BS ISO 11568-1:2005
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
Banking. Key management (retail) Principles
Hardcopy , PDF
02-03-2023
English
10-09-2005
Important note : Users cannot be edited or removed once added to your Multi user PDF.
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Aspects of key management
4.1 Purpose of security
4.2 Level of security
4.3 Key management objectives
5 Principles of key management
6 Cryptosystems
6.1 Overview
6.2 Cipher systems
6.3 Symmetric cipher systems
6.4 Asymmetric cipher systems
6.5 Other cryptosystems
7 Physical security for cryptographic environments
7.1 Physical security considerations
7.2 Secure cryptographic device
7.3 Physically secure environment
8 Security considerations
8.1 Cryptographic environments for secret/private keys
8.2 Cryptographic environments for public keys
8.3 Protection against counterfeit devices
9 Key management services for cryptosystems
9.1 General
9.2 Separation
9.3 Substitution prevention
9.4 Identification
9.5 Synchronization (availability)
9.6 Integrity
9.7 Confidentiality
9.8 Compromise detection
10 Key life cycles
10.1 General
10.2 Common requirements for key life cycles
10.3 Additional requirements for asymmetric cryptosystems
Annex A (normative) Procedure for approval of additional
cryptographic algorithms
Annex B (informative) Example of a retail banking environment
Annex C (informative) Examples of threats in the retail
banking environment
Bibliography
Specifies the principles for the management of keys used in cryptosystems implemented within the retail banking environment. The retail banking environment includes the interface between: - a card accepting device and an acquirer, - an acquirer and a card issuer, - an ICC and a card-accepting device.
| Committee |
IST/12
|
| DevelopmentNote |
Supersedes 03/319904 DC (11/2005)
|
| DocumentType |
Standard
|
| Pages |
26
|
| PublisherName |
British Standards Institution
|
| Status |
Superseded
|
| SupersededBy | |
| Supersedes |
This part of ISO11568 specifies the principles for the management of keys used in cryptosystems implemented within the retail banking environment. The retail banking environment includes the interface between
-
a card accepting device and an acquirer,
-
an acquirer and a card issuer,
-
an ICC and a card-accepting device.
An example of this environment is described in AnnexB, and threats associated with the implementation of this part of ISO11568 in the retail banking environment are elaborated in AnnexC.
This part of ISO11568 is applicable both to the keys of symmetric cipher systems, where both originator and recipient use the same secret key(s), and to the private and public keys of asymmetric cryptosystems, unless otherwise stated. The procedure for the approval of cryptographic algorithms used for key management is specified in AnnexA.
The use of ciphers often involves control information other than keys, e.g. initialization vectors and key identifiers. This other information is collectively called “keying material”. Although this part of ISO11568 specifically addresses the management of keys, the principles, services, and techniques applicable to keys may also be applicable to keying material.
This part of ISO11568 is appropriate for use by financial institutions and other organizations engaged in the area of retail financial services, where the interchange of information requires confidentiality, integrity, or authentication. Retail financial services include but are not limited to such processes as POS debit and credit authorizations, automated dispensing machine and ATM transactions, etc.
ISO9564 and ISO16609 specify the use of cryptographic operations within retail financial transactions for personal identification number (PIN) encipherment and message authentication, respectively. The ISO11568 series of standards is applicable to the management of the keys introduced by those standards. Additionally, the key management procedures may themselves require the introduction of further keys, e.g. key encipherment keys. The key management procedures are equally applicable to those keys.
| Standards | Relationship |
| ISO 11568-1:2005 | Identical |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| ISO 13491-2:2017 | Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
| ISO/TR 9564-4:2004 | Banking Personal Identification Number (PIN) management and security Part 4: Guidelines for PIN handling in open networks |
| ISO 13491-1:2016 | Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ISO 9564-1:2017 | Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
| ISO 9564-3:2003 | Banking Personal Identification Number management and security Part 3: Requirements for offline PIN handling in ATM and POS systems |
| ISO 9564-2:2014 | Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment |
| ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.