Skip to content
Please enter a keyword to search

  • ANSI X9.57 : 1997

    Current The latest, up-to-date edition.

    PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: CERTIFICATE MANAGEMENT

    Available format(s): 

    Language(s): 

    Published date:  12-01-2013

    Publisher:  American Bankers Association

    Sorry this product is not available in your region.

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    FOREWORD
    1. SCOPE
    2. DEFINITIONS AND COMMON ABBREVIATIONS
       2.1. DEFINITIONS
       2.2. ACRONYMS
       2.3. NOTATION
    3. INTRODUCTION
    4. CERTIFICATE MANAGEMENT
       4.1. GENERAL
       4.2. THE CERTIFICATION AUTHORITY
            4.2.1. Certification Authority Responsibilities
            4.2.2. Entity's Responsibility Regarding Key Integrity
            4.2.3. Distribution Of A CA's Public Key
            4.2.4. Security Requirements For A CA's Private Key
       4.3. TRUST MODELS
       4.4. CERTIFICATE GENERATION
       4.5. CERTIFICATE VALIDATION
       4.6. CERTIFICATE REVOCATION LIST (CRL)
            4.6.1. General Requirements
            4.6.2. Actions To Be Taken Whenever A Certificate is
                    Revoked or Held
            4.6.3. Compromise Or Suspected Compromise Of An
                    Entity's Private Key
            4.6.4. Request For Revocation Of an Entity's
                    Certificate(s) Because Of A Cessation of
                    Operations
            4.6.5. Request For Revocation Of Entity's
                    Certificate(s) Because Of A Change Of
                    Affiliation Of The Entity
            4.6.6. Revocation Of Certificates For Reasons Other
                    Than For Key Compromise, Cessation Of
                    Operations, Or A Change Of Affiliation
            4.6.7. Revocation or Holding Of Certificates For
                    Public Keys Which Are Used To Protect Symmetric
                    Algorithm Key Exchanges
            4.6.8. Certificate Holds Due to Unauthenticated
                    Revocation Requests or Other Business Reasons
            4.6.9. Implied Release of Certificate Hold via Natural
                    Expiration of the Hold
            4.6.10. Reissuance of a Certificate Hold with an
                    Extended Expiration Date
            4.6.11. Revocation of a Certificate Superseding a
                    Prior Certificate Hold Expiration Date
            4.6.12. Certificate Hold Release to Cancel Certificate
                    Hold Prior to Expiration
            4.6.13. Expiration of Certificate Prior to the
                    Expiration of a Hold
       4.7. THE LOCAL REGISTRATION AGENT (LRA)
            4.7.1. Applying for Certificates
            4.7.2. Requesting Certificate Revocation
       4.8. ATTRIBUTE CERTIFICATES
    5. DATA ELEMENTS AND RELATIONSHIPS
       5.1. GENERAL
       5.2. DSA PUBLIC KEYS
       5.3. SIGNATURES
            5.3.1. Single Signatures
            5.3.2. Multiple Signatures
       5.4. CERTIFICATION REQUEST DATA (CERTREQDATA)
       5.5. PUBLIC KEY CERTIFICATES
       5.6. ATTRIBUTE CERTIFICATES
       5.7. CERTIFICATE REVOCATION AND HOLD/RELEASE
            5.7.1. Certificate Revocation
            5.7.2. Certificate Hold/Release
            5.7.3. Hold Instruction Codes
            5.7.4. CRL Data Structures
    6. AUDIT JOURNAL REQUIREMENTS
    7. REFERENCES
    8. ASN.1 MODULE
    ANNEX A: SUGGESTED REQUIREMENTS FOR THE ACCEPTANCE OF
             CERTIFICATE REQUEST DATA
       A.1. INTRODUCTION
       A.2. ACCEPTANCE OF THE CERTIFICATE REQUEST DATA OF AN
            INDIVIDUAL
            A.2.1. LOW RISK APPLICATIONS
            A.2.2. MEDIUM RISK APPLICATIONS
            A.2.3. HIGH RISK APPLICATIONS
       A.3. ACCEPTANCE OF THE CERTIFICATION REQUEST DATA OF A
            LEGAL ENTITY
            A.3.1. A FINANCIAL INSTITUTION IN A PEER-TO-PEER
                   RELATIONSHIP
            A.3.2. A BUSINESS CUSTOMER OF A FINANCIAL INSTITUTION
       A.4. ACCEPTANCE OF THE CERTIFICATE REQUEST DATA OF A
            HARDWARE DEVICE
    ANNEX B: ALTERNATIVE TRUST MODELS
       B.1. OVERVIEW
       B.2. TRUST MODELS
       B.3. CENTRALIZED AND DECENTRALIZED MODELS
       B.4. EXAMPLES
       B.5. ISSUES INVOLVING MULTIPLE DOMAINS
            B.5.1. MULTIPLE LEVELS OF ASSURANCE
            B.5.2. MULTIPLE TRUST MODELS
       B.6. SUBSCRIBER AND ORGANIZATIONAL CERTIFICATES
    ANNEX C: OBJECT IDENTIFIERS AND ATTRIBUTES
       C.1. ALGORITHMS
       C.2. MODULES
       C.3. ATTRIBUTES
       C.4. CERTIFICATE AND CRL EXTENSIONS
       C.5. CERTIFICATE HOLD INSTRUCTIONS
    ANNEX D: RECOMMENDED CERTIFICATION AUTHORITY AUDIT JOURNAL
             CONTENTS AND USE
       D.1. AUDIT JOURNAL CONTENTS AND PROTECTION
            D.1.1. ELEMENTS TO BE INCLUDED IN ALL JOURNAL ENTRIES
            D.1.2. CERTIFICATE APPLICATION INFORMATION TO BE
                   JOURNALIZED BY AN LRA, CA OR AA
            D.1.3. EVENTS TO BE JOURNALIZED
            D.1.4. ACTIONS TO BE JOURNALIZED
            D.1.5. SECURITY-SENSITIVE EVENTS TO BE JOURNALIZED
            D.1.6. MESSAGES AND DATA TO BE JOURNALIZED
       D.2. AUDIT JOURNAL BACKUP
       D.3. AUDIT JOURNAL USE
    ANNEX E: DISTRIBUTION OF CERTIFICATES AND CERTIFICATE
             REVOCATION LISTS
       E.1. INTRODUCTION
       E.2. CERTIFICATE DISTRIBUTION
       E.3. CRL DISTRIBUTION
    ANNEX F: MULTIPLE ALGORITHM CERTIFICATE VALIDATION
       F.1. MULTIPLE ALGORITHM CERTIFICATION PATHS
       F.2. UNWRAPPING DSA/RSA MULTIPLE ALGORITHM CERTIFICATION
            PATHS
    ANNEX G: CERTIFICATE AUTHORITY TECHNIQUES FOR DISASTER
             RECOVERY
       G.1. INTRODUCTION
       G.2. NOTIFICATION WITH CA'S SECONDARY KEY PAIR
       G.3. REISSUANCE WITH CA'S SECONDARY KEY PAIR
       G.4. REISSUANCE WITH CA'S NEW PRIMARY KEY PAIR
       G.5. NOTIFICATION WITH MULTIPLY SIGNED CERTIFICATES

