AS ISO 11568:2025

Standard

Track updates

[Current]

Financial services - Key management (retail)

AS ISO 11568:2025 identically adopts ISO 11568:2023, which describes the management of symmetric and asymmetric cryptographic keys that can be used to protect sensitive information in financial services related to retail payments

Published: 30/05/2025

Pages: 114

Table of contents

Cited references

Content history

Table of contents

Header

About this publication

Preface

Foreword

Introduction

1 Scope

1.1 General

1.2 Scope exclusions

2 Normative references

3 Terms and definitions

4 Key management requirements

4.1 General

4.1.1 Key management strategy

4.1.2 Dual control and split knowledge of secret or private keys

4.1.3 Permissible key forms

4.1.3.1 Permissible symmetric key forms

4.1.3.2 Permissible asymmetric key forms

4.1.3.2.1 Asymmetric private key forms

4.1.3.2.2 Asymmetric public key forms

4.1.4 Logging

4.1.4.1 General

4.1.4.2 Asymmetric keys

4.1.4.3 SCD hardware logging

4.1.5 Cryptographic strength

4.1.6 Key locations

4.1.7 Single-purpose key usage

4.1.7.1 Single-purpose symmetric key usage

4.1.7.2 Single-purpose asymmetric key usage

4.1.7.3 Additional intended purpose designations (AIPD)

4.2 Secure cryptographic device

4.2.1 General requirements

4.2.2 Additional SCD requirements for devices used in SKDAT

4.3 Additional CA requirements

4.4 Additional RA requirements

4.5 Key blocks

4.5.1 Overview of key blocks

4.5.2 Key attributes

4.5.3 Integrity of the key block

4.5.4 Key and sensitive attributes field

4.5.4.1 Content of the field

4.5.4.2 Encryption of the key and sensitive attributes field

4.6 Key creation

4.6.1 Symmetric key creation

4.6.1.1 Random key generation

4.6.1.2 Key derivation

4.6.1.3 Key calculation (variants)

4.6.2 Asymmetric key creation

4.6.2.1 Introduction

4.6.2.2 Requirements

4.7 Key component and key share creation

4.8 Check values

4.8.1 Introduction

4.8.2 Symmetric key check value calculation

4.8.3 Asymmetric key check value calculation

4.9 Key distribution

4.9.1 Symmetric key distribution

4.9.1.1 Introduction

4.9.1.2 Encrypted with symmetric key

4.9.1.3 Encrypted with asymmetric key

4.9.1.3.1 General

4.9.1.3.2 Phase 1 requirements

4.9.1.3.3 Phase 2 requirements

4.9.1.3.4 Phase 3 requirements

4.9.1.4 Cleartext key distribution

4.9.1.4.1 General

4.9.1.4.2 Personal conveyance of cleartext components or shares

4.9.1.4.3 Transporting cleartext components or shares in an SCD

4.9.1.4.4 Transporting cleartext components or shares in printed form or on transport media

4.9.2 SKDAT asymmetric key distribution

4.9.2.1 Asymmetric key pair transfer

4.9.2.2 Public key distribution

4.9.2.3 Private key distribution

4.10 Key loading

4.10.1 General

4.10.2 Loading key components or shares

4.11 Key utilization

4.11.1 General key utilization requirements

4.11.2 Additional key utilization requirements for SKDAT

4.12 Key storage

4.12.1 Cleartext key component and share storage

4.12.2 Public key storage

4.13 Key replacement

4.14 Key destruction

4.14.1 General

4.14.2 Key destruction from an SCD

4.14.3 Destruction of a key in cryptogram form

4.14.4 Component and share destruction

4.15 Key backup

4.16 Key archiving

4.17 Key compromise

5 Transaction key management techniques

5.1 General

5.2 Method: master keys or transaction keys

5.3 Derived unique key per transaction

5.3.1 General

5.3.2 DUKPT key management

5.3.3 Unique initial keys

5.3.4 AES DUKPT

5.3.4.1 General

5.3.4.2 AES DUKPT description

5.3.5 KSN compatibility mode

5.3.6 Derived key OIDs

5.3.7 Keys and key sizes

5.3.8 Helper functions and definitions

5.3.8.1 Enumerations

5.3.8.2 Key length function

5.3.9 Key derivation function algorithm

5.3.10 Derivation data

5.3.11 “Create Derivation Data” (local subroutine)

5.3.12 Security considerations

5.3.13 Host security module algorithm

5.3.14 General

5.3.15 "Derive Initial Key"

5.3.16 "Host Derive Working Key"

