《ISO-13492-2007.pdf》由会员分享,可在线阅读,更多相关《ISO-13492-2007.pdf(18页珍藏版)》请在三一文库上搜索。
1、 Reference number ISO 13492:2007(E) ISO 2007 INTERNATIONAL STANDARD ISO 13492 Second edition 2007-12-15 Financial services Key management related data element Application and usage of ISO 8583 data elements 53 and 96 Services financiers lment de donnes li la gestion des cls Application et utilisatio
2、n des lments de donnes 53 et 96 de lISO 8583 Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 19:30:14 MSTNo reproduction or networking permitted without license from IHS -,-,
3、- ISO 13492:2007(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In dow
4、nloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in th
5、e General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address
6、 given below. COPYRIGHT PROTECTED DOCUMENT ISO 2007 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at
7、 the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2007 All rights reserved Copyright International Organiz
8、ation for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 19:30:14 MSTNo reproduction or networking permitted without license from IHS -,-,- ISO 13492:2007(E) ISO 2007 All rights reserved iii Contents Page Foreword
9、iv Introduction.v 1 Scope1 2 Normative references1 3 Terms and definitions.1 4 Abbreviated terms.2 5 Data representation.3 6 Requirements for key management related data element 4 6.1 Introduction4 6.2 Data element structure4 6.3 Key-set identifier concepts.5 7 Security related control information u
10、sage (data element 53) .5 7.1 Format.5 7.2 Assignment of key-set identifiers9 8 Key management data (data element 96)9 Bibliography10 Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/
11、17/2007 19:30:14 MSTNo reproduction or networking permitted without license from IHS -,-,- ISO 13492:2007(E) iv ISO 2007 All rights reserved Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of prepa
12、ring International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in l
13、iaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task o
14、f technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention i
15、s drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 13492 was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 2, Security managem
16、ent and general banking operations. This second edition cancels and replaces the first edition (ISO 13492:1998), which has been technically revised. Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Japan, IHS Not
17、for Resale, 12/17/2007 19:30:14 MSTNo reproduction or networking permitted without license from IHS -,-,- ISO 13492:2007(E) ISO 2007 All rights reserved v Introduction This International Standard describes the structure and contents of a key management related data element that can be conveyed in el
18、ectronically transmitted messages within the financial services environment to support the secure management of cryptographic keys, where the financial services environment involves the communications between a card-accepting device and an acquirer, and between an acquirer and a card issuer. Key man
19、agement of keys used in an Integrated Circuit Card (ICC) and the related data elements are not covered in this International Standard. This International Standard provides compatibility with the existing ISO standard on bank card originated messages (see ISO 8583). Copyright International Organizati
20、on for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 19:30:14 MSTNo reproduction or networking permitted without license from IHS -,-,- Copyright International Organization for Standardization Provided by IHS unde
21、r license with ISO Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 19:30:14 MSTNo reproduction or networking permitted without license from IHS -,-,- INTERNATIONAL STANDARD ISO 13492:2007(E) ISO 2007 All rights reserved 1 Financial services Key management related data e
22、lement Application and usage of ISO 8583 data elements 53 and 96 1 Scope This International Standard describes a key management related data element that can be transmitted either in transaction messages to convey information about cryptographic keys used to secure the current transaction, or in cry
23、ptographic service messages to convey information about cryptographic keys to be used to secure future transactions. This International Standard addresses the requirements for the use of the key management related data element within ISO 8583, using the following two ISO 8583 data elements: security
24、 related control information (data element 53), or key management data (data element 96). However, these data elements can be usefully employed in other messaging formats, given that the transportation of key management related data is not limited to ISO 8583. This International Standard is applicab
25、le to either symmetric or asymmetric cipher systems. Key management procedures for the secure management of the cryptographic keys within the financial services environment are described in ISO 11568. Security related data, such as PIN data and MACs, are described in ISO 9564 and ISO 16609, respecti
26、vely. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 7812-1, Iden
27、tification cards Identification of issuers Part 1: Numbering system ISO/IEC 7812-2, Identification cards Identification of issuers Part 2: Application and registration procedures ISO 8583-1, Financial transaction card originated messages Interchange message specifications Part 1: Messages, data elem
28、ents and code values 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 8583-1 and the following apply. 3.1 asymmetric cipher cipher in which the encipherment key and the decipherment key are different and it is computationally infeasible to deduce the
29、(private) decipherment key from the (public) encipherment key Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 19:30:14 MSTNo reproduction or networking permitted without lice
