ANSI-X9.79-2000.pdf
《ANSI-X9.79-2000.pdf》由会员分享,可在线阅读,更多相关《ANSI-X9.79-2000.pdf(111页珍藏版)》请在三一文库上搜索。
1、American National Standard for Financial Services PKI Practices and Policy Framework (ASC X9.79) Secretariat American Bankers Association Approved: September 2000 American National Standards Institute Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IH
2、S Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:23:57 MDTNo reproduction or networking permitted without license from IHS -,-,- I ANS x9.79:2000, Public Key Infrastructure - I Practices and Policy Framework O2Oo0 American Bankers Association America National Approval of a
3、n American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. .n Standard Consensus is established when, in the judgment of the ANSI Board of Standards Review, directly and materi
4、ally affected interests have reached substantial agreement. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American Na
5、tional Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Inst
6、itute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests
7、 for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be ta
8、ken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by: American Bankers Association 1120 Connecticut Ave., NW Washington, DC 20036 USA Customer Service Center + 1 800 338 0626 or + 1 202 663 5087 Fax + 1 202 663 7543 Email X9 Online: htt
9、p:/www.x9.org Copyright O (X9 2000) by American Bankers Association All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Printed in the United States of America ii Copyright
10、American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:23:57 MDTNo reproduction or networking permitted without license from IHS -,-,- American Bankers Association I ANS x9.79:2000, Public K
11、ey Infrastructure -1 02000 I I Practices and Policy Frameworq Con tents I SCOPE OF THIS STANDARD . 1 2 NORMATIVE REFERENCE(S) . 2 3 DEFINITIONS . 3 4 SYMBOLS (AND ABBREVIATIONS) . 10 5 ORGANIZATION 11 6 PKI CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT 12 6.1 WHAT IS PKI (PUBLIC-KEY INFRAS
12、TRUCTURE)? 12 6.2 PKIMODEL 13 6.2.1 Closed 13 6.2.2 Networ 13 6.2.3 OpenMo 13 6.3 PKIPERSPE 14 6.3.1 Function 14 6.3.2 Legal Perspective 16 6.3.3 Regulatory Perspective 16 6.3.4 Business Usage Perspective 16 6.4 RELATIONSHIP BETWEEN CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT 17 6.4.1 Au
13、thorshiy . 17 6.4.2 Purpose . 17 6.4.3 Level o f Specijcity 17 6.4.4 Approach . 18 6.4.5 Public and Private Access . 18 CERTIFICATE POLICY (CP) . 19 CERTIFICATION PRACTICE STATEMENT (CPS) . 20 CERTIFICATE POLICY, CPS, AND CA INTEROPERABILI TY 21 6.5 6.6 6.7 7 GENERAL REQUIREMENTS . 21 7.1 CERTIFICAT
14、E POLICY (CP) 21 7.2 CERTIFICATION PRACTICE 23 23 ANNEX A (NORMATIVE) ELEMENTS OF POLICY AND PRACTICE 26 INTRODUCTION . 26 A . 1.1 Overview . 26 A.1.2 Identification . 26 A.1.3 Community and Applicability 26 A . 1.4 Contact Details . 27 A.2 GENERAL PROVISIONS 27 A.2.1 Liability . 27 A.2.2 Obligation
15、s 28 7.2.1 Segmentation o f a Certific A . 1 . Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:23:57 MDTNo reproduction or networking permitted without license from IHS -,-,
16、- I ANS x9.79:2000, Public Key Infrastructure . I Prsirtirpc sind Pnlirv PrsimPwnrk I O2Oo0 American Bankers Association A.2.3 Interpretation and Enforcement 29 A.2.4 Publication and Repositories 29 A.2.5 Compliance Au 29 IDENTIFICATION AND AUTHENTICATION 30 A.3.1 Initial Registration 30 A.3.2 Routi
17、ne Re-key 31 A.3.3 Re-key after Revocation - No Key Compromise 31 A.3.4 Revocation Request . 31 A.4 OPERATIONAL REQUIREMENTS 32 A.4.1 Certijicate Application 32 A . 4.2 Certijicate Issuance 32 A.4.3 Certijicate Acceptance 32 A.4.4 Certijicate Suspension and Revocation . 32 A.4.5 Security Audit Proce
18、dures 33 A.4.6 Records Archival . 34 A.4. 7 Key Changeover 34 A.4.8 Compromise and Disaster Recovery . 34 A.4.9 CA Termination . 35 PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS 35 A.5.1 Physical Security Controls 35 A.5.2 Procedural Controls . 36 A.5.3 Personnel Security Controls . 36 TECHN
19、ICAL SECURITY CONTROLS 37 A . 6.1 Key Pair Generation and Installation . 38 A . 6.2 Private Key Protection 38 A . 6.3 Other Aspects o f Key Pair Management . 39 A.6.4 Activation Data . 40 A . 6.5 Computer Security Controls 40 A . 6.6 Life Cycle Security Controls . 40 A.6. 7 Network Security Controls
20、 40 A . 6.8 Cryptographic Module Engineering Controls 40 CERTIFICATE AND CRL PROFILES 41 A . 7.1 Certijicate ProJile . 41 A . 7.2 CRL ProJile . 41 A . 7.3 OCSP ProJile 41 A.8 PRACTICES ADMWISTRATION . 42 A.8.1 Change procedures . 42 A.2.6 Confidentiality . 29 A.3 . . A.5 A.6 A.7 A.8.2 Publication an
21、d Notification Procedures 43 A.8.3 Approval Procedures 43 ANNEX B (NORMATIVE) CERTIFICATION AUTHORITY CONTROL OBJECTIVES 44 CA ENVIRONMENTAL CONTROLS 47 B . 1.1 Certijication Practice Statement and Certificate Policy Management . 47 B.1.2 Security Management 48 B . 1.3 Asset Classification and Manag
22、ement 50 B . 1.4 Personnel Security 50 B.1.5 Physical and Environmental Security . 51 B . 1.6 Operations Management . 54 B.1. 7 System Access Management 56 B . 1.8 Systems Development and Maintenance . 58 B . 1.9 Business Continuity Management . 58 B . 1.1 O Monitoring and Compliance 61 B . 1.11 Eve
23、nt Journaling 62 B . 1 iv Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=IHS Employees/1111111001, User=OConnor, Maurice Not for Resale, 04/29/2007 13:23:57 MDTNo reproduction or networking permitted without license from IHS -,-,- American Bankers As
24、sociation I ANS x9.79:2000, Public Key Infrastructure -1 02000 I I Practices and Policy Frameworq B.2 KEY MANAGEMENT LIFE CYCLE CONTROLS 67 B.2.1 CA Key Generation B.2.2 CA Key Storage, Backup and Recovery B.2.3 CA Public Key Dist B.2.4 CA Key Escrow (jsupported) 70 B.2.5 CA Key Usage . 70 B.2.6 CA
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ANSI X9 79 2000
链接地址:https://www.31doc.com/p-3731282.html