1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS X ISO 11568 4 4: KS X ISO 11568 4:2011 2011 12 29 http:/www.kats.go.krKS X ISO 11568 4:2011 : e- ( ) ( ) () ( ) : (http:/www.standard.go.kr) : :2001 12 31 :2011 12 29 2011-0663 : e- : ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO 11568 4:2011 i
2、 ii . iii 1 1 2 1 3 .2 4 .3 4.1 3 4.2 3 4.3 .3 4.4 .4 5 4 5.1 .4 5.2 4 5.3 5 5.4 6 5.5 .6 5.6 .7 6 .8 6.1 .8 6.2 8 6.3 .12 6.4 14 6.5 .14 6.6 16 6.7 .16 6.8 17 6.9 .17 6.10 18 6.11 18 6.12 18 6.13 18 6.14 19 6.15 .19 6.16 19 A( ) 20 A.1 20 A.2 .20 B( ) 21 KS X ISO 11568 4:2011 22 KS X ISO 11568 4:20
3、11 ii . A( ) B( ) KS X ISO 11568 “ ( )” . 1: (KS X ISO 11568 1) 2: (KS X ISO 11568 2) 3: (KS X ISO 11568 3) 4: (KS X ISO 11568 4) KS X ISO 11568 4:2011 iii 2007 2 ISO 11568 4, Banking Key management(retail) Part 4 :Asymmetric cryptosystems Key management and life cycle . KS X ISO 11568 4:2011 4: Ban
4、king Key management(retail) Part 4: Asymmetric cryptosystems Key management and life cycle 1 . KS X ISO 11568 1 . . IC 2 . . ( ) . KS X ISO 9564 1, 1: PIN KS X ISO/IEC 9796 2: 2011, 2: (Integer factorization) KS X ISO 11568 1, ( ) 1: KS X ISO 11568 2, ( ) 2: KS X ISO 13491 2, ( ) KS X ISO/IEC 14888
5、3_2001, 3: KS X ISO 15782 1: 2007, 1: KS X ISO/IEC 15946 3: 2008, 3: KS X ISO 16609: 2007, KS X ISO/IEC 18033 2, 2: ANSI X9.42 2003, Public Key Cryptography for the Financial Services Industry : Agreement of Symmetric Keys Using Discrete Logarithm Cryptography KS X ISO 11568 4:2011 2 3 . 3.1 (asymme
6、tric cipher) 3.2 (asymmetric cryptosystem) ( ) , 3.3 (asymmetric key pair generator) 3.4 (certificate) (CA) 3.5 (certification authority) CA , 3.6 (communicating party) 3.7 (computationally infeasible) 3.8 (credentials) . 3.9 (cyptoperiod) , 3.10 (digital signature system) KS X ISO 11568 4:2011 3 3.
7、11 (hash function) . 3.12 (independent communication) ( ) 3.13 (key agreement) 3.14 (key share) , 3.15 (non-repudiation of origin) ( ) 4 4.1 , , . . , . . 5. . 6. . 4.2 . KS X ISO/IEC 11770 3 . KS X ISO 11568 2 . 4.3 , , . , KS X ISO 11568 4:2011 4 (5.6.1 ). KS X ISO/IEC 11770 3 . 4.4 . . ( ), . (5.
8、2 ) , 2 . , , (6.3.2.3 8 ) ( , ). 5.6.2 . 5 5.1 KS X ISO 11568 1 , . . , . . . KS X ISO 13491 1 . 5.2 5.2.1 , . (KEK: Key Encipherment Key) . 2 . a) b) KS X ISO 11568 4:2011 5 5.2.2 . , . KS X ISO 11568 2 . , , . , , , (KS X ISO/IEC 18033 2 ). 5.2.3 . , . (KS X ISO/IEC 10116 ) . . 2s 1T s bits . T ,
9、 . KS X ISO/IEC 10116 , 112-bit TDEA O(k) 2120 log k . k - . 240 - 80 bits 2-key(112-bit) TDEA . 1 . , , . TDEA , / TDEA . 112-bit TDEA 168-bit TDEA 2048-bit RSA . 1 RSA 80 112-bit TDEA(240 ) 1 024 160 112-bit TDEA( ) 112 168-bit TDEA 2 048 224 5.3 KS X ISO 15782 1 , . . . KS X ISO 11568 4:2011 6 ,
10、( , ) . (Certification Authority) 3 . . . . . 5.4 5.4.1 , . . a) b) c) , , 5.4.2 5.4.2.1 . . 5.4.2.2 , . 5.4.2.3 , . 5.5 . - (KVC, Key Verification Code) . , KVC KS X ISO/IEC 10118 . KS X ISO 11568 4:2011 7 KVC , . KVC KVC , . . a) b) c) KVC - . , KVC KVC . / ( ) KVC / KVC KVC ( ) . . KVC (KS X ISO
11、16609 ), KVC / ( )( , ) / KVC / 5.6 5.6.1 . , (digital signature system) (5.3, 6. ) KS X ISO 16609 (KS X ISO 13491 1, KS X ISO 13491 2 ) . 5.5 5.6.2 . KS X ISO 16609 (KS X ISO 13491 1, KS X ISO 13491 2 ) KS X ISO 11568 4:2011 8 6 6.1 3 . a) (pre-use): b) (use): , c) (post-use): (S) (P) 1 2 . . KS X
12、ISO 15782 1 . . . (party) (6.4 ) (party) (6.5 ) . (6.11 ) (6.12 ) (6.14 ) . . 6.2 . 1 . 2 . 3 . 6.2 6.2.1 . . . KS X ISO 11568 4:2011 9 . . . (non-repudiation service) 3 . . . (seed elements) . . . . CA, , 3 (third party) . 6.2.26.2.4 . 6.2.2 (Certification authority) , 6.5 . . 6.2.3 (Key pair owner
13、) . , . KS X ISO 11568 4:2011 10 1 KS X ISO 11568 4:2011 11 2 6.2.4 3 (Third party) 3 , 6.5 KS X ISO 11568 4:2011 12 . 3 6.5.2 . 3 . 6.3 6.3.1 , . . . 6.3.2 6.3.2.1 . a) : b) : (quorum)( ) c) : 6.3.2.2 . KS X ISO 13491 1 . 6.3.2.3 . . . . . , . (KS X ISO 13491 2 ). (key mailer) . , (envelope) . . KS X ISO 11568 4:2011 13 . (: ) , . 6.3.