    Abstract - (Show below) - (Hide below)

    Defines certificate management procedures and data elements. Specifies the contents of certificates, the credentials required to obtain a certificate, and procedures for certificate generation, validation, and revocation, for Digital Signature Algorithm (DSA) public key certificates and attribute certificates.

    General Product Information - (Show below) - (Hide below)

    Committee X9
    Document Type Standard
    Publisher American Bankers Association
    Status Current

    Standards Referenced By This Book - (Show below) - (Hide below)

    ANSI X9.103 : 2010 FINANCIAL SERVICES - MOTOR VEHICLE RETAIL SALE AND LEASE ELECTRONIC CONTRACTING
    ANSI X9.117 : 2012 SECURE REMOTE ACCESS - MUTUAL AUTHENTICATION
    IEEE 1363.3-2013 IEEE Standard for Identity-Based Cryptographic Techniques using Pairings
    ANSI X9.44 : 2007 FINANCIAL SERVICES - PUBLIC-KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - KEY ESTABLISHMENT USING INTEGER FACTORIZATION CRYPTOGRAPHY
    ASTM E 2085 : 2000 : REV A Standard Guide on Security Framework for Healthcare Information (Withdrawn 2009)
    BS ISO 11568-4:2007 Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle
    ANSI X9 TR 39 : 2009 TG-3 RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - PART 1: PIN SECURITY AND KEY MANAGEMENT
    ANSI X9.112-1 : 2009 WIRELESS MANAGEMENT AND SECURITY - PART 1: GENERAL REQUIREMENTS
    ANSI X9.112 : 2016 WIRELESS MANAGEMENT AND SECURITY - PART 1: GENERAL REQUIREMENTS
    ASTM E 2084 : 2000 Standard Specification for Authentication of Healthcare Information Using Digital Signatures (Withdrawn 2009)
    ISO 15782-1:2009 Certificate management for financial services Part 1: Public key certificates
    BS ISO 15782-1:2009 Certificate management for financial services Public key certificates
    ANSI X9.45 : 1999 ENHANCED MANAGEMENT CONTROLS USING DIGITAL SIGNATURES AND ATTRIBUTE CERTIFICATES
    ANSI X9/TG-3 : 2006 RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - ONLINE PIN SECURITY AND KEY MANAGEMENT
    ANSI X9.31 : 1998 DIGITAL SIGNATURES USING REVERSIBLE PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY (RDSA)
    ANSI X9.42 : 2003(R2013) PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES: AGREEMENT OF SYMMETRIC KEYS USING DISCRETE LOGARITHM CRYPTOGRAPHY
    05/30112566 DC : DRAFT JAN 2005 ISO 11568-4 - BANKING - KEY MANAGEMENT (RETAIL) - PART 4: ASYMMETRIC CRYPTOSYSTEMS - KEY MANAGEMENT AND LIFE CYCLE
    ISO 11568-4:2007 Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle

    Standards Referencing This Book - (Show below) - (Hide below)

    ANSI X9.30.1 : 1997 PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - PART 1: THE DIGITAL SIGNATURE ALGORITHM (DSA)
    ISO/IEC 8824:1990 Information technology — Open Systems Interconnection — Specification of Abstract Syntax Notation One (ASN.1)
    ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
    ISO/IEC 8825:1990 Information technology — Open Systems Interconnection — Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)
    ANSI X9.30.2 : 1997 PUBLIC KEY CRYPTOGRAPHY USING IRREVERSIBLE ALGORITHMS - PART 2: THE SECURE HASH ALGORITHM (SHA-1)
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective