《BS-EN-ISO-11568-1-1996.pdf》由会员分享,可在线阅读,更多相关《BS-EN-ISO-11568-1-1996.pdf(22页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS EN ISO 11568-1:1996 Implementation of EN ISO 11568-1:1996 Banking Key management (retail) Part 1: Introduction to key management The European Standard EN ISO 11568-1:1996 has the status of a British Standard ICS 35.240.40 Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 10:
2、44:42 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS EN ISO 11568-1:1996 This British Standard, having been prepared under the direction of the Information Systems Technology Assembly, was published under the authority of the Standards Board and comes into effect on 15 November 1996 BSI 11-1998 The f
3、ollowing BSI references relate to the work on this standard: Committee reference IST/12 Draft for comment 92/66521 DC ISBN 0 580 26439 4 Committees responsible for this British Standard The preparation of this British Standard was entrusted to Technical Committee IST/12, Banking, securities and othe
4、r financial services, upon which the following bodies were represented: Association for Payment Clearing Services (APACS) APACS (Bank of England) APACS (Barclays Bank) APACS (Midland Bank) APACS (National Westminster Bank) APACS (Trustee Savings Bank) The following bodies were also represented in th
5、e drafting of the standard, through BSI Technical Subcommittee IST/12/4: Association for Payment Clearing Services (APACS) Bank of England Brinson and Partners British Bankers Association (Registrar present to the responsible European committee any enquiries on interpretation, or proposals for chang
6、e, and keep UK interests informed; monitor related international and European developments and promulgate them in the UK. NOTEInternational and European Standards, as well as overseas standards, are available from Customer Services, BSI, 389 Chiswick High Road, London W4 4AL. A British Standard does
7、 not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an insid
8、e front cover, pages i and ii, the EN ISO title page, page 2, the ISO title page, pages ii to iv, pages 1 to 10, an inside back cover and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on the i
9、nside front cover. Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 10:44:42 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO 11568-1 June 1996 ICS 35.240.40 Descriptors: Banking, banking documents, financial documents, data storage devices, m
10、agnetic recording, identification cards, credit cards, protection of information, key management, authentication, algorithms English version Banking Key management (retail) Part 1: Introduction to key management (ISO 11568-1:1994) Banque Gestion de cls (services aux particuliers) Partie 1. Introduct
11、ion la gestion de cls (ISO 11568-1:1994) Bankwesen Schlsselverwaltung (Einzelhandel) Teil 1. Einfhrung in die Schlsselverwaltung (ISO 11568-1:1994) This European Standard was approved by CEN on 1996-05-29. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the
12、conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CEN member. This European Standard exists in t
13、hree official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the Central Secretariat has the same status as the official versions. CEN members are the national standards bodies of
14、Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom. CEN European Committee for Standardization Comit Europen de Normalisation Europisches Komitee fr Normung Central Secretariat
15、: rue de Stassart 36, B-1050 Brussels 1996 Copyright reserved to CEN members Ref. No. EN ISO 11568-1:1996 E Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 10:44:42 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EN ISO 11568-1:1996 BSI 11-1998 2 Foreword The text of the International Standard fro
16、m Technical Committee ISO/TC 68, Banking and related financial services, of the International Organization for Standardization (ISO) has been taken over as an European Standard by Technical Committee CEN/TC 224, Machine-readable cards, related device interfaces and operations, the secretariat of whi
17、ch is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by December 1996, and conflicting national standards shall be withdrawn at the latest by December 1996. According to the CEN/CENEL
18、EC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the
19、United Kingdom. Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 10:44:42 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 10:44:42 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EN ISO 11568-1:1996 ii BSI 11-1998 Contents Page Forewordiv Introducti
20、on1 1Scope1 2Normative reference1 3Definitions1 4Introduction to key management2 4.1Purpose of security2 4.2Level of security2 4.3Key management objectives2 5Principles of key management2 6Cipher systems3 6.1Symmetric ciphers3 6.2Asymmetric ciphers3 7Cryptographic environments4 7.1Secure cryptograph
21、ic device4 7.2Physically secure environment4 7.3Security considerations for secret keys4 7.4Security considerations for public keys4 7.5Protection against counterfeit devices4 8Key management services for symmetric ciphers4 8.1Separation4 8.2Substitution prevention4 8.3Identification4 8.4Synchroniza
22、tion (availability)5 8.5Integrity5 8.6Confidentiality5 8.7Compromise detection5 9Key life cycle for symmetric ciphers5 9.1Generation5 9.2Storage5 9.3Backup5 9.4Distribution and loading5 9.5Use5 9.6Replacement5 9.7Destruction5 9.8Deletion5 9.9Archive5 9.10 Termination5 Licensed Copy: sheffieldun shef
23、fieldun, na, Wed Nov 15 10:44:42 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EN ISO 11568-1:1996 BSI 11-1998iii Page Annex A (normative) Procedure for approval of a cryptographic algorithm6 A.1 Justification of proposal6 A.2 Documentation6 A.3 Public disclosure6 A.4 Examination of proposals6 A.5 Publ
24、ic review6 A.6 Appeal procedure7 A.7 Incorporation of the new cryptographic algorithm7 A.8 Maintenance7 Annex B (informative) Example of a retail banking environment7 B.1 Introduction7 Annex C (informative) Examples of threats in the retail banking environment8 C.1 Introduction8 C.2 Threats8 Annex D
25、 (informative) BibliographyInside back cover Figure 1 Example of a symmetric cipher system3 Figure 2 Example of an asymmetric cipher system 3 Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 10:44:42 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EN ISO 11568-1:1996 iv Foreword ISO (the Internatio
26、nal Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been
27、established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standar
28、dization. Draft International Standards adopted by the technical committees are circulated to the member bodies for approval before their acceptance as International Standards by the ISO Council. They are approved in accordance with ISO procedures requiring at least 75 % approval by the member bodie
