Financial transaction cards - Security architecture of financial transaction systems using integrated circuit cards - Part 7: Key management
Some standard content:
ICS35.240.15
National Standard of the People's Republic of China
GB/T 16790.7—-2006/ISO 10202-7: 1998Financial transaction cards--Security architecture of financial transaction systemsusing integrated circuit cards---Part 7:Key management(ISO 10202-7;1998,IDT)
Published on September 18, 2006
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of ChinaStandardization Administration of the People's Republic of China
Implemented on March 1, 2007
GB/T 16790.7-2006/ISO 10202-7: 1998Foreword
1Scope
2Normative references
3Terms, definitions and abbreviations
General security principles
5Key management requirements for IC card systems
6Keys for IC card systems
7Key life cycle
8Key management services
9IC card and SAM key loading process:
10Symmetric key management technology
11Asymmetric key management technology
12Combination of asymmetric/symmetric key management
Appendix A ( Appendix B (Informative Appendix)
Examples of card lifecycle using symmetric key management. Appendix C (Informative Appendix)
Appendix D (Informative Appendix)
Appendix E (Informative Appendix)
Example of transaction processing key management using symmetric key management technique 3 with implicit key authentication 20 Example of transaction processing key management using public key management in CAD with SAM Example of transaction processing key management using public key management in CAD without SAM++ 21
.......... 22
GB/T 16790. 7-2006/ISO 10202-7: 1998GB/T16790 "Financial transaction cards - Security system of financial transaction systems using integrated circuit cards" includes the following 8 parts: Part 1: Card life cycle
-Part 2: Transaction process
-Part 3: Key relationship
Part 4: Security application module
-Part 5: Algorithm application
Part 6: Cardholder identity verification
-Part 7: Key management
-Part 8: General principles and overview
This part is Part 7 of GB/T16790.
This part is equivalent to ISO10202-7:1998 "Financial transaction cards Security system for financial transaction systems using integrated circuit cards Part 7: Key management" (English version). For ease of use, this part deletes the ISO foreword. Appendices A to E of this part are all informative appendices. This part is proposed by the People's Bank of China.
This part is managed by the National Financial Standardization Technical Committee. The responsible drafting unit of this part: China Financial Electronicization Company. The participating drafting units of this part: People's Bank of China, Bank of China, China Construction Bank, China Everbright Bank, China UnionPay Co., Ltd., Beijing Venusstar Company.
The main drafters of this part: Tan Guoan, Yang Zi, Lu Shuchun, Li Shuguang, Liu Yun, Du Ning, Liu Zhijun, Zhang Yan, Zhang Dedong, Dai Hong, Zhang Xiaodong, Ma Yun, Li Hongjian, Wang Wei, Wang Qin, Sun Weidong, Li Chunhuan. This part is formulated for the first time.
1 Scope
GB/T16790.7--2006/IS0 10202-7:1998 Financial transaction cards Security system for financial transaction systems using integrated circuit cards Part 7: Key management This part specifies the key management requirements for financial transaction systems using integrated circuit cards. It defines the procedures and processes for the security management of keys used during the card life cycle and transaction processing in an integrated circuit card environment. This part describes symmetric and asymmetric key management schemes and specifies minimum key management requirements. Key management is the process in which keys are used between authorized communicating parties and are protected by security procedures until they are destroyed. The security of encrypted data depends on the prevention of the disclosure of keys and the unauthorized modification, replacement, insertion or deletion of keys. Therefore, encryption is related to the procedures for key generation, storage, distribution, use and destruction. Similarly, through the specification of these procedures, audit regulations can be established. This part applies to online and offline transactions between cards and SAM or host modules. 2 Normative references The clauses in the following documents are adopted by GB/T 156-1995 Identification GB 15851-1995 Information technology GB/T16648601996 Identification IEC 7816-3:19890 GB/T 16790.
