BS ISO 15782-1:2009

This standard BS ISO 15782-1:2009 Certificate management for financial services is classified in these ICS categories:

• 35.240.40 IT applications in banking
• 03.060 Finances. Banking. Monetary systems. Insurance

This part of ISO 15782 defines a certificate management system for financial industry use for legal and natural persons that includes

• credentials and certificate contents,

• Certification Authority systems, including certificates for digital signatures and for encryption key management,

• certificate generation, distribution, validation and renewal,

• authentication structure and certification paths, and

• revocation and recovery procedures.

This part of ISO 15782 also recommends some useful operational procedures (e.g. distribution mechanisms, acceptance criteria for submitted credentials).

Implementation of this part of ISO 15782 will also be based on business risks and legal requirements.

This part of ISO 15782 does not include

• the protocol messages used between the participants in the certificate management process,

• requirements for notary and time stamping,

• Certificate Policy and Certification Practices requirements, or

• Attribute Certificates.

While this part of ISO 15782 provides for the generation of certificates that could include a public key used for encryption key management, it does not address the generation or transport of keys used for encryption.

Implementers wishing to comply with ISO/IEC 9594-8 can utilize the certificate structures defined by that International Standard. Those wishing to implement compatible certificate and certificate revocation structures but without the overhead associated with the X.500 series can utilize the ASN.1 structures defined in ISO 15782-2. ISO 15782-2 can also be referred to for a financial services profile of certificate and CRL extensions.

ISO 21188 provides additional information for implementers on Certificate Policies, Certification Practice Statements, and PKI controls. ISO 21188 sets out a framework of requirements to manage a PKI through Certificate Policies and Certification Practice Statements and to enable the use of public key certificates in the financial services industry. It also defines control objectives and supporting procedures to manage risks.

NOTE The use of a bold sans serif font, such as CertReqData or CRLEntry, denotes the use of abstract syntax notation (ASN.1), as defined in ISO/IEC 8824-1 to ISO/IEC 8824-4 and ISO/IEC 8825-1 and ISO/IEC 8825-2. Where it makes sense to do so, the ASN.1 term is used in place of normal text. Refer to ISO 15782-2 for related ASN.1 modules.