title>Banking—Security and other financial services—Framework for security in financial systems - GB/T 27911-2011 - Chinese standardNet - bzxz.net
Home > GB > Banking—Security and other financial services—Framework for security in financial systems
Banking—Security and other financial services—Framework for security in financial systems

Basic Information

Standard ID: GB/T 27911-2011

Standard Name:Banking—Security and other financial services—Framework for security in financial systems

Chinese Name: 银行业 安全和其他金融服务 金融系统的安全框架

Standard category:National Standard (GB)

state:Abolished

Date of Release2011-12-30

Date of Implementation:2012-02-01

Date of Expiration:2017-12-15

standard classification number

Standard ICS number:Sociology, services, organization and management of companies (enterprises), administration, transportation >> 03.060 Finance, banking, monetary system, insurance

Standard Classification Number:General>>Economy, Culture>>A11 Finance, Insurance

associated standards

alternative situation:Revocation Notice: National Standard Notice No. 31, 2017

Procurement status:ISO/TR 17944:2002 MOD

Publication information

publishing house:China Standards Press

Publication date:2012-02-01

other information

Release date:2011-12-30

drafter:Wang Pingwa, Lu Shuchun, Li Shuguang, Yang Qian, Tian Jie, etc.

Drafting unit:China Financial Electronics Corporation, People's Bank of China, Industrial and Commercial Bank of China, China Construction Bank, Bank of Communications, China CITIC Bank, Beijing UnionPay Gold Card Technology Co., Ltd.

Focal point unit:National Financial Standardization Technical Committee (SAC/TC 180)

Proposing unit:People's Bank of China

Publishing department:General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Standardization Administration of China

competent authority:National Financial Standardization Technical Committee (SAC/TC 180)

Introduction to standards:

GB/T 27911-2011 Banking security and other financial services Security framework for financial systems GB/T27911-2011 Standard compression package decompression password: www.bzxz.net
This standard provides a standard framework for security aspects necessary for the financial industry. This standard summarizes some key security issues that have emerged in the financial industry, as well as relevant existing standards for each issue. This standard is a standard reference for financial institutions when implementing security strategies.
class="f14" style="padding-top:10px; padding-left:12px; padding-bottom:10px;"> This standard was drafted in accordance with the rules given in GB/T1.1-2009.
This standard uses the redrafting method to modify and adopt ISO/TR17944:2002 "Banking security and other financial services security framework for financial systems".
Taking into account China's national conditions and some new international information security standards related to finance that have been issued since 2002, the following modifications were made when adopting ISO/TR17944:2002:
———In Table 1 of Article 2.2, some international standards newly issued in recent years were added to "biometric identification technology";
———In Table 2 of Article 2.3, ISO/IEC19772:2009 was added to "message authentication";
———In Table 5 of Article 2.6, ISO/IEC24762:2008 was added to "disaster recovery";
———In Table 6 of Article 2.7, ISO/IEC18045:2008, ISO/IECTR19791:2006, ISO/IEC21827:2008 were added to "evaluation criteria";
———In Table 8 of Article 2.9, add ISO21188 in “Certificate Management”;
———In Table 8 of Article 2.9, add ISO/IECTR18044, ISO/IEC27001, ISO/IEC27002, ISO/IEC18043:2006, ISO/IEC27000:2009, ISO/IEC27005:2008, ISO/IEC27006:2007, ISO/IEC27011:2008 in “Security Management”;
———In Table 9 of Section 2.10, ISO/IEC18031:2005, ISO/IEC18032:2005, ISO/IEC18033-1:2005, ISO/IEC18033-2:2006, ISO/IEC18033-3:2005, ISO/IEC18033-4:2005, ISO/IEC19790:2006 were
added to “General”; ———In Table 9 of Section 2.10, ISO19038 was added to “Symmetric”;
———In Table 10 of Chapter 3, the two rows of biometrics and disaster recovery were deleted because the ISO standards in these two areas were added to the main text, and three more rows were added: “Privacy and confidentiality”, “Business entity identity identifier”, and “Token”;
——In each table, the referenced standard with a date number shall be replaced with the latest date number standard if there is an updated version;
——In each table, the abolished international standards shall be deleted.
For ease of use, this standard has also made the following editorial changes:
——Delete the ISO foreword and introduction;
——For the standards that have been published, delete the table note "to be published" in the original text.
This standard is proposed by the People's Bank of China.
This standard is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180).
The responsible drafting unit of this standard is China Financial Electronicization Company.
Participating drafting units of this standard are: People's Bank of China, Industrial and Commercial Bank of China, China Construction Bank, Bank of Communications, China CITIC Bank, and Beijing UnionPay Gold Card Technology Co., Ltd.
The main drafters of this standard.

