Some standard content:
ICS 35.240,40
National Standard of the People's Republic of China
GB/T 27909.1-2011
Banking
Key management (retail)
Part 1: General principles
Banking-Key management (retail)-Part 1. Principles
(ISO 11568-1:2005, MOD)
2011-12-30 Issued
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Standardization Administration of China
2012-02-01 Implementation
Normative References
Terms and Definitions
Key Management
4.1 Security Objectives
4.2 Security Levels
4.3 Key Management Objectives
Static Key Management Principles
Cryptographic Systems
Cryptographic Systems
6.3 Symmetric Cryptographic Systems
6.4 Asymmetric Cryptographic Systems
6.5 Other cryptographic systems
7 Physical security of the cryptographic environment
7.1 Physical security considerations
7.2 Secure cryptographic equipment
7.3 Physical security environment
8 Security considerations
8.1 Cryptographic environment for secret keys/private keys
8.2 Cryptographic environment for public keys
8.3 Prevention of device impersonation
9 Key management services for cryptographic systems
Secret separation
Prevention of substitution
Synchronization (availability)
Integrity
Confidentiality
Leakage detection
10 Key life cycle
Overview·
General requirements for key life cycle...
TTKNTKACA
GB/T 27909.1—2011
GB/T 27909.1—2011
10.3 Additional requirements for asymmetric cryptographic systems.* Appendix A (informative appendix) Examples in retail financial services environments Appendix B (informative appendix
References
Examples of threats in retail financial services environments+++++
TTTKANYKAA
GB/T 27909 Key management for banking business (retail)\ is divided into the following parts:—·--Part 1: General principles;
-Part 2: Symmetric cryptography and its key management and life cycle, Part 3: Asymmetric cryptographic systems and their key management and life cycle. This part is Part 1 of GB/T 27909. This part was drafted according to the schedule given in GB/T 8/TI.1-2009. 27909.1—2011
This part is modified to adopt the international standard IS0)11568-1:2005 Banking business secret sales management (retail) Part 1 General principles (English version).
The following modifications were made when adopting ISO11568-1: *ISO11568-1 Appendix A "Approval procedures for cryptographic algorithms" was deleted, and in Chapter 1, it was stated that the cryptographic algorithms used for key management should comply with the relevant regulations of the national cryptographic management department. This part also made the following editorial changes:
a) For international standards cited in normative references, if there are corresponding national standards, they are replaced by references to national standards; b) In addition to the ISO foreword:
This part was proposed by the People's Bank of China,
This part is under the jurisdiction of the National Financial Standards Promotion Technical Committee (SAC/TCI80). This part Responsible drafting unit: China Financial Electronicization Company. Participating drafting units of this part: People's Bank of China, Industrial and Commercial Bank of China, Agricultural Bank of China, Bank of China, Bank of Communications, China Everbright Bank, China UnionPay Co., Ltd. Main drafters of this part: Wang Pingwa, Lu Shuchun, Li Shuguang, Yue Zhilan, Zhou Yipeng, Zhao Hongxin, Cheng Guanzhong, Liu Yao, Yu Guodong, Yang Zengyu, Huang Faguo.
TTTKANTKACA
GB/T27909.1—2011
GB/T27909 describes the key security management process in the retail financial service environment. These keys are used to protect such as Messages between acquirers and acceptors, and between acquirers and issuers. This section describes the key management requirements applicable to the retail financial services sector. Typical service types include point-of-sale/point-of-service (POS) debit and credit authorizations and automated teller machine (ATM) transactions. Key management is the process of providing keys to authorized communication parties and keeping the keys under security process control until they are destroyed.
The security of data depends on preventing the disclosure of keys and unauthorized modification, replacement, removal or termination. Therefore, key management involves the generation, storage, distribution, use and destruction of keys. By standardizing these procedures , and also lays the foundation for the development of audit trail specifications.
This part does not provide a method to distinguish entities using the same cryptanalyst. The final details of the key management process need to be negotiated and decided by the relevant communicating parties, and an agreement should be reached on the identity and responsibilities of the individuals. The communicating parties shall assume corresponding responsibilities for these details. GB/T27909 itself does not involve the allocation of individual responsibilities, which is something that needs to be considered in the specific implementation of key management. W
TTTKAONYKACA
1 Scope
Key management for banking business (retail)
Part 1: General principles
GB/T 27909.1—2011
This standard specifies the key management principles that should be followed by cryptographic systems implemented in the retail financial services environment. The retail financial services environment of this standard refers to the interfaces between the following entities:- Card acceptance device and acquirer;- Acquirer and issuer;- Card acceptance device and IC. Appendix A describes an example of this environment, and Appendix B describes the security threats to the implementation of this standard. This standard can be applied to both keys in symmetric cryptographic systems and private and public keys in asymmetric cryptographic systems. In symmetric cryptographic systems, the sender and the receiver use the same key, and the cryptographic algorithms used for key management should comply with the relevant regulations of the national cryptographic management department. In addition to the key, the use of cryptography usually involves control information, such as initialization vectors and key identifiers. This information is collectively referred to as "key keys". Although this standard specifically describes the management of keys, its principles, services and technologies also apply to key elements. This standard is applicable to financial institutions and other organizations in the field of retail financial services. In these areas, information exchange requires confidentiality, integrity or authenticity. Retail financial services include but are not limited to services such as POS debit and credit authorization, vending machine and automatic teller machine (ATM) transactions.
