I.S. CWA 14174-3:2004
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
FINANCIAL TRANSACTIONAL IC CARD READER (FINREAD) - PART 3: SECURITY REQUIREMENTS
Hardcopy , PDF
13-12-2004
English
27-04-2004
Foreword
1 Scope
2 Normative references
3 Definitions and abbreviations
3.1 Definitions
3.2 Abbreviations
4 Assumptions and countermeasures
4.1 Assumptions
4.1.1 FCR general assumptions
4.1.2 FCR environment assumptions
4.2 Countermeasures
5 Security requirements
5.1 Hardware security requirements
5.2 Core software security requirements
6 Specification of implementation
6.1 Secure downloading
6.1.1 Digital signature calculation
6.1.2 Signature verification
6.1.3 Minimum data and parameters signed
6.2 Software integrity
6.3 FCR authentication
6.3.1 FCR signature calculation
6.3.2 FCR ID
6.3.3 FCR authentication public key certificate
7 Key management
7.1 Overview of certification schemes
7.1.1 Hierarchical tree
7.1.2 Cross-certification
7.2 Keys used for software download
7.2.1 FCR public root keys
7.2.2 Public keys used for software download
7.2.3 Public key certificates
7.2.4 FCR Master Key
7.2.5 Summary
7.3 Keys used for FCR authentication key
7.3.1 Authentication public key certificates
7.4 Summary of FCR keys
7.5 Length of the keys
8 Cryptographic functions/random number generator
8.1 Cryptographic functions
8.2 Random number generation
Specifies security requirements for the different components of the FINREAD card reader.
DocumentType |
Standard
|
Pages |
29
|
PublisherName |
National Standards Authority of Ireland
|
Status |
Withdrawn
|
Supersedes |
ISO 13491-2:2017 | Financial services — Secure cryptographic devices (retail) — Part 2: Security compliance checklists for devices used in financial transactions |
ANSI X9.52 : 1998 | TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION |
ISO 13491-1:2016 | Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods |
ISO 8731-1:1987 | Banking Approved algorithms for message authentication Part 1: DEA |
ISO 9564-1:2017 | Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.