ImageVerifierCode 换一换
格式:PDF , 页数:64 ,大小:922.42KB ,
资源ID:431339      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-431339.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI ASC X9 X9.119-2017 Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data - Part 2 Implementing Post-Authorization Tokenization Systems.pdf)为本站会员(amazingpat195)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI ASC X9 X9.119-2017 Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data - Part 2 Implementing Post-Authorization Tokenization Systems.pdf

1、 American National Standard for Financial Services ANSI X9.119-2017 Retail Financial Services - Requirements for Protection of Sensitive Payment Card Data - Part 2: Implementing Post-Authorization Tokenization Systems Accredited Standards Committee X9, Incorporated Financial Industry Standards Date

2、Approved: August 3, 2017 American National Standards Institute American National Standards, Technical Reports and Guides developed through the Accredited Standards Committee X9, Inc., are copyrighted. Copying these documents for personal or commercial use outside X9 membership agreements is prohibit

3、ed without express written permission of the Accredited Standards Committee X9, Inc. For additional information please contact ASC X9, Inc., 275 West Street, Suite 107, Annapolis, MD 21401. ASC X9, Inc. 2017 All rights reserved 1 This page left intentionally blank ANSI X9.119-2-2017 ASC X9, Inc. 201

4、7 All rights reserved v Contents Page Foreword . vii Introduction viii 1 Scope . 1 1.1 General . 1 1.2 Application . 2 2 Normative references . 2 3 Terms and definitions 3 4 Symbols and abbreviated terms . 7 5 Sensitive Payment Card Data Elements 7 6 Tokens, their Attributes and Utility 8 6.1 Token

5、Attributes 8 6.2 Token Utility . 10 7 Tokenization Systems, Components and Security Requirements . 10 7.1 The Tokenization System Model 10 7.2 Risk Vectors for Tokenization Systems 14 7.2.1 Risk Vector 1: Tokenization Secret Data Controls . 14 7.2.2 Risk Vector 2: Random Mapping Controls . 15 7.2.3

6、Risk Vector 3: Access Control Rules 15 7.2.4 Risk Vector 4: Control Tokenization Isolation 16 7.2.5 Risk Vector 5: Control the Confidentiality and Integrity of Data Between the TRI and the Tokenization Service . 20 7.2.6 Risk Vector 6: Maintenance of Overall System Health via Auditing, Logging and M

7、onitoring 21 7.3 Data Element-Specific Requirements . 22 7.3.1 Cardholder Name . 22 7.3.2 Primary Account Number (PAN) . 22 7.3.3 Discretionary Track Data . 22 8 Schema for Identification and Referencing of Tokenization Methods . 23 Annex A (Normative) Abstract Schema . 24 A.1 General 24 A.2 Tokeniz

8、ation schema specification 24 A.3 Normative References of Annex A 25 Annex B (Normative) Acceptable Tokenization Techniques . 26 B.1 General 26 B.2 Tokenization Schemes . 27 B.2.1 On Demand Random Assignment (ODRA) . 27 B.2.2 Encryption-based Tokenization Scheme 28 B.2.3 Message Authentication Code-

9、based Tokenization Scheme . 30 B.2.4 Static Table-driven (STD) Tokenization Scheme 32 B.3 Minimum Security Level 34 B.4 Requirements for Random Generation 34 B.5 Requirements for the protection of the Tokenization Secret . 34 B.6 Collision Resistance / Avoidance . 34 B.7 Token Domain . 35 ANSI X9.11

10、9-2-2017 vi ASC X9, Inc. 2017 All rights reserved B.8 Hash Based Tokenization 35 B.9 Informative References of Annex B 35 Annex C (Informative) Static Table-driven Tokenization Reference Schemes 36 C.1 General .36 C.2 Direct-Lookup Table .37 C.2.1 General 37 C.2.2 Security of the Direct-Lookup Table

11、 scheme .37 C.2.3 Security Analysis of the Direct Lookup Table scheme 38 C.3 Feistel Network-based Tokenization Scheme 39 C.3.1 General 39 C.3.2 Feistel Security 40 C.3.3 Feistel based STD Reference Round Functions .41 C.4 Informative References for Annex C 43 Annex D (Informative) Token Use-cases a

