GB/T 21079.1-2011
AbolishedBanking -- Secure cryptographic devices (retail) -- Part 1: Concepts, requirements and evaluation methods
银行业务 安全加密设备(零售) 第1部分:概念、要求和评估方法
Catalogue
前言 → 引言 → 1 范围 → 2 规范性引用文件 → 3 术语和定义 → 4 缩略语 → 5 安全密码设备(SCD) → 6 设备安全特性要求 → 7 设备管理要求 → 8 评估方法 Foreword → Introduction → 1 Scope → 2 Normative References → 3 Terms and Definitions → 4 Abbreviations → 5 Secure Cryptographic Devices (SCD) → 6 Device Security Characteristic Requirements → 7 Device Management Requirements → 8 Evaluation Methods
Scope
This part of GB/T 21079, based on the cryptographic methods defined in ISO 9564, ISO 16609 and ISO 11568, specifies requirements for secure cryptographic devices (hereinafter referred to as SCD). This part has two main objectives: a) to specify the operational requirements of SCD and their management requirements throughout their entire life cycle; b) to standardize the methods for checking compliance with the above requirements. SCD should have appropriate device characteristics and be subject to appropriate device management; the former ensures the operational performance of the SCD and provides adequate protection for its internal data; the latter ensures the legitimacy of the SCD, i.e., that the SCD will not be altered in an unauthorized manner (e.g., by installing 'eavesdropping devices', etc.) and that any sensitive data (e.g., encryption keys) contained therein will not be leaked or tampered with. Absolute security is practically unattainable. The security of an SCD depends on the organic combination of appropriate management and secure cryptographic characteristics at each stage of its life cycle. Management procedures can reduce the probability of SCD security being compromised through preventive measures, with the aim of increasing the likelihood of detecting unauthorized access to sensitive or confidential data when the device's own characteristics cannot prevent or detect security attacks. Appendix A, in the form of informative information, describes the concepts applicable to SCD security levels mentioned in this part. This part does not address issues arising from denial of service by SCD, nor does it address specific requirements for device characteristics and management of different SCDs in retail financial services; that content is found in ISO 13491-2. This part is applicable to the security management of secure cryptographic devices in retail financial services.
GB/T 21079的本部分以ISO 9564、ISO 16609和ISO 11568中定义的密码方法为基础,规定了对安全密码设备(以下简称SCD)的要求。本部分有以下两个主要目的:a)规定SCD的操作性要求和其在整个生命周期中的管理要求;b)对上述要求的符合性检查方法进行标准化。SCD应具有合适的设备特性并进行适当的设备管理,前者保证了SCD的操作性能以及为其内部数据提供足够的保护;后者保证了SCD的合法性,即SCD不会以非授权的方式更改(如安装“侦听装置”等)且其中的任何敏感数据(如加密密钥)不会遭到泄漏或篡改。绝对的安全性实际上是无法达到的。SCD的安全性依赖于在生命周期每个阶段中适当的管理和安全密码特性两者的有机结合。管理程序可以通过防范措施来降低SCD安全受到破坏的几率,目的是在设备本身特性不能阻止或检测安全攻击的情况下,提高发现非法访问敏感数据或机密数据的可能性。附录A以资料性信息的形式,描述了本部分提及的适用于SCD安全级别的概念。本部分没有涉及由SCD拒绝服务引发的问题,也没有涉及在金融零售业务中,不同SCD在设备特性和管理方面的具体要求,该部分内容见ISO 13491—2。本部分适用于金融零售业务中安全密码设备的安全管理。
Normative References
Keywords
Application Summary AI generated
Financial institutions and payment system operators use this standard to ensure that secure cryptographic devices (such as PIN entry devices and hardware security modules) used in retail banking have adequate physical and logical security characteristics. These devices protect sensitive data (e.g., personal identification numbers, encryption keys) during transactions, preventing data leakage or tampering. This standard matters because it provides a unified approach for security evaluation and lifecycle management of such devices, thereby reducing the risk of financial fraud.
