ImageVerifierCode 换一换
格式:PDF , 页数:27 ,大小:357.40KB ,
资源ID:431338      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-431338.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI ASC X9 X9.119-1-2016 Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data - Part 1 Using Encryption Methods.pdf)为本站会员(amazingpat195)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI ASC X9 X9.119-1-2016 Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data - Part 1 Using Encryption Methods.pdf

1、 American National Standard for Financial Services ANSI X9.119-1-2016 Retail Financial Services Requirements for Protection of Sensitive Payment Card Data Part 1: Using Encryption Methods Accredited Standards Committee X9, Incorporated Financial Industry Standards Date Approved: May 27, 2016 America

2、n National Standards Institute American National Standards, Technical Reports and Guides developed through the Accredited Standards Committee X9, Inc., are copyrighted. Copying these documents for personal or commercial use outside X9 membership agreements is prohibited without express written permi

3、ssion of the Accredited Standards Committee X9, Inc. For additional information please contact ASC X9, Inc., 275 West Street, Suite 107, Annapolis, MD 21401. This page left intentionally blank ANSI X9.119-1-2016 ASC X9, Inc. 2016 All rights reserved iii Contents Page Foreword . v Introduction vi 1 S

4、cope 1 2 Normative references 2 2.1 ANS INCITS 92-1981 (R2003) - Information Technology - Data Encryption Algorithm (DEA) . 2 2.2 ANS X9.24-1-2009 Retail Financial Services Symmetric Key Management part 1: Using Symmetric Techniques . 2 2.3 ANS X9.24-2-2006 Retail Financial Services Symmetric Key Ma

5、nagement part 2: Using Asymmetric Techniques . 2 2.4 ANS X9.52-1998 - Triple Data Encryption Algorithm (TDEA) Modes of Operation . 2 2.5 ANS X9.65-2004 - Triple Data Encryption Algorithm (TDEA) Implementation 2 2.6 ANS X9.82-1-2006 Random Number Generation . 2 2.7 ANS X9.97-1-2009 - Financial Servic

6、es Secure Cryptographic Devices (Retail) Part 1: Concepts, Requirements, and Evaluation Methods. 2 2.8 ANS X9.104 (all parts)-2004 Financial Transaction Card Originated Messages . 2 2.9 ISO Technical Report 14742 Financial services Recommendations on Cryptographic Algorithms and Their Use. 2 2.10 IS

7、O/IEC 7813:2006 Information Technology Identification cards Financial transaction cards . 2 2.11 ISO/IEC 18033: Information Technology- Security techniques Encryption algorithms Part 3: Block Ciphers . 2 3 Terms and definitions . 2 3.1 Acquirer 2 3.2 Algorithm 3 3.3 Authorization Transaction 3 3.4 C

8、iphertext . 3 3.5 Cleartext . 3 Data in original, unencrypted form. 3 3.6 Cryptographic Key A parameter that determines the operation of a cryptographic function such as: 3 3.7 Data Encryption Algorithm (DEA) 3 3.8 Data Encryption Standard (DES) 3 3.9 Decryption 3 3.10 Encryption 3 3.11 Encryption A

9、lgorithm 4 3.12 Format Preserving Encryption . 4 3.13 IC Card 4 3.14 Infeasible A condition whereby a particular attack, although it may be technically possible, is not economically viable. E.g. the cost of the attack exceeds the economic benefit 4 3.15 Institution . 4 3.16 Interchange 4 3.17 Issuer

10、 4 3.18 Key 4 3.19 Plaintext 4 3.20 Point of Entry (POE) 4 ANSI X9.119-1-2016 iv ASC X9, Inc. 2016 All rights reserved 3.21 Privacy 4 3.22 Protection . 5 3.23 Secure Cryptographic Device (SCD) . 5 3.24 Sensitive payment card data 5 3.25 Triple Data Encryption Algorithm (TDEA) . 5 3.26 Transaction .

