ANSI X9.57 : 1997
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: CERTIFICATE MANAGEMENT
23-07-2013
12-01-2013
FOREWORD
1. SCOPE
2. DEFINITIONS AND COMMON ABBREVIATIONS
2.1. DEFINITIONS
2.2. ACRONYMS
2.3. NOTATION
3. INTRODUCTION
4. CERTIFICATE MANAGEMENT
4.1. GENERAL
4.2. THE CERTIFICATION AUTHORITY
4.2.1. Certification Authority Responsibilities
4.2.2. Entity's Responsibility Regarding Key Integrity
4.2.3. Distribution Of A CA's Public Key
4.2.4. Security Requirements For A CA's Private Key
4.3. TRUST MODELS
4.4. CERTIFICATE GENERATION
4.5. CERTIFICATE VALIDATION
4.6. CERTIFICATE REVOCATION LIST (CRL)
4.6.1. General Requirements
4.6.2. Actions To Be Taken Whenever A Certificate is
Revoked or Held
4.6.3. Compromise Or Suspected Compromise Of An
Entity's Private Key
4.6.4. Request For Revocation Of an Entity's
Certificate(s) Because Of A Cessation of
Operations
4.6.5. Request For Revocation Of Entity's
Certificate(s) Because Of A Change Of
Affiliation Of The Entity
4.6.6. Revocation Of Certificates For Reasons Other
Than For Key Compromise, Cessation Of
Operations, Or A Change Of Affiliation
4.6.7. Revocation or Holding Of Certificates For
Public Keys Which Are Used To Protect Symmetric
Algorithm Key Exchanges
4.6.8. Certificate Holds Due to Unauthenticated
Revocation Requests or Other Business Reasons
4.6.9. Implied Release of Certificate Hold via Natural
Expiration of the Hold
4.6.10. Reissuance of a Certificate Hold with an
Extended Expiration Date
4.6.11. Revocation of a Certificate Superseding a
Prior Certificate Hold Expiration Date
4.6.12. Certificate Hold Release to Cancel Certificate
Hold Prior to Expiration
4.6.13. Expiration of Certificate Prior to the
Expiration of a Hold
4.7. THE LOCAL REGISTRATION AGENT (LRA)
4.7.1. Applying for Certificates
4.7.2. Requesting Certificate Revocation
4.8. ATTRIBUTE CERTIFICATES
5. DATA ELEMENTS AND RELATIONSHIPS
5.1. GENERAL
5.2. DSA PUBLIC KEYS
5.3. SIGNATURES
5.3.1. Single Signatures
5.3.2. Multiple Signatures
5.4. CERTIFICATION REQUEST DATA (CERTREQDATA)
5.5. PUBLIC KEY CERTIFICATES
5.6. ATTRIBUTE CERTIFICATES
5.7. CERTIFICATE REVOCATION AND HOLD/RELEASE
5.7.1. Certificate Revocation
5.7.2. Certificate Hold/Release
5.7.3. Hold Instruction Codes
5.7.4. CRL Data Structures
6. AUDIT JOURNAL REQUIREMENTS
7. REFERENCES
8. ASN.1 MODULE
ANNEX A: SUGGESTED REQUIREMENTS FOR THE ACCEPTANCE OF
CERTIFICATE REQUEST DATA
A.1. INTRODUCTION
A.2. ACCEPTANCE OF THE CERTIFICATE REQUEST DATA OF AN
INDIVIDUAL
A.2.1. LOW RISK APPLICATIONS
A.2.2. MEDIUM RISK APPLICATIONS
A.2.3. HIGH RISK APPLICATIONS
A.3. ACCEPTANCE OF THE CERTIFICATION REQUEST DATA OF A
LEGAL ENTITY
A.3.1. A FINANCIAL INSTITUTION IN A PEER-TO-PEER
RELATIONSHIP
A.3.2. A BUSINESS CUSTOMER OF A FINANCIAL INSTITUTION
A.4. ACCEPTANCE OF THE CERTIFICATE REQUEST DATA OF A
HARDWARE DEVICE
ANNEX B: ALTERNATIVE TRUST MODELS
B.1. OVERVIEW
B.2. TRUST MODELS
B.3. CENTRALIZED AND DECENTRALIZED MODELS
B.4. EXAMPLES
B.5. ISSUES INVOLVING MULTIPLE DOMAINS
B.5.1. MULTIPLE LEVELS OF ASSURANCE
B.5.2. MULTIPLE TRUST MODELS
B.6. SUBSCRIBER AND ORGANIZATIONAL CERTIFICATES
ANNEX C: OBJECT IDENTIFIERS AND ATTRIBUTES
C.1. ALGORITHMS
C.2. MODULES
C.3. ATTRIBUTES
C.4. CERTIFICATE AND CRL EXTENSIONS
C.5. CERTIFICATE HOLD INSTRUCTIONS
ANNEX D: RECOMMENDED CERTIFICATION AUTHORITY AUDIT JOURNAL
CONTENTS AND USE
D.1. AUDIT JOURNAL CONTENTS AND PROTECTION
D.1.1. ELEMENTS TO BE INCLUDED IN ALL JOURNAL ENTRIES
D.1.2. CERTIFICATE APPLICATION INFORMATION TO BE
JOURNALIZED BY AN LRA, CA OR AA
D.1.3. EVENTS TO BE JOURNALIZED
D.1.4. ACTIONS TO BE JOURNALIZED
D.1.5. SECURITY-SENSITIVE EVENTS TO BE JOURNALIZED
D.1.6. MESSAGES AND DATA TO BE JOURNALIZED
