《BS-EN-ISO-9807-1997.pdf》由会员分享,可在线阅读,更多相关《BS-EN-ISO-9807-1997.pdf(18页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS EN ISO 9807:1997 BS ISO 9807:1991 renumbered incorporating Amendment No. 1 Implementation of EN ISO 9807:1996 Banking and related financial services Requirements for message authentication (retail) The European Standard EN ISO 9807:1996 has the status of a British Standard UDC 33
2、6.719.2:651.75 Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS EN ISO 9807:1997 This British Standard, having been prepared under the direction of the Information Systems Technology Standards Policy Committee, was published under the auth
3、ority of the Standards Board and comes into effect on 31 March 1992 BSI 10-1999 The following BSI references relate to the work on this standard: Committee reference IST/12 Draft for comment 89/65645 DC ISBN 0 580 20690 4 Committees responsible for this British Standard The preparation of this Briti
4、sh Standard was entrusted to Technical Committee IST/12, Banking, securities and other financial services, upon which the following bodies were represented: APACS (Bank of England) APACS (Barclays Bank) APACS (Midland Bank) APACS (National Westminster Bank) APACS (Trustee Savings Bank) Association f
5、or Payment Clearing Services (APACS) The following bodies were also represented in the drafting of the standard, through subcommittees and panels: Association for Payment Clearing Services (APACS) Bank of England Brinson and Partners British Bankers Association (Registrar and Receiving Agent functio
6、ns) Electronic Trade Confirmation Industry User Group and Institutional Fund Managers Association Extel Financial Services HSBC Investment Bank plc International Securities Markets Association James Capel and Co. London Clearing House London Stock Exchange Securities Industry Management Association
7、Securities Industry Software Association Amendments issued since publication Amd. No.DateComments 9320January 1997Indicated by a sideline in the margin Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS EN ISO 9807:1997 BSI 10-1999i Contents
8、 Page Committees responsibleInside front cover National forewordii Foreword2 Forewordiii Text of ISO 98071 Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS EN ISO 9807:1997 ii BSI 10-1999 National foreword This British Standard has been pr
9、epared by Technical Committee IST/12 and is the English language version of EN ISO 9807:1996 Banking and related financial services Requirements for message authentication (retail) published by the European Committee for Standardization (CEN). It is identical with ISO 9807:1991 published by the Inte
10、rnational Organization for Standardization (ISO). This British Standard is published under the direction of the Information Systems Technology Standards Policy Committee whose Technical Committee IST/12 has the responsibility to: aid enquirers to understand the text; present to the responsible inter
11、national committee any enquiries on interpretation, or proposals for change, and keep UK interests informed; monitor related international and European developments and promulgate them in the UK. NOTEInternational and European Standards, as well as overseas standards, are available from Customer Ser
12、vices, BSI, 389 Chiswick High Road, London W4 4AL. A British Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obl
13、igations. Summary of pages This document comprises a front cover, an inside front cover, pages i and ii, the EN ISO title page, page 2, the ISO title page, pages ii to iv, pages 1 to 7 and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. Thi
14、s will be indicated in the amendment table on the inside front cover. Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO 9807 June 1996 ICS 35.240.40 Descriptors: Banking, banking documen
15、ts, messages, authentication, algorithms English version Banking and related financial services Requirements for message authentication (retail) (ISO 9807:1991) Banque et services financiers lis aux oprations bancaires Spcifications lies lauthentification des messages (service aux particuliers) (ISO
16、 9807:1991) Bankwesen Anforderung fr die Nachrichtenechtheitsprfung (im Handel) (ISO 9807:1991) This European Standard was approved by CEN on 1996-05-29. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the sta
17、tus of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CEN member. This European Standard exists in three official versions (English, French, German). A
18、version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the Central Secretariat has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Denmark, Finland, France, Germany,
19、 Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom. CEN European Committee for Standardization Comit Europen de Normalisation Europisches Komitee fr Normung Central Secretariat: rue de Stassart 36, B-1050 Brussels 1996 Copyright
20、 reserved to CEN members Ref. No EN ISO 9807:1996 E Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI EN ISO 9807:1996 BSI 10-1999 2 Foreword The text of the International Standard from Technical Committee ISO/TC 68, Banking and related financ
21、ial services, of the International Organization for Standardization (ISO) has been taken over as a European Standard by Technical Committee CEN/TC 224, machine-readable cards, related device interfaces and operations, the secretariat of which is held by AFNOR. This European Standard shall be given t
22、he status of a national standard, either by publication of an identical text or by endorsement, at the latest by December 1996, and conflicting national standards shall be withdrawn at the latest by December 1996. According to the CEN/CENELEC Internal Regulations, the national standards organization
23、s of the following countries are bound to implement this European Standard: Austria, Belgium, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. Licensed Copy: sheffieldun sheffieldun, na,
24、Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO 9807:1991(E) ii BSI 10-1999 Contents Page Forewordiii Introduction1 1Scope1 2Normative references1 3Definitions1 4Procedures f
25、or message authentication2 4.1Authentication keys2 4.2Authentication elements2 4.3MAC length2 4.4MAC generation2 4.5Placement of MAC2 5Verification of the MAC3 6Approval procedure for authentication algorithms3 Annex A (normative) Algorithms approved for calculation of MAC for authentication of reta
26、il messages4 Annex B (normative) Procedure for the review of alternative authentication algorithms4 Annex C (normative) Procedure to prevent exhaustive key determination5 Annex D (informative) Guidance on the selection of authentication elements6 Annex E (informative) Protection against duplication
27、and loss6 Annex F (informative) Pseudo-random key generator6 Annex G (informative) Bibliography7 Figure C.15 Descriptors: Banking, banking documents, messages, authentication, algorithms Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO 98
28、07:1991(E) BSI 10-1999iii Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested
29、in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commi
30、ssion (IEC) on all matters of electrotechnical standardization. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Internati
31、onal Standard ISO 9807 was prepared by Technical Committee ISO/TC 68, Banking and related financial services, Sub-Committee SC 6, Financial transaction cards, related media and operations. Annex A, Annex B and Annex C form an integral part of this International Standard. Annex D, Annex E, Annex F an
32、d Annex G are for information only. Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI iv blank Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO 9807:1991(E) BSI 10-19991 Introductio
33、n A Message Authentication Code (MAC) may be used to authenticate the origin and text of a message sent between a sender and a receiver. It is generated by the sender of the message and is transmitted together with the message concerned. This International Standard has been prepared so that institut
34、ions involved in retail banking environments and wishing to implement message authentication can do so in a secure manner and in a way that facilitates interoperability between separate implementations. A Message Authentication Code is a data field which may be used to verify the authenticity of a m
35、essage. It is derived from the whole message or from specified data elements in the message which require protection against alteration, whether such alteration arises by accident or with intent to defraud. This International Standard is one of a series which describes the requirements for security
36、in the retail banking environment. (See Annex G.) A related series of International Standards describes the requirement for security in the wholesale banking environment (see Annex G). The requirements of this International Standard are compatible with those in ISO 8730. Both this International Stan
37、dard and ISO 8730 have a close relationship with ISO 8731, which describes algorithms which have been approved for use in message authentication. 1 Scope This International Standard specifies procedures to be used for protecting the integrity of retail banking messages and for verifying that the mes
38、sage originated from an authorized source. It also describes the method by which algorithms are approved for use for the authentication of retail banking messages. Rules for data representation are not specified although it is necessary for both members of a communicating pair to use the same means
39、for data representation. The procedures are also independent of the transmission process used. A list of algorithms approved for the calculation of a Message Authentication Code (MAC) is given in Annex A. The method to be used to approve authentication algorithms is given in Annex B. The procedure t
40、o prevent exhaustive key determination is provided in Annex C. Annex D gives guidance on the selection of authentication elements. Annex E provides some general information on protection against internal fraud by sender or receiver, e.g. forgery of a Message Authentication Code by the receiver, whil
41、e annex F describes a method for the generation of a pseudo-random key. Annex G consists of bibliographic references. This International Standard does not provide for a) encipherment for the protection of messages against unauthorized disclosure; or b) protection against loss or duplication of messa
42、ges, whether accidental or intentional. This International Standard is applicable to institutions responsible for implementing techniques to authenticate messages used in a retail banking environment. 2 Normative references The following standards contain provisions which, through reference in this
43、text, constitute provisions of this International Standard. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this International Standard are encouraged to investigate the possibility of applying the most recent e
44、ditions of the standards indicated below. Members of IEC and ISO maintain registers of currently valid International Standards. ISO 8730:1990, Banking Requirements for message authentication (wholesale). ISO 8731-1:1987, Banking Approved algorithms for message authentication Part 1: DEA. ISO 8731-2:
45、1987, Banking Approved algorithm for message authentication Part 2: Message authenticator algorithms. 3 Definitions For the purposes of this International Standard, the following definitions apply. 3.1 algorithm a specified mathematical process for computation 3.2 authentication a process used, betw
46、een a sender and a receiver, to ensure data integrity and to provide data origin authentication 3.3 authentication algorithm an algorithm used, together with an authentication key and one or more authentication elements, for authentication Licensed Copy: sheffieldun sheffieldun, na, Wed Nov 15 05:31
47、:20 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ISO 9807:1991(E) 2 BSI 10-1999 3.4 authentication element a message element that is to be protected by authentication 3.5 authentication key a cryptographic key used for authentication 3.6 cryptographic key a parameter used, in conjunction with an algor
48、ithm, for the purposes of validation, authentication, encipherment, or decipherment 3.7 cryptoperiod the time span during which a specific cryptographic key is authorized for use or in which the cryptographic key for a given system remains in effect 3.8 encipherment a process of transforming plainte
49、xt into ciphertext for security or privacy 3.9 message authentication code (MAC) a code in a message between the sender and the receiver used to validate the source and part or all of the text of the message. The code is the result of an agreed calculation 3.10 message element a contiguous group of characters designated for a specific purpose 3.11 receiver the party intended to receive the message 3.12 sender the party responsible for, and authorized to send, a message 4 Procedures for message authentication 4.1 Authentication keys Aut
链接地址:https://www.31doc.com/p-3747306.html