1、 American National Standard for Financial Services ANS X9.24 Part 2: 2006 Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys Secretariat Accredited Standards Committee X9, Inc. Approved: American National Standards Institute
2、ANS X9.24 Part 2: 2006 Foreword Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Stan
3、dards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward
4、their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standar
5、ds. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the America
6、n National Standards Institute. Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standa
7、rds Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporated Financial Industry Standards P.O. Box 4035 Annapolis, MD 21403 USA X9 Online http:/www.X9.orgCopy
8、right 2006 Accredited Standards Committee X9, Inc. All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Printed in the United States of America. 2006 All rights reservediANS
9、X9.24 Part 2: 2006 2006 All rights reserved iiContents Foreword i Figures iv Tables v Introduction vi 1 Purpose 10 2 Scope10 2.1 Application .11 3 References .11 4 Terms and Definitions.12 5 Standard Organization18 6 Environment.18 6.1 General .18 6.2 Cardholder and Card Issuer .20 6.3 Card Acceptor
10、20 6.4 Acquirer20 6.5 Tamper Resistant Security Module (TRSM)20 6.6 Acquirer Host.21 6.7 Certification Authority.21 6.8 Device Manufacturer .21 7 Key Management Requirements21 7.1 General .21 7.1.1 Symmetric Keys.21 7.1.2 Asymmetric Keys 22 7.2 Tamper-Resistant Security Modules (TRSM) used for Key M
11、anagement .23 7.3 A Secure Environment23 7.4 Certification Authority (CA) Requirements.23 7.5 Key Generation 24 7.5.1 Symmetric Key Generation.24 7.5.2 Asymmetric Key Generation 24 7.6 Asymmetric Key Activation/Enablement 24 7.6.1 Creation of Certificates.24 7.6.2 Signing of Certificates 24 7.6.3 Li
12、fetime of Certificates24 7.6.4 Authentication of Valid Request and Valid Device 25 7.7 Key Distribution.25 7.7.1 Symmetric Key Distribution/Loading 25 7.7.2 Asymmetric Key Distribution/Loading 25 7.8 Key Utilization26 7.8.1 Symmetric Key Utilization 26 7.8.2 Asymmetric Key Utilization 26 7.9 Key Sto
13、rage26 7.10 Key Replacement.26 7.11 Key Destruction .27 ANS X9.24 Part 2: 2006 2006 All rights reserved iii8 Trust Models and Key Establishment Protocols27 8.1 Introduction27 8.2 Trust Models 28 8.2.1 Three-Party Model CAs 28 8.2.2 Two-Party Model Self Signing Model .28 8.2.3 Prior Trust Model.29 8.
14、3 Key Establishment Protocols.29 8.3.1 Unilateral Key Transport Method.29 8.3.2 Bilateral Key Transport Method (Both Entities Generate and Share Symmetric Key Joint Control).30 8.3.3 Key Agreement Method 32 Annex A (Normative) Approved ANSI Symmetric Key Algorithms for Encryption of Private Keys 34
15、ANS X9.24 Part 2: 2006 iv 2006 All rights reservedFigures Figure 1 High Level Overview of Key Transport Method (Unilateral).29 Figure 2 High Level Overview of Key Transport Method (Bilateral).31 Figure 3 High Level Overview of Key Agreement Method .32 ANS X9.24 Part 2: 2006 2006 All rights reserved
16、vTables Table 1 Trust Models and Key Establishment Protocols. 28 ANS X9.24 Part 2: 2006 vi 2006 All rights reservedIntroduction Today, billions of dollars in funds are transferred electronically by various communication methods. Transactions are often entered remotely, off-premise from financial ins
17、titutions, by retailers or by customers directly. Such transactions are transmitted over potentially non-secure media. The vast range in value, size, and the volume of such transactions expose institutions to severe risks, which may be uninsurable. To protect these financial messages and other sensi
18、tive information, many institutions are making increased use of the American National Standards Institute Triple Data Encryption Algorithm (TDEA). Specific examples of its use include standards for message authentication, personal identification number encryption, other data encryption, and key encr
19、yption. The TDEA is in the public domain. The security and reliability of any process based on the TDEA is directly dependent on the protection afforded to secret numbers called cryptographic keys. A familiar analogy may be found in the combination lock of a vault. The lock design is public knowledg
20、e. Security is provided by keeping a number, the combination, a secret. Secure operation also depends on protective procedures and features which prevent surreptitious viewing or determination of the combination by listening to its operation. Procedures are also required to ensure that the combinati
