ASC X9 TR 34 2019 Interoperable Method for Distribution of ...

© ASC X9, Inc. 2019– All rights reserved

ASC X9 TR 34–2019

Interoperable Method for Distribution of

Symmetric Keys using Asymmetric

Techniques: Part 1 – Using Factoring-Based

Public Key Cryptography Unilateral Key

Transport

A Technical Report prepared by:

Accredited Standards Committee X9, Incorporated

Financial Industry Standards

Registered with American National Standards Institute

Date Registered: September 22, 2019

American National Standards, Technical Reports and Guides developed through the Accredited Standards Committee X9, Inc., are copyrighted. Copying these documents for personal or commercial use outside X9 membership agreements is prohibited without express written permission of the Accredited Standards Committee X9, Inc. For additional information please contact ASC X9, Inc., 275 West Street, Suite 107, Annapolis, Maryland 21401.

This is a preview of "ASC X9 TR 34-2019". Click here to purchase the full version from the ANSI store.

https://webstore.ansi.org/Standards/ASCX9/ASCX9TR342019?source=preview

ASC X9 TR 34–2019

ii © ASC X9, Inc. 2019– All rights reserved

Contents Page

1 Scope ................................................................................................................................. 16

2 References ........................................................................................................................ 18

3 Terms and definitions ....................................................................................................... 18

4 Symbols and abbreviated terms ...................................................................................... 18

5 TR34 Protocol Overview ................................................................................................... 23

5.1 Introduction ....................................................................................................................... 23

5.2 Certificate Authority ......................................................................................................... 24

5.3 High Level Protocol Description ...................................................................................... 25

5.4 Key Exchange Elements Description .............................................................................. 26

5.4.1 Introduction ....................................................................................................................... 26

5.4.2 TR34 Attribute Header ...................................................................................................... 27

5.4.3 TR34 Ephemeral Key ........................................................................................................ 29

5.4.4 TR34 Replay Prevention ................................................................................................... 29

5.4.5 Introduction ....................................................................................................................... 29

5.4.6 Two Pass Protocol ............................................................................................................ 29

5.4.7 One Pass Protocol ............................................................................................................ 30

5.4.8 TR34 Certificate Revocation List (CRL) ........................................................................... 30

5.4.9 The complete TR34 Key exchange message .................................................................. 30

5.5 Binding .............................................................................................................................. 31

5.5.1 Bind.................................................................................................................................... 31

5.5.2 Unbinding .......................................................................................................................... 31

5.5.3 Rebinding .......................................................................................................................... 33

5.5.4 Higher Level Authority Unbinding ................................................................................... 34

5.5.5 Higher Level Authority Rebinding ................................................................................... 35

6 Key Block Properties and Characteristics ...................................................................... 37

6.1 Key Block Elements .......................................................................................................... 37

6.2 Key Block Binding Method ............................................................................................... 38

6.2.1 Secrecy .............................................................................................................................. 39

6.2.2 Integrity and Authenticity ................................................................................................. 39

6.3 Key Block Header ............................................................................................................. 39

7 Key Establishment Protocol – Unilateral Key Transport Method .................................. 40

7.1 Introduction ....................................................................................................................... 40

7.2 Bind / Unbind / Rebind States .......................................................................................... 40

7.3 Unbind / Rebind Scenarios............................................................................................... 41

7.4 Parameters for Digital Signatures.................................................................................... 42

7.4.1 Digital Signatures ............................................................................................................. 42

7.5 KDH Bind Phase ................................................................................................................ 42

7.5.1 Summary ........................................................................................................................... 42



ASC X9 TR 34–2019

© ASC X9, Inc. 2019– All rights reserved iii

7.5.2 Prepare KRD Credential Token (A1) ................................................................................ 42

7.5.3 Validate KRD Credential Token (B1) ................................................................................ 42

7.5.4 Prepare KDH Credential Token (B2) ................................................................................ 43

7.5.5 Validate KDH Credential (A2) ........................................................................................... 43

7.6 Symmetric Key Transport Phase ..................................................................................... 44

7.6.1 Summary ........................................................................................................................... 44

7.6.2 Generate Random Number Token (A1) ........................................................................... 44

7.6.3 Receive Random Number Token (B1) ............................................................................. 44

7.6.4 Generate transported Symmetric Key (B2) .................................................................... 44

7.6.5 Generate Ephemeral Symmetric Key (B3) ...................................................................... 45

7.6.6 Encipher Key Block (B4) .................................................................................................. 45

7.6.7 Encipher Ephemeral Key (B5) .......................................................................................... 45

7.6.8 Construct Key Token (B6) ................................................................................................ 45

7.6.9 Verify Key Token (A2) ....................................................................................................... 45

7.7 Symmetric Key Transport Phase - One-Pass Protocol Support .................................... 46

7.7.1 Summary ........................................................................................................................... 46

7.7.2 One-Pass Environment ..................................................................................................... 46

7.7.3 Ensuring Message Freshness with TimeStamps ............................................................ 46

7.7.4 Implementing TimeStamps............................................................................................... 47

7.7.5 Generate Transported Symmetric Key (B1) .................................................................... 48

7.7.6 Generate Ephemeral Symmetric Key (B2) ....................................................................... 48

7.7.7 Encipher Key Block (B3) .................................................................................................. 48

