1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS ISO 11568-2:2012Financial services Keymanagement (retail)Part 2: Symmetric ciphers, their keymanagement and life cycleBS ISO 11568-2:2012 BRITISH STANDARDNational forewordThis
2、 British Standard is the UK implementation of ISO 11568-2:2012.It supersedes BS ISO 11568-2:2005 which is withdrawn.The UK participation in its preparation was entrusted to TechnicalCommittee IST/12, Financial services.A list of organizations represented on this committee can beobtained on request t
3、o its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2012. Published by BSI StandardsLimited 2012ISBN 978 0 580 72167 0ICS 35.240.40Compliance with a British Standar
4、d cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on 31 March 2012.Amendments issued since publicationDate Text affectedBS ISO 11568-2:2012 ISO 2012Financial services Key management (retail) Part 2: Sy
5、mmetric ciphers, their key management and life cycleServices financiers Gestion de cls (services aux particuliers) Partie 2: Algorithmes cryptographiques symtriques, leur gestion de cls et leur cycle de vieINTERNATIONAL STANDARDISO11568-2Third edition2012-02-01Reference numberISO 11568-2:2012(E)BS I
6、SO 11568-2:2012ISO 11568-2:2012(E)ii ISO 2012 All rights reservedCOPYRIGHT PROTECTED DOCUMENT ISO 2012All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm
7、, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgPublished in SwitzerlandBS ISO 11568-2:2012IS
8、O 11568-2:2012(E) ISO 2012 All rights reserved iiiContents PageForeword ivIntroduction v1 Scope 12 Normative references . 13 Terms and definitions . 14 General environment for key management techniques 44.1 General . 44.2 Functionality of a secure cryptographic device . 44.3 Key generation . 54.4 Ke
9、y calculation (variants) . 64.5 Key hierarchies 64.6 Key life cycle . 74.7 Key storage . 94.8 Key restoration from back-up 104.9 Key distribution and loading 104.10 Key use . 114.11 Key cryptoperiod . 114.12 Key replacement 124.13 Key destruction 124.14 Key deletion 124.15 Key archive .134.16 Key te
10、rmination 135 Techniques for the provision of key management services 135.1 General .135.2 Key encipherment .135.3 Key variants 135.4 Key derivation 145.5 Key transformation .145.6 Key offsetting .155.7 Key notarization .165.8 Key tagging .165.9 Key verification 185.10 Key identification .185.11 Con
11、trols and audit .195.12 Key integrity 196 Symmetric key life cycle 206.1 General .206.2 Key generation .206.3 Key storage .206.4 Key restoration from back-up 216.5 Key distribution and loading 216.6 Key use .236.7 Key replacement 236.8 Key destruction, deletion, archive and termination .237 Key mana
12、gement services cross-reference .24Annex A (normative) Notation used in this part of ISO 11568 26Annex B (normative) Approved algorithms for symmetric key management 27Annex C (normative) Abbreviations 28Bibliography .29BS ISO 11568-2:2012ISO 11568-2:2012(E)ForewordISO (the International Organizatio
13、n for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has
14、 the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.Intern
15、ational Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publicatio
16、n as an International Standard requires approval by at least 75 % of the member bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
17、ISO 11568-2 was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 2, Financial Services, security.This third edition cancels and replaces the second edition (ISO 11568-2:2005), which has been technically revised.ISO 11568 consists of the following parts, under the genera
18、l title Financial services Key management (retail) : Part 1: Principles Part 2: Symmetric ciphers, their key management and life cycle Part 4: Asymmetric cryptosystems Key management and life cycleiv ISO 2012 All rights reservedBS ISO 11568-2:2012ISO 11568-2:2012(E)IntroductionISO 11568 is one of a
19、series of standards describing procedures for the secure management of cryptographic keys used to protect messages in a retail financial services environment, for instance, messages between an acquirer and a card acceptor, or an acquirer and a card issuer.This part of ISO 11568 addresses the key man
20、agement requirements that are applicable in the domain of retail financial services. Typical of such services are point-of-sale/point-of-service (POS) debit and credit authorizations and automated teller machine (ATM) transactions.This part of ISO 11568 describes key management techniques which, whe
21、n used in combination, provide the key management services identified in ISO 11568-1. These services are: key separation; key substitution prevention; key identification; key synchronization; key integrity; key confidentiality; key compromise detection.The key management services and corresponding k
22、ey management techniques are cross-referenced in Clause 7.This part of ISO 11568 also describes the key life cycle in the context of secure management of cryptographic keys for symmetric ciphers. It states both requirements and implementation methods for each step in the life of such a key, utilizin
23、g the key management principles, services and techniques described herein and in ISO 11568-1. This part of ISO 11568 does not cover the management or key life cycle for keys used in asymmetric ciphers, which are covered in ISO 11568-4.In the development of ISO 11568, due consideration was given to I
24、SO/IEC 11770; the mechanisms adopted and described in this part of ISO 11568 are those required to satisfy the needs of the financial services industry. ISO 2012 All rights reserved vBS ISO 11568-2:2012BS ISO 11568-2:2012Financial services Key management (retail) Part 2: Symmetric ciphers, their key
25、 management and life cycle1 ScopeThis part of ISO 11568 specifies techniques for the protection of symmetric and asymmetric cryptographic keys in a retail banking environment using symmetric ciphers and the life-cycle management of the associated symmetric keys. The techniques described enable compl
26、iance with the principles described in ISO 11568-1.The techniques described are applicable to any symmetric key management operation. The notation used in this part of ISO 11568 is given in Annex A.Algorithms approved for use with the techniques described in this part of ISO 11568 are given in Annex
27、 B.2 Normative referencesThe following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO 9564-1, Financial ser
28、vices Personal Identification Number (PIN) management and security Part 1: Basic principles and requirements for PINs in card-based systemsISO/IEC 10116, Information technology Security techniques Modes of operation for an n-bit block cipherISO 11568-1:2005, Banking Key management (retail) Part 1: P
29、rinciplesISO 11568-4, Banking Key management (retail) Part 4: Asymmetric cryptosystems Key management and life cycleISO 13491-1, Banking Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methodsISO 13491-2:2005, Banking Secure cryptographic devices (retail) Part 2:
30、Security compliance checklists for devices used in financial transactionsISO 16609, Financial services Requirements for message authentication using symmetric techniquesISO/IEC 18033-3, Information technology Security techniques Encryption algorithms Part 3: Block ciphers3 Terms and definitionsFor t
31、he purposes of this document, the following terms and definitions apply.NOTE Abbreviations used in this part of ISO 11568 are given in Annex C. INTERNATIONAL STANDARD ISO 11568-2:2012(E) ISO 2012 All rights reserved 1BS ISO 11568-2:2012ISO 11568-2:2012(E)3.1cipherpair of operations that effect trans
32、formations between plaintext and ciphertext under the control of a parameter called a keyNOTE The encipherment operation transforms data (plaintext) into an unintelligible form (ciphertext). The decipherment operation restores the plaintext.3.2counterincrementing count used between two parties, e.g.
