《BS-ISO-13491-2-2005.pdf》由会员分享,可在线阅读,更多相关《BS-ISO-13491-2-2005.pdf(40页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS ISO 13491-2:2005 Banking Secure cryptographic devices (retail) Part 2: Security compliance checklists for devices used in financial transactions ICS 35.240.40 ? Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS ISO 13491
2、-2:2005 This British Standard was published under the authority of the Standards Policy and Strategy Committee on 7 November 2005 BSI 7 November 2005 ISBN 0 580 46769 4 National foreword This British Standard reproduces verbatim ISO 13491-2:2005 and implements it as the UK national standard. It supe
3、rsedes BS ISO 13491-2:2000 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/12, Banking, securities and other financial services, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/Europe
4、an committee any enquiries on the interpretation, or proposals for change, and keep UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee can be obtained on request to its secretary. Cross-r
5、eferences The British Standards which implement international publications referred to in this document may be found in the BSI Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Search” facility of the BSI Standards Electronic Catalogue or of Briti
6、sh Standards Online. This publiction does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a fro
7、nt cover, an inside front cover, the ISO title page, The BSI copyright date displayed in this document indicates when the document was last issued. Amendments issued since publication Amd. No. DateComments pages ii to v, a blank page, pages 1 to 31 and a back cover. Licensed Copy: sheffieldun sheffi
8、eldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Reference number ISO 13491-2:2005(E) INTERNATIONAL STANDARD ISO 13491-2 Second edition 2005-06-15 Banking Secure cryptographic devices (retail) Part 2: Security compliance checklists for devices used in financial transactions
9、Banque Dispositifs cryptographiques de scurit (services aux particuliers) Partie 2: Listes de contrle de conformit de scurit pour les dispositifs utiliss dans les transactions financires BS ISO 13491-2:2005 Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled
10、Copy, (c) BSI ii Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled Copy, (c) BSI iii Contents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references. 1 3 Terms and definitions. 1 4 Use of security compliance checklists. 2 Annex A (normative) Phy
11、sical, logical and device management characteristics common to all secure cryptographic devices. 4 Annex B (normative) Devices with PIN entry functionality 11 Annex C (normative) Devices with PIN management functionality 15 Annex D (normative) Devices with message authentication functionality 17 Ann
12、ex E (normative) Devices with key generation functionality 18 Annex F (normative) Devices with key transfer and loading functionality 22 Annex G (normative) Devices with digital signature functionality . 26 Annex H (normative) Categorization of environments. 28 Bibliography. 31 BS ISO 13491-2:2005 L
13、icensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled Copy, (c) BSI iv Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is
14、normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part
15、in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to pre
16、pare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that
17、some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 13491-2 was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 2, Security management and general banking operat
18、ions. This second edition cancels and replaces the first edition (ISO 13491-2:2000) which has been technically revised. ISO 13491 consists of the following parts, under the general title Banking Secure cryptographic devices (retail): Part 1: Concepts, requirements and evaluation methods Part 2: Secu
19、rity compliance checklists for devices used in financial transactions BS ISO 13491-2:2005 Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled Copy, (c) BSI v Introduction This part of ISO 13491 specifies both the physical and logical characteristics and the m
20、anagement of the secure cryptographic devices (SCDs) used to protect messages, cryptographic keys and other sensitive information used in a retail financial services environment. The security of retail financial services is largely dependent upon the security of these cryptographic devices. Security
21、 requirements are based upon the premise that computer files can be accessed and manipulated, communication lines can be “tapped” and authorized data or control inputs in a system device can be replaced with unauthorized inputs. While certain cryptographic devices (e.g. host security modules) reside
22、 in relatively high-security processing centres, a large proportion of cryptographic devices used in retail financial services (e.g., PIN entry devices etc.) now reside in non-secure environments. Therefore when PINs, MACs, cryptographic keys and other sensitive data are processed in these devices,
23、there is a risk that the devices may be tampered with or otherwise compromised to disclose or modify such data. It must be ensured that the risk of financial loss is reduced through the appropriate use of cryptographic devices that have proper physical and logical security characteristics and are pr
24、operly managed. To ensure that SCDs have the proper physical and logical security, they require evaluation. This part of ISO 13491 provides the security compliance checklists for evaluating SCDs used in financial services systems in accordance with ISO 13491-1. Other evaluation frameworks exist and
25、may be appropriate for formal security evaluations e.g. parts 1 to 3 of ISO/IEC 15408 and ISO/IEC 19790, and are outside the scope of this part of ISO 13491. Appropriate device characteristics are necessary to ensure that the device has the proper operational capabilities and provides adequate prote
26、ction for the data it contains. Appropriate device management is necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner, e.g. by “bugging”, and that any sensitive data placed within the device (e.g. cryptographic keys) have not been subject to disc
27、losure or change. Absolute security is not practically achievable. Cryptographic security depends upon each life cycle phase of the SCD and the complementary combination of appropriate device management procedures and secure cryptographic characteristics. These management procedures implement preven
