draft-ietf-keyprov-portable-symmetric-key-container-01.txt   draft-ietf-keyprov-portable-symmetric-key-container-02.txt 
keyprov P. Hoyer keyprov P. Hoyer
Internet-Draft ActivIdentity Internet-Draft ActivIdentity
Intended status: Standards Track M. Pei Intended status: Standards Track M. Pei
Expires: March 31, 2008 VeriSign Expires: May 9, 2008 VeriSign
S. Machani S. Machani
Diversinet Diversinet
S. Chang S. Chang
Gemalto Gemalto
September 28, 2007 November 6, 2007
Portable Symmetric Key Container Portable Symmetric Key Container
draft-ietf-keyprov-portable-symmetric-key-container-01.txt draft-ietf-keyprov-portable-symmetric-key-container-02.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 39 skipping to change at page 1, line 39
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 31, 2008. This Internet-Draft will expire on May 9, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
This document specifies a symmetric key format for transport and This document specifies a symmetric key format for transport and
provisioning of symmetric keys (One Time Password (OTP) shared provisioning of symmetric keys (One Time Password (OTP) shared
secrets or symmetric cryptographic keys) to different types of strong secrets or symmetric cryptographic keys) to different types of strong
skipping to change at page 2, line 42 skipping to change at page 2, line 42
3.2.1. Online provisioning a credential to end-user's 3.2.1. Online provisioning a credential to end-user's
authentication token . . . . . . . . . . . . . . . . . 7 authentication token . . . . . . . . . . . . . . . . . 7
3.2.2. Server to server provisioning of credentials . . . . . 8 3.2.2. Server to server provisioning of credentials . . . . . 8
3.2.3. Online update of an existing authentication token 3.2.3. Online update of an existing authentication token
credential . . . . . . . . . . . . . . . . . . . . . . 8 credential . . . . . . . . . . . . . . . . . . . . . . 8
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 9 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 9
5. Symmetric Key Attributes . . . . . . . . . . . . . . . . . . . 11 5. Symmetric Key Attributes . . . . . . . . . . . . . . . . . . . 11
5.1. Common Attributes . . . . . . . . . . . . . . . . . . . . 11 5.1. Common Attributes . . . . . . . . . . . . . . . . . . . . 11
5.1.1. Data (OPTIONAL) . . . . . . . . . . . . . . . . . . . 11 5.1.1. Data (OPTIONAL) . . . . . . . . . . . . . . . . . . . 11
5.1.2. KeyAlgorithm (MANDATORY) . . . . . . . . . . . . . . . 11 5.1.2. KeyAlgorithm (MANDATORY) . . . . . . . . . . . . . . . 11
5.1.3. Usage (MANDATORY) . . . . . . . . . . . . . . . . . . 11 5.1.3. Usage (MANDATORY) . . . . . . . . . . . . . . . . . . 12
5.1.4. KeyId (MANDATORY) . . . . . . . . . . . . . . . . . . 12 5.1.4. KeyId (MANDATORY) . . . . . . . . . . . . . . . . . . 13
5.1.5. Issuer (MANDATORY) . . . . . . . . . . . . . . . . . . 12 5.1.5. Issuer (MANDATORY) . . . . . . . . . . . . . . . . . . 13
5.1.6. FriendlyName (OPTIONAL) . . . . . . . . . . . . . . . 12 5.1.6. FriendlyName (OPTIONAL) . . . . . . . . . . . . . . . 13
5.1.7. AccessRules (OPTIONAL) . . . . . . . . . . . . . . . . 12 5.1.7. AccessRules (OPTIONAL) . . . . . . . . . . . . . . . . 13
5.1.8. EncryptionMethod (MANDATORY when 'Data' attribute 5.1.8. EncryptionMethod (MANDATORY when 'Data' attribute
is encrypted)) . . . . . . . . . . . . . . . . . . . . 12 is encrypted)) . . . . . . . . . . . . . . . . . . . . 13
5.1.9. DigestMethod (MANDATORY when Digest is present) . . . 13 5.1.9. DigestMethod (MANDATORY when Digest is present) . . . 14
5.1.10. OTP and CR specific Attributes (OPTIONAL) . . . . . . 13 5.1.10. OTP and CR specific Attributes (OPTIONAL) . . . . . . 14
6. Key container XML schema definitions . . . . . . . . . . . . . 17 5.1.11. Logo (OPTIONAL) . . . . . . . . . . . . . . . . . . . 17
6.1. XML Schema Types . . . . . . . . . . . . . . . . . . . . . 17 6. Key container XML schema definitions . . . . . . . . . . . . . 18
6.1.1. KeyType . . . . . . . . . . . . . . . . . . . . . . . 18 6.1. XML Schema Types . . . . . . . . . . . . . . . . . . . . . 18
6.1.2. UsageType . . . . . . . . . . . . . . . . . . . . . . 20 6.1.1. KeyType . . . . . . . . . . . . . . . . . . . . . . . 19
6.1.2. UsageType . . . . . . . . . . . . . . . . . . . . . . 21
6.1.3. DeviceType . . . . . . . . . . . . . . . . . . . . . . 22 6.1.3. DeviceType . . . . . . . . . . . . . . . . . . . . . . 22
6.1.4. DeviceIdType . . . . . . . . . . . . . . . . . . . . . 22 6.1.4. DeviceIdType . . . . . . . . . . . . . . . . . . . . . 23
6.1.5. UserType Type . . . . . . . . . . . . . . . . . . . . 23 6.1.5. UserType Type . . . . . . . . . . . . . . . . . . . . 24
6.1.6. KeyContainerType . . . . . . . . . . . . . . . . . . . 24 6.1.6. KeyContainerType . . . . . . . . . . . . . . . . . . . 25
6.1.7. EncryptionMethodType . . . . . . . . . . . . . . . . . 25 6.1.7. EncryptionMethodType . . . . . . . . . . . . . . . . . 26
6.1.8. DigestMethodType . . . . . . . . . . . . . . . . . . . 26 6.1.8. DigestMethodType . . . . . . . . . . . . . . . . . . . 28
6.1.9. AlgorithmIdentifierType . . . . . . . . . . . . . . . 27 6.2. KeyAlgorithmType . . . . . . . . . . . . . . . . . . . . . 29
6.2. EncryptionAlgorithmType . . . . . . . . . . . . . . . . . 28 6.3. ValueFormat . . . . . . . . . . . . . . . . . . . . . . . 29
6.3. HashAlgorithmType . . . . . . . . . . . . . . . . . . . . 30 6.4. Data elements . . . . . . . . . . . . . . . . . . . . . . 29
6.4. DigestAlgorithmType . . . . . . . . . . . . . . . . . . . 30 6.4.1. KeyContainer . . . . . . . . . . . . . . . . . . . . . 29
6.5. KeyAlgorithmType . . . . . . . . . . . . . . . . . . . . . 31 7. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 31
6.6. valueFormat . . . . . . . . . . . . . . . . . . . . . . . 33 8. Security Considerations . . . . . . . . . . . . . . . . . . . 39
6.7. Data elements . . . . . . . . . . . . . . . . . . . . . . 33 8.1. Payload confidentiality . . . . . . . . . . . . . . . . . 39
6.7.1. KeyContainer . . . . . . . . . . . . . . . . . . . . . 33 8.2. Payload integrity . . . . . . . . . . . . . . . . . . . . 40
7. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 35 8.3. Payload authenticity . . . . . . . . . . . . . . . . . . . 40
8. Security Considerations . . . . . . . . . . . . . . . . . . . 41 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 41
8.1. Payload confidentiality . . . . . . . . . . . . . . . . . 41 10. Appendix A - Example Symmetric Key Containers . . . . . . . . 42
8.2. Payload integrity . . . . . . . . . . . . . . . . . . . . 42
8.3. Payload authenticity . . . . . . . . . . . . . . . . . . . 42
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 43
10. Appendix A - Example Symmetric Key Containers . . . . . . . . 44
10.1. Symmetric Key Container with a single Non-Encrypted 10.1. Symmetric Key Container with a single Non-Encrypted
HOTP Secret Key . . . . . . . . . . . . . . . . . . . . . 44 HOTP Secret Key . . . . . . . . . . . . . . . . . . . . . 42
10.2. Symmetric Key Container with a single Password-based 10.2. Symmetric Key Container with a single Password-based
Encrypted HOTP Secret Key . . . . . . . . . . . . . . . . 45 Encrypted HOTP Secret Key . . . . . . . . . . . . . . . . 42
11. Normative References . . . . . . . . . . . . . . . . . . . . . 46 11. Normative References . . . . . . . . . . . . . . . . . . . . . 44
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 48 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 46
Intellectual Property and Copyright Statements . . . . . . . . . . 49 Intellectual Property and Copyright Statements . . . . . . . . . . 47
1. Introduction 1. Introduction
With increasing use of symmetric key based authentication systems With increasing use of symmetric key based authentication systems
such as systems based one time password (OTP) and challenge response such as systems based one time password (OTP) and challenge response
mechanisms, there is a need for vendor interoperability and a mechanisms, there is a need for vendor interoperability and a
standard format for importing, exporting or provisioning symmetric standard format for importing, exporting or provisioning symmetric
key based credentials from one system to another. Traditionally key based credentials from one system to another. Traditionally
authentication server vendors and service providers have used authentication server vendors and service providers have used
proprietary formats for importing, exporting and provisioning these proprietary formats for importing, exporting and provisioning these
skipping to change at page 4, line 39 skipping to change at page 4, line 39
interoperability such as the initial event counter used in the HOTP interoperability such as the initial event counter used in the HOTP
algorithm [HOTP]. It is also applicable for other time-based or algorithm [HOTP]. It is also applicable for other time-based or
proprietary algorithms. proprietary algorithms.
To provide an analogy, in public key environments the PKCS#12 format To provide an analogy, in public key environments the PKCS#12 format
[PKCS12] is commonly used for importing and exporting private keys [PKCS12] is commonly used for importing and exporting private keys
and certificates between systems. In the environments outlined in and certificates between systems. In the environments outlined in
this document where OTP credentials may be transported directly down this document where OTP credentials may be transported directly down
to smartcards or devices with limited computing capabilities, a to smartcards or devices with limited computing capabilities, a
format with small (size in bytes) and explicit shared secret format with small (size in bytes) and explicit shared secret
configuration attribute information is desirable, avoding complexity configuration attribute information is desirable, avoiding complexity
of PKCS#12. For example, one would have to use opaque data within of PKCS#12. For example, one would have to use opaque data within
PKCS#12 to carry shared secret attributes used for OTP calculations, PKCS#12 to carry shared secret attributes used for OTP calculations,
wherears a more explicit attribute schema definition is better for whereas a more explicit attribute schema definition is better for
interoperation and efficiency. interoperability and efficiency.
