ISO 13491-1-2007 银行业务.安全加密设备(零售).第1部分:概念、要求和评估方法

[复制链接]
查看2753 | 回复4 | 2019-1-2 22:22 | 显示全部楼层 |阅读模式
标准号:ISO 13491-1-2007
实施状态:作废
中文名称:银行业务.安全加密设备(零售).第1部分:概念、要求和评估方法
英文名称:Banking - Secure cryptographic devices (retail) - Part 1: Concepts, requirements and evaluation methods
发布日期:2007-06
被替代标准:ISO 13491-1-2016
代替标准:ISO 13491-1-1998;ISO/DIS 13491-1-2006
采用标准:BS ISO 13491-1-2007,IDT
起草单位:ISO/TC 68
标准简介:This part of ISO 13491 specifies the requirements for secure cryptographic devices (SCDs) based on the
cryptographic processes defined in ISO 9564, ISO 16609 and ISO 11568.
This part of ISO 13491 has two primary purposes:
-- to state the requirements concerning both the operational characteristics of SCDs and the management
of such devices throughout all stages of their life cycle, and
-- to standardize the methodology for verifying compliance with those requirements.
Appropriate device characteristics are necessary to ensure that the device has the proper operational
capabilities and provides adequate protection for the data it contains. Appropriate device management is
necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner (e.g.
by “bugging”) and that any sensitive data placed within the device (e.g. cryptographic keys) has not been
subject to disclosure or change.
Absolute security is not achievable in practical terms. Cryptographic security depends upon each life cycle
phase of the SCD and the complementary combination of appropriate management procedures and secure
cryptographic characteristics. These management procedures implement preventive measures to reduce the
opportunity for a breach of SCD security. These aim for a high probability of detection of any unauthorized
access to sensitive or confidential data, should device characteristics fail to prevent or detect the security
compromise.
Annex A provides an informative illustration of the concepts of security levels described in this part of
ISO 13491 as being applicable to SCDs.
This part of ISO 13491 does not address issues arising from the denial of service of an SCD.
Specific requirements for the characteristics and management of specific types of SCD functionality used in
the retail financial services environment are contained in ISO 13491-2.
文件格式:PDF
文件大小:662.59KB
文件页数:38
(以上信息更新时间为:2019-11-22)

ISO 13491-1-2007 银行业务.安全加密设备(零售).第1部分_概念、要求和评估方法.pdf (662.59 KB)

使用道具 举报