ANSI ASC X9 X9.79-1-2001 Part 1 PKI Practices and Policy Framework.pdf
《ANSI ASC X9 X9.79-1-2001 Part 1 PKI Practices and Policy Framework.pdf》由会员分享,可在线阅读,更多相关《ANSI ASC X9 X9.79-1-2001 Part 1 PKI Practices and Policy Framework.pdf(111页珍藏版)》请在麦多课文档分享上搜索。
1、American National Standard for Financial Services ANS X9.79-1:2001 Part 1: PKI Practices and Policy Framework Secretariat American Bankers Association Approved: January 2001 American National Standards InstituteANS x9.79-1:2001, Public Key Infrastructure - Practices and Policy Framework 2001 America
2、n Bankers Associationii American National Standard Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the
3、 ANSI Board of Standards Review, directly and materially affected interests have reached substantial agreement. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be
4、made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to
5、 the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of
6、 the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American Na
7、tional Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by: American Bankers Association 1120 Connecticut Ave., NW Washington, DC 20036 USA Customer Service Center + 1 800 338 0626 or + 1 202
8、 663 5087 Fax + 1 202 663 7543 Email X9 Online: http:/www.x9.org Copyright (X9 2000) by American Bankers Association All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Pri
9、nted in the United States of America 2001 American Bankers Association ANS x9.79-1:2001, Public Key Infrastructure - Practices and Policy Frameworkiii Contents 1 SCOPE OF THIS STANDARD . 1 2 NORMATIVE REFERENCE(S) . 2 3 DEFINITIONS. 3 4 SYMBOLS (AND ABBREVIATIONS) 10 5 ORGANIZATION. 11 6 PKI CERTIFI
10、CATE POLICY AND CERTIFICATION PRACTICE STATEMENT. 12 6.1 WHAT IS PKI (PUBLIC-KEY INFRASTRUCTURE)? 12 6.2 PKI MODELS 13 6.2.1 Closed Model 13 6.2.2 Network Model 13 6.2.3 Open Model. 13 6.3 PKI PERSPECTIVES . 14 6.3.1 Functional Perspective 14 6.3.2 Legal Perspective 16 6.3.3 Regulatory Perspective .
11、 16 6.3.4 Business Usage Perspective 16 6.4 RELATIONSHIP BETWEEN CERTIFICATE POLICY AND CERTIFICATION PRACTICE STATEMENT 17 6.4.1 Authorship. 17 6.4.2 Purpose . 17 6.4.3 Level of Specificity 17 6.4.4 Approach. 18 6.4.5 Public and Private Access. 18 6.5 CERTIFICATE POLICY (CP) . 19 6.6 CERTIFICATION
12、PRACTICE STATEMENT (CPS) 20 6.7 CERTIFICATE POLICY, CPS, AND CA INTEROPERABILITY 21 7 GENERAL REQUIREMENTS 21 7.1 CERTIFICATE POLICY (CP) . 21 7.2 CERTIFICATION PRACTICE STATEMENTS 23 7.2.1 Segmentation of a Certification Practice Statement. 23 ANNEX A (NORMATIVE) ELEMENTS OF POLICY AND PRACTICE 26
13、A.1 INTRODUCTION . 26 A.1.1 Overview . 26 A.1.2 Identification . 26 A.1.3 Community and Applicability 26 A.1.4 Contact Details 27 A.2 GENERAL PROVISIONS 27 A.2.1 Liability . 27 A.2.2 Obligations 28 ANS x9.79-1:2001, Public Key Infrastructure - Practices and Policy Framework 2001 American Bankers Ass
14、ociationiv A.2.3 Interpretation and Enforcement 29 A.2.4 Publication and Repositories 29 A.2.5 Compliance Audit 29 A.2.6 Confidentiality Policy 29 A.3 IDENTIFICATION AND AUTHENTICATION 30 A.3.1 Initial Registration 30 A.3.2 Routine Re-key 31 A.3.3 Re-key after Revocation - No Key Compromise. 31 A.3.