In ISO9564 and TSO16609 standards, the encryption of personal identification numbers (PINs) in retail financial transactions and the cryptographic operations used in message authentication are described respectively. GB/T27909 also applies to the management of the keys introduced by these standards. In addition, the key management process itself also needs to introduce a higher level of keys, such as encrypted keys. The key management process also applies to these keys. 2 Normative references
The following documents are indispensable for the application of this document. For any dated referenced document, only the dated version applies to this document. For any undated referenced document, the latest version [including all amendments] applies to this document. GB/T20547.2-2006 Banking: Security Encryption Equipment (Retail) Part 2: Equipment Security Compliance Test List for Financial Transactions (IS013491-2:2005, M0D) CB/T27909.2 Banking Key Management (Retail) Part 2: Symmetric Cryptography and Key Management and Life Cycle (IS0 11568-2:2005, M0D)
GB/27909.4 Banking Key Management (Retail) Part 4: Asymmetric Cryptography and Key Management and Life Cycle (IS011568-4:2007, MOD)
3 Terms and Definitions
The following terms and definitions apply to this document. 3.1
Asymmetric key pair A public key and its associated secret key generated and used in a public key cryptography system. 1
TTTKAONYKACA
GB/T 27909.1—2011
cipher
A pair of operations that realize the conversion between plaintext and text under the control of parameters called cipher. Note: The encryption operation converts the data (plaintext) into unreadable ciphertext form, and the decryption operation restores the ciphertext to plaintext. 3.3
Cryptographic algorithmcryptographic algorithma set of rules that use cryptographic keys to perform data transformations such as:a) conversion from plaintext to ciphertext and vice versa (i.e., encryption and decryption);b) generation of key elements;
digital signature calculation or verification.
cryptographic key
cryptographic key
a parameter that determines the operation of a cryptographic algorithm.
cryptosystemcryptosystem
a set of basic cryptographic elements used to provide information security services. 3.6
data integritydata inicgrity
the property of data not being altered or destroyed in an unauthorized manner. 3.7
dictionary attackdictionary attack
an attack in which the attacker builds a dictionary of plaintext and corresponding ciphertext. Note: When the obtained ciphertext matches the ciphertext stored in the dictionary, the corresponding plaintext can be immediately obtained from the dictionary. 3.8
Digital signaturedigital signature
The result of asymmetric cryptographic conversion of data. The recipient can use this result to authenticate the source of information and verify the integrity of the data to prevent third parties or recipients from forgery.
Message Authentication Code (MAC)message authentication code (MAC)A code in a message transmitted between the sender and the receiver. This code is used to verify the source of the message and part or all of the message text.
Note: This code is calculated according to the agreed method. 3.10
Private keyprivate key
Part of an asymmetric key pair, the key value is confidential. 3. 11
publickey
Part of an asymmetric key pair, the key value is public. 3.12
Secret key
Cryptographic key used in symmetric cryptographic systems. 3.13
Computationally infeasible
Computationally infeasible
The calculation is theoretically feasible, but it is not feasible in terms of the time or resources required to achieve the calculation. 2
TTTKONYKAA
4 Key managementbZxz.net
4.1 Security objectives
GB/T 27909.1—2011
The messages and transactions of the retail financial service system contain both sensitive data of the cardholder and related financial information. The use of cryptographic technology to protect data can reduce the risk of financial loss caused by fraud, maintain the integrity and confidentiality of the system, and enhance the user's trust in the business provider/retailer partnership. Therefore, system security should be incorporated into the entire system design. The secure maintenance and system processing of keys in the system is called key management.
4.2 Security level
The level of security to be achieved depends on many factors, including the sensitivity of the data involved, the likelihood of data being intercepted, the practicality of any envisioned encryption process, and the cost of providing (and destroying) a dedicated security method. Therefore, it is very necessary for the communicating parties to agree on the key management process and the degree and details of security provided (as described in GB/T 20547). 4.3 Key management objectives
The main objectives of key management are to provide users with the keys required to complete cryptographic operations and to control the use of these keys. Key management also ensures that these keys are adequately protected during their life cycle. The security objectives of key management are: in addition to measures to prevent damage, the opportunity for security damage and the consequences and degree of damage caused should be minimized, while also maximizing the probability of detecting possible unauthorized access and modification of keys. The above standards apply to all stages of key generation, distribution, storage, use and return, including those processes related to key communication that occur between cryptographic devices and trustees. Note: This part covers the above issues. The overall system security also includes issues such as communication protection, data processing systems, equipment and devices. 5 Key management principles
In order to protect secrets and prevent retail financial service systems from being compromised, the following principles should be followed: a) Keys can only exist in the form permitted by GB/T27909; 6) No individual can access or find out any secret key/private key in plain text; 7) The system should be able to prevent the disclosure of any key that has been or will be used to protect data; 8) Secret keys/private keys should be generated using a process that ensures that secret values are unpredictable, or that some values are more likely than others; 9) The system should be able to detect any attempt to disclose secret keys/private keys, as well as any attempt to use secret keys/private keys for purposes other than their intended use; 10) The system should be able to prevent or detect any attempt to disclose secret keys/private keys; The key/private key (or part of it) is used for other purposes than intended, as well as any accidental or unauthorized modification, use, replacement, deletion or insertion of the f
key: g) The old key should be replaced by a new key before the old key can be cracked; the old key should be replaced by a new key before a successful dictionary attack can be carried out on the data encrypted with the old key; h) When a key is discovered or suspected to be leaked, the use of the key should be terminated. The leakage of a shared key of one group of communicating parties should not lead to the leakage of any other group's shared key: k) A leaked key should not provide any information that can be used to determine its replacement key. 1) The key should only be loaded in equipment that is believed to be secure and not subject to unauthorized modification and replacement. 3
TTTKAONYKACA
GB/T 27909,1—2011
6 Cryptographic systems
6.1 Overview
Cryptographic systems are a general term for a set of basic cryptographic elements that provide information security services. The term is often used with cryptographic elements that provide confidentiality (i.e., encryption). Such systems are called cryptographic systems. The key management principles described in this section can be used to manage keys in cryptographic systems.
