1、American National Standard for Financial Services ANSI X9.95-2005 Trusted Time Stamp Management and Security Accredited Standards Committee X9, Incorporated Financial Industry Standards Approved: June 28, 2005 American National Standards Institute ANS X9.95-2005 2005 ASC X9, Inc. iForeword Approval
2、of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement has b
3、een reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American Nat
4、ional Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not, from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Inst
5、itute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests
6、 for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be ta
7、ken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by: Accredited Standards Committee X9, Incorporated Financial Industry Standards P. O. Box 4035 Annapolis, MD 21403 http:/x9.org/ Copyright 2003-2005 by Accredited Standards Committee X9,
8、 Incorporated All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Printed in the United States of America ANS X9.95-2005 2005 ASC X9, Inc. iiContents Foreword. i Introductio
9、n . vi 1 Scope1 2 Normative References1 3 Terms and Definitions.3 4 Symbols and Abbreviated Terms6 5 Time Stamp Framework .7 5.1 Time Stamp Architecture7 5.2 Time Stamp Applications .8 5.3 Non-Repudiation Considerations Relating to Time Stamp Tokens .12 6 Trusted Time Stamp Requirements13 6.1 Genera
10、l Requirements.13 6.2 Requirements for Time Source Entity (TSE)13 6.3 Requirements for TSA14 6.3.1 TSA TST Requirements.14 6.3.2 TSA Renewal Requirements15 6.4 Requirements for TST Requestor16 6.4.1 Requestor TST Requirements .16 6.4.2 Requestor Renewal Requirements16 6.5 Requirements for TST Verifi
11、er .16 6.5.1 Verifier TST Requirements.16 6.5.2 Verifier Renewal Requirements .17 7 Time Stamp Objects .17 7.1 Time Calibration Report (TCR) 17 7.1.1 TCR Objects.17 7.1.2 TCR ASN.1 18 7.1.3 TCR XML .19 7.2 Time Stamp Request .20 7.2.1 Time Stamp Request Object20 7.2.2 Time Stamp Request ASN.120 7.2.
12、3 Time Stamp Request XML.21 7.3 Time Stamp Response.22 7.3.1 Time Stamp Response Object .22 7.3.2 Time Stamp Response ASN.1 .22 7.3.3 Time Stamp Response XML 24 7.4 Time Stamp Token.24 7.5 Time Stamp Info.25 7.5.1 Time Stamp Info Object .25 7.5.2 Time Stamp Info ASN.1 .26 7.5.3 Time Stamp Info XML 2
13、8 7.6 Extensions28 7.6.1 Hash Extension28 7.6.2 Method Extension 29 7.6.3 Renewal Extension 29 7.7 Verification Request.29 7.7.1 Verification Request Object .30 7.7.2 Verification Request ASN.1 .30 7.7.3 Verification Request XML.30 7.8 Verification Response 30 ANS X9.95-2005 2005 ASC X9, Inc. iii7.8
14、.1 Verification Response Object.30 7.8.2 Verification Response ASN.1.31 7.8.3 Verification Response XML31 7.9 Logging 32 8 Time Stamp Methods32 8.1 Digital Signature Method32 8.1.1 General 32 8.1.2 Time Stamp Request .33 8.1.3 Time Stamp Token Generation33 8.1.4 Time Stamp Token Verification38 8.2 M
15、AC Method 39 8.2.1 General 39 8.2.2 Time Stamp Token Request 39 8.2.3 Time Stamp Token Generation39 8.2.4 Time Stamp Token Verification42 8.3 Linked Token Method.42 8.3.1 General 42 8.3.2 Time Stamp Token Request 43 8.3.3 Time Stamp Token Generation43 8.3.4 Time Stamp Token Verification50 8.4 Linked
16、 and Signed Method 50 8.4.1 General 50 8.4.2 Time Stamp Token Request 51 8.4.3 Time Stamp Token Generation51 8.4.4 Time Stamp Token Verification52 8.5 Transient Key Method52 8.5.1 General 52 8.5.2 Time Stamp Request .55 8.5.3 Time Stamp Token Generation55 8.5.4 Time Stamp Token Verification62 9 Time
17、 Stamp Message Flows 62 9.1 General 62 9.2 Time Calibration Messages .62 9.3 Time Stamp Acquisition Messages65 9.3.1 Time Stamp Token Request 65 9.3.2 Time Stamp Token Response .68 9.4 Time Stamp Verification Messages .69 9.4.1 Time Stamp Token Verification69 9.4.2 Time Stamp Token Verification Requ
18、est .69 9.4.3 Time Stamp Token Verification Response.70 Annex A: (Normative) ASN.1 Modules A-1 A.1 TrustedTimeStamp ASN.1 Module A-1 A.2 TransientKey ASN.1 Module A-8 Annex B: (Normative) TS Control Objectives B-1 B.1 Overview B-1 B.2 Environmental Controls B-2 B.2.1 Security Policy B-2 B.2.2 Securi
19、ty Organization. B-4 B.2.3 Asset Classification and Management. B-5 B.2.4 Personnel Security. B-5 B.2.5 Physical and Environmental Security. B-6 B.2.6 Operations Management B-8 B.2.7 System Access Management B-10 B.2.8 Systems Development and Maintenance B-12 ANS X9.95-2005 2005 ASC X9, Inc. ivB.2.9
