ANSI-X9.69-2006.pdf
《ANSI-X9.69-2006.pdf》由会员分享,可在线阅读,更多相关《ANSI-X9.69-2006.pdf(31页珍藏版)》请在三一文库上搜索。
1、American National Standard for Financial Services ANSI X9.692006 Framework for Key Management Extensions Accredited Standards Committee X9, Incorporated Financial Industry Standards Date Approved: American National Standards Institute ASC X9, Inc. 2006 All rights reserved Copyright American National
2、 Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 21:44:21 MSTNo reproduction or networking permitted without license from IHS -,-,- ANS ANSI X9.692006 2 ASC X9, Inc. 2006 All rights reserved Contents Page Forwo
3、rd .4 Introduction.5 1 Scope17 2 Normative references17 3 Terms, symbols and abbreviated terms17 4 Application.18 4.1 General .18 4.2 The Use of Constructive Key Management 19 4.3 The Use of Key Usage Control Vector.19 4.4 System Algorithm and System Key.19 5 Constructive Key Management19 5.1 Overvi
4、ew.19 5.2 CKM Administration21 5.2.1 Credentials.21 5.2.2 Splits.21 5.3 Token Distribution.22 5.3.1 Workstation22 5.3.2 Token22 5.4 Key Creation.22 5.4.1 Key Component Selection23 5.4.2 Key Combiner 23 5.4.3 Key Reconstruction.23 6 Key Usage Control 24 6.1 Overview.24 6.2 Key Binding Methods25 6.2.1
5、 Binding Method 1 25 6.2.2 Binding Method 2 25 6.2.3 Binding Method 3 26 6.2.4 Binding Method 4 26 6.2.5 Binding Method 5 27 6.2.6 Binding Method 6 27 Annex A (informative) Example Key Usage Vector Formats28 A.1 General .28 A.2 Examples28 Bibliography31 Copyright American National Standards Institut
6、e Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 21:44:21 MSTNo reproduction or networking permitted without license from IHS -,-,- ANS ANSI X9.692006 ASC X9, Inc. 2006 All rights reserved 3 Figures Figure 1 - Token Distribution
7、20 Figure 2 - Combiner Function.23 Figure 3 - Key Usage Vector Fields25 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 21:44:21 MSTNo reproduction or networking permitted without li
8、cense from IHS -,-,- ANS ANSI X9.692006 4 ASC X9, Inc. 2006 All rights reserved Forword Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is est
9、ablished when, in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be
10、 considered, and that a concerted effort be made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products
11、, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of
12、an American National Standard in the name of the American National Standards Institute. Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at
13、any time. The procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporated Financial Industry Standards P.O. Box 403
14、5 Annapolis, MD 21403 USA X9 Online http:/www.x9.org Copyright 2006 ASC X9, Inc. All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Published in the United States of Americ
15、a. Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 21:44:21 MSTNo reproduction or networking permitted without license from IHS -,-,- ANS ANSI X9.692006 ASC X9, Inc. 2006 All rights
16、reserved 5 Introduction This Standard is concerned with symmetric key systems in which the encrypting key and decrypting key are identical. The security and reliability of any process based on a symmetric cryptographic algorithm is directly dependent on the protection afforded to the secret quantity
17、, called the key. Thus, no matter how strong the algorithm, the system is only as secure as its key management method. This Standard defines two specific key management methods for controlling and handling keys, called (1) Constructive Key Management and (2) Key Usage Control. Each method can be use
18、d independently; or the methods can be used in combination. However, the combined use of the methods is highly recommended by the ASC X9 Subcommittee responsible for this Standard. Each method is described in a separate section of the Standard. The section on CONSTRUCTIVE KEY MANAGEMENT, systematize
19、s key creation, implementing “dual control” or “split knowledge” by using key components to construct the final working key. This working key may be used in several ways including as a session key, for a store-and-forward (i.e. e-mail) application, and for file encryption applications, such as archi
20、ving, or protecting filed information until needed again by the user. Other applications are also possible. Until now, this practice of split knowledge key creation has been used mainly to transport key parts into systems where “master keys” were used to protect keys in storage, and to recover the w
21、orking keys for a current application. With the methodology of this Standard, a working key will be created as needed for a specific encryption process, and re-created when needed to decrypt the object. Depending on the application, the key may be saved or destroyed after each use. The working key i
22、s never transmitted; the application program only knows it while it is in use. The section on KEY USAGE CONTROL, allows the creator of a key to specify the allowed uses of the key. For example, key usage control information can be used to distinguish key types (data, PIN, or key-encrypting). The typ
23、e “data key” can be further sub-divided to distinguish data privacy keyskeys used to encrypt and decrypt datafrom Message Authentication Code (MAC) keys-keys used to protect the integrity of data. The method attaches or binds a “key usage vector” to each generated key, for the life of the key, and i
24、s used by the system to ensure that keys are used properly. In short, the key usage vector prevents abuses and attacks against the key. The key usage vector can be used to protect keys stored within a single system, or to protect keys transmitted from one system to another. This Standard is algorith
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ANSI X9 69 2006
链接地址:https://www.31doc.com/p-3730355.html