11、5 3.27 Verification . 5 4 Symbols and abbreviated terms 5 5 Sensitive Payment Card Data Elements 6 6 Sensitive Payment Card Data Protection Requirements . 6 6.1 General 6 6.2 Data Element Specific Requirements 7 6.2.1 Cardholder Name . 7 6.2.2 Primary Account Number (PAN) 7 6.2.3 Expiration Date. 8

12、6.2.4 Service Code 8 6.2.5 Discretionary Data . 8 6.2.6 Track Data . 9 6.2.7 Manually Entered Security Validation Code . 9 6.2.8 Matrix of Security Requirements and Recommendations for Protection of Sensitive Payment Card Data outside of an SCD and prior to the point of decryption 10 6.3 Requirement

13、s When Employing Encryption Methods to Protect Sensitive Payment Card Data 11 6.3.1 Data Encryption Algorithm and Key Strength Requirements .11 6.3.2 Data Encryption Key Management Security Requirements 11 6.3.3 Prevention of Dictionary Attacks .11 6.3.4 Distinguishing Protected Data from Cleartext

14、Data When Employing Format Preserving Methods 12 Annex A (normative) Acceptable Data Encryption Algorithms .13 A.1 General 13 A.2 Approved Algorithms 13 A.2.1 TDEA .13 A.2.2 AES 13 A.2.3 RSAES using OAEP (Optimal Asymmetric Encryption Padding) .13 A.3 Minimum Security Level 13 ANSI X9.119-1-2016 ASC

15、 X9, Inc. 2016 All rights reserved v Foreword Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI

16、 Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort b

17、e made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming

18、to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name

19、of the American National Standards Institute. Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American N

20、ational Standards Institute require that action be taken to reaffirm, revise, or withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporated Financial Industry Standards 275 West Street, Suite 107 Annapolis, MD 21401 USA X9

21、Online http:/www.x9.org Copyright 2016 ASC X9, Inc. All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Published in the United States of America. ANSI X9.119-1-2016 vi ASC

22、X9, Inc. 2016 All rights reserved Introduction Suggestions for the improvement or revision of this Standard are welcome. They should be sent to the X9 Committee Secretariat, Accredited Standards Committee X9, Inc., Financial Industry Standards, 275 West Street, Suite 107, Annapolis, MD 21401 USA. Th

23、is Standard was processed and approved for submittal to ANSI by the Accredited Standards Committee on Financial Services, X9. Committee approval of the Standard does not necessarily imply that all the committee members voted for its approval. At the time this standard was approved, the X9 committee

24、had the following members: X9 Chairman Roy DeCicco X9 Vice-Chairman Claudia Swendseid Executive Director- Steve Stevens Organization Represented Representative ACI Worldwide Doug Grote ACI Worldwide Dan Kinney American Bankers Association Diane Poole American Express Company David Moore Bank of Amer

25、ica Daniel Welch Blackhawk Network Anthony Redondo Bloomberg LP Corby Dear Capital One Marie LaQuerre Citigroup, Inc. Karla McKenna CLS Bank Ram Komarraju Conexxus, Inc. Michael Davis Conexxus, Inc. Gray Taylor Delap LLP Darlene Kargel Deluxe Corporation Angela Hendershott Diebold, Inc. Bruce Chapa

26、Discover Financial Services Michelle Zhang eCurrency David Wen Federal Reserve Bank Mary Hughes Federal Reserve Bank Janet LaFrence FIS Stephen Gibson-Saxty Fiserv Dan Otten FIX Protocol Ltd - FPL Jim Northey Futurex Ryan Smith Gilbarco Bruce Welch Harland Clarke John McCleary Hewlett Packard Susan

27、Langford IBM Corporation Todd Arnold Independent Community Bankers of America Cary Whaley Ingenico Rob Martin ISITC Jason Brasile J.P. Morgan Chase Roy DeCicco KPMG LLP Mark Lundin MagTek, Inc. Roger Applewhite ANSI X9.119-1-2016 ASC X9, Inc. 2016 All rights reserved vii MagTek, Inc. Mimi Hart Maste

