ebook img

IS 15042-1: Banking - Personal Identification Number (PIN) Management and Security, Part 1: Basic Principles and Requirements for Online PIN Handling in ATM POS Systems PDF

2006·2.4 MB·English
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview IS 15042-1: Banking - Personal Identification Number (PIN) Management and Security, Part 1: Basic Principles and Requirements for Online PIN Handling in ATM POS Systems

इंटरनेट मानक Disclosure to Promote the Right To Information Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information under the control of public authorities, in order to promote transparency and accountability in the working of every public authority, and whereas the attached publication of the Bureau of Indian Standards is of particular interest to the public, particularly disadvantaged communities and those engaged in the pursuit of education and knowledge, the attached public safety standard is made available to promote the timely dissemination of this information in an accurate manner to the public. “जान1 का अ+धकार, जी1 का अ+धकार” “प0रा1 को छोड न’ 5 तरफ” Mazdoor Kisan Shakti Sangathan Jawaharlal Nehru “The Right to Information, The Right to Live” “Step Out From the Old to the New” IS 15042-1 (2006): Banking - Personal Identification Number (PIN) Management and Security, Part 1: Basic Principles and Requirements for Online PIN Handling in ATM POS Systems [MSD 7: Banking and Financial services] “!ान $ एक न’ भारत का +नम-ण” Satyanarayan Gangaram Pitroda ““IInnvveenntt aa NNeeww IInnddiiaa UUssiinngg KKnnoowwlleeddggee”” “!ान एक ऐसा खजाना > जो कभी च0राया नहB जा सकता हहहहै””ै” Bhartṛhari—Nītiśatakam “Knowledge is such a treasure which cannot be stolen” IS 15042 (Part 1) :2006 ISO 9564-1:2002 ww%7%’m77 , Wl+-T– dkvl cfmml?(w)miw@jwl-T ( WF17y#dPJT) Indian Standard BANKING — PERSONAL IDENTIFICATION NUMBER (PIN) MANAGEMENT AND SECURITY PART 1 BASIC PRINCIPLES AND REQUIREMENTS FOR ONLINE PIN HANDLING IN ATM AND POS SYSTEMS ( First Revision) ICS 35.240.40 ,!, , 061S 2006 BUREAU OF INDIAN STANDARDS MANAK BHAVAN, 9 BA HADUR SHAH ZAFAR MARG NEW DELHI 110002 January 2006 Price Group 11 IS 15042 (Part 1) :2006 ISO 9564-1:2002 Banking and Financial Services Sectional Committee, MSD 7 NATIONAL FOREWORD This Indian Standard (Part 1) (First Revision) which is identical with ISO 9564-1 :2002 ‘Banking — Personal Identification Number (PIN) management and security — Part 1 : Basic principles and requirements foronline PIN handling inATM and POS systems’ issued bythe International Organization forStandardization (ISO) was adopted bythe Bureau ofIndian Standards onthe recommendation ofthe Banking and Financial Services Sectional Committee and approval of the Management and Systems Division Council. The text of the ISO Standard has been approved as suitable for publication as an Indian Standard without deviations. Certain conventions are, however, not identical to those used in Indian Standards. Attention is particularly drawn to the following: a) Wherever the words ‘International Standard’ appear referring to this standard, they should be read as ‘Indian Standard’. b) Comma (,) hasbeen used asadecimal marker while inIndianStandards,the current practice isto use a point (.) as the decimal marker. Inthisadopted standard, normative/informative reference appears tocertain International Standards for which Indian Standards also exist.The corresponding Indian Standards which are to be substituted in their places are listed below along with their degree of equivalence forthe editions indicated: International Standard Corresponding Indian Standard Degree of’ Equivalence ISO 9564-2 : 1991 Banking — IS 15042 (Part 2) :2001 Banking — Identical Personal Identification Number Personal Identification Number (PIN) (PIN) management and security management and security: Part .2 — Part”2: Approved algorithm (s) Approved algorithm(s) for PIN for PIN encipherment encipherment ISO 11568-1 :1994 Banking — IS 15256 (Part 1) :2002 Banking — Key do Key management (retail) — management (retail): Part 1 introduction Part 1 : Introduction to key to key management management ISO 11568-4: 1998 Banking — IS 15256 (Part 4) :2002 Banking — Key do Key management (retail) — management (retail): Part 4 Key Part 4 : Key ‘management management techniques using public key techniques using public key cryptography cryptography ISO 11568-6:1998 Banking — IS 15256 (Part 6) :2002 Banking — Key do Key management (retail) — management (retail): Part 6 Key Part 6 : Key management management schemes schemes lSO/iEC 7812-1 : 2000 IS 14173 (Part 1): 2003 Identification cards do Identification cards — — Identification of issuers: Part 1 Identification ofissuers— Part 1: Numbering system (first revision) Numbering system i IS 15042 (Part 1) :2006 ISO 9564-1:2002 International Standard Corresponding Indian Standard Degree of Equivalence lSO/lEC 7812-2:2000 identifi- IS 14173 (Part 2):2003 Identification cards Identical cation cards — Identification of — Identification of issuers : Part 2 Issuers — Part 2: Application and Application and registration procedures registration procedures (first revision) lSO/lEC 7813:1987 Identification IS 14174 : 1994 Identification cards — do cards — Financial transaction Financial transaction cards cards lSO/l EC 7816-1 : 1998 IS 14202 (Part 1) :2003 Identification do Identification cards — Integrated cards — Integrated circuit(s) cards with circuit(s) cards with contacts — contacts: Part 1 Physical characteristics Part 1 :Physical characteristics (first revision) lSO/l EC 7816-2 : 1999 IS 14202 (Part 2):2003 Identification cards do Identification cards — Integrated — Integrated circuit(s) cards withcontacts: circuit(s) cards with contacts— Part 2 Dimensions and location of the Part 2: Dimensions and location contacts ( first revision) of the contacts lSO/l EC 7816-3 : 1997 IS 14202 (Part 3): 2002 Identificationcards do Information technology— — Integrated circuits(s)cardswithcontacts: Identification cards — integrated Part 3 Electronic signals and transmission circuits(s) cards with contacts — protocols Part 3 : Electronic signals and transmission protocols lSO/l EC 7816-5 : 1994 IS 14202 (Part 5):2003 Identification cards do Identification cards—integrated — Integrated circuit(s) cards withcontacts: circuit(s) cards with .contacts— Part 5 Numbering system and registration Part 5 :Numbering system and procedure for application identifiers registration procedure for application identifiers lSO/l EC 7816-6 : 1997 IS 14202 (Part 6): 2003 Identification cards do Identification cards—integrated — Integrated circuit(s) cards withcontacts: circuit(s) cards with contacts— Part 6 Interindustry data elements Part 6 : Interindustry data elements ISO 10202-1 : 1991 Financial IS 14958 (Part 1) : 2001 Financial -do transaction cards—Security transaction cards — Security architecture architecture of financial of financial transaction systems using transaction systems using integrated circuit cards: Part 1 Card life integrated circuitcards — Part 1: cycle Card lifecycle .1S0 10202-2 : 1996 Financial IS 14958 (Part 2) : 2001 Financial do transaction cards — Security Transaction cards — Security architecture architecture of financial of financial transaction systems using transaction systems using integrated circuitcards: Part 2 Transaction integrated circuitcards — Part 2: process Transaction process IS 15042 (Part 1) :2006 ISO 9564-1:2002 International Standard ‘Corresponding Indian Standard Degree of Equivalence ISO 10202-3 : 1998 Financial IS 14958 (Part 3) : 2001 Financial Identical transaction cards — Security transaction cards — Security architecture architecture of financial of financial transaction systems using transaction systems using integrated circuit cards: Part 3 integrated circuit cards — Part 3: Cryptographic key relationship Cryptographic key relationship ISO 10202-4 : 1996 Financial IS 14958 (Part 4) : 2001 Financial do transaction cards — Security transaction cards — Security architecture architecture of financial of financial transaction systems using transaction systems using integrated circuit cards: Part 4 Security integrated circuit cards — Part.4: application modules Security application modules ISO 10202-5 : 1998 Financial IS 14958 (Part 5) : 2001 Financial do transaction cards — Security transaction cards — Security architecture architecture of financial of financial transaction systems using transaction systems using integrated circuit cards: Part 5 Use of integrated circuit cards — Part 5: algorithms Use of algorithms ISO 10202-6:1994 Financial IS 14958 (Part 6) : 2001 Financial do transaction cards — Security transaction cards — Security architecture architecture of financial of financial transaction systems using transaction systems using intergrated circuitcards: Part 6 Cardholder ,,,, intergrated circuitcards — Part 6: verification security Cardholder verification security “ISO 10202-7 : 1998 Financial IS 14958 (Part 7) : 2001 Financial do transaction cards — Security transaction cards — Security architecture architecture of financial of financial transaction systems using transaction systems usi ng integrated circuit cards: Part 7 -Key integrated circuit cards — Part 7: management Key management ISO 10202-8 : 1998 Financial IS 14958 (Part 8) : 2001 Financial do transaction cards — Security transaction cards — Security-architecture architecture of financial of financial transaction systems using transaction systems using integrated circuit cards: Part 8 General integrated circuit cards — Part 8: principles and overview General principles and overview The technical committee responsible forthe preparation ofthis standard has reviewed