ISO 11568-2 pdf download – Financial services- Key management(retail)— Part 2: symmetric ciphers, their key management and life cycle

ISO 11568-2 pdf download – Financial services- Key management(retail)— Part 2: symmetric ciphers, their key management and life cycle.
4 General environment for key management techniques
4.1 General
The techniques that may be used to provxte the key management services are described in Clause 5 and the key life cycle in Clause 6. This clause descnbes the environment within which those techniques operate and introduces some fundamental concepts and operations, which are common to several techniques.
4.2 Functionality of a secure cryptographic device
4.2.1 General
The most fundamental cryptographic operations br a synirnetric block cqiher are to encipher and decipher a block of data using a supplied secret key. For multiple blocks of data, these operations might use a mode of operation of the opher as described in ISOIIEC 10116. At this level, no meaning is given to the data, and no particijar significance is given to the keys. Typically. In order to pravide the required protection for keys and other sensitive information, a secure cryptographic device provides a higher levet functional interlace, whereby each operation includes several of the fundamental cryptographic operations using some combination of keys and data obtained from the interface or from an intermediate result. These complex cryptographic operations are known as functions, and each one operates only on data and keys of the appropriate type.
4.2.2 Data types
Application level cryptogmphy assigos meaning to data, and data with differing meanings are manipulated and protected in different ways by the secure cryptoaph.c device. Data with a specific meaning constitutes a data type
The secure cryptographic device ensures that it is not possible to manipulate a data type in an inappropriate manner. For example, a PIN is a data type which is required to remain secret, whereas other transaction data may constitute a data type which requires authentication but not secrecy.
A cryptographic key may be regarded as a special data type. A secure cryptographic device ensures that a key can exist only in the permitted forms given in 4,7.2.
4.2.3 Key types
A key is categorized according to the type of data on which it operates and the manner in which it operates. The secure cryptographic device ensures that key separation is maintained, so that a key cannot be used with an inappropriate data type or Wi an Inappropriate manner. For example, a PIN encipherment key is a key type that is used only to encipher PINs, whereas a key encipherment key (KE.K) is a key type that is used only to encipher other keys. Mditionally. a KEK may require categorizahon 5uch that it operates only on one type of key. e.g. one type of KEK may encipher a PIN encipherment key, while another may encipher a message authentication code (MAC) key.
4.2.4 Cryptographic functions
The set of functions supported by the secure cryptographic device directly reflects the cryptographic requirements of the application. It might include such functions as:
4.7.22 Plaintext key
Plalntext secret keys. the compromise 01’ which would affect multiple parties. shall exist only within a secure cryptographic device.
Plaintext secret keys, the compromise of which would affect only one party, shall exist only within a secure cryptographic device or a physically secure environment operated by a on behalf of that party.
4.7.23 Key components
A key existing in the form of at least two or more separate key components shall be protected by the techniques of split knowledge and dual control.
Key components shall be created such that knowledge of any bit of a component does not provide knowledge of any bit of the corresponding key. For example, each component of a ‘double length’ key is the full length of the final ‘double length’ key.
A key component shall be accessible only to that person or group of persons to whom it has been entrusted for the minimum duration required.
If a key component is in human comprehensible form (e.g. printed in plaintext inside a key mailer) it shall be visible to only one authorized person at only one point in time, and only for as long as required for the component to be entered into a secure cryptographic device.
No person with access to one component of the key shall have access to any other component of that key.
Key components shall be stored in such a way that unauthorized access has a high probability of being detected.
If key components are stored in enciphered form, all requirements for enciphered keys shall apply When it component form, it is recommended that a key encrypting key that protects a large number of keys, such as an acquirer or issuer top-level key, compOses at least three components.
4,72.4 Enciphered key
Encipherment of e key using a KEK shal take place within a secure cryptographic device.
4.7.3 Key Integrity
The integrity of a key shall be protected using techniques such as.