ANSX9.24-1:2009资源-CSDN文库

Management

5星 · 超过95%的资源需积分: 10 121 浏览量 2012-08-08 10:36:24 上传评论 2 收藏 632KB PDF 举报

资源推荐

资源详情

资源评论

American National Standard

for Financial Services

ANS X9.24-1:2009

Retail Financial Services

Symmetric Key Management

Part 1: Using Symmetric Techniques

Secretariat

Accredited Standards Committee X9, Inc.

Approved: October 13, 2009

American National Standards Institute

Licensed to George Jiang. ANSI order X_170098. Downloaded 4/28/2010 11:40 AM. Single user license only. Copying and networking prohibited.

ANS X9.24-1:2009

Foreword

Approval of an American National Standard requires verification by ANSI that the requirements for due process,

consensus, and other criteria for approval have been met by the standards developer.

Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement

has been reached by directly and materially affected interests. Substantial agreement means much more than a

simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered,

and that a concerted effort be made toward their resolution.

The use of American National Standards is completely voluntary; their existence does not in any respect preclude

anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using

products, processes, or procedures not conforming to the standards.

The American National Standards Institute does not develop standards and will in no circumstances give an

interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an

interpretation of an American National Standard in the name of the American National Standards Institute.

Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title

page of this standard.

CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures

of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this

standard no later than five years from the date of approval.

Published by

Accredited Standards Committee X9, Incorporated

Financial Industry Standards

1212 West Street, Suite 200

Annapolis, MD 21401 USA

X9 Online http://www.x9.org

No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without

prior written permission of the publisher. Printed in the United States of America.

Licensed to George Jiang. ANSI order X_170098. Downloaded 4/28/2010 11:40 AM. Single user license only. Copying and networking prohibited.

ANS X9.24-1:2009

Contents

Foreword ...................................................................................................................................................................... i

Figures........................................................................................................................................................................ iv

Tables .......................................................................................................................................................................... v

Introduction................................................................................................................................................................ vi

1 Purpose ........................................................................................................................................................ 17

2 Scope ............................................................................................................................................................ 17

2.1 Application ................................................................................................................................................... 17

3 References ................................................................................................................................................... 18

4 Terms and Definitions................................................................................................................................. 18

5 Standard Organization ................................................................................................................................ 24

6 Environment................................................................................................................................................. 24

6.1 General ......................................................................................................................................................... 24

6.2 Cardholder and Card Issuer ....................................................................................................................... 24

6.3 Card Acceptor .............................................................................................................................................. 24

6.4 Acquirer ........................................................................................................................................................ 25

7 Key Management Requirements ................................................................................................................ 25

7.1 General ......................................................................................................................................................... 25

7.2 Tamper-Resistant Security Modules (TRSM) used for Key Management.............................................. 26

7.3 A Secure Environment ................................................................................................................................ 28

7.4 Key Generation ............................................................................................................................................ 28

7.5 Symmetric Key Distribution........................................................................................................................ 28

7.5.1 Manual Distribution ..................................................................................................................................... 28

7.5.2 Key Initialization Facility ............................................................................................................................. 29

7.5.3 Key Loading Device..................................................................................................................................... 29

7.6 Key Utilization .............................................................................................................................................. 29

7.7 Key Replacement......................................................................................................................................... 30

7.8 Key Destruction and Archival..................................................................................................................... 30

7.9 Key Encryption/Decryption......................................................................................................................... 30

8 Key Management Specifications................................................................................................................ 30

8.1 General ......................................................................................................................................................... 30

8.2 Methods of Key Management..................................................................................................................... 31

8.2.1 Key Management Methods Requiring Compromise Prevention Controls............................................. 31

8.2.2 Key Management Method Requiring Compromise Detection Controls................................................. 32

8.3 Key Identification Techniques.................................................................................................................... 32

8.3.1 Implicit Key Identification ........................................................................................................................... 32

8.3.2 Key Identification by Name......................................................................................................................... 32

8.4 Security Management Information Data (SMID) Element ........................................................................ 32

8.4.1 Notations, Abbreviations and Conventions.............................................................................................. 34

8.4.2 Representation............................................................................................................................................. 35

8.4.3 Key Naming .................................................................................................................................................. 37

8.5 Method: Fixed Transaction Keys ............................................................................................................... 38

8.5.1 SMID.............................................................................................................................................................. 38

Licensed to George Jiang. ANSI order X_170098. Downloaded 4/28/2010 11:40 AM. Single user license only. Copying and networking prohibited.

