ISO-13491-1-2007.pdf
《ISO-13491-1-2007.pdf》由会员分享,可在线阅读,更多相关《ISO-13491-1-2007.pdf(38页珍藏版)》请在三一文库上搜索。
1、 Reference number ISO 13491-1:2007(E) ISO 2007 INTERNATIONAL STANDARD ISO 13491-1 Second edition 2007-06-15 Banking Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods Banque Dispositifs cryptographiques de scurit (services aux particuliers) Partie 1: Concepts
2、, exigences et mthodes dvaluation Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=DAWSON, DAVIS Not for Resale, 07/03/2007 03:38:46 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO 13
3、491-1:2007(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloadi
4、ng this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the Gene
5、ral Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given
6、 below. COPYRIGHT PROTECTED DOCUMENT ISO 2007 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the a
7、ddress below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2007 All rights reserved Copyright International Organization
8、for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=DAWSON, DAVIS Not for Resale, 07/03/2007 03:38:46 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO 13491-1:2007(E) ISO 2007 All rights reserved iii Contents Page Foreword i
9、v Introduction v 1 Scope . 1 2 Normative references. 1 3 Terms and definitions. 2 4 Abbreviated terms 4 5 Secure cryptographic device concepts 4 5.1 General. 4 5.2 Attack scenarios. 5 5.3 Defence measures 6 6 Requirements for device security characteristics 8 6.1 Introduction. 8 6.2 Physical securit
10、y requirements for SCDs 8 6.3 Logical security requirements for SCDs 11 7 Requirements for device management. 12 7.1 General. 12 7.2 Life cycle phases 13 7.3 Life cycle protection requirements. 14 7.4 Life cycle protection methods. 15 7.5 Accountability. 17 7.6 Device management principles of audit
11、and control 18 8 Evaluation methods 20 8.1 General. 20 8.2 Risk assessment. 21 8.3 Informal evaluation method. 22 8.4 Semi-formal evaluation method 24 8.5 Formal evaluation method. 26 Annex A (informative) Concepts of security levels for system security 27 Bibliography. 30 Copyright International Or
12、ganization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=DAWSON, DAVIS Not for Resale, 07/03/2007 03:38:46 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO 13491-1:2007(E) iv ISO 2007 All rights reserved Foreword ISO (
13、the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical commi
14、ttee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotec
15、hnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the membe
16、r bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifyin
17、g any or all such patent rights. ISO 13491-1 was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 2, Security management and general banking operations. This second edition cancels and replaces the first edition (ISO 13491-1:1998), which has been technically revised. IS
18、O 13491 consists of the following parts, under the general title Banking Secure cryptographic devices (retail): Part 1: Concepts, requirements and evaluation methods Part 2: Security compliance checklists for devices used in financial transactions Copyright International Organization for Standardiza
19、tion Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=DAWSON, DAVIS Not for Resale, 07/03/2007 03:38:46 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO 13491-1:2007(E) ISO 2007 All rights reserved v Introduction ISO 13491 describes both the
20、 physical and logical characteristics and the management of the secure cryptographic devices (SCDs) used to protect messages, cryptographic keys and other sensitive information used in a retail financial services environment. The security of retail electronic payment systems is largely dependent upo
21、n the security of these cryptographic devices. This security is based upon the premise that computer files can be accessed and manipulated, communications lines can be “tapped” and authorized data or control inputs into system equipment can be replaced with unauthorized inputs. When Personal Identif
22、ication Numbers (PINs), message authentication codes (MACs), cryptographic keys and other sensitive data are processed, there is a risk of tampering or other compromise to disclose or modify such data. The risk of financial loss is reduced through the appropriate use of cryptographic devices that ha
23、ve proper characteristics and are properly managed. Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=DAWSON, DAVIS Not for Resale, 07/03/2007 03:38:46 MDTNo reproduction or networking permitted without license fro
24、m IHS -,-,- Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=IHS Employees/1111111001, User=DAWSON, DAVIS Not for Resale, 07/03/2007 03:38:46 MDTNo reproduction or networking permitted without license from IHS -,-,- INTERNATIONAL STANDARD ISO 1
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ISO 13491 2007
链接地址:https://www.31doc.com/p-3774571.html