ASC/X9 - ANSI X9.73
Cryptographic Message Syntax - ASN.1 and XML
|Publication Date:||28 September 2017|
This standard specifies a cryptographic syntax scheme that can be used to protect financial transactions, files and other messages from unauthorized disclosure and modification. The cryptographic syntax scheme is based on an abstract Cryptographic Message Syntax (CMS) schema whose concrete values can be represented using either a compact, efficient, binary encoding, or as a flexible, human-readable, XML markup format. The syntax scheme has the following characteristics:
1) Protected messages are represented as XML markup using the Canonical XML Encoding Rules (cXER), or represented in a binary format that is backward compatible with existing deployed systems. These systems rely on cryptographic message syntax, using the Basic Encoding Rules (BER) or the canonical subset of BER, the Distinguished Encoding Rules (DER).
2) Messages are protected independently. There is no cryptographic sequencing (e.g., cipher block chaining) between messages. There need not be any real time connection between the sender and recipient of the message. This makes the syntax suitable for use over store-and-forward systems, e.g. Automated Clearing House (ACH) or Society for Worldwide Interbank Financial Telecommunication (SWIFT).
3) Standard attributes are defined using an extensible design to allow any organization with a need to define additional attributes for any purpose. Attributes are defined that allow Security Assertion Markup Language (SAML) and Extensible Markup Language (XML) Key Management Specification (XKMS) content to be carried in each of the cryptographic types defined in X9.73.
4) The syntax is cryptographic algorithm independent and extensible. It supports provision of data confidentiality using encryption and tokenization techniques, data integrity, data origin authentication, and non-repudiation services. Any algorithm may be used for message encryption, digital signature, signcryption, MAC, and key management. A variety of key management techniques are supported, including key exchange, key agreement, password-based encryption and constructive key management.
5) Selective field protection can be provided in two ways. First, they can be protected by combining multiple instances of this syntax into a composite message. Second, they can be protected in a single message by using identifier and markup tag names and content specific manifests that are cryptographically bound to content to select message components. This approach allows reusable message components to be moved between documents without affecting the validity of the signature.
6) Precise message encoding and detailed cryptographic processing requirements of binary and XML markup message representations are provided.
Simple Object Application Protocol (SOAP) message extensions are defined for each of the cryptographic types defined in X9.73 to enable protection of financial services information in Web Services environments.