Foreword III
1 Scope1
2 Areas of standardization1
2.1 Overview1
2.2 Identification and authentication1
2.3 Data integrity3
2.4 Privacy and confidentiality4
2.5 Non-repudiation4
2.6 Service availability5
2.7 Traceability and auditing6
2.8 Interoperability7
2.9 Security management7
2.10 Cryptographic algorithms9
3 ISO gaps in standardization10
Annex A (Informative) Supplementary information11
References12

Some standard content:

ICs 03.060
National Standard of the People's Republic of China
GB/T 27911--2011
Banking
Security and other financial services
Framework for security in financial systems
Banking Security and other financial services - Framework for security in financial systemsISO/TR 17944:2002.M0D)
Issued on 30 December 2011
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Administration of Standardization of the People's Republic of China
1 February 2012Implementation
2 Areas of standardization
2.1 Overview
Identification and authentication
2.3 Data integrity
Privacy and confidentiality
Non-repudiation
Availability of services
2.7 Traceability and audit
2.8 Interoperability
2.9 Security management
2.10 Cryptographic algorithms
ISO standardization areas
Appendix A (informative) Supplementary information
References
TTT KONKACA
GB/T 27911-2011
This standard was drafted in accordance with the rules given in GB/T 1.1-2009. GB/T 27911-2011
This standard adopts ISG/TR17944:2002 "Banking security and other financial services - Security framework for financial systems" by redrafting method.
Taking into account my country's national conditions and some new financial-related information security standards issued internationally since 2002, the following modifications were made when adopting ISO/TR17944:2002: -2.2 In Table 1 of the series, the newly released -2.2 in recent years was added to "Biometric identification technology\ - Some international standards, - In Table 2 of Article 2.3, ISO/IEC19772:2009 is added to "Message Authentication"; - In Table 5 of Article 2.6, IS0/1EC21762:2008 is added to Disaster Recovery; - In Table 6 of Article 2.7, TSO/IEC 18045 2008 and IS0/IFC TR19791:2006.ISO/IEC21827:2008 are added to "Evaluation Standards";
In Table 8 of Article 2.9, IS0 21188 is added to Certificate Management; - In Table 8 of Article 2.9, IS0/IECTR18044, ISO/IEC27001, ISO/IEC27002, ISO/IEC 18043: 2006.IS0/IEC 27000 are added to "Security Management"; 2009.ISO/IEC 27005:2008,ISO/IEC 27006:2007.ISO/IEC 27011:2008-2.10, in Table 9, added ISO/IEC18031:2005,ISO/IEC18032:2005,ISO/IEC 18033-1:2005,ISO/IEC 18033-2:2006,ISO/IEC 18033-3:2005,ISO/IEC 18033-4:2005ISO/IEC 19790:2006-2.10, in Table 9, added ISO 19038-3:2005 in "symmetric" The two lines of biometrics and disaster recovery are deleted from the text, because the ISO standards in these two fields are added to the main text. In addition, three lines of "privacy and confidentiality", "business entity identity identifiers" and "tokens" are added. In the tables, the referenced referenced standards with chronological numbers are replaced with the latest chronological numbers if there is an updated version. In the tables, the obsolete international standards are deleted. For ease of use, the following editorial changes are made to this standard: In addition to the ISO foreword and introduction; For standards that have been published, the note "to be published" in the source text is removed. This standard is proposed by the People's Bank of China. This standard is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180). The responsible drafting unit of this standard is China Financial Electronicization Corporation. The participating drafting units of this standard are the People's Bank of China, Industrial and Commercial Bank of China, China Construction Bank, Bank of Communications, China CITIC Bank, and Beijing UnionPay Gold Card Technology Co., Ltd.
The main drafters of this standard: Wang Pingwa, Lu Shuchun, Li Shunguang, Yang Qingtianjie, Liu Yun, Zhao Zhilan, Shao Guanjun, Li Yan, Yang Baohui, Jia Jing, Li Mengyan, Liu Zhigang, Zhihui, Jia Shuhui, Jing Yun, Zhang, Ma Xiaoqiong. TTTKAONATKACA
1 Scope
Banking security and other financial services
Security framework of financial systems
This standard provides a standard framework for security aspects necessary for the financial industry. GB/T 27911--2011
This standard summarizes some key security issues that have emerged in the financial industry, as well as relevant existing standards for each issue. This standard is applicable to financial institutions as a standard reference when implementing security strategies. 2 Areas of Standardization
2.1 Overview
In the financial industry, the need for IT security is reflected in standard application areas such as tokens, devices, encryption technology, key management, application program interfaces (APIs) and protocols. These different areas can be grouped according to the basic business needs of the following basic areas. Most areas already have a variety of standards available, while in other areas, standards are either being developed or there is a need for (new) standards. Chapter 2 mentions the main areas of standardization of information security in financial institutions, where Tables 1 to 9 contain the available (sometimes required) standards in these areas. The international standards not listed in the table are from the International Organization for Standardization, and the relevant standards following them are from other standardization organizations1. Based on the missing standards in these tables, Chapter 3 summarizes the standardization areas that ISO has left blank. Note: For more detailed information on the mentioned standards, please contact the relevant standardization organizations (see Annex A). 2.2 Identification and Authentication
The identity of all entities involved in financial transactions should be determined. Authentication ensures that the identity of an entity is what it claims to be. Financial institutions should ensure that only authorized users can access their IT systems. The mechanisms used for identification and authentication are based on the use of identifiers, tokens, passphrases, personal identification numbers (PINs), biometrics, digital signatures and certificates. See Table 1 for relevant standards.9798-1
ISO/IEC 9798-2
ISO/TEC 9798-3
ISO/IEC 9798-4
ISO/IEC 9798-5
ISO/IEC 9594-8
Title/Description
Information Technology Security Technology
Part 1 Part; Overview
Entity authentication
Information technology security techniques
Entity identification
Mechanisms for cryptographic algorithms
Credentials
Entity identification
Authentication
Information technology security techniques
Entity authentication
Authentication mechanisms
Information technology security techniques
Entity authentication
Authentication mechanisms
Information technology security techniques
Entity authentication
Authentication mechanisms
Information technology, Open Systems Interconnection
Certificate frameworks
Part 2: Use of symmetric certificates
Part 3: Use of digital signatures
Part 4: Use of cryptographic verification
Part 5: Use of knowledge
Part 8: Publication and attributes
1 References to non-ISO standards in this standard are for informational purposes only. 1 They should be based on a consensus and should be published or generally accepted for use. The use of non-ISO standards does not imply endorsement by ISO of these non-ISO standards1
TTKNTKACA
GB/T 27911—2011
Business Entity Identifier
Password
Personal Identification Number
Biometric Identification Technology
Applicable Standards
EBS111-1995
ISO9564-1
ISO 9564-2
ISO 9564·3
ISO/TR 9564-1
EBS105-1998
JSO 19092:2008
ISO/IEC 19784-1:2006
ISO/IEC 19784-2:2007
IS0/IEC19785-1:2006
IS0/IEC197852:2006
S0/IEC 19785-3;2007
IS0O/TEC 19794-1.2606
ISO/IEC 19794- 2,2005
ISO/IEC19794-3,2006
IS0/IEC 19794-4:2005
ISO/IEC19794-5:20C5
1S0/IEC 19794-6:2005
Table 1 (continued)
Title/narration
European banking standard: Management and security of personal identification numbers for banking for interoperable financial electronic wallets Part 1: Basic principles and requirements for online PIN processing in ATM and POS systems Management and security of personal identification numbers for banking Part 2: Core PIN encryption algorithms
Management and security of personal identification numbers for banking Part 3: Requirements for PIN protection in offline PIN processing in ATM and POS systems Management and security of personal identification numbers for banking: Part 4: Best practices for PIN2 processing in open networks
PIN-based POS systems with online PIN verification - minimum security and evaluation criteria
- Part 2: POS systems with online PIN verification - minimum security and evaluation criteria
- Part 3: POS systems with offline PLN verification - minimum security and evaluation criteria
Financial services biometric identification security framework Information technology biometric application interface Part 1: BioAFI specification Information technology biometric application interface Part 2: Biometric document function provider interface
