Customer Service:
Mon - Fri: 8:30 am - 6 pm EST
Back
Standards PDF Cover Page

 Historical

ISO 13491-1:1998

Banking - Secure cryptographic devices (retail) - Part 1: Concepts, requirements and evaluation methods

This part of ISO 13491 specifies the requirements for Secure Cryptographic Devices which incorporate the cryptographic processes defined in ISO 9564, ISO 9807 and ISO 11568.

This part of ISO 13491 has two primary purposes:

  • to state the requirements concerning both the operational characteristics of SCD's and the management of such devices throughout all stages of their life cycle,
  • to standardize the methodology for verifying compliance with those requirements.

Appropriate device characteristics are necessary to ensure that the device has the proper operational capabilities and provides adequate protection for the data it contains. Appropriate device management is necessary to ensure that the device is legitimate, that it has not been modified in an unauthorized manner, e.g., by “bugging”, and that any sensitive data placed within the device (e.g., cryptographic keys) has not been subject to disclosure or change.

Absolute security is not practically achievable. Cryptographic security depends upon each life cycle phase of the SCD and the complementary combination of appropriate management procedures and secure cryptographic characteristics. These management procedures implement preventive measures to reduce the opportunity for a breach of cryptographic device security. These aim for a high probability of detection of any illicit access to sensitive or confidential data should device characteristics fail to prevent or detect the security compromise.

Annex A provides an informative illustration of the concepts of security levels described in this part of ISO 13491 as being applicable to secure cryptographic devices.

This part of ISO 13491 does not address issues arising from the denial of service of a SCD.

Specific requirements for the characteristics and management of specific types of SCD functionality used in the retail banking environment are contained in another part of ISO 13491.

Available for Subscriptions

Content Provider
International Organization for Standardization [iso]

Others Also Bought

ISO 13491-2:2000
Banking -- Secure cryptographic devices (retail) -- Part 2: Security compliance checklists for devices used in ...
Call Customer Service
ISO 13491-2:2005
Banking - Secure cryptographic devices (retail) - Part 2: Security compliance checklists for devices used in financial ...
Add to cart
ISO 9564-2:1991
Banking - Personal Identification Number management and security - Part 2: Approved algorithm(s) for PIN encip ...
Call Customer Service
Document History
Revised By:
Included in Packages
This standard is not included in any packages.
Amendments & Corrections
We have no amendments or corrections for this standard.
ANSI Logo

As the voice of the U.S. standards and conformity assessment system, the American National Standards Institute (ANSI) empowers its members and constituents to strengthen the U.S. marketplace position in the global economy while helping to assure the safety and health of consumers and the protection of the environment.

Useful Links
CUSTOMER SERVICE
NEW YORK OFFICE
ANSI HEADQUARTERS
2024 © American National Standards Institute (ANSI) All Rights Reserved.