7.7.8 Encipher Ephemeral Key (B4) .......................................................................................... 48

7.7.9 Construct Key Token (B5) ................................................................................................ 48

7.7.10 Verify Key Token (A1) ....................................................................................................... 48

7.8 Symmetric Key Verification Phase .................................................................................. 50

7.8.1 Summary ........................................................................................................................... 50

7.8.2 Generate Key Check Value (A1) ....................................................................................... 50

7.8.3 Verify Key Check Value (B1) ............................................................................................ 50

7.9 KDH Unbind Phase ........................................................................................................... 51

7.9.1 Summary ........................................................................................................................... 51



7.9.4 Generate Unbind Token (B2) ............................................................................................ 51

7.9.5 Verify Unbind Token (A2) ................................................................................................. 52

7.10 KDH Rebind Phase ........................................................................................................... 53

7.10.1 Summary ........................................................................................................................... 53



7.10.4 Generate Rebind Token (B2) ............................................................................................ 53

7.10.5 Verify Rebind Token (A2) ................................................................................................. 54

7.11 Higher Level Authority Unbind Phase ............................................................................. 55

7.11.1 Summary ........................................................................................................................... 55



7.11.4 Generate Unbind Token (B2) ............................................................................................ 55

7.11.5 Verify Unbind Token (A2) ................................................................................................. 56



ASC X9 TR 34–2019

iv © ASC X9, Inc. 2019– All rights reserved

7.12 Higher Level Authority Rebind Phase ............................................................................. 56

7.12.1 Summary ........................................................................................................................... 56



7.12.4 Generate Rebind Token (B2) ............................................................................................ 57

7.12.5 Verify Rebind Token (A2) ................................................................................................. 57

Annex A (Informative) Design Considerations .......................................................................... 58

A.1 Assumptions and Constraints ......................................................................................... 58

A.1.1 Assumptions ..................................................................................................................... 58

A.1.2 Constraints ........................................................................................................................ 58

A.2 Recommended Algorithms............................................................................................... 59

A.2.1 General .............................................................................................................................. 59

A.2.2 Signature Algorithms........................................................................................................ 59

A.2.3 Encryption Algorithms ..................................................................................................... 59

A.2.4 OAEP Parameters ............................................................................................................. 59

A.2.5 Message Digest Functions ............................................................................................... 61

A.2.6 Key Sizes and Characteristics ......................................................................................... 62

Annex B (Informative) Cryptographic Message Encodings ..................................................... 65

B.1 Overview ............................................................................................................................ 65

B.2 Test Vectors ...................................................................................................................... 65

B.2.1 Sample Keys ..................................................................................................................... 65

B.2.2 Sample Data ...................................................................................................................... 73

B.3 Root Certificate Authority Public Key Certificate ........................................................... 96

B.4 CAKDH – Certificate Authority – KDH Certificate .............................................................100

B.5 CAKRD – Certificate Authority – KRD Certificate .............................................................104

B.6 CTKDH – The KDH Credential Token ................................................................................108

B.7 CTKRD - The KRD Credential Token ................................................................................114

B.8 KTKDH – The KDH Key Token – 1 Pass TDEA..................................................................118

B.8.1 1 Pass Key Token ............................................................................................................121

B.9 KTKDH – The KDH Key Token – 2 Pass TDEA..................................................................127

B.9.1 2 Pass Key Token ............................................................................................................130

B.10 RBTCA_UNBIND – Higher Level Authority Rebind Token ....................................................135

B.11 RBTKDH – KDH Rebind Token ..........................................................................................143

B.12 RTKRD – KRD Random Number Token ............................................................................152

B.13 UBTCA_UNBIND – Higher Level Authority Unbind Token ....................................................153

B.14 UBTKDH – KDH Unbind Token ..........................................................................................157

Annex C (Normative) ASN.1 Module for Object Identifiers ......................................................162

Annex D (Normative) ASN.1 Module for TR34 CMS ..................................................................164



ASC X9 TR 34–2019

© ASC X9, Inc. 2019– All rights reserved v

Figures

Figure 1 ................................................................................................................................................ 23

Figure 2 ................................................................................................................................................ 24

Figure 3 — Comparison of TR-31 and TR-34 Key Binding Methods ..................................................... 37

Figure 4 — Key Block Binding Method using CMS types ...................................................................... 38

Figure 5 — Binding States .................................................................................................................... 41

Tables

Table 1 — KDH Response and Phase.................................................................................................. 40

Table 2 — Unbind / Rebind Scenarios .................................................................................................. 41

Table 3— KDH Bind Phase .................................................................................................................. 42

Table 4 — Symmetric Key Transport Phase ........................................................................................ 44

Table 5 - Symmetric Key Transport Phase - One-Pass Protocol .......................................................... 46

Table 6 — Symmetric Key Verification Phase ...................................................................................... 50

Table 7 — KDH Unbind Phase ............................................................................................................. 51

Table 8 — KDH Rebind Phase ............................................................................................................. 53

Table 9 — Higher Level Authority Unbind Phase .................................................................................. 55

Table 10 — Higher Level Authority Rebind Phase ................................................................................ 56

Table 11 - Supported Signature Algorithms .......................................................................................... 59

Table 12 - Supported Asymmetric Encryption Algorithms ..................................................................... 59

Table 13 - Supported Message Digest Functions ................................................................................. 61

Table 14 - Supported Key Sizes and Characteristics ............................................................................ 62

Table 15 - Ephemeral Key types and Strengths .................................................................................... 63

Table 16 - Transported Key Types and Strengths ................................................................................ 64



ASC X9 TR 34–2019

vi © ASC X9, Inc. 2019– All rights reserved

Foreword

Publication of this Technical Report that has been registered with ANSI has been approved by the

Accredited Standards Committee X9, Incorporated, 275 West Street, Suite 107, Annapolis, MD 21401.