Information technology common biometric exchange format framework Part 1: Data element specifications
Information technology common biometric exchange format framework Part 2: Biometric registration authority operating procedures
Information technology common biometric exchange format framework Part 3: Client format specifications
Information technology biometric data interface format Part I: Framework Information technology biometric data interface format Part 2: Finger minutiae data
Information technology biometric data interface format Part 3: 2.3 Data integrity
Available standards
IS0/IEC19794-7:2007
ISO/IEC 19794-8:2006
ISO/IEC 10794-9:2007
IS0/IEC 19794-10:2007
IS0/IEC 19794-15:2005
ISO/IEC 19795-1:2006
ISO/IEC 19795-2:2007
Table 1 [continued]
Title/Description
GB/T 27911—2011
Information technology biometric data interface format Part 7: Signature/symbol time series data
Information technology biometric data interface format Part 8: Finger pattern rotation data
Information technology biometric data interface format Part 9: Vascular image data
Information technology biometric data interface format Part 10: Hand shape rotation data
Information technology biometric performance testing and reporting Part 1: Principles and framework
Information technology biometric performance testing and reporting Part 2: Test methods for technical and scenario evaluation
ISO/IEC TR 19795-3 :2007
ISO/IEC19795-4-2008
IS0/IEC24708.2008
ISO/IEC 24709-1:2007
150/1EC 24709-2:2007
ISO/IEC 24713-1.2008| ||ISO/IEC24713-2:2008
IS0/1EC TR 24714-1:2008
IS0/IEC TR 24722,2007
ISO/IEC TR 24741.2007
ANSI X9. 84-2003
Information technology biometric performance testing and reporting Part 3: Testing of specific characteristics
Information technology biometric performance testing and reporting Part 4: Interoperability performance testing
Information technology biometric recognition Bio API Interoperability Protocol Information technology Biometric Application Programming Interface (BiaAPI) Conformance testing Part 1 Part: Methods and procedures
Information technology Biometric Application Programming Interface (HioAPI) conformance testing Part 2: Biometric service provider test statement Information technology Interoperability and data interface of biometrics Part 1: Overview of biometric systems and biometrics Information technology Interoperability and data interface of biometrics Part 2
Part: Airport personnel physical access control
Information technology Legal and social considerations for commercial applications of biometrics Part 1: A guideline
Information technology Biometrics Multi-modality and other multi-biometric fusion
Information technology Biometrics Guidelines
Biometrics for financial services industry Information security and safety Data integrity refers to the property that data cannot be altered or destroyed in an unauthorized manner. For the financial industry, data integrity is essential. The mechanism to ensure data integrity is mainly based on message authentication, hash functions and digital signatures. The relevant standards are shown in Table 2. 3
TTTKANTKACA
GB/T 27911—2011
Available standards
IS()/IEC9797-1
:ISO/IEC 9797-2
Message Authentication
ISO16609
ISO/IEC19772:2009
ANSI X9, 71-2000
IS0/IEC 10118-1
IS0/IFC 10118-2
Hash Western Digital
ISO/IEC1G1183
1S0/IEC 10118-4
2. 4 Privacy and Confidentiality
Table 2 Data integrity
Information technology
Title/description
Part 1:
Message authentication using a dimensional cipher
Security techniques
Information technology security techniquesMessage authentication Part 2: Mechanisms using specific hash functions
Message authentication requirements for banking using symmetric techniquesInformation technology security techniquesAuthentication and verification
Message authentication with mitron
Information technology security techniquesHash functions Part 1: OverviewInformation technology security techniquesHash functions Part 2: Message authentication using an n-bit block cipher
Information technology security techniquesHash functions Part 3: Special hash functionsInformation technology
Security techniquesHash functions Part 4: Hash functions using modular arithmetic
Privacy is the right of an individual to keep his or her personal information confidential. Confidentiality is the property of information that it cannot be obtained or disclosed by unauthorized individuals, entities, or programs. Privacy and confidentiality are of increasing concern to the financial industry. Encryption is a mechanism used to ensure privacy and confidentiality. For relevant standards, see Table 3. 3 Privacy and confidentiality