12、nd Guidance.45 D.1 Other Token and Tokenization terminology 45 D.2 Securing the PAN from Point-of-sale to Settlement 46 List of Figures Figure 1: The Tokenization System 11 Figure 2: Risk Vectors for Tokenization Systems .14 Figure 3: Common Tokenization Architecture .47 Figure 4: Workflow around to

13、kenization at the Acquirer48 Figure 5: Workflow around tokenization at the Merchant 51 ANSI X9.119-2-2017 ASC X9, Inc. 2017 All rights reserved vii Foreword Approval of an American National Standard requires verification by ANSI that the requirements for due process, consensus, and other criteria fo

14、r approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a simple majority, but not neces

15、sarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether it has approved the standard

16、s or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American National Standard. Moreover, no pe

17、rson shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretation should be addressed to the secretariat or sponsor whose name appears on the title page of this Standard. CAUTION NO

18、TICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or withdraw this Standard no later than five years from the date of approval. Published by Accredited Standards

19、 Committee X9, Incorporated Financial Industry Standards 275 West Street, Suite 107 Annapolis, MD 21401 USA X9 Online http:/www.x9.org Copyright 2017 ASC X9, Inc. All rights reserved. No part of this publication may be reproduced in any form, in an electronic retrieval system or otherwise, without p

20、rior written permission of the publisher. Published in the United States of America. ANSI X9.119-2-2017 viii ASC X9, Inc. 2017 All rights reserved Introduction Suggestions for the improvement or revision of this Standard should be sent to the X9 Committee Secretariat, Accredited Standards Committee

21、X9, Inc., Financial Industry Standards, 275 West Street, Suite 107, Annapolis, MD 21401 USA. This Standard was processed and approved for submission to ANSI by the Accredited Standards Committee on Financial Services, X9 Inc. Committee approval of the Standard does not necessarily imply that all the

22、 committee members voted for its approval. At the time this Standard was approved, the X9 committee had the following members: Roy DeCicco, X9 Chairman Angela Hendershott, X9 Vice-Chairman Steve Stevens, Executive Director Janet Busch, Program Manager Organization Represented Representative ACI Worl

23、dwide Doug Grote American Bankers Association Diane Poole American Express Company David Moore Bank of America . Daniel Welch Bank of New York Mellon Arthur Sutton Blackhawk Network Anthony Redondo Bloomberg LP . Corby Dear Capital One Marie LaQuerre Citigroup, Inc. Karla McKenna CLS Bank . Ram Koma

24、rraju Conexxus, Inc. Gray Taylor CUSIP Service Bureau . Gerard Faulkner Delap LLP .Andrea Beatty Delap LLP . Darlene Kargel Deluxe Corporation . Angela Hendershott Diebold Nixdorf Bruce Chapa Discover Financial Services Michelle Zhang eCurrency David Wen Federal Reserve Bank . Mary Hughes First Data

25、 Corporation Kerry Deardorff FIS Stephen Gibson-Saxty Fiserv Dan Otten FIX Protocol Ltd - FPL . Jim Northey Futurex Ryan Smith Gilbarco . Bruce Welch Harland Clarke John McCleary Hewlett Packard . Susan Langford IBM Corporation . Todd Arnold Independent Community Bankers of America Cary Whaley Ingen

26、ico . Rob Martin ISITC Jason Brasile J.P. Morgan Chase Roy DeCicco ANSI X9.119-2-2017 ASC X9, Inc. 2017 All rights reserved ix KPMG LLP . Mark Lundin MagTek, Inc. Mimi Hart MasterCard Europe Sprl Mark Kamers NACHA The Electronic Payments Association . Priscilla Holland National Security Agency Paul

27、Timmel Nautilus Hyosung Joe Militello NCR Corporation . David Norris Office of Financial Research, U.S. Treasury Department . Thomas Brown Jr. PCI Security Standards Council Troy Leach RouteOne . Chris Irving RouteOne Jenna Wolfe Symcor Inc. . Debbi Fitzpatrick TECSEC Incorporated . Ed Scheidt The C