the provisions of the following International Standards and has decided that they are acceptable for use in conjunction with this standard: /nternationa/ Standard Title lSO/lEC 7816-4:2005 Identification cards — Integrated circuit(s) cards with contacts — Part 4: Organization, security and commands for interchange ... Ill IS 15042 (Part 1): 2006 ISO 9564-1:2002 International Standard Title ISO 9564-3:2003 Banking — Personal Identification Number (PIN) management and . security — Part 3: Requirements for offline PIN handling in ATM and POS systems ISO 11568-2:1994 Banking— Keymanagement (retail)— Part2: Keymanagement techniques for symmetric ciphers ISO 11568-3:1994 Banking — Keymanagement (retail) — Part 3: Keylifecycle forsymmetric ciphers ISO 11568-5:1998 Banking — Key management (retail) — Part 5: Keylifecycle forpublic key cryptosystems ISO 13491-1:1998 Banking — Secure cryptographic devices (retail) — Part 1 : Concepts, requirements and evaluation methods ISO 13491-2:2005 Banking — Secure cryptographic device; (retail) — Parl 2: Security, compliance checklists fordevices used infinancial transactions ISO 15668:1999 Banking — Secure file transfer (retail) Annexes A to G ofthis standard are for information. iv IS 15042 (Part 1) :2006 ISO 9564-1:2002 Introduction The Personal IdentificationNumber (PIN) is a means ofverifyhg the identityof a customerwithinan electronic fundstransfer(EFT) system. The objectiveof PIN management isto protectthe PIN againstunauthorizeddisclosure,compromiseand misuse throughoutitslifecycleand, insodoing,tominimizetheriskoffraudoccurringwithinEFT systems.Thesecrecyof the PIN needs to be assured at ail times during its life cycle which consists of its selection, issuance, activation, storage, entry, transmission, validation, deactivation and any other use made of it. PIN securityalso depends upon sound key management. Maintainingthe secrecy of cryptographickeys is of the utmostimportancebecause the compromiseof any key allowsthe compromiseof any PIN ever enciphered under it. Wherever possible, this part of ISO 9564 specifies requirements in absolute terms. In some instances, a level of subjectivity cannot be practically avoided especially when discussing the degree or level of security desired or to be achieved. The level of security to be achieved needs to be related to a number of factors, including the sensitivity of the data concerned and the likelihood that the data will be intercepted, the practicality of any envisaged encipherment process and the cost of providing, and breaking, a particular means of security. It is, therefore, necessary for each card acceptor, acquirer and issuer to agree on the extent and detail of security and PIN management procedures. As absolute security is not practically achievable, PIN management procedures should implement preventive measures to reduce the opportunity for a breach in security and aim for a “high” probability of detection of any illicit access or change to PIN material should these preventive measures fail. This applies at all stages of the generation, exchange and use of a PIN, including those processes that occur in cryptographic equipment and those related to the communication of PINs. This part of ISO 9564 is designed so that issuers can uniformly make certain, to whatever degree is practical, that a PIN, while under the control of other institutions, is properly managed. Techniques are given for protecting the PIN- based customer authentication process by safeguarding the PIN against unauthorized disclosure during the PINs life cycle. The publication of add itional parts is planned and these will cover PIN protection principles and techniques, electronic commerce and other environments identified at the time of writing. In ISO 9564-2, approved encipherment algorithms to be used in the protection of the PIN are specified. Application of the requirements of this part of ISO 9564 requires bilateral agreements to be made, including the choice of algorithms specified in ISO 9564-2. This part of ISO 9564 is one of a series that describes requirements for security in the retail banking environment, as follows: ISO 9564-2:1991, Banking — Personal Identification Number (PIN) management and security — Part 2: Approved algorithm(s) for PIN encipherment ISO 9564-3:—1), Banking — Personal Identification Number (PIN) management and security — Part 3: PIN protection requirements for oft7ine PIN handling in ATM and POS systems ISO 10202 (all parts), Financia/ transaction cards — Security architecture of financial transaction systems using integrated circuit cards ISO 11568 (all parts), Banking — Key management (retail) 1) Tobepublished. v IS 15042 (Part l): 2006 ISO 9564-1:2002 ISO 13491 (all parts), Banking — Secure cryptographic devices (refai/) . ISO 15668, Banking — Secure file transfer (retail) ,,,,