2.5 Non-repudiation
Available standards
Non-repudiation refers to preventing repudiation (denial of behavior) in financial transactions. Title/Description
The mechanism for preventing repudiation is based on time, digital signature, certificate and public key infrastructure (PKI) technology. For relevant standards, see Table 4 Table 4 Non-repudiation
Non-repudiation
Available standards
ISO/IEC 13888-1
ISO/IEC 13888-2
ISO/IEC 13888-3
Title/Description
Information technology security techniques Non-repudiation of claims Part 1: Overview of information technology security techniques
Mechanisms of information technology security techniques
Technical mechanisms
TTTKNTKACA
Part 2: Symmetric techniques
Non-repudiation of claims Part 3: Asymmetric techniques
Digital signatures
Public Key Infrastructure (PKI)
2. 6 Availability of services
Available standards
1 IS0/IFC 18014
ETSI TS101861-2001
ISO/ICE9796
IS0/IEC 14888
ANSI X9,31
ETSI TS 101 733
ANSI X9.55-1997
ANSI X9. 68; 2-200I
ETS1 TS 101 862-2000
ANSI X9.77
ANSI X9. 79-2001
ETSI TS 101 456
Table 4 (continued)
Title/Description
Information technology security technical time-coagulation services
-Part 1: Cabinet
-Part 2, Mechanism for generating independent current cards GB/T 27911—2011
Part 3: Mechanisms for generating concatenated tokens Time-consuming overview
Information technology security techniques Digital signature schemes with message recovery Part 1: Mechanisms using redundancy
Part 2: Mechanisms based on integer factorization Part 3: Mechanisms based on high-scattered logarithms Information technology security techniques Digital signatures with appendices Part 1: Overview
Part 2: Identity-based mechanisms
Part 3: Certificate-based mechanisms
Convenient authentication in the financial services industry Digital signature format using reversible public key encryption technology
Public key encryption technology for the financial services industry: extensions to public key certificates and certificate cross-lists
Digital certificates for mobile/wireless and large transaction financial systems: Part 2: Domain certificate syntax
Qualified certificate introduction
Public key infrastructure protocols
Public key infrastructure (PKI) implementation and policy framework for issuing qualified certificates to the certificate authority according to policy requirements Availability refers to the property of being accessible and usable at all times according to the needs of authorized entities. For financial institutions, the availability of services is important in terms of business continuity and the overall image of the financial industry. The mechanisms used to ensure availability are based on redundancy, backup, off-site storage, backup sites and disaster recovery plans. The relevant standards are shown in Table 5. Table 5 Availability of services
Disaster recovery
Available standards
ISO/IEC 24762:2008
NIST 800-34·2002
Title/Description
Information technology security techniques Guide to information and communications technology disaster recovery services Designated publication, Guide to information technology system incident planning National Institute of Standards and Technology Name (Draft)
TTTKNTKACA
GB/T 27911--2011
2.7 Traceability and auditing
Traceability is the property that ensures that the activities of an entity can be uniquely traced back to that entity. It should be obvious that financial institutions should be able to prove the validity of transactions to their customers and third parties. Different security methods, procedures and products should have a reasonable level of security. A system or organization should establish a minimum set of security measures. Traceability and audit mechanisms are based on audit trails, objectives, functional classification, protection profiles, assessment criteria, etc. The relevant standards are shown in Table 6.
6 Traceability and Audit
Functional Classification
Protection Rounds
Evaluation Criteria
Available Standards
ISO1018
ANSIX9,15-1999
ISO/IEC TR 154±6
ISQ/IFC 15292
ANS1 X9. 79
ISO 13491-1
ISO 13491-2
ISO/IEC 15408-1
IS0/IEC15408-2
ISO/IEC 15408-3
IS0/TEC 18045-2008
IS0/IECTR 19791:2006
IS0/IEC21827:2008
ANSI X9. 66
ANSI X9, 74
Title/Description
Information technology security framework for interconnected systems:---Part 1: Overview
-Part 2: Authentication framework
-Part 3: Access control framework
-Part 4: Repudiation framework
-Part 5: Confidentiality framework