D.2. AUDIT JOURNAL BACKUP
D.3. AUDIT JOURNAL USE
ANNEX E: DISTRIBUTION OF CERTIFICATES AND CERTIFICATE
REVOCATION LISTS
E.1. INTRODUCTION
E.2. CERTIFICATE DISTRIBUTION
E.3. CRL DISTRIBUTION
ANNEX F: MULTIPLE ALGORITHM CERTIFICATE VALIDATION
F.1. MULTIPLE ALGORITHM CERTIFICATION PATHS
F.2. UNWRAPPING DSA/RSA MULTIPLE ALGORITHM CERTIFICATION
PATHS
ANNEX G: CERTIFICATE AUTHORITY TECHNIQUES FOR DISASTER
RECOVERY
G.1. INTRODUCTION
G.2. NOTIFICATION WITH CA'S SECONDARY KEY PAIR
G.3. REISSUANCE WITH CA'S SECONDARY KEY PAIR
G.4. REISSUANCE WITH CA'S NEW PRIMARY KEY PAIR
G.5. NOTIFICATION WITH MULTIPLY SIGNED CERTIFICATES
Defines certificate management procedures and data elements. Specifies the contents of certificates, the credentials required to obtain a certificate, and procedures for certificate generation, validation, and revocation, for Digital Signature Algorithm (DSA) public key certificates and attribute certificates.
Committee |
X9
|
DocumentType |
Standard
|
PublisherName |
American Bankers Association
|
Status |
Withdrawn
|
ANSI X9.117 : 2012 | SECURE REMOTE ACCESS - MUTUAL AUTHENTICATION |
IEEE 1363.3-2013 | IEEE Standard for Identity-Based Cryptographic Techniques using Pairings |
ANSI X9.44:2007 | FINANCIAL SERVICES - PUBLIC-KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - KEY ESTABLISHMENT USING INTEGER FACTORIZATION CRYPTOGRAPHY |
ASTM E 2085 : 2000 : REV A | Standard Guide on Security Framework for Healthcare Information (Withdrawn 2009) |
BS ISO 11568-4:2007 | Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle |
ANSI X9 TR 39 : 2009 | TG-3 RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - PART 1: PIN SECURITY AND KEY MANAGEMENT |
ANSI X9.112-1 : 2009 | WIRELESS MANAGEMENT AND SECURITY - PART 1: GENERAL REQUIREMENTS |
ANSI X9.112 : 2016 | WIRELESS MANAGEMENT AND SECURITY - PART 1: GENERAL REQUIREMENTS |
ASTM E 2084 : 2000 | Standard Specification for Authentication of Healthcare Information Using Digital Signatures (Withdrawn 2009) |
ISO 15782-1:2009 | Certificate management for financial services Part 1: Public key certificates |
BS ISO 15782-1:2009 | Certificate management for financial services Public key certificates |
ANSI X9.45 : 1999 | ENHANCED MANAGEMENT CONTROLS USING DIGITAL SIGNATURES AND ATTRIBUTE CERTIFICATES |
ANSI X9/TG-3 : 2006 | RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - ONLINE PIN SECURITY AND KEY MANAGEMENT |
ANSI X9.31 : 1998 | DIGITAL SIGNATURES USING REVERSIBLE PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY (RDSA) |
ANSI X9.42 : 2003(R2013) | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES: AGREEMENT OF SYMMETRIC KEYS USING DISCRETE LOGARITHM CRYPTOGRAPHY |
05/30112566 DC : DRAFT JAN 2005 | ISO 11568-4 - BANKING - KEY MANAGEMENT (RETAIL) - PART 4: ASYMMETRIC CRYPTOSYSTEMS - KEY MANAGEMENT AND LIFE CYCLE |
ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
ANSI X9.79-1 : 2001 | FINANCIAL SERVICES PUBLIC KEY INFRASTRUCTURE - PART 1: PKI PRACTICES AND POLICY FRAMEWORK |
ANSI X9.30.1 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - PART 1: THE DIGITAL SIGNATURE ALGORITHM (DSA) |
ISO/IEC 8824:1990 | Information technology — Open Systems Interconnection — Specification of Abstract Syntax Notation One (ASN.1) |
ISO/IEC 9594-8:2017 | Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks |
ISO/IEC 8825:1990 | Information technology — Open Systems Interconnection — Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1) |
ANSI X9.30.2 : 1997 | PUBLIC KEY CRYPTOGRAPHY USING IRREVERSIBLE ALGORITHMS - PART 2: THE SECURE HASH ALGORITHM (SHA-1) |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.