BS ISO 11568-4-2007 Banking - Key management (retail) - Asymmetric cryptosystems - Key management and life cycle《银行业务 密钥管理(零售) 不对称密码系统 密钥管理和生命圈》.pdf

1、 g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g44g55g55g40g39g3g37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58Key management and life cycleICS 35.240.40Banking Key management (retail) Part 4: Asymmetric crypto

2、systems BRITISH STANDARDBS ISO 11568-4:2007BS ISO 11568-4:2007This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 July 2007 BSI 2007ISBN 978 0 580 54358 6Amendments issued since publicationAmd. No. Date CommentsCompliance with a British Standa

3、rd cannot confer immunity from legal obligations.National forewordThis British Standard is the UK implementation of ISO 11568-4:2007. The UK participation in its preparation was entrusted to Technical Committee IST/12, Banking, securities and other financial services.A list of organizations represen

4、ted on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application.Reference numberISO 11568-4:2007(E)INTERNATIONAL STANDARD ISO11568-4Second edition2007-07-01Ban

5、king Key management (retail) Part 4: Asymmetric cryptosystems Key management and life cycle Banque Gestion de cls (services aux particuliers) Partie 4: Cryptosystmes asymtriques Gestion des cls et cycle de vie BS ISO 11568-4:2007ii iiiContents Page Foreword iv Introduction v 1 Scope . 1 2 Normative

6、references . 1 3 Terms and definitions. 2 4 Uses of asymmetric cryptosystems in retail financial services systems. 3 4.1 General. 3 4.2 Establishment and storage of symmetric keys . 4 4.3 Storage and distribution of asymmetric public keys 4 4.4 Storage and transfer of asymmetric private keys . 4 5 T

7、echniques for the provision of key management services 4 5.1 Introduction . 4 5.2 Key encipherment. 4 5.3 Public key certification. 5 5.4 Key separation techniques 6 5.5 Key verification . 6 5.6 Key integrity techniques 7 6 Asymmetric key life cycle 8 6.1 Key life cycle phases 8 6.2 Key life cycle s

8、tages Generation 9 6.3 Key storage . 12 6.4 Public key distribution . 14 6.5 Asymmetric key pair transfer 14 6.6 Authenticity prior to use 16 6.7 Use 17 6.8 Public key revocation. 17 6.9 Replacement 18 6.10 Public key expiration 18 6.11 Private key destruction 18 6.12 Private key deletion 19 6.13 Pu

9、blic key archive. 19 6.14 Private key termination 19 6.15 Erasure summary 20 6.16 Optional life cycle processes 20 Annex A (normative) Approved algorithms. 21 Bibliography . 22 BS ISO 11568-4:2007iv Foreword ISO (the International Organization for Standardization) is a worldwide federation of nation

10、al standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. Internatio

11、nal organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rule

12、s given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at l

13、east 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 11568-4 was prepared by Technical Committee ISO/TC

14、 68, Financial services, Subcommittee SC 2, Financial services, Security. This second edition cancels and replaces the first edition (ISO 11568-4:1998) which has been technically revised and incorporates revised text from the former part 5. ISO 11568 consists of the following parts, under the genera

15、l title Banking Key management (retail): Part 1: Principles Part 2: Symmetric ciphers, their key management and life cycle Part 3: Key life cycle for symmetric ciphers (withdrawn; incorporated into Part 2) Part 4: Asymmetric cryptosystems Key management and life cycle Part 5: Key life cycle for publ

16、ic key cryptosystems Part 6: Key management schemes (withdrawn) BS ISO 11568-4:2007vIntroduction ISO 11568 is one of a series of International Standards describing procedures for the secure management of cryptographic keys used to protect messages in a retail financial services environment; e.g. mes

17、sages between an acquirer and a card acceptor, or an acquirer and a card issuer. This part of ISO 11568 addresses the key management requirements that are applicable in the domain of retail financial services. Typical of such services are point-of-sale/point-of-service (POS) debit and credit authori