397 Financial
Lifecycle (idtIs
GB/T16791.1
2-1:198
This part of the referenced document is the latest version of the IC body in the online (end-to-end) environment. The dated reference document uses this part, however, it is encouraged to reach an agreement based on this part and can also
emergency recovery
The latest version of the referenced documents of this point is applicable to this system (idtIS0/IEC7812-1:1993) Xinming scheme (idtIS0/IEC9796:1991) Part: Electronic signaling and transmission protocol (idtISO/Transaction system security architecture Part 1: Card financial acceptance Integrated electronic circuit for simple communication between card and card acceptance equipment Part 1: Concepts and structure (idt ISO9992-1:1999
Part 5: Security system for financial transaction systems using integrated circuit cards GB/T16790.5-2006 Transaction card 1
Application of algorithm (ISO10202-5:1998,
6 Financial transaction card Security system for financial transaction systems using integrated circuit cards Part 6: Cardholder identity confirmation (ISO10202-6:1994, IDPISO/IEC7812-2 Identification card issuer identification Part 2: Application and registration process ISO781 6-4 Information technology Identification cards Integrated circuit cards with contacts Part 4 Commands for exchange between industries ISO7816-5 Identification cards Integrated circuit cards with contacts Part 5 Numbering system and registration procedure for application identifiers ISO8732 Banking business key management (wholesale) ISO8908 Vocabulary and data elements for banking and related financial services ISO9992-2 Financial transaction cards Messages between integrated circuit cards and their receiving devices Part 2: Functions, messages (commands and responses), data elements and structure
ISO10202-2 Financial transaction cards Security system for financial transaction systems using integrated circuit cards Part 2: Transaction process GB/T 16790.7--2006/ISO 10202-7:1998ISO10202-3Financial transaction cardsSecurity system for financial transaction systems using integrated circuit cardsPart 3:Key relationshipsISO10202-4Financial transaction cardsSecurity system for financial transaction systems using integrated circuit cardsPart 4:Security application modules
ISO10202-8Financial transaction cardsSecurity system for financial transaction systems using integrated circuit cardsPart 8:General principles and overview
ISO11568 (all parts)Key management for banking (retail)ISO13491 (all parts)Secure cryptographic equipment for banking (retail)3Terms, definitions and abbreviations
3.1Terms and definitions
The following terms and definitions apply to this part. 3.1.1
Application data fileapplication data fileA file that supports one or more services.
Asymmetric algorithmAsymmetric algorithmAn algorithm in which the encryption key and the decryption key are different, so that one key cannot be calculated from the other. 3. 1.3
Authentication
The process used to ensure data integrity and prove the origin of data. 3.1.4
Certificatecertificate
See 3.1.38 "Transaction Authentication Code" and 3.1.33\Public Key Certificate". 3.1.5
Certificate identifiercertificate identifierCertificate information that can correctly verify the key certificate. 3.1.6
Certification authoritycertification authorityAn organization trusted by all users to create and distribute certificates. 3.1.7
Common data filecommon datafile
Mandatory files that contain common data elements used to describe the card, the issuing bank and the cardholder. 3.1.8
Cryptographic functioncryptographic function The process of using a cryptographic algorithm to perform a process (for example, encryption, identification, authentication). 3.1.9
Cryptographic key cryptographic key (key) Parameter used in conjunction with a cryptographic algorithm that performs a cryptographic conversion function. 3.1.10
Cryptographic validity period cryptooperiod
A specific period of time during which a key is authorized for use or a key can remain valid for a given system. 2
Data key data key
The key used to encrypt, decrypt or authenticate data. 3.1.12
Decipherment
The process of converting ciphertext into plaintext.
Root key derivation key
The key used to generate a derived key.
