《ANSI-X9.24-PART-1-2004.pdf》由会员分享,可在线阅读,更多相关《ANSI-X9.24-PART-1-2004.pdf(71页珍藏版)》请在三一文库上搜索。
1、American National Standard for Financial Services ANS X9.24-2004 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques Secretariat Accredited Standards Committee X9, Inc. Approved: February 4, 2004 American National Standards Institute -,-,- -,-,- ANS X9.24-2004 2004
2、All rights reserved i Foreword Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Stand
3、ards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward t
4、heir resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standard
5、s. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American
6、 National Standards Institute. Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standar
7、ds Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporated Financial Industry Standards P.O. Box 4035 Annapolis, MD 21403 USA X9 Online http:/www.x9.org Copy
8、right 2004 Accredited Standards Committee X9, Inc. All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Printed in the United States of America. -,-,- ANS X9.24-2004 2004 All
9、 rights reserved ii Contents Foreword i Figuresiv Tables v Introductionvi 1Purpose 1 2Scope1 2.1 Application .2 3References .2 4Terms and Definitions.2 5Standard Organization8 6Environment.8 6.1 General .8 6.2 Cardholder and Card Issuer .8 6.3 Card Acceptor8 6.4 Acquirer9 7Key Management Requirement
10、s9 7.1 General .9 7.2 Tamper-Resistant Security Modules (TRSM) used for Key Management10 7.3 A Secure Environment11 7.4 Key Generation11 7.5 Symmetric Key Distribution12 7.5.1 Manual Distribution.12 7.5.2 Key Initialization Facility.12 7.5.3 Key Loading Device.13 7.6 Key Utilization13 7.7 Key Replac
11、ement.13 7.8 Key Destruction and Archival.13 7.9 Key Encryption/Decryption.14 8Key Management Specifications14 8.1 General .14 8.2 Methods of Key Management.14 8.2.1 Key Management Methods Requiring Compromise Prevention Controls.15 8.2.2 Key Management Method Requiring Compromise Detection Controls
12、.15 8.3 Key Identification Techniques15 8.3.1 Implicit Key Identification.16 8.3.2 Key Identification by Name.16 8.4 Security Management Information Data (SMID) Element16 8.4.1 Notations, Abbreviations and Conventions17 8.4.2 Representation.18 8.4.3 Key Naming21 8.5 Method: Fixed Transaction Keys.22
13、 8.5.1 SMID22 -,-,- ANS X9.24-20044 2004 All rights reserved iii 8.5.2 Additional Key Management Requirements22 8.5.3 Additional Notes 22 8.6 Method: Master Keys / Transaction Keys .23 8.6.1 SMID23 8.6.2 Additional Key Management Requirements23 8.6.3 Additional Notes 24 8.7 Method: DUKPT (Derived Un
14、ique Key Per Transaction)24 8.7.1 SMID26 8.7.2 Additional Key Management Requirements27 8.7.3 Additional Notes 27 Annex A (Informative) Derived Unique Key Per Transaction .29 A.1 Storage Areas.29 A.1.1 PIN Processing.29 A.1.2 Key Management .29 A.2 Processing Algorithms30 A.3 Key Management Techniqu
15、e34 A.4 DUKPT Test Data Examples .37 A.4.1 Initial Sequence39 A.4.2 MSB Rollover Sequence .41 A.4.3 Message Authentication .42 A.5 “Security Module“ Algorithm For Automatic PIN Entry Device Checking .42 A.6 Derivation Of The Initial Key.43 Annex B (Informative) SMID Examples.44 Annex C (Informative)
16、 Example: Manual Key Distribution.49 Annex D (Informative) Summary of X9.17 Financial Institution Key Management (Wholesale).52 D.1 Automated Key Management Architecture .52 D.2 Key Encryption and Decryption .53 D.3 Key Counters and Key Offsetting 53 D.4 Key Notarization.54 D.5 Automated Key Distrib
17、ution Protocols54 D.6 Point-To-Point Environment.55 D.7 Key Center Environments.56 Annex E (Informative) Key Set Identifiers 57 E.1 An Example Key Serial Number Format57 E.1.1 IIN - 3 Bytes - Issuer Identification Number 58 E.1.2 CID - 1 Byte - Customer ID58 E.1.3 GID - 1 Byte - Group ID58 E.1.4 DID
18、 - 19 Bit Device ID 58 E.1.5 TCTR - 21 Bit Transaction Counter59 -,-,- ANS X9.24-2004 iv 2004 All rights reserved Figures Figure 1 DUKPT at Receiving TRSM 25 Figure 2 DUKPT at Originating TRSM.26 Figure A-1 Simplified DUKPT Data Flow.35 Figure C-1 Generating Key Check Value 51 Figure D-1 Keying rela
19、tions in the point-to-point environment.53 Figure D-2 Keying relations in the key center environments .54 Figure D-3 Message flow in the point-to-point environment55 Figure D-4 Message flow in the key center environments.56 Figure E-1 Key Serial Number Format Example .58 -,-,- ANS X9.24-20044 2004 A