2. Conventions used in this document 2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
In examples, "C:" and "S:" indicate lines sent by the client and In examples, "C:" and "S:" indicate lines sent by the client and
server respectively. server respectively.
skipping to change at page 11, line 18 skipping to change at page 11, line 18
the type of the key its usage and associated meta-information the type of the key its usage and associated meta-information
required during the provisioning, configuration, access or usage in required during the provisioning, configuration, access or usage in
the host device. the host device.
5.1. Common Attributes 5.1. Common Attributes
5.1.1. Data (OPTIONAL) 5.1.1. Data (OPTIONAL)
Defines the data attributes of the symmetric key. Each is a name Defines the data attributes of the symmetric key. Each is a name
value pair which has both a base64 encoded value and a base 64 value pair which has both a base64 encoded value and a base 64
encoded valueDigest. The value can be encrypted. If the container encoded ValueDigest. The value can be encrypted. If the container
has been encrypted the valueDigest MUST be populated with the digest has been encrypted the ValueDigest MUST be populated with the digest
of the unencrypted value. of the unencrypted value.
This is also where the key value is held, therefore the follwoing This is also where the key value is held, therefore the following
list of attribute names have been reserved: list of attribute names have been reserved:
SECRET: the shared secret key value in binary, base64 encoded SECRET: the shared secret key value in binary, base64 encoded
COUNTER: the event counter for event based OTP algorithms. 8 bytes COUNTER: the event counter for event based OTP algorithms. 8 bytes
unsigned integer in big endian (i.e. network byte order) form unsigned integer in big endian (i.e. network byte order) form
base64 encoded base64 encoded
TIME: the time for time based OTP algorithms. 8 bytes unsigned TIME: the time for time based OTP algorithms. 8 bytes unsigned
integer in big endian (i.e. network byte order) form base64 integer in big endian (i.e. network byte order) form base64
encoded (Number of seconds since 1970) encoded (Number of seconds since 1970)
TIME_INTERVAL: the time interval value for time based OTP TIME_INTERVAL: the time interval value for time based OTP
algorithms. 8 bytes unsigned integer in big endian (i.e. network algorithms. 8 bytes unsigned integer in big endian (i.e. network
byte order) form base64 encoded. byte order) form base64 encoded.
TIME_DRIFT: the device clock drift value for time based OTP
algorithms. The value indicates number of seconds that the device
clock may drift each day. 2 bytes unsigned integer in big endian
(i.e. network byte order) form base64 encoded.
5.1.2. KeyAlgorithm (MANDATORY) 5.1.2. KeyAlgorithm (MANDATORY)
Defines the type of algorithm of the secret key and MUST be set to Defines the type of algorithm of the secret key. The following
one of the values defined in Section 6.5. If 'OTHER' is specified an algorithm URIs are among the default support list.
extension value MUST be set in the 'ext-KeyAlgorithm' attribute.
o http://www.w3.org/2001/04/xmlenc#tripledes-cbc
o http://www.w3.org/2001/04/xmlenc#aes128-cbc
o http://www.w3.org/2001/04/xmlenc#aes192-cbc
o http://www.w3.org/2001/04/xmlenc#aes256-cbc
o http://www.ietf.org/keyprov/pskc#hotp
5.1.2.1. OTP Key Algorithm Identifiers
OTP key algorithm URIs have not been defined in a commonly available
standard specification. This document defines the following URIs for
the known open standard OTP algorithms.
5.1.2.1.1. HOTP
Standard document: RFC4226
Identifier: http://www.ietf.org/keyprov/pskc#hotp
Note that the actual URL will be finalized once a URL for this
document is determined.
5.1.2.1.2. Other OTP Algorithms
An implementation should refer to vendor supplied OTP key algorithm
URIs for proprietary algorithms.
5.1.3. Usage (MANDATORY) 5.1.3. Usage (MANDATORY)
Defines the intended usage of the key and is a combination of one or Defines the intended usage of the key and is a combination of one or
more of the following (set to true): more of the following (set to true):
OTP: the key will be used for OTP generation OTP: the key will be used for OTP generation
CR: the key will be used for Challenge/Response purposes CR: the key will be used for Challenge/Response purposes
ENCRYPT: the key will be used for data encryption purposes Encrypt: the key will be used for data encryption purposes
SIGN: the key will be used to generate a signature or keyed Sign: the key will be used to generate a signature or keyed
hashing for data integrity or authentication purposes. hashing for data integrity or authentication purposes.
UNLOCK: the key will be used for an inverse challenge response in Unlock: the key will be used for an inverse challenge response in
the case a user has locked the device by entering a wrong PIN too the case a user has locked the device by entering a wrong PIN too
many times (for devices with PIN-input capability) many times (for devices with PIN-input capability)
Additional attributes that are specific to the usage type MAY be Additional attributes that are specific to the usage type MAY be
required. Section 6.1 describes OTP and CR specific attributes. required. Section 6.1 describes OTP and CR specific attributes.
5.1.4. KeyId (MANDATORY) 5.1.4. KeyId (MANDATORY)
A unique and global identifier of the symmetric key. The identifier A unique and global identifier of the symmetric key. The identifier
is defined as a string of alphanumeric characters. is defined as a string of alphanumeric characters.
5.1.5. Issuer (MANDATORY) 5.1.5. Issuer (MANDATORY)
The key issuer name, this is normally the name of the organisation The key issuer name, this is normally the name of the organization
that issues the key to the end user of the key. For example MyBank that issues the key to the end user of the key. For example MyBank
issuing hardware tokens to their retail banking users 'MyBank' would issuing hardware tokens to their retail banking users 'MyBank' would
be the issuer. The Issuer is defined as a String. be the issuer. The Issuer is defined as a String.
5.1.6. FriendlyName (OPTIONAL) 5.1.6. FriendlyName (OPTIONAL)
The user friendly name that is assigned to the secret key for easy The user friendly name that is assigned to the secret key for easy
reference. The FriendlyName is defined as a String. reference. The FriendlyName is defined as a String.
5.1.7. AccessRules (OPTIONAL) 5.1.7. AccessRules (OPTIONAL)
Defines a set of access rules and policies for the protection of the Defines a set of access rules and policies for the protection of the
key on the host Device. Currently only the userPIN policy is key on the host Device. Currently only the UserPIN policy is
defined. The userPIN policy specifies whether the user MUST enter a defined. The UserPIN policy specifies whether the user MUST enter a
PIN (for devices with PIN input capability) in order to unlock or PIN (for devices with PIN input capability) in order to unlock or
authenticate to the device hosting the key container. The userPIN is authenticate to the device hosting the key container. The UserPIN is
defined as a Boolean (TRUE or FALSE). When the user PIN is required, defined as a Boolean (TRUE or FALSE). When the user PIN is required,
the policy MUST be set to TRUE. If the userPIN is NOT provided, the policy MUST be set to TRUE. If the UserPIN is NOT provided,
implementations SHALL default the value to FALSE. implementations SHALL default the value to FALSE.
5.1.8. EncryptionMethod (MANDATORY when 'Data' attribute is encrypted)) 5.1.8. EncryptionMethod (MANDATORY when 'Data' attribute is encrypted))
Identifies the encryption algorithm and possible parameters used to Identifies the encryption algorithm and possible parameters used to
protect the Secret Key data in the container and MUST be set to one protect the Secret Key data in the container. The encryption
of the values defined in Section 6.2. If 'OTHER' is specified an algorithm URI can be one of the following.
extension value MUST be set in the 'ext-algorithm' attribute.
When the value is set to NONE, implementations SHALL ensure the o http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#pbes2
o http://www.w3.org/2001/04/xmlenc#tripledes-cbc
o http://www.w3.org/2001/04/xmlenc#aes128-cbc
o http://www.w3.org/2001/04/xmlenc#aes192-cbc
o http://www.w3.org/2001/04/xmlenc#aes256-cbc
o http://www.w3.org/2001/04/xmlenc#rsa-1_5
o http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
o http://www.w3.org/2001/04/xmlenc#kw-tripledes
o http://www.w3.org/2001/04/xmlenc#kw-aes128
o http://www.w3.org/2001/04/xmlenc#kw-aes256
o http://www.w3.org/2001/04/xmlenc#kw-aes512
When an PBE algorithm is used for encryption, the URI
http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#pbes2 and the
encryption algorithm in PBEEncryptionParamType defines the exact PBE
key derivation and encryption algorithms.
When the value is not provided, implementations SHALL ensure the
privacy of the key data through other standard mechanisms e.g. privacy of the key data through other standard mechanisms e.g.
transport level encryption. transport level encryption.
When the container (payload) contains more than one key and When the container (payload) contains more than one key and
EncryptionMethod is different from NONE, the same encryption key MUST EncryptionMethod is specified, the same encryption key MUST be used
be used to encrypt all the key data elements in the container. to encrypt all the key data elements in the container.
5.1.9. DigestMethod (MANDATORY when Digest is present) 5.1.9. DigestMethod (MANDATORY when Digest is present)
Identifies the algorithm and possible parameters used to generate a Identifies the algorithm and possible parameters used to generate a
digest of the the Secret Key data. The digest guarantees the digest of the the Secret Key data. The digest guarantees the
integrity and the authenticity of the key data. The Digest algorithm integrity and the authenticity of the key data.
MUST be set to one of the values defined in Section 6.4. If 'OTHER'
is specified an extension value MUST be set in the 'ext-algorithm'
attribute.
See Section 6.1.8 for more information on Digest data value type. See Section 6.1.8 for more information on Digest data value type.
5.1.10. OTP and CR specific Attributes (OPTIONAL) 5.1.10. OTP and CR specific Attributes (OPTIONAL)
When the key usage is set to OTP or CR, additional attributes MUST be When the key usage is set to OTP or CR, additional attributes MUST be
provided to support the OTP and/or the response computation as provided to support the OTP and/or the response computation as
required by the underlying algorithm and to customize or configure required by the underlying algorithm and to customize or configure
the outcome of the computation (format, length and usage modes). the outcome of the computation (format, length and usage modes).
