ISO 11568-2:2012 pdf free
ISO 11568-2:2012 pdf free.Financial services一Key management (retail)
The most fundamental cryptographic operations for a symmetric block cipher are to encipher and decipher a block of data using a supplied secret key. For multiple blocks of data, these operations might use a mode of operation of the cipher as described in ISO/IEC 10116. At this level, no meaning is given to the data, and no particular significance is given to the keys. Typically, in order to provide the required protection for keys and other sensitive information, a secure cryptographic device provides a higher level functional interface, whereby each operation includes several of the fundamental cryptographic operations using some combination of keys and data obtained from the interface or from an intermediate result. These complex cryptographic operations are known as functions, and each one operates only on data and keys of the appropriate type.
Application level cryptography assigns meaning to data, and data with differing meanings are manipulated and protected in dfferent ways by the secure cryptographic device. Data with a specific meaning constitutes a data type.
The secure cryptographic device ensures that it is not possible to manipulate a data type in an inappropriate manner. For example, a PIN is a data type which is required to remain secret, whereas other transaction data may constitute a data type which requires authentication but not secrecy.
A cryptographic key may be regarded as a special data type. A secure cryptographic device ensures that a key can exist only in the permitted forms given in
A key is categorized according to the type of data on which it operates and the manner in which it operates.
The secure cryptographic device ensures that key separation is maintained, so that a key cannot be used with an inappropriate data type or in an inappropriate manner. For example, a PIN encipherment key is a key type that is used only to encipher PINs, whereas a key encipherment key (KEK) is a key type that is used only to encipher other keys. Aditinally, a KEK may require categorization such that it operates only on one type of key, e.g. one type of KEK may encipher a PIN encipherment key, while another may encipher a message authentication code (MAC) key.ISO 11568-2 pdf download.