【英文标准名称】:Banking-Securecryptographicdevices(retail)-Concepts,requirementsandevaluationmethods
【原文标准名称】:银行业务.安全加密设备(零售).概念、要求和评估方法
【标准号】:BSISO13491-1-2007
【标准状态】:现行
【国别】:英国
【发布日期】:2007-10-31
【实施或试行日期】:2007-10-31
【发布单位】:英国标准学会(GB-BSI)
【起草单位】:BSI
【标准类型】:()
【标准水平】:()
【中文主题词】:银行业务;认证;编码器;编码;概念;数据编码;数据处理;数据保护;定义;信息交换;零售商业;规范(验收)
【英文主题词】:Bankoperations;Certification;Coders;Coding;Conception;Dataenciphering;Dataprocessing;Dataprotection;Definitions;Informationinterchange;Retailtrade;Specification(approval)
【摘要】:ThispartofISO13491specifiestherequirementsforsecurecryptographicdevices(SCDs)basedonthecryptographicprocessesdefinedinISO9564,ISO16609andISO11568.ThispartofISO13491hastwoprimarypurposes:--tostatetherequirementsconcerningboththeoperationalcharacteristicsofSCDsandthemanagementofsuchdevicesthroughoutallstagesoftheirlifecycle,and--tostandardizethemethodologyforverifyingcompliancewiththoserequirements.Appropriatedevicecharacteristicsarenecessarytoensurethatthedevicehastheproperoperationalcapabilitiesandprovidesadequateprotectionforthedataitcontains.Appropriatedevicemanagementisnecessarytoensurethatthedeviceislegitimate,thatithasnotbeenmodifiedinanunauthorizedmanner(e.g.by“bugging”)andthatanysensitivedataplacedwithinthedevice(e.g.cryptographickeys)hasnotbeensubjecttodisclosureorchange.Absolutesecurityisnotachievableinpracticalterms.CryptographicsecuritydependsuponeachlifecyclephaseoftheSCDandthecomplementarycombinationofappropriatemanagementproceduresandsecurecryptographiccharacteristics.ThesemanagementproceduresimplementpreventivemeasurestoreducetheopportunityforabreachofSCDsecurity.Theseaimforahighprobabilityofdetectionofanyunauthorizedaccesstosensitiveorconfidentialdata,shoulddevicecharacteristicsfailtopreventordetectthesecuritycompromise.AnnexAprovidesaninformativeillustrationoftheconceptsofsecuritylevelsdescribedinthispartofISO13491asbeingapplicabletoSCDs.ThispartofISO13491doesnotaddressissuesarisingfromthedenialofserviceofanSCD.SpecificrequirementsforthecharacteristicsandmanagementofspecifictypesofSCDfunctionalityusedintheretailfinancialservicesenvironmentarecontainedinISO13491-2.
【中国标准分类号】:A11
【国际标准分类号】:35_240_40
【页数】:40P;A4
【正文语种】:英语