M00011273
New product
PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: CERTIFICATE MANAGEMENT
American Bankers Association
In stock
Warning: Last items in stock!
Availability date: 11/04/2021
FOREWORD
1. SCOPE
2. DEFINITIONS AND COMMON ABBREVIATIONS
2.1. DEFINITIONS
2.2. ACRONYMS
2.3. NOTATION
3. INTRODUCTION
4. CERTIFICATE MANAGEMENT
4.1. GENERAL
4.2. THE CERTIFICATION AUTHORITY
4.2.1. Certification Authority Responsibilities
4.2.2. Entity's Responsibility Regarding Key Integrity
4.2.3. Distribution Of A CA's Public Key
4.2.4. Security Requirements For A CA's Private Key
4.3. TRUST MODELS
4.4. CERTIFICATE GENERATION
4.5. CERTIFICATE VALIDATION
4.6. CERTIFICATE REVOCATION LIST (CRL)
4.6.1. General Requirements
4.6.2. Actions To Be Taken Whenever A Certificate is
Revoked or Held
4.6.3. Compromise Or Suspected Compromise Of An
Entity's Private Key
4.6.4. Request For Revocation Of an Entity's
Certificate(s) Because Of A Cessation of
Operations
4.6.5. Request For Revocation Of Entity's
Certificate(s) Because Of A Change Of
Affiliation Of The Entity
4.6.6. Revocation Of Certificates For Reasons Other
Than For Key Compromise, Cessation Of
Operations, Or A Change Of Affiliation
4.6.7. Revocation or Holding Of Certificates For
Public Keys Which Are Used To Protect Symmetric
Algorithm Key Exchanges
4.6.8. Certificate Holds Due to Unauthenticated
Revocation Requests or Other Business Reasons
4.6.9. Implied Release of Certificate Hold via Natural
Expiration of the Hold
4.6.10. Reissuance of a Certificate Hold with an
Extended Expiration Date
4.6.11. Revocation of a Certificate Superseding a
Prior Certificate Hold Expiration Date
4.6.12. Certificate Hold Release to Cancel Certificate
Hold Prior to Expiration
4.6.13. Expiration of Certificate Prior to the
Expiration of a Hold
4.7. THE LOCAL REGISTRATION AGENT (LRA)
4.7.1. Applying for Certificates
4.7.2. Requesting Certificate Revocation
4.8. ATTRIBUTE CERTIFICATES
5. DATA ELEMENTS AND RELATIONSHIPS
5.1. GENERAL
5.2. DSA PUBLIC KEYS
5.3. SIGNATURES
5.3.1. Single Signatures
5.3.2. Multiple Signatures
5.4. CERTIFICATION REQUEST DATA (CERTREQDATA)
5.5. PUBLIC KEY CERTIFICATES
5.6. ATTRIBUTE CERTIFICATES
5.7. CERTIFICATE REVOCATION AND HOLD/RELEASE
5.7.1. Certificate Revocation
5.7.2. Certificate Hold/Release
5.7.3. Hold Instruction Codes
5.7.4. CRL Data Structures
6. AUDIT JOURNAL REQUIREMENTS
7. REFERENCES
8. ASN.1 MODULE
ANNEX A: SUGGESTED REQUIREMENTS FOR THE ACCEPTANCE OF
CERTIFICATE REQUEST DATA
A.1. INTRODUCTION
A.2. ACCEPTANCE OF THE CERTIFICATE REQUEST DATA OF AN
INDIVIDUAL
A.2.1. LOW RISK APPLICATIONS
A.2.2. MEDIUM RISK APPLICATIONS
A.2.3. HIGH RISK APPLICATIONS
A.3. ACCEPTANCE OF THE CERTIFICATION REQUEST DATA OF A
LEGAL ENTITY
A.3.1. A FINANCIAL INSTITUTION IN A PEER-TO-PEER
RELATIONSHIP
A.3.2. A BUSINESS CUSTOMER OF A FINANCIAL INSTITUTION
A.4. ACCEPTANCE OF THE CERTIFICATE REQUEST DATA OF A
HARDWARE DEVICE
ANNEX B: ALTERNATIVE TRUST MODELS
B.1. OVERVIEW
B.2. TRUST MODELS
B.3. CENTRALIZED AND DECENTRALIZED MODELS
B.4. EXAMPLES
B.5. ISSUES INVOLVING MULTIPLE DOMAINS
B.5.1. MULTIPLE LEVELS OF ASSURANCE
B.5.2. MULTIPLE TRUST MODELS
B.6. SUBSCRIBER AND ORGANIZATIONAL CERTIFICATES
ANNEX C: OBJECT IDENTIFIERS AND ATTRIBUTES
C.1. ALGORITHMS
C.2. MODULES
C.3. ATTRIBUTES
C.4. CERTIFICATE AND CRL EXTENSIONS
C.5. CERTIFICATE HOLD INSTRUCTIONS
ANNEX D: RECOMMENDED CERTIFICATION AUTHORITY AUDIT JOURNAL
CONTENTS AND USE
D.1. AUDIT JOURNAL CONTENTS AND PROTECTION
D.1.1. ELEMENTS TO BE INCLUDED IN ALL JOURNAL ENTRIES
D.1.2. CERTIFICATE APPLICATION INFORMATION TO BE
JOURNALIZED BY AN LRA, CA OR AA
D.1.3. EVENTS TO BE JOURNALIZED
D.1.4. ACTIONS TO BE JOURNALIZED
D.1.5. SECURITY-SENSITIVE EVENTS TO BE JOURNALIZED
D.1.6. MESSAGES AND DATA TO BE JOURNALIZED
D.2. AUDIT JOURNAL BACKUP
D.3. AUDIT JOURNAL USE
ANNEX E: DISTRIBUTION OF CERTIFICATES AND CERTIFICATE
REVOCATION LISTS
E.1. INTRODUCTION
E.2. CERTIFICATE DISTRIBUTION
E.3. CRL DISTRIBUTION
ANNEX F: MULTIPLE ALGORITHM CERTIFICATE VALIDATION
F.1. MULTIPLE ALGORITHM CERTIFICATION PATHS
F.2. UNWRAPPING DSA/RSA MULTIPLE ALGORITHM CERTIFICATION
PATHS
ANNEX G: CERTIFICATE AUTHORITY TECHNIQUES FOR DISASTER
RECOVERY
G.1. INTRODUCTION
G.2. NOTIFICATION WITH CA'S SECONDARY KEY PAIR
G.3. REISSUANCE WITH CA'S SECONDARY KEY PAIR
G.4. REISSUANCE WITH CA'S NEW PRIMARY KEY PAIR
G.5. NOTIFICATION WITH MULTIPLY SIGNED CERTIFICATES
Defines certificate management procedures and data elements. Specifies the contents of certificates, the credentials required to obtain a certificate, and procedures for certificate generation, validation, and revocation, for Digital Signature Algorithm (DSA) public key certificates and attribute certificates.
Published | |
Document Type | Standard |
Status | Current |
Publisher | American Bankers Association |
Pages | |
ISBN | |
Committee | X9 |