6.2 Cryptographic systems
Cryptographic systems consist of encryption operations and inverse decryption operations. In addition, they may include aspects such as padding rules and cryptographic management requirements. Encryption operations convert plaintext into ciphertext by using encryption keys; decryption operations restore ciphertext to plaintext by using decryption keys. Retail financial services use cryptographic systems to protect sensitive cardholder data and financial transaction data. The data to be protected is encrypted by the sender and then decrypted by the recipient. There are two types of cryptographic systems: a) Symmetric cryptographic systems:
Asymmetric cryptographic systems
This chapter illustrates cryptographic systems used to protect data confidentiality. GB/T 27909 is also applicable to secret protection and management in other cryptographic technologies, such as key derivation, message authentication, digital signatures and other related functions. 6.3 Symmetric cryptographic systems
In a symmetric cryptographic system, encryption keys and decryption keys are exchanged. Both the sender and the receiver should keep the keys confidential at all times. The secret key allows secure communication between the sender and the receiver. Figure 1 describes an example of a symmetric cryptographic system. A. Encryption (encryption) Encrypted data Secret information Secret information (decryption) Figure 1 Example of a symmetric cryptographic system If a symmetric cryptographic system is implemented with secure cryptographic devices and their associated key management technology, it can distinguish between the two ends and support one-way services, such as using a set of keys to protect the secret data transmitted between the two parties. This is called "two-way key encryption". When the secret data transmitted in each direction is protected by a different set of keys, it is called "one-way key encryption". Key management principles should be used appropriately to ensure the confidentiality, integrity and authenticity of the keys. 6.4 Asymmetric cryptographic system In an asymmetric cryptographic system, the encryption key and the decryption key are different, and it is computationally infeasible to derive the decryption key from the encryption key. The encryption key in asymmetric cryptography is public, while the corresponding decryption key is kept secret. These two keys are called public key and private key respectively.
B's public key
(Encryption)
Encrypted data
Using B's public key
Figure 2 Example of asymmetric cryptographic system
TTTKAONATKACA
B's secret key
(Decryption)
GB/T 27909.1—2011
The characteristic of asymmetric cryptographic systems is that the sender encrypts secret data with a public key and requires the receiver to hold a private key that can decrypt the secret data. In this way, asymmetric cryptographic systems are essentially one-way, that is, a pair of private and public keys only provide protection for data transmitted in one direction, and the disclosure of the public key will not endanger the cryptographic system. When it is required to provide protection for data transmitted in both directions, two pairs of public and private keys are required. Asymmetric cryptography is usually applied to the secure distribution of initial keys of symmetric cryptographic systems. Key management principles should be properly used to ensure the confidentiality of private keys and the integrity and authenticity of private and public keys. 6.5 Other cryptographic systems
The key management principles described in this section are also applicable to other cryptographic systems, such as message identification systems, mathematical signature systems or key establishment systems. Figure 3 shows an example of an asymmetric cryptographic system using digital signature technology for data authentication. Party A
Party 5's public key
(authentication)
Use Party B's secret key
Party B's private key
(signature)
Figure 3 Example of an asymmetric cryptographic system for data authentication Characteristics of an asymmetric digital signature system require that the recipient possesses an authenticated public key. The sender uses the private key to digitally sign, and the recipient uses the public key to verify the authenticity of the signature. Cryptographic management principles should be properly used to ensure the confidentiality of the private key and the integrity and authenticity of the private key and public key. 7 Physical security of the cryptographic environment
7.1 Physical security considerations
For symmetric and asymmetric cryptographic systems, the confidentiality of secret/private keys and the integrity and authenticity of secret/private and public keys during storage and use depend on the following two factors: a) The security of the hardware equipment performing cryptographic processing and the security of the storage of keys and other secret data (see 7.2) b) The security of the cryptographic processing and storage environment for secret keys and other secret data (see 7.3). In practice, absolute security is impossible to achieve. Therefore, the password management program should take preventive measures to reduce the chance of security breaches. If these preventive measures fail, the probability of detecting unauthorized access to secret keys/secrets and other confidential data should be increased.
7.2 Secure cryptographic equipment
Secure cryptographic equipment is a device that provides secure storage for secret information, such as passwords, and provides security services for these secret information. The characteristics of these devices and their management requirements are shown in GB/T20547.2. 7.3 Physical security environment
A physical security environment has controls or other mechanisms to prevent unauthorized access that may lead to the leakage of secrets (or partial keys) or secret data stored in the environment. An example of a physical security environment is a secure or specially designed place that has continuous access control, physical security protection and monitoring mechanisms.
A physical security environment should be maintained until all plaintext secrets and other useful information are destroyed from the environment. 5
TTTKAONTKACA
GB/T 27909.1—2011
B Security points
B.1 Cryptographic environment of secret/private keys
Plaintext secret/private keys should only exist in secure cryptographic devices or in a physically secure environment as described below. Plaintext secret/private keys whose disclosure may affect multiple parties should only exist in secure cryptographic devices. Plaintext secret/private keys whose disclosure may only affect a single party should only exist in a secure cryptographic device or in a physically secure environment that is maintained and managed by the affected party or its representative. Examples of multiple parties include the acquirer ATM environment, and examples of a single party include the internal card personalization system. B.2 Public cryptographic environment
In principle, it is not necessary to provide protection against the disclosure of public keys. However, physical or logical protection should be provided for public keys to prevent unauthorized replacement. In addition to protecting the public key from replacement, the secret data encrypted with the public key should also be protected from unauthorized disclosure. 8.3 Protection against counterfeit devices
To prevent or detect the replacement of legitimate devices by counterfeit devices, protection should be provided for the devices. In addition to the capabilities of legitimate devices, the counterfeit devices may also have unauthorized capabilities to disclose secret data before encryption. 9 Key management services for cryptographic systems
9.1 Overview
Key management services are combined with symmetric and asymmetric cryptographic systems to ensure that key management complies with the key management principles listed in Clause 5. These services are briefly described below, and the technologies used to provide these services are described in GB/T 27909.2 and GB/T 87909.3.
