EN 62351-9:2017

FOREWORD
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations and acronyms
5 Cryptographic applications for power
   system implementations
6 Key management concepts and methods in
   power system operations
7 General key management requirements
8 Asymmetric key management
9 Symmetric key management
10 Connections to the IEC 62351 parts
   and other IEC documents
Annex A (normative) - Protocol Implementation
        Conformance Statement (PICS)
Annex B (informative) - Random Number
        Generation (RNG)
Annex C (informative) - Certificate enrolment
        and renewal flowcharts
Annex D (informative) - Examples of certificate
        profiles
Bibliography
Annex ZA (normative) - Normative references to
         international publications with their
         corresponding European publications

IEC62351-9:2017(E) specifies cryptographic key management, namely how to generate, distribute, revoke, and handle public-key certificates and cryptographic keys to protect digital data and its communication. Included in the scope is the handling of asymmetric keys (e.g. private keys and public-key certificates), as well as symmetric keys for groups (GDOI). This document assumes that other standards have already chosen the type of keys and cryptography that will be utilized, since the cryptography algorithms and key materials chosen will be typically mandated by an organization’s own local security policies and by the need to be compliant with other international standards. This document therefore specifies only the management techniques for these selected key and cryptography infrastructures. The objective is to define requirements and technologies to achieve interoperability of key management. The purpose of this document is to guarantee interoperability among different vendors by specifying or limiting key management options to be used. This document assumes that the reader understands cryptography and PKI principles.