Standard

UPDATE AVAILABLE

AS ISO 13491.1:2019

[Superseded]

Financial services - Secure cryptographic devices (retail), Part 1: Concepts, requirements and evaluation methods

The objective of this Standard is to specify the security characteristics for secure cryptographic devices (SCDs) based on the cryptographic processes defined in ISO 9564, ISO 16609, and ISO 11568.

Published: 12/03/2019

Pages: 33

Table of contents

Cited references

Content history

Table of contents

Header

About this publication

Preface

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Abbreviated terms

5 Secure cryptographic device concepts

5.1 General

5.2 Attack scenarios

5.2.1 General

5.2.2 Penetration

5.2.3 Monitoring

5.2.4 Manipulation

5.2.5 Modification

5.2.6 Substitution

5.3 Defence measures

5.3.1 General

5.3.2 Device characteristics

5.3.3 Device management

5.3.4 Environment

6 Requirements for device security characteristics

6.1 General

6.2 Physical security requirements for SCDs

6.2.1 General

6.3 Tamper evident requirements

6.3.1 General

6.3.1.1 Substitution

6.3.1.2 Penetration

6.3.1.3 Modification

6.3.1.4 Monitoring

6.4 Tamper resistant requirements

6.4.1 General

6.4.1.1 Penetration

6.4.1.2 Modification

6.4.1.3 Monitoring

6.4.1.4 Substitution/removal

6.5 Tamper responsive requirements

6.5.1 General

6.5.1.1 Penetration

6.5.1.2 Modification

6.6 Logical security requirements for SCDs

6.6.1 Dual control

6.6.2 Unique key per device

6.6.3 Assurance of genuine device

6.6.4 Design of functions

6.6.5 Use of cryptographic keys

6.6.6 Sensitive device states

6.6.7 Multiple cryptographic relationships

6.6.8 SCD software authentication

7 Requirements for device management

7.1 General

7.2 Life cycle phases

7.3 Life cycle protection requirements

7.3.1 General

7.3.2 Manufacturing phase

7.3.3 Post-manufacturing phase

7.3.4 Commissioning (initial financial key loading) phase

7.3.5 Inactive operational phase

7.3.6 Active operational phase (use)

7.3.7 Decommissioning (post-use) phase

7.3.8 Repair phase

7.3.9 Destruction phase

7.4 Life cycle protection methods

7.4.1 Manufacturing

7.4.2 Post manufacturing phase

7.4.3 Commissioning (initial financial key loading) phase

7.4.4 Inactive Operational Phase

7.4.5 Active operational (use) phase

7.4.6 Decommissioning phase

7.4.7 Repair

7.4.8 Destruction

7.5 Accountability

7.6 Device management principles of audit and control

Annex A

A.1 General

A.1.1 Choice of evaluation method

A.1.2 Informal method

A.1.3 Semi-formal method

A.1.4 Semi-formal method with approval

A.1.5 Formal method

A.2 Risk assessment

A.3 Informal evaluation method

A.3.1 General

A.3.2 Sponsor

A.3.3 Assessor

A.3.4 Assessment review body

A.3.5 Assessment checklist

A.3.6 Assessment results

A.3.7 Assessment report

A.4 Semi-formal evaluation method

A.4.1 General

A.4.2 Sponsor

A.4.3 Evaluation agency

A.4.4 Evaluation review body

A.4.5 Evaluation results

A.4.6 Evaluation report

A.5 Semi-formal with approval evaluation method

A.5.1 General

A.5.2 Sponsor

A.5.3 Accredited evaluation agency

A.5.4 Evaluation review body

A.5.5 Evaluation results

A.5.6 Evaluation report

A.5.7 Approval authority

A.5.8 Accreditation authority

A.6 Formal evaluation method

Bibliography

Cited references in this standard

Content history

ISO 13491-1:2016

[Superseded]

AS 2805.14.1-2011

[Superseded]

AS ISO 13491.1:2025

[Current]

DR AS ISO 13491.1:2018