Derived key derived key
Symmetric key generated from a root key and non-confidential variable data. Note: The root key is used to generate a large number of keys (derived keys). 3.1.15
diversifiedkey
See 3.1.14"derivedkey"
dual control
GB/T16790.7—2006/IS010202-7:1998 The process of using two or more independent entities (usually people) to synchronize operations to protect sensitive functions or information, thereby preventing a single entity from accessing or using cryptographic materials (such as keys). 3.1.17
elementary file
A file that can contain data and/or file control information. 3.1.18
Explicit key identifier
f Explicit key identifier
See 3.1.25\Key identifier".
Encipherment
The process of converting plain text into cipher text.
Host/SAMderivationkey is used to derive the root key of the IC card or SAM key.3.1.21bzxz.net
Host security module is a physical security device used to support cryptographic functions and implement SAM functions on the host system.3.1.22
ICC derivation key
IC card root key
IC card (CDF or ADF) root key used to derive a unique message data key.3.1.23
Key enciphering key is a key used to encrypt another key.3.1.24
Key generation modulekeygeneration module is a cryptographic device used to generate and derive keys. GB/T 16790.7-2006/ISO 10202-7:19983.1.25
Key identifierkeyidentirier
Specifies the basic security requirements for IC cards.
Key loading modulekeyloading module can store at least one key and transfer the key to an independent electronic component of a cryptographic device such as an IC card or SAM when requested.
Key synchronizationkey synchronizatio
Two nodes verify that they use the same key to communicate3.1.28
Key elementskeying matgria
Supplementary data for establishing and maintaining key relationships. 3.1.29
Master root key
master
Used by bank card companies or
organizations
physically secure devices (see ISO 13491
Physically secure environmentCphysically secur(see ISO 11568
public k
asymmetric key set intermediate
public key certificatepublic
containing a set of user credentials
secure cryptographic device
generator
rtificat
periodic root keys.
keys) and the mathematical signature of these credentials by a trusted third partysecure cryptographic device
equipment that provides secure storage and
security services for confidential information such as keys based on this confidential information.
secure application module
secure application module
physical module (or logical functional component in CAD) containing algorithms, associated keys, security procedures and information to prevent unauthorized access to the application.
NOTE: To achieve this purpose, the module should be physically and logically protected. 3.1.36
symmetric algorithm
cryptographic method that uses the same secret key for encryption and decryption. 3.1.37
tamper resistance
physical protection of sensitive data to prevent successful attack. 4
transaction certification codetransaction certification codeGB/T 16790.7-2006/IS0 10202-7: 1998The result of a transformation authentication process that produces an electronic signature, which can be a MAC (based on a symmetric algorithm) or a digital signature (based on an asymmetric algorithm).
3.2 Abbreviations
General security principles
Application data file
Card receiving device
General data file
Certificate identifier
Basic file
Integrated circuit
Integrated circuit
IC card CD
Digital encryption
Is the key of the encryption key
Machine I SAM root
Identifier
Sequence number
Verification code;
Security application module
Using an integrated circuit
Small financial transaction system
A pluggable IC
System obtained
Any other such system's security.
The encryption adopted for an application of an ADF string should not destroy the security of any other application of any other DF string.
The principles described in ISO10202-2 and ISO10202-4 provide anti-destruction. The IC card and SAM should establish a key relationship based on
should comply with 13010202-3. d
The cryptographic algorithm used to implement the cryptographic function should comply with GB/T46790.5-200%. Mandatory control and audit shall be carried out on the key management key generation and loading modules of IC cards, SAMs, host security modules and any other cryptographic devices in the financial transaction system using integrated circuit cards. Appendix A (informative appendix) provides examples of card life cycle key management. Appendix B and C (informative appendix) provide examples of symmetric key management technology in transaction processing. Appendix D and E (informative appendix) provide examples of asymmetric key management. 5 IC card system key management requirements
5.1 IC card and SAM life cycle
During the life cycle of IC cards and SAMs, manual or automatic key management processes should provide the ability to load, update and revoke keys under the control of the party implementing these key management functions. The key management process used shall meet the key relationship requirements defined in ISO10.202-3. When using keys, protection of symmetric and asymmetric key management schemes shall be provided at all steps of the IC card and SAM life cycle. Manual procedures and automatic processes used to protect keys during the card life cycle shall meet the requirements defined in this part. 5.2 Key Lifecycle Protection
The key life cycle and the protection requirements for key generation, storage, backup, distribution, loading, use, replacement, destruction, deletion, archiving and termination shall comply with the provisions of this part. 5.3 Key Dispersion
Different key names shall be separated from each other in an encrypted form in the IC card, SAM and host security module to ensure that cryptographic processes can only be operated with the specific functional cryptographic names described in this part. Key separation shall be achieved by using keys generated or derived separately for each function. A key of one name in an IC card or SAM shall not be a transformed key, a conversion key, or derived from a key of another name. 5.4 Key Management Service
The key management service used shall implement the techniques described in this section to ensure key separation, replacement, protection, identification, integrity and confidentiality.