5.1.10.1. ChallengeFormat (MANDATORY) 5.1.10.1. ChallengeFormat (MANDATORY)
The ChallengeFormat attribute defines the characteristics of the The ChallengeFormat attribute defines the characteristics of the
challenge in a CR usage scenario. The Challenge attribute is defined challenge in a CR usage scenario. The Challenge attribute is defined
by the following sub-attributes: by the following sub-attributes:
1. Format (MANDATORY) 1. Format (MANDATORY)
Defines the format of the challenge accepted by the device and Defines the format of the challenge accepted by the device and
MUST be one of the values defined in Section 6.6 MUST be one of the values defined in Section 6.3
2. CheckDigit (OPTIONAL) 2. CheckDigit (OPTIONAL)
Defines if the device needs to check the appended Luhn check Defines if the device needs to check the appended Luhn check
digit contained in a provided challenge. This is only valid digit contained in a provided challenge. This is only valid
if the Format attribute is'DECIMAL'. Value MUST be: if the Format attribute is'DECIMAL'. Value MUST be:
TRUE device will check the appended Luhn check digit in a TRUE device will check the appended Luhn check digit in a
provided challenge provided challenge
FALSE device will not check appended Luhn check digit in FALSE device will not check appended Luhn check digit in
skipping to change at page 15, line 8 skipping to change at page 16, line 17
5.1.10.2. ResponseFormat (MANDATORY) 5.1.10.2. ResponseFormat (MANDATORY)
The ResponseFormat attribute defines the characteristics of the The ResponseFormat attribute defines the characteristics of the
result of a computation. This defines the format of the OTP or of result of a computation. This defines the format of the OTP or of
the response to a challenge. The Response attribute is defined by the response to a challenge. The Response attribute is defined by
the following sub-attributes: the following sub-attributes:
1. Format (MANDATORY) 1. Format (MANDATORY)
Defines the format of the response generated by the device and Defines the format of the response generated by the device and
MUST be one of the values defined in Section 6.6 MUST be one of the values defined in Section 6.3
2. CheckDigit (OPTIONAL) 2. CheckDigit (OPTIONAL)
Defines if the device needs to append a Luhn check digit to Defines if the device needs to append a Luhn check digit to
the response. This is only valid if the Format attribute the response. This is only valid if the Format attribute is
is'DECIMAL'. Value MUST be: 'DECIMAL'. Value MUST be:
TRUE device will append a Luhn check digit to the response. TRUE device will append a Luhn check digit to the response.
FALSE device will not append a Luhn check digit to the FALSE device will not append a Luhn check digit to the
response. response.
3. Length (MANDATORY) 3. Length (MANDATORY)
Defines the length of the response generated by the device. Defines the length of the response generated by the device.
skipping to change at page 17, line 5 skipping to change at page 17, line 33
TransactionCurrencyCode TransactionCurrencyCode
AmountAuthorised AmountAuthorised
IIPB IIPB
These values are not contained within attributes in the container but These values are not contained within attributes in the container but
are shared between the manufacturing and the validation service are shared between the manufacturing and the validation service
through this unique AppProfileId. through this unique AppProfileId.
5.1.11. Logo (OPTIONAL)
Specifies the logo image information associated with a key. The logo
type is defined in a separate schema file with namespace
urn:ietf:params:xml:ns:keyprov:logo:1.0.
6. Key container XML schema definitions 6. Key container XML schema definitions
The portable key container is defined by the following entities: The portable key container is defined by the following entities:
1. KeyContainer entity 1. KeyContainer entity
2. Device entity 2. Device entity
3. Key entity 3. Key entity
skipping to change at page 18, line 21 skipping to change at page 19, line 21
<sequence> <sequence>
<element name="Issuer" type="string"/> <element name="Issuer" type="string"/>
<element name="Usage" type="pskc:UsageType"/> <element name="Usage" type="pskc:UsageType"/>
<element name="FriendlyName" type="string" minOccurs="0"/> <element name="FriendlyName" type="string" minOccurs="0"/>
<element name="Data" type="pskc:DataType" minOccurs="0" <element name="Data" type="pskc:DataType" minOccurs="0"
maxOccurs="unbounded"/> maxOccurs="unbounded"/>
<element name="AccessRules" minOccurs="0"> <element name="AccessRules" minOccurs="0">
<complexType> <complexType>
<simpleContent> <simpleContent>
<extension base="string"> <extension base="string">
<attribute name="userPIN" type="boolean" <attribute name="UserPIN" type="boolean"
default="false"/> default="false"/>
</extension> </extension>
</simpleContent> </simpleContent>
</complexType> </complexType>
</element> </element>
<element name="Logo" type="logo:LogoType" minOccurs="0"/> <element name="Logo" type="logo:LogoType" minOccurs="0"/>
<element name="Expiry" type="string" minOccurs="0"/> <element name="Expiry" type="string" minOccurs="0"/>
</sequence> </sequence>
<attribute name="KeyId" type="string" use="required"/> <attribute name="KeyId" type="string" use="required"/>
<attribute name="KeyAlgorithm" type= <attribute name="KeyAlgorithm" type=
"pskc:KeyAlgorithmType" use="required"/> "pskc:KeyAlgorithmType" use="required"/>
<attribute name="ext-KeyAlgorithm" type="string"/>
</complexType> </complexType>
The components of the KeyType have the following meanings (see The components of the KeyType have the following meanings (see
Section 5 for further information): Section 5 for further information):
o <Usage> of type UsageType defines the usage of the Secret Key. The o <Usage> of type UsageType defines the usage of the Secret Key. The
Usage attribute is described in Section 5.1.3. Usage attribute is described in Section 5.1.3.
o <Issuer> identifies the issuer of the Secret Key. The Issuer o <Issuer> identifies the issuer of the Secret Key. The Issuer
attribute is described in Section 5.1.5. attribute is described in Section 5.1.5.
skipping to change at page 19, line 12 skipping to change at page 20, line 12
encrypted, in this case a digest of the non-encrypted data is encrypted, in this case a digest of the non-encrypted data is
present. The <Data> component is further described below. present. The <Data> component is further described below.
o <AccessRules> Defines the rules for accessing the credential on o <AccessRules> Defines the rules for accessing the credential on
the device e.g. a password must be provided by the user to view the device e.g. a password must be provided by the user to view
credential info or use the credential to generate an OTP response credential info or use the credential to generate an OTP response
o KeyId is a global identifier of the Secret Key. See Section 5.1.4. o KeyId is a global identifier of the Secret Key. See Section 5.1.4.
o KeyAlgorithm defines the algorithm used with the Secret Key. The o KeyAlgorithm defines the algorithm used with the Secret Key. The
type values are defined in Section 6.5. If 'OTHER' is specified type values are defined in Section 6.2.
an extension value MUST be set in the 'ext-KeyAlgorithm'
attribute.
o ext-KeyAlgorithm is the extension point for KeyAlgorithms not
already defined Section 6.5
o Logo of type LogoType associates display logos with this Secret o Logo of type LogoType associates display logos with this Secret
Key Key
o Expiry defines the expiry date of the Secret Key in format DD/MM/ o Expiry defines the expiry date of the Secret Key in format DD/MM/
YYYY YYYY
The <Data> element is of type <DataType> and is defined as follows: The <Data> element is of type <DataType> and is defined as follows:
<complexType name="DataType"> <complexType name="DataType">
<sequence> <sequence>
<element name="Value" type="base64Binary"/> <element name="Value" type="base64Binary"/>
<element name="ValueDigest" type="base64Binary" minOccurs="0"/> <element name="ValueDigest" type="base64Binary" minOccurs="0"/>
<attribute name="Name" type="string" use="required"/> <attribute name="Name" type="string" use="required"/>
</sequence> </sequence>
</complexType> </complexType>
The 'Name' attribute defines the name of the name-value pair, the The 'Name' attribute defines the name of the name-value pair, the
follwoing list of attribute names have been reserved: following list of attribute names have been reserved:
SECRET: the key key value in binary, base64 encoded SECRET: the key key value in binary, base64 encoded
COUNTER: the event counter for event based OTP algorithms. 8 bytes COUNTER: the event counter for event based OTP algorithms. 8 bytes
unsigned integer in big endian (i.e. network byte order) form unsigned integer in big endian (i.e. network byte order) form
base64 encoded base64 encoded
TIME: the time for time based OTP algorithms. 8 bytes unsigned TIME: the time for time based OTP algorithms. 8 bytes unsigned
integer in big endian (i.e. network byte order) form base64 integer in big endian (i.e. network byte order) form base64
encoded (Number of seconds since 1970) encoded (Number of seconds since 1970)
skipping to change at page 20, line 11 skipping to change at page 21, line 5
TIME_INTERVAL: the time interval value for time based OTP TIME_INTERVAL: the time interval value for time based OTP
algorithms. 8 bytes unsigned integer in big endian (i.e. network algorithms. 8 bytes unsigned integer in big endian (i.e. network
byte order) form base64 encoded. byte order) form base64 encoded.
The <Value> element in the DataType conveys the value of the name- The <Value> element in the DataType conveys the value of the name-
value pair in base 64 encoding. The value MAY be encrypted or in value pair in base 64 encoding. The value MAY be encrypted or in
clear text as per the EncryptionMethod data element in the clear text as per the EncryptionMethod data element in the
KeyContainer (see Section 6.1.6 for details about KeyContainerType). KeyContainer (see Section 6.1.6 for details about KeyContainerType).
When the value is encrypted, the digest value in 'ValueDigest' MUST When the value is encrypted, the digest value in 'ValueDigest' MUST
be provided. The digest MUST be calculated on the unencrypted value be provided. The digest MUST be calculated on the unencrypted value
and MUST use one of the Digest algorithms specified in and MUST use the Digest algorithms specified in DigestMethodType
DigestMethodType element of the KeyContainer. The MAC key for the element of the KeyContainer. The MAC key for the MAC calculation
MAC calculation should use the same key as the encryption key should use the same key as the encryption key specified in the
specified in the EncryptionMethod unless a separate MAC key is EncryptionMethod unless a separate MAC key is specified. When PBE
specified. When PBE method is used for encryption, a different method is used for encryption, a different password is recommended
password is recommended for the MAC key derivation. When the key for the MAC key derivation. When the key data is in clear text, the
data is in clear text, the KeyContainer payload signature MAY be used KeyContainer payload signature MAY be used to check the integrity of
to check the integrity of the key octets. the key octets.