9.2 Key separation
Key separation ensures that cryptographic processing can only operate with key types for specific functions and for their designed purpose, such as message authentication code (MAC) keys. Since secret/private keys are entered into the cryptographic function module in encrypted form or recovered in plain text from the secure storage of the cryptographic device, key separation can be achieved by using different key encryption and storage processes. 9.3 Prevention of Substitution
Prevention of key substitution prevents unauthorized replacement of keys. As stated in clause 5: In any system, proper cryptographic selection should prevent inappropriate use of keys, such as use in another cryptographic domain. No cryptographic management service can ensure proper key selection, and this requirement should be taken into account in the design of the cryptographic system.
9.4 Identification
Cryptographic identification enables the recipient of a transaction to determine the appropriate key associated with the transaction. 9.5 Synchronization (Availability)
Cryptographic synchronization ensures that the sender and recipient use the appropriate key when a key change occurs. 9.6 Integrity
Ensures the integrity of the key by verifying that the key has not been modified. 9.7 Confidentiality
The confidentiality of the key ensures that the key cannot be disclosed. 9.8 Leakage Detection
GE/T 27909.1—2011
In the event of a security breach, if the breach is detected, the negative consequences caused by the breach can be avoided or limited. With the help of control and audit procedures, it can be found whether security has been breached. 10
Key Lifecycle
10.1 Key Management involves the generation of appropriate key codes, their distribution to authorized recipients for use, and the termination of keys when they are no longer needed. In order to protect the keys during their lifetime in the key management method listed in Chapter 5, the key processing needs to go through a series of stages. The following is a brief description of these stages. The entire process is called the key life cycle. 10.2 General requirements for key life cycle
Unless otherwise specified, this requirement applies to both symmetric and asymmetric key life cycles. For details on this aspect, please refer to GB/T 27909.2 and CB/T 27909. 3.
10.2.1 Key generation
Key generation refers to the creation of new keys or (in asymmetric cryptography) key pairs for subsequent use. 10.2.2 Key storage
Key storage refers to the storage of keys in a secure form. 10.2.3 Key backup
Key backup refers to the storage of a protected copy of a key during the operation and use of the key. 10.2.4 Key Distribution and Import
Secret key/private key distribution and import is the process of manually or automatically transferring a key to a secure cryptographic device, and public key distribution and import is the process of manually or automatically transferring a key to a predetermined user. 10.2.5 Key Use
Key use is the use of a key for its intended encryption or decryption purpose. 10.2.6 Key Replacement
Key replacement is the replacement of an original key by another key when it is determined or suspected that the original key has been compromised or its lifetime has expired. 10.2.7 Key Destruction
Key destruction ensures that a key instance that existed in some permitted form no longer exists at a specific location, but its information can still be retained at that location, through which the key can be reconstructed and continued to be used.5 Other cryptographic systems
The principles of secret management described in this section are also applicable to other cryptographic systems, such as message identification systems, mathematical signature systems or key establishment systems. Figure 3 shows an example of an asymmetric cryptographic system using digital signature technology for data authentication. Party A
Party 5's public key
(authentication)
Use Party B's secret key
Party B's private key
(signature)
Figure 3 Example of an asymmetric secret system for data authentication The nature of an asymmetric digital signature system requires that the recipient possesses an authenticated public key. The sender uses the private key to digitally sign, and the recipient uses the public key to verify the authenticity of the signature. The principles of secret management should be used appropriately to ensure the confidentiality of the private key and the integrity and authenticity of the private key and public key. 7 Physical Security of the Cryptographic Environment
7.1 Physical Security Considerations
For both symmetric and asymmetric cryptographic systems, the confidentiality of secret/private keys and the integrity and authenticity of secret/private and public keys during storage and use depend on two factors: a) the security of the hardware devices performing cryptographic processing and the storage of keys and other secret data (see 7.2) and b) the security of the environment in which cryptographic processing and secret and other secret data are stored (see 7.3). In practice, absolute security is impossible to achieve, so the cryptographic management program should take preventive measures to reduce the probability of security breaches. If these preventive measures fail, the probability of detecting unauthorized access to secret/private and other secret data should be increased.
7.2 Secure Cryptographic Equipment
Secure cryptographic equipment is equipment that provides secure storage for cryptographic information and provides security services for such information. The characteristics of these devices and their management requirements are shown in GB/T20547.2. 7.3 Physical security environment
A physical security environment has security controls or other mechanisms to prevent unauthorized access that may lead to the leakage of secret keys (or partial keys) or secret data stored in the environment. An example of a physical security environment is a secure or specially designed location that has continuous access control, physical security protection and monitoring mechanisms.