21、on is random and cannot be modified by an unauthorized individual without detection. Part 1 of ANS X9.24 deals exclusively with management of symmetric keys using symmetric techniques. This Part 2 addresses the use of asymmetric techniques for the distribution of symmetric keys. Asymmetric technique
22、s utilize algorithms other than the DEA (e.g., Diffie-Hellman, RSA, Elliptic Curve, etc.). Those asymmetric algorithms are defined in other American National Standards Institute standards (e.g., ANS X9.42 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Algorithm K
23、eys Using Discrete Logarithm Cryptography, ANS X9.44 DRAFT Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Factoring-Based Cryptography, and X9.63 Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Management Using El
24、liptic Curve-Based Cryptography). Those algorithms are also in the public domain, and the security and reliability are also dependent on the security and integrity of the asymmetric keys and the infrastructure under which those keys are created and managed. This part of ANS X9.24 assumes the reader
25、is familiar with the concepts behind asymmetric cryptography. NOTEThe users attention is called to the possibility that compliance with this standard may require use of an invention covered by patent rights. By publication of this standard, no position is taken with respect to the validity of this c
26、laim or of any patent rights in connection therewith. The patent holder has, however, filed a statement of willingness to grant a license under these rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to obtain such a license. Details may be obtained from the stan
27、dards developer. Suggestions for the improvement of this standard will be welcome. They should be sent to the ASC X9 Secretariat, Accredited Standards Committee X9, Inc., P.O. Box 4035, Annapolis, MD 21403. ANS X9.24 Part 2: 2006 2006 All rights reserved viiThe standard was processed and approved fo
28、r submittal to the American National Standards Institute by the Accredited Standards Committee X9 - Financial Services. Committee approval of the standard does not necessarily imply that all committee members voted for its approval. At the time it approved this standard, the X9 Committee had the fol
29、lowing members: Gene Kathol, X9 Chairman Vincent DeSantis, X9 Vice Chairman Cynthia L. Fuller, Executive Director Isabel Bailey, Managing Director Organization Represented Representative ACI Worldwide Jim Shaffer American Express Company Mike Jones American Financial Services Association Mark Zalews
30、ki Bank of America Daniel Welch Bank One Corporation Jacqueline Pagan BB and T Woody Tyner Cable a set of rules which, if followed, will give a prescribed result 4.4 asymmetric cryptographic algorithm A cryptographic algorithm that uses two related keys, a public key and a private key; the two keys
31、have the property that, given the public key, it is computationally infeasible to derive the private key 4.5 ATM Automatic Teller Machine 4.6 authentication the act of determining that a message has not been changed since leaving its point of origin. The identity of the originator is implicitly veri
32、fied 4.7 authentication algorithm the application of a cryptographic process in which output text depends on all preceding input text 4.8 authentication element a contiguous group of bits or characters which are to be protected by being processed by the authentication algorithm 4.9 card acceptor par
33、ty accepting the card and presenting transaction data to the acquirer 4.10 card issuer the institution or its agent that issues the card to the cardholders 4.11 Certificate The public key and identity of an entity together with some other information rendered unforgeable by signing the certificate w
34、ith the private key of the certifying authority, which issued that certificate 4.12 Certification Authority (CA) An entity trusted by one or more entities to create and assign certificates 4.13 ciphertext data in its enciphered form 4.14 certificate revocation list list of revoked certificates digit
35、ally signed by the issuing CA ANS X9.24 Part 2: 2006 14 2006 All rights reserved4.15 cleartext data in its original, unencrypted form 4.16 communicating pair two entities (usually institutions) sending and receiving transactions. This is to include alternate processing sites either owned or contract
