1 - AS 2805.6.3-2000 ELECTRONIC FUNDS TRANSFER-REQUIREMENTS FOR INTERFACES - KEY MANAGEMENT-SESSION KEYS-NODE TO NODE
4 - PREFACE
5 - CONTENTS
6 - 1 SCOPE
6 - 2 APPLICATION
6 - 3 REFERENCED DOCUMENTS
7 - 4 DEFINITIONS
7 - 4.1 Acquirer
7 - 4.2 Acquirer network
7 - 4.3 Authentication
7 - 4.4 Back tracking
7 - 4.5 Card issuer
7 - 4.6 Cipher text
7 - 4.7 Completion message
7 - 4.8 Confirmation message
7 - 4.9 Cross domain key
7 - 4.10 Data encipherment algorithm (DEA)
7 - 4.11 Data key (KD)
7 - 4.12 Decipherment
7 - 4.13 Digital signature
8 - 4.14 Dual control
8 - 4.15 Encipherment
8 - 4.16 Encipherment algorithm
8 - 4.17 Hash code
8 - 4.18 Identification
8 - 4.19 Key
8 - 4.20 Key enciphering key (KEK)
8 - 4.21 Key storage
8 - 4.22 Key verification code (KVC)
8 - 4.23 Link
8 - 4.24 MAC key (KMAC)
8 - 4.25 Message authentication code (MAC)
8 - 4.26 Modulo 2 addition
9 - 4.27 Node
9 - 4.28 Non-reversible transformation
9 - 4.29 One way function (OWF)
9 - 4.30 Personal identification number (PIN)
9 - 4.31 PIN block
9 - 4.32 PIN encipherment key (KPE)
9 - 4.33 Plain text
9 - 4.34 Point of service (POS)
9 - 4.35 POS terminal
9 - 4.36 Private key (SK)
9 - 4.37 Public key (PK)
9 - 4.38 Public verification code (PVC)
9 - 4.39 Request message
9 - 4.40 Response message
10 - 4.41 Secret key
10 - 4.42 Secure hash function
10 - 4.43 Security control module (SCM)
10 - 4.44 Session key (KS)
10 - 4.45 Sign
10 - 4.46 Statistically unique
10 - 4.47 Terminal
10 - 4.48 Transaction
10 - 4.49 Verify
11 - 5 OVERVIEW
11 - 5.1 General
11 - 5.2 Objectives of scheme
11 - 5.2.1 General
11 - 5.2.2 Different keys for each function
11 - 5.3 Key hierarchy and management
11 - 5.4 Initialization
11 - 6 DESCRIPTION OF FUNCTIONAL ELEMENTS
11 - 6.1 Double-length key enciphering key variants (KEKVn)
11 - 6.1.1 General
12 - 6.1.2 Input
12 - 6.1.3 Algorithm
12 - 7 OPERATION
12 - 7.1 General
12 - 7.2 Initialization
13 - 7.3 Key confirmation
13 - 7.4 Changing session keys
13 - 7.4.1 General
14 - 7.4.2 Session key change
14 - 7.4.3 Synchronization of session key changes
14 - 7.4.4 Resynchronization
15 - APPENDIX A - NOTATION
15 - A1 SCOPE
15 - A2 OPERATIONS
15 - A3 FIELD NAMES
15 - A3.1 Construction
15 - A3.2 Type letter group
16 - A3.3 Usage letter group
16 - A3.4 Qualifying letter group
16 - A3.5 Suffix
16 - A4 FIELD CONTENTS
17 - A5 EXAMPLES
18 - APPENDIX B - INITIALIZATION SCHEMES
18 - B1 SCOPE
18 - B2 MANUAL
18 - B3 REMOTE
18 - B3.1 General
18 - B3.2 Public key distribution
18 - B3.3 Sequence of events
19 - B4 HYBRID
19 - B4.1 General
20 - AMENDMENT CONTROL SHEET

Specifies management techniques for keys used in the authentication, encryption and decryption of electronic messages relating to financial transactions using session keys.

This Standard specifies management techniques for keys used in the authentication, encipherment and decipherment of electronic messages relating to financial transactions using session keys.In particular, this Standard—(a) defines security interface procedures between nodes;(b) defines methods of interchange of the various encipherment keys used for securing transactions; and(c) ensures that messages can only be authenticated at their correct destination.NOTE: Principles concerning key management and physical security are dealt with in AS 2805.6.1.

Amendment 1 see DR 02434 CP First published as AS 2805.6.3-1998.Second edition 2000.Reconfirmed 2013. Originated as AS 2805.6.3-1998. Second edition 2000. Reissued incorporating Amendment No. 1 (March 2003).