BS ISO 9564-2-2014 Financial services Personal Identification Number (PIN) management and security Approved algorithms for PIN encipherment《金融服务 个人识别号码 (PIN) 管理和安全 核准的PIN密码算法》.pdf

1、BSI Standards PublicationBS ISO 9564-2:2014Financial services PersonalIdentification Number (PIN)management and securityPart 2: Approved algorithms for PINenciphermentBS ISO 9564-2:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of ISO 9564-2:2014. Itsupersedes B

2、S ISO 9564-2:2005 which is withdrawn.The UK participation in its preparation was entrusted to TechnicalCommittee IST/12, Financial services.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryp

3、rovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 79387 5ICS 35.240.40Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was publis

4、hed under the authority of theStandards Policy and Strategy Committee on 31 August 2014.Amendments issued since publicationDate Text affectedBS ISO 9564-2:2014 ISO 2014Financial services Personal Identification Number (PIN) management and security Part 2: Approved algorithms for PIN enciphermentServ

5、ices financiers Gestion et scurit du numro personnel didentification (PIN) Partie 2: Algorithmes approuvs pour le chiffrement du PININTERNATIONAL STANDARDISO9564-2Third edition2014-08-01Reference numberISO 9564-2:2014(E)BS ISO 9564-2:2014ISO 9564-2:2014(E)ii ISO 2014 All rights reservedCOPYRIGHT PRO

6、TECTED DOCUMENT ISO 2014All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Per

7、mission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCase postale 56 CH-1211 Geneva 20Tel. + 41 22 749 01 11Fax + 41 22 749 09 47E-mail copyrightiso.orgWeb www.iso.orgPublished in SwitzerlandBS ISO 9564-2:2014ISO 9564-2

8、:2014(E) ISO 2014 All rights reserved iiiContents PageForeword ivIntroduction v1 Scope . 12 Normative references 13 Triple Data Encryption Algorithm (TDEA) 13.1 Definition of the TDEA algorithm . 13.2 Use of the TDEA algorithm . 14 RSA encryption algorithm. 14.1 Definition of the RSA algorithm 14.2

9、Use of the RSA algorithm 25 AES encryption algorithm . 25.1 Definition of the AES algorithm 25.2 Use of the AES algorithm 2BS ISO 9564-2:2014ISO 9564-2:2014(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies).

10、The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-g

11、overnmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.The procedures used to develop this document and those intended for its further maintenance are described

12、 in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the

13、 possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO l

14、ist of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as wel

15、l as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary informationThe committee responsible for this document is ISO/TC 68, Financial services, Subcommittee SC 2, Financial services, security.This third edi

16、tion cancels and replaces the second edition (ISO 9564-2:2005), which has been technically revised.ISO 9564 consists of the following parts, under the general title Financial services Personal Identification Number (PIN) management and security: Part 1: Basic principles and requirements for PINs in

17、card-based systems Part 2: Approved algorithms for PIN encipherment Part 4: Requirements for PIN handling in eCommerce for payment transactionsiv ISO 2014 All rights reservedBS ISO 9564-2:2014ISO 9564-2:2014(E)IntroductionThis part of ISO 9564 specifies algorithms approved for the encipherment of Pe

18、rsonal Identification Numbers (PINs). The following algorithms, based on the approval processes established in ISO 9564-1, are: Triple Data Encryption Algorithm (TDEA); RSA; Advanced Encryption Standard (AES). ISO 2014 All rights reserved vBS ISO 9564-2:2014BS ISO 9564-2:2014Financial services Perso

19、nal Identification Number (PIN) management and security Part 2: Approved algorithms for PIN encipherment1 ScopeThis part of ISO 9564 specifies approved algorithms for the encipherment of Personal Identification Numbers (PINs).2 Normative referencesThe following documents, in whole or in part, are no

20、rmatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO 9564-1, Financial services Personal Identification Numbe

21、r management and security Part 1: Basic principles and requirements for PINs in card-based systemsISO/IEC 10116, Information technology Security techniques Modes of operation for an n-bit block cipherISO/IEC 18033-2, Information technology Security techniques Encryption algorithms Part 2: Asymmetric

22、 ciphersISO/IEC 18033-3, Information technology Security techniques Encryption algorithms Part 3: Block ciphers3 Triple Data Encryption Algorithm (TDEA)3.1 Definition of the TDEA algorithmThe definition of TDEA shall be as described in the ISO/IEC 18033-3.3.2 Use of the TDEA algorithmEncipherment, u

