标准号:ISO 9564-3-2003
实施状态:作废
中文名称:银行业务.个人识别代码的管理和安全.第3部分:在ATM和POS系统中的离线PIN操作的要求
英文名称:Banking - Personal Identification Number management and security - Part 3: Requirements for offline PIN handling in ATM and POS systems
发布日期:2003-11
被替代标准:ISO 9564-1-2011
代替标准:ISO/FDIS 9564-3-2003
采用标准:PN-ISO 9564-3-2005,IDT
起草单位:ISO/TC 68
标准简介:This part of ISO 9564 specifies the minimum security measures required for offline Personal Identification Number (PIN) handling and a standard means of interchanging PIN data in an offline environment.
It is applicable to financial transaction, card-originated transactions requiring offline PIN verification, and to those institutions responsible for implementing techniques for the management and protection of the PIN at Automated Teller Machines (ATMs) and acquirer sponsored Point-of-Sale (POS) terminals.
This part of ISO 9564 is not applicable to
a) PIN management and security in the online PIN environment, which is covered in ISO 9564-1,
b) approved algorithms for PIN encipherment, which are covered in ISO 9564-2,
c) the use of PJNs in an open network environment, which is to be covered in ISO 9564-4,
d) the protection of the PIN against loss or intentional misuse by the customer or authorized employees of the issuer or their agents,
e) privacy of non-PIN transaction data,
f) protection of transaction messages against alteration or substitution, e.g. an online authorization response,
g) protection against replay of the PIN or transaction,
h) specific key management techniques,
i) the decision as to whether the IC card is to receive the PIN enciphered,
j) contactless IC cards.
The basic principles of PIN management described in Clause 4 of ISO 9564-1:2002 are applicable and normative to this part of ISO 9564.
Requirements associated with multi-application IC cards are considered to be the responsibility of the issuer and are not included.
This part of ISO 9564 is framed in terms applicable to IC card technology, however, by this it is not intended to restrict its applicability to IC card technology.
文件格式:PDF
文件大小:169.46KB
文件页数:12
(以上信息更新时间为:2019-11-22)
ISO 9564-3-2003 银行业务.个人识别代码的管理和安全.第3部分_在ATM和POS系统中的离线PIN操作的要求.pdf
(169.46 KB)
|
|
