标准号:ISO/TR 9564-4-2004
实施状态:作废
中文名称:银行.个人识别号码的管理和安全.第4部分:开放网络中PIN处理指南
英文名称:Banking - Personal Identification Number (PIN) management and security - Part 4: Guidelines for PIN handling in open networks
发布日期:2004-03
被替代标准:ISO 9564-4-2016
采用标准:GB/T 21078.3-2011,IDT
起草单位:ISO/TC 68
标准简介:This part of ISO 9564 provides guidelines for personal identification number (PIN) handling in open networks, presenting finance industry best-practice security measures for PIN management and the handling of financial card originated transactions in environments where issuers and acquirers have no direct control over management, or where no relationship exists between the PIN entry device and the acquirer prior to the transaction.
It is applicable to financial card-originated transactions requiring verification of the PIN and to those organizations responsible for implementing techniques for the management of the PIN in terminals and PIN entry devices when used in open networks.
It is not applicable to
— PIN management and security in the online and offline ATM and POS PIN environments, which are covered in ISO 9564-1 and ISO 9564-3,
— approved algorithms for PIN encipherment, which are covered in ISO 9564-2,
— the protection of the PIN against loss or intentional misuse by the customer or authorised employees of the issuer or their agents,
— privacy of non-PIN transaction data,
— protection of transaction messages against alteration or substitution, e.g. an online authorisation response,
— protection against replay of the PIN or transaction,
— specific key management techniques,
— access to, and storage of, card data by server-based applications such as wallets, or
— financial institution sponsored, cardholder activated, secure PIN entry devices.
文件格式:PDF
文件大小:148.40KB
文件页数:12
(以上信息更新时间为:2019-11-22)
ISO_TR 9564-4-2004 银行.个人识别号码的管理和安全.第4部分_开放网络中PIN处理指南.pdf
(148.4 KB)
|
|