欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    BS ISO 11568-1-2005 Banking - Key management (retail) - Principles《银行业务 密钥管理(零售) 原则》.pdf

    • 资源ID:583614       资源大小:591KB        全文页数:26页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    BS ISO 11568-1-2005 Banking - Key management (retail) - Principles《银行业务 密钥管理(零售) 原则》.pdf

    1、BRITISH STANDARD BS ISO 11568-1:2005 Banking Key management (retail) Part 1: Principles ICS 35.240.40 BS ISO 11568-1:2005 This British Standard was published under the authority of the Standards Policy and Strategy Committee on 10 September 2005 BSI 10 September 2005 ISBN 0 580 46462 8 National fore

    2、word This British Standard reproduces verbatim ISO 11568-1:2005 and implements it as the UK national standard. The UK participation in its preparation was entrusted to Technical Committee IST/12, Banking, securities and other financial services, which has the responsibility to: A list of organizatio

    3、ns represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international publications referred to in this document may be found in the BSI Catalogue under the section entitled “International Standards Correspondence Index”, or

    4、 by using the “Search” facility of the BSI Electronic Catalogue or of British Standards Online. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Standard does not of itself confer imm

    5、unity from legal obligations. aid enquirers to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or proposals for change, and keep UK interests informed; monitor related international and European developments and promulgate them in

    6、 the UK. Summary of pages This document comprises a front cover, an inside front cover, the ISO title page, pages ii to v, a blank page, pages 1 to 16, an inside back cover and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. Amendments i

    7、ssued since publication Amd. No. Date Comments . Reference number ISO 11568-1:2005(E)INTERNATIONAL STANDARD ISO 11568-1 Second edition 2005-06-15 Banking Key management (retail) Part 1: Principles Banque Gestion de cls (services aux particuliers) Partie 1: Principes BS ISO 11568-1:2005ii BS ISO 1156

    8、8-1:2005 iii Contents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references . 1 3 Terms and definitions. 2 4 Aspects of key management . 3 4.1 Purpose of security 3 4.2 Level of security 3 4.3 Key management objectives . 3 5 Principles of key management 3 6 Cryptosystems 4 6.1 Overview

    9、4 6.2 Cipher systems . 4 6.3 Symmetric cipher systems 4 6.4 Asymmetric cipher systems 5 6.5 Other cryptosystems 5 7 Physical security for cryptographic environments. 6 7.1 Physical security considerations 6 7.2 Secure cryptographic device. 6 7.3 Physically secure environment . 6 8 Security considera

    10、tions . 7 8.1 Cryptographic environments for secret/private keys . 7 8.2 Cryptographic environments for public keys 7 8.3 Protection against counterfeit devices. 7 9 Key management services for cryptosystems 7 9.1 General. 7 9.2 Separation . 7 9.3 Substitution prevention 7 9.4 Identification 7 9.5 S

    11、ynchronization (availability) 8 9.6 Integrity 8 9.7 Confidentiality . 8 9.8 Compromise detection . 8 10 Key life cycles . 8 10.1 General. 8 10.2 Common requirements for key life cycles . 8 10.3 Additional requirements for asymmetric cryptosystems . 9 Annex A (normative) Procedure for approval of add

    12、itional cryptographic algorithms 10 Annex B (informative) Example of a retail banking environment 12 Annex C (informative) Examples of threats in the retail banking environment . 14 Bibliography . 16 BS ISO 11568-1:2005 iv Foreword ISO (the International Organization for Standardization) is a worldw

    13、ide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on th

    14、at committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in

    15、accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard r

    16、equires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 11568-1 was prepared by Te

    17、chnical Committee ISO/TC 68, Financial Services, Subcommittee SC 2, Security management and general banking operations. This second edition cancels and replaces the first edition (ISO 11568-1:1994), which has been technically revised. ISO 11568 consists of the following parts, under the general titl