20、 Business Continuity Management . B-14 B.2.10 Monitoring and Compliance. B-15 B.2.11 Event Journaling B-16 B.3 Key Management Controls B-19 B.3.1 Key Generation B-19 B.3.2 Key Storage, Backup and Recovery B-20 B.3.3 Key Distribution B-21 B.3.4 Key Usage B-21 B.3.5 Key Destruction and Archival. B-22
21、B.3.6 Cryptographic Device Controls B-23 B.4 Time Management Controls. B-25 B.4.1 Time Calibration. B-26 B.4.2 Time Stamp Token Request B-26 B.4.3 Time Stamp Token Response . B-27 B.4.4 Time Stamp Token Handling . B-28 B.4.5 Time Stamp Token Verification B-28 Annex C: (Informative) TS Policy and TS
22、Practice Statement C-1 C.1 Overview C-1 C.2 Time Stamp Policy (TSP). C-1 C.2.1 Environmental Policies. C-1 C.2.2 Key Management Policies . C-3 C.2.3 Time Management Policies C-4 C.3 Time Stamp Practice Statement (TSPS) . C-5 C.3.1 Environmental Practice Statements. C-5 C.3.2 Key Management Practice
23、Statements C-8 C.3.3 Time Management Practice Statements C-11 Annex D: (Informative) OASIS DSS TC Time Stamp Protocols D-1 D.1 OASIS DSS TC Time Stamp Protocols . D-1 D.2 Time Stamp Request . D-1 D.3 Time Stamp Verify Protocol . D-2 D.4 OASIS DSS TC Time Stamp Token D-2 D.4.1 XML Structure .D-2 D.5
24、References. D-3 Annex E: (Informative) Algorithms E-1 E.1 Linear Chain Linking E-1 E.2 Merkle Tree Aggregation E-2 E.3 Publishing Algorithms. E-5 Bibliography . Bb-1 ANS X9.95-2005 2005 ASC X9, Inc. vFigures Figure 1 - Time Stamp Entities .7 Figure 2 - TST Request on Digital Data8 Figure 3 - TST Res
25、ponse on Digital Data.8 Figure 4 - TST Request on Signed Digital Data10 Figure 5 - TST Response on Signed Digital Data.10 Figure 6 - First TST Request.11 Figure 7 - First TST Response11 Figure 8 - Forwarded TST.11 Figure 9 - Second TST Request .11 Figure 10 - Second TST Response 12 Figure 11 - Verif
26、iable TST.12 Figure 12 - NIST Traceable Calibration 63 Figure 13 - Example of Linear Chain Linking Using SHA1. E-1 Figure 14 Example of Merkle Tree Aggregation Using SHA1 . E-3 Tables Table 1 - TSA Actions .66 Table 2 - Requestor Actions68 Table 3 - Verification Service Provider Actions.70 Flows Flo
27、w 1 - Time Calibration Review .63 Flow 2 - Time Calibration Report 64 Flow 3 Time Stamp Token Request.65 Flow 4 Time Stamp Token Information Generation .66 Flow 5 Time Stamp Token Response68 Flow 6 Time Stamp Token Verification Request69 Flow 7 Verify Request Validation .70 Flow 8 Time Stamp Token V
28、erification Response.71 ANS X9.95-2005 2005 ASC X9, Inc. viIntroduction As financial institutions increasingly conduct more business electronically, it is correspondingly becoming more important to ensure that there is a secure, standardize methodology to prove what and when digital data was created
29、, transmitted, received, modified or stored. The duality of proving the “what” and the “when” necessitates that the methodology provides the ability to verify the integrity of the digital data and the time of the digital event. Such a time stamp must therefore be issued from a trustworthy authority,
30、 whose time originates from a trustworthy source, and whose time stamp is irrefutably verifiable. Such a methodology is applicable for financial institutions, their business partners, retailers and third party financial service providers. There are numerous examples of financial applications where a
31、n electronic message (e.g., stock transaction, money transfers, document filing, clearing and settlement transaction) needs a time stamp that cannot be undetectably tampered with and offers an evidentiary trail of authenticity. It is likewise essential from the standpoint of legal sufficiency, to pr
32、ovide the non- refutable time when a financial transaction has been digitally signed, that is there must be proof that the time of the digital signature is in fact the actual time when the document was signed. This American National Standard defines the requirements to securely operate a Time Stamp
33、Authority that issues time stamp tokens, provides recommendations to other Time Stamp Entities to manage time stamp tokens, describes time stamp token techniques, and offers a comprehensive set of control objectives and evaluation criteria to assess Time Stamp Entities that is suitable for use by a
34、professional audit practitioner. However, this Standard does not guarantee that a particular implementation is secure. It is the responsibility of the financial institution or integrator to put an overall process in place with the necessary controls to ensure that the process is securely implemented
35、. Furthermore, the controls should include the application of appropriate audit tests in order to verify compliance with this Standard. The users attention is called to the possibility that compliance with this standard may require use of an invention covered by patent rights. By publication of this
