1、 American National Standard for Financial Services ANS X9.24 Part 2: 2006 Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys Secretariat Accredited Standards Committee X9, Inc. Approved: American National Standards Institute
2、Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networki
3、ng permitted without license from IHS-,-,-ANS X9.24 Part 2: 2006 Foreword Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when,
4、 in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, a
5、nd that a concerted effort be made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, o
6、r procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American Na
7、tional Standard in the name of the American National Standards Institute. Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The
8、procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporated Financial Industry Standards P.O. Box 4035 Annapolis, M
9、D 21403 USA X9 Online http:/www.X9.orgCopyright 2006 Accredited Standards Committee X9, Inc. All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Printed in the United States
10、 of America. 2006 All rights reservediCopyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANS X9.24 Part 2: 2006 2006 All rights reserved iiContents Foreword i Figures iv Tables v I
11、ntroduction vi 1 Purpose 10 2 Scope10 2.1 Application .11 3 References .11 4 Terms and Definitions.12 5 Standard Organization18 6 Environment.18 6.1 General .18 6.2 Cardholder and Card Issuer .20 6.3 Card Acceptor20 6.4 Acquirer20 6.5 Tamper Resistant Security Module (TRSM)20 6.6 Acquirer Host.21 6.
12、7 Certification Authority.21 6.8 Device Manufacturer .21 7 Key Management Requirements21 7.1 General .21 7.1.1 Symmetric Keys.21 7.1.2 Asymmetric Keys 22 7.2 Tamper-Resistant Security Modules (TRSM) used for Key Management .23 7.3 A Secure Environment23 7.4 Certification Authority (CA) Requirements.
13、23 7.5 Key Generation 24 7.5.1 Symmetric Key Generation.24 7.5.2 Asymmetric Key Generation 24 7.6 Asymmetric Key Activation/Enablement 24 7.6.1 Creation of Certificates.24 7.6.2 Signing of Certificates 24 7.6.3 Lifetime of Certificates24 7.6.4 Authentication of Valid Request and Valid Device 25 7.7
14、Key Distribution.25 7.7.1 Symmetric Key Distribution/Loading 25 7.7.2 Asymmetric Key Distribution/Loading 25 7.8 Key Utilization26 7.8.1 Symmetric Key Utilization 26 7.8.2 Asymmetric Key Utilization 26 7.9 Key Storage26 7.10 Key Replacement.26 7.11 Key Destruction .27 Copyright American National Sta
15、ndards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANS X9.24 Part 2: 2006 2006 All rights reserved iii8 Trust Models and Key Establishment Protocols27 8.1 Introduction27 8.2 Trust Models 28 8.2.1 Three-Party Mod
16、el CAs 28 8.2.2 Two-Party Model Self Signing Model .28 8.2.3 Prior Trust Model.29 8.3 Key Establishment Protocols.29 8.3.1 Unilateral Key Transport Method.29 8.3.2 Bilateral Key Transport Method (Both Entities Generate and Share Symmetric Key Joint Control).30 8.3.3 Key Agreement Method 32 Annex A (
17、Normative) Approved ANSI Symmetric Key Algorithms for Encryption of Private Keys 34 Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANS X9.24 Part 2: 2006 iv 2006 All rights res
18、ervedFigures Figure 1 High Level Overview of Key Transport Method (Unilateral).29 Figure 2 High Level Overview of Key Transport Method (Bilateral).31 Figure 3 High Level Overview of Key Agreement Method .32 Copyright American National Standards Institute Provided by IHS under license with ANSI Not f
19、or ResaleNo reproduction or networking permitted without license from IHS-,-,-ANS X9.24 Part 2: 2006 2006 All rights reserved vTables Table 1 Trust Models and Key Establishment Protocols. 28 Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo repr
20、oduction or networking permitted without license from IHS-,-,-ANS X9.24 Part 2: 2006 vi 2006 All rights reservedIntroduction Today, billions of dollars in funds are transferred electronically by various communication methods. Transactions are often entered remotely, off-premise from financial instit
21、utions, by retailers or by customers directly. Such transactions are transmitted over potentially non-secure media. The vast range in value, size, and the volume of such transactions expose institutions to severe risks, which may be uninsurable. To protect these financial messages and other sensitiv
22、e information, many institutions are making increased use of the American National Standards Institute Triple Data Encryption Algorithm (TDEA). Specific examples of its use include standards for message authentication, personal identification number encryption, other data encryption, and key encrypt
23、ion. The TDEA is in the public domain. The security and reliability of any process based on the TDEA is directly dependent on the protection afforded to secret numbers called cryptographic keys. A familiar analogy may be found in the combination lock of a vault. The lock design is public knowledge.
