ANSI TR-31-2005 pdf download Interoperable Secure Key Exchange Key Block Specification for Symmetric Algorithms
1 Scope
This document describes a method consistent with the requirements of ANS X9.24 Retail Financial Services Symmetric Key Management Part 1 for the secure exchange of keys and other sensitive data between two devices that share a symmetric key exchange key. This method may also be used for the storage of keys under a symmetric key. This method is designed to operate within the existing capabilities of devices used in the retail financial services industry. This document is not a security standard and is not intended to establish security requirements. It is intended instead to provide an interoperable method of implementing security requirements and policies.
2 References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
1. ANS X9.24 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques:2004
2. ANS X9.24 Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys; (draft)
3. ANS X3.92 Data Encryption Algorithm (DEA)
4. ANS X9.52:1998 Triple Data Encryption Algorithm Modes of Operations
5. ISO 9797 Information technology — Security techniques — Message Authentication Codes (MACs) — Part1: Mechanisms using a block cipher: 1999
6. ANS X9 TG 3 PIN Security Compliance Guideline
7. ANS X9 TG 7 Initial DEA Key Distribution for PIN Entry and Transaction Originating Devices Guideline
8. ISO 16609-2004, Banking – Requirements for message authentication using symmetric techniques
3 Terms and definitions
For the purposes of this document, the terms and definitions in reference 1 apply. Additionally:
3.1
hex-ASCII
Base-16 numbers encoded as ASCII characters (‘0’-‘9’, ‘A’-‘F’)
3.2
Initialization Vector (IV)
A number used as a starting point for the encryption of a data sequence in order to order to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment
3.3
Key Block Encryption Key
The variant of the Key Block Protection Key that is used for enciphering the Key Block
3.4
Key Block MAC Key
The variant of the Key Block Protection Key that is used for calculating the MAC over the Key Block
3.5
Key Block Protection Key
The key encrypting key from which the Key Block Encryption Key and the Key Block MAC Key are derived 4 Symbols and abbreviated terms
4.1
Notation
The following are used to indicate field encoding in the Key Block:
nA – n-digits of Alphabetic (‘A’-‘Z’, ‘a’-‘z’), e.g., 6A means exactly 6 alphabetic characters in ASCII
nAN – Alphanumeric (‘A’-‘Z’, ‘a’-‘z’, ‘0’-‘9’), e.g., 6AN means exactly 6 alphanumeric characters in ASCII
nH – Hex-ASCII (‘0’-‘9’, ‘A’-‘F’), e.g., 6H means exactly 6 hex-ASCII characters
nN – Numeric-ASCII (‘0’-‘9’), e.g., 6N means exactly 6 decimal characters in ASCII
nB – Binary bytes (0x00 to 0xFF), e.g., 6B means exactly 6 bytes of binary data The following abbreviations are used in this document:
4.2
ASCII
American Standard Code for Information Interchange
4.3
CAPI
Cryptographic Application Programmers Interface
4.4
CBC
Cipher Block Chaining; the Cipher Block Chaining encryption mode of operation
ANSI TR-31-2005 pdf download
PS:Thank you for your support!