【国外标准】 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (Contains Corrigendum)

Covers the manual and automated management of keying material used for financial services such as point-of-sale (POS) transactions (debit and credit), automated teller machine (ATM) transactions, messages among terminals and financial institutions, and interchange messages among acquirers, switches and card issuers. It deals exclusively with management of symmetric keys using symmetric techniques, and specifies the minimum requirements for the management of keying material. Since last publication, this standard has undergone significant modifications in structure and content, including considerations related to the use of the AES algorithm. Implementation details for DUKPT have been moved to part three of X9.24. Addressed herein are activities and requirements related to each stage or event within the key life cycle including generation, distribution, utilization, storage, archiving, replacement and destruction of the keying material. An institution's key management process is not to be implemented or controlled in a manner that has less security, protection, or control than described herein. It is intended that two nodes, if they implement compatible versions of: the same secure key management method, the same secure key identification technique approved for a particular method, and the same key separation methodologies in accordance with this part of this standard, will be interoperable at the application level. Other characteristics may be necessary for node interoperability; however, this part of this standard does not cover such characteristics as message format, communications protocol, transmission speed, or device interface.