28、rCard Europe Sprl Mark Kamers NACHA The Electronic Payments Association Priscilla Holland National Security Agency Paul Timmel Nautilus Hyosung Joe Militello NCR Corporation David Norris Office of Financial Research, U.S. Treasury Department Justin Stekervetz PCI Security Standards Council Troy Leac

29、h RouteOne Chris Irving RouteOne Jenna Wolfe State Street Corporation Jason Brasile SWIFT/Pan Americas Frank Vandriessche Symcor Inc. Debbi Fitzpatrick TECSEC Incorporated Ed Scheidt The Clearing House Sharon Jablon U.S. Bank John King U.S. Commodity Futures Trading Commission (CFTC) Robert Stowsky

30、USDA Food and Nutrition Service Kathy Ottobre Vantiv LLC Gary Zempich VeriFone, Inc. Dave Faoro VISA Kim Wagner Wayne Fueling Systems Steven Bowles Wells Fargo Bank Mark Schaffer ANSI X9.119-1-2016 viii ASC X9, Inc. 2016 All rights reserved At the time this standard was approved, the X9F subcommitte

31、e on Data and Information Security had the following members: Ed Scheidt, Chairman Organization Represented Representative ACI Worldwide Doug Grote ACI Worldwide Dan Kinney ACI Worldwide Julie Samson American Bankers Association Tom Judd American Express Company Farid Hatefi American Express Company

32、 John Timar American Express Company Kevin Welsh Bank of America Amanda Adams Bank of America Peter Capraro Bank of America Andi Coleman Bank of America Lawrence LaBella Bank of America Will Robinson Bank of America Michael Smith Bank of America Daniel Welch BlackBerry Limited Daniel Brown BlackBerr

33、y Limited Sandra Lambert Blackhawk Network Anthony Redondo Bloomberg LP Erik Anderson Bloomberg LP Corby Dear Capital One Marie LaQuerre Capital One Johnny Lee Cipherithm Scott Spiker comForte 21 GmbH Thomas Gloerfeld comForte 21 GmbH Henning Horst Communications Security Establishment Jonathan Hamm

34、ell Communications Security Establishment David Smith Conexxus, Inc. Alan Thiemann CUSIP Service Bureau Scott Preiss Delap LLP David Buchanan Delap LLP Darlene Kargel Deluxe Corporation Angela Hendershott Deluxe Corporation Margiore Romay Deluxe Corporation Andy Vo Diebold, Inc. Bruce Chapa Diebold,

35、 Inc. Michael Ott Diebold, Inc. Dave Phister Discover Financial Services Cheryl Mish Discover Financial Services Diana Pauliks Discover Financial Services Jordan Schaefer eCurrency David Wen Federal Reserve Bank Patrick Adler Federal Reserve Bank Guy Berg Federal Reserve Bank Julia Cheney Federal Re

36、serve Bank Marianne Crowe Federal Reserve Bank Sandeep Dhameja Federal Reserve Bank Amanda Dorphy Federal Reserve Bank Mary Hughes Federal Reserve Bank Heather Hultquist ANSI X9.119-1-2016 ASC X9, Inc. 2016 All rights reserved ix Federal Reserve Bank Janet LaFrence Federal Reserve Bank Susan Pandy F

37、ederal Reserve Bank Patti Ritter Federal Reserve Bank Daniel Rozycki First Data Corporation Andrea Beatty First Data Corporation Lisa Curry First National Bank of Omaha Kristi White FIS Chelsea Lopez FIS John Soares FIS Sunny Wear Fiserv Bud Beattie Fiserv Dan Otten Futurex Ryan Smith GEOBRIDGE Corp

38、oration Donna Gem GEOBRIDGE Corporation Jason Way Gilbarco Scott Turner Gilbarco Bruce Welch Harland Clarke Joseph Filer Heartland Payment Systems Scott Meeker Hewlett Packard Susan Langford Hewlett Packard Luther Martin Hewlett Packard Terence Spies IBM Corporation Todd Arnold Independent Community