A physical security environment should be maintained until all plaintext secrets and other useful information are destroyed from the environment. 5
TTTKAONTKACA
GB/T 27909.1—2011
B Security test points
B.1 Cryptographic environment for secret keys/private keys
Plaintext secret keys/private keys should only exist in secure cryptographic devices or in a physical security environment as described below. Plaintext secret keys/private keys whose leakage may affect multiple parties should only exist in secure cryptographic devices. Plaintext secret keys/secrets whose disclosure would affect only a single party should only exist in secure cryptographic devices or physically secure environments that are maintained by or on behalf of the affected party. Examples of multiple parties are acquirer ATM environments, and examples of single parties are internal card personalization systems. B.2 Public cryptographic environments
In principle, public keys do not need to be protected against disclosure. However, to prevent unauthorized replacement of public keys, physical or logical protection should be provided for public keys. In addition to protecting public keys from replacement, secret data encrypted with public keys should also be protected from unauthorized disclosure. 8.3 Protection against counterfeit devices
Devices should be protected to prevent or detect replacement of legitimate devices with counterfeit devices. Counterfeit devices may have unauthorized capabilities to disclose secret data before encryption in addition to the capabilities of legitimate devices. 9 Key Management Services for Cryptographic Systems
9.1 Overview
Key management services are integrated with symmetric and asymmetric cryptographic systems to ensure that key management complies with the key management principles outlined in clause 5. These services are briefly described below, and the techniques used to provide them are described in ISO 909.2 and ISO 909.3.
9.2 Key Separation
Key separation ensures that cryptographic processes can only be operated on keys of a specific function for which they were designed, e.g., message authentication code (MAC) keys. Since secret/private keys are entered into cryptographic function modules in encrypted form or retrieved in plaintext from the secure storage of cryptographic equipment, key separation can be achieved by using different key encryption and storage procedures. 9.3 Prevention of Substitution
Prevention of key substitution prevents the unauthorized replacement of keys. As stated in clause 5: In any system, the proper choice of cryptographic keys should prevent the inappropriate use of keys, e.g., use in another cryptographic domain. No cryptographic services are available to ensure proper key selection, and this requirement should be taken into account in the design of cryptographic systems.
9.4 Identification
Cryptographic identification enables the recipient of a transaction to determine the appropriate key associated with the transaction. 9.5 Synchronization (Availability)
Cryptographic synchronization ensures that the sender and recipient use the appropriate key when a key is changed. 9.6 Integrity
Ensures the integrity of the key by verifying that the key has not been modified. 9.7 Confidentiality
The confidentiality of the key ensures that the key cannot be compromised. 9.8 Compromise Detection
GE/T 27909.1—2011
In the event that security is compromised, the negative consequences caused by the breach can be avoided or limited if these breaches are detected. With the help of control and audit procedures, it can be discovered whether security has been compromised. 10
Key life cycle
10.1 Key management involves the generation of appropriate keys, their distribution to authorized recipients for use, and the termination of keys when they are no longer needed. In order to protect keys during their lifetime in the key management manner listed in Chapter 5, key processing needs to go through a series of stages. The following is a brief description of these stages. The entire process is called the key life cycle. 10.2 General requirements for key life cycle
Unless otherwise specified, this requirement applies to both symmetric and asymmetric key life cycles. For details on this aspect, please refer to GB/T 27909.2 and CB/T 27909. 3.
10.2.1 Key generation
Key generation refers to the creation of new keys or (in asymmetric cryptography) key pairs for subsequent use. 10.2.2 Key storage
Key storage refers to the storage of keys in a secure form. 10.2.3 Key Backup
Key backup is the storage of a protected copy of a key during operational use of the key. 10.2.4 Key Distribution and Import
Secret/Private Key Distribution and Import is the manual or automatic transfer of a key to a secure cryptographic device, and Public Key Distribution and Import is the manual or automatic transfer of a key to a predetermined user. 10.2.5 Key Use
Key use is the use of a key for its intended encryption or decryption purpose. 10.2.6 Key Replacement
Key replacement is the replacement of an original key by another key when it is determined or suspected that the original key has been compromised or its lifetime has expired. 10.2.7 Key Destruction
Key destruction ensures that an instance of a key that existed in some permitted form no longer exists at a particular location, but its information may still be retained at that location, through which the key can be reconstructed and continued to be used.5 Other cryptographic systems
The principles of secret management described in this section are also applicable to other cryptographic systems, such as message identification systems, mathematical signature systems or key establishment systems. Figure 3 shows an example of an asymmetric cryptographic system using digital signature technology for data authentication. Party A
Party 5's public key
(authentication)
Use Party B's secret key
Party B's private key
(signature)
Figure 3 Example of an asymmetric secret system for data authentication The nature of an asymmetric digital signature system requires that the recipient possesses an authenticated public key. The sender uses the private key to digitally sign, and the recipient uses the public key to verify the authenticity of the signature. The principles of secret management should be used appropriately to ensure the confidentiality of the private key and the integrity and authenticity of the private key and public key. 7 Physical Security of the Cryptographic Environment
7.1 Physical Security Considerations
For both symmetric and asymmetric cryptographic systems, the confidentiality of secret/private keys and the integrity and authenticity of secret/private and public keys during storage and use depend on two factors: a) the security of the hardware devices performing cryptographic processing and the storage of keys and other secret data (see 7.2) and b) the security of the environment in which cryptographic processing and secret and other secret data are stored (see 7.3). In practice, absolute security is impossible to achieve, so the cryptographic management program should take preventive measures to reduce the probability of security breaches. If these preventive measures fail, the probability of detecting unauthorized access to secret/private and other secret data should be increased.
7.2 Secure Cryptographic Equipment
Secure cryptographic equipment is equipment that provides secure storage for cryptographic information and provides security services for such information. The characteristics of these devices and their management requirements are shown in GB/T20547.2. 7.3 Physical security environment
A physical security environment has security controls or other mechanisms to prevent unauthorized access that may lead to the leakage of secret keys (or partial keys) or secret data stored in the environment. An example of a physical security environment is a secure or specially designed location that has continuous access control, physical security protection and monitoring mechanisms.
