ImageVerifierCode 换一换
格式:PDF , 页数:32 ,大小:755.14KB ,
资源ID:583616      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-583616.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO 11568-4-2007 Banking - Key management (retail) - Asymmetric cryptosystems - Key management and life cycle《银行业务 密钥管理(零售) 不对称密码系统 密钥管理和生命圈》.pdf)为本站会员(inwarn120)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO 11568-4-2007 Banking - Key management (retail) - Asymmetric cryptosystems - Key management and life cycle《银行业务 密钥管理(零售) 不对称密码系统 密钥管理和生命圈》.pdf

1、 g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g44g55g55g40g39g3g37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58Key management and life cycleICS 35.240.40Banking Key management (retail) Part 4: Asymmetric crypto

2、systems BRITISH STANDARDBS ISO 11568-4:2007BS ISO 11568-4:2007This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 July 2007 BSI 2007ISBN 978 0 580 54358 6Amendments issued since publicationAmd. No. Date CommentsCompliance with a British Standa

3、rd cannot confer immunity from legal obligations.National forewordThis British Standard is the UK implementation of ISO 11568-4:2007. The UK participation in its preparation was entrusted to Technical Committee IST/12, Banking, securities and other financial services.A list of organizations represen

4、ted on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application.Reference numberISO 11568-4:2007(E)INTERNATIONAL STANDARD ISO11568-4Second edition2007-07-01Ban

5、king Key management (retail) Part 4: Asymmetric cryptosystems Key management and life cycle Banque Gestion de cls (services aux particuliers) Partie 4: Cryptosystmes asymtriques Gestion des cls et cycle de vie BS ISO 11568-4:2007ii iiiContents Page Foreword iv Introduction v 1 Scope . 1 2 Normative

6、references . 1 3 Terms and definitions. 2 4 Uses of asymmetric cryptosystems in retail financial services systems. 3 4.1 General. 3 4.2 Establishment and storage of symmetric keys . 4 4.3 Storage and distribution of asymmetric public keys 4 4.4 Storage and transfer of asymmetric private keys . 4 5 T

7、echniques for the provision of key management services 4 5.1 Introduction . 4 5.2 Key encipherment. 4 5.3 Public key certification. 5 5.4 Key separation techniques 6 5.5 Key verification . 6 5.6 Key integrity techniques 7 6 Asymmetric key life cycle 8 6.1 Key life cycle phases 8 6.2 Key life cycle s

8、tages Generation 9 6.3 Key storage . 12 6.4 Public key distribution . 14 6.5 Asymmetric key pair transfer 14 6.6 Authenticity prior to use 16 6.7 Use 17 6.8 Public key revocation. 17 6.9 Replacement 18 6.10 Public key expiration 18 6.11 Private key destruction 18 6.12 Private key deletion 19 6.13 Pu

9、blic key archive. 19 6.14 Private key termination 19 6.15 Erasure summary 20 6.16 Optional life cycle processes 20 Annex A (normative) Approved algorithms. 21 Bibliography . 22 BS ISO 11568-4:2007iv Foreword ISO (the International Organization for Standardization) is a worldwide federation of nation

10、al standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. Internatio

11、nal organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rule

12、s given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at l

13、east 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 11568-4 was prepared by Technical Committee ISO/TC

14、 68, Financial services, Subcommittee SC 2, Financial services, Security. This second edition cancels and replaces the first edition (ISO 11568-4:1998) which has been technically revised and incorporates revised text from the former part 5. ISO 11568 consists of the following parts, under the genera

15、l title Banking Key management (retail): Part 1: Principles Part 2: Symmetric ciphers, their key management and life cycle Part 3: Key life cycle for symmetric ciphers (withdrawn; incorporated into Part 2) Part 4: Asymmetric cryptosystems Key management and life cycle Part 5: Key life cycle for publ

16、ic key cryptosystems Part 6: Key management schemes (withdrawn) BS ISO 11568-4:2007vIntroduction ISO 11568 is one of a series of International Standards describing procedures for the secure management of cryptographic keys used to protect messages in a retail financial services environment; e.g. mes

