AS 2805.6.1.4:2009 Electronic funds transfer—Requirements for interfaces
6.3.2.3 Key shares
A private key existing in the form of at least two separate key shares shall be protected by the principles of split knowledge and dual control.
Access to fewer than the number of shares required to reconstruct the plain text private key shall give no information about the key. A key share shall be accessible only to that person or group of persons to whom it has been entrusted and only for the minimum duration required. A person with access to one share of the key shall not have access to any other share of that key.
Key shares shall be stored in such a way that unauthorized access has a high probability of being detected. If key shares are stored in enciphered form, all requirements for enciphered keys shall apply. Key shares may be stored in a key transfer device (see ISO 13491-2).
A key share shall be conveyed to authorized persons by means of a key mailer or key transfer device. If a key mailer is used, it shall be printed in such a way that the key share cannot be observed until the serialized envelope is opened. The envelope shall display the minimum data necessary to deliver the key mailer to the authorized person. A key mailer shall be constructed such that it is highly likely that accidental or fraudulent opening will be obvious to a recipient, in which case the key share shall not be used.
6.3.4 Protection against substitution during storage
When plaintext public keys are stored and are not in the form of a certificate or when their certificate has been checked and they will be used without re-checking the certificate, integrity and authenticity shall be ensured by means described in 6.3.3 and by techniques described in Clause 5.
Protection against substitution of the public key during storage is essential. For example, the substitution of a public key used for encipherment may result in a threat to data secrecy.