This document is registered as a Technical Report according to the “Procedures for the Registration of

Technical Reports with ANSI.” This document is not an American National Standard and the material

contained herein is not normative in nature. Comments on the content of this document should be sent

to: Attn: Executive Director, Accredited Standards Committee X9, Inc., 275 West Street, Suite 107,

Annapolis, MD 21401,

Published by

Accredited Standards Committee X9, Incorporated

Financial Industry Standards

275 West Street, Suite 107

Annapolis, MD 21401 USA

X9 Online http://www.x9.org

Copyright © 2019 ASC X9, Inc.

All rights reserved.

No part of this publication may be reproduced in any form, in an electronic retrieval system or

otherwise, without prior written permission of the publisher. Published in the United States of America.



ASC X9 TR 34–2019

© ASC X9, Inc. 2019– All rights reserved vii

Introduction

The retail financial transactions industry needs a cost effective way to distribute the symmetric key

materials required for financial cryptography. Physically visiting a remote terminal to enter keys is costly

and error prone. An interoperable cryptographic protocol to distribute these keys using public

cryptography techniques can provide a secure, cost effective solution. Manufacturers of both key

distribution hosts and key receiving devices can then embed this protocol in the communication

protocols used to interface hosts and devices. This Technical Report is intended to give the reader an

implementation that meets the requirements for secure key distribution as set forth in ANS X9.24 Retail

Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the

Distribution of Symmetric Keys.

Suggestions for the improvement or revision of this Technical Report are welcome. They should be sent

to the X9 Committee Secretariat, Accredited Standards Committee X9, Inc., Financial Industry

Standards, 1212 West Street, Suite 200, Annapolis, MD 21401 USA.

This Technical Report was processed and registered for submittal to ANSI by the Accredited Standards

Committee on Financial Services, X9. Committee approval of the Technical Report does not

necessarily imply that all the committee members voted for its approval.

NOTE The user's attention is called to the possibility that compliance with this technical report may

require use of an invention covered by patent rights.

By publication of this technical report, no position is taken with respect to the validity of this claim or of

any patent rights in connection therewith. The patent holder has, however, filed a statement of

willingness to grant a license under these rights on reasonable and nondiscriminatory terms and

conditions to applicants desiring to obtain such a license. Details may be obtained from the standards

developer.

The X9 committee had the following members:

Roy DeCicco, X9 Chairman

Angela Hendershott, X9 Vice-Chairman

Steve Stevens, Executive Director

Organization Represented Representative

ACI Worldwide ............................................................................................Doug Grote

Amazon ......................................................................................................John Britton

American Bankers Association ...................................................................Diane Poole

American Express Company ......................................................................David Moore

Bank of America .........................................................................................Daniel Welch

BBVA Compass ..........................................................................................Omar Jarrar

BDO ...........................................................................................................Tim Crawford

Bloomberg LP .............................................................................................Corby Dear

Capital One ................................................................................................Marie LaQuerre



ASC X9 TR 34–2019

viii © ASC X9, Inc. 2019– All rights reserved

Citigroup, Inc. .............................................................................................Karla McKenna

Conexxus, Inc. ............................................................................................Gray Taylor

CUSIP Global Services ..............................................................................Gerard Faulkner

Delap LLP ..................................................................................................Andrea Beatty

Deluxe Corporation.....................................................................................Angela Hendershott

Diebold Nixdorf ...........................................................................................Bruce Chapa

Federal Reserve Bank ................................................................................Ainsley Hargest

First Data Corporation ................................................................................Lisa Curry

FIS .............................................................................................................Stephen Gibson-Saxty

Fiserv .........................................................................................................Dan Otten

FIX Protocol Ltd - FPL ................................................................................James Northey

Futurex .......................................................................................................Ryan Smith

Gilbarco ......................................................................................................Bruce Welch

Harland Clarke ...........................................................................................John McCleary

Hyosung TNS Inc. ......................................................................................Joe Militello

IBM Corporation .........................................................................................Todd Arnold

ISARA Corporation .....................................................................................Alexander Truskovsky

ISITC ..........................................................................................................Lisa Iagatta

ITS, Inc. (SHAZAM Networks) ....................................................................Manish Nathwani

J.P. Morgan Chase .....................................................................................Roy DeCicco

MagTek, Inc................................................................................................Mimi Hart

MasterCard Europe Sprl .............................................................................Mark Kamers

NACHA The Electronic Payments Association ...........................................George Throckmorton

National Security Agency............................................................................Mike Boyle

NCR Corporation ........................................................................................Kevin Spengler

Office of Financial Research, U.S. Treasury Department............................Thomas Brown Jr.