36、ed by either communicating entity 4.17 compromise in cryptography, the breaching of secrecy and/or security. A violation of the security of a system such that an unauthorized disclosure of sensitive information may have occurred 4.18 cryptographic key a parameter that determines the operation of a c
37、ryptographic function such as: a) the transformation from cleartext to ciphertext and vice versa b) synchronized generation of keying material c) digital signature computation or validation 4.19 Data Encryption Algorithm (DEA) the cryptographic algorithm adopted by ANSI (see Reference 1) 4.20 data i
38、ntegrity a property whereby data has not been altered or destroyed 4.21 decryption a process of transforming ciphertext (unreadable) into cleartext (readable) 4.22 digital certificate see certificate 4.23 digital signature A cryptographic transformation of data which, when associated with a data uni
39、t and accompanied by the corresponding public-key certificate, provides the services of: (a) Origin authentication, (b) Data integrity, and (c) Signer non-repudiation 4.24 double length key a cryptographic key having a length of 112 bits plus 16 parity bits ANS X9.24 Part 2: 2006 2006 All rights res
40、erved 154.25 dual control a process of utilizing two or more separate entities (usually persons), operating in concert, to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. It SHALL be ensur
41、ed that no one person is able to access or to utilize the materials (e.g., cryptographic key). For manual key generation, conveyance, loading, storage and retrieval, dual control requires split knowledge of key among the entities. Also see “split knowledge” 4.26 encryption a process of transforming
42、cleartext (readable) into ciphertext (unreadable) for the purpose of security or privacy 4.27 exclusive-or a mathematical operation, symbol “XOR”, defined as: 0 XOR 0 = 0 0 XOR 1 = 1 1 XOR 0 = 1 1 XOR 1 = 0 Equivalent to binary addition without carry (modulo-2 addition) 4.28 institution an establish
43、ment responsible for facilitating customer-initiated transactions or transmission of funds for the extension of credit, or the custody, loan, exchange, or issuance of money 4.29 HSM Host Security Module 4.30 interchange mutual acceptance and exchange of messages between financial institutions 4.31 i
44、ssuer the institution holding the account identified by the primary account number (PAN) 4.32 key see cryptographic key 4.33 key encrypting key a key used exclusively to encrypt and decrypt keys 4.34 key component one of at least two parameters having the format of a cryptographic key that is exclus
45、ive-ored/added modulo-2 with one or more like parameters to form a cryptographic key. A component is equal in length to the resulting key 4.35 keying material the data (e.g., keys, certificates and initialization vectors) necessary to establish and maintain cryptographic keying relationships ANS X9.
46、24 Part 2: 2006 16 2006 All rights reserved4.36 key shares the process of dividing a private key into multiple (m) pieces (shares or fragments), and sharing those pieces amongst a group of people. A designated minimum number (n) of those people are required to bring their key shares together in orde
47、r to reconstitute the key. Each key share is constructed in such a manner is to not disclose any information about the key. 4.37 key validation The procedure whereby the receiver of a public key checks that the key conforms to the arithmetic requirements for such a key in order to thwart certain typ
48、es of attacks. Also referred to as public key validation in this standard 4.38 KLD Key Loading Device 4.39 master key in a hierarchy of Key Encrypting Keys and Transaction Keys, the highest level of Key Encrypting Key is known as a Master Key 4.40 message a communication containing one or more trans
49、actions or related information 4.41 MQV Menezes-Qu-Vanstone key agreement scheme 4.42 node any point in a network that does some form of processing of data, such as a terminal, acquirer or switch 4.43 non-repudiation this service provides proof of the integrity and origin of data both in an unforgeable relationship which can be verified by any party 4.44 originator the person, institution or other entity that is responsible for and authorized to originate a message 4.45 parity a measure of the number of 1 bits in a group of 0 and