17、sages between an acquirer and a card acceptor, or an acquirer and a card issuer. This part of ISO 11568 addresses the key management requirements that are applicable in the domain of retail financial services. Typical of such services are point-of-sale/point-of-service (POS) debit and credit authori

18、zations and automated teller machines (ATM) transactions. ISO 11568-2 and ISO 11568-4 describe key management techniques which, when used in combination, provide the key management services identified in ISO 11568-1. These services are: a) key separation; b) key substitution prevention; c) key ident

19、ification; d) key synchronization; e) key integrity; f) key confidentiality; g) key compromise detection. This part of ISO 11568 also describes the key life cycle in the context of secure management of cryptographic keys for asymmetric cryptosystems. It states both requirements and implementation me

20、thods for each step in the life of such a key, utilizing the key management principles, services and techniques described herein and in ISO 11568-1. This part of ISO 11568 does not cover the management or key life cycle for keys used in symmetric ciphers, which are covered in ISO 11568-2. This part

21、of ISO 11568 is one of a series that describes requirements for security in the financial services environment, as follows: ISO 9564-1; ISO 9564-2; ISO 9564-3; ISO/TR 9564-4; ISO 11568; ISO 13491; ISO/TR 19038. BS ISO 11568-4:2007blank1Banking Key management (retail) Part 4: Asymmetric cryptosystems

22、 Key management and life cycle 1 Scope This part of ISO 11568 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail financial services environment using asymmetric cryptosystems and the life cycle management of the associated asymmetric keys. The techniqu

23、es described in this part of ISO 11568 enable compliance with the principles described in ISO 11568-1. For the purposes of this document, the retail financial services environment is restricted to the interface between: a card-accepting device and an acquirer; an acquirer and a card issuer; an ICC a

24、nd a card-accepting device. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies

25、. ISO 9564-1, Banking Personal Identification Number (PIN) management and security Part 1: Basic principles and requirements for online PIN handling in ATM and POS systems ISO/IEC 9796-2:2002, Information technology Security techniques Digital signature schemes giving message recovery Part 2: Intege

26、r factorization based mechanisms ISO/IEC 10116:1997, Information technology Security techniques Modes of operation for an n-bit block cipher ISO/IEC 10118 (all parts), Information technology Security techniques Hash functions ISO 11568-1, Banking Key management (retail) Part 1: Principles ISO 11568-

27、2, Banking Key management (retail) Part 2: Symmetric ciphers, their key management and life cycle ISO/IEC 11770-3, Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques ISO 13491-1, Banking Secure cryptographic devices (retail) Part 1: Concepts, req

28、uirements and evaluation methods ISO 13491-2, Banking Secure cryptographic devices (retail) Part 2: Security compliance checklists for devices used in financial transactions BS ISO 11568-4:20072 ISO/IEC 14888-3, Information technology Security techniques Digital signatures with appendix Part 3: Disc

29、rete logarithm based mechanisms ISO 15782-1:2003, Certificate management for financial services Part 1: Public key certificates ISO/IEC 15946-3:2002, Information technology Security techniques Cryptographic techniques based on elliptic curves Part 3: Key establishment ISO 16609:2004, Banking Require

30、ments for message authentication using symmetric techniques ISO/IEC 18033-2, Information technology Security techniques Encryption algorithms Part 2: Asymmetric ciphers ANSI X9.42-2003, Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm

31、Cryptography 3 Terms and definitions For the purposes of this document, the definitions in ISO 11568-1, ISO 11568-2 and the following apply. 3.1 asymmetric cipher cipher in which the encipherment key and the decipherment key are different, and in which it is computationally infeasible to deduce the

32、(private) decipherment key from the (public) encipherment key 3.2 asymmetric cryptosystem cryptosystem consisting of two complementary operations each utilizing one of two distinct but related keys, the public key and the private key, having the property that it is computationally infeasible to dete

33、rmine the private key from the public key 3.3 asymmetric key pair generator secure cryptographic device used for the generation of asymmetric cryptographic keys 3.4 certificate credentials of an entity, signed using the private key of the certification authority which issued it, and thereby rendered