18、zations and automated teller machines (ATM) transactions. ISO 11568-2 and ISO 11568-4 describe key management techniques which, when used in combination, provide the key management services identified in ISO 11568-1. These services are: a) key separation; b) key substitution prevention; c) key ident

19、ification; d) key synchronization; e) key integrity; f) key confidentiality; g) key compromise detection. This part of ISO 11568 also describes the key life cycle in the context of secure management of cryptographic keys for asymmetric cryptosystems. It states both requirements and implementation me

20、thods for each step in the life of such a key, utilizing the key management principles, services and techniques described herein and in ISO 11568-1. This part of ISO 11568 does not cover the management or key life cycle for keys used in symmetric ciphers, which are covered in ISO 11568-2. This part

21、of ISO 11568 is one of a series that describes requirements for security in the financial services environment, as follows: ISO 9564-1; ISO 9564-2; ISO 9564-3; ISO/TR 9564-4; ISO 11568; ISO 13491; ISO/TR 19038. BS ISO 11568-4:2007blank1Banking Key management (retail) Part 4: Asymmetric cryptosystems

22、 Key management and life cycle 1 Scope This part of ISO 11568 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail financial services environment using asymmetric cryptosystems and the life cycle management of the associated asymmetric keys. The techniqu

23、es described in this part of ISO 11568 enable compliance with the principles described in ISO 11568-1. For the purposes of this document, the retail financial services environment is restricted to the interface between: a card-accepting device and an acquirer; an acquirer and a card issuer; an ICC a

24、nd a card-accepting device. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies

25、. ISO 9564-1, Banking Personal Identification Number (PIN) management and security Part 1: Basic principles and requirements for online PIN handling in ATM and POS systems ISO/IEC 9796-2:2002, Information technology Security techniques Digital signature schemes giving message recovery Part 2: Intege

26、r factorization based mechanisms ISO/IEC 10116:1997, Information technology Security techniques Modes of operation for an n-bit block cipher ISO/IEC 10118 (all parts), Information technology Security techniques Hash functions ISO 11568-1, Banking Key management (retail) Part 1: Principles ISO 11568-

27、2, Banking Key management (retail) Part 2: Symmetric ciphers, their key management and life cycle ISO/IEC 11770-3, Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques ISO 13491-1, Banking Secure cryptographic devices (retail) Part 1: Concepts, req

28、uirements and evaluation methods ISO 13491-2, Banking Secure cryptographic devices (retail) Part 2: Security compliance checklists for devices used in financial transactions BS ISO 11568-4:20072 ISO/IEC 14888-3, Information technology Security techniques Digital signatures with appendix Part 3: Disc

29、rete logarithm based mechanisms ISO 15782-1:2003, Certificate management for financial services Part 1: Public key certificates ISO/IEC 15946-3:2002, Information technology Security techniques Cryptographic techniques based on elliptic curves Part 3: Key establishment ISO 16609:2004, Banking Require

30、ments for message authentication using symmetric techniques ISO/IEC 18033-2, Information technology Security techniques Encryption algorithms Part 2: Asymmetric ciphers ANSI X9.42-2003, Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm

31、Cryptography 3 Terms and definitions For the purposes of this document, the definitions in ISO 11568-1, ISO 11568-2 and the following apply. 3.1 asymmetric cipher cipher in which the encipherment key and the decipherment key are different, and in which it is computationally infeasible to deduce the

32、(private) decipherment key from the (public) encipherment key 3.2 asymmetric cryptosystem cryptosystem consisting of two complementary operations each utilizing one of two distinct but related keys, the public key and the private key, having the property that it is computationally infeasible to dete

33、rmine the private key from the public key 3.3 asymmetric key pair generator secure cryptographic device used for the generation of asymmetric cryptographic keys 3.4 certificate credentials of an entity, signed using the private key of the certification authority which issued it, and thereby rendered

