ISO INTERNATIONAL STANDARD 13491-1 Third edition 2016-03-15 Financial services Secure cryptographic devices (retail) - Part 1: Concepts, requirements and evaluation methods Services financiers - Dispositifs cryptographiques de seécurite (services aux particuliers) Partie 1: Concepts, exigences et méthodes d'évaluation Reference number ISO 13491-1:2016(E) ISO International Organization for Standardization ZHEJIANG INSTOF STANDARDIZATION C15956617 @IS02016 mitted without license from IHS IS0 13491-1:2016(E) COPYRIGHT PROTECTED DOCUMENT IS0 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47
[email protected] www.iso.org Internatinir DrganizationforStandardization Licensee-ZHEJIANG INST OF STANDARDIZAOISQ Od6 - All rights reserved Not for Resale, 2016/6/2 08:34:43 No reproduction or networking permited without license from IHS IS0 13491-1:2016(E) Contents Page Foreword ..V Introduction. ...vi 1 Scope. 2 Normative references 3 Terms and definitions 4 Abbreviated terms 5 Secure cryptographic device concepts ..5 5.1 General. .5 5.2 Attack scenarios ..6 5.2.1 General. ..6 5.2.2 Penetration .6 5.2.3 Monitoring. .6 5.2.4 Manipulation ..6 5.2.5 Modification .6 5.2.6 Substitution ..6 5.3 Defence measures. .7 5.3.1 General ..7 5.3.2 Device characteristics. 7 5.3.3 Device management. .8 5.3.4 Environment ..8 6 Requirements for device security characteristics .8 6.1 General ..8 6.2 Physical security requirements for SCDs 6.2.1 General 9 6.3 Tamper evident requirements. ..9 6.3.1 General. .9 6.4 Tamper resistant requirements .10 6.4.1 General. ..10 6.5 Tamper responsive requirements .10 6.5.1 General. ..10 6.6 Logical security requirements for SCDs .11 6.6.1 Dual control. ..11 6.6.2 Unique key per device. .11 6.6.3 Assurance of genuine device ..11 6.6.4 Design of functions .11 6.6.5 Use of cryptographic keys ..12 6.6.6 Sensitive device states. .12 6.6.7 Multiple cryptographic relationships ..12 6.6.8 SCD software authentication ..12 Requirements for device management .12 < 7.1 General ..12 7.2 Life cycle phases ..13 7.3 Life cycle protection requirements .14 7.3.1 General. ..14 7.3.2 Manufacturing phase. .14 7.3.3 Post-manufacturing phase. .. 15 7.3.4 Commissioning (initial financial key loading) phase ..15 7.3.5 Inactive operational phase. .15 7.3.6 Active operational phase (use) ..16 7.3.7 Decommissioning (post-use) phase ..16 7.3.8 Repairphase. ..16 7.3.9 Destruction phase. .17 nemaonalgnizatinAll rights reserved iii icensee=ZHEJIANG INST OF STANDARDIZATION C1 5956617 ed without license from IHS Not for Resale, 2016/6/2 08:34:43
ISO 13491-1 2016 Financial services — Secure cryptographic devices (retail) — Part 1 Concepts, requirements and evaluation methods
文档预览
中文文档
40 页
50 下载
1000 浏览
0 评论
309 收藏
3.0分
温馨提示:本文档共40页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 人生无常 于 2024-08-25 00:36:18上传分享