28、tive measures to reduce the opportunity for a breach of cryptographic device security. These measures aim for a high probability of detection of any illicit access to sensitive or confidential data in the event that device characteristics fail to prevent or detect the security compromise. BS ISO 134
29、91-2:2005 Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled Copy, (c) BSI blank Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled Copy, (c) BSI 1 Banking Secure cryptographic devices (retail) Part 2: Security compl
30、iance checklists for devices used in financial transactions 1 Scope This part of ISO 13491 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes, as specified in parts 1 and 2 of ISO 9564, ISO 16609 and parts 1 to 6 of ISO 11568, in the
31、 financial services environment. IC payment cards are subject to the requirements identified in this part of ISO 13491 up until the time of issue, after which they are to be regarded as a “personal” device and outside of the scope of this document. This part of ISO 13491 does not address issues aris
32、ing from the denial of service of an SCD. In the checklists given in annexes A to H, the term “not feasible” is intended to convey the notion that although a particular attack might be technically possible it would not be economically viable, since carrying out the attack would cost more than any be
33、nefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated reference
34、s, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 9564-1:2002, Banking Personal Identification Number (PIN) management and security Part 1: Basic principles and requirements for online PIN handling in ATM
35、and POS systems ISO 9564-2, Banking Personal Identification Number management and security Part 2: Approved algorithms for PIN encipherment ISO 11568 (all parts), Banking Key management (retail) ISO 13491-1, Banking Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation
36、methods ISO 16609, Banking Requirements for message authentication using symmetric techniques ISO 18031, Information technology Random number generation 3 Terms and definitions For the purposes of this document, the terms and definitions given in ISO 13491-1 and the following apply. 3.1 auditor one
37、who has the appropriate skills to check, assess, review and evaluate compliance with an informal evaluation on behalf of the sponsor or audit review body BS ISO 13491-2:2005 Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled Copy, (c) BSI 2 3.2 data integrit
38、y property that data has not been altered or destroyed in an unauthorized manner 3.3 dual control process of utilizing two or more entities (usually persons) operating in concert to protect sensitive functions or information whereby no single entity is able to access or use the materials NOTE A cryp
39、tographic key is an example of the type of material to be accessed or utilized. 3.4 exclusive or bit-by-bit modulo two addition of binary vectors of equal length 3.5 security compliance checklist list of auditable claims, organized by device type, as specified in this document 3.6 sensitive state de
40、vice condition that provides access to the secure operator interface such that it can only be entered when the device is under dual or multiple control 4 Use of security compliance checklists 4.1 General These checklists shall be used by the sponsor who wishes to assess the acceptability of cryptogr
41、aphic equipment upon which the security of the system depends. It is the responsibility of any sponsor that adopts some or all of these checklists to a) approve evaluating agencies for use by suppliers to or participants in the system and b) set up an audit review body to review the completed audit
42、checklists. Annexes A to H provide checklists defining the minimum evaluation to be performed to assess the acceptability of cryptographic equipment. Additional tests may be performed to reflect the state-of-the-art at the time of the evaluation. The evaluation may be either “informal” or “semi-form
43、al”, as specified in ISO 13491-1, depending upon the nature of the evaluating agencies approved by the sponsor. Should the sponsor decide on a “formal” evaluation, these audit checklists shall not be used as presented here, but shall rather be used as input to assist in the preparation of the “forma
44、l claims” that such an evaluation requires. NOTE These formal claims themselves are outside of the scope of this part of ISO 13491. A cryptographic device achieves security both through its inherent characteristics and the characteristics of the environment in which the device is located. When compl
45、eting these audit checklists, the environment in which the device is located must be considered; e.g. a device intended for use in a public location could require greater inherent security than the equivalent device operating in a controlled environment. So that an evaluating agency need not investi
46、gate the specific environment where an evaluated device may reside, this part of ISO 13491 provides a suggested categorization of environments in Annex H. Thus an evaluating agency may be asked to evaluate a given device for operation in a specific environment. Such a device can be deployed in a giv
47、en facility only if this facility itself has been audited to ensure that it provides the assured environment. However, these audit checklists may be used with categorizations of the environment other than those suggested in Annex H. The three evaluation methods specified in ISO 13491-1 are described
48、 in 4.2, 4.3 and 4.4. BS ISO 13491-2:2005 Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:26:58 GMT+00:00 2006, Uncontrolled Copy, (c) BSI 3 4.2 Informal evaluation As part of an informal evaluation, an independent auditor shall complete the appropriate checklist(s) for the device being ev
49、aluated. 4.3 Semi-formal evaluation In the semi-formal method, the manufacturer or sponsor shall submit a device to an evaluation agency for testing against the appropriate checklist(s). 4.4 Formal evaluation In the formal method, the manufacturer or sponsor shall submit a device to an accredited evaluation authority for testing against the formal claims where the appropriate checklist(s) were used as input. BS ISO 13491-2:2005 Licensed Copy: sheffieldun sheffieldun, na,