Enhanced management control using digital signatures and attribute certificatesGuidelines for the generation of information technology security technical protection profiles and security objectivesInformation technology security technical protection profile registration proceduresPart 2: Protection procedures for certificate issuance and management systems (draft)Secure cryptographic equipment for banking (quarterly report)Part 1: Concepts, requirements and evaluation methods
Secure cryptographic equipment for banking (retail)Part 2: Financial transactions Equipment security compliance inspection checklist
Information security technology Information technology security assessment criteria Part 1
: Introduction and general model
Information technology security technology Information technology security assessment criteria Part 2
Security functional requirements
Information technology security technology Information technology security assessment criteria Part 3: Security assurance requirements
Information security technology IT security assessment methods Information technology security technology Security assessment of operational systems Information technology security technology System security engineering capability model (SSE-CMM
Security of cryptographic devices
Conformance testing of certification path processing
TTTKANTKACA
2.8 Interoperability
GB/T 27911—2011
For the financial industry, whether in the wholesale environment or in the retail environment, interoperability is becoming an important issue. Interoperability mechanisms are based on data elements, protocols and interface standards. However, it should be pointed out that interoperability is a more significant issue than the existing standards alone. See Table 7 for relevant standards. Table 7 Interoperability
Interoperability
Data elements
2.9 Security management
Available standards
EMV2000
ISO 13616
1S07064
ISO8583
ISO9992www.bzxz.net
[SO15668
1S07813
Title/Description
Specification for integrated circuit cards for payment systems
Volume 1: Requirements for terminal interfaces for the use of stand-alone IC cards Volume 2: Security and key management
Volume 3: Application specifications
Volume 1. Interface requirements for holders, counters and acquiring banks Secure electronic transaction specifications
Volume 1: Transaction description
Volume 2: Operator guidelines
Volume 3. Formal protocol definitions
Banking Financial services and related financial services International Bank Account Number (IBAN) Information technology security techniques Data processing Check code system generated messages Financial card exchange message specifications Part 1: Message data elements and preferred code values ​​
Part 2: Application and registration procedures for institution identification code (IC) Part 3: Maintenance procedures for messages, data elements and code values ​​Financial card circuitry Messages between card and card acceptance device - Part I: Concepts and structure
Part 2: Functions, authorizations (commands and responses) data elements and structure Banking business secure file transfer (retail)
Information technology identification card Financial transaction card
The security measures used by financial institutions should be managed. In the field of key management and certificate management, some common standards are needed to ensure a basic minimum security level. The relevant standards are shown in Table 8. TTTKONKACA
GB/T 27911—2011
Safety management
Key management
Available standards
Table 8 Security management
ISO/IEC 13335-1:1996
IS0/IECTR 18044
IS0/IEC27001
IS0/TEC 27002
ISO/TR13569
[ISO/IEC 15-143
IS0/IEC15816
ISO15947
IS0/IEC 18043,2006
IS0/FC27000,2009
ISO/IEC27005:2008
ISO/IEC 27006:2007
IS0/IEC 27011.2008
ANSI X9. 11
BS 7799
ECBS TR 406
ISO 11568
ISO/TEC 11770
150 13492.1998
ANSI X9, 42-2001
ANSI X9. 44-2000
Title/Description
Information Technology Information Technology Security Management Measures No. 1 Part; Information technology security concepts and models
Information technology security technology Guide to information security incident management Information technology security technology Information security management system requirements Information technology security technology Information security management rules of practice Guide to information security for banking and related financial services Information technology security techniques Information technology security evidence framework Information technology security objectives for access control Information technology security technology Information technology path detection framework Information technology security technology Selection, deployment and operation of intrusion detection systems Information technology security technology Information technology security management system overview and vocabulary Information technology: security technology Information security risk management Information technology Security technology Requirements for entities providing audit and authentication of security management systems
