《BS-ISO-13491-2-2000.pdf》由会员分享,可在线阅读,更多相关《BS-ISO-13491-2-2000.pdf(40页珍藏版)》请在三一文库上搜索。
1、| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BRITISH STANDARD BS ISO 13491-2:2000 ICS 3
2、5.040; 35.240.15; 35.240.40 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW Banking Secure cryptographic devices (retail) Part 2: Security compliance checklists for devices used in magnetic stripe cards systems Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:23:28 GM
3、T+00:00 2006, Uncontrolled Copy, (c) BSI This British Standard, having been prepared under the direction of the DISC Board, was published under the authority of the Standards Committee and comes into effect on 15 January 2001 BSI 01-2001 ISBN 0 580 36870 X BS ISO 13491-2:2000 Amendments issued since
4、 publication Amd. No.DateComments National foreword This British Standard reproduces verbatim ISO 13491-2:2000 and implements it as the UK national standard. The UK participation in its preparation was entrusted to Technical Committee IST/12, Banking, securities and other financial services, which h
5、as the responsibility to: aid enquirers to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in
6、 the UK. A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled Internatio
7、nal Standards Correspondence Index, or by using the Find facility of the BSI Standards Electronic Catalogue. A British Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British
8、Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cover, the ISO title page, pages ii to v, a blank page, pages 1 to 30, an inside back cover and a back cover. The BSI copyright notice displayed in this documen
9、t indicates when the document was last issued. Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:23:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Reference number ISO 13491-2:2000(E) INTERNATIONAL STANDARD ISO 13491-2 First edition 2000-11-01 Banking Secure cryptographic devices (retail) Par
10、t 2: Security compliance checklists for devices used in magnetic stripe card systems Banque Dispositifs cryptographiques de scurit (services aux particuliers) Partie 2: Listes de contrle de conformit de scurit pour les dispositifs utiliss dans les systmes de cartes bande magntique Licensed Copy: she
11、ffieldun sheffieldun, na, Sat Nov 25 13:23:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO 13491-2:2000(E) ii Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:23:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO 13491-2:2000(E) iii Contents Foreword.iv Introduction.v 1 Scope 1 2 Normative
12、 references1 3 Terms and definitions .2 4 Use of security compliance checklists3 4.1 General3 4.2 Informal evaluation4 4.3 Semi-formal evaluation .4 4.4 Formal evaluation4 5 Summary.4 Annex A (normative) Physical, logical and device management characteristics common to all secure cryptographic devic
13、es.5 Annex B (normative) Devices with PIN entry functionality.12 Annex C (normative) Devices with PIN management functionality.15 Annex D (normative) Devices with message authentication functionality .17 Annex E (normative) Devices with key generation functionality.19 Annex F (normative) Devices wit
14、h key transfer and loading functionality.22 Annex G (normative) Devices with digital signature functionality 26 Annex H (informative) Categorization of environments28 Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:23:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO 13491-2:2000(E) iv For
15、eword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a tech
16、nical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
17、 electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requ
18、ires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this part of ISO 13491 may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. International Standard I
19、SO 13491-2 was prepared by Technical Committee ISO/TC 68, Banking, securities and other financial services, Subcommittee SC 6, Retail financial services. ISO 13491 consists of the following parts, under the general title Banking Secure cryptographic devices (retail): ?Part 1: Concepts, requirements
20、and evaluation methods ?Part 2: Security compliance checklists for devices used in magnetic stripe card systems Annexes A to G form a normative part of this part of ISO 13491. Annex H is for information only. Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:23:28 GMT+00:00 2006, Uncontrolle
21、d Copy, (c) BSI ISO 13491-2:2000(E) v Introduction This International Standard specifies both the physical and logical characteristics and the management of the secure cryptographic devices (SCDs) used to protect messages, cryptographic keys and other sensitive information used in a retail banking e
22、nvironment. The security of retail electronic banking is largely dependent upon the security of these cryptographic devices. Security requirements are based upon the premise that computer files can be accessed and manipulated, communications lines can be “tapped” and authorized data or control input
23、s into system device can be replaced with unauthorized inputs. While certain cryptographic devices (e.g. host security modules) reside in relatively high security processing centres, a large proportion of cryptographic devices used in retail banking (e.g. PIN pads, ATMs, etc.) now reside in non-secu
24、re environments. Therefore when PINs, MACs, cryptographic keys and other sensitive data are processed in these devices, there is a risk that the devices may be tampered with or otherwise compromised to disclose or modify such data. It must be ensured that the risk of financial loss is reduced throug
25、h the appropriate use of cryptographic devices that have proper physical and logical security characteristics and are properly managed. To ensure that SCDs have the proper physical and logical security, they require evaluation. This part of ISO 13491 provides the security compliance checklists for e
26、valuating SCDs used in magnetic stripe systems in accordance with ISO 13491-1. Appropriate device characteristics are necessary to ensure that the device has the proper operational capabilities and provides adequate protection for the data it contains. Appropriate device management is necessary to e
27、nsure that the device is legitimate, that it has not been modified in an unauthorized manner, e.g. by “bugging”, and that any sensitive data placed within the device (e.g. cryptographic keys) has not been subject to disclosure or change. Absolute security is not practically achievable. Cryptographic