24、Security is provided by keeping a number, the combination, a secret. Secure operation also depends on protective procedures and features which prevent surreptitious viewing or determination of the combination by listening to its operation. Procedures are also required to ensure that the combination
25、is random and cannot be modified by an unauthorized individual without detection. Part 1 of ANS X9.24 deals exclusively with management of symmetric keys using symmetric techniques. This Part 2 addresses the use of asymmetric techniques for the distribution of symmetric keys. Asymmetric techniques u
26、tilize algorithms other than the DEA (e.g., Diffie-Hellman, RSA, Elliptic Curve, etc.). Those asymmetric algorithms are defined in other American National Standards Institute standards (e.g., ANS X9.42 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Algorithm Keys
27、 Using Discrete Logarithm Cryptography, ANS X9.44 DRAFT Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Factoring-Based Cryptography, and X9.63 Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Management Using Ellip
28、tic Curve-Based Cryptography). Those algorithms are also in the public domain, and the security and reliability are also dependent on the security and integrity of the asymmetric keys and the infrastructure under which those keys are created and managed. This part of ANS X9.24 assumes the reader is
29、familiar with the concepts behind asymmetric cryptography. NOTEThe users attention is called to the possibility that compliance with this standard may require use of an invention covered by patent rights. By publication of this standard, no position is taken with respect to the validity of this clai
30、m or of any patent rights in connection therewith. The patent holder has, however, filed a statement of willingness to grant a license under these rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to obtain such a license. Details may be obtained from the standar
31、ds developer. Suggestions for the improvement of this standard will be welcome. They should be sent to the ASC X9 Secretariat, Accredited Standards Committee X9, Inc., P.O. Box 4035, Annapolis, MD 21403. Copyright American National Standards Institute Provided by IHS under license with ANSI Not for
32、ResaleNo reproduction or networking permitted without license from IHS-,-,-ANS X9.24 Part 2: 2006 2006 All rights reserved viiThe standard was processed and approved for submittal to the American National Standards Institute by the Accredited Standards Committee X9 - Financial Services. Committee ap
33、proval of the standard does not necessarily imply that all committee members voted for its approval. At the time it approved this standard, the X9 Committee had the following members: Gene Kathol, X9 Chairman Vincent DeSantis, X9 Vice Chairman Cynthia L. Fuller, Executive Director Isabel Bailey, Man
34、aging Director Organization Represented Representative ACI Worldwide Jim Shaffer American Express Company Mike Jones American Financial Services Association Mark Zalewski Bank of America Daniel Welch Bank One Corporation Jacqueline Pagan BB and T Woody Tyner Cable a set of rules which, if followed,
35、will give a prescribed result 4.4 asymmetric cryptographic algorithm A cryptographic algorithm that uses two related keys, a public key and a private key; the two keys have the property that, given the public key, it is computationally infeasible to derive the private key 4.5 ATM Automatic Teller Ma
36、chine 4.6 authentication the act of determining that a message has not been changed since leaving its point of origin. The identity of the originator is implicitly verified 4.7 authentication algorithm the application of a cryptographic process in which output text depends on all preceding input tex
37、t 4.8 authentication element a contiguous group of bits or characters which are to be protected by being processed by the authentication algorithm 4.9 card acceptor party accepting the card and presenting transaction data to the acquirer 4.10 card issuer the institution or its agent that issues the
38、card to the cardholders 4.11 Certificate The public key and identity of an entity together with some other information rendered unforgeable by signing the certificate with the private key of the certifying authority, which issued that certificate 4.12 Certification Authority (CA) An entity trusted b
39、y one or more entities to create and assign certificates 4.13 ciphertext data in its enciphered form 4.14 certificate revocation list list of revoked certificates digitally signed by the issuing CA Copyright American National Standards Institute Provided by IHS under license with ANSI Not for Resale
40、No reproduction or networking permitted without license from IHS-,-,-ANS X9.24 Part 2: 2006 14 2006 All rights reserved4.15 cleartext data in its original, unencrypted form 4.16 communicating pair two entities (usually institutions) sending and receiving transactions. This is to include alternate pr
41、ocessing sites either owned or contracted by either communicating entity 4.17 compromise in cryptography, the breaching of secrecy and/or security. A violation of the security of a system such that an unauthorized disclosure of sensitive information may have occurred 4.18 cryptographic key a paramet
42、er that determines the operation of a cryptographic function such as: a) the transformation from cleartext to ciphertext and vice versa b) synchronized generation of keying material c) digital signature computation or validation 4.19 Data Encryption Algorithm (DEA) the cryptographic algorithm adopte
43、d by ANSI (see Reference 1) 4.20 data integrity a property whereby data has not been altered or destroyed 4.21 decryption a process of transforming ciphertext (unreadable) into cleartext (readable) 4.22 digital certificate see certificate 4.23 digital signature A cryptographic transformation of data
44、 which, when associated with a data unit and accompanied by the corresponding public-key certificate, provides the services of: (a) Origin authentication, (b) Data integrity, and (c) Signer non-repudiation 4.24 double length key a cryptographic key having a length of 112 bits plus 16 parity bits Cop
45、yright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANS X9.24 Part 2: 2006 2006 All rights reserved 154.25 dual control a process of utilizing two or more separate entities (usually pe
46、rsons), operating in concert, to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. It SHALL be ensured that no one person is able to access or to utilize the materials (e.g., cryptographic k
47、ey). For manual key generation, conveyance, loading, storage and retrieval, dual control requires split knowledge of key among the entities. Also see “split knowledge” 4.26 encryption a process of transforming cleartext (readable) into ciphertext (unreadable) for the purpose of security or privacy 4
48、.27 exclusive-or a mathematical operation, symbol “XOR”, defined as: 0 XOR 0 = 0 0 XOR 1 = 1 1 XOR 0 = 1 1 XOR 1 = 0 Equivalent to binary addition without carry (modulo-2 addition) 4.28 institution an establishment responsible for facilitating customer-initiated transactions or transmission of funds for the extension of credit, or the custody, loan, exchange, or issuance of money 4.29 HSM Host Security Module 4.30 interchange mutual acceptance and exchange of messages between financial institutions 4.31 issuer the institution holding the account ident