20、ll rights reserved v Tables Table C-1 Example of Pair-wise XOR Combination of Key components for DEA 50 -,-,- ANS X9.24-2004 vi 2004 All rights reserved Introduction Today, billions of dollars in funds are transferred electronically by various communication methods. Transactions are often entered re
21、motely, off-premise from financial institutions, by retailers or by customers directly. Such transactions are transmitted over potentially non-secure media. The vast range in value, size, and the volume of such transactions expose institutions to severe risks, which may be uninsurable. To protect th
22、ese financial messages and other sensitive information, many institutions are making increased use of the American National Standards Institute Triple Data Encryption Algorithm (TDEA). Specific examples of its use include standards for message authentication, personal identification number encryptio
23、n, other data encryption, and key encryption. The TDEA is in the public domain. The security and reliability of any process based on the TDEA is directly dependent on the protection afforded to secret numbers called cryptographic keys. This part of ANS X9.24-2004 deals exclusively with management of
24、 symmetric keys using symmetric techniques. Additional parts may be created in the future to address other methods of key management. A familiar analogy may be found in the combination lock of a vault. The lock design is public knowledge. Security is provided by keeping a number, the combination, a
25、secret. Secure operation also depends on protective procedures and features which prevent surreptitious viewing or determination of the combination by listening to its operation. Procedures are also required to ensure that the combination is random and cannot be modified by an unauthorized individua
26、l without detection. Suggestions for the improvement of this standard will be welcome. They should be sent to the ASC X9 Secretariat, Accredited Standards Committee X9, Inc., P.O. Box 4035, Annapolis, MD 21403. The standard was processed and approved for submittal to the American National Standards
27、Institute by the Accredited Standards Committee X9 - Financial Services. Committee approval of the standard does not necessarily imply that all committee members voted for its approval. At the time it approved this standard, the X9 Committee had the following members: Gene Kathol, X9 Chairman Vincen
28、t DeSantis, X9 Vice Chairman Cynthia L. Fuller, Executive Director Isabel Bailey, Managing Director Organization RepresentedRepresentative ACI Worldwide Jim Shaffer American Express Company Mike Jones American Financial Services Association Mark Zalewski Bank of America Daniel Welch Bank One Corpora
29、tion Jacqueline Pagan BB and T Woody Tyner Cable however, this part of ANS X9.24-2004 does not cover such characteristics as message format, communications protocol, transmission speed, or device interface. -,-,- ANS X9.24-2004 2 2004 All rights reserved 2.1 Application This part of ANS X9.24-2004 i
30、s applicable for institutions implementing techniques to safeguard cryptographic keys used for authentication and encryption of messages and other sensitive data. Specifically, this applies to institutions in the financial services industry implementing References 4 and/or 5. Mandatory standard tech
31、niques and procedures are indicated by the word MUST. Guidelines are indicated by the word SHOULD. 3References This part of ANS X9.24-2004 shall be used in conjunction with the following publications. 1. ANS X3.92-1993 Data Encryption Algorithm (DEA) 2. ANS X3.106-1983 Modes of DEA Operation 3. ANS
32、X9.52-1998 Triple DES Encryption for the Financial Industry The following publications are applicable and may be referenced in this part of ANS X9.24-2004. 4. ANS X9.8-1995 Personal Identification Number (PIN) Management and Security 5. ANS X9.19-1996 Financial Institution Retail Message Authenticat
33、ion 6. ISO 7812-1985 Identification cards - Numbering system and registration procedure for issuer identifiers 7. ISO 8583-1993 Bankcard Originated Messages - Interchange Message Specifications - Content for Financial Transactions 8. X9/TG-4-1993 Recommended Notation for DEA Key Management in Retail
34、 Financial Networks 9. X9/TG-7-1995 Initial DEA Key Distribution for PIN Entry and Transaction-originating Devices 10. FIPS 140-2 Security Requirements for Cryptographic Modules 11. ISO 13491 BankingSecure cryptographic devices (retail) The versions listed were current as of the publication of this