See more

The list of books you might like

book image

The Subtle Art of Not Giving a F*ck

Mark Manson
·224 Pages
·1.26 MB

book image

As Good as Dead

Holly Jackson
·6.41 MB

book image

Corrupt (Devil's Night #1)

Penelope Douglas
·518 Pages
·0.74 MB

book image

The Mountain Is You

Brianna Wiest
·0.34 MB

book image

By Any Other Name

Davidson Mary Janice
·123 Pages
·0.4 MB

book image

Introdução ao JSON

Lindsay Bassett
·0.6058 MB

book image

Mass Appeal Magazine 38

Mass Appeal Magazine
·765.4 MB

book image

RIHS Watchtower 2006

Rock Island Public High School, Rock Island, Illinois
·218.5 MB

book image

Maryville College Catalog 2006-2008

Maryville College
·6.5 MB

book image

California Garden, Vol. 97, No.3, May-June 2006

San Diego Floral Association
·4.3 MB

book image

Knowledge and employability : social studies grades 8 and 9

Alberta. Alberta Education
·1.9 MB

book image

Greek Government Gazette: Part 4, 2006 no. 87

The Government of the Hellenic Republic
·1.2 MB

book image

Bills as enacted, 2006-2007, No.81-151

Ontario. Legislative Assembly
·47.7 MB

book image

The Echo

Greensboro College
·206 Pages
·13.6 MB

book image

ultimate traffic Live User Guide

21 Pages
·2.95 MB

book image

DTIC ADA484047: Changing Homeland Security: Teaching the Core

Defense Technical Information Center
·0.46 MB

book image

Full Circle Magazine FR

54 Pages
·2.89 MB

book image

Deutsche Geschichte für Dummies

Christian v. Ditfurth
·4.7159 MB

book image

Algebraische Strukturen [Lecture notes]

Peter Hellekalek
·129 Pages
·0.556 MB