ISO - DIS 11568
Financial services — Key management (retail) — Principles, symmetric ciphers and asymmetric cryptosystems, their key management and life cycle
|Publication Date:||20 April 2021|
|ICS Code (IT applications in banking):||35.240.40|
This standard specifies the principles for the management of keys used in the retail financial services environment, which includes the interface between:
• a card accepting device and an Acquirer
• an Acquirer and a card Issuer
• an ICC and a card accepting device
The roles within the retail payment environment are described in Annex J.
This standard covers all methods (manual, automated, or any combination thereof) for management of keying material used for financial services such as POS or ATM transactions, messages between terminals and financial institutions, and interchange messages between Acquirers, switches and card Issuers.
Specified herein are the minimum requirements for the management of keying material. Addressed are key storage and all phases of the key management life cycle, including the generation, distribution, utilization, archiving, replacement and destruction of the keying material.
Included are requirements related to the following concepts:
• key separation;
• key substitution prevention;
• key identification;
• key synchronization;
• key integrity;
• key confidentiality;
• key logging and auditing
• key compromise detection.
Requirements associated with hardware used to manage keys have also been included in this standard.
Derived Unique Key Per Transaction
This standard includes AES DUKPT as a method to derive unique initial DUKPT keys and unique transaction key(s) from a single base key. Keys that can be derived include symmetric encryption/decryptio
Implementations using AES DUKPT as described in this standard provide for the generation of unique transactions key(s) from an initial DUKPT key, in such a way that (1) the originating device does not preserve any information that could be used to derive the transaction key after the transaction has been completed, and (2) the Hardware Security Module at the receiving institution can derive the same transaction key(s) with limited information stored in the receiving system. This is an update to the original Derived Unique Key Per Transaction (DUKPT) algorithm method based on TDEA. This update is based on AES and offers a number of other security improvements. Keys can be derived for use with either the AES or TDEA algorithm.
The implementation described in this standard is recommended for new DUKPT implementations. For legacy purposes, the original TDEA DUKPT implementation as described in Annex A of ANSI X9.24 Part 1 - 2009 is included this document as Annex I.
Symmetric Key Distribution using Asymmetric Techniques
Compliant implementation of requirements for secure management of symmetric keys requires (among other things) unique key relationships and strict enforcement of dual control and split knowledge processes when handling cleartext keying material. This includes keys deployed to remote devices or established between communicating pairs. Historically, compliant implementation of key distribution has been a manually performed, physically on-site process that is difficult to manage, costly, and/or non-existent (i.e., not compliant). An automated rather than manual method of distributing symmetric keys can address these issues and result in improved security of the financial services environment.
The use of public key cryptography and associated asymmetric key algorithms is one solution for automated remote symmetric key distribution, and therefore included in this key management standard. This solution is referred to as Symmetric Key Distribution using Asymmetric Techniques (SKDAT).
The functional roles for SKDAT are described in Annex K.
This standard does not specifically address internet banking services offered by an issuer to their own customers through that financial institution's website or applications.
This standard does not address using asymmetric keys to encrypt the Personal Identification Number (PIN) or any other data and does not address asymmetric keys managed with asymmetric keys.
This standard is not intended to apply to the management of the keys installed in an ICC during manufacturing, or the initial key established in an ICC during card personalization.
This standard governs the management of cryptographic keys that can be used to protect sensitive information in financial services related to retail payments. While it is designed with that environment in mind, it may also be used in unrelated applications.
This standard establishes the minimum requirements and provides guidance for the secure management and application-level interoperability of key operations. For example, such keys could be used for:
• authenticating messages (see References 3, 9, and 3)
• encrypting Personal Identification Numbers (PIN) (see Reference 1)
• encrypting other data
• encrypting or deriving cryptographic keys
• automated symmetric key distribution using asymmetric techniques