金融机构和支付系统运营商使用本标准来确保零售银行业务中使用的安全加密设备(如PIN输入设备、硬件安全模块)具备足够的物理和逻辑安全特性。这些设备用于保护交易中的敏感数据(如个人识别码、加密密钥),防止数据泄露或篡改。本标准的重要性在于它为设备的安全评估和生命周期管理提供了统一的方法,从而降低金融欺诈风险。
AI Summary AI generated
This standard specifies concepts, requirements, and evaluation methods for secure cryptographic devices (SCD) in retail banking. Based on international standards like ISO 9564, it defines physical and logical security characteristics, including tamper-evident, tamper-resistant, and tamper-responsive mechanisms, as well as device lifecycle management requirements. The standard emphasizes that absolute security is unattainable and risk reduction requires a combination of device characteristics, management, and environment. It applies to security management of SCDs in retail financial services, providing a unified framework for device evaluation and compliance checking.
本标准规定了零售银行业务中安全加密设备(SCD)的概念、要求和评估方法。它基于ISO 9564等国际标准,明确了SCD的物理和逻辑安全特性,包括防攻击、抗攻击和反攻击机制,以及设备生命周期管理要求。标准强调绝对安全不可实现,需通过设备特性、管理和环境三要素结合来降低风险。适用于金融零售业务中SCD的安全管理,为设备评估和合规检查提供统一框架。
Key Sentences extracted from text
GB/T 21079的本部分以ISO 9564、ISO 16609和ISO 11568中定义的密码方法为基础,规定了对安全密码设备(以下简称SCD)的要求。
SCD应具有合适的设备特性并进行适当的设备管理,前者保证了SCD的操作性能以及为其内部数据提供足够的保护;后者保证了SCD的合法性,即SCD不会以非授权的方式更改(如安装“侦听装置”等)且其中的任何敏感数据(如加密密钥)不会遭到泄漏或篡改。
绝对的安全性实际上是无法达到的。
SCD的安全性依赖于在生命周期每个阶段中适当的管理和安全密码特性两者的有机结合。
本部分适用于金融零售业务中安全密码设备的安全管理。
This part of GB/T 21079, based on the cryptographic methods defined in ISO 9564, ISO 16609 and ISO 11568, specifies requirements for secure cryptographic devices (hereinafter referred to as SCD).
SCD should have appropriate device characteristics and be subject to appropriate device management; the former ensures the operational performance of the SCD and provides adequate protection for its internal data; the latter ensures the legitimacy of the SCD, i.e., that the SCD will not be altered in an unauthorized manner (e.g., by installing 'eavesdropping devices', etc.) and that any sensitive data (e.g., encryption keys) contained therein will not be leaked or tampered with.
Absolute security is practically unattainable.
The security of an SCD depends on the organic combination of appropriate management and secure cryptographic characteristics at each stage of its life cycle.
This part is applicable to the security management of secure cryptographic devices in retail financial services.
Standard Timeline
Changes from replaced version:
- 在SCD的物理安全要求中增加:物理安全设备及采用“每笔交易一个密钥”管理方式设备的描述(本版的6.2.5和6.2.6)
- 在SCD的逻辑安全要求中增加:双重控制、每台设备采用惟一密钥要求(本版的6.3.1和6.3.2)
- 为保证和本标准第2部分:金融交易中设备安全符合性检测清单(已做为GB/T 20547.2—2006发布)的统一,将本部分评估方法中的“半正式评估”统一为“准正式评估”
- 对标准的结构进行了重新调整,去除了原标准中部分章节的悬置段(2007版的4、4.1、4.2、5.3、6、6.2、6.3、7、7.1、7.3、7.4;本版的5.1、5.2.1、5.3.1、7.1、7.3.1、7.4.1、8.1.1、8.3.1、8.4.1)
- Added to SCD physical security requirements: description of physical security devices and devices using 'one key per transaction' management (this edition 6.2.5 and 6.2.6)
- Added to SCD logical security requirements: dual control, unique key per device requirement (this edition 6.3.1 and 6.3.2)
- To ensure consistency with Part 2 of this standard: Security compliance checklists for devices used in financial transactions (already published as GB/T 20547.2—2006), changed 'semi-formal evaluation' to 'quasi-formal evaluation' in the evaluation methods of this part
- Restructured the standard, removing hanging paragraphs from some sections of the previous edition (2007 edition 4, 4.1, 4.2, 5.3, 6, 6.2, 6.3, 7, 7.1, 7.3, 7.4; this edition 5.1, 5.2.1, 5.3.1, 7.1, 7.3.1, 7.4.1, 8.1.1, 8.3.1, 8.4.1)