A physical security environment should be maintained until all plaintext secrets and other useful information are destroyed from the environment. 5
TTTKAONTKACA
GB/T 27909.1—2011
B Security test points
B.1 Cryptographic environment for secret keys/private keys
Plaintext secret keys/private keys should only exist in secure cryptographic devices or in a physical security environment as described below. Plaintext secret keys/private keys whose leakage may affect multiple parties should only exist in secure cryptographic devices. Plaintext secret keys/secrets whose disclosure would affect only a single party should only exist in secure cryptographic devices or physically secure environments that are maintained by or on behalf of the affected party. Examples of multiple parties are acquirer ATM environments, and examples of single parties are internal card personalization systems. B.2 Public cryptographic environments
In principle, public keys do not need to be protected against disclosure. However, to prevent unauthorized replacement of public keys, physical or logical protection should be provided for public keys. In addition to protecting public keys from replacement, secret data encrypted with public keys should also be protected from unauthorized disclosure. 8.3 Protection against counterfeit devices
Devices should be protected to prevent or detect replacement of legitimate devices with counterfeit devices. Counterfeit devices may have unauthorized capabilities to disclose secret data before encryption in addition to the capabilities of legitimate devices. 9 Key Management Services for Cryptographic Systems
9.1 Overview
Key management services are integrated with symmetric and asymmetric cryptographic systems to ensure that key management complies with the key management principles outlined in clause 5. These services are briefly described below, and the techniques used to provide them are described in ISO 909.2 and ISO 909.3.
9.2 Key Separation
Key separation ensures that cryptographic processes can only be operated on keys of a specific function for which they were designed, e.g., message authentication code (MAC) keys. Since secret/private keys are entered into cryptographic function modules in encrypted form or retrieved in plaintext from the secure storage of cryptographic equipment, key separation can be achieved by using different key encryption and storage procedures. 9.3 Prevention of Substitution
Prevention of key substitution prevents the unauthorized replacement of keys. As stated in clause 5: In any system, the proper choice of cryptographic keys should prevent the inappropriate use of keys, e.g., use in another cryptographic domain. No cryptographic services are available to ensure proper key selection, and this requirement should be taken into account in the design of cryptographic systems.
9.4 Identification
Cryptographic identification enables the recipient of a transaction to determine the appropriate key associated with the transaction. 9.5 Synchronization (Availability)
Cryptographic synchronization ensures that the sender and recipient use the appropriate key when a key is changed. 9.6 Integrity
Ensures the integrity of the key by verifying that the key has not been modified. 9.7 Confidentiality
The confidentiality of the key ensures that the key cannot be compromised. 9.8 Compromise Detection
GE/T 27909.1—2011
In the event that security is compromised, the negative consequences caused by the breach can be avoided or limited if these breaches are detected. With the help of control and audit procedures, it can be discovered whether security has been compromised. 10
Key life cycle
10.1 Key management involves the generation of appropriate keys, their distribution to authorized recipients for use, and the termination of keys when they are no longer needed. In order to protect keys during their lifetime in the key management manner listed in Chapter 5, key processing needs to go through a series of stages. The following is a brief description of these stages. The entire process is called the key life cycle. 10.2 General requirements for key life cycle
Unless otherwise specified, this requirement applies to both symmetric and asymmetric key life cycles. For details on this aspect, please refer to GB/T 27909.2 and CB/T 27909. 3.
10.2.1 Key generation
Key generation refers to the creation of new keys or (in asymmetric cryptography) key pairs for subsequent use. 10.2.2 Key storage
Key storage refers to the storage of keys in a secure form. 10.2.3 Key Backup
Key backup is the storage of a protected copy of a key during operational use of the key. 10.2.4 Key Distribution and Import
Secret/Private Key Distribution and Import is the manual or automatic transfer of a key to a secure cryptographic device, and Public Key Distribution and Import is the manual or automatic transfer of a key to a predetermined user. 10.2.5 Key Use
Key use is the use of a key for its intended encryption or decryption purpose. 10.2.6 Key Replacement
Key replacement is the replacement of an original key by another key when it is determined or suspected that the original key has been compromised or its lifetime has expired. 10.2.7 Key Destruction
Key destruction ensures that an instance of a key that existed in some permitted form no longer exists at a particular location, but its information may still be retained at that location, through which the key can be reconstructed and continued to be used.3 Physical Security Environment
A physical security environment has controls or other mechanisms to prevent unauthorized access that could result in the disclosure of secret keys (or parts of secret keys) or secret data stored in the environment. An example of a physical security environment is a secure or purpose-built location that has continuous access control, physical security protection, and monitoring mechanisms.
A physical security environment should be maintained until all plaintext secrets and other useful information are destroyed from the environment. 5
TTTKAONTKACA
GB/T 27909.1—2011
B Security Test Points
B.1 Cryptographic Environment for Secret Keys/Private Keys
Plaintext secret keys/private keys should only exist in secure cryptographic devices or in a physical security environment as described below. Plaintext secret keys/private keys whose disclosure could affect multiple parties should only exist in secure cryptographic devices. Plaintext secret keys/secrets whose disclosure would affect only a single party should only exist in secure cryptographic devices or physically secure environments that are maintained by or on behalf of the affected party. Examples of multiple parties are acquirer ATM environments, and examples of single parties are internal card personalization systems. B.2 Public cryptographic environments
In principle, public keys do not need to be protected against disclosure. However, to prevent unauthorized replacement of public keys, physical or logical protection should be provided for public keys. In addition to protecting public keys from replacement, secret data encrypted with public keys should also be protected from unauthorized disclosure. 8.3 Protection against counterfeit devices
Devices should be protected to prevent or detect replacement of legitimate devices with counterfeit devices. Counterfeit devices may have unauthorized capabilities to disclose secret data before encryption in addition to the capabilities of legitimate devices. 9 Key Management Services for Cryptographic Systems
9.1 Overview
Key management services are integrated with symmetric and asymmetric cryptographic systems to ensure that key management complies with the key management principles outlined in clause 5. These services are briefly described below, and the techniques used to provide them are described in ISO 909.2 and ISO 909.3.