Information technology security technology Guide to information security management for telecommunications groups based on IS0/IEC 27002
Security service management for the financial services industry
Information security management
Guide to algorithm usage and key management
Key management for banking (key management for cryptographic services)
—Part 1: General principles
—Part 2: Symmetric ciphers, their key management and life cycle—Part 4 Part: Asymmetric cryptographic systems and their key management and life cycle Information technology security technology Cryptographic management - Part 1: Framework - Part 2: Symmetric technology mechanism - Part 3: Asymmetric technology mechanism Banking business key management related data elements (zero supervision) Financial services industry public key technology: Symmetric key coordination using discrete number encryption technology Key construction based on factorization public key encryption technology in the financial services industry (Draft) Key management Certificate management Trusted third party management 2.10 Encryption algorithms Available standards ANSI X9.63-2001 ANSI X9.70 ECBS TR 405
ISO15782
ISO211BH:2006
ANSI X9. 57-1997
ANSI 6
ISO/IEC 15D45
Table 8 (continued)
Title/Description
GB/T 27911—2011
Public Key Cryptography for the Financial Services Industry: Key Management and Transport Using Curve Encryption
Symmetric Key Management Using Public Key Algorithms
Key Recovery for Financial Systems
Banking Certificate Management
Part 1: Public-Bank Certificates
Part 2: Certificate Extensions
Public Key Infrastructure Implementation and Policy Framework for Financial Services Public Key Cryptography for the Financial Services Industry: Certificate Management Public Key Infrastructure Practice and Policy Framework Policy framework
Digital certificate certification authority (version 2)
Internet x.509 public key infrastructure certificate and certificate revocation list (CRL) framework
Information technology security technology Trusted third-party service usage and management guidelines
Information technology security technology TTP service specifications supporting digital signature applications
Most of the security measures used by financial institutions are based on encryption technology. Due to interoperability and basic security levels, some common standards and related standards in the field of encryption technology are required. See Table 9. H-9 encryption algorithm
Available standards
ISO/IEC9979
IS/IEC 18031:2005
ISO/IEC 18032.2005
IS0/IEC 18033-1 :2005
ISO/1EC 18033-2:2006
ISO/IEC18033-3:2005
ISO/IEC18033-4:2005
IS0/IFC19790.2006
ANSIX9.B2
ANS1 X9. 8Q-2001
ANSITR9
Title/Description
Registration Procedure for Cryptographic Algorithms Information Technology Security Technology Random Number Generation
Initial Number Generation
Initial Number Generation
Initial Number Generation Part 1: Overview Information Technology Security Technology Cryptographic Algorithms Part 2: Asymmetric Ciphers Information Technology Security Technology Cryptographic Algorithms Part 3: Block Ciphers Information Technology Security Technology Cryptographic Algorithms Part 4: Stream Ciphers Information Technology Security Technology
Security Requirements for Cryptographic Blocks
Random Number Generation
Prime Number Generation
Abstract Syntax Notation and End Code Rules for Financial Industry Standards 98Q-2001
ANSITR9
Title/Description
Registration Procedure for Cryptographic Algorithms Information Technology Security Technology Random Number Generation
Initial Number Generation
Initial Number Generation
Initial Number Generation Part 1: Overview Information Technology Security Technology Cryptographic Algorithms Part 2: Asymmetric Ciphers Information Technology Security Technology Cryptographic Algorithms Part 3: Block Ciphers Information Technology Security Technology Cryptographic Algorithms Part 4: Stream Ciphers Information Technology Security Technology
Security Requirements for Cryptographic Blocks
Random Number Generation
Prime Number Generation
Abstract Syntax Notation and End Code Rules for Financial Industry Standards 9
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.