28、 security depends upon each life cycle phase of the SCDandthecomplementarycombinationofappropriatedevicemanagementproceduresandsecure cryptographic characteristics. These management procedures implement preventive measures to reduce the opportunity for a breach of cryptographic device security. Thes
29、e measures aim for a high probability of detection of any illicit access to sensitive or confidential data in the event that device characteristics fail to prevent or detect the security compromise. Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:23:28 GMT+00:00 2006, Uncontrolled Copy, (c
30、) BSI Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:23:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI INTERNATIONAL STANDARD ISO 13491-2:2000(E) 1 Banking Secure cryptographic devices (retail) Part 2: Security compliance checklists for devices used in magnetic stripe card systems 1 Scope
31、This part of ISO 13491 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes, as specified in ISO 9564, ISO 9807 and ISO 11568, in a magnetic stripe card environment. It does not specify checklists for SCDs used in an integrated circuit
32、 card (ICC) environment. This part of ISO 13491 does not address issues arising from the denial of service of a SCD. In the checklists given in annexes A to H, the term “not feasible” is intended to convey the notion that although a particular attack might be technically possible it would not be eco
33、nomically prudent, since carrying out the attack would cost more than any benefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered. 2 Normative references The following normative documents
34、contain provisions which, through reference in this text, constitute provisions of this part of ISO 13491. For dated references, subsequent amendments to, or revisions of, any of these publications do not apply. However, parties to agreements based on this part of ISO 13491 are encouraged to investi
35、gate the possibility of applying the most recent editions of the normative documents indicated below. For undated references, the latest edition of the normative document referred to applies. Members of ISO and IEC maintain registers of currently valid International Standards. ISO 7498-2, Informatio
36、n processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture. ISO 8908, Banking and related financial services Vocabulary and data elements. ISO 9564-1, Banking Personal Identification Number management and security Part 1: PIN protection principles and techn
37、iques. ISO 9564-2, Banking Personal Identification Number management and security Part 2: Approved algorithm(s) for PIN encipherment. ISO 9807, Banking and related financial services Requirements for message authentication (retail). ISO 11568 (all parts), Banking Key management (retail). ISO 13491-1
38、, Banking Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods. Licensed Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:23:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO 13491-2:2000(E) 2 3 Terms and definitions For the purposes of this part of ISO 13491,
39、the terms and definitions given in ISO 13491-1 and ISO 8908 and the following apply. 3.1 accredited evaluation authority body accredited in accordance with a set of rules (e.g. EN 45000 or ISO Guide 25) and accepted by the accreditation authority for the purpose of evaluation 3.2 attack attempt by a
40、n adversary on the device to obtain or modify sensitive information or a service he/she is not authorized to obtain or modify 3.3 audit report output of the audit review body based on the results from an auditor 3.4 audit review body group with responsibility for reviewing and making judgements on t
41、he results from the auditor 3.5 auditor one who has the appropriate skills to check, assess, review and evaluate compliance with an informal evaluation on behalf of the sponsor or audit review body 3.6 device security security of the SCD related to its characteristics only, without reference to a sp
42、ecific operational environment 3.7 evaluation agency organization trusted by the design, manufacturing and sponsoring authorities which evaluates the SCD (using specialist skills and tools) in accordance with ISO 13491-2 3.8 evaluation report output of the evaluation review body based on the results
43、 from an evaluation agency or auditor 3.9 evaluation review body group with responsibility for reviewing, and making judgements on, the results of the evaluation agency 3.10 formal claims statements about the characteristics and functions of a secure cryptographic device 3.11 logical security abilit
44、y of a device to withstand attacks through its functional interface 3.12 operational environment environment in which the SCD is operated, i.e. the application system of which it is part, the location where it is placed, the persons operating and using it, the entities communicating with it Licensed
45、 Copy: sheffieldun sheffieldun, na, Sat Nov 25 13:23:28 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO 13491-2:2000(E) 3 3.13 physical security ability of a device to withstand attacks against its physical construction 3.14 secure cryptographic device SCD physically and logically protected hardware
46、device that provides a set of secure cryptographic services 3.15 secure operator interface interface which allows the protective mechanisms of the device to be disabled by using a data entry mechanism and which can only be accessed when the device is in a sensitive state 3.16 security compliance che
47、cklist list of auditable claims, organized by device type, as specified in ISO 13491-2 3.17 sensitive data sensitive information data which must be protected against unauthorized disclosure, alteration or destruction, especially plaintext PINs and cryptographic keys, and which includes design charac
48、teristics, status information, etc. 3.18 sensitive state device condition that provides access to the secure operator interface such that it can only be entered when the device is under dual or multiple control 3.19 software programs and/or data that will be used within the SCD or downloaded for use
49、 by the SCD 3.20 sponsor sponsoring authority individual, company or organization that requires the SCD to undergo evaluation 3.21 tamper-evident characteristic characteristic that provides evidence that an attack has been attempted 3.22 tamper-resistant characteristic characteristic that provides passive physical protection against an attack 3.23 tamper-responsive characteristic characteristic that provides an active response to the detection of an attack preventing its success 4 Use of security compliance checklists 4.1 Gener