practices can be ascertained. Applications serving the financial services industry can be developed with digital signature and PKI capabilities. The safety and the soundness of these applications are based in part

43、 on implementations and practices designed to ensure the overall integrity of the infrastructure. Users of authority-based systems that electronically bind the identity of individuals and other entities to cryptographic materials (e.g., cryptographic keys) benefit from standard risk management syste

44、ms and the base of auditable practices defined in this Standard. Members of the Accredited Standards Committee (ASC) X9 have made a commitment to public-key technology by developing technical standards and guidelines for digital signatures, key management, certificate management and data encryption.

45、 For implementers of these standards, the degree to which any entity in a payment transaction can rely on the implementation of public-key infrastructure standards and the extent of interoperability between PKI-based systems using 2001 American Bankers Association ANS x9.79-1:2001, Public Key Infras

46、tructure - Practices and Policy Frameworkix these standards will depend partly on factors relative to policy and practices defined in this Standard. Suggestions for the improvement or revision of this Standard are welcome. They should be sent to the X9 Committee Secretariat, American Bankers Associa

47、tion, 1120 Connecticut Avenue NW, Washington, DC, 20036. This standard was processed and approved for submittal to ANSI by the Accredited Standards Committee - X9 Financial Services. Committee approval of the Standard does not necessarily imply that all the committee members voted for its approval.

48、Cynthia L. Fuller, Associate Director Darlene Schubert, Assistant Division Manager The X9 committee had the following members: Harold Deal, Chairman Bil Lyons, Vice-Chairman Organization Represented Representative ACI Worldwide. Jim Shaffer American Bankers Association . Stephen Schutze American Exp

49、ress Company. Bonnie Howard Bank of America . Harold Deal Bank One Corporation Bil Lyons Certicom Corporation Don Johnson Chase Manhattan Bank Arlene Gariboldi Check Solutions. Ron Schultz Check Solutions. Harry Hankla Citibank . David Budinger Cybersafe Corporation Glenda Barnes Deloitte and (2) the message has not been altered since its Digital Signature was created. ANS x9.79-1:2001, Public Key Infrastructure - Practices and Policy Framework 2001 American Bankers Association10 4 Symbols (And Abbreviations

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1