Standard
UPDATE AVAILABLE
Track updates
iconCreated with Sketch.

AS 2805.6.1.1-2009

[Current]

Electronic funds transfer - Requirements for interfaces, Part 6.1.1: Key management - Principles (ISO 11568-1:2005, MOD)

Adopts ISO 11568-1:2005 to align Australian key management principal with international best practice.
Published: 11/02/2009
Pages: 17
Table of contents
Cited references
Content history
Table of contents
Header
About this publication
Preface
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Aspects of key management
4.1 Purpose of security
4.2 Level of security
4.3 Key management objectives
5 Principles of key management
6 Cryptosystems
6.1 Overview
6.2 Cipher systems
6.3 Symmetric cipher systems
6.4 Asymmetric cipher systems
6.5 Other cryptosystems
7 Physical security for cryptographic environments
7.1 Physical security considerations
7.2 Secure cryptographic device
7.3 Physically secure environment
8 Security considerations
8.1 Cryptographic environments for secret/private keys
8.2 Cryptographic environments for public keys
8.3 Protection against counterfeit devices
9 Key management services for cryptosystems
9.1 General
9.2 Separation
9.3 Substitution prevention
9.4 Identification
9.5 Synchronization (availability)
9.6 Integrity
9.7 Confidentiality
9.8 Compromise detection
10 Key life cycles
10.1 General
10.2 Common requirements for key life cycles
10.2.1 Generation
10.2.2 Storage
10.2.3 Backup
10.2.4 Distribution and loading
10.2.5 Use
10.2.6 Replacement
10.2.7 Destruction
10.2.8 Deletion
10.2.9 Archive
10.2.10 Termination
10.2.11 Erasure summary
10.3 Additional requirements for asymmetric cryptosystems
10.3.1 Authenticity prior to use
10.3.2 Public key revocation
10.3.3 Public key expiration
Annex A
A.1 Approved algorithms
A.2 Approval process
A.2.1 Justification of proposal
A.2.2 Documentation
A.2.3 Public disclosure
A.2.4 Examination of proposals
A.2.5 Public review
A.2.6 Appeal procedure
A.2.7 Incorporation of new algorithms
A.2.8 Maintenance
Annex B
B.1 General
B.2 Cardholder and card issuer
B.3 Card acceptor
B.4 Acquirer
B.5 Third party processor
Annex C
C.1 General
C.2 Threats
C.2.1 Accidental threats
C.2.2 Intentional threats
C.2.3 Passive threats
C.2.4 Active threats
C.2.4.1 Masquerade
C.2.4.2 Replay
C.2.4.3 Modification of messages
C.2.4.4 Denial of service
C.2.4.5 Insider attacks
C.2.4.6 Outsider attacks
C.2.4.7 Trapdoor
C.2.4.8 Trojan horse
Bibliography
Appendix ZZ
ZZ1 INTRODUCTION
ZZ2 VARIATIONS
Amendment control sheet
AS 2805.6.1.1—2009
Amendment No. 1 (2011)
Revised text
Cited references in this standard
Content history
[Superseded]
[Superseded]