• There are no items in your cart

ANSI X9.57 : 1997

Current
Current

The latest, up-to-date edition.

PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: CERTIFICATE MANAGEMENT
Published date

01-12-2013

FOREWORD
1. SCOPE
2. DEFINITIONS AND COMMON ABBREVIATIONS
   2.1. DEFINITIONS
   2.2. ACRONYMS
   2.3. NOTATION
3. INTRODUCTION
4. CERTIFICATE MANAGEMENT
   4.1. GENERAL
   4.2. THE CERTIFICATION AUTHORITY
        4.2.1. Certification Authority Responsibilities
        4.2.2. Entity's Responsibility Regarding Key Integrity
        4.2.3. Distribution Of A CA's Public Key
        4.2.4. Security Requirements For A CA's Private Key
   4.3. TRUST MODELS
   4.4. CERTIFICATE GENERATION
   4.5. CERTIFICATE VALIDATION
   4.6. CERTIFICATE REVOCATION LIST (CRL)
        4.6.1. General Requirements
        4.6.2. Actions To Be Taken Whenever A Certificate is
                Revoked or Held
        4.6.3. Compromise Or Suspected Compromise Of An
                Entity's Private Key
        4.6.4. Request For Revocation Of an Entity's
                Certificate(s) Because Of A Cessation of
                Operations
        4.6.5. Request For Revocation Of Entity's
                Certificate(s) Because Of A Change Of
                Affiliation Of The Entity
        4.6.6. Revocation Of Certificates For Reasons Other
                Than For Key Compromise, Cessation Of
                Operations, Or A Change Of Affiliation
        4.6.7. Revocation or Holding Of Certificates For
                Public Keys Which Are Used To Protect Symmetric
                Algorithm Key Exchanges
        4.6.8. Certificate Holds Due to Unauthenticated
                Revocation Requests or Other Business Reasons
        4.6.9. Implied Release of Certificate Hold via Natural
                Expiration of the Hold
        4.6.10. Reissuance of a Certificate Hold with an
                Extended Expiration Date
        4.6.11. Revocation of a Certificate Superseding a
                Prior Certificate Hold Expiration Date
        4.6.12. Certificate Hold Release to Cancel Certificate
                Hold Prior to Expiration
        4.6.13. Expiration of Certificate Prior to the
                Expiration of a Hold
   4.7. THE LOCAL REGISTRATION AGENT (LRA)
        4.7.1. Applying for Certificates
        4.7.2. Requesting Certificate Revocation
   4.8. ATTRIBUTE CERTIFICATES
5. DATA ELEMENTS AND RELATIONSHIPS
   5.1. GENERAL
   5.2. DSA PUBLIC KEYS
   5.3. SIGNATURES
        5.3.1. Single Signatures
        5.3.2. Multiple Signatures
   5.4. CERTIFICATION REQUEST DATA (CERTREQDATA)
   5.5. PUBLIC KEY CERTIFICATES
   5.6. ATTRIBUTE CERTIFICATES
   5.7. CERTIFICATE REVOCATION AND HOLD/RELEASE
        5.7.1. Certificate Revocation
        5.7.2. Certificate Hold/Release
        5.7.3. Hold Instruction Codes
        5.7.4. CRL Data Structures
6. AUDIT JOURNAL REQUIREMENTS
7. REFERENCES
8. ASN.1 MODULE
ANNEX A: SUGGESTED REQUIREMENTS FOR THE ACCEPTANCE OF
         CERTIFICATE REQUEST DATA
   A.1. INTRODUCTION
   A.2. ACCEPTANCE OF THE CERTIFICATE REQUEST DATA OF AN
        INDIVIDUAL
        A.2.1. LOW RISK APPLICATIONS
        A.2.2. MEDIUM RISK APPLICATIONS
        A.2.3. HIGH RISK APPLICATIONS
   A.3. ACCEPTANCE OF THE CERTIFICATION REQUEST DATA OF A
        LEGAL ENTITY
        A.3.1. A FINANCIAL INSTITUTION IN A PEER-TO-PEER
               RELATIONSHIP
        A.3.2. A BUSINESS CUSTOMER OF A FINANCIAL INSTITUTION
   A.4. ACCEPTANCE OF THE CERTIFICATE REQUEST DATA OF A
        HARDWARE DEVICE
ANNEX B: ALTERNATIVE TRUST MODELS
   B.1. OVERVIEW
   B.2. TRUST MODELS
   B.3. CENTRALIZED AND DECENTRALIZED MODELS
   B.4. EXAMPLES
   B.5. ISSUES INVOLVING MULTIPLE DOMAINS
        B.5.1. MULTIPLE LEVELS OF ASSURANCE
        B.5.2. MULTIPLE TRUST MODELS
   B.6. SUBSCRIBER AND ORGANIZATIONAL CERTIFICATES
ANNEX C: OBJECT IDENTIFIERS AND ATTRIBUTES
   C.1. ALGORITHMS
   C.2. MODULES
   C.3. ATTRIBUTES
   C.4. CERTIFICATE AND CRL EXTENSIONS
   C.5. CERTIFICATE HOLD INSTRUCTIONS
ANNEX D: RECOMMENDED CERTIFICATION AUTHORITY AUDIT JOURNAL
         CONTENTS AND USE
   D.1. AUDIT JOURNAL CONTENTS AND PROTECTION
        D.1.1. ELEMENTS TO BE INCLUDED IN ALL JOURNAL ENTRIES
        D.1.2. CERTIFICATE APPLICATION INFORMATION TO BE
               JOURNALIZED BY AN LRA, CA OR AA
        D.1.3. EVENTS TO BE JOURNALIZED
        D.1.4. ACTIONS TO BE JOURNALIZED
        D.1.5. SECURITY-SENSITIVE EVENTS TO BE JOURNALIZED
        D.1.6. MESSAGES AND DATA TO BE JOURNALIZED
   D.2. AUDIT JOURNAL BACKUP
   D.3. AUDIT JOURNAL USE
ANNEX E: DISTRIBUTION OF CERTIFICATES AND CERTIFICATE
         REVOCATION LISTS
   E.1. INTRODUCTION
   E.2. CERTIFICATE DISTRIBUTION
   E.3. CRL DISTRIBUTION
ANNEX F: MULTIPLE ALGORITHM CERTIFICATE VALIDATION
   F.1. MULTIPLE ALGORITHM CERTIFICATION PATHS
   F.2. UNWRAPPING DSA/RSA MULTIPLE ALGORITHM CERTIFICATION
        PATHS
ANNEX G: CERTIFICATE AUTHORITY TECHNIQUES FOR DISASTER
         RECOVERY
   G.1. INTRODUCTION
   G.2. NOTIFICATION WITH CA'S SECONDARY KEY PAIR
   G.3. REISSUANCE WITH CA'S SECONDARY KEY PAIR
   G.4. REISSUANCE WITH CA'S NEW PRIMARY KEY PAIR
   G.5. NOTIFICATION WITH MULTIPLY SIGNED CERTIFICATES