5.3.17 Intermediate derivation key derivation data examples

5.3.18 Working key derivation data examples

5.3.19 Transaction-originating device algorithm

5.3.19.1 Algorithm parameters

5.3.19.1.1 KEYLENGTH

5.3.19.1.2 NUM_REG

5.3.19.1.3 MAX_WORK

5.3.19.2 Storage areas

5.3.19.2.1 General

5.3.19.2.2 Initial Key Identifier (64 bits)

5.3.19.2.3 Transaction counter (32 bits)

5.3.19.2.4 NUM_REG (32 or 21)

5.3.19.2.5 Intermediate derivation key registers (NUM_REG registers of KEYLENGTH)

5.3.19.2.6 Intermediate derivation key in use (NUM_REG Booleans)

5.3.19.2.7 Current derivation key (0..31)

5.3.19.2.8 Shift register (32 bits)

5.3.19.2.9 Key type injected (KeyType)

5.3.19.3 Processing routines

5.3.19.3.1 General

5.3.19.3.2 "Load Initial Key" (key management command)

5.3.19.3.3 “Calculate DUKPT Update Key” (optional local subroutine)

5.3.19.3.4 "Update Initial Key" (optional key management command)

5.3.19.3.5 "Generate Working Keys" (key management command)

5.3.19.3.6 "Update State for next Transaction" (local subroutine)

5.3.19.3.7 "Update Derivation Keys" (local subroutine)

5.3.19.3.8 "Set Shift Register" (local subroutine)

5.3.19.4 Base cipher definitions

5.4 Host-to-host UKPT

Annex A

A.1 General

A.2 Legacy approach (deprecated)

A.3 CMAC-based check values

A.3.1 Algorithm

A.3.2 Examples

A.4 Check values for HMAC keys

Annex B

B.1 General

B.2 Packaging

B.3 Separate shipment

B.4 Receipt confirmation

B.5 Transport logging

Annex C

C.1 Introduction

C.2 Trust models

C.2.1 Three-party model using third-party CA

C.2.2 Two-party model – one party acts as CA

C.2.3 Prior trust model – no CA

C.3 Symmetric key establishment protocols

C.3.1 General

C.3.2 Unilateral key transport method

C.3.3 Bilateral key transport method (both parties generate and share symmetric key – joint control)

C.3.4 Key agreement method

Annex D

Annex E

Annex F

F.1 General

F.2 Approved algorithms

F.2.1 Algorithms approved for public key transport systems

F.2.2 Algorithms approved for public key agreement systems

F.2.3 Algorithms approved for digital signatures

F.2.4 Approved hash functions

Annex G

G.1 General

G.2 Notation syntax

G.2.1 General

G.2.2 Values

G.2.3 Statements

G.2.4 Functions

Annex H

Annex I

I.1 Use

I.2 Storage areas

I.2.1 General

I.2.2 PIN processing

I.2.3 Key management

I.3 Processing algorithms

I.3.1 General

I.3.2 Load key

I.3.2.1 “Load Initial Key" (external command)

I.3.2.2 "New Key" (local label)

I.3.2.3 "New Key-1" (local label)

I.3.2.4 "New Key-3" (local label)

I.3.2.5 "New Key-4" (local label)

I.3.2.6 "New Key-2" (local label)

I.3.2.7 "Exit" (local label)

I.3.3 "Request PIN Entry" (external command)

I.3.4 "Request PIN Entry 1" (local label)

I.3.5 "Request PIN Entry 2" (local label)

I.3.6 "Cancel PIN Entry" (external command)

I.3.7 "Power On Reset" (external command)

I.3.8 "Set Bit" (local subroutine)

I.3.9 “Derivation process” (local subroutine)

I.3.10 “Triple-DEA encrypt” (local subroutine)

I.4 Key management technique

I.5 DUKPT test data examples

I.5.1 General

I.5.2 Variants of the Current Key

I.5.3 Initial sequence

I.5.4 MSB rollover sequence

I.5.5 Calculation and storage of DUKPT transaction keys at the terminal

I.6 "Security Module" algorithm for automatic PIN entry device checking

I.6.1 General

I.6.2 "TAG1"

I.6.3 "TAG2”

I.7 "Security Module" algorithm for automatic PIN entry device checking

Annex J

J.1 Payment roles general

J.2 Issuer

J.3 Account owner

J.4 Card acceptor

J.5 Acquirer

J.6 Switch

J.7 Token service provider

Annex K

K.1 SKDAT roles general

K.2 Public key certification

K.3 Key distribution host

K.4 Certificate authority

K.5 Registration authority

K.6 Device manufacturer

K.7 Switch

K.8 Token service provider

Bibliography

Cited references in this standard

Content history

[Current]

[Current]

[Pending Revision]

[Current]

AS 2805.6.1.1-2009 AMDT 1

[Current]