• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

BS ISO 11568-1:2005

Superseded
Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by
superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

Banking. Key management (retail) Principles
Available format(s)

Hardcopy , PDF

Superseded date

02-03-2023

Language(s)

English

Published date

10-09-2005

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Aspects of key management
   4.1 Purpose of security
   4.2 Level of security
   4.3 Key management objectives
5 Principles of key management
6 Cryptosystems
   6.1 Overview
   6.2 Cipher systems
   6.3 Symmetric cipher systems
   6.4 Asymmetric cipher systems
   6.5 Other cryptosystems
7 Physical security for cryptographic environments
   7.1 Physical security considerations
   7.2 Secure cryptographic device
   7.3 Physically secure environment
8 Security considerations
   8.1 Cryptographic environments for secret/private keys
   8.2 Cryptographic environments for public keys
   8.3 Protection against counterfeit devices
9 Key management services for cryptosystems
   9.1 General
   9.2 Separation
   9.3 Substitution prevention
   9.4 Identification
   9.5 Synchronization (availability)
   9.6 Integrity
   9.7 Confidentiality
   9.8 Compromise detection
10 Key life cycles
   10.1 General
   10.2 Common requirements for key life cycles
   10.3 Additional requirements for asymmetric cryptosystems
Annex A (normative) Procedure for approval of additional
        cryptographic algorithms
Annex B (informative) Example of a retail banking environment
Annex C (informative) Examples of threats in the retail
        banking environment
Bibliography

Specifies the principles for the management of keys used in cryptosystems implemented within the retail banking environment. The retail banking environment includes the interface between: - a card accepting device and an acquirer, - an acquirer and a card issuer, - an ICC and a card-accepting device.

This part of ISO11568 specifies the principles for the management of keys used in cryptosystems implemented within the retail banking environment. The retail banking environment includes the interface between

  • a card accepting device and an acquirer,

  • an acquirer and a card issuer,

  • an ICC and a card-accepting device.

An example of this environment is described in AnnexB, and threats associated with the implementation of this part of ISO11568 in the retail banking environment are elaborated in AnnexC.

This part of ISO11568 is applicable both to the keys of symmetric cipher systems, where both originator and recipient use the same secret key(s), and to the private and public keys of asymmetric cryptosystems, unless otherwise stated. The procedure for the approval of cryptographic algorithms used for key management is specified in AnnexA.

The use of ciphers often involves control information other than keys, e.g. initialization vectors and key identifiers. This other information is collectively called “keying material??. Although this part of ISO11568 specifically addresses the management of keys, the principles, services, and techniques applicable to keys may also be applicable to keying material.

This part of ISO11568 is appropriate for use by financial institutions and other organizations engaged in the area of retail financial services, where the interchange of information requires confidentiality, integrity, or authentication. Retail financial services include but are not limited to such processes as POS debit and credit authorizations, automated dispensing machine and ATM transactions, etc.

ISO9564 and ISO16609 specify the use of cryptographic operations within retail financial transactions for personal identification number (PIN) encipherment and message authentication, respectively. The ISO11568 series of standards is applicable to the management of the keys introduced by those standards. Additionally, the key management procedures may themselves require the introduction of further keys, e.g. key encipherment keys. The key management procedures are equally applicable to those keys.

Committee
IST/12
DevelopmentNote
Supersedes 03/319904 DC (11/2005)
DocumentType
Standard
Pages
26
PublisherName
British Standards Institution
Status
Superseded
SupersededBy
Supersedes

Standards Relationship
ISO 11568-1:2005 Identical

ISO 11568-2:2012 Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle
ISO 13491-2:2017 Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions
ISO/TR 9564-4:2004 Banking Personal Identification Number (PIN) management and security Part 4: Guidelines for PIN handling in open networks
ISO 13491-1:2016 Financial services Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods
ISO 16609:2012 Financial services — Requirements for message authentication using symmetric techniques
ISO 9564-1:2017 Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems
ISO 9564-3:2003 Banking Personal Identification Number management and security Part 3: Requirements for offline PIN handling in ATM and POS systems
ISO 9564-2:2014 Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment
ISO 11568-4:2007 Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle

View more information
£198.00
Excluding VAT

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.