PCI Security Standards Council..................................................................Troy Leach

PricewaterhouseCoopers LLP ....................................................................Michael Versace

RouteOne ...................................................................................................Chris Irving

SWIFT/Pan Americas .................................................................................Karin DeRidder

Symcor Inc. ................................................................................................Debbi Fitzpatrick

TECSEC Incorporated ................................................................................Ed Scheidt

The Clearing House ....................................................................................Sharon Jablon

U.S. Bank ...................................................................................................Michelle Wright

U.S. Commodity Futures Trading Commission (CFTC) ..............................Robert Stowsky

USDA Food and Nutrition Service ..............................................................Lisa Gifaldi

VeriFone, Inc. .............................................................................................Dave Faoro

Viewpointe ..................................................................................................Richard Luchak

VISA ...........................................................................................................Kim Wagner

Wayne Fueling Solutions ............................................................................Henry Fieglein

Wells Fargo Bank .......................................................................................Mark Schaffer

The X9F subcommittee on Data & Information Security had the following members:

Dave Faoro, X9F Chairman

Ed Scheidt, X9F Vice-Chairman



ASC X9 TR 34–2019

© ASC X9, Inc. 2019– All rights reserved ix


ACI Worldwide ..........................................................................................................Doug Grote ACI Worldwide ..........................................................................................................Dan Kinney ACI Worldwide ..........................................................................................................Lisa McKee ACI Worldwide ..........................................................................................................Julie Samson American Bankers Association .................................................................................Tom Judd American Express Company ....................................................................................Gail Chapman American Express Company ....................................................................................Farid Hatefi American Express Company ....................................................................................David Moore American Express Company ....................................................................................John Timar American Express Company ....................................................................................Kevin Welsh Bank of America .......................................................................................................Amanda Adams Bank of America .......................................................................................................Peter Capraro Bank of America .......................................................................................................Andi Coleman Bank of America .......................................................................................................Joel Kazin Bank of America .......................................................................................................Terry McKinney Bank of America .......................................................................................................Matthew Sharp Bank of America .......................................................................................................Michael Smith Bank of America .......................................................................................................Daniel Welch BBVA Compass ........................................................................................................Omar Jarrar BDO ..........................................................................................................................Tim Crawford BDO ..........................................................................................................................Jeffrey Ward BlackBerry Limited ....................................................................................................Daniel Brown Bloomberg LP ...........................................................................................................Erik Anderson Bloomberg LP ...........................................................................................................Corby Dear Capital One ...............................................................................................................Marie LaQuerre Capital One ...............................................................................................................Johnny Lee Cipherithm ................................................................................................................Scott Spiker comforte AG ..............................................................................................................Thomas Gloerfeld comforte AG ..............................................................................................................Henning Horst Communications Security Establishment .................................................................Jonathan Hammell Communications Security Establishment .................................................................David Smith Conexxus, Inc. ..........................................................................................................David Ezell Conexxus, Inc. ..........................................................................................................Alan Thiemann CUSIP Global Services.............................................................................................Scott Preiss Deixis, PBC ...............................................................................................................Pamela Bell Deixis, PBC ...............................................................................................................Allen Brown Deixis, PBC ...............................................................................................................Pat Santos Delap LLP .................................................................................................................Andrea Beatty Delap LLP .................................................................................................................Diane Bishop Delap LLP .................................................................................................................David Buchanan Deluxe Corporation ...................................................................................................Angela Hendershott Deluxe Corporation ...................................................................................................Margiore Romay Deluxe Corporation ...................................................................................................Andy Vo Diebold Nixdorf .........................................................................................................Christoph Bruecher Diebold Nixdorf .........................................................................................................Andrea Carozzi Diebold Nixdorf .........................................................................................................Bruce Chapa Diebold Nixdorf .........................................................................................................Michael Ott Diebold Nixdorf .........................................................................................................David Phister Digicert ......................................................................................................................Tim Hollebeek Digicert ......................................................................................................................Steve Medin Discover Financial Services .....................................................................................Cheryl Mish Discover Financial Services .....................................................................................Diana Pauliks Discover Financial Services .....................................................................................Jordan Schaefer Discover Financial Services .....................................................................................Jorge Vargas



ASC X9 TR 34–2019

x © ASC X9, Inc. 2019– All rights reserved

Federal Reserve Bank ............................................................................................. Patrick Adler Federal Reserve Bank ............................................................................................. Guy Berg Federal Reserve Bank ............................................................................................. Marianne Crowe Federal Reserve Bank ............................................................................................. Amanda Dorphy Federal Reserve Bank ............................................................................................. Ken Han Federal Reserve Bank ............................................................................................. Ainsley Hargest Federal Reserve Bank ............................................................................................. Daniel Maynard Federal Reserve Bank ............................................................................................. Susan Pandy Federal Reserve Bank ............................................................................................. Patti Ritter First Data Corporation ............................................................................................. Lisa Curry First National Bank of Omaha .................................................................................. Sherry Rewolinski First National Bank of Omaha .................................................................................. Kristi White FIS ........................................................................................................................... Saman Amighi FIS ........................................................................................................................... John Soares FIS ........................................................................................................................... Sunny Wear Fiserv ....................................................................................................................... Bud Beattie Fiserv ....................................................................................................................... Dan Otten Futurex ..................................................................................................................... Ryan Smith Futurex ..................................................................................................................... Tim Weston GEOBRIDGE Corporation ....................................................................................... Jason Way Gilbarco .................................................................................................................... Scott Turner Gilbarco .................................................................................................................... Bruce Welch Harland Clarke ......................................................................................................... Joseph Filer Hyosung TNS Inc. .................................................................................................... Joe Militello Hyosung TNS Inc. .................................................................................................... JaeWhan Shin IBM Corporation ....................................................................................................... Todd Arnold IBM Corporation ....................................................................................................... Richard Kisley Ingenico ................................................................................................................... Steven Bowles Ingenico ................................................................................................................... Wayne Burgess Ingenico ................................................................................................................... Nabil Hamzi Ingenico ................................................................................................................... Steve McKibben ISARA Corporation .................................................................................................. Mike Brown ISARA Corporation .................................................................................................. Philip Lafrance ISARA Corporation .................................................................................................. Alexander Truskovsky ITS, Inc. (SHAZAM Networks) ................................................................................. Manish Nathwani J.P. Morgan Chase .................................................................................................. Kathleen Krupa J.P. Morgan Chase .................................................................................................. Jackie Pagán J.P. Morgan Chase .................................................................................................. Darryl Scott Level 10 ................................................................................................................... Allan Elder MagTek, Inc. ............................................................................................................ Jeff Duncan MagTek, Inc. ............................................................................................................ Mimi Hart MasterCard Europe Sprl .......................................................................................... Mark Kamers MasterCard Europe Sprl .......................................................................................... Larry Newell MasterCard Europe Sprl .......................................................................................... Michael Ward Micro Focus ............................................................................................................. Luther Martin Micro Focus ............................................................................................................. Phil Smith National Institute of Standards and Technology (NIST) .......................................... Elaine Barker National Institute of Standards and Technology (NIST) .......................................... Lily Chen National Security Agency ......................................................................................... Mike Boyle National Security Agency ......................................................................................... Nick Gajcowski National Security Agency ......................................................................................... Paul Timmel NCR Corporation ..................................................................................................... Charlie Harrow NCR Corporation ..................................................................................................... Bradford Loewy P97 Networks, Inc. ................................................................................................... Steve Moses PCI Security Standards Council .............................................................................. Leon Fell PCI Security Standards Council .............................................................................. Troy Leach



ASC X9 TR 34–2019

© ASC X9, Inc. 2019– All rights reserved xi

PCI Security Standards Council ...............................................................................Ralph Poore RSA, The Security Division of EMC .........................................................................Steve Schmalz SafeNet Infotech Pvt. Ltd. .........................................................................................Amit Sinha SafeNet Infotech Pvt. Ltd. .........................................................................................Devesh Tewari TECSEC Incorporated ..............................................................................................Ed Scheidt TECSEC Incorporated ..............................................................................................Dr. Wai Tsang TECSEC Incorporated ..............................................................................................Jay Wack Thales UK Limited ....................................................................................................Larry Hines Thales UK Limited ....................................................................................................James Torjussen The Clearing House ..................................................................................................Mark Fitlin The Clearing House ..................................................................................................Sharon Jablon The Clearing House ..................................................................................................Hirak Patel The Clearing House ..................................................................................................Miguel Sanchez The Phoenix Group...................................................................................................Ron Davis The Phoenix Group...................................................................................................Candice Hoft U.S. Bank ..................................................................................................................Stephen Case University Bank .........................................................................................................Stephen Ranzini University Bank .........................................................................................................Michael Talley Utimaco Inc. ..............................................................................................................Susan Langford VeriFone, Inc. ...........................................................................................................John Barrowman VeriFone, Inc. ...........................................................................................................Dave Faoro VeriFone, Inc. ...........................................................................................................Saxon Noh VeriFone, Inc. ...........................................................................................................Joachim Vance Viewpointe ................................................................................................................Richard Luchak VISA ..........................................................................................................................Ben Choong VISA ..........................................................................................................................Adam Clark VISA ..........................................................................................................................Eric Le Saint VISA ..........................................................................................................................Kim Wagner Wayne Fueling Solutions ..........................................................................................Henry Fieglein Wells Fargo Bank .....................................................................................................Jason Buck Wells Fargo Bank .....................................................................................................David Cooper Wells Fargo Bank .....................................................................................................William Felts, IV Wells Fargo Bank .....................................................................................................Phillip Griffin Wells Fargo Bank .....................................................................................................Calvin Heng Wells Fargo Bank .....................................................................................................Antoinette McCarthy Wells Fargo Bank .....................................................................................................Kelly O'Donnell Wells Fargo Bank .....................................................................................................Mark Schaffer Wells Fargo Bank .....................................................................................................Jeff Stapleton Wells Fargo Bank .....................................................................................................Tony Suarez White and Williams LLP ............................................................................................Richard Borden White and Williams LLP ............................................................................................Sandra Lambert White and Williams LLP ............................................................................................Joshua Mooney White and Williams LLP ............................................................................................Michael Olsan

Under ASC X9, Inc. procedures, a working group may be established to address specific segments of

work under the ASC X9 Committee or one of its subcommittees. A working group exists only to develop

standard(s) or technical report(s) in a specific area and is then disbanded. The individual experts are

listed with their affiliated organizations. However, this does not imply that the organization has approved

the content of the standard or technical report. (Note: Per X9 policy, company names of non-member

participants are listed only if, at the time of publication, the X9 Secretariat received an original signed

release permitting such company names to appear in print.)