Defines certificate management procedures and data elements. Specifies the contents of certificates, the credentials required to obtain a certificate, and procedures for certificate generation, validation, and revocation, for Digital Signature Algorithm (DSA) public key certificates and attribute certificates.

Committee
X9
DocumentType
Standard
PublisherName
American Bankers Association
Status
Current

ANSI X9.103 : 2010 FINANCIAL SERVICES - MOTOR VEHICLE RETAIL SALE AND LEASE ELECTRONIC CONTRACTING
ANSI X9.117 : 2012 SECURE REMOTE ACCESS - MUTUAL AUTHENTICATION
IEEE 1363.3-2013 IEEE Standard for Identity-Based Cryptographic Techniques using Pairings
ANSI X9.44 : 2007 FINANCIAL SERVICES - PUBLIC-KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - KEY ESTABLISHMENT USING INTEGER FACTORIZATION CRYPTOGRAPHY
ASTM E 2085 : 2000 : REV A Standard Guide on Security Framework for Healthcare Information (Withdrawn 2009)
BS ISO 11568-4:2007 Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle
ANSI X9 TR 39 : 2009 TG-3 RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - PART 1: PIN SECURITY AND KEY MANAGEMENT
ANSI X9.112-1 : 2009 WIRELESS MANAGEMENT AND SECURITY - PART 1: GENERAL REQUIREMENTS
ANSI X9.112 : 2016 WIRELESS MANAGEMENT AND SECURITY - PART 1: GENERAL REQUIREMENTS
ASTM E 2084 : 2000 Standard Specification for Authentication of Healthcare Information Using Digital Signatures (Withdrawn 2009)
ISO 15782-1:2009 Certificate management for financial services Part 1: Public key certificates
BS ISO 15782-1:2009 Certificate management for financial services Public key certificates
ANSI X9.45 : 1999 ENHANCED MANAGEMENT CONTROLS USING DIGITAL SIGNATURES AND ATTRIBUTE CERTIFICATES
ANSI X9/TG-3 : 2006 RETAIL FINANCIAL SERVICES COMPLIANCE GUIDELINE - ONLINE PIN SECURITY AND KEY MANAGEMENT
ANSI X9.31 : 1998 DIGITAL SIGNATURES USING REVERSIBLE PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY (RDSA)
ANSI X9.42 : 2003(R2013) PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES: AGREEMENT OF SYMMETRIC KEYS USING DISCRETE LOGARITHM CRYPTOGRAPHY
05/30112566 DC : DRAFT JAN 2005 ISO 11568-4 - BANKING - KEY MANAGEMENT (RETAIL) - PART 4: ASYMMETRIC CRYPTOSYSTEMS - KEY MANAGEMENT AND LIFE CYCLE
ISO 11568-4:2007 Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle

ANSI X9.30.1 : 1997 PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - PART 1: THE DIGITAL SIGNATURE ALGORITHM (DSA)
ISO/IEC 8824:1990 Information technology — Open Systems Interconnection — Specification of Abstract Syntax Notation One (ASN.1)
ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO/IEC 8825:1990 Information technology — Open Systems Interconnection — Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)
ANSI X9.30.2 : 1997 PUBLIC KEY CRYPTOGRAPHY USING IRREVERSIBLE ALGORITHMS - PART 2: THE SECURE HASH ALGORITHM (SHA-1)

View more information
Sorry this product is not available in your region.

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.