6.1.2. UsageType 6.1.2. UsageType
The UsageType defines the usage attribute of the key entity. The The UsageType defines the usage attribute of the key entity. The
UsageType is defined as follows: UsageType is defined as follows:
<complexType name="UsageType"> <complexType name="UsageType">
<sequence> <sequence>
<element name="AlgorithmIdentifier"
type="pskc:AlgorithmIdentifierType" minOccurs="0"/>
<element name="ResponseFormat"> <element name="ResponseFormat">
<complexType> <complexType>
<attribute name="format" type="pskc:valueFormat" <attribute name="Format" type="pskc:ValueFormat"
use="required"/> use="required"/>
<attribute name="length" type="unsignedInt" <attribute name="Length" type="unsignedInt"
use="required"/> use="required"/>
<attribute name="checkDigits" type="boolean" <attribute name="CheckDigits" type="boolean"
default="false"/> default="false"/>
</complexType> </complexType>
</element> </element>
<element name="ChallengeFormat" minOccurs="0"> <element name="ChallengeFormat" minOccurs="0">
<complexType> <complexType>
<attribute name="format" type="pskc:valueFormat" <attribute name="Format" type="pskc:ValueFormat"
use="required"/> use="required"/>
<attribute name="min" type="unsignedInt" use="required"/> <attribute name="Min" type="unsignedInt" use="required"/>
<attribute name="max" type="unsignedInt" use="required"/> <attribute name="Max" type="unsignedInt" use="required"/>
<attribute name="checkDigits" type="boolean" <attribute name="CheckDigits" type="boolean"
default="false"/> default="false"/>
</complexType> </complexType>
</element> </element>
<element name="AppProfileId" type="string" minOccurs="0"/> <element name="AppProfileId" type="string" minOccurs="0"/>
</sequence> </sequence>
<attribute name="otp" type="boolean" <attribute name="OTP" type="boolean"
default="false"/> default="false"/>
<attribute name="cr" type="boolean" <attribute name="CR" type="boolean"
default="false"/> default="false"/>
<attribute name="sign" type="boolean" default="false"/> <attribute name="Sign" type="boolean" default="false"/>
<attribute name="encrypt" type="boolean" default="false"/> <attribute name="Encrypt" type="boolean" default="false"/>
<attribute name="unlock" type="boolean" default="false"/> <attribute name="Unlock" type="boolean" default="false"/>
</complexType> </complexType>
The UsageType components have the following meanings: The UsageType components have the following meanings:
o <AlgorithmIdentifier> the AlgorithmIdentifier as defined in
[OCRA]].
o <ResponseFormat> holds the algorithm response attributes. o <ResponseFormat> holds the algorithm response attributes.
o <ChallengeFormat> hold the challenge attributes in CR based o <ChallengeFormat> hold the challenge attributes in CR based
algorithm computations. algorithm computations.
o <AppProfileId> Is the unique shared identifier for out of band o <AppProfileId> Is the unique shared identifier for out of band
shared common parameters. shared common parameters.
6.1.3. DeviceType 6.1.3. DeviceType
skipping to change at page 22, line 42 skipping to change at page 23, line 36
6.1.4. DeviceIdType 6.1.4. DeviceIdType
The DeviceId type represents the identifying criteria to uniquely The DeviceId type represents the identifying criteria to uniquely
identify the device that contains the associated keys. Since devices identify the device that contains the associated keys. Since devices
can come in different form factors such as hardware tokens, can come in different form factors such as hardware tokens,
smartcards, soft tokens in a mobile phone or PC etc this type allows smartcards, soft tokens in a mobile phone or PC etc this type allows
different criteria to be used. Combined though the criteria MUST different criteria to be used. Combined though the criteria MUST
uniquely identify the device. For example for hardware tokens the uniquely identify the device. For example for hardware tokens the
combination of SerialNo and Manufacturer will uniquely identify a combination of SerialNo and Manufacturer will uniquely identify a
device but not serialNo alone since two different token manufacturers device but not SerialNo alone since two different token manufacturers
might issue devices with the same serialnumber (similar to the might issue devices with the same serialnumber (similar to the
IssuerDN and serialnumber of a certificate). For keys hold on IssuerDN and serialnumber of a certificate). For keys hold on
banking cards the identification of the device is often done via the banking cards the identification of the device is often done via the
Primary Account Number (PAN, the big number printed on the front of Primary Account Number (PAN, the big number printed on the front of
the card) and an expiry date of the card. DeviceId is an extensible the card) and an expiry date of the card. DeviceId is an extensible
type that allows all these different ways to uniquely identify a type that allows all these different ways to uniquely identify a
specific key containing device. specific key containing device.
The DeviceIdType is defined as follows: The DeviceIdType is defined as follows:
skipping to change at page 24, line 23 skipping to change at page 25, line 23
6.1.6. KeyContainerType 6.1.6. KeyContainerType
The KeyContainerType represents the key container entity. A The KeyContainerType represents the key container entity. A
Container MAY contain more than one Device entity; each Device entity Container MAY contain more than one Device entity; each Device entity
MAY contain more than one Key entity. MAY contain more than one Key entity.
The KeyContainerType is defined as follows: The KeyContainerType is defined as follows:
<complexType name="KeyContainerType"> <complexType name="KeyContainerType">
<sequence> <sequence>
<element name="EncryptionMethod"> <element name="EncryptionMethod" minOccurs="0">
<complexType> <complexType>
<complexContent> <complexContent>
<extension base="pskc:EncryptionMethodType"/> <extension base="pskc:EncryptionMethodType"/>
</complexContent> </complexContent>
</complexType> </complexType>
</element> </element>
<element name="DigestMethod"> <element name="DigestMethod">
<complexType> <complexType>
<complexContent> <complexContent>
<extension base="pskc:DigestMethodType"/> <extension base="pskc:DigestMethodType"/>
</complexContent> </complexContent>
</complexType> </complexType>
</element> </element>
<element name="Device" type="pskc:DeviceType" <element name="Device" type="pskc:DeviceType"
maxOccurs="unbounded"/> maxOccurs="unbounded"/>
<element name="Signature" type="ds:SignatureType" <element name="Signature" type="ds:SignatureType"
minOccurs="0"/> minOccurs="0"/>
</sequence> </sequence>
<attribute name="version" type="pskc:VersionType" <attribute name="Version" type="pskc:VersionType" use="required"/>
use="required"/>
</complexType> </complexType>
The components of the KeyContainer have the following meanings: The components of the KeyContainer have the following meanings:
o version, the version number for the portable key container format o Version, the version number for the portable key container format
(the XML schema defined in this document). (the XML schema defined in this document).
o <EncryptionMethod>, the encryption method used to protect the Key o <EncryptionMethod>, the encryption method used to protect the Key
data attributes data attributes
o <DigestMethod>, the digest method used to sign the unencrypted the o <DigestMethod>, the digest method used to sign the unencrypted the
Secret Key data attributes Secret Key data attributes
o <Device>, the host Device for one or more Keys. o <Device>, the host Device for one or more Keys.
o <Signature>, contains the signature value of the Container. When o <Signature>, contains the signature value of the Container. When
the signature is applied to the entire container, it MUST use XML the signature is applied to the entire container, it MUST use XML
Signature methods as defined in [XMLSIG]. The signature is Signature methods as defined in [XMLSIG]. The signature is
enveloped. enveloped.
skipping to change at page 25, line 33 skipping to change at page 27, line 10
Container. The encryption method MUST be the same for all Secret Key Container. The encryption method MUST be the same for all Secret Key
data in the container. data in the container.
The EncryptionMethodType is defined as follows: The EncryptionMethodType is defined as follows:
<complexType name="EncryptionMethodType"> <complexType name="EncryptionMethodType">
<sequence> <sequence>
<element name="EncKeyLabel" minOccurs="0"/> <element name="EncKeyLabel" minOccurs="0"/>
<choice> <choice>
<sequence> <sequence>
<element name="KeyInfo" type="ds:KeyInfoType" minOccurs="0"/> <element name="KeyInfo"
<element name="OAEPParams" type="base64Binary" minOccurs="0"/> type="ds:KeyInfoType" minOccurs="0"/>
<element name="OAEPParams"
type="base64Binary" minOccurs="0"/>
</sequence> </sequence>
<sequence> <sequence>
<element name="PBESalt" type="base64Binary" minOccurs="0"/> <element name="PBEEncryptionParam"
<element name="PBEIterationCount" type="int" minOccurs="0"/> type="pskc:PBEEncryptionParamType" minOccurs="0"/>
<element name="IV" type="base64Binary" minOccurs="0"/> <element name="IV" type="base64Binary" minOccurs="0"/>
</sequence> </sequence>
<any namespace="##other" processContents="strict"/>
</choice> </choice>
</sequence> </sequence>
<attribute name="algorithm" type="pskc:EncryptionAlgorithmType" <attribute name="Algorithm"
use="required"/> type="anyURI" use="required"/>
<attribute name="ext-algorithm" type="string"/> </complexType>
<complexType name="PBEEncryptionParamType">
<sequence>
<element name="PBESalt" type="base64Binary"
minOccurs="0"/>
<element name="PBEIterationCount" type="int"
minOccurs="0"/>
</sequence>
<attribute name="EncryptionAlgorithm" type="anyURI"/>
</complexType> </complexType>
The components of the EncryptionMethodType have the following The components of the EncryptionMethodType have the following
meanings: meanings:
o algorithm: identifies the encryption algorithm used to protect the
Secret Key data. When 'NONE' is specified, implementations MUST
guarantee the privacy of the Secret Key Data through other
mechanisms e.g. through transport level security. If 'OTHER' is
specified an extension value MUST be set in the 'ext-algorithm'
attribute. Please see EncryptionAlgorithmType for more
information on supported algorithms
o <PBESalt>: conveys the Salt when [PKCS5] password-based encryption
is applied.
o <PBEIterationCount>: conveys the iteration count value in [PKCS5]
password-based encryption if it is different from the default
value.
o <IV>: conveys the initialization vector for CBC based encryption
algorithms. It is recommended for security reasons to transmit
this value out of band and treat it the same manner as the key
value.
o <EncKeyLabel>: identifies a unique label for a pre-shared o <EncKeyLabel>: identifies a unique label for a pre-shared
encryption key. encryption key.
o Algorithm: identifies the encryption algorithm used to protect the
Secret Key data. If EncryptionMethod is absent in
KeyContainerType, implementations MUST guarantee the privacy of
the Secret Key Data through other mechanisms e.g. through
transport level security.
o <KeyInfo>: conveys the information of the key if an RSA algorithm o <KeyInfo>: conveys the information of the key if an RSA algorithm
has been used. has been used.
o <OAEPParams>: conveys the OAEP parameters if an RSA algorithm has o <OAEPParams>: conveys the OAEP parameters if an RSA algorithm has
been used. been used.
o <PBEEncryptionParam>: conveys the PBE parameters if a password-
based encryption (PBE) algorithm has been used.
o
* <PBESalt>: conveys the Salt when [PKCS5] password-based
encryption is applied.
* <PBEIterationCount>: conveys the iteration count value in
[PKCS5] password-based encryption if it is different from the
default value.
* <EncryptionAlgorithm>: specifies the encryption algorithm after
a PBE key is derived. For example, PBE-AES128-CBC should use
URI http://www.w3.org/2001/04/xmlenc#kw-aes128-cbc
o <IV>: conveys the initialization vector for CBC based encryption
algorithms. It is recommended for security reasons to transmit
this value out of band and treat it the same manner as the key
value.
6.1.8. DigestMethodType 6.1.8. DigestMethodType
The DigestMethodType defines the algorithm and parameters used to The DigestMethodType defines the algorithm and parameters used to
create the digest on the unencrypted Secret Key data in the create the digest on the unencrypted Secret Key data in the
Container. The digest is applied on each individual Secret Key data Container. The digest is applied on each individual Secret Key data
in the Container before encryption. The digest method MUST be the in the Container before encryption. The digest method MUST be the
same for all Secret Key data in the container. Unless a different same for all Secret Key data in the container. Unless a different
digest key is specified it is assumed that keyed digest algorithms digest key is specified it is assumed that keyed digest algorithms
will use the same key as for encryption will use the same key as for encryption
The DigestMethodType is defined as follows: The DigestMethodType is defined as follows:
<complexType name="DigestMethodType"> <complexType name="DigestMethodType">
<sequence> <sequence>
<element name="DigestKeyLabel" minOccurs="0"/> <element name="DigestKeyLabel" minOccurs="0"/>
</sequence> </sequence>
<attribute name="algorithm" type="pskc:DigestAlgorithmType" <attribute name="Algorithm"
use="required"/> type="anyURI" use="required"/>
</complexType> </complexType>
The components of the DigestMethodType have the following meanings: The components of the DigestMethodType have the following meanings:
o algorithm, identifies the digest algorithm used to protect the o Algorithm, identifies the digest algorithm used to protect the
Secret Key data. Please see DigestAlgorithmType for more Secret Key data.
information on supported algorithms
o <DigestKeyLabel>: identifies a unique label for a pre-shared o <DigestKeyLabel>: identifies a unique label for a pre-shared
digest key. digest key.
6.1.9. AlgorithmIdentifierType 6.2. KeyAlgorithmType
The AlgorithmIdentiferType defines the Algorithm identifier (AI)
specified in [OCRA].
The AlgorithmIdentifierType is defines as follows:
<complexType name="AlgorithmIdentifierType">
<sequence>
<element name="Algorithm">
<simpleType>
<restriction base="string">
<enumeration value="OCRA-HOTP"/>
</restriction>
</simpleType>
</element>
<element name="CryptoFunction"
type="pskc:DigestAlgorithmType"/>
<element name="Truncation">
<simpleType>
<restriction base="decimal">
<minInclusive value="4"/>
<maxInclusive value="10"/>
</restriction>
</simpleType>
</element>
<element name="Pin" type="boolean"/>
<element name="Counter" type="boolean"/>
<element name="Time" type="boolean"/>
<element name="Session" type="boolean"/>
<element name="Challenge" type="boolean"/>
</sequence>
</complexType>
See [OCRA] for a full description of the components of the
AlgorithmIdentifierType.
6.2. EncryptionAlgorithmType
The EncryptionAlgorithmType defines the allowed algorithms for
encrypting the Secret Key data in the Container.
The EncryptionAlgorithmType is defined as follows:
<simpleType name="EncryptionAlgorithmType">
<restriction base="string">
<enumeration value="NONE"/>
<enumeration value="PBE-3DES112-CBC"/>
<enumeration value="PBE-3DES168-CBC"/>
<enumeration value="PBE-AES128-CBC"/>
<enumeration value="PBE-AES256-CBC"/>
<enumeration value="PBE-AES192-CBC"/>
<enumeration value="3DES112-CBC"/>
<enumeration value="3DES168-CBC"/>
<enumeration value="AES128-CBC"/>
<enumeration value="AES192-CBC"/>
<enumeration value="AES256-CBC"/>
<enumeration value="RSA-1_5"/>
<enumeration value="RSA-OAEP-MGF1P"/>
<enumeration value="OTHER"/>
</restriction>
</simpleType>
NONE when no encryption is applied on the key
PBE-3DES112-CBC when password-based encryption is applied using a
112-bit 3DES key in CBC mode
PBE-3DES168-CBC when password-based encryption is applied using a
168-bit 3DES key in CBC mode
PBE-AES128-CBC when password-based encryption is applied using a
128-bit AES key in CBC mode
PBE-AES192-CBC when password-based encryption is applied using a
192-bit AES key in CBC mode is applied.
PBE-AES256-CBC password-based encryption is applied using a 256-
bit AES key in CBC mode is applied.
3DES112-CBC encryption using a pre-shared 112-bit 3DES key in CBC
mode is applied.
3DES168-CBC encryption using a pre-shared 168-bit 3DES key in CBC
mode is applied.
AES128-CBC encryption using a pre-shared 128-bit AES key in CBC
mode is applied.
AES192-CBC encryption using a pre-shared 192-bit AES key in CBC
mode is applied.
AES256-CBC encryption using a pre-shared 256-bit AES key in CBC
mode is applied.
RSA-1_5 The RSAES-PKCS1-v1_5 algorithm, specified in [PKCS1],
takes no explicit parameters.
RSA-OAEP-MGF1P The same algorithm as defined in section 5.4.2 RSA-
OAEP in [XMLENC] It is the RSAES-OAEP-ENCRYPT algorithm, as
specified in [PKCS1], it takes three parameters. The two user
specified parameters are a MANDATORY message digest function and
an OPTIONAL encoding octet string OAEPparams. The message digest
function is indicated by the Algorithm attribute of a child ds:
DigestMethod element and the mask generation function, the third
parameter, is always MGF1 with SHA1 (mgf1SHA1Identifier).
OTHER extension point for not already defined algorithms in this
list.
6.3. HashAlgorithmType
The HashAlgorithmType defines the allowed algorithms for generating a
digest in the RSA algorithms.
The HashAlgorithmType is defined as follows:
<simpleType name="HashAlgorithmType">
<restriction base="string">
<enumeration value="SHA1"/>
<enumeration value="SHA256"/>
<enumeration value="SHA512"/>
</restriction>
</simpleType>
SHA1 when the digest was performed using the SHA1 algorithm
SHA256 when the digest was performed using the SHA256 algorithm
SHA512 when the digest was performed using the SHA512 algorithm
6.4. DigestAlgorithmType
The DigestAlgorithmType defines the allowed algorithms for generating
a digest on the unencrypted Secret Key data in the Container.
The DigestAlgorithmType is defined as follows:
<simpleType name="DigestAlgorithmType">
<restriction base="string">
<enumeration value="HMAC-SHA1"/>
<enumeration value="HMAC-SHA256"/>
<enumeration value="HMAC-SHA512"/>
<enumeration value="OTHER"/>
</restriction>
</simpleType>
HMAC-SHA1 when the digest was performed using the HMAC-SHA1
algorithm
HMAC-SHA256 when the digest was performed using the HMAC-SHA256
algorithm
HMAC-SHA512 when the digest was performed using the HMAC-SHA512
algorithm
OTHER extension point for not already defined algorithms in this
list.
6.5. KeyAlgorithmType
The KeyAlgorithmType defines the algorithms in which the Secret Key The KeyAlgorithmType defines the algorithms in which the Secret Key
data is used. data is used. It refers to anyURI.
The KeyAlgorithmType is defined as follows:
<simpleType name="KeyAlgorithmType">
<restriction base="string">
<enumeration value="3DES112"/>
<enumeration value="3DES168"/>
<enumeration value="ACTI"/>
<enumeration value="AES128"/>
<enumeration value="AES192"/>
<enumeration value="AES256"/>
<enumeration value="ANSIX9.9"/>
<enumeration value="DES"/>
<enumeration value="HOTP"/>
<enumeration value="MKEYLABEL"/>
<enumeration value="RSASECUREID"/>
<enumeration value="VASCO"/>
<enumeration value="OTHER"/>
</restriction>
</simpleType>
3DES112, a 112-bit 3DES key (a.k.a. two-key 3DES)
3DES168, a 168-bit parity-checked 3DES key
ACTI, algorithm family from ActivIdentity
AES128, a 128-bit AES key
AES192, a 192-bit AES key
AES256, a 256-bit AES key
ANSIX9.9, ANSI X9.9 algorithm
DES, a standard DES key
HOTP, as defined in [HOTP]
MKEYLABEL, master key abel or name when an embedded device key is
used to derive the Key
RSASECUREID, SecureId algorithm family from RSA
VASCO, algorithm family from Vasco
OTHER extension point for not already defined algorithms in this
list.
6.6. valueFormat 6.3. ValueFormat
The valueFormat defines allowed formats for challenges or responses The ValueFormat defines allowed formats for challenges or responses
in the OTP algorithms. in the OTP algorithms.
