This International Standard specifies procedures to be used for protecting the integrity of retail banking messages and for verifying that the message originated from an-authorized source. It also describes the method by which algorithms are approved for use for the authentication of retail banking messages.
Rules for data representation are not specified although it is necessary for both members of a communicating pair to use the same means for data representation. The procedures are also independent of the transmission process used.
A list of algorithms approved for the calculation of a Message Authentication Code (MAC) is given in annex A. The method to be used to approve authentication algorithms is given in annex B. The procedure to prevent exhaustive key determination is provided in annex C.
Annex D gives guidance on the selection of authentication elements. Annex E provides some general information on protection against internal fraud by sender or receiver, e.g. forgery of a Message Authentication Code by the receiver, while annex F describes a method for the generation of a pseudo-random key. Annex G consists of bibliographic references.
This International Standard does not provide for
a) encipherment for the protection of messages against unauthorized disclosure; or
b) protection against loss or duplication of messages, whether accidental or intentional.
This International Standard is applicable to institutions responsible for implementing techniques to authenticate messages used in a retail banking environment.