• There are no items in your cart

AS 2805.14.2-2003

Superseded

Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by

Electronic funds transfer - Requirements for interfaces Secure cryptographic devices (retail) - Security compliance checklists for devices used in magnetic stripe card systems

Available format(s)

Hardcopy , PDF 1 User , PDF 3 Users , PDF 5 Users , PDF 9 Users

Superseded date

30-06-2017

Superseded by

AS 2805.14.2-2009

Language(s)

English

Published date

01-01-2003

€92.72
Excluding VAT

1 - AS 2805.14.2-2003 ELECTRONIC FUNDS TRANSFER-REQUIREMENTS FOR INTERFACES - SECURE CRYPTOGRAPHIC DEVICES (RETAIL)-SECURITY...
4 - PREFACE
6 - CONTENTS
7 - 1 Scope
7 - 2 Normative references
8 - 3 Terms and definitions
8 - 3.1 accredited evaluation authority
8 - 3.2 attack
8 - 3.3 audit report
8 - 3.4 audit review body
8 - 3.5 auditor
8 - 3.6 device security
8 - 3.7 evaluation agency
8 - 3.8 evaluation report
8 - 3.9 evaluation review body
8 - 3.10 formal claims
8 - 3.11 logical security
8 - 3.12 operational environment
9 - 3.13 physical security
9 - 3.14 secure cryptographic device SCD
9 - 3.15 secure operator interface
9 - 3.16 security compliance checklist
9 - 3.17 sensitive data sensitive information
9 - 3.18 sensitive state
9 - 3.19 software
9 - 3.20 sponsor sponsoring authority
9 - 3.21 tamper-evident characteristic
9 - 3.22 tamper-resistant characteristic
9 - 3.23 tamper-responsive characteristic
9 - 4 Use of security compliance checklists
9 - 4.1 General
10 - 4.2 Informal evaluation
10 - 4.3 Semi-formal evaluation
10 - 4.4 Formal evaluation
10 - 5 Summary
11 - Annex A - Physical, logical and device management characteristics common to all secure cryptographic devices
11 - A.1 General
11 - A.2 Device characteristics
15 - A.3 Device management
18 - Annex B - Devices with PIN entry functionality
18 - B.1 General
18 - B.2 Device characteristics
19 - B.3 Device management
21 - Annex C - Devices with PIN management functionality
21 - C.1 General
21 - C.2 Device characteristics
22 - C.3 Device management
23 - Annex D - Devices with message authentication functionality
23 - D.1 General
24 - D.2 Logical security device characteristics
25 - Annex E - Devices with key generation functionality
25 - E.1 General
25 - E.2 Device characteristics
27 - E.3 Device management
28 - Annex F - Devices with key transfer and loading functionality
28 - F.1 General
28 - F.2 Device characteristics
30 - F.3 Device management
32 - Annex G - Devices with digital signature functionality
32 - G.1 General
32 - G.2 Device management
34 - Annex H - Categorization of environments
34 - H.1 General
34 - H.2 Uncontrolled environments
34 - H.3 Minimally controlled environments
34 - H.4 Controlled environments
35 - H.5 Secure environments

This Standard provides a security compliance checklist for evaluating secure cryptographic devices (SCDs) used in magnetic stripe systems in accordance with AS 2805.14.1:2000.

Committee
IT-005
DocumentType
Standard
ISBN
0 7337 5058 3
Pages
30
PublisherName
Standards Australia
Status
Superseded
SupersededBy
Supersedes
UnderRevision

This part of ISO 13491 specifies checklists to be used to evaluate secure cryptographic devices (SCDs) incorporating cryptographic processes, as specified in ISO 9564, ISO 9807 and ISO 11568, in a magnetic stripe card environment. It does not specify checklists for SCDs used in an integrated circuit card (ICC) environment.This part of ISO 13491 does not address issues arising from the denial of service of a SCD.In the checklists given in annexes A to H, the term “not feasible” is intended to convey the notion that although a particular attack might be technically possible it would not be economically prudent, since carrying out the attack would cost more than any benefits obtained from a successful attack. In addition to attacks for purely economic gain, malicious attacks directed toward loss of reputation need to be considered.

Standards Relationship
ISO 13491-2:2000 Identical

First published as AS 2805.14.2-2003.

AS 2805.10.1-2004 Electronic funds transfer - Requirements for interfaces File transfer integrity validation
AS 2805.6.6-2006 Electronic funds transfer - Requirements for interfaces Key management - Session keys - Node to node with KEK replacement
AS 2805.3.1-2008 Electronic funds transfer - Requirements for interfaces PIN management and security - General (Reconfirmed 2019)
AS 2805.3.2-2008 Electronic funds transfer - Requirements for interfaces PIN management and security - Offline (Reconfirmed 2019)

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.