1、BSI Standards Publication BS ISO 9564-2:2014 Financial services Personal Identification Number (PIN) management and security Part 2: Approved algorithms for PIN enciphermentBS ISO 9564-2:2014 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO 9564-2:2014. It sup
2、ersedes BS ISO 9564-2:2005 which is withdrawn. The UK participation in its preparation was entrusted to Technical Committee IST/12, Financial services. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all
3、the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 79387 5 ICS 35.240.40 Compliance with a British Standard cannot confer immunity from legal obligations. This Briti
4、sh Standard was published under the authority of the Standards Policy and Strategy Committee on 31 August 2014. Amendments issued since publication Date Text affectedBS ISO 9564-2:2014 ISO 2014 Financial services Personal Identification Number (PIN) management and security Part 2: Approved algorithm
5、s for PIN encipherment Services financiers Gestion et scurit du numro personnel didentification (PIN) Partie 2: Algorithmes approuvs pour le chiffrement du PIN INTERNATIONAL STANDARD ISO 9564-2 Third edition 2014-08-01 Reference number ISO 9564-2:2014(E)BS ISO 9564-2:2014ISO 9564-2:2014(E)ii ISO 201
6、4 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO 2014 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, w
7、ithout prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published
8、 in SwitzerlandBS ISO 9564-2:2014ISO 9564-2:2014(E) ISO 2014 All rights reserved iii Contents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references 1 3 Triple Data Encryption Algorithm (TDEA) 1 3.1 Definition of the TDEA algorithm . 1 3.2 Use of the TDEA algorithm . 1 4 RSA encryption a
9、lgorithm. 1 4.1 Definition of the RSA algorithm . . 1 4.2 Use of the RSA algorithm 2 5 AES encryption algorithm . 2 5.1 Definition of the AES algorithm 2 5.2 Use of the AES algorithm 2BS ISO 9564-2:2014ISO 9564-2:2014(E) Foreword ISO (the International Organization for Standardization) is a worldwid
10、e federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that
11、 committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. The procedures used to develop this docum
12、ent and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directive
13、s, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the developmen
14、t of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO spec
15、ific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary information The committee responsible for this document is ISO/TC 68, Financial serv
16、ices, Subcommittee SC 2, Financial services, security. This third edition cancels and replaces the second edition (ISO 9564-2:2005), which has been technically revised. ISO 9564 consists of the following parts, under the general title Financial services Personal Identification Number (PIN) managemen
17、t and security: Part 1: Basic principles and requirements for PINs in card-based systems Part 2: Approved algorithms for PIN encipherment Part 4: Requirements for PIN handling in eCommerce for payment transactionsiv ISO 2014 All rights reservedBS ISO 9564-2:2014ISO 9564-2:2014(E) Introduction This p
18、art of ISO 9564 specifies algorithms approved for the encipherment of Personal Identification Numbers (PINs). The following algorithms, based on the approval processes established in ISO 9564-1, are: Triple Data Encryption Algorithm (TDEA); RSA; Advanced Encryption Standard (AES). ISO 2014 All right
19、s reserved vBS ISO 9564-2:2014BS ISO 9564-2:2014Financial services Personal Identification Number (PIN) management and security Part 2: Approved algorithms for PIN encipherment 1 Scope This part of ISO 9564 specifies approved algorithms for the encipherment of Personal Identification Numbers (PINs).
