ISO/IEC 11770-5:2011 specifies key establishment mechanisms for multiple entities to provide procedures for handling cryptographic keying material used in symmetric or asymmetric cryptographic algorithms according to the security policy in force.
It defines the symmetric key based key establishment mechanisms for multiple entities with a key distribution centre (KDC), and defines symmetric key establishment mechanisms based on general tree based structure with both individual rekeying and batched rekeying. It also defines key establishment mechanisms based on key chain with both unlimited forward key chain and limited forward key chain. Both key establishment mechanisms can be combined by applications.
ISO/IEC 11770-5:2011 also describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.