5.5 Key Relationships
A key relationship shall exist when both parties share at least one key. Figure 1 describes the cryptographic relationships in a financial transaction system using IC cards and indicates the scope of application of this section. Manufacturer
Intermediary
Issuing Bank
Supplier
With SAM
Key relationships included in this section: A, B, 2, 3, 6, 8, 10.11, 12, 13.Key relationships not included in this section: 1 and 5.Key relationships using only asymmetric key management: 4, 7, 9, 13.
Key relationships in financial transaction systems using IC cards without SAM
Figure 1
GB/T16790.7—2006/IS010202-7:1998Key management procedures and processes for key relationships should be agreed upon by the communicating parties. Contractual provisions that stipulate the responsibilities of the parties with obligations to protect keys are outside the scope of this standard.
The public key management functions implemented in CAD without SAM should be selected based on the security available in the CAD and meet the requirements of this standard.
Key management procedures and processes used in key relationships that are not included in this standard (Figure 1, relationships 1 to 5) can be part of a financial transaction system using IC cards and should comply with ISO11568. In these relationships, key numbers should use the application identifier (AID) defined in ISO7812.
Note: AID can be limited to the registered identifier defined in ISO7816-5. 5.6 Online Transaction Processing
During online transaction processing, the automatic key management process shall ensure the security of keys during creation, transmission and use between the IC card, SAM or host security module.
Keys transferred to the IC card shall be encrypted end-to-end between the SAM or host security module and the IC card and under the control of the responsible party.
57 Offline Transaction Processing Using SAM
During offline processing using SAM, the automatic key management process shall be capable of establishing and maintaining a secure key relationship between the IC card and SAM using confidential keys.
5.8 CDF and ADF Keys
Keys used in a CDF or ADF shall not be intentionally identical to keys used in another ADF. When ADFs are distributed, CDFs and ADFs shall be cryptographically separated as specified in ISO10202-3, except when they belong to the same issuing bank or application vendor. 5.9 Physical security
The tamper resistance provided by IC cards and SAMs should be based on the security principles described in ISO10202-2 and ISO10202-4. Although IC cards and SAMs are not intended as physical security devices, they must provide a high level of tamper resistance. 5.10 CAD without SAM
IC card authentication and transaction certificate confirmation can be implemented in CAD without SAM. CAD uses public keys for authentication or certificate confirmation. The integrity of these public keys can be verified by using public keys belonging to a higher-level organization such as the issuing bank or application provider key certification authority.
When the CAD acts as a communication device for online authentication with the issuing bank, application provider or acquiring bank, key relationships 3, 11 or 12 should apply.