30、nse from IHS -,-,- ISO 13492:2007(E) 2 ISO 2007 All rights reserved 3.2 cipher pair of operations that effect transformations between plaintext and ciphertext under the control of a parameter called a key NOTE The encipherment operation transforms data (plaintext) into an unintelligible form (cipher
31、text). The decipherment operation restores the original text. 3.3 cryptographic algorithm set of rules for the transformation of data using a cryptographic key EXAMPLE The transformation of plaintext to ciphertext and vice versa (i.e. a cipher); generation of keying material; digital signature compu
32、tation or validation. 3.4 cryptographic key key parameter that determines the operation of a cryptographic algorithm 3.5 cryptographic service message message for transporting cryptographic keys or related information used to control a keying relationship 3.6 derived unique key per transaction key m
33、anagement method which uses a unique key for each transaction and prevents the disclosure of any past key used by the transaction-originating TRSM NOTE The unique Transaction Keys are derived from a base derivation key using only non-secret data transmitted as part of each transaction. 3.7 primary k
34、ey key for a transaction from which other keys for the transaction are produced NOTE This can be done by means of variants or transformations. 3.8 symmetric cipher cryptographic algorithm using the same secret cryptographic key for both encipherment and decipherment 3.9 transaction message message u
35、sed to convey information related to a financial transaction 4 Abbreviated terms AES Advanced Encryption Standard BCD Binary Coded Decimal CAID Card Acceptor Identifier CBC Cipher Block Chaining DEA Data Encryption Algorithm Copyright International Organization for Standardization Provided by IHS un
36、der license with ISO Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 19:30:14 MSTNo reproduction or networking permitted without license from IHS -,-,- ISO 13492:2007(E) ISO 2007 All rights reserved 3 DID Device Identifier DUKPT Derived Unique Key per Transaction ECB El
37、ectronic Code Book ECIES Elliptic Curve Integrated Encryption Scheme GID Group Identifier IIC Institution Identification Code IIN Issuer Identification Number KSN Key Serial Number MAC Message Authentication Code PIN Personal Identification Number RSA The Rivest, Shamir and Adleman Public Key Crypto
38、system TC Transaction Counter TDEA Triple Data Encryption Algorithm TRSM Tamper Resistant Security Module 5 Data representation Data fields described in this International Standard are represented as shown in Table 1. Table 1 Data representation Abbreviation Definition a Alphabetic data elements con
39、tain a single character per byte. The permitted characters are alphabetic only (a to z and A to Z, upper and lower case). an Alphanumeric data elements contain a single character per byte. The permitted characters are alphabetic (a to z and A to Z, upper and lowercase) and numeric (0 to 9). ans Alph
40、anumeric special data elements contain a single character per byte. b These data elements consist of either unsigned binary numbers or bit combinations that are defined elsewhere in the specification. Example: a field defined as “b 2” has a length of two bytes such that a value of 19 is stored as He
41、x 00 13. LL Length of variable data element that follows, 01 through 99. LLL Length of variable data element that follows, 001 through 999. n Numeric data elements consist of two numeric digits (having values in the range Hex 0 9) per byte. These digits are right justified and padded with leading he
42、xadecimal zeroes. Other specifications sometimes refer to this data format as Binary Coded Decimal (“BCD”) or unsigned packed. Example: a field defined as “n 12” has a length of six bytes such that a value of 12345 is stored as Hex 00 00 00 01 23 45. Copyright International Organization for Standard
43、ization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=Japan, IHS Not for Resale, 12/17/2007 19:30:14 MSTNo reproduction or networking permitted without license from IHS -,-,- ISO 13492:2007(E) 4 ISO 2007 All rights reserved 6 Requirements for key management related d
44、ata element 6.1 Introduction The key management related data element is constructed from the concatenation of two ISO 8583-1 message elements, data element 53 Security related control information, and data element 96 Key management data. It conveys information about the associated transactions crypt
45、ographic key(s) and is divided into subfields including a control field, a key-set identifier and additional optional information. The control field identifies the key management scheme and associated structure of the remainder of the data element. The use of key-set identifiers provides a standardi
46、zed way to uniquely identify the institution and key- set for a given operation. For key management messages, the key-set identifier specifies the key-set that will be affected by the current operation (e.g. load key-set 2 with key contained in data element 96). For financial transaction messages co
47、ntaining encrypted data, the key-set identifier specifies the key-set that was used. Key management related information that does not change from one transaction to the next need not be conveyed with every transaction. Rather, it may be implicitly known, or it may be installed concurrent with, and s
48、tored in association with, the corresponding key. Examples of information that need not be explicitly identified in the key management related data element include the following: key management technique used for the transactions keys (e.g. static key, unique key per transaction); format of enciphered or authenticated data (e.g. PIN block format); encipherment algorithm used; number of different keys u