16.6 X9.17 KEY EXCHANGE ARCHITECTURE [ANSI, 1985]
X9.17 is a standard of the American National Standards Institute describing the key handling recommendations for the financial industry. It proposes a hierarchy of keys:
- Nodes at the lowest two levels store data key(s) (KD) used to encipher transaction data;
- Nodes at all of the levels contain key encrypting keys (KK) used to transfer keys between adjacent layers.
X9.17 uses a symmetric key cryptosystem and the following general principle applies.
1. | Whenever two nodes encipher data using a symmetric key cryptosystem, the key must be available at both nodes. |
2. | Whenever two nodes compute a message authentication code (MAC) using a symmetric key cryptosystem, the key must be available at both nodes. |
Depicted in Figure 16.6 is a three-level hierarchy; in each level, keys are stored in a secure database identified by (NID_xy, key_xy) where #x and #y identify the node and level with which the key will be used.
- A key distribution center (CDK) is a facility that manages the distribution of data keys to the nodes. The key translation center (CTK) acts for the CDK and generates and distributes keys, enciphered under some key encrypting key, to the nodes.
- X9.17 uses the data encryption algorithm (DEA), also known as DES, to perform the encipherment of keys and data. The syntax is DEAkey {cleartext} where
– key = KD, cleartext = data message, or
– key = KK, cleartext = KD.
Triple DEA encipherment with syntax may be used to deliver ...
Get Computer Security and Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.