6 IC card system keys
This clause defines the keys that can be used in an IC card system that can include a SAM. 6.1 Definition of Keys
The key names are defined as follows:
Key Names
kMprd,kEprd
Ictl,kActl
kIaut,kAaut
kImac,kAmac
kIenc,kAenc
kIcer,kAcer
kl(i)ker
hA(i,j)ctl
kA(i,j)aut
Controlled IC replacement and prevention of unauthorized IC replacement (manufacturer, intermediary); Loading CDF or ADF keys:
Authentication CD F or ADF;
Authenticate CDF or ADF transaction commands and data: Encrypt CDF or ADF transaction data;
Generate CDF or ADF transaction certificate;
Load kA(,)ct for ADF;
Load ADF key;
Authenticate ADF;
GB/T16790.7—2006/ISO10202-7:1998hA(i,j)mac
hA(i,j)enc
kA(i,j)cer
Authenticate ADF transaction commands and data;
Encrypt ADF transaction data;
Generate ADF transaction certificate.
is a general symbol for a key (K, P or S), which can be a key represented in a symmetric or asymmetric algorithm. A symmetric key is represented by K (for example; KIctl). The public and private key pairs of the above key names can be prefixed with P and S (such as: Plctt/Slctl). The mark indicates a specific ADF, and the mark indicates a specific key or a key set associated with an ADF. The key relationship of each of the above keys is described in ISO10202-3. 6.2 Key hierarchy
IC card and SAM keys should be installed according to ISO10202-3. The following hierarchy can be applied a) Production key: The production key is the encryption key used to protect the loading control key and the key that prevents the IC from being replaced. kMprd and Eprd should be the only keys used to load control keys: Control key: The control key is the key encryption key used to load other secrets and parameters in the IC card or SAM. KIctl and b)
kActi should be the only keys used as control key exchange keys: secret keys
key exchange keys.
The key is used to load the ADF
A's key pot
to load
data key in ADF: the data key is used to
encrypt (hIenc,kA and logarithm
SAM key name can be
Root key: used to derive the root key of IC card key
.
Asymmetric key pair.
IC card key name can be
Encryption key: used in IC card
or SAM derived food key (K')
Derived key: derived from 4 root keys
double derived key is SAM derived!
(such as KI\aut) to
d) asymmetric key or secret
data key name can be:
Key isolated key. KIe should be the only key used for encryption and decryption
Lcer) for authentication.
Derived key lifecycle K (e.g., KI'aut)
The key is derived from the SAM root key
ut) is represented by
The double derived key is represented by K\
Derived key: The key derived from the SAM root key. Derived key is represented by K (e.g., raut) Double derived key: The key derived from the derived AM key K\) is represented by K (e.g., K\aut). b)
Triple derived key: The key derived from the double derived AM and IC card key (K\). Triple derived key is represented by K\ (e.g., c
K\aut).
d) Asymmetric key or key pair.
7 Key lifecycle
Key management involves proper key generation, storage, distribution to authorized recipients and use of keys, as well as termination when the key is no longer needed. In order to protect the key during its lifetime, the key is processed through a series of stages called the life cycle (GB/T16790.1-1997 and ISO10202-3). This clause describes the requirements for key life cycle protection in IC card and SAM systems. 7.1 Key generation
Keys used in IC cards, SAMs and host security modules should be generated randomly or pseudo-randomly, or derived from other keys by cryptographic means as specified in this part.
7.2 Key storage
GB/T16790.7--2006/IS010202-7:1998 During key storage, the keys of IC cards, SAMs and host security modules should be protected. Keys residing outside IC cards, SAMs, host security modules and other secure cryptographic devices should be stored in multiple segments under dual control and key segmentation, or encrypted with storage keys.
7.3 Key backup
Key backup refers to the storage of a protected key copy during the operation and use of the key. The security protection requirements for keys defined in this section apply to backup keys.
7.4 Key distribution and loading
Key distribution and loading is the process of manually or automatically transferring keys to secure cryptographic devices. The key distribution process used for IC cards, SAMs, and host security modules should not disclose any private keys and should prevent public keys from being replaced.