ASC X9 TR 34–2019

xii © ASC X9, Inc. 2019– All rights reserved

The X9F6 Cardholder Authentication and ICC’s group which developed this technical report had the

following members:

Steve Case, Chairman

Andrea Beatty, Project Editor

Dan Kinney, Project Editor

Charlie Harrow, Project Editor


ACI Worldwide ......................................................................................................... Doug Grote ACI Worldwide ......................................................................................................... Dan Kinney ACI Worldwide ......................................................................................................... Lisa McKee ACI Worldwide ......................................................................................................... Julie Samson American Bankers Association ................................................................................ Tom Judd American Express Company ................................................................................... Gail Chapman American Express Company ................................................................................... Alan Fong American Express Company ................................................................................... Michael Hyzer American Express Company ................................................................................... Kenneth Mealey American Express Company ................................................................................... David Moore American Express Company ................................................................................... Hing Too American Express Company ................................................................................... Clyde Van Blarcum American Express Company ................................................................................... Kevin Welsh Bank of America ....................................................................................................... Amanda Adams Bank of America ....................................................................................................... Dion Bellamy Bank of America ....................................................................................................... Peter Capraro Bank of America ....................................................................................................... Terrelle Carswell Bank of America ....................................................................................................... Andi Coleman Bank of America ....................................................................................................... Chuck Gruesbeck Bank of America ....................................................................................................... Joel Kazin Bank of America ....................................................................................................... Terry McKinney Bank of America ....................................................................................................... Chris Schrick Bank of America ....................................................................................................... Matthew Sharp Bank of America ....................................................................................................... Michael Smith Bank of America ....................................................................................................... Daniel Welch Bank of America ....................................................................................................... Terri Willis BBVA Compass ....................................................................................................... Omar Jarrar BetterBuyDesign ...................................................................................................... Steve Mott BlackBerry Limited ................................................................................................... Daniel Brown BlackBerry Limited ................................................................................................... John Goyo Bloomberg LP .......................................................................................................... Erik Anderson Capital One .............................................................................................................. Johnny Lee Cipherithm ................................................................................................................ Scott Spiker comforte AG ............................................................................................................. Henning Horst comforte AG ............................................................................................................. Michael Horst Conexxus, Inc. ......................................................................................................... David Ezell Conexxus, Inc. ......................................................................................................... Ann Seki Conexxus, Inc. ......................................................................................................... Alan Thiemann Conexxus, Inc. ......................................................................................................... Linda Toth CUSIP Global Services ............................................................................................ Scott Preiss Deixis, PBC .............................................................................................................. Pamela Bell Deixis, PBC .............................................................................................................. Allen Brown Deixis, PBC .............................................................................................................. Pat Santos Delap LLP ................................................................................................................ Andrea Beatty Delap LLP ................................................................................................................ Diane Bishop



ASC X9 TR 34–2019

© ASC X9, Inc. 2019– All rights reserved xiii

Delap LLP .................................................................................................................David Buchanan Diebold Nixdorf .........................................................................................................Christoph Bruecher Diebold Nixdorf .........................................................................................................Rick Brunt Diebold Nixdorf .........................................................................................................Andrea Carozzi Diebold Nixdorf .........................................................................................................Bruce Chapa Diebold Nixdorf .........................................................................................................Scott Harroff Diebold Nixdorf .........................................................................................................Anne Konecny Diebold Nixdorf .........................................................................................................Michael Nolte Diebold Nixdorf .........................................................................................................Michael Ott Diebold Nixdorf .........................................................................................................David Phister Diebold Nixdorf .........................................................................................................Matthias Runowski Digicert ......................................................................................................................Tim Hollebeek Digicert ......................................................................................................................Steve Medin Discover Financial Services .....................................................................................Debbie Holfeld Discover Financial Services .....................................................................................David Kloser Discover Financial Services .....................................................................................Cheryl Mish Discover Financial Services .....................................................................................Diana Pauliks Discover Financial Services .....................................................................................Julie Quandt Discover Financial Services .....................................................................................Lakshmi Ramanathan Discover Financial Services .....................................................................................Jordan Schaefer Discover Financial Services .....................................................................................Jorge Vargas Federal Reserve Bank ..............................................................................................Patrick Adler Federal Reserve Bank ..............................................................................................Guy Berg Federal Reserve Bank ..............................................................................................Pieralberto Deganello Federal Reserve Bank ..............................................................................................Amanda Dorphy Federal Reserve Bank ..............................................................................................Ken Han Federal Reserve Bank ..............................................................................................Ainsley Hargest Federal Reserve Bank ..............................................................................................Bob Hunt Federal Reserve Bank ..............................................................................................Paul Nunnally Federal Reserve Bank ..............................................................................................Susan Pandy Federal Reserve Bank ..............................................................................................John Rhodes Federal Reserve Bank ..............................................................................................Patti Ritter First Data Corporation ..............................................................................................Scott Carpenter First Data Corporation ..............................................................................................Lisa Curry First Data Corporation ..............................................................................................Jodi Delaney First Data Corporation ..............................................................................................Jacqueline Dill First Data Corporation ..............................................................................................Angela Ghetu First Data Corporation ..............................................................................................Eddie Holland First Data Corporation ..............................................................................................Brian Kean First Data Corporation ..............................................................................................Andres Mendoza First Data Corporation ..............................................................................................Brian Murray First Data Corporation ..............................................................................................Michelle Starkjohn First Data Corporation ..............................................................................................Allisa Walker First National Bank of Omaha ..................................................................................Sherry Rewolinski First National Bank of Omaha ..................................................................................Kristi White FIS ............................................................................................................................Tami Harris Fiserv ........................................................................................................................Bud Beattie Fiserv ........................................................................................................................Dan Otten Futurex ......................................................................................................................Ryan Smith Futurex ......................................................................................................................Tim Weston GEOBRIDGE Corporation ........................................................................................Donna Gem GEOBRIDGE Corporation ........................................................................................Dean Macinskas GEOBRIDGE Corporation ........................................................................................Jason Way Gilbarco ....................................................................................................................Scott Turner Gilbarco ....................................................................................................................Bruce Welch Harland Clarke ..........................................................................................................John McCleary



ASC X9 TR 34–2019

xiv © ASC X9, Inc. 2019– All rights reserved

Hyosung TNS Inc. .................................................................................................... Joe Militello Hyosung TNS Inc. .................................................................................................... JaeWhan Shin IBM Corporation ....................................................................................................... Todd Arnold IBM Corporation ....................................................................................................... Wai Choi IBM Corporation ....................................................................................................... Richard Kisley ID TECH ................................................................................................................... Eric Lecesne Ingenico ................................................................................................................... Steven Bowles Ingenico ................................................................................................................... Wayne Burgess Ingenico ................................................................................................................... Steve McKibben ISARA Corporation .................................................................................................. Mike Brown ISARA Corporation .................................................................................................. Philip Lafrance ISARA Corporation .................................................................................................. Alexander Truskovsky ITS, Inc. (SHAZAM Networks) ................................................................................. Janet LaFrence ITS, Inc. (SHAZAM Networks) ................................................................................. Manish Nathwani J.P. Morgan Chase .................................................................................................. Kathleen Krupa J.P. Morgan Chase .................................................................................................. Jackie Pagán J.P. Morgan Chase .................................................................................................. Darryl Scott K3DES LLC .............................................................................................................. James Richardson Level 10 ................................................................................................................... Allan Elder Lusis Payments Inc. ................................................................................................. Brian Miller Lusis Payments Inc. ................................................................................................. Ki Roth MagTek, Inc. ............................................................................................................ Jeff Duncan MagTek, Inc. ............................................................................................................ Mimi Hart MasterCard Europe Sprl .......................................................................................... Mark Kamers MasterCard Europe Sprl .......................................................................................... Susie Thompson MasterCard Europe Sprl .......................................................................................... Michael Ward Member Emeritus..................................................................................................... Darlene Kargel Member Emeritus..................................................................................................... Lawrence LaBella Member Emeritus..................................................................................................... Richard Sweeney National Institute of Standards and Technology (NIST) .......................................... Elaine Barker National Institute of Standards and Technology (NIST) .......................................... Lawrence Bassham III National Institute of Standards and Technology (NIST) .......................................... Lily Chen National Institute of Standards and Technology (NIST) .......................................... David Cooper National Institute of Standards and Technology (NIST) .......................................... Morris Dworkin National Institute of Standards and Technology (NIST) .......................................... Randall Easter National Institute of Standards and Technology (NIST) .......................................... Sharon Keller National Institute of Standards and Technology (NIST) .......................................... Annabelle Lee National Institute of Standards and Technology (NIST) .......................................... Fernando Podio National Security Agency ......................................................................................... Paul Timmel NCR Corporation ..................................................................................................... Charlie Harrow NCR Corporation ..................................................................................................... Bradford Loewy NCR Corporation ..................................................................................................... Brian Wotherspoon PCI Security Standards Council .............................................................................. Leon Fell PCI Security Standards Council .............................................................................. Troy Leach PCI Security Standards Council .............................................................................. John Markh PCI Security Standards Council .............................................................................. Ralph Poore RSA, The Security Division of EMC ......................................................................... Steve Schmalz SafeNet Infotech Pvt. Ltd. ........................................................................................ Amit Sinha SafeNet Infotech Pvt. Ltd. ........................................................................................ Devesh Tewari TECSEC Incorporated ............................................................................................. Ed Scheidt TECSEC Incorporated ............................................................................................. Dr. Wai Tsang TECSEC Incorporated ............................................................................................. Jay Wack Thales UK Limited.................................................................................................... Colette Broadway Thales UK Limited.................................................................................................... Larry Hines Thales UK Limited.................................................................................................... James Torjussen The Clearing House ................................................................................................. Sharon Jablon



ASC X9 TR 34–2019

© ASC X9, Inc. 2019– All rights reserved xv

The Phoenix Group...................................................................................................Ron Davis The Phoenix Group...................................................................................................Candice Hoft U.S. Bank ..................................................................................................................Stephen Case U.S. Bank ..................................................................................................................Dave Esmond University Bank .........................................................................................................Stephen Ranzini University Bank .........................................................................................................Michael Talley USDA Food and Nutrition Service ............................................................................Erin McBride Utimaco Inc. ..............................................................................................................Susan Langford VeriFone, Inc. ...........................................................................................................John Barrowman VeriFone, Inc. ...........................................................................................................Dave Faoro VeriFone, Inc. ...........................................................................................................LeAnn Hostetler VeriFone, Inc. ...........................................................................................................Chris Madden VeriFone, Inc. ...........................................................................................................Doug Manchester VeriFone, Inc. ...........................................................................................................Joachim Vance VISA ..........................................................................................................................Adam Clark VISA ..........................................................................................................................Hans Van Tilburg VISA ..........................................................................................................................Kim Wagner Wayne Fueling Solutions ..........................................................................................Henry Fieglein Wells Fargo Bank .....................................................................................................Rao Abhijit Wells Fargo Bank .....................................................................................................Sotos Barkas Wells Fargo Bank .....................................................................................................William Felts, IV Wells Fargo Bank .....................................................................................................Andrew Garner Wells Fargo Bank .....................................................................................................Matthew Greenwell Wells Fargo Bank .....................................................................................................Phillip Griffin Wells Fargo Bank .....................................................................................................Sam Grosby Wells Fargo Bank .....................................................................................................Ryan Hegland Wells Fargo Bank .....................................................................................................Calvin Heng Wells Fargo Bank .....................................................................................................Jeff Jacoby Wells Fargo Bank .....................................................................................................Amanda Judge Wells Fargo Bank .....................................................................................................Brian Keltner Wells Fargo Bank .....................................................................................................Jan Kohl Wells Fargo Bank .....................................................................................................Eric Lengvenis Wells Fargo Bank .....................................................................................................Garrett Macey Wells Fargo Bank .....................................................................................................Olatunde Ojolola Wells Fargo Bank .....................................................................................................Brian Parks Wells Fargo Bank .....................................................................................................Doug Pelton Wells Fargo Bank .....................................................................................................Tim Plantand Wells Fargo Bank .....................................................................................................Mark Schaffer Wells Fargo Bank .....................................................................................................Jeff Stapleton Wells Fargo Bank .....................................................................................................Tony Stieber Wells Fargo Bank .....................................................................................................Tony Suarez White and Williams LLP ............................................................................................Clay Epstein White and Williams LLP ............................................................................................Sandra Lambert

This document is the second release of this technical report.

This document is used in conjunction with ANSI X9.24-2.



ASC X9 TR 34–2019

16 © ASC X9, Inc. 2019– All rights reserved

Interoperable Method for Distribution of Symmetric Keys using Asymmetric Techniques: Part 1 – Using Factoring-Based Public Key Cryptography Unilateral Key Transport

1 Scope

This document describes a method consistent with the requirements of ANS X9.24-2 Retail Financial

Services Symmetric Key Management - Part 2: Using Asymmetric Techniques for the Distribution of

Symmetric Keys for the secure exchange of keys using asymmetric techniques between two devices that

share asymmetric keys. This method is designed to operate within the existing capabilities of devices

used in the retail financial services industry.

This is an implementation of the Unilateral Key Transport Method defined in ANS X9.24-2.

This document is not a security standard and is not intended to establish security requirements. It is

intended instead to provide an interoperable method of implementing security requirements and policies.

ANS X9.24-2 describes the security requirements for systems that distribute symmetric keys using

asymmetric techniques. The security requirements are consistent across all systems; ANS X9.24-2 does

not distinguish between types of systems or alter the security requirements depending upon the

environment of the entities in the system. While this is the correct approach for security requirements, the

implementation requirements on systems will vary depending upon the properties of the system.

This document specifies an interoperable method for one particular situation – the Distribution of

Symmetric Keys using Asymmetric Techniques from a Single Key Distribution Host (KDH) to many Key

Receiving Devices (KRDs). The KDH is assumed to be operated in a controlled environment (as

specified in reference 8); the KRDs may operate in uncontrolled environments.

This interoperable method could also be used to exchange keys between peers, where one is

administratively designated as the KDH and one as the KRD.

The KDH and the KRD are assumed to have an administrative understanding of the type and key

characteristics of the symmetric key that is exchanged, as for a terminal master key. As such, the key

exchanged is treated by this protocol as a binary blob.

This document uses the term KRD to denote the Key Receiving Device; The KRD is a Tamper Resistant

Security Module (TRSM) such as a PIN Encrypting Device (PED), an Encrypting PIN PAD (EPP), or a

Host Security Module (HSM).

Within the confines of this protocol, the KRD can only respond to commands from a KDH, i.e. the KRD is

a slave KRD. However, the communication may be initiated by the KRD, KDH or some other component

such as a terminal management system.

This part of TR34 describes an interoperable protocol for devices using:



ASC X9 TR 34 2019 Interoperable Method for Distribution of ...

Documents

Transcript of ASC X9 TR 34 2019 Interoperable Method for Distribution of ...