39、 Bankers of America Cary Whaley Ingenico Rob Martin ITS, Inc. (SHAZAM Networks) Manish Nathwani J.P. Morgan Chase Bruce Geller J.P. Morgan Chase Kathleen Krupa J.P. Morgan Chase Jackie Pagn K3DES LLC Azie Amini KPMG LLP Mark Lundin MagTek, Inc. Jeff Duncan MagTek, Inc. Mimi Hart MasterCard Europe Sp

40、rl Mark Kamers MasterCard Europe Sprl Joshua Knopp MasterCard Europe Sprl Larry Newell MasterCard Europe Sprl Adam Sommer MasterCard Europe Sprl Michael Ward National Institute of Standards and Technology (NIST) Elaine Barker National Institute of Standards and Technology (NIST) Lily Chen National S

41、ecurity Agency Mike Boyle National Security Agency Paul Timmel Nautilus Hyosung Joe Militello Nautilus Hyosung Jay Shin NCR Corporation Tanika Eng NCR Corporation Charlie Harrow NCR Corporation David Norris PCI Security Standards Council Leon Fell PCI Security Standards Council Troy Leach PCI Securi

42、ty Standards Council Ralph Poore RSA, The Security Division of EMC Steve Schmalz SafeNet, Inc. Amit Sinha Security Innovation Mark Etzel Security Innovation William Whyte Security Innovation Lee Wilson ANSI X9.119-1-2016 x ASC X9, Inc. 2016 All rights reserved Security Innovation Zhenfei Zhang TECSE

43、C Incorporated Ed Scheidt TECSEC Incorporated Dr. Wai Tsang TECSEC Incorporated Jay Wack Thales UK Limited Larry Hines Thales UK Limited James Torjussen The Clearing House Henry Farrar Trustwave John Amaral Trustwave Tim Hollebeek U.S. Bank Stephen Case U.S. Bank Peter Skirvin Vantiv LLC Bill Weinga

44、rt Vantiv LLC Gary Zempich Vantiv LLC James Zerfas VeriFone, Inc. John Barrowman VeriFone, Inc. David Ezell VeriFone, Inc. Dave Faoro VeriFone, Inc. Doug Manchester VeriFone, Inc. Brad McGuinness VeriFone, Inc. Joachim Vance VISA Shahzad Khan VISA Kim Wagner Wayne Fueling Systems Steven Bowles Wells

45、 Fargo Bank William Felts, IV Wells Fargo Bank Phillip Griffin Wells Fargo Bank Jan Kohl Wells Fargo Bank Garrett Macey Wells Fargo Bank Kelly ODonnell Wells Fargo Bank Mark Schaffer Wells Fargo Bank Jeff Stapleton Wincor Nixdorf Inc Christoph Bruecher Wincor Nixdorf Inc Andrea Carozzi Wincor Nixdor

46、f Inc Michael Nolte XYPRO Technology Steve Tcherchian Under ASC X9, Inc. procedures, a working group may be established to address specific segments of work under the ASC X9 Committee or one of its subcommittees. A working group exists only to develop standard(s) or guideline(s) in a specific area a

47、nd is then disbanded. The individual experts are listed with their affiliated organizations. However, this does not imply that the organization has approved the content of the standard or guideline. (Note: Per X9 policy, company names of non-member participants are listed only if, at the time of pub

48、lication, the X9 Secretariat received an original signed release permitting such company names to appear in print.) At the time this standard was approved, the X9F6 Cardholder Authentication and ICCs working group which developed this standard had the following active members: Scott Spiker, Chairman

49、 Organization Represented Representative ACI Worldwide . Doug Grote ACI Worldwide . Dan Kinney ACI Worldwide . Julie Samson American Bankers Association Tom Judd ANSI X9.119-1-2016 ASC X9, Inc. 2016 All rights reserved xi American Express Company Gail Chapman American Express Company Alan Fong American Express Company Michael Hyzer American Express Company Kenneth Mealey American Express Company David Moore American Express Company Clyde Van Blarcum American Express Company Kevin Welsh Bank of America .Amanda Adams Bank o

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1