The valueFormat is defined as follows: The ValueFormat is defined as follows:
<simpleType name="valueFormat"> <simpleType name="ValueFormat">
<restriction base="string"> <restriction base="string">
<enumeration value="DECIMAL"/> <enumeration value="DECIMAL"/>
<enumeration value="HEXADECIMAL"/> <enumeration value="HEXADECIMAL"/>
<enumeration value="ALPHANUMERIC"/> <enumeration value="ALPHANUMERIC"/>
<enumeration value="BASE64"/> <enumeration value="BASE64"/>
<enumeration value="BINARY"/> <enumeration value="BINARY"/>
</restriction> </restriction>
</simpleType> </simpleType>
DECIMAL Only numerical digits DECIMAL Only numerical digits
HEXADECIMAL Hexadecimal response HEXADECIMAL Hexadecimal response
ALPHANUMERIC All letters and numbers (case sensitive) ALPHANUMERIC All letters and numbers (case sensitive)
BASE64 Base 64 encoded BASE64 Base 64 encoded
BINARY Binary data, this is mainly used in case of connected BINARY Binary data, this is mainly used in case of connected
devices devices
6.7. Data elements 6.4. Data elements
6.7.1. KeyContainer 6.4.1. KeyContainer
The KeyContainer data element is defined as: The KeyContainer data element is defined as:
<element name="KeyContainer" type="pskc:KeyContainerType"/> <element name="KeyContainer" type="pskc:KeyContainerType"/>
The KeyContainer data element is of type KeyContainerType defined in The KeyContainer data element is of type KeyContainerType defined in
Section 6.1.6. Section 6.1.6.
The EncryptionMethod data element in the KeyContainer defines the The EncryptionMethod data element in the KeyContainer defines the
encryption algorithm used to protect the Key data. In a multi-key encryption algorithm used to protect the Key data. In a multi-key
skipping to change at page 35, line 12 skipping to change at page 31, line 12
signature with the same key used in the encryption of the secret key signature with the same key used in the encryption of the secret key
data. The signature is enveloped. data. The signature is enveloped.
7. Formal Syntax 7. Formal Syntax
The following syntax specification uses the widely adopted XML schema The following syntax specification uses the widely adopted XML schema
format as defined by a W3C recommendation format as defined by a W3C recommendation
(http://www.w3.org/TR/xmlschema-0/). It is a complete syntax (http://www.w3.org/TR/xmlschema-0/). It is a complete syntax
definition in the XML Schema Definition format (XSD) definition in the XML Schema Definition format (XSD)
All implentations of this standard must comply with the schema below. All implementations of this standard must comply with the schema
below.
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<schema xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:container" <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:container:1.0"
xmlns:logo="urn:ietf:params:xml:ns:keyprov:logo:1.0"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:logo="urn:ietf:params:xml:ns:keyprov:logo" targetNamespace="urn:ietf:params:xml:ns:keyprov:container:1.0"
targetNamespace="urn:ietf:params:xml:ns:keyprov:container" elementFormDefault="qualified" attributeFormDefault="unqualified"
elementFormDefault="qualified" attributeFormDefault="unqualified"> version="1.0">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
<xs:import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
xmldsig-core-schema.xsd"/> xmldsig-core-schema.xsd"/>
<import namespace="urn:ietf:params:xml:ns:keyprov:logo"
schemaLocation="oath_logotype_v1.0.xsd"/> <xs:import namespace="urn:ietf:params:xml:ns:keyprov:logo:1.0"
<complexType name="KeyContainerType"> schemaLocation="keyprov-logo-1.0.xsd"/>
<sequence>
<element name="EncryptionMethod"> <xs:complexType name="KeyContainerType">
<complexType> <xs:sequence>
<complexContent> <xs:element name="EncryptionMethod" minOccurs="0">
<extension base="pskc:EncryptionMethodType"/> <xs:complexType>
</complexContent> <xs:complexContent>
</complexType> <xs:extension base="pskc:EncryptionMethodType"/>
</element> </xs:complexContent>
<element name="DigestMethod"> </xs:complexType>
<complexType> </xs:element>
<complexContent> <xs:element name="DigestMethod" minOccurs="0">
<extension base="pskc:DigestMethodType"/> <xs:complexType>
</complexContent> <xs:complexContent>
</complexType> <xs:extension base="pskc:DigestMethodType"/>
</element> </xs:complexContent>
<element name="Device" type="pskc:DeviceType" </xs:complexType>
</xs:element>
<xs:element name="Device" type="pskc:DeviceType"
maxOccurs="unbounded"/> maxOccurs="unbounded"/>
<element name="Signature" type="ds:SignatureType" <xs:element name="Signature" type="ds:SignatureType"
minOccurs="0"/> minOccurs="0"/>
</sequence> </xs:sequence>
<attribute name="version" type="pskc:VersionType" <xs:attribute name="Version" type="pskc:VersionType"
use="required"/> use="required"/>
</complexType> </xs:complexType>
<complexType name="AlgorithmIdentifierType">
<sequence> <xs:simpleType name="VersionType" final="restriction">
<element name="Algorithm"> <xs:restriction base="xs:string">
<simpleType> <xs:pattern value="\d{1,2}\.\d{1,3}"/>
<restriction base="string"> </xs:restriction>
<enumeration value="OCRA-HOTP"/> </xs:simpleType>
</restriction>
</simpleType> <xs:complexType name="KeyType">
</element> <xs:sequence>
<element name="CryptoFunction" <xs:element name="Issuer" type="xs:string"/>
type="pskc:DigestAlgorithmType"/> <xs:element name="Usage" type="pskc:UsageType"/>
<element name="Truncation"> <xs:element name="FriendlyName" type="xs:string" minOccurs="0"/>
<simpleType> <xs:element name="Data" type="pskc:DataType"
<restriction base="decimal">
<minInclusive value="4"/>
<maxInclusive value="10"/>
</restriction>
</simpleType>
</element>
<element name="Pin"
type="boolean"/>
<element name="Counter"
type="boolean"/>
<element name="Time"
type="boolean"/>
<element name="Session"
type="boolean"/>
<element name="Challenge"
type="boolean"/>
</sequence>
</complexType>
<complexType name="KeyType">
<sequence>
<element name="Issuer" type="string"/>
<element name="Usage" type="pskc:UsageType"/>
<element name="FriendlyName" type="string"
minOccurs="0"/>
<element name="Data" type="pskc:DataType"
minOccurs="0" maxOccurs="unbounded"/> minOccurs="0" maxOccurs="unbounded"/>
<element name="AccessRules" minOccurs="0"> <xs:element name="AccessRules" minOccurs="0">
<complexType> <xs:complexType>
<simpleContent> <xs:simpleContent>
<extension base="string"> <xs:extension base="xs:string">
<attribute name="userPIN" type="boolean" default="false"/> <xs:attribute name="UserPIN" type="xs:boolean"
</extension> default="false"/>
</simpleContent> </xs:extension>
</complexType> </xs:simpleContent>
</element> </xs:complexType>
<element name="Logo" type="logo:LogoType" </xs:element>
minOccurs="0"/> <xs:element name="Logo" type="logo:LogoType" minOccurs="0"/>
<element name="Expiry" type="string" minOccurs="0"/> <xs:element name="Expiry" type="xs:string" minOccurs="0"/>
</sequence> </xs:sequence>
<attribute name="KeyId" type="string" use="required"/> <xs:attribute name="KeyId" type="xs:string" use="required"/>
<attribute name="KeyAlgorithm" <xs:attribute name="KeyAlgorithm" type="pskc:KeyAlgorithmType"
type="pskc:KeyAlgorithmType" use="required"/> use="required"/>
<attribute name="ext-KeyAlgorithm" type="string"/> </xs:complexType>
</complexType>
<complexType name="DeviceIdType"> <xs:complexType name="DeviceIdType">
<sequence> <xs:sequence>
<element name="Manufacturer" type="string"/> <xs:element name="Manufacturer" type="xs:string"/>
<element name="SerialNo" type="string"/> <xs:element name="SerialNo" type="xs:string"/>
<element name="Model" type="string" minOccurs="0"/> <xs:element name="Model" type="xs:string" minOccurs="0"/>
<element name="IssueNo" type="string" minOccurs="0"/> <xs:element name="IssueNo" type="xs:string" minOccurs="0"/>
<element name="Expiry" type="string" minOccurs="0"/> <xs:element name="Expiry" type="xs:string" minOccurs="0"/>
</sequence> </xs:sequence>
</complexType> </xs:complexType>
<complexType name="DeviceType">
<sequence> <xs:complexType name="DeviceType">
<element name="DeviceId" type="pskc:DeviceIdType" <xs:sequence>
<xs:element name="DeviceId" type="pskc:DeviceIdType"
minOccurs="0"/> minOccurs="0"/>
<element name="Key" type="pskc:KeyType" <xs:element name="Key" type="pskc:KeyType"
maxOccurs="unbounded"/> maxOccurs="unbounded"/>
<element name="User" type="pskc:UserType" <xs:element name="User" type="pskc:UserType"
minOccurs="0"/> minOccurs="0"/>
</sequence> </xs:sequence>
</complexType> </xs:complexType>
<complexType name="UserType">
<sequence> <xs:complexType name="UserType">
<sequence> <xs:sequence>
<element name="UserId" type="string" minOccurs="0"/> <xs:sequence>
<element name="FirstName" type="string" minOccurs="0"/> <xs:element name="UserId" type="xs:string" minOccurs="0"/>
<element name="LastName" minOccurs="0"/> <xs:element name="FirstName" type="xs:string" minOccurs="0"/>
</sequence> <xs:element name="LastName" minOccurs="0"/>
<element name="Org" type="string" minOccurs="0"/> </xs:sequence>
</sequence> <xs:element name="Org" type="xs:string" minOccurs="0"/>
</complexType> </xs:sequence>
<complexType name="UsageType"> </xs:complexType>
<sequence>
<element name="AlgorithmIdentifier" <xs:complexType name="UsageType">
type="pskc:AlgorithmIdentifierType" minOccurs="0"/> <xs:sequence>
<element name="ResponseFormat"> <xs:element name="ResponseFormat">
<complexType> <xs:complexType>
<attribute name="format" type="pskc:valueFormat" <xs:attribute name="Format" type="pskc:ValueFormatType"
use="required"/> use="required"/>
<attribute name="length" type="unsignedInt" use="required"/> <xs:attribute name="Length" type="xs:unsignedInt"