35、document, however these documents are routinely updated and reaffirmed. The current versions SHOULD be referenced when using this part of ANS X9.24-2004. 4Terms and Definitions 4.1 acceptor same as “ card acceptor” 4.2 acquirer the institution (or its agent) which acquires from the card acceptor the
36、 financial data relating to the transaction and initiates that data into an interchange system -,-,- ANS X9.24-20044 2004 All rights reserved 3 4.3 algorithm a clearly specified mathematical process for computation; a set of rules which, if followed, will give a prescribed result 4.4 archived key an
37、 inactive key that is being saved in a secure manner for a non-operational purpose such as a legal requirement for future recovery 4.5 authentication the act of determining that a message has not been changed since leaving its point of origin. The identity of the originator is implicitly verified 4.
38、6 authentication algorithm the application of a cryptographic process in which output text depends on all preceding input text 4.7 authentication element a contiguous group of bits or characters which are to be protected by being processed by the authentication algorithm 4.8 base derivation key a de
39、rivation key normally associated with Derived Unique Key Per Transaction 4.9 card acceptor party accepting the card and presenting transaction data to the acquirer 4.10 card issuer the institution or its agent that issues the card to the cardholders 4.11 check value a computed value which is the res
40、ult of passing a data value through a non-reversible algorithm 4.12 ciphertext data in its enciphered form 4.13 cleartext data in its original, unencrypted form 4.14 communicating pair two entities (usually institutions) sending and receiving transactions. This is to include alternate processing sit
41、es either owned or contracted by either communicating entity -,-,- ANS X9.24-2004 4 2004 All rights reserved 4.15 compromise in cryptography, the breaching of secrecy and/or security. A violation of the security of a system such that an unauthorized disclosure of sensitive information may have occur
42、red 4.16 cryptographic key a parameter that determines the operation of a cryptographic function such as: a) the transformation from cleartext to ciphertext and vice versa b) synchronized generation of keying material c) digital signature computation or validation 4.17 cryptographic key synchronizat
43、ion the ability for two nodes, that cryptographically process a transaction, to determine the identical Transaction Key 4.18 Data Encryption Algorithm (DEA) the cryptographic algorithm adopted by ANSI (see Reference 1) 4.19 decryption a process of transforming ciphertext (unreadable) into cleartext
44、(readable) 4.20 derivation key a double-length key which is used to compute cryptographically another key. Normally a single derivation key is used in a transaction-receiving (e.g., acquirer) TRSM to derive or decrypt the Transaction Keys used by a large number of originating (e.g., terminal) TRSMs
45、4.21 double length key a cryptographic key having a length of 112 bits plus 16 parity bits 4.22 dual control a process of utilizing two or more separate entities (usually persons), operating in concert, to protect sensitive functions or information. Both entities are equally responsible for the phys
46、ical protection of materials involved in vulnerable transactions. It MUST be ensured that no one person is able to access or to utilize the materials (e.g., cryptographic key). For manual key generation, conveyance, loading, storage and retrieval, dual control requires split knowledge of keys among
47、the entities. Also see “ split knowledge” 4.23 DUKPT Derived Unique Key per Transaction - a key management method which uses a unique key for each transaction, and prevents the disclosure of any past key used by the transaction-originating TRSM. The unique Transaction Keys are derived from a base de
48、rivation key using only non-secret data transmitted as part of each transaction 4.24 encryption a process of transforming cleartext (readable) into ciphertext (unreadable) for the purpose of security or privacy -,-,- ANS X9.24-20044 2004 All rights reserved 5 4.25 exclusive-or a mathematical operation, symbol “ XOR” , defined as: 0 XOR 0 = 0 0