    18、e Banking Key management (retail): Part 1: Principles Part 2: Symmetric ciphers, their key management and life cycle Part 3: Key life cycle for symmetric ciphers To be withdrawn and incorporated into Part 2 Part 4: Asymmetric cryptosystems Key management and life cycle Part 5: Key life cycle for pub

    19、lic key cryptosystems To be withdrawn and incorporated into Part 4 Part 6 entitled Key management schemes has been withdrawn. v Introduction The ISO 11568 series of International Standards describes procedures for the secure management of the cryptographic keys used to protect the confidentiality, i

    20、ntegrity and authenticity of data in a retail banking environment, for instance, messages between an acquirer and a card acceptor, or an acquirer and a card issuer. Whereas key management in a wholesale banking environment is characterized by the exchange of keys in a relatively high-security enviro

    21、nment, this part of ISO 11568 addresses the key management requirements that are applicable in the accessible domain of retail banking services. Typical of such services are point-of- sale/point-of-service (POS) debit and credit authorizations and automated teller machine (ATM) transactions. Key man

    22、agement is the process whereby cryptographic keys are provided for use between authorized communicating parties and those keys continue to be subject to secure procedures until they have been destroyed. The security of the data is dependent upon the prevention of disclosure and unauthorized modifica

    23、tion, substitution, insertion, or termination of keys. Thus, key management is concerned with the generation, storage, distribution, use, and destruction procedures for keys. Also, by the formalization of such procedures, provision is made for audit trails to be established. This part of ISO 11568 d

    24、oes not provide a means to distinguish between parties who share common keys. The final details of the key management procedures need to be agreed upon between the communicating parties concerned and will thus remain the responsibility of the communicating parties. One aspect of the details to be ag

    25、reed upon will be the identity and duties of particular individuals. ISO 11568 does not concern itself with allocation of individual responsibilities; this needs to be considered for each key management implementation. BS ISO 11568-1:2005blank1 Banking Key management (retail) Part 1: Principles 1 Sc

    26、ope This part of ISO 11568 specifies the principles for the management of keys used in cryptosystems implemented within the retail banking environment. The retail banking environment includes the interface between a card accepting device and an acquirer, an acquirer and a card issuer, an ICC and a c

    27、ard-accepting device. An example of this environment is described in Annex B, and threats associated with the implementation of this part of ISO 11568 in the retail banking environment are elaborated in Annex C. This part of ISO 11568 is applicable both to the keys of symmetric cipher systems, where

    28、 both originator and recipient use the same secret key(s), and to the private and public keys of asymmetric cryptosystems, unless otherwise stated. The procedure for the approval of cryptographic algorithms used for key management is specified in Annex A. The use of ciphers often involves control in

    29、formation other than keys, e.g. initialization vectors and key identifiers. This other information is collectively called “keying material”. Although this part of ISO 11568 specifically addresses the management of keys, the principles, services, and techniques applicable to keys may also be applicab

    30、le to keying material. This part of ISO 11568 is appropriate for use by financial institutions and other organizations engaged in the area of retail financial services, where the interchange of information requires confidentiality, integrity, or authentication. Retail financial services include but

    31、are not limited to such processes as POS debit and credit authorizations, automated dispensing machine and ATM transactions, etc. ISO 9564 and ISO 16609 specify the use of cryptographic operations within retail financial transactions for personal identification number (PIN) encipherment and message

    32、authentication, respectively. The ISO 11568 series of standards is applicable to the management of the keys introduced by those standards. Additionally, the key management procedures may themselves require the introduction of further keys, e.g. key encipherment keys. The key management procedures ar

    33、e equally applicable to those keys. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments)

    34、 applies. ISO 11568-2:1994, Banking Key management (retail) Part 2: Symmetric ciphers, their key management and life cycle ISO 11568-4:1998, Banking Key management (retail) Part 4: Asymmetric cryptosystems Key management and life cycle BS ISO 11568-1:20052 3 Terms and definitions For the purposes of