34、 unforgeable 3.5 certification authority CA entity trusted by one or more entities to create, assign and revoke or hold public key certificates NOTE Optionally the certification authority can create and assign keys to the entities. 3.6 communicating party party that sends or receives the public key

35、for the communication with the party that owns the public key 3.7 computationally infeasible property that a computation is theoretically achievable but is not feasible in terms of the time or resources required to perform it BS ISO 11568-4:200733.8 credentials identification data for an entity, inc

36、orporating at a minimum the entitys distinguished name and public key NOTE Additional data can be included. 3.9 cryptoperiod time span during which a specific key is authorized for use or in which the keys for a given system may remain in effect 3.10 digital signature system asymmetric cryptosystem

37、that provides for the creation and subsequent verification of digital signatures 3.11 hash function one-way function that maps a set of strings of arbitrary length on to a set of fixed-length strings of bits NOTE A collision-resistant hash function is one with the property that it is computationally

38、 infeasible to construct distinct inputs that map to the same output. 3.12 independent communication process that allows an entity to counter-verify the correctness of a credential and identification documents prior to producing a certificate (e.g., call-back, visual identification, etc.) 3.13 key a

39、greement process of establishing a shared secret key between entities in such a way that neither of them can predetermine the value of that key 3.14 key share one of at least two parameters related to a cryptographic key generated in such a way that a quorum of such parameters can be combined to for

40、m the cryptographic key but such that fewer than a quorum provide no information about the key 3.15 non-repudiation of origin property that the originator of a message and associated cryptographic check value (i.e., digital signature) is not able to subsequently deny, with an accepted level of credi

41、bility, having originated the message 4 Uses of asymmetric cryptosystems in retail financial services systems 4.1 General Asymmetric cryptosystems include asymmetric ciphers, digital signature systems and key agreement systems. In financial services systems, asymmetric cryptosystems are used predomi

42、nantly for key management; firstly for the management of the keys of symmetric ciphers, and secondly for the management of the keys of the asymmetric cryptosystems themselves. This clause describes these applications of asymmetric cryptosystems. Clause 5 describes the techniques employed in support

43、of these applications relating to key management services and certificate management. Clause 6 describes how these techniques and methods are used in relation to the security and implementation requirements for the key pair life cycle. BS ISO 11568-4:20074 4.2 Establishment and storage of symmetric

44、keys Keys of a symmetric cipher may be established by key transport or by key agreement. Mechanisms for key transport and key agreement are described in ISO/IEC 11770-3. The mechanisms used shall ensure the authenticity of the communicating parties. Symmetric keys shall be stored as described in ISO

45、 11568-2. 4.3 Storage and distribution of asymmetric public keys The public key of an asymmetric key pair needs to be distributed to, and stored by, one or more users for subsequent use as an encipherment key and/or signature verification key, or for use in a key agreement mechanism. Although this k

46、ey need not be protected from disclosure, the distribution and storage procedures shall ensure that key authenticity and integrity is maintained as defined in 5.6.1. Mechanisms for the distribution of asymmetric public keys are described in ISO/IEC 11770-3. 4.4 Storage and transfer of asymmetric pri

47、vate keys The private key of an asymmetric key pair does not necessarily need to be distributed to any entity. In some cases it can be maintained only within the secure cryptographic device (SCD) that generated it. If it must be output from the SCD that generated it (e.g., for transfer to another SC

48、D where it is to be used, or for backup purposes) it shall be protected from compromise by at least one of the following techniques: encipherment with another cryptographic key as defined in 5.2; if non-encrypted and outside an SCD, as key shares using an acceptable key segmentation algorithm (see c

49、lause 6.3.2.3 and Bibliography 8); outputting into another SCD, which either is the SCD where it is to be used, or is a secure key transfer device intended for this use; if the communications path is not fully secured, then the transfer shall only be permitted inside a secure environment. The integrity of the private key shall be ensured using one of the techniques defined in 5.6.2. 5 Techniques for the provision of key management ser

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1