《DD-ENV-1257-3-1997.pdf》由会员分享,可在线阅读,更多相关《DD-ENV-1257-3-1997.pdf(12页珍藏版)》请在三一文库上搜索。
1、DRAFT FOR DEVELOPMENT DD ENV 1257-3:1997 Identification card systems Rules for Personal Identification Number handling in intersector environments Part 3: PIN verification ICS 35.240.15 Licensed Copy: London South Bank University, London South Bank University, Sat Dec 09 04:04:30 GMT+00:00 2006, Unc
2、ontrolled Copy, (c) BSI DD ENV 1257-3:1997 This Draft for Development, having been prepared under the direction of the DISC Board, was published under the authority of the Standards Board and comes into effect on 15 August 1997 BSI 03-1999 The following BSI reference relates to the work on this Draf
3、t for Development: Committee reference IST/17 ISBN 0 580 24472 5 Committees responsible for this Draft for Development The preparation of this Draft for Development was entrusted to Technical Committee IST/17, Identification cards and related devices, upon which the following bodies were represented
4、: APACS (Barclaycard) APACS (Lloyds Bank) APACS (Midland Bank) APACS (Nat West Bank) Association for Payment Clearing Services (APACS) BT Laboratories Cellnet Consumer Policy Committee of BSI Electricity Association GEC Card Technology HMSO Post Office Counters Ltd. Rochford Thompson Equipment Shell
5、 UK Thorn Transit Systems International Vodafone Ltd. Westinghouse Cubic Ltd. Amendments issued since publication Amd. No.DateComments Licensed Copy: London South Bank University, London South Bank University, Sat Dec 09 04:04:30 GMT+00:00 2006, Uncontrolled Copy, (c) BSI DD ENV 1257-3:1997 BSI 03-1
6、999i Contents Page Committees responsibleInside front cover National forewordii Foreword2 Text of ENV 1257-33 Licensed Copy: London South Bank University, London South Bank University, Sat Dec 09 04:04:30 GMT+00:00 2006, Uncontrolled Copy, (c) BSI DD ENV 1257-3:1997 ii BSI 03-1999 National foreword
7、This Draft for Development has been prepared by Technical Committee IST/17 and is the English language version of ENV 1257-3:1997 Identification card systems Personal Identification Number handling in intersector environments Part 3: PIN verification, published by the European Committee for Standard
8、ization (CEN). In the UK the Draft for Development is the form now chosen for ENVs in the information technology area. This Draft for Development is published under the direction of the DISC Board whose Technical Committee IST/17 has the responsibility to: aid enquirers to understand the text; prese
9、nt to the responsible European committee any enquiries on interpretation, or proposals for change, and to keep UK interests informed; monitor related international and European developments and promulgate them in the UK. NOTEInternational and European Standards, as well as overseas standards, are av
10、ailable from Customer Services, BSI, 389 Chiswick High Road, London W4 4AL. After two years this ENV will be reviewed by CEN/CENELEC members with a view to its: conversion into a European Standard (which would be implemented in the UK as a British Standard); extension once for a further two years; r
11、eplacement by a revised ENV (which would be published in the UK as a revised Draft for Development); withdrawal. The future of this Draft for Development is therefore bound to that of the ENV and the Draft for Development will not be reviewed or developed separately. This publication is not to be re
12、garded as a British Standard. Summary of pages This document comprises a front cover, an inside front cover, pages i and ii, the ENV title page, pages 2 to 7 and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the
13、amendment table on the inside front cover. Licensed Copy: London South Bank University, London South Bank University, Sat Dec 09 04:04:30 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EUROPEAN PRESTANDARD PRNORME EUROPENNE EUROPISCHE VORNORM ENV 1257-3 May 1997 ICS 35.240.15 Descriptors: Identification
14、 cards, magnetic cards, ic cards, information interchange, messages, personal identification number, safety, verification English version Identification card systems Rules for Personal Identification Number handling in intersector environments Part 3: PIN verification Systmes de cartes didentifiacti
15、on Rgles pour Le traitement du numro personnel didentification dans un environnement intersectoriel Partie 3: Vrification du PIN Kennkartensysteme Branchenbergreifende Verfahrensregeln zur persnlichen Identifikationsnummer Teil 3: PIN-Nachprfung This European Prestandard (ENV) was approved by CEN on
16、 1995-09-01 as a prospective standard for provisional application. The period of validity of this ENV is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the ENV can be converted into an European Sta
