Cryptographic Token Key Initialization Protocol (CT-KIP) Version 1.0 Revision 1
RFC 4758

 
Document Type RFC - Informational (November 2006; Errata)
Was draft-nystrom-ct-kip (individual in sec area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4758 (Informational)
Telechat date
Responsible AD Russ Housley
Send notices to magnus@rsasecurity.com
Network Working Group                                        M. Nystroem
Request for Comments: 4758                                  RSA Security
Category: Informational                                    November 2006

       Cryptographic Token Key Initialization Protocol (CT-KIP)
                         Version 1.0 Revision 1

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2006).

Abstract

   This document constitutes Revision 1 of Cryptographic Token Key
   Initialization Protocol (CT-KIP) Version 1.0 from RSA Laboratories'
   One-Time Password Specifications (OTPS) series.  The body of this
   document, except for the intellectual property considerations
   section, is taken from the CT-KIP Version 1.0 document, but comments
   received during the IETF review are reflected; hence, the status of a
   revised version.  As no "bits-on-the-wire" have changed, the protocol
   specified herein is compatible with CT-KIP Version 1.0.

   CT-KIP is a client-server protocol for initialization (and
   configuration) of cryptographic tokens.  The protocol requires
   neither private-key capabilities in the cryptographic tokens, nor an
   established public-key infrastructure.  Provisioned (or generated)
   secrets will only be available to the server and the cryptographic
   token itself.

Nystroem                     Informational                      [Page 1]
RFC 4758             CT-KIP Version 1.0 Revision 1         November 2006

Table of Contents

   1. Introduction ....................................................4
      1.1. Scope ......................................................4
      1.2. Background .................................................4
      1.3. Document Organization ......................................5
   2. Acronyms and Notation ...........................................5
      2.1. Acronyms ...................................................5
      2.2. Notation ...................................................5
   3. CT-KIP ..........................................................6
      3.1. Overview ...................................................6
      3.2. Entities ...................................................7
      3.3. Principles of Operation ....................................7
      3.4. The CT-KIP One-Way Pseudorandom Function, CT-KIP-PRF ......10
           3.4.1. Introduction .......................................10
           3.4.2. Declaration ........................................11
      3.5. Generation of Cryptographic Keys for Tokens ...............11
      3.6. Encryption of Pseudorandom Nonces Sent from the
           CT-KIP Client .............................................12
      3.7. CT-KIP Schema Basics ......................................13
           3.7.1. Introduction .......................................13
           3.7.2. General XML Schema Requirements ....................13
           3.7.3. The AbstractRequestType Type .......................13
           3.7.4. The AbstractResponseType type ......................14
           3.7.5. The StatusCode Type ................................14
           3.7.6. The IdentifierType Type ............................16
           3.7.7. The NonceType Type .................................16
           3.7.8. The ExtensionsType and the
                  AbstractExtensionType Types ........................17
      3.8. CT-KIP Messages ...........................................17
           3.8.1. Introduction .......................................17
           3.8.2. CT-KIP Initialization ..............................17
           3.8.3. The CT-KIP Client's Initial PDU ....................18
           3.8.4. The CT-KIP server's initial PDU ....................20
           3.8.5. The CT-KIP Client's Second PDU .....................23
           3.8.6. The CT-KIP Server's Final PDU ......................24
      3.9. Protocol Extensions .......................................27
           3.9.1. The ClientInfoType Type ............................27
           3.9.2. The ServerInfoType Type ............................28
           3.9.3. The OTPKeyConfigurationDataType Type ...............28
   4. Protocol Bindings ..............................................29
      4.1. General Requirement .......................................29
      4.2. HTTP/1.1 binding for CT-KIP ...............................29
           4.2.1. Introduction .......................................29
           4.2.2. Identification of CT-KIP Messages ..................29
           4.2.3. HTTP Headers .......................................29
Show full document text