9.2 Key Separation
Key separation ensures that cryptographic processes can only be operated on keys of a specific function for which they were designed, e.g., message authentication code (MAC) keys. Since secret/private keys are entered into cryptographic function modules in encrypted form or retrieved in plaintext from the secure storage of cryptographic equipment, key separation can be achieved by using different key encryption and storage procedures. 9.3 Prevention of Substitution
Prevention of key substitution prevents the unauthorized replacement of keys. As stated in clause 5: In any system, the proper choice of cryptographic keys should prevent the inappropriate use of keys, e.g., use in another cryptographic domain. No cryptographic services are available to ensure proper key selection, and this requirement should be taken into account in the design of cryptographic systems.
9.4 Identification
Cryptographic identification enables the recipient of a transaction to determine the appropriate key associated with the transaction. 9.5 Synchronization (Availability)
Cryptographic synchronization ensures that the sender and recipient use the appropriate key when a key is changed. 9.6 Integrity
Ensures the integrity of the key by verifying that the key has not been modified. 9.7 Confidentiality
The confidentiality of the key ensures that the key cannot be compromised. 9.8 Compromise Detection
GE/T 27909.1—2011
In the event that security is compromised, the negative consequences caused by the breach can be avoided or limited if these breaches are detected. With the help of control and audit procedures, it can be discovered whether security has been compromised. 10
Key life cycle
10.1 Key management involves the generation of appropriate keys, their distribution to authorized recipients for use, and the termination of keys when they are no longer needed. In order to protect keys during their lifetime in the key management manner listed in Chapter 5, key processing needs to go through a series of stages. The following is a brief description of these stages. The entire process is called the key life cycle. 10.2 General requirements for key life cycle
Unless otherwise specified, this requirement applies to both symmetric and asymmetric key life cycles. For details on this aspect, please refer to GB/T 27909.2 and CB/T 27909. 3.
10.2.1 Key generation
Key generation refers to the creation of new keys or (in asymmetric cryptography) key pairs for subsequent use. 10.2.2 Key storage
Key storage refers to the storage of keys in a secure form. 10.2.3 Key Backup
Key backup is the storage of a protected copy of a key during operational use of the key. 10.2.4 Key Distribution and Import
Secret/Private Key Distribution and Import is the manual or automatic transfer of a key to a secure cryptographic device, and Public Key Distribution and Import is the manual or automatic transfer of a key to a predetermined user. 10.2.5 Key Use
Key use is the use of a key for its intended encryption or decryption purpose. 10.2.6 Key Replacement
Key replacement is the replacement of an original key by another key when it is determined or suspected that the original key has been compromised or its lifetime has expired. 10.2.7 Key Destruction
Key destruction ensures that an instance of a key that existed in some permitted form no longer exists at a particular location, but its information may still be retained at that location, through which the key can be reconstructed and continued to be used.3 Physical Security Environment
A physical security environment has controls or other mechanisms to prevent unauthorized access that could result in the disclosure of secret keys (or parts of secret keys) or secret data stored in the environment. An example of a physical security environment is a secure or purpose-built location that has continuous access control, physical security protection, and monitoring mechanisms.
A physical security environment should be maintained until all plaintext secrets and other useful information are destroyed from the environment. 5
TTTKAONTKACA
GB/T 27909.1—2011
B Security Test Points
B.1 Cryptographic Environment for Secret Keys/Private Keys
Plaintext secret keys/private keys should only exist in secure cryptographic devices or in a physical security environment as described below. Plaintext secret keys/private keys whose disclosure could affect multiple parties should only exist in secure cryptographic devices. Plaintext secret keys/secrets whose disclosure would affect only a single party should only exist in secure cryptographic devices or physically secure environments that are maintained by or on behalf of the affected party. Examples of multiple parties are acquirer ATM environments, and examples of single parties are internal card personalization systems. B.2 Public cryptographic environments
In principle, public keys do not need to be protected against disclosure. However, to prevent unauthorized replacement of public keys, physical or logical protection should be provided for public keys. In addition to protecting public keys from replacement, secret data encrypted with public keys should also be protected from unauthorized disclosure. 8.3 Protection against counterfeit devices
Devices should be protected to prevent or detect replacement of legitimate devices with counterfeit devices. Counterfeit devices may have unauthorized capabilities to disclose secret data before encryption in addition to the capabilities of legitimate devices. 9 Key Management Services for Cryptographic Systems
9.1 Overview
Key management services are integrated with symmetric and asymmetric cryptographic systems to ensure that key management complies with the key management principles outlined in clause 5. These services are briefly described below, and the techniques used to provide them are described in ISO 909.2 and ISO 909.3.
9.2 Key Separation
Key separation ensures that cryptographic processes can only be operated on keys of a specific function for which they were designed, e.g., message authentication code (MAC) keys. Since secret/private keys are entered into cryptographic function modules in encrypted form or retrieved in plaintext from the secure storage of cryptographic equipment, key separation can be achieved by using different key encryption and storage procedures. 9.3 Prevention of Substitution
Prevention of key substitution prevents the unauthorized replacement of keys. As stated in clause 5: In any system, the proper choice of cryptographic keys should prevent the inappropriate use of keys, e.g., use in another cryptographic domain. No cryptographic services are available to ensure proper key selection, and this requirement should be taken into account in the design of cryptographic systems.