33、 to control successive key distributions under a particular key encipherment key3.3cryptographic keymathematical value that is used in an algorithm to transform plain text into cipher text, or vice versa3.4data integrityproperty that data has not been altered or destroyed in an unauthorized manner3.
34、5data keycryptographic key used for the encipherment, decipherment or authentication of data3.6dual controlprocess of utilizing two or more separate entities (usually persons) operating in concert to protect sensitive functions or information, whereby no single entity is able to access or utilize th
35、e materialsNOTE Materials might be, for example, the cryptographic key.3.7hexadecimal digitsingle character in the range 0 to 9, A to F (upper case), representing a four-bit string3.8key componentone of at least two randomly or pseudo-randomly generated parameters having the characteristics (e.g. fo
36、rmat, randomness) of a cryptographic key that is combined with one or more like parameters (e.g. by means of modulo-2 addition) to form a cryptographic key3.9key mailertamper-evident envelope that has been designed to convey a key component to an authorized person3.10key offsetoffsetresult of adding
37、 a counter to a cryptographic key using modulo-2 addition3.11key spaceset of all possible keys used within a cipher3.12key transfer devicesecure cryptographic device that provides key import, storage and export functionalitiesNOTE See ISO 13491-2:2005, Annex F.2 ISO 2012 All rights reservedBS ISO 11
38、568-2:2012ISO 11568-2:2012(E)3.13key transformationderivation of a new key from an existing key using a non-reversible process3.14MACmessage authentication codecode in a message between an originator and a recipient, used to validate the source and part or all of the text of a messageNOTE The code i
39、s the result of an agreed calculation.3.15modulo-2 additionXORexclusive-orbinary addition with no carry, giving the following values:0 + 0 = 00 + 1 = 11 + 0 = 11 + 1 = 03.16n-bit block cipherblock cipher algorithm with the property that plaintext blocks and ciphertext blocks are n-bits in length3.17
40、notarizationmethod of modifying a key encipherment key in order to authenticate the identities of the originator and the ultimate recipient3.18originatorparty that is responsible for originating a cryptographic message3.19pseudo-randomstatistically random and essentially unpredictable although gener
41、ated by an algorithmic processNOTE Pseudo-random number generators commonly found in commercial software packages do not provide sufficient randomness for use in cryptographic operations.3.20recipientparty that is responsible for receiving a cryptographic message3.21secure cryptographic deviceSCDdev
42、ice that provides secure storage for secret information, such as keys, and provides security services based on this secret informationNOTE See ISO 13491-2. ISO 2012 All rights reserved 3BS ISO 11568-2:2012ISO 11568-2:2012(E)3.22split knowledgecondition under which two or more parties separately and
43、confidentially have custody of the constituent part of a single cryptographic key which, individually, conveys no knowledge of the resultant cryptographic key4 General environment for key management techniques4.1 GeneralThe techniques that may be used to provide the key management services are descr
44、ibed in Clause 5 and the key life cycle in Clause 6. This clause describes the environment within which those techniques operate and introduces some fundamental concepts and operations, which are common to several techniques.4.2 Functionality of a secure cryptographic device4.2.1 GeneralThe most fun
45、damental cryptographic operations for a symmetric block cipher are to encipher and decipher a block of data using a supplied secret key. For multiple blocks of data, these operations might use a mode of operation of the cipher as described in ISO/IEC 10116. At this level, no meaning is given to the
46、data, and no particular significance is given to the keys. Typically, in order to provide the required protection for keys and other sensitive information, a secure cryptographic device provides a higher level functional interface, whereby each operation includes several of the fundamental cryptogra
47、phic operations using some combination of keys and data obtained from the interface or from an intermediate result. These complex cryptographic operations are known as functions, and each one operates only on data and keys of the appropriate type.4.2.2 Data typesApplication level cryptography assign
48、s meaning to data, and data with differing meanings are manipulated and protected in different ways by the secure cryptographic device. Data with a specific meaning constitutes a data type.The secure cryptographic device ensures that it is not possible to manipulate a data type in an inappropriate m
49、anner. For example, a PIN is a data type which is required to remain secret, whereas other transaction data may constitute a data type which requires authentication but not secrecy.A cryptographic key may be regarded as a special data type. A secure cryptographic device ensures that a key can exist only in the permitted forms given in 4.7.2.4.2.3 Key typesA key is categorized according to the type of data on which it operates and the manner in which it operates. The secure cryptographic device ensures