23、sing the TDEA as described in ISO/IEC 18033-3 with TDEA keying option 1 or 2, of the PIN blocks described in ISO 9564-1 shall be achieved using the algorithm operating in the Electronic Code Book (ECB) mode (with n equal to 64), as described in ISO/IEC 10116.This algorithm is approved for use with P

24、IN block formats 0, 1, and 3 only.4 RSA encryption algorithm4.1 Definition of the RSA algorithmThe definition of RSA shall be as described in ISO/IEC 18033-2.INTERNATIONAL STANDARD ISO 9564-2:2014(E) ISO 2014 All rights reserved 1BS ISO 9564-2:2014ISO 9564-2:2014(E)4.2 Use of the RSA algorithmThe fo

25、rmat 2 PIN block and its encipherment, using RSA, shall be as described in ISO 9564-1.This algorithm is approved only for use for encipherment of offline PINs for submission to ICCs as defined in ISO 9564-1. It is approved for use with PIN block format 2 only.5 AES encryption algorithm5.1 Definition

26、 of the AES algorithmThe definition of AES shall be as described in ISO/IEC 18033-3.5.2 Use of the AES algorithmEncipherment, using AES as described in ISO/IEC 18033-3, of the PIN blocks described in ISO 9564-1 shall be achieved using the algorithm operating in the Electronic Code Book (ECB) mode (w

27、ith block size n equal to 128), as described in ISO/IEC 10116.This algorithm is approved for use with PIN block format 4 only.2 ISO 2014 All rights reservedBS ISO 9564-2:2014BS ISO 9564-2:2014ISO 9564-2:2014(E) ISO 2014 All rights reservedICS 35.240.40Price based on 2 pagesThis page deliberately lef

28、t blankBSI is the national body responsible for preparing British Standards and other standards-related publications, information and services.BSI is incorporated by Royal Charter. British Standards and other standardization products are published by BSI Standards Limited.British Standards Instituti

29、on (BSI)BSI Group Headquarters389 Chiswick High Road London W4 4AL UKAbout usWe bring together business, industry, government, consumers, innovators and others to shape their combined experience and expertise into standards -based solutions.The knowledge embodied in our standards has been carefully

30、assembled in a dependable format and refined through our open consultation process. Organizations of all sizes and across all sectors choose standards to help them achieve their goals.Information on standardsWe can provide you with the knowledge that your organization needs to succeed. Find out more

31、 about British Standards by visiting our website at or contacting our Customer Services team or Knowledge Centre.Buying standardsYou can buy and download PDF versions of BSI publications, including British and adopted European and international standards, through our website at where hard copies c

32、an also be purchased. If you need international and foreign standards from other Standards Development Organizations, hard copies can be ordered from our Customer Services team.SubscriptionsOur range of subscription services are designed to make using standards easier for you. For further informatio

33、n on our subscription products go to British Standards Online (BSOL) youll have instant access to over 55,000 British and adopted European and international standards from your desktop. Its available 24/7 and is refreshed daily so youll always be up to date. You can keep in touch with standards dev

34、elopments and receive substantial discounts on the purchase price of standards, both in single copy and subscription format, by becoming a BSI Subscribing Member. PLUS is an updating service exclusive to BSI Subscribing Members. You will automatically receive the latest hard copy of your standards w

35、hen theyre revised or replaced. To find out more about becoming a BSI Subscribing Member and the benefits of membership, please visit a Multi-User Network Licence (MUNL) you are able to host standards publications on your intranet. Licences can cover as few or as many users as you wish. With update

36、s supplied as soon as theyre available, you can be sure your documentation is current. For further information, email .RevisionsOur British Standards and other publications are updated by amendment or revision. We continually improve the quality of our products and services to benefit your business.

37、 If you find an inaccuracy or ambiguity within a British Standard or other BSI publication please inform the Knowledge Centre.CopyrightAll the data, software and documentation set out in all British Standards and other BSI publications are the property of and copyrighted by BSI, or some person or en

38、tity that owns copyright in the information used (such as the international standardization bodies) and has formally licensed such information to BSI for commercial publication and use. Except as permitted under the Copyright, Designs and Patents Act 1988 no extract may be reproduced, stored in a re

39、trieval system or transmitted in any form or by any means electronic, photocopying, recording or otherwise without prior written permission from BSI. Details and advice can be obtained from the Copyright & Licensing Department.Useful Contacts:Customer ServicesTel: +44 845 086 9001Email (orders): Email (enquiries): SubscriptionsTel: +44 845 086 9001Email: Knowledge CentreTel: +44 20 8996 7004Email: Copyright & LicensingTel: +44 20 8996 7070Email: NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW