ISO 13491-1-1998 银行业务安全加密设备(零售)第1部分:概念、要求和评估方法
作者:标准资料网
时间:2024-05-05 11:21:07
浏览:9646
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:Banking-Securecryptographicdevices(retail)-Part1:Concepts,requirementsandevaluationmethods
【原文标准名称】:银行业务安全加密设备(零售)第1部分:概念、要求和评估方法
【标准号】:ISO13491-1-1998
【标准状态】:作废
【国别】:国际
【发布日期】:1998-06
【实施或试行日期】:
【发布单位】:国际标准化组织(ISO)
【起草单位】:ISO/TC68
【标准类型】:()
【标准水平】:()
【中文主题词】:编码;概念;编码器;规范(验收);银行业务;信息交换;定义;数据处理;数据编码;认证;零售商业;数据保护
【英文主题词】:Bankoperations;Certification;Coders;Coding;Conception;Dataenciphering;Dataprocessing;Dataprotection;Definition;Definitions;Informationinterchange;Retailtrade;Specification(approval)
【摘要】:ThispartofISO13491specifiestherequirementsforSecureCryptographicDeviceswhichincorporatethecryptographicprocessesdefinedinISO9564,ISO9807andISO11568.ThispartofISO13491hastwoprimarypurposes:1.tostatetherequirementsconcerningboththeoperationalcharacteristicsofSCD'sandthemanagementofsuchdevicesthroughoutallstagesoftheirlifecycle,2.tostandardizethemethodologyforverifyingcompliancewiththoserequirements.Appropriatedevicecharacteristicsarenecessarytoensurethatthedevicehastheproperoperationalcapabilitiesandprovidesadequateprotectionforthedataitcontains.Appropriatedevicemanagementisnecessarytoensurethatthedeviceislegitimate,thatithasnotbeenmodifiedinanunauthorizedmanner,e.g.,by"bugging",andthatanysensitivedataplacedwithinthedevice(e.g.,cryptographickeys)hasnotbeensubjecttodisclosureorchange.Absolutesecurityisnotpracticallyachievable.CryptographicsecuritydependsuponeachlifecyclephaseoftheSCDandthecomplementarycombinationofappropriatemanagementproceduresandsecurecryptographiccharacteristics.Thesemanagementproceduresimplementpreventivemeasurestoreducetheopportunityforabreachofcryptographicdevicesecurity.Theseaimforahighprobabilityofdetectionofanyillicitaccesstosensitiveorconfidentialdatashoulddevicecharacteristicsfailtopreventordetectthesecuritycompromise.AnnexAprovidesaninformativeillustrationoftheconceptsofsecuritylevelsdescribedinthispartofISO13491asbeingapplicabletosecurecryptographicdevices.ThispartofISO13491doesnotaddressissuesarisingfromthedenialofserviceofaSCD.SpecificrequirementsforthecharacteristicsandmanagementofspecifictypesofSCDfunctionalityusedintheretailbankingenvironmentarecontainedinanotherpartofISO13491.
【中国标准分类号】:A11
【国际标准分类号】:35_040;35_240_40
【页数】:21P;A4
【正文语种】:英语
【原文标准名称】:银行业务安全加密设备(零售)第1部分:概念、要求和评估方法
【标准号】:ISO13491-1-1998
【标准状态】:作废
【国别】:国际
【发布日期】:1998-06
【实施或试行日期】:
【发布单位】:国际标准化组织(ISO)
【起草单位】:ISO/TC68
【标准类型】:()
【标准水平】:()
【中文主题词】:编码;概念;编码器;规范(验收);银行业务;信息交换;定义;数据处理;数据编码;认证;零售商业;数据保护
【英文主题词】:Bankoperations;Certification;Coders;Coding;Conception;Dataenciphering;Dataprocessing;Dataprotection;Definition;Definitions;Informationinterchange;Retailtrade;Specification(approval)
【摘要】:ThispartofISO13491specifiestherequirementsforSecureCryptographicDeviceswhichincorporatethecryptographicprocessesdefinedinISO9564,ISO9807andISO11568.ThispartofISO13491hastwoprimarypurposes:1.tostatetherequirementsconcerningboththeoperationalcharacteristicsofSCD'sandthemanagementofsuchdevicesthroughoutallstagesoftheirlifecycle,2.tostandardizethemethodologyforverifyingcompliancewiththoserequirements.Appropriatedevicecharacteristicsarenecessarytoensurethatthedevicehastheproperoperationalcapabilitiesandprovidesadequateprotectionforthedataitcontains.Appropriatedevicemanagementisnecessarytoensurethatthedeviceislegitimate,thatithasnotbeenmodifiedinanunauthorizedmanner,e.g.,by"bugging",andthatanysensitivedataplacedwithinthedevice(e.g.,cryptographickeys)hasnotbeensubjecttodisclosureorchange.Absolutesecurityisnotpracticallyachievable.CryptographicsecuritydependsuponeachlifecyclephaseoftheSCDandthecomplementarycombinationofappropriatemanagementproceduresandsecurecryptographiccharacteristics.Thesemanagementproceduresimplementpreventivemeasurestoreducetheopportunityforabreachofcryptographicdevicesecurity.Theseaimforahighprobabilityofdetectionofanyillicitaccesstosensitiveorconfidentialdatashoulddevicecharacteristicsfailtopreventordetectthesecuritycompromise.AnnexAprovidesaninformativeillustrationoftheconceptsofsecuritylevelsdescribedinthispartofISO13491asbeingapplicabletosecurecryptographicdevices.ThispartofISO13491doesnotaddressissuesarisingfromthedenialofserviceofaSCD.SpecificrequirementsforthecharacteristicsandmanagementofspecifictypesofSCDfunctionalityusedintheretailbankingenvironmentarecontainedinanotherpartofISO13491.
【中国标准分类号】:A11
【国际标准分类号】:35_040;35_240_40
【页数】:21P;A4
【正文语种】:英语
下载地址:
点击此处下载