    35、 this document, the terms and definitions given in ISO 11568-2, ISO 11568-4 and the following apply. 3.1 asymmetric key pair public key and related private key created by and used with a public key cryptosystem 3.2 cipher pair of operations that effect transformations between plaintext and ciphertex

    36、t under the control of a parameter called a key NOTE The encipherment operation transforms data (plaintext) into an unintelligible form (ciphertext). The decipherment operation restores the original data. 3.3 cryptographic algorithm SET OF RULES FOR THE TRANSFORMING OF DATA USING A CRYPTOGRAPHIC KEY

    37、 SUCH AS: a) the transformation from plaintext to ciphertext and vice versa (i.e. a cipher); b) generation of keying material; c) digital signature computation or validation 3.4 cryptographic key parameter that determines the operation of a cryptographic algorithm 3.5 cryptosystem set of cryptograph

    38、ic primitives used to provide information security services 3.6 data integrity property that data has not been altered or destroyed in an unauthorized manner 3.7 dictionary attack attack in which an adversary builds a dictionary of plaintext and corresponding ciphertext NOTE When a match is able to

    39、be made between intercepted ciphertext and dictionary-stored ciphertext, the corresponding plaintext is immediately available from the dictionary. 3.8 digital signature result of an asymmetric cryptographic transformation of data that allows a recipient of the data to validate the origin and integri

    40、ty of the data and protects the sender against forgery by third parties or the recipient 3.9 message authentication code MAC code in a message between an originator and recipient used to validate the source and part or all of the text of a message NOTE The code is the result of an agreed calculation

    41、. BS ISO 11568-1:20053 3.10 private key portion of an asymmetric key pair, the value of which is secret 3.11 public key portion of an asymmetric key pair, the value of which can be made public 3.12 secret key cryptographic key used in a symmetric cipher system 4 Aspects of key management 4.1 Purpose

    42、 of security Messages and transactions in a retail banking system contain both cardholder sensitive data and related financial information. The use of cryptography to protect this data reduces the risk of financial loss by fraud, maintains the integrity and confidentiality of the systems, and instil

    43、s user confidence in business provider/retailer relationships. To this end, system security shall be incorporated into the total system design. The maintenance of security and system procedures over the keys in such systems is called key management. 4.2 Level of security The level of security to be

    44、achieved needs to be related to a number of factors, including the sensitivity of the data concerned and the likelihood that it will be intercepted; the practicality of any envisaged encipherment process; and the cost of providing (and breaking) a particular means of security. It is therefore necess

    45、ary for communicating parties to agree on the key management procedures and extent and detail of security as specified in ISO 13491 (all parts). 4.3 Key management objectives The primary objectives of key management are to provide those keys needed to perform the required cryptographic operations an

    46、d to control the use of those keys. Key management also ensures that those keys are protected adequately during their life cycle. The security objectives of key management are to minimize the opportunity for a breach of security, to minimize the consequences or damages of a security breach, and to m

    47、aximize the probability of detection of any illicit access or change to keys that may occur, despite preventive measures. This applies to all stages of the generation, distribution, storage, use and archiving of keys, including those processes that occur in cryptographic equipment and those related

    48、to communication of cryptographic keys between communicating parties. NOTE This part of ISO 11568 covers the above issues. Total system security also includes such issues as protecting communications, data processing systems, equipment and facilities. 5 Principles of key management Compliance with t

    49、he following principles is required in order to protect keys from threats to subvert a retail banking system. a) Keys shall exist only in those forms permitted by ISO 11568. b) No one person shall have the capability to access or ascertain any plaintext secret/private key. c) Systems shall prevent the disclosure of any secret/private key that has been or will be used to protect any data. BS ISO 11568-1:20054 d) Secret/private keys shall be generat


    注意事项

    本文(BS ISO 11568-1-2005 Banking - Key management (retail) - Principles《银行业务 密钥管理(零售) 原则》.pdf)为本站会员(inwarn120)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开