KS X ISO 13491-1-2011 Banking－Secure cryptographic devices (retail)－Part 1：Concepts requirements and evaluation methods《银行业务 安全密码装置(零售) 第1部分 概念、要求和评估方法》.pdf

1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS X ISO 13491 1 1： , KS X ISO 13491 1:2011 2011 12 29 http:/www.kats.go.krKS X ISO 13491 1:2011 : e- ( ) ( ) () ( ) : (http:/www.standard.go.kr) ： ：2001 12 31 ：2011 12 29 2011-0663 ： e- ： ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO 13491 1:2011

2、 i ii . iii 1 1 2 1 3 .2 4 4 5 .4 5.1 .4 5.2 (Attack scenario) .5 5.3 (Defence measures).6 6 .8 6.1 .8 6.2 .8 6.3 (Logical security requirements for SCDs) 11 7 14 7.1 .14 7.2 (Life cycle phase) 14 7.3 (Life cycle protection requirements).15 7.4 (Life cycle protection methods) 17 7.5 (Accountability)

3、19 7.6 (Device management principles of audit and control) 19 8 .21 8.1 .21 8.2 (Risk assessment) 22 8.3 (Informal evaluation method).23 8.4 (Semi-formal evaluation method)25 8.5 (Formal evaluation method).26 A( ) .27 30 KS X ISO 13491 1:2011 ii , . . , . (PIN), (MAC), , , , . . A( ) KS X ISO 13491

4、“ ” . 1： , 2： KS X ISO 13491 1:2011 iii 1998 1 ISO 13491 1, Banking Secure cryptographic devices (retail)Part 1： Concepts, requirements and evaluation methods . KS X ISO 13491 1:2011 1： , Banking Secure cryptographic devices (retail) Part 1： Concepts, requirements and evaluation methods 1 KS X ISO 9

5、564 1, KS X 6313, KS X ISO 11568( ) . . . , (bugging ) , (： ) . . , , . , . A (security level) . . KS X ISO 13491 2 . 2 . . ( ) . KS X ISO 11568 1, ( ) 1： KS X ISO 11568 2, ( ) 2： KS X ISO 13491 1:2011 2 KS X ISO 11568 4, ( ) 4： KS X ISO 13491 2_2002, 2： 3 . 3.1 (accreditation authority) 3.2 (accred

6、ited evaluation authority) (： KS Q ISO/IEC 17025) 3.3 (assessment checklist) KS X ISO 13491 2 3.4 (assessment report) 3.5 (assessment review body) 3.6 (assessor) , , 3.7 (attack) 3.8 (certification report) 3.9 (controller) (SCD) 3.10 (deliverables) , , KS X ISO 13491 1:2011 3 3.11 (device compromise

7、) , 3.12 (device security) 3.13 (environment-dependent security) 3.14 (evaluation agency) . 3.15 (evaluation report) 3.16 (evaluation review body) 3.17 (formal claim) 3.18 (logical security) 3.19 (operational environment) . , , , , . 3.20 (physical security) 3.21 (secure cryptographic device) SCD (

8、) ( POS ) . KS X ISO 13491 1:2011 4 3.22 (sensitive data) (sensitive information) , , , , , 3.23 (software) , . 3.24 (sponsoring authority, sponsor) , , 3.25 (tamper evident characteristic) 3.26 (tamper resistant characteristic) (passive) 3.27 (tamper responsive characteristic) (active) 4 ATM (autom

9、ated teller machine) MAC (message authentication code) PIN (Personal Identification Number) POS (point of sale) SCD (secure cryptographic device) 5 5.1 . a) (： MAC ) b) (： ) c) , , d) (： ) . KS X ISO 13491 1:2011 5 , , / . . . , . “ ” “ ” . , , , . (tamper resistance) . , , . , , . , . . . . 7. . 5.

10、2 (Attack scenario) 5.2.1 , . . . , . 5.2.2 (Penetration) , . 5.2.3 (Monitoring) (電磁氣的 ) (electromagnetic radiation) . , KS X ISO 13491 1:2011 6 . . 5.2.4 (Manipulation) . , . . 5.2.5 (Modification) . “ ” . . , . . . 5.2.6 (Substitution) . “ (counterfeit)” - . . . . . 5.3 (Defence measures) 5.3.1 .

11、. 5.3.2 (Device characteristics) 5.2 . , 3 KS X ISO 13491 1:2011 7 . (tamper evidence characteristics) (tamper resistance characteristics) (tamper response characteristics) . . . , . . . . , . , . , , . , . . . , . , (active barrier) . . . . , . . . . . . 5.3.3 (Device management) (7. ). . KS X ISO

12、13491 1:2011 8 . . 5.3.4 (Environment) , . (7. ), (highly controlled) (minimally controlled) . . . 6 6.1 . . . , . . 6.2 6.2.1 . , , , . 1 . . . , . KS X ISO 13491 1:2011 9 , , . , . . 2 3 . (service)： (inspection)： (repair)： / , , . . , . 6.2.2 (Tamper evidence requirements) 6.2.2.1 , , 6.2.2.2 6.2.2.4 . 6.2.2.2 , . 6.2.2.3 , , . 6.2.2.4 , , . 6.2.3 (Tamper resistance requirements) 6.2.3.1 , , / , 6.2.3.2 6.2.3.5 . 6.2.3.2 , , KS X ISO 13491 1:2011 10 . 6.2.3.3 , , . 6.2.3.4 . . ( , .) , . . 6.2.3.5 / /