ANSI X9.69-1998 pdf download Framework for Key Management Extensions
3 References(s)
[1] Matyas, S.M.; Key Processing with Control Vectors; Journal of Cryptology-3, 113-136 (1991)
[2] Matyas, S.M.; Key Handling with Control Vectors; IBM Systems Journal 30, No2, 151-174 (1991)
[3] Matyas, S.M., Le, A.V., Abraham, D.G.; A Key-management Scheme Based on Control Vectors;IBM Systems Journal 30, No. 2, 175-191 (1991)
[4] Canetti, R: Toward Realizing Random Oracles: Hash Functions that Hide All Partial Information;Advances in Cryptology – Crypto ’97, LNCS 1294, Springer-Verlag, 1997, pp 455-469
[5] ANSI X3.92-1981 Data Encryption Algorithm
[6] ANSI X3.106-1983 Data Encryption Algorithm – Modes of Operation
[7] ANSI X9.9 Financial Institution Message Authentication (Wholesale)
[8] ANSI X9.19 Financial Institution Retail Message Authentication
4 Abbreviation(s)
C – Key Usage Control Vector.
CBC – Cipher Block Chaining – one of the four modes of DEA.
CKM – Constructive Key Management.
DEA – Data Encryption Algorithm.
DES – Data Encryption Standard.
ECB – Electronic Codebook – one of the four modes of DEA.
K – Key.
MAC – Message Authentication Code.
PIN – Personal Identification Number.
PR – Private (secret) key of a public key encryption algorithm
PU – Public (non-secret) key of a public key encryption algorithm
S -Cryptographic Services and Modes provided in the Key Management System
SMIB – Security Management Information Base.
U – Usage Field; a binary vector where the bit field specifies the use(s) for each key
4.1 Keywords
SHALL – Indicates requirements that are MANDATORY for compliance with the Standard.
SHOULD – Indicates requirements that are strongly recommended for compliance with the Standard.
5 Application
5.1 General In a cryptographic system it may be desirable to generate keys using a constructive process, where keys are derived from system-specified control information, as well as secret random data. It may also be desirable to attach a “key usage vector” to each key, defining how the key may be used.
5.2 The Use of Constructive Key Management With Constructive Key Management (CKM), key components, called splits, shall be generated with a random or pseudorandom number generator. Each of these splits shall be given a name, called a label, that provides some meaningful information to the sender, and allows the sender to direct the encrypted object to a selected set of end-users. The working key shall be constructed by combining the addressee splits with the system generated and controlled splits. Thus, with CKM it is possible to create a group key for a particular set of end-users. Other recipients, who are not members of the group, will be unable to re-construct that particular group key.