ANS X9.24-1:2009

iii

8.5.2 Additional Key Management Requirements..............................................................................................39

8.5.3 Additional Notes ..........................................................................................................................................39

8.6 Method: Master Keys / Transaction Keys .................................................................................................39

8.6.1 SMID ..............................................................................................................................................................39

8.6.2 Additional Key Management Requirements..............................................................................................40

8.6.3 Additional Notes ..........................................................................................................................................40

8.7 Method: DUKPT (Derived Unique Key Per Transaction)..........................................................................41

8.7.1 SMID ..............................................................................................................................................................43

8.7.2 Additional Key Management Requirements..............................................................................................43

8.7.3 Additional Notes ..........................................................................................................................................44

Annex A (Informative) Derived Unique Key Per Transaction ............................................................................... 45

A.1 Storage Areas...............................................................................................................................................45

A.1.1 PIN Processing.............................................................................................................................................45

A.1.2 Key Management ......................................................................................................................................... 45

A.2 Processing Algorithms................................................................................................................................46

A.3 Key Management Technique ......................................................................................................................50

A.4 DUKPT Test Data Examples .......................................................................................................................54

A.4.1 Variants of the Current Key ........................................................................................................................55

A.4.2 Initial Sequence............................................................................................................................................58

A.4.3 MSB Rollover Sequence .............................................................................................................................62

A.4.4 Calculation and Storage of DUKPT Transaction Keys at the Terminal..................................................65

A.5 "Security Module" Algorithm For Automatic PIN Entry Device Checking .............................................68

A.6 Derivation Of The Initial Key.......................................................................................................................69

Annex B (Informative) SMID Examples................................................................................................................... 70

Annex C (Informative) Initial Key Distribution ....................................................................................................... 75

C.1 Overview of Key Management.................................................................................................................... 75

C.2 Objectives of initial key distribution ..........................................................................................................77

C.3 Requirements for initial key distribution...................................................................................................77

C.3.1 Key generation .............................................................................................................................................77

C.3.2 Key transport................................................................................................................................................78

C.3.3 Key insertion ................................................................................................................................................79

C.4 Implementation considerations..................................................................................................................80

C.4.1 Key generation .............................................................................................................................................81

C.4.2 Key transport................................................................................................................................................81

C.4.3 Key loading...................................................................................................................................................81

C.4.4 Protection of cryptographic devices .........................................................................................................82

C.4.5 Reloading of cryptographic devices..........................................................................................................84

C.5 Example of manual key distribution ..........................................................................................................84

C.6 Example of key loading controls at a manufacturer’s facility.................................................................87

Annex D (Informative) Key Set Identifiers ..............................................................................................................88

D.1 An Example Key Serial Number Format ....................................................................................................88

D.1.1 IIN - 3 Bytes - Issuer Identification Number ..............................................................................................89

D.1.2 CID - 1 Byte - Customer ID ..........................................................................................................................89

D.1.3 GID - 1 Byte - Group ID................................................................................................................................89

D.1.4 DID - 19 Bit Device ID ..................................................................................................................................89

D.1.5 TCTR - 21 Bit Transaction Counter............................................................................................................90

Licensed to George Jiang. ANSI order X_170098. Downloaded 4/28/2010 11:40 AM. Single user license only. Copying and networking prohibited.

剩余91页未读，继续阅读

评论收藏

内容反馈