36、 standard, no position is taken with respect to the validity of this claim or of any patent rights in connection therewith. The patent holder has, however, filed a statement of willingness to grant a license under these rights on reasonable and nondiscriminatory terms and conditions to applicants de
37、siring to obtain such a license. Details may be obtained from the standards developer. Suggestions for the improvement or revision of this Standard are welcome. They should be sent to the Accredited Standards Committee X9 Incorporated, Financial Industry Standards, P. O. Box 4035, Annapolis, MD 2140
38、3 This Standard was processed and approved for submittal to ANSI by the Accredited Standards Committee on Financial Services, X9. Committee approval of the Standard does not necessarily imply that all the committee members voted for its approval The X9 Committee had the following members: Gene Katho
39、l, Chairman, First Data Corporation Vincent DeSantis, Vice Chairman, The Clearing House Cindy Fuller, Executive Director, ASC X9, Inc. Isabel Bailey, Managing Director, ASC X9, Inc. ORGANIZATION NAME ANS X9.95-2005 2005 ASC X9, Inc. viiACI Worldwide Jim Shaffer American Express Company Mike Jones Am
40、erican Financial Services Association Mark Zalewski Bank of America Daniel Welch Capital One Scott Sykes Certicom Corporation Daniel Brown Citigroup, Inc. Daniel Schutzer Deluxe Corporation John Fitzpatrick Diebold, Inc. Bruce Chapa Discover Financial Services Jon Mills eFunds Corporation Nora Eull
41、Federal Reserve Bank Dexter Holt First Data Corporation Gene Kathol Fiserv Bud Beattie Hewlett Packard Larry Hines Hypercom Scott Spiker IBM Corporation Todd Arnold Ingenico John Sheets J.P. Morgan Chase It is computationally infeasible to find any two distinct inputs, which map to the same output.
42、Note: In this standard hash functions are also referred to as hash algorithms. 3.18 Hash Value The string of bits which is the output of a hash function. 3.19 Key Management The generation, storage, secure distribution and application of keying material in accordance with a security policy. 3.20 Lea
43、p Second A second added to Universal Coordinated Time (UTC) (that is based on the performance of atomic clocks) to make it agree with astronomical time (that is based on the rotational rate of the Earth) to within 0.9 second. 3.21 Link A data item providing an irreversible and collision-resistant cr
44、yptographic statement attesting to the existence of at least two other data items. 3.22 Message Authentication Code (MAC) A data item derived from a message using symmetric cryptographic techniques and a secret key. It is used to check the integrity and origin of a message by any entity holding the
45、secret key. 3.23 National Measurement Institute (NMI) A national body (e.g., NIST, USNO) that provides certified time measurements and calibrations. 3.24 Nonce A non-repeating value, such as a counter, used in key management protocols to thwart replay and other types of attack. 3.25 Private Key In a
46、n asymmetric (public) key cryptosystem, that key of an entitys key pair that is usable only by that entity. ANS X9.95-2005 2005 ASC X9, Inc. 53.26 Public Key In an asymmetric (public) key cryptosystem, that key of an entitys key pair which is publicly known. 3.27 Public Key Certificate The public ke
47、y and identity of an entity together with some other information rendered unforgeable by signing the certificate with the private key of the certifying authority which issued that certificate. 3.28 Relying Party Recipient of a time stamp token who relies on that time stamp token. 3.29 Renewal A rene
48、wal is the extension of the validity of an existing time stamp token. Legitimate reasons to renew a TST include: (i) the public key certificate used to verify the TSA digital signature is nearing its expiration date, or (ii) a requestor needs to replace the hash value using a stronger hash algorithm
49、. 3.30 Sequence Number A time variant parameter whose value is taken from a specified sequence which is non-repeating within a certain time period. 3.31 Time Stamp A time variant parameter which denotes a point in time with respect to a common time reference. 3.32 Time Stamp Authority (TSA) Authority which issues time stamp tokens. 3.33 Time Stamp Policy (TSP) Statement of the policy that a time entity (i.e., Time Source, TSA, Requestor, Verifier) employs in using time stamp tokens. 3.34 Time Stamp Practice Statement (TSPS) Statement of the practices that