Plaintext private keys should only be loaded into these devices when it is confirmed that the IC card, SAM, host security module, and other secure cryptographic devices used in the IC card system have never been previously compromised or replaced. IC card and SAM key loading procedures that may result in the disclosure of keys or sensitive data should meet the requirements defined in this section. 7.5 Key usage Key usage refers to the use of a key to refer to 1) a key used for 2) a key used for 3) SAM and host security module Key management in this section 7.6 Key replacement Key replacement is to confirm or suspect the original key. Key replacement is reversible. IC cards reused in IC card systems are preferred within the time when dictionary attacks are feasible. The survival of the key and the key cryptography are considered in combination with the security module to provide the required security. 6. Provide the required security with system operation!
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When it is believed that unauthorized replacement of a secret key has been made, all relevant keys shall be replaced once the relevant secret key has been compromised.
If it is found that the public key has been added or replaced without authorization, the original public keys and certificates related to these IC cards, SAM, host security modules and CAD can be replaced with forged secret keys. In this way, the security of CAD can be guaranteed, and the reinstalled certificates can be verified with higher-level public keys.
The replaced confidentiality key should not be reused. 7.7 Key destruction
Key destruction means that the key no longer exists at the specified location, but the relevant information is still retained at that location. Through this information, the key can be rebuilt and continued to be used.
When the keys in the SAM and host security module are no longer needed, the keys therein should be destroyed. This is not necessary for the keys in the IC card.
In order to prevent the misuse of deactivated keys, key identifiers should be checked, and documents on lost copies and lost IC9 should be retained.5 Key usage Key usage refers to the use of a key to refer to 1) a key used for 2) a key used for 3) SAM and host security module Key management in this section 7.6 Key replacement Key replacement is to confirm or suspect the original key. Key replacement is reversible. IC cards reused in IC card systems are preferred within the time when dictionary attacks are feasible. The survival of the key and the key password are considered comprehensively. The security module provides the degree of security, 6. Provide the required security with system operation!
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When it is believed that unauthorized replacement of a secret key has been made, all relevant keys shall be replaced once the relevant secret key has been compromised.
If it is found that the public key has been added or replaced without authorization, the original public keys and certificates related to these IC cards, SAM, host security modules and CAD can be replaced with forged secret keys. In this way, the security of CAD can be guaranteed, and the reinstalled certificates can be verified with higher-level public keys.
The replaced confidentiality key should not be reused. 7.7 Key destruction
Key destruction means that the key no longer exists at the specified location, but the relevant information is still retained at that location. Through this information, the key can be rebuilt and continued to be used.
When the keys in the SAM and host security module are no longer needed, the keys therein should be destroyed. This is not necessary for the keys in the IC card.
In order to prevent the misuse of deactivated keys, key identifiers should be checked, and documents on lost copies and lost IC9 should be retained.5 Key usage Key usage refers to the use of a key to refer to 1) a key used for 2) a key used for 3) SAM and host security module Key management in this section 7.6 Key replacement Key replacement is to confirm or suspect the original key. Key replacement is reversible. IC cards reused in IC card systems are preferred within the time when dictionary attacks are feasible. The survival of the key and the key password are considered comprehensively. The security module provides the degree of security, 6. Provide the required security with system operation!
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When a key is compromised or its life span is compromised, it shall be replaced by a new key.
When it is believed that unauthorized replacement of a secret key has been made, all relevant keys shall be replaced once the relevant secret key has been compromised.
If it is found that the public key has been added or replaced without authorization, the original public keys and certificates related to these IC cards, SAM, host security modules and CAD can be replaced with forged secret keys. In this way, the security of CAD can be guaranteed, and the reinstalled certificates can be verified with higher-level public keys.
The replaced confidentiality key should not be reused. 7.7 Key destruction
Key destruction means that the key no longer exists at the specified location, but the relevant information is still retained at that location. Through this information, the key can be rebuilt and continued to be used.
When the keys in the SAM and host security module are no longer needed, the keys therein should be destroyed. This is not necessary for the keys in the IC card.
In order to prevent the misuse of deactivated keys, key identifiers should be checked, and documents on lost copies and lost IC9 should be retained.
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.