20、 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amen
21、dments) applies. ISO 9564-1, Financial services Personal Identification Number management and security Part 1: Basic principles and requirements for PINs in card-based systems ISO/IEC 10116, Information technology Security techniques Modes of operation for an n-bit block cipher ISO/IEC 18033-2, Info
22、rmation technology Security techniques Encryption algorithms Part 2: Asymmetric ciphers ISO/IEC 18033-3, Information technology Security techniques Encryption algorithms Part 3: Block ciphers 3 Triple Data Encryption Algorithm (TDEA) 3.1 Definition of the TDEA algorithm The definition of TDEA shall
23、be as described in the ISO/IEC 18033-3. 3.2 Use of the TDEA algorithm Encipherment, using the TDEA as described in ISO/IEC 18033-3 with TDEA keying option 1 or 2, of the PIN blocks described in ISO 9564-1 shall be achieved using the algorithm operating in the Electronic Code Book (ECB) mode (with n
24、equal to 64), as described in ISO/IEC 10116. This algorithm is approved for use with PIN block formats 0, 1, and 3 only. 4 RSA encryption algorithm 4.1 Definition of the RSA algorithm The definition of RSA shall be as described in ISO/IEC 18033-2. INTERNATIONAL ST ANDARD ISO 9564-2:2014(E) ISO 2014
25、All rights reserved 1BS ISO 9564-2:2014ISO 9564-2:2014(E) 4.2 Use of the RSA algorithm The format 2 PIN block and its encipherment, using RSA, shall be as described in ISO 9564-1. This algorithm is approved only for use for encipherment of offline PINs for submission to ICCs as defined in ISO 9564-1
26、. It is approved for use with PIN block format 2 only. 5 AES encryption algorithm 5.1 Definition of the AES algorithm The definition of AES shall be as described in ISO/IEC 18033-3. 5.2 Use of the AES algorithm Encipherment, using AES as described in ISO/IEC 18033-3, of the PIN blocks described in I
27、SO 9564-1 shall be achieved using the algorithm operating in the Electronic Code Book (ECB) mode (with block size n equal to 128), as described in ISO/IEC 10116. This algorithm is approved for use with PIN block format 4 only.2 ISO 2014 All rights reservedBS ISO 9564-2:2014BS ISO 9564-2:2014ISO 9564
28、-2:2014(E) ISO 2014 All rights reserved ICS 35.240.40 Price based on 2 pagesThis page deliberately left blankBSI is the national body responsible for preparing British Standards and other standards-related publications, information and services. BSI is incorporated by Royal Charter. British Standard
29、s and other standardization products are published by BSI Standards Limited. British Standards Institution (BSI) BSI Group Headquarters 389 Chiswick High Road London W4 4AL UK About us We bring together business, industry, government, consumers, innovators and others to shape their combined experien
30、ce and expertise into standards -based solutions. The knowledge embodied in our standards has been carefully assembled in a dependable format and refined through our open consultation process. Organizations of all sizes and across all sectors choose standards to help them achieve their goals. Inform
31、ation on standards We can provide you with the knowledge that your organization needs to succeed. Find out more about British Standards by visiting our website at or contacting our Customer Services team or Knowledge Centre. Buying standards You can buy and download PDF versions of BSI publications
32、, including British and adopted European and international standards, through our website at where hard copies can also be purchased. If you need international and foreign standards from other Standards Development Organizations, hard copies can be ordered from our Customer Services team. Subscript
33、ions Our range of subscription services are designed to make using standards easier for you. For further information on our subscription products go to With British Standards Online (BSOL) youll have instant access to over 55,000 British and adopted European and international standards from your de
34、sktop. Its available 24/7 and is refreshed daily so youll always be up to date. You can keep in touch with standards developments and receive substantial discounts on the purchase price of standards, both in single copy and subscription format, by becoming a BSI Subscribing Member. PLUS is an updati
35、ng service exclusive to BSI Subscribing Members. You will automatically receive the latest hard copy of your standards when theyre revised or replaced. To find out more about becoming a BSI Subscribing Member and the benefits of membership, please visit With a Multi-User Network Licence (MUNL) you
36、are able to host standards publications on your intranet. Licences can cover as few or as many users as you wish. With updates supplied as soon as theyre available, you can be sure your documentation is current. For further information, email . Revisions Our British Standards and other publications
37、are updated by amendment or revision. We continually improve the quality of our products and services to benefit your business. If you find an inaccuracy or ambiguity within a British Standard or other BSI publication please inform the Knowledge Centre. Copyright All the data, software and documenta
38、tion set out in all British Standards and other BSI publications are the property of and copyrighted by BSI, or some person or entity that owns copyright in the information used (such as the international standardization bodies) and has formally licensed such information to BSI for commercial public
39、ation and use. Except as permitted under the Copyright, Designs and Patents Act 1988 no extract may be reproduced, stored in a retrieval system or transmitted in any form or by any means electronic, photocopying, recording or otherwise without prior written permission from BSI. Details and advice ca
40、n be obtained from the Copyright & Licensing Department. Useful Contacts: Customer Services Tel: +44 845 086 9001 Email (orders): Email (enquiries): Subscriptions Tel: +44 845 086 9001 Email: Knowledge Centre Tel: +44 20 8996 7004 Email: Copyright & Licensing Tel: +44 20 8996 7070 Email: NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW
