ISO 11568:2023
Financial services — Key management (retail)

Standard No.
ISO 11568:2023
Release Date
2023
Published By
International Organization for Standardization (ISO)
Latest
ISO 11568:2023
Scope
1.1 General This document describes the management of symmetric and asymmetric cryptographic keys that can be used to protect sensitive information in financial services related to retail payments. The document covers all aspects of retail financial services, including connections between a card-accepting device and an Acquirer, between an Acquirer and a card Issuer, and between an ICC and a card-accepting device. It covers all phases of the key life cycle, including the generation, distribution, utilization, archiving, replacement and destruction of the keying material. This document covers manual and automated management of keying material, and any combination thereof, used for retail financial services. It includes guidance and requirements related to key separation, substitution prevention, identification, synchronization, integrity, confidentiality and compromise, as well as logging and auditing of key management events. Requirements associated with hardware used to manage keys have also been included in this document. 1.2 Scope exclusions This document does not specifically address internet banking services offered by an Issuer to their own customers through that financial institution's website or applications. This document does not address using asymmetric keys to encrypt the Personal Identification Number (PIN) or any other data and does not address asymmetric keys managed with asymmetric keys. This document is not intended to apply to the management of the keys installed in an ICC during manufacturing or the initial key established in an ICC during card personalization. This document is not intended to address post-quantum encryption considerations. Key management using quantum technologies is out of scope of this document.

ISO 11568:2023 Referenced Document

  • ANSI X9.143 Retail Financial Services Interoperable Secure Key Block Specification
  • ANSI X9.63 Public Key Cryptography for Financial Services Indstry*2024-04-20 Update
  • ISO 16609 Financial services — Requirements for message authentication using symmetric techniques
  • ISO 20038 Banking and related financial services — Key wrap using AES — Amendment 1
  • ISO 21188:2018 Public key infrastructure for financial services — Practices and policy framework
  • ISO/IEC 18031 Corrigendum 1 - Information technology - Security techniques - Random bit generation
  • ISO/IEC 18032 Information security -- Prime number generation
  • ISO/IEC 19592-2 Information technology — Security techniques — Secret sharing — Part 2: Fundamental mechanisms
  • ISO/IEC 19772 Information security -- Authenticated encryption

ISO 11568:2023 history

Financial services — Key management (retail)


Copyright ©2024 All Rights Reserved