9.4 Identification
Cryptographic identification enables the recipient of a transaction to determine the appropriate key associated with the transaction. 9.5 Synchronization (Availability)
Cryptographic synchronization ensures that the sender and recipient use the appropriate key when a key is changed. 9.6 Integrity
Ensures the integrity of the key by verifying that the key has not been modified. 9.7 Confidentiality
The confidentiality of the key ensures that the key cannot be compromised. 9.8 Compromise Detection
GE/T 27909.1—2011
In the event that security is compromised, the negative consequences caused by the breach can be avoided or limited if these breaches are detected. With the help of control and audit procedures, it can be discovered whether security has been compromised. 10
Key life cycle
10.1 Key management involves the generation of appropriate keys, their distribution to authorized recipients for use, and the termination of keys when they are no longer needed. In order to protect keys during their lifetime in the key management manner listed in Chapter 5, key processing needs to go through a series of stages. The following is a brief description of these stages. The entire process is called the key life cycle. 10.2 General requirements for key life cycle
Unless otherwise specified, this requirement applies to both symmetric and asymmetric key life cycles. For details on this aspect, please refer to GB/T 27909.2 and CB/T 27909. 3.
10.2.1 Key generation
Key generation refers to the creation of new keys or (in asymmetric cryptography) key pairs for subsequent use. 10.2.2 Key storage
Key storage refers to the storage of keys in a secure form. 10.2.3 Key Backup
Key backup is the storage of a protected copy of a key during operational use of the key. 10.2.4 Key Distribution and Import
Secret/Private Key Distribution and Import is the manual or automatic transfer of a key to a secure cryptographic device, and Public Key Distribution and Import is the manual or automatic transfer of a key to a predetermined user. 10.2.5 Key Use
Key use is the use of a key for its intended encryption or decryption purpose. 10.2.6 Key Replacement
Key replacement is the replacement of an original key by another key when it is determined or suspected that the original key has been compromised or its lifetime has expired. 10.2.7 Key Destruction
Key destruction ensures that an instance of a key that existed in some permitted form no longer exists at a particular location, but its information may still be retained at that location, through which the key can be reconstructed and continued to be used.8 Leakage Detection
GE/T 27909.1—2011
In the event of a security breach, if the breach is detected, the negative consequences caused by the breach can be avoided or limited. With the help of control and audit procedures, it can be found whether security has been breached. 10
Key Lifecycle
10.1 Key Management Key management involves the generation of appropriate key codes, their distribution to authorized recipients for use, and the termination of keys when they are no longer needed. In order to protect the key during its lifetime in the key management method listed in Chapter 5, the key processing needs to go through a series of stages. The following is a brief description of these stages. The entire process is called the key life cycle. 10.2 General requirements for key life cycle
Unless otherwise specified, this requirement applies to both symmetric and asymmetric key life cycles. For details on this aspect, please refer to GB/T 27909.2 and CB/T 27909. 3.
10.2.1 Key generation
Key generation refers to the creation of new keys or (in asymmetric cryptography) key pairs for subsequent use. 10.2.2 Key storage
Key storage refers to the storage of keys in a secure form. 10.2.3 Key backup
Key backup refers to the storage of a protected copy of a key during the operation and use of the key. 10.2.4 Key Distribution and Import
Secret key/private key distribution and import is the process of manually or automatically transferring a key to a secure cryptographic device, and public key distribution and import is the process of manually or automatically transferring a key to a predetermined user. 10.2.5 Key Use
Key use is the use of a key for its intended encryption or decryption purpose. 10.2.6 Key Replacement
Key replacement is the replacement of an original key by another key when it is determined or suspected that the original key has been compromised or its lifetime has expired. 10.2.7 Key Destruction
Key destruction ensures that a key instance that existed in some permitted form no longer exists at a specific location, but its information can still be retained at that location, through which the key can be reconstructed and continued to be used.8 Leakage Detection
GE/T 27909.1—2011
In the event of a security breach, if the breach is detected, the negative consequences caused by the breach can be avoided or limited. With the help of control and audit procedures, it can be found whether security has been breached. 10
Key Lifecycle
10.1 Summary
Key management involves the generation of appropriate key codes, their distribution to authorized recipients for use, and the termination of keys when they are no longer needed. In order to protect the keys during their lifetime in the key management method listed in Chapter 5, the key processing needs to go through a series of stages. The following is a brief description of these stages. The entire process is called the key life cycle. 10.2 General requirements for key life cycle
Unless otherwise specified, this requirement applies to both symmetric and asymmetric key life cycles. For details on this aspect, please refer to GB/T 27909.2 and CB/T 27909. 3.
10.2.1 Key generation
Key generation refers to the creation of new keys or (in asymmetric cryptography) key pairs for subsequent use. 10.2.2 Key storage
Key storage refers to the storage of keys in a secure form. 10.2.3 Key backup
Key backup refers to the storage of a protected copy of a key during the operation and use of the key. 10.2.4 Key Distribution and Import
Secret key/private key distribution and import is the process of manually or automatically transferring a key to a secure cryptographic device, and public key distribution and import is the process of manually or automatically transferring a key to a predetermined user. 10.2.5 Key Use
Key use is the use of a key for its intended encryption or decryption purpose. 10.2.6 Key Replacement
Key replacement is the replacement of an original key by another key when it is determined or suspected that the original key has been compromised or its lifetime has expired. 10.2.7 Key Destruction
Key destruction ensures that a key instance that existed in some permitted form no longer exists at a specific location, but its information can still be retained at that location, through which the key can be reconstructed and continued to be used.
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.