This International Standard is designed for use by correspondent Institutions exchanging financial messages. It may be used to authenticate messages using any wire service or other mode of communicatlon.
This International Standard specifles methods to be used for protecting the authenticity of Wholesale financial messages passlng between institutions (e.g. between banks, between a bank and a corporate customer or government), by means of a Message Authentication Code (MAC). It specifles the method by whlch authentication algortthms are to be approved for Incluslon In ISO 8731. Application of this International Standard does not protect against internal fraud by sender or receiver, e.g., forgery of a MAC by the receiver.
This International Standard spectfies a technlque for protecting elther the whole of the message or specified elements wlthln it. Data presented for authentication may be formatted in one of flve optional forms. These spedflcations may be supplemented by a group of financial institutlons with a communlty of Interest who have establlshed thelr own operatlonal arrangements (e.g., a banklng consortlum, a geographical grouping, an operating network, an industry-wlde agreement). Selectlon of the appropriate option permits the authentication of messages in a manner compatible with the transmission process used.
Integrity protectlon applles only to the seiected authentication elements. Other parts of the message are subject to undetected alterations. Assuring the Integrity of the presentation of the data is the responsibility of the users (see annex B). This International Standard provides a means for protectlon against duplication and loss, and a method is described in annex C.
This International Standard is designed for use with symmetric algorithms where sender and receiver use the same key. It is Intended that provision will, in due course, be made to cover the use of asy mmetric algorithms. The authentication method is applicable to messages formatted and transmitted both as coded character sets and as binary data.
The standard does not specify methods of protecting against unauthorized readlng and monltoring. Such protectlon may be achieved by enclpherment of the message as described in ISO 101261).