Standards Manage Your Business
We Manage Your Standards
Standards Manage Your Business
We Manage Your Standards
Banking — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods
ISO 13491-1:2007 has two primary purposes:
Appropriate device characteristics are necessary to ensure that the device has the proper operational capabilities and provides adequate protection for the data it contains. Appropriate device management is necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner (e.g. by “bugging”) and that any sensitive data placed within the device (e.g. cryptographic keys) has not been subject to disclosure or change.
Absolute security is not achievable in practical terms. Cryptographic security depends upon each life cycle phase of the SCD and the complementary combination of appropriate management procedures and secure cryptographic characteristics. These management procedures implement preventive measures to reduce the opportunity for a breach of SCD security. These aim for a high probability of detection of any unauthorized access to sensitive or confidential data, should device characteristics fail to prevent or detect the security compromise.
Annex A provides an informative illustration of the concepts of security levels described in ISO 13491-1:2007 as being applicable to SCDs.
Currently Viewing
Expand Your Knowledge and Unlock Your Learning Potential - Your One-Stop Source for Information!
© Copyright 2024 BSB Edge Private Limited.
