Electronic funds transfer— Requirements for interfaces

AS 2805.6.6-2006 pdf download.Electronic funds transfer— Requirements for interfaces
Part 6.6: Key management—Session keys—Node to node with KEK replacement.
4.38.4 Siuii.iicaIIy unique
An acceptably low statistical probability of an item or code being duplicated by either
chance or intent.
4.38.5 Verify
One of the two complementary operations incorporated in a digital signature system. The verify operation is used with the public key (PK) of a key pair to verify a signature claimed to have been produced with the associated private key.
The verify (v) operation is denoted as follows:
vPK(signature)
5 OVERV1EV
5.1 Cencral
This Clause provides an overview of the objectives and operation of the key management
scheme described in this Standard.
5.2 Objectives of scheme
5.2.1 General
The objective of this scheme is to provide a key management scheme for use between any two nodes in an Interchange network. It specifies a scheme using session keys and additionally provides for the regular on-line replacement of the Key Encrypting Keys.
Whereas Session Keys must be replaced frequently. for example every 256 transactions. Key Encrypting Keys may have longer key lifetimes. However, regular replacement is required if the risk of compromise is to be minimised. This scheme provides a mechanism in support of on-line KEK replacement with the use of public key cryptography (DEA2).
5.2.2 Different kevxfir each funciio,,
The scheme provides different session keys for each of the following Ilinctions:
(a) PIN encipherment.
(h) Message authentication.
(c) Privacy (data encipherment).
At least one KEK is maintained for each direction of each link between nodes.
(c) Level 3: Session keys (KS. Separate session keys are maintained for each function and direction of transmission. Session key are DEA 3 keys.
There should be two privacy (data encipherment) keys on a link: one for enciphering data to be sent (KDs): and the other for deciphering data received (KDr).
There shall be Isso MAC keys (KMAC): one for computing MACs on messages to be sent (KMACs): and the other for verifying MACs on messages received (KMACr).
Where PINs are transmitted on a link, there shall he two PIN encipherment keys for enciphering PINs on that link, one for each direction of transmission (KPEs and KPF.r).
5.4 Key Establishment
Key Establishment is the method of establishing the initial cryptographic keying relationship between two nodes. The result of Key Establishment is the secure exchange of the participating institution’s initial Public Key for each node.
6 I)ESCRIPTJON OF FUNCTIONAL ELEMENTS
6.1 Key enciphering key variants (KEKV)
Difkrent variants of the key-enciphering key are required to encipher the ditierent types of session keys. Information regarding the use and techniques of variants is described in
AS 2805.6.1.
NOTE: The reason for using variants is to provide functional separation as described in
AS 2805.6.1.
6.2 One Function (OWF)
One way functions used in this standard are defined in AS 2805.5 .4
6.3 Key Verification Code (KVC)
Ke Verification Codes used in this standard are described in AS 2805.6.1
6.4 Formats
Public keys shall be tbrmatted in accordance with AS 2805.6.1 Paragraph E4 for transmission.
Public Key Verification codes shall be constructed in accordance with AS 2805.6.1. using the block format as described in Table E2 of AS 2805.6.1 using a tag value of F0.AS 2805.6.6-2006 pdf download.Electronic funds transfer— Requirements for interfaces