17、ndard (EN). CEN members are required to announce the existance of this ENV in the same way as for an EN and to make the ENV available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the ENV) until the final decision
18、 about the possible conversion of the ENV into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kin
19、gdom. CEN European Committee for Standardization Comit Europen de Normalisation Europisches Komitee fr Normung Central Secretariat: rue de Stassart 36, B-1050 Brussels 1997 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. ENV 1257-3:19
20、97 E Licensed Copy: London South Bank University, London South Bank University, Sat Dec 09 04:04:30 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ENV 1257-3:1997 BSI 03-1999 2 Foreword This European Prestandard has been prepared by Technical Committee CEN/TC 224 “Machine-readable cards, related devices
21、 interfaces and operations”, the secretariat of which is held by AFNOR. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this European Prestandard: Austria, Belgium, Czech Republic, Denmark, Finland, France, Germ
22、any, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. This European Prestandard consists of the following parts, under the general title “Identification card systems Rules for Personal Identification Number handling in int
23、ersector environments”: Part 1: PIN presentation; Part 2: PIN protection; Part 3: PIN verification. Contents Page Foreword2 1Scope3 2Normative references3 3Definitions3 4Abbreviations4 5General concepts4 6Standardized messages types5 7Presentation of an enciphered PIN to an ICC7 8Test methods7 Licen
24、sed Copy: London South Bank University, London South Bank University, Sat Dec 09 04:04:30 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ENV 1257-3:1997 BSI 03-19993 1 Scope This part of ENV 1257 specifies the rules for the verification of the Personal Identification Number (PIN) in intersector environm
25、ents. An ICC may support several PINs. The related rules and messages for verification may be different to each PIN. Other methods of cardholder identification are outside the scope of this European Prestandard. This part of ENV 1257 deals with magnetic track cards systems, with integrated circuit(s
26、) cards (ICC) systems and with mixed systems using both technologies. Descriptions of the PIN verification are limited to the messages as seen at the interface(s) of a secure module(s) (SM) or of an integrated circuit card with contacts (ICC). The PIN presentation and the PIN protection methods are
27、outside the scope of this part of ENV 1257 (see ENV 1257-1 and prENV 1257-2). The key management technique which may be necessary for the PIN verification process is outside the scope of this part of ENV 1257. 2 Normative references This European Prestandard incorporates by dated or undated referenc
28、e, provisions from other publications. These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendments to or revisions of any of these publications apply to this European Prestandard only when incorpora
29、ted in it by amendment or revision. For undated references the latest edition of the publication referred to applies. EN 726-3, Identification card systems Telecommunications integrated circuit(s) cards and terminals Part 3: Application independent card requirements. EN 726-4, Identification card sy
30、stems Telecommunications integrated circuit(s) cards and terminals Part 4: Application independent card related terminal requirements. ENV 1257-1, Identification card systems Rules for PIN handling in intersector environments Part 1: PIN presentation. prENV 1257-2, Identification card systems Rules
31、for PIN handling in intersector environments Part 2: PIN protection. EN 29564-1, Banking Personal Identification Number management and security Part 1: PIN protection principles and techniques (ISO 9564-1:1991). EN 29564-2, Banking Personal Identification Number management and security Part 2: Appro
32、ved algorithm(s) for PIN encipherment (ISO 9564-2:1991). EN ISO/IEC 7812-1, Identification cards Identification of issuers Part 1: Numbering system (ISO/IEC 7812-1:1993). EN ISO/IEC 7816-4, Information technology Identification cards Integrated circuit(s) cards with contacts Part 4: Interindustry co
33、mmands for interchange (ISO/IEC 7816-4:1995). EN ISO/IEC 7816-5, Identification cards Integrated circuit(s) cards with contacts Part 5: Numbering system and registration procedure for application identifiers (ISO/IEC 7816-5:1994). EN ISO 10202-6:1996, Financial transaction cards Security architectur
34、e of financial transaction systems using integrated circuit cards. Part 6: Cardholder verification (ISO 10202-6:1994). ISO/IEC 646, Information technology ISO 7-bit coded character set for information interchange. CCITT Recommendation T.50, International alphabet n5. 3 Definitions For the purposes o
