标准摘要
[中文适用范围]: 1.1 概述 本文档描述了对称和非对称加密密钥的管理,这些密钥可用于保护与零售支付相关的金融服务中的敏感信息。 该文件涵盖了零售金融服务的各个方面,包括卡接受设备与收单机构之间、收单机构与发卡机构之间以及ICC与卡接受设备之间的连接。 它涵盖了密钥生命周期的所有阶段,包括密钥材料的生成、分发、使用、归档、替换和销毁。 本文档涵盖用于零售金融服务的密钥材料的手动和自动管理及其任意组合。 它包括与密钥分离、替换预防、识别、同步、完整性、机密性和妥协相关的指南和要求,以及密钥管理事件的记录和审计。 本文档中还包含了与用于管理密钥的硬件相关的要求。1.2 范围排除 本文件并不具体涉及发行人通过该金融机构的网站或应用程序向其客户提供的网上银行服务。 本文档不涉及使用非对称密钥来加密个人识别码 (PIN) 或任何其他数据,也不涉及使用非对称密钥管理的非对称密钥。 本文件不适用于制造期间安装在 ICC 中的密钥的管理或卡个人化期间在 ICC 中建立的初始密钥的管理。 本文档无意解决后量子加密问题。 使用量子技术的密钥管理超出了本文档的范围。 [外文原描述]: This document describes the management of symmetric and asymmetric cryptographic keys that can be used to protect sensitive information in financial services related to retail payments. The document covers all aspects of retail financial services, including connections between a card-accepting device and an Acquirer, between an Acquirer and a card Issuer, and between an ICC and a card-accepting device. It covers all phases of the key life cycle, including the generation, distribution, utilization, archiving, replacement and destruction of the keying material. This document covers manual and automated management of keying material, and any combination thereof, used for retail financial services. It includes guidance and requirements related to key separation, substitution prevention, identification, synchronization, integrity, confidentiality and compromise, as well as logging and auditing of key management events. Requirements associated with hardware used to manage keys have also been included in this document.
英文名称Financial services — Key management (retail)