15、4 Revocation Request . 31 A.4 OPERATIONAL REQUIREMENTS 32 A.4.1 Certificate Application 32 A.4.2 Certificate Issuance. 32 A.4.3 Certificate Acceptance 32 A.4.4 Certificate Suspension and Revocation. 32 A.4.5 Security Audit Procedures. 33 A.4.6 Records Archival. 34 A.4.7 Key Changeover 34 A.4.8 Compr
16、omise and Disaster Recovery . 34 A.4.9 CA Termination. 35 A.5 PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS. 35 A.5.1 Physical Security Controls 35 A.5.2 Procedural Controls 36 A.5.3 Personnel Security Controls 36 A.6 TECHNICAL SECURITY CONTROLS 37 A.6.1 Key Pair Generation and Installation.
17、 38 A.6.2 Private Key Protection 38 A.6.3 Other Aspects of Key Pair Management . 39 A.6.4 Activation Data . 40 A.6.5 Computer Security Controls 40 A.6.6 Life Cycle Security Controls . 40 A.6.7 Network Security Controls 40 A.6.8 Cryptographic Module Engineering Controls. 40 A.7 CERTIFICATE AND CRL PR
18、OFILES 41 A.7.1 Certificate Profile 41 A.7.2 CRL Profile . 41 A.7.3 OCSP Profile. 41 A.8 PRACTICES ADMINISTRATION . 42 A.8.1 Change procedures . 42 A.8.2 Publication and Notification Procedures 43 A.8.3 Approval Procedures 43 ANNEX B (NORMATIVE) CERTIFICATION AUTHORITY CONTROL OBJECTIVES. 44 B.1 CA
19、ENVIRONMENTAL CONTROLS. 47 B.1.1 Certification Practice Statement and Certificate Policy Management . 47 B.1.2 Security Management 48 B.1.3 Asset Classification and Management 50 B.1.4 Personnel Security 50 B.1.5 Physical and Environmental Security . 51 B.1.6 Operations Management. 54 B.1.7 System A
20、ccess Management 56 B.1.8 Systems Development and Maintenance .58 B.1.9 Business Continuity Management . 58 B.1.10 Monitoring and Compliance. 61 B.1.11 Event Journaling 62 2001 American Bankers Association ANS x9.79-1:2001, Public Key Infrastructure - Practices and Policy Frameworkv B.2 KEY MANAGEME
21、NT LIFE CYCLE CONTROLS 67 B.2.1 CA Key Generation . 67 B.2.2 CA Key Storage, Backup and Recovery 68 B.2.3 CA Public Key Distribution. 69 B.2.4 CA Key Escrow (if supported). 70 B.2.5 CA Key Usage . 70 B.2.6 CA Key Destruction. 70 B.2.7 CA Key Archival 71 B.2.8 CA Cryptographic Hardware Life Cycle Man
22、agement. 72 B.2.9 CA-Provided Subscriber Key Management Services (if supported). 74 B.3 CERTIFICATE LIFE CYCLE CONTROLS. 76 B.3.1 Subscriber Registration. 76 B.3.2 Certificate Renewal (if supported) 78 B.3.3 Certificate Rekey . 79 B.3.4 Certificate Issuance. 81 B.3.5 Certificate Distribution . 82 B.
23、3.6 Certificate Revocation. 82 B.3.7 Certificate Suspension (if supported) 83 B.3.8 Certificate Status Information Processing 85 B.3.9 Integrated Circuit Card (ICC) Life Cycle Management (if supported). 86 B.4. MAPPING TO RFC 2527 AND X9.79 ANNEX A . 89 ANNEX C (INFORMATIVE) X.509 CERTIFICATE FIELDS
24、. 91 C.1 EXPLANATION OF X.509 EXTENTIONS. 91 C.1.1 Certificate Policies Extension . 91 C.1.2 Policy Mappings Extension. 92 C.1.3 Policy Constraints Extension 92 C.2 POLICY QUALIFIERS. 93 ANNEX D (INFORMATIVE) BIBLIOGRAPHY . 94 D.1 IETF REQUEST FOR COMMENT DRAFTS 94 D.2 NATIONAL AUTOMATED CLEARING HO
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
10000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ANSIASCX9X97912001PART1PKIPRACTICESANDPOLICYFRAMEWORKPDF
![提示](http://www.mydoc123.com/images/bang_tan.gif)
链接地址:http://www.mydoc123.com/p-431355.html