<attribute name="checkDigits" type="boolean" default="false"/>
</complexType>
</element>
<element name="ChallengeFormat" minOccurs="0">
<complexType>
<attribute name="format" type="pskc:valueFormat"
use="required"/> use="required"/>
<attribute name="min" type="unsignedInt" use="required"/> <xs:attribute name="CheckDigits" type="xs:boolean"
<attribute name="max" type="unsignedInt" use="required"/>
<attribute name="checkDigits" type="boolean"
default="false"/> default="false"/>
</complexType> </xs:complexType>
</element> </xs:element>
<element name="Time" type="unsignedLong" minOccurs="0"/> <xs:element name="ChallengeFormat" minOccurs="0">
<element name="AppProfileId" type="string" minOccurs="0"/> <xs:complexType>
</sequence> <xs:attribute name="Format" type="pskc:ValueFormatType"
<attribute name="otp" type="boolean" use="required"/>
<xs:attribute name="Min" type="xs:unsignedInt"
use="required"/>
<xs:attribute name="Max" type="xs:unsignedInt"
use="required"/>
<xs:attribute name="CheckDigits" type="xs:boolean"
default="false"/> default="false"/>
<attribute name="cr" type="boolean" </xs:complexType>
</xs:element>
<xs:element name="AppProfileId" type="xs:string" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="OTP" type="xs:boolean"
default="false"/> default="false"/>
<attribute name="sign" type="boolean" <xs:attribute name="CR" type="xs:boolean"
default="false"/> default="false"/>
<attribute name="encrypt" type="boolean" <xs:attribute name="Sign" type="xs:boolean"
default="false"/> default="false"/>
<attribute name="unlock" type="boolean" <xs:attribute name="Encrypt" type="xs:boolean"
default="false"/> default="false"/>
<xs:attribute name="Unlock" type="xs:boolean"
default="false"/>
</xs:complexType>
<xs:complexType name="EncryptionMethodType">
<xs:sequence>
<xs:element name="EncKeyLabel" minOccurs="0"/>
<xs:choice>
<xs:sequence>
<xs:element name="KeyInfo"
type="ds:KeyInfoType" minOccurs="0"/>
<xs:element name="OAEPParams"
type="xs:base64Binary" minOccurs="0"/>
</xs:sequence>
<xs:sequence>
<xs:element name="PBEEncryptionParam"
type="pskc:PBEEncryptionParamType" minOccurs="0"/>
<xs:element name="IV" type="xs:base64Binary" minOccurs="0"/>
</xs:sequence>
<xs:any namespace="##other" processContents="strict"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="Algorithm"
type="xs:anyURI" use="required"/>
</xs:complexType>
<xs:complexType name="PBEEncryptionParamType">
<xs:sequence>
<xs:element name="PBESalt" type="xs:base64Binary"
minOccurs="0"/>
<xs:element name="PBEIterationCount" type="xs:int"
minOccurs="0"/>
</xs:sequence>
<xs:attribute name="EncryptionAlgorithm" type="xs:anyURI"/>
</xs:complexType>
<xs:complexType name="DigestMethodType">
<xs:sequence>
<xs:element name="DigestKeyLabel" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="Algorithm"
type="xs:anyURI" use="required"/>
</xs:complexType>
<xs:simpleType name="KeyAlgorithmType">
<xs:restriction base="xs:anyURI"/>
</xs:simpleType>
<xs:simpleType name="ValueFormatType">
<xs:restriction base="xs:string">
<xs:enumeration value="DECIMAL"/>
<xs:enumeration value="HEXADECIMAL"/>
<xs:enumeration value="ALPHANUMERIC"/>
<xs:enumeration value="BASE64"/>
<xs:enumeration value="BINARY"/>
</xs:restriction>
</xs:simpleType>
<xs:element name="KeyContainer"
type="pskc:KeyContainerType"/>
<xs:complexType name="DataType">
<xs:sequence>
<xs:element name="Value" type="xs:base64Binary"/>
<xs:element name="ValueDigest"
type="xs:base64Binary" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="Name" type="xs:string"
use="required"/>
</xs:complexType>
</xs:schema>
LogoType is defined in the following schema.
<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:logo="urn:ietf:params:xml:ns:keyprov:logo:1.0"
targetNamespace="urn:ietf:params:xml:ns:keyprov:logo:1.0"
elementFormDefault="qualified" attributeFormDefault="unqualified"
version="1.0">
<!-- LogoType -->
<complexType name="LogoType">
<annotation>
<documentation xml:lang="en">
Type to include logo information.
</documentation>
</annotation>
<sequence>
<element name="CommunityLogos" type="logo:LogoInfoType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="IssuerLogo" type="logo:LogoInfoType"
minOccurs="0"/>
<element name="OtherLogos" type="logo:LogoInfoType"
minOccurs="0" maxOccurs="unbounded"/>
</sequence>
</complexType> </complexType>
<complexType name="AttributeType">
<simpleContent> <complexType name="LogoInfoType">
<extension base="string"> <annotation>
<attribute name="name" type="string" use="required"/> <documentation xml:lang="en">
</extension> Define logo information for a given logo. It can either embed
</simpleContent> full logo data information, or includes only a reference URI
</complexType> where the full log data information with type LogoDataType
<complexType name="EncryptionMethodType"> can be downloaded.
</documentation>
</annotation>
<sequence> <sequence>
<element name="EncKeyLabel" minOccurs="0"/>
<choice> <choice>
<sequence> <element name="LogoData" type="logo:LogoDataType"/>
<element name="KeyInfo" <element name="LogReference" type="anyURI"/>
type="ds:KeyInfoType" minOccurs="0"/> </choice>
<element name="OAEPParams"
type="base64Binary" minOccurs="0"/>
</sequence> </sequence>
</complexType>
<complexType name="LogoDataType">
<annotation>
<documentation xml:lang="en">
Define logo data information for a given logo image.
</documentation>
</annotation>
<sequence> <sequence>
<element name="PBESalt" type="base64Binary" <element name="LogoImageDetails"
minOccurs="0"/> type="logo:LogoImageDetailsType"/>
<element name="PBEIterationCount" type="int" <element name="LogoImageInfo" type="logo:LogoImageInfoType"
minOccurs="0"/> minOccurs="0"/>
<element name="IV" type="base64Binary" minOccurs="0"/>
</sequence> </sequence>
</complexType>
<complexType name="LogoImageDetailsType">
<annotation>
<documentation xml:lang="en">
Define logo image data for a given logo image.
</documentation>
</annotation>
<sequence>
<choice>
<element name="ImageData" type="base64Binary"/>
<element name="ImageReference" type="anyURI"/>
</choice> </choice>
</sequence> </sequence>
<attribute name="algorithm" <attribute name="MIMEType" type="logo:MIMETypeType"
type="pskc:EncryptionAlgorithmType" use="required"/> use="required"/>
</complexType> </complexType>
<complexType name="DigestMethodType">
<complexType name="LogoImageInfoType">
<annotation>
<documentation xml:lang="en">
Define logo image parameters for a given logo image.
</documentation>
</annotation>
<sequence> <sequence>
<element name="DigestKeyLabel" minOccurs="0"/> <element name="Size" type="integer" minOccurs="0"/>
<element name="xSize" type="integer" minOccurs="0"/>
<element name="ySize" type="integer" minOccurs="0"/>
<element name="Resolution" type="logo:LogoImageResolutionType"
minOccurs="0"/>
</sequence> </sequence>
<attribute name="algorithm" <attribute name="colored" type="boolean" default="true"/>
type="pskc:DigestAlgorithmType" use="required"/> <attribute name="lang" type="string" use="optional"/>
<attribute name="ext-algorithm" type="string"/>
</complexType> </complexType>
<simpleType name="EncryptionAlgorithmType">
<restriction base="string"> <complexType name="LogoImageResolutionType">
<enumeration value="NONE"/> <annotation>
<enumeration value="PBE-3DES112-CBC"/> <documentation xml:lang="en">
<enumeration value="PBE-3DES168-CBC"/> Define logo image resolution parameters.
<enumeration value="PBE-AES128-CBC"/> </documentation>
<enumeration value="PBE-AES256-CBC"/> </annotation>
<enumeration value="PBE-AES192-CBC"/>
<enumeration value="3DES112-CBC"/>
<enumeration value="3DES168-CBC"/>
<enumeration value="AES128-CBC"/>
<enumeration value="AES192-CBC"/>
<enumeration value="AES256-CBC"/>
<enumeration value="RSA-1_5"/>
<enumeration value="RSA-OAEP-MGF1P"/>
<enumeration value="OTHER"/>
</restriction>
</simpleType>
<simpleType name="DigestAlgorithmType">
<restriction base="string">
<enumeration value="HMAC-SHA1"/>
<enumeration value="HMAC-SHA256"/>
<enumeration value="HMAC-SHA512"/>
<enumeration value="OTHER"/>
</restriction>
</simpleType>
<simpleType name="HashAlgorithmType">
<restriction base="string">
<enumeration value="SHA1"/>
<enumeration value="SHA256"/>
<enumeration value="SHA512"/>
</restriction>
</simpleType>
<simpleType name="KeyAlgorithmType">
<restriction base="string">
<enumeration value="3DES112"/>
<enumeration value="3DES168"/>
<enumeration value="ACTI"/>
<enumeration value="AES128"/>
<enumeration value="AES192"/>
<enumeration value="AES256"/>
<enumeration value="ANSIX9.9"/>
<enumeration value="DES"/>
<enumeration value="HOTP"/>
<enumeration value="MKEYLABEL"/>
<enumeration value="RSASECUREID"/>
<enumeration value="VASCO"/>
<enumeration value="OTHER"/>
</restriction>
</simpleType>
<simpleType name="valueFormat">
<restriction base="string">
<enumeration value="DECIMAL"/>
<enumeration value="HEXADECIMAL"/>
<enumeration value="ALPHANUMERIC"/>
<enumeration value="BASE64"/>
<enumeration value="BINARY"/>
</restriction>
</simpleType>
<simpleType name="VersionType" final="restriction">
<restriction base="string">
<pattern value="\d{1,9}\.\d{0,9}"/>
</restriction>
</simpleType>
<element name="KeyContainer"
type="pskc:KeyContainerType"/>
<complexType name="DataType">
<sequence> <sequence>
<element name="Value" type="base64Binary"/> <element name="NumBits" type="integer"/>
<element name="ValueDigest" <element name="TableSize" type="integer"/>
type="base64Binary" minOccurs="0"/>
</sequence> </sequence>
<attribute name="Name" type="string"
use="required"/>
</complexType> </complexType>
<!-- MimeTypeType -->
<simpleType name="MIMETypeType">
<annotation>
<documentation xml:lang="en">
Can be one of the following supported image content types.