29、s voting. International Standard ISO 11568-1 was prepared by Technical Committee ISO/TC 68, Banking and related financial services, Subcommittee SC 6, Financial transaction cards, related media and operations. ISO 11568 consists of the following parts, under the general title Banking Key management
30、(retail): Part 1: Introduction to key management; Part 2: Key management techniques for symmetric ciphers; Part 3: Key life cycle for symmetric ciphers; Part 4: Key management techniques for asymmetric ciphers; Part 5: Key life cycle for asymmetric ciphers; Part 6: Key management schemes. Annex A fo
31、rms an integral part of this part of ISO 11568. Annexes B, C and D are for information only. Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 10:44:42 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EN ISO 11568-1:1996 BSI 11-19981 Introduction ISO 11568 describes procedures for the secure manageme
32、nt of the cryptographic keys used to protect messages in a retail banking environment, for instance, messages between an acquirer and a card acceptor, or an acquirer and a card issuer. Key management of keys used in an Integrated Circuit Card (ICC) environment is not covered by ISO 11568 but will be
33、 addressed in another ISO standard. Whereas key management in a wholesale banking environment is characterized by the exchange of keys in a relatively high-security environment, this standard addresses the key management requirements that are applicable in the accessible domain of retail banking ser
34、vices. Typical of such services are point-of-sale/point-of-service (POS) debit and credit authorizations and automated teller machine (ATM) transactions. Key management is the process whereby cryptographic keys are provided for use between authorized communicating parties and those keys continue to
35、be subject to secure procedures until they have been destroyed. The security of the enciphered data is dependent upon the prevention of disclosure and unauthorized modification, substitution, insertion, or termination of keys. Thus, key management is concerned with the generation, storage, distribut
36、ion, use, and destruction procedures for keys. Also, by the formalization of such procedures, provision is made for audit trails to be established. This part of ISO 11568 does not provide a means to distinguish between parties who share common keys. The final details of the key management procedures
37、 need to be agreed upon between the communicating parties concerned and will thus remain the responsibility of the communicating parties. One aspect of the details to be agreed upon will be the identity and duties of particular individuals. ISO 11568 does not concern itself with allocation of indivi
38、dual responsibilities; this needs to be considered for each key management implementation. ISO 9564 and ISO 9807 specify the use of cryptographic operations within retail financial transactions for personal identification number (PIN) encipherment and message authentication, respectively. ISO 11568
39、is applicable to the management of the keys introduced by those standards. Additionally, the key management procedures may themselves require the introduction of further keys, e.g. key encipherment keys. The key management procedures are equally applicable to those keys. 1 Scope This part of ISO 115
40、68 specifies the principles for the management of keys used in cipher systems implemented within the retail banking environment. The retail banking environment involves the interface between a card accepting device and an acquirer and between an acquirer and a card issuer. An example of this environ
41、ment is described in annex B, and threats associated with the implementation of this standard in the retail banking environment are elaborated in annex C. This part of ISO 11568 applies both to the keys of symmetric cipher systems, where both originator and recipient use the same secret key(s), and
42、to the secret and public keys of asymmetric cipher systems, unless otherwise stated. The procedure for the approval of cryptographic algorithms used for key management is specified in annex A. The use of ciphers often involves control information other than keys, e.g., initialization vectors and key
43、 identifiers. This other information is collectively called “keying material”. Although this part of ISO 11568 specifically addresses the management of keys, the principles, services, and techniques applicable to keys may also be applied to keying material. This part of ISO 11568 is appropriate for
44、use by financial institutions and other organizations engaged in the area of retail financial services, where the interchange of information requires confidentiality, integrity, or authentication. Retail financial services include but are not limited to such processes as POS debit and credit authori
45、zations, automated dispensing machine and ATM transactions, etc. 2 Normative reference The following standard contains part of ISO 11568 provisions that, through reference in this text, constitute provisions of this part of ISO 11568. At the time of publication, the edition indicated was valid. All
46、standards are subject to revision, and parties to agreements based upon this part of ISO 11568 are encouraged to investigate the possibility of applying the most recent edition of the standard indicated below. Members of IEC and ISO maintain registers of currently valid International Standards. ISO
47、8908:1993, Banking and related financial services Vocabulary and data elements. 3 Definitions For the purposes of this part of ISO 11568, the definitions given in ISO 8908 and the following definitions apply. Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 10:44:42 GMT+00:00 2006, Uncontrolle
48、d Copy, (c) BSI EN ISO 11568-1:1996 2 BSI 11-1998 3.1 cryptographic algorithm a set of rules specifying the procedures required to perform encipherment and decipherment of data. The algorithm is designed so that it is not possible to determine the control parameters (e.g. keys) except by exhaustive
49、search 3.2 cryptographic key; key the control parameter of a cryptographic algorithm that cannot be deduced from the input and output data except by exhaustive search 3.3 dictionary attack attack in which an adversary builds a dictionary of plaintext and corresponding ciphertext. When a match is able to be made between intercepted ciphertext and dictionary-stored ciphertext, the corresponding plaintext is immediately available from the dictionary 4 Introduction to key management 4.1 Purpose of security Messages and transactions
链接地址:https://www.31doc.com/p-3744637.html