root / docs / UKPA(APACS) / Standard 70 - Book 5.info  login   РУ || EN 

STANDARD 70 - BOOK 5

CARD ACCEPTOR TO ACQUIRER INTERFACE STANDARDS

Security and Key Management

UK Payments Administration (October 2009)

FOREWORD

INTRODUCTION

1 SCOPE

2 NORMATIVE REFERENCES

3 TERMS AND DEFINITIONS

4 ABBREVIATED TERMS

5 COMPLIANCE WITH OTHER STANDARDS

5.1 General

5.2 Data security

5.3 Specifications to follow

5.3.1 Functional Implementation

5.3.2 Security evaluations

5.4 PIN process

5.5 PIN length

6 SECURITY REQUIREMENTS

6.1 General

6.2 Physical security requirements

6.3 Environmental Security

6.4 Confidential PIN entry

6.5 Security evaluation

7 SCHEME PUBLIC KEY MANAGEMENT

7.1 Context

7.2 Considerations

7.3 Loading of CA public keys onto the TMS

7.4 Audit functions

7.5 Key Revocation

8 SECURITY DOMAINS

8.1 Terminology

8.1.1 Type A - Combined PIN PAD and IFD Connected to terminal

8.1.2 Type B1 - Separate PIN PAD using IFD on the terminal

8.1.3 Type B2 - Individual PIN PAD IFD and POS/EPOS terminal

8.1.4 Type C - Combined PIN PAD, IFD and terminal

8.1.5 Type D - Combined PIN PAD and terminal connected to IFD

8.2 General requirements for physical combinations

8.3 PIN confidentiality requirements

8.4 Authentication requirements

8.5 Cryptography requirements

8.6 PIN block formats

9 OPERATIONAL ENVIRONMENTS

9.1 Attended terminal

9.2 Unattended terminal

9.3 Behind the glass environments

9.3.1 General

9.3.2 Bank type environments

9.3.3 Night windows

9.3.4 Fixed PEDs

9.3.5 Disability discrimination act

9.4 Confidential PIN entry

9.5 Card acceptance

9.6 Voice referrals

9.7 Keypad

9.8 Interfaces

10 TRANSACTION KEY SYSTEM

10.1 General

10.2 Real-time message authentication

10.2.1 General

10.2.2 Message authentication block (MAB) generation

10.2.3 Message chaining within a transaction

10.3 Real-time message PIN protection

10.3.1 General

10.4 Pin encryption for card issuer verified PINs

10.4.1 General

10.4.2 PIN block construction

10.4.3 PAN block construction

10.4.4 Clear text PIN/PAN block

10.4.5 PIN cipher block

10.5 Derivation Of cryptographic keys

10.5.1 General

10.5.2 MAC processing key

10.5.3 Key register substitute

10.5.4 Card key

10.5.5 PIN processing key

10.5.6 Data elements A, B, C and D

10.6 Transaction key management

10.6.1 General

10.6.2 Transaction key update at the terminal

10.6.3 Transaction key register update at the acquirer's host

10.7 Functional elements

10.7.1 Enciphering algorithm

10.7.2 One-way function

10.7.3 Authorisation parameter

10.8 Triple-DES Processing Extension

10.8.1 Key registers

10.8.2 Start key values

10.8.3 Derivation of cryptographic keys

10.8.4 Transaction key management

10.8.5 Message Authentication Block (MAB) generation

10.8.6 PIN Cipher Block generation

10.8.7 Message format changes for Triple-DES

11 PORTABLE AND MOBILE DEVICE SECURITY

11.1 Background

11.2 Terminal definitions

11.2.1 Portable terminals

11.2.2 Mobile terminals

11.3 Digital enhanced cordless technology (DECT)

11.4 Wi-Fi 802.11 b & g

11.4.1 Wi-Fi 802.11b

11.4.2 Wi-Fi 802.11g

11.5 Bluetooth

11.6 Mobile terminals

11.6.1 GSM and GPRS networks

11.6.2 Mobitex networks

search : Contacts .    © Cheef 2008