35、f this standard, the following definitions apply: 3.1 application provider an authority (or its agent) which identifies an application in an ICC in accordance with EN ISO/IEC 7816-5. It may be the card issuer (or its agent) 3.2 cardholder person entitled to use a specified card 3.3 card presenter pe
36、rson showing a card for a transaction 3.4 end-of-PIN key a key used to terminate PIN entry. This key may also have other functions in other contexts 3.5 identification number the number that identifies the cardholder and card issuer NOTEEquivalent to Primary Account Number (PAN) as defined in ISO 49
37、09 EN ISO/IEC 7812-1 Licensed Copy: London South Bank University, London South Bank University, Sat Dec 09 04:04:30 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ENV 1257-3:1997 4 BSI 03-1999 3.6 issuer authority which issues a card, or its agent. See Application provider 3.7 nibble four-bit field 3.8
38、PIN-pad a keyboard or dedicated key-pad or any device used for PIN entry. It may be used for keying-in other data 3.9 reference PIN value of the PIN used during the transaction process to verify the transaction PIN 3.10 transaction a set of messages and operations for providing a service to a cardho
39、lder ENV 1257-1 3.11 transaction PIN value of the PIN, presented by the card presenter, to identify himself 4 Abbreviations 5 General concepts 5.1 The necessity and the method to verify during a transaction process, that the card presenter is the entitled cardholder are under the responsibility of t
40、he issuer or the application provider, which may be the card issuer. 5.2 When requested during the transaction, the transaction PIN associated to a card, is keyed-in on a PIN-pad by the card presenter. Most often, the card presenter is authorized to make corrections on the transaction PIN value. The
41、 transaction PIN is processed only after its validation by the card presenter. For this purpose, the card presenter keys-in an end-of-PIN key at the end of the PIN entry. This key determines the length of the transaction PIN. A “cancel” or “clear” key should be provided on the PIN-pad for the card p
42、resenter to correct or restart the operation in case of error before the use of the “end-of-PIN” key. These keys may also have other functions in other contexts. 5.3 In intersector environments the PIN has only a numerical value or is interpreted into a numerical value. When a PIN uses alphanumeric
43、characters, the issuer or the application provider shall inform the cardholder how to translate his PIN into a numerical value. This clause does not prevent a specific sector to use the full alphanumeric values (for example ISO/IEC 646 or character set n 5 of CCITT Recommendation T 50) for its own a
44、pplications. 5.4 In intersector environments, the minimum length of the PIN shall be 4 digits and the maximum length is 12 digits. This clause does not prevent a specific sector to use other limits for its own applications. 5.5 The PIN is transmitted for presentation: to the issuer (or the applicati
45、on provider); or to the ICC; or both. Methods for PIN presentation to the issuer (or the application provider) or to the ICC are described in ENV 1257-1. Minimal intersector requirements for PIN protection during the PIN entry and PIN transmission are described in prENV 1257-2. 5.6 PIN verification
46、is the result of a consistency check (Yes/No) between different data elements, such as: the transaction PIN; the data stored in the ICC or in a magnetic track; The consistency may be checked in different manners, and the details are implementation dependent. EXAMPLE 1 The data transmitted to the iss
47、uer or the application provider is used in a data base for retrieving an enciphered “reference PIN”. The enciphered “reference PIN” and enciphered “transaction PIN” are transmitted to a secure module linked to the host, where the decipherments and the comparison take place. h “X”Denotes an hexadecim
48、al value ICCIntegrated circuit(s) card (with or without contacts, as defined in ISO/IEC 7816) NNumber of characters of the PIN PANPrimary account number PINPersonal Identification Number Licensed Copy: London South Bank University, London South Bank University, Sat Dec 09 04:04:30 GMT+00:00 2006, Un
49、controlled Copy, (c) BSI ENV 1257-3:1997 BSI 03-19995 EXAMPLE 2 The data transmitted to the issuer or the application provider, contain a data element, often refered to as an “offset” or a “PIN verification value”. The consistency is checked between the data element, a part of the card data and the transaction PIN. EXAMPLE 3 The transaction PIN is transmitted to the ICC, which contains a reference PIN and checks that the values of the reference PIN and of the