BS ISO 11568-4:2007
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
Banking. Key management (retail) Asymmetric cryptosystems. Key management and life cycle
Hardcopy , PDF
02-03-2023
English
31-07-2007
Important note : All end users must be registered with an Account prior to user licenses being assigned.
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Uses of asymmetric cryptosystems in retail financial
services systems
4.1 General
4.2 Establishment and storage of symmetric keys
4.3 Storage and distribution of asymmetric public keys
4.4 Storage and transfer of asymmetric private keys
5 Techniques for the provision of key management services
5.1 Introduction
5.2 Key encipherment
5.3 Public key certification
5.4 Key separation techniques
5.5 Key verification
5.6 Key integrity techniques
6 Asymmetric key life cycle
6.1 Key life cycle phases
6.2 Key life cycle stages - Generation
6.3 Key storage
6.4 Public key distribution
6.5 Asymmetric key pair transfer
6.6 Authenticity prior to use
6.7 Use
6.8 Public key revocation
6.9 Replacement
6.10 Public key expiration
6.11 Private key destruction
6.12 Private key deletion
6.13 Public key archive
6.14 Private key termination
6.15 Erasure summary
6.16 Optional life cycle processes
Annex A (normative) Approved algorithms
Bibliography
Describes techniques for the protection of symmetric and asymmetric cryptographic keys in a retail financial services environment using asymmetric cryptosystems and the life cycle management of the associated asymmetric keys.
| Committee |
IST/12
|
| DevelopmentNote |
Supersedes 95/645153 DC. (03/2007) Supersedes 05/30112566 DC. (07/2007)
|
| DocumentType |
Standard
|
| Pages |
32
|
| PublisherName |
British Standards Institution
|
| Status |
Superseded
|
| SupersededBy | |
| Supersedes |
This part of ISO11568 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail financial services environment using asymmetric cryptosystems and the life cycle management of the associated asymmetric keys. The techniques described in this part of ISO11568 enable compliance with the principles described in ISO11568-1. For the purposes of this document, the retail financial services environment is restricted to the interface between:
-
a card-accepting device and an acquirer;
-
an acquirer and a card issuer;
-
an ICC and a card-accepting device.
| Standards | Relationship |
| ISO 11568-4:2007 | Identical |
| ANSI X9.30.1 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - PART 1: THE DIGITAL SIGNATURE ALGORITHM (DSA) |
| ISO 15782-1:2009 | Certificate management for financial services Part 1: Public key certificates |
| ANSI X9.57 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: CERTIFICATE MANAGEMENT |
| ISO/IEC 18032:2005 | Information technology Security techniques Prime number generation |
| ISO/IEC 14888-3:2016 | Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| ISO/IEC 11770-2:2008 | Information technology Security techniques Key management Part 2: Mechanisms using symmetric techniques |
| ISO 13491-2:2017 | Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
| ISO/IEC 18033-2:2006 | Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers |
| ISO/IEC 18033-3:2010 | Information technology Security techniques Encryption algorithms Part 3: Block ciphers |
| ISO/IEC 9796-3:2006 | Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms |
| ISO 13491-1:2016 | Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ISO 9807:1991 | Banking and related financial services Requirements for message authentication (retail) |
| ISO 9564-1:2017 | Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
| ISO 11568-1:2005 | Banking — Key management (retail) — Part 1: Principles |
| ISO/IEC 9796-2:2010 | Information technology Security techniques Digital signature schemes giving message recovery Part 2: Integer factorization based mechanisms |
| ISO/IEC 9797-1:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher |
| ISO/IEC 15946-3:2002 | Information technology Security techniques Cryptographic techniques based on elliptic curves Part 3: Key establishment |
| ISO 21188:2006 | Public key infrastructure for financial services Practices and policy framework |
| ISO/IEC 9797-2:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 2: Mechanisms using a dedicated hash-function |
| AS 2805.5.3-2004 | Electronic funds transfer - Requirements for interfaces - Ciphers Data encipherment algorithm 2 (DEA 2) |
| ISO/IEC 10116:2017 | Information technology — Security techniques — Modes of operation for an n-bit block cipher |
| ISO/IEC 11770-1:2010 | Information technology Security techniques Key management Part 1: Framework |
| ANSI X9.42 : 2003(R2013) | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES: AGREEMENT OF SYMMETRIC KEYS USING DISCRETE LOGARITHM CRYPTOGRAPHY |
| ISO/IEC 11770-3:2015 | Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.