28、learing House . Sharon Jablon U.S. Bank .John King U.S. Commodity Futures Trading Commission (CFTC) Robert Stowsky USDA Food and Nutrition Service Kathy Ottobre Vantiv LLC . john hall VeriFone, Inc. . Dave Faoro VISA . Kim Wagner Wayne Fueling Systems Steven Bowles Wells Fargo Bank . Mark Schaffer A

29、t the time this standard was approved, the X9F subcommittee on Data and Information Security had the following members: Dave Faoro, X9F Chair Ed Scheidt, X9F Vice Chair Steven Bowles, X9F Vice Chair Organization Represented Representative ACI Worldwide Doug Grote ACI Worldwide Dan Kinney ACI Worldwi

30、de . Julie Samson American Bankers Association Tom Judd American Express Company Farid Hatefi American Express Company .John Timar American Express Company .Kevin Welsh Bank of America Amanda Adams Bank of America . Peter Capraro Bank of America . Andi Coleman Bank of America . Lawrence LaBella Bank

31、 of America Will Robinson Bank of America . Michael Smith Bank of America Daniel Welch BlackBerry Limited . Daniel Brown BlackBerry Limited . Sandra Lambert Blackhawk Network Vijay Bolina Blackhawk Network Anthony Redondo Bloomberg LP . Erik Anderson Bloomberg LP . Corby Dear Capital One Marie LaQue

32、rre Capital One . Johnny Lee ANSI X9.119-2-2017 x ASC X9, Inc. 2017 All rights reserved Cipherithm Scott Spiker comForte 21 GmbH Thomas Gloerfeld comForte 21 GmbH . Henning Horst Communications Security Establishment . Jonathan Hammell Communications Security Establishment David Smith Conexxus, Inc.

33、 Alan Thiemann CUSIP Service Bureau Scott Preiss Delap LLP .Andrea Beatty Delap LLP . David Buchanan Delap LLP . Darlene Kargel Deluxe Corporation . Angela Hendershott Deluxe Corporation . Margiore Romay Deluxe Corporation Andy Vo Diebold Nixdorf Christoph Bruecher Diebold Nixdorf .Andrea Carozzi Di

34、ebold Nixdorf Bruce Chapa Diebold Nixdorf Michael Nolte Diebold Nixdorf . Michael Ott Diebold Nixdorf . Dave Phister Discover Financial Services . Cheryl Mish Discover Financial Services Diana Pauliks Discover Financial Services Jordan Schaefer eCurrency David Wen Federal Reserve Bank Patrick Adler

35、Federal Reserve Bank . Guy Berg Federal Reserve Bank Marianne Crowe Federal Reserve Bank Amanda Dorphy Federal Reserve Bank . Mary Hughes Federal Reserve Bank Heather Hultquist Federal Reserve Bank . Janet LaFrence Federal Reserve Bank . Susan Pandy Federal Reserve Bank Patti Ritter Federal Reserve

36、Bank .Daniel Rozycki First Data Corporation Annmarie Corrigan First Data Corporation Lisa Curry First National Bank of Omaha . Kristi White FIS Chelsea Lopez FIS John Soares FIS .Sunny Wear Fiserv Bud Beattie Fiserv Dan Otten Futurex Ryan Smith GEOBRIDGE Corporation . Donna Gem GEOBRIDGE Corporation

37、 . Jason Way Gilbarco Scott Turner Gilbarco . Bruce Welch Harland Clarke . Joseph Filer Heartland Payment Systems . Scott Meeker Hewlett Packard . Susan Langford Hewlett Packard . Luther Martin Hewlett Packard . Terence Spies IBM Corporation . Todd Arnold Independent Community Bankers of America Car

38、y Whaley Ingenico . Rob Martin ITS, Inc. (SHAZAM Networks) . Manish Nathwani ANSI X9.119-2-2017 ASC X9, Inc. 2017 All rights reserved xi J.P. Morgan Chase Bruce Geller J.P. Morgan Chase . Kathleen Krupa J.P. Morgan Chase Jackie Pagn J.P. Morgan Chase . Darryl Scott K3DES LLC Azie Amini KPMG LLP . Ma