</documentation>
</annotation>
<restriction base="string">
<enumeration value="image/gif"/>
<enumeration value="image/jpeg"/>
</restriction>
</simpleType>
</schema> </schema>
8. Security Considerations 8. Security Considerations
The portable key container carries sensitive information (e.g., The portable key container carries sensitive information (e.g.,
cryptographic keys) and may be transported across the boundaries of cryptographic keys) and may be transported across the boundaries of
one secure perimeter to another. For example, a container residing one secure perimeter to another. For example, a container residing
within the secure perimeter of a back-end provisioning server in a within the secure perimeter of a back-end provisioning server in a
secure room may be transported across the internet to an end-user secure room may be transported across the internet to an end-user
device attached to a personal computer. This means that special care device attached to a personal computer. This means that special care
skipping to change at page 43, line 10 skipping to change at page 41, line 10
transports. However, no authenticity verification is possible once transports. However, no authenticity verification is possible once
the container is delivered at the recipient end. This approach may the container is delivered at the recipient end. This approach may
be useful in cases where the digital signature of the container does be useful in cases where the digital signature of the container does
not encompass the entire payload. not encompass the entire payload.
9. Acknowledgements 9. Acknowledgements
The authors of this draft would like to thank the following people The authors of this draft would like to thank the following people
for their contributions and support to make this a better for their contributions and support to make this a better
specification: Apostol Vassilev, Jon Martinson, Siddhart Bajaj, Stu specification: Apostol Vassilev, Jon Martinson, Siddhart Bajaj, Stu
Veath, Kevin Lewis, and Andrea Doherty. Veath, Kevin Lewis, Philip Hallam-Baker, Hannes Tschofenig, Andrea
Doherty, Magnus Nystrom, Tim Moses, and Anders Rundgren.
10. Appendix A - Example Symmetric Key Containers 10. Appendix A - Example Symmetric Key Containers
All examples are syntactically correct and compatible with the XML All examples are syntactically correct and compatible with the XML
schema in section 7. However, <Signature>, Key <Value> and Key schema in section 7. However, <Signature>, Key <Value> and Key
<ValueDigest> data values are fictitious <ValueDigest> data values are fictitious
10.1. Symmetric Key Container with a single Non-Encrypted HOTP Secret 10.1. Symmetric Key Container with a single Non-Encrypted HOTP Secret
Key Key
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<KeyContainer <KeyContainer
xmlns="urn:ietf:params:xml:ns:keyprov:container" xmlns="urn:ietf:params:xml:ns:keyprov:container:1.0"
xmlns:logo="urn:ietf:params:xml:ns:keyprov:logo"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:keyprov:container xsi:schemaLocation="urn:ietf:params:xml:ns:keyprov:container:1.0
keyprov_pskc_schema_v1.1.xsd" version="1.1"> keyprov-pskc-1.0.xsd" Version="1.0">
<EncryptionMethod algorithm="NONE"/>
<DigestMethod algorithm="HMAC-SHA1"></DigestMethod>
<Device> <Device>
<DeviceId> <DeviceId>
<Manufacturer>Token Manufacturer</Manufacturer> <Manufacturer>Token Manufacturer</Manufacturer>
<SerialNo>98765432187</SerialNo> <SerialNo>98765432188</SerialNo>
<Expiry>01/01/2008</Expiry> <Expiry>12/31/2012</Expiry>
</DeviceId> </DeviceId>
<Key KeyAlgorithm="HOTP" KeyId="98765432187"> <Key KeyAlgorithm="http://www.ietf.org/keyprov/pskc#hotp"
KeyId="77654321871">
<Issuer>Credential Issuer</Issuer> <Issuer>Credential Issuer</Issuer>
<Usage> <Usage OTP="true">
<ResponseFormat format="DECIMAL" length="6"/> <ResponseFormat Format="DECIMAL" Length="6"/>
</Usage> </Usage>
<FriendlyName>MyFirstToken</FriendlyName> <FriendlyName>MyFirstToken</FriendlyName>
<Data Name="SECRET"> <Data Name="SECRET">
<Value>WldjTHZwRm9YTkhBRytseDMrUnc=</Value> <Value>
<ValueDigest>WldjTHZwRm9YTkhBRytseDM=</ValueDigest> zOkqJENSsh6b2hdXz1WBK/oprbY=
</Value>
</Data> </Data>
<Data Name="COUNTER"> <Data Name="COUNTER">
<Value>WldjTHZwRm9YTkhBRytseDMrUnc=</Value> <Value>AAAAAAAAAAA=</Value>
<ValueDigest>WldjTHZwRm9YTkhBRytseDM=</ValueDigest>
</Data> </Data>
<Expiry>10/30/2012</Expiry>
</Key> </Key>
</Device> </Device>
</KeyContainer> </KeyContainer>
10.2. Symmetric Key Container with a single Password-based Encrypted 10.2. Symmetric Key Container with a single Password-based Encrypted
HOTP Secret Key HOTP Secret Key
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<KeyContainer <KeyContainer
xmlns="urn:ietf:params:xml:ns:keyprov:container" xmlns="urn:ietf:params:xml:ns:keyprov:container:1.0"
xmlns:logo="urn:ietf:params:xml:ns:keyprov:logo"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:keyprov:container xsi:schemaLocation="urn:ietf:params:xml:ns:keyprov:container:1.0
.\keyprov_pskc_schema_v1.1.xsd" version="1.1"> keyprov-pskc-1.0.xsd" Version="1.0">
<EncryptionMethod algorithm="PBE-3DES112-CBC"> <EncryptionMethod Algorithm=
"http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#pbes2">
<PBEEncryptionParam EncryptionAlgorithm=
"http://www.w3.org/2001/04/xmlenc#kw-aes128-cbc">
<PBESalt>y6TzckeLRQw=</PBESalt> <PBESalt>y6TzckeLRQw=</PBESalt>
<PBEIterationCount>999</PBEIterationCount> <PBEIterationCount>1024</PBEIterationCount>
</PBEEncryptionParam>
<IV>c2FtcGxlaXY=</IV>
</EncryptionMethod> </EncryptionMethod>
<DigestMethod algorithm="HMAC-SHA1"></DigestMethod> <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Device> <Device>
<DeviceId> <DeviceId>
<Manufacturer>Token Manufacturer</Manufacturer> <Manufacturer>Token Manufacturer</Manufacturer>
<SerialNo>98765432187</SerialNo> <SerialNo>98765432187</SerialNo>
<Expiry>01/01/2008</Expiry> <Expiry>12/31/2012</Expiry>
</DeviceId> </DeviceId>
<Key KeyAlgorithm="HOTP" KeyId="77654321870"> <Key KeyAlgorithm="http://www.ietf.org/keyprov/pskc#hotp"
KeyId="77654321870">
<Issuer>Credential Issuer</Issuer> <Issuer>Credential Issuer</Issuer>
<Usage> <Usage OTP="true">
<ResponseFormat format="DECIMAL" length="6"/> <ResponseFormat Format="DECIMAL" Length="6"/>
</Usage> </Usage>
<FriendlyName>MySecondToken</FriendlyName> <FriendlyName>MyFirstToken</FriendlyName>
<Data Name="SECRET"> <Data Name="SECRET">
<Value>7JHUyp3azOkqJENSsh6b2vxXzwGBYypzJxEr+ikQAa229KV/BgZhGA==</Value> <Value>
<ValueDigest>WldjTHZwRm9YTkhBRytseDMrUnc=</ValueDigest> JSPUyp3azOkqJENSsh6b2hdXz1WBYypzJxEr+ikQAa22M6V/BgZhRg==
</Value>
<ValueDigest>
i8j+kpbfKQsSlwmJYS99lQ==
</ValueDigest>
</Data> </Data>
<Data Name="COUNTER"> <Data Name="COUNTER">
<Value>7JHUyp3azOkqJENSsh6b2vxXzwGBYypzJxEr+ikQAa229KV/BgZhGA==</Value> <Value>AAAAAAAAAAA=</Value>
<ValueDigest>WldjTHZwRm9YTkhBRytseDMrUnc=</ValueDigest>
</Data> </Data>
<Expiry>10/30/2012</Expiry>
</Key> </Key>
</Device> </Device>
</KeyContainer> </KeyContainer>
11. Normative References 11. Normative References
[CAP] MasterCard International, "Chip Authentication Program [CAP] MasterCard International, "Chip Authentication Program
Functional Architecture", September 2004. Functional Architecture", September 2004.
[DSKPP] "Dynamic Symmetric Key Provisioning Protocol", Internet [DSKPP] "Dynamic Symmetric Key Provisioning Protocol", Internet
skipping to change at page 46, line 46 skipping to change at page 44, line 46
[PKCS12] RSA Laboratories, "PKCS #12: Personal Information Exchange [PKCS12] RSA Laboratories, "PKCS #12: Personal Information Exchange
Syntax Standard", Version 1.0, Syntax Standard", Version 1.0,
URL: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/. URL: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/.
[PKCS5] RSA Laboratories, "PKCS #5: Password-Based Cryptography [PKCS5] RSA Laboratories, "PKCS #5: Password-Based Cryptography
Standard", Version 2.0, Standard", Version 2.0,
URL: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5/, URL: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5/,
March 1999. March 1999.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] "Key words for use in RFCs to Indicate Requirement
Requirement Levels", BCP 14, RFC 2119, March 1997. Levels", BCP 14, RFC 2119, March 1997,
<http://www.ietf.org/rfc/rfc2119.txt>.
[Schneier] [Schneier]
Schneier, B., "Secrets and Lies: Digitial Security in a Schneier, B., "Secrets and Lies: Digitial Security in a
Networked World", Wiley Computer Publishing, ISBN 0-8493- Networked World", Wiley Computer Publishing, ISBN 0-8493-
8253-7, 2000. 8253-7, 2000.
[XMLENC] Eastlake, D., "XML Encryption Syntax and Processing.", [XMLENC] Eastlake, D., "XML Encryption Syntax and Processing.",
URL: http://www.w3.org/TR/xmlenc-core/, December 2002. URL: http://www.w3.org/TR/xmlenc-core/, December 2002.
[XMLSIG] Eastlake, D., "XML-Signature Syntax and Processing", [XMLSIG] Eastlake, D., "XML-Signature Syntax and Processing",
 End of changes. 123 change blocks. 
631 lines changed or deleted 554 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/