ANSI X9.69-2006 pdf download Framework for Key Management Extensions
4.2 The Use of Constructive Key Management With Constructive Key Management (CKM), key components, called splits, shall be generated with a random or pseudorandom number generator. Each of these splits shall be given a name, called a Credential that provides some meaningful information to the sender, and allows the sender to direct the encrypted object to a selected set of end-users. The working key shall be constructed by combining the addressee splits with the system generated and controlled splits. Thus, with CKM it is possible to create a group key for a particular set of end-users. Other recipients, who are not members of the group, will be unable to re-construct that particular group key.
4.3 The Use of Key Usage Control Vector With Key Usage Control Vectors, keys shall be generated using any acceptable method of key generation. Then a key usage vector shall be attached to the key. This vector specifies cryptographic services, modes and key parameters, in which the associated key shall be used. This usage vector shall be securely bound to the key to prevent misuse of the key or misinterpretation of its use.
4.4 System Algorithm and System Key The CKM operations system shall use a common system-wide encryption algorithm and key to wrap the header of encrypted objects as they transit communications networks. The purpose is privacy, not security. For example, when multiple objects are sent in a batch mode, recipients need to be able to unwrap the bundle and determine from the encrypted header information which object(s) is addressed to them. Security is not compromised because the objects themselves are encrypted using secret splits that only the addressees of each object possess.
5 Constructive Key Management
5.1 Overview Constructive Key Management is exactly what the name implies: key is constructed as needed by the originator of the message, and can only be re-constructed by intended recipients. In the interim, Credentials of the key components are associated with the encrypted object. For example, in an e-mail message, they might be passed, encrypted under a system key in the message header (depending on the protocol). In a session-oriented protocol, they might be exchanged as part of the key management protocol, and stored locally in the security management information base (SMIB).
This means the encrypting key is always fully recoverable and the message is always decryptable by the appropriate audience. There are two major administrative functions required to manage the CKM system: the CKM Administration (see §5.2 CKM Administration) and the Token Distribution (see §5.3 Token Distribution). In large organizations, these could be independent of each other. The CKM Administration function shall design the overall interconnectivity and read-write privileges in the system, and create the Credentials and splits. The Token Distribution function shall include the day-to-day management of the system, the creation, distribution and update of Credentials, and maintenance of a current users list (see Figure 1 – Token Distribution). The Token Distribution function shall be accomplished through a secure channel (see §5.3 Token Distribution).