39、rk Lundin MagTek, Inc. Jeff Duncan MagTek, Inc. Mimi Hart MasterCard Europe Sprl Mark Kamers MasterCard Europe Sprl Joshua Knopp MasterCard Europe Sprl Larry Newell MasterCard Europe Sprl . Adam Sommer MasterCard Europe Sprl Michael Ward National Institute of Standards and Technology (NIST) Elaine B

40、arker National Institute of Standards and Technology (NIST) . Lily Chen National Security Agency Mike Boyle National Security Agency Paul Timmel Nautilus Hyosung Joe Militello Nautilus Hyosung . Jay Shin NCR Corporation Tanika Eng NCR Corporation Charlie Harrow NCR Corporation . David Norris Onboard

41、 Security Mark Etzel Onboard Security William Whyte Onboard Security . Lee Wilson Onboard Security . Zhenfei Zhang PCI Security Standards Council . Leon Fell PCI Security Standards Council Troy Leach PCI Security Standards Council Ralph Poore RSA, The Security Division of EMC . Steve Schmalz SafeNet

42、, Inc. Amit Sinha Safeway Gary Zempich TECSEC Incorporated . Ed Scheidt TECSEC Incorporated . Dr. Wai Tsang TECSEC Incorporated . Jay Wack Thales UK Limited Larry Hines Thales UK Limited . James Torjussen The Clearing House Henry Farrar The Clearing House . Sharon Jablon Trustwave . John Amaral Trus

43、twave Tim Hollebeek U.S. Bank Stephen Case U.S. Bank Peter Skirvin Vantiv LLC . john hall Vantiv LLC Jeffrey Singleton Vantiv LLC Bill Weingart Vantiv LLC . James Zerfas VeriFone, Inc. John Barrowman VeriFone, Inc. David Ezell VeriFone, Inc. . Dave Faoro VeriFone, Inc. . Doug Manchester VeriFone, In

44、c. . Brad McGuinness VeriFone, Inc. . Joachim Vance VISA . Shahzad Khan VISA . Kim Wagner ANSI X9.119-2-2017 xii ASC X9, Inc. 2017 All rights reserved Wayne Fueling Systems Steven Bowles Wells Fargo Bank.William Felts, IV Wells Fargo Bank Phillip Griffin Wells Fargo Bank Jan Kohl Wells Fargo BankGar

45、rett Macey Wells Fargo Bank Kelly ODonnell Wells Fargo Bank Mark Schaffer Wells Fargo Bank Jeff Stapleton XYPRO Technology Steve Tcherchian Under ASC X9, Inc. procedures, a working group may be established to address specific segments of work under the ASC X9 Committee or one of its subcommittees. A

46、 working group exists only to develop standard(s) or guideline(s) in a specific area and is then disbanded. The individual experts are listed with their affiliated organizations. However, this does not imply that the organization has approved the content of the standard or guideline. (Note: Per X9 p

47、olicy, company names of non-member participants are listed only if, at the time of publication, the X9 Secretariat received an original signed release permitting such company names to appear in print.) At the time this standard was approved, the X9F4 Cryptographic Protocol and Application Security W

48、orking Group, which developed this standard, had the following active members: Jeff Stapleton, X9F4 Chair Sandra Lambert, X9F4 Vice Chair Steven Schmalz, Technical Editor Terence Spies, Technical Editor Henning Horst, Technical Editor Organization Represented Representative Accredited Standards Comm

49、ittee X9, Inc. .Janet Busch Bank of America . Amanda Adams Bank of America Peter Capraro Bank of America Andi Coleman Bank of America David Freeman Bank of America Lawrence LaBella Bank of America . Daniel Welch Member Emeritus. Bill Poletti BlackBerry Limited . Daniel Brown BlackBerry Limited Sandra Lambert Bloomberg LP . Erik Anderson Capital One . Johnny Lee Cipherithm Scott Spiker comForte 21 GmbH . Henning Horst Conexxus, Inc. Alan Thiemann Conexxus, Inc. . Linda Toth Delap LLP .Andrea Beatty Delap LLP . Darlene Kargel Diebold Nixdorf Christ

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1