34、 unforgeable 3.5 certification authority CA entity trusted by one or more entities to create, assign and revoke or hold public key certificates NOTE Optionally the certification authority can create and assign keys to the entities. 3.6 communicating party party that sends or receives the public key

35、for the communication with the party that owns the public key 3.7 computationally infeasible property that a computation is theoretically achievable but is not feasible in terms of the time or resources required to perform it BS ISO 11568-4:200733.8 credentials identification data for an entity, inc

36、orporating at a minimum the entitys distinguished name and public key NOTE Additional data can be included. 3.9 cryptoperiod time span during which a specific key is authorized for use or in which the keys for a given system may remain in effect 3.10 digital signature system asymmetric cryptosystem

37、that provides for the creation and subsequent verification of digital signatures 3.11 hash function one-way function that maps a set of strings of arbitrary length on to a set of fixed-length strings of bits NOTE A collision-resistant hash function is one with the property that it is computationally

38、 infeasible to construct distinct inputs that map to the same output. 3.12 independent communication process that allows an entity to counter-verify the correctness of a credential and identification documents prior to producing a certificate (e.g., call-back, visual identification, etc.) 3.13 key a

39、greement process of establishing a shared secret key between entities in such a way that neither of them can predetermine the value of that key 3.14 key share one of at least two parameters related to a cryptographic key generated in such a way that a quorum of such parameters can be combined to for

40、m the cryptographic key but such that fewer than a quorum provide no information about the key 3.15 non-repudiation of origin property that the originator of a message and associated cryptographic check value (i.e., digital signature) is not able to subsequently deny, with an accepted level of credi

41、bility, having originated the message 4 Uses of asymmetric cryptosystems in retail financial services systems 4.1 General Asymmetric cryptosystems include asymmetric ciphers, digital signature systems and key agreement systems. In financial services systems, asymmetric cryptosystems are used predomi

42、nantly for key management; firstly for the management of the keys of symmetric ciphers, and secondly for the management of the keys of the asymmetric cryptosystems themselves. This clause describes these applications of asymmetric cryptosystems. Clause 5 describes the techniques employed in support

43、of these applications relating to key management services and certificate management. Clause 6 describes how these techniques and methods are used in relation to the security and implementation requirements for the key pair life cycle. BS ISO 11568-4:20074 4.2 Establishment and storage of symmetric

44、keys Keys of a symmetric cipher may be established by key transport or by key agreement. Mechanisms for key transport and key agreement are described in ISO/IEC 11770-3. The mechanisms used shall ensure the authenticity of the communicating parties. Symmetric keys shall be stored as described in ISO

45、 11568-2. 4.3 Storage and distribution of asymmetric public keys The public key of an asymmetric key pair needs to be distributed to, and stored by, one or more users for subsequent use as an encipherment key and/or signature verification key, or for use in a key agreement mechanism. Although this k

46、ey need not be protected from disclosure, the distribution and storage procedures shall ensure that key authenticity and integrity is maintained as defined in 5.6.1. Mechanisms for the distribution of asymmetric public keys are described in ISO/IEC 11770-3. 4.4 Storage and transfer of asymmetric pri

47、vate keys The private key of an asymmetric key pair does not necessarily need to be distributed to any entity. In some cases it can be maintained only within the secure cryptographic device (SCD) that generated it. If it must be output from the SCD that generated it (e.g., for transfer to another SC

48、D where it is to be used, or for backup purposes) it shall be protected from compromise by at least one of the following techniques: encipherment with another cryptographic key as defined in 5.2; if non-encrypted and outside an SCD, as key shares using an acceptable key segmentation algorithm (see c

49、lause 6.3.2.3 and Bibliography 8); outputting into another SCD, which either is the SCD where it is to be used, or is a secure key transfer device intended for this use; if the communications path is not fully secured, then the transfer shall only be permitted inside a secure environment. The integrity of the private key shall be ensured using one of the techniques defined in 5.6.2. 5 Techniques for the provision of key management ser