ISO 11568-2:2012 pdf download.Financial services- Key management(retail)一 Part 2: Symmetric ciphers, their keymanagement and life cycle.
4.1 General
The techniques that may be used to provide the key management services are described in Clause 5 and the key life cycle in Clause 6. This clause describes the environment within which those techniques operate and introduces some fundamental concepts and operations, which are common to several techniques.
4.2 FunctIonality of a secure cryptographic device
4.2.1 General
The most fundamental cryptographic operations for a symmetric block cipher are to encipher and decipher a block of data using a supplied secret key. For multiple blocks of data, these operations might use a mode of operation of the cipher as described in ISO/IEC 10116. At this level, no meaning is given to the data, and no particular significance Is given to the keys. Typically, in order to provide the required protection for keys and other sensitive information, a secure cryptographic device provides a higher level functional interface, whereby each operation includes several of the fundamental cryptographic operations using some combination of keys and data obtained from the interface or from an Intermediate result. These complex cryptographic operations are known as functions, and each one operates only on data and keys of the appropriate type.
The techniques that may be used to provide the key management services are described in Clause 5 and the key life cycle in Clause 6. This clause describes the environment within which those techniques operate and introduces some fundamental concepts and operations, which are common to several techniques.
4.2 FunctIonality of a secure cryptographic device
4.2.1 General
The most fundamental cryptographic operations for a symmetric block cipher are to encipher and decipher a block of data using a supplied secret key. For multiple blocks of data, these operations might use a mode of operation of the cipher as described in ISO/IEC 10116. At this level, no meaning is given to the data, and no particular significance Is given to the keys. Typically, in order to provide the required protection for keys and other sensitive information, a secure cryptographic device provides a higher level functional interface, whereby each operation includes several of the fundamental cryptographic operations using some combination of keys and data obtained from the interface or from an Intermediate result. These complex cryptographic operations are known as functions, and each one operates only on data and keys of the appropriate type.
