GB/T 21078.3-2011 Management and security of personal identification numbers for banking services Part 3: Guidelines for PIN processing in open networks GB/T21078.3-2011 |tt||Standard compression package decompression password: www.bzxz.net
This part specifies guidelines for the processing of PINs in open network systems; it provides best practices for financial business security measures for managing PINs and processing transactions initiated by financial cards in environments where the issuer and acquirer do not have direct control over PIN management, or when the PIN entry device has no relationship with the acquirer before the transaction occurs. This part applies to transactions initiated by financial cards that require PIN verification, and is applicable to organizations responsible for implementing PIN management technology in terminals and PIN entry devices used in open network systems. This standard does not apply to: ————PIN management and security in an online PIN environment, which is covered by GB/T 21078.1 and GB/T 21078.2; ————Approved PIN encryption algorithms; ————PIN protection to prevent loss or intentional misuse by users or authorized employees of issuers and their agents; ————Confidentiality of non-PIN transaction data; ————Protection of transaction messages to prevent modification or replacement, such as online authorization responses; ————Prevention of PIN or transaction replay; ————Specific key management techniques; ————Access and storage of card data by server-based applications (e.g. electronic wallets); ————Secure PIN entry devices deployed by financial institutions and activated by cardholders.
class="f14" style="padding-top:10px; padding-left:12px; padding-bottom:10px;"> GB/T21078 "Management and security of personal identification numbers for banking services" is divided into the following three parts:
———Part 1: Basic principles and requirements for online PIN processing in ATM and POS systems;
———Part 2: Requirements for offline PIN processing in ATM and POS systems;
———Part 3: Guidelines for PIN processing in open networks.
This part is the third part of GB/T21078.
This part is drafted in accordance with the rules given in GB/T1.1-2009.
This part is equivalent to ISO/TR9564-4:2004 "Management and security of personal identification numbers for banking services Part 4: Guidelines for PIN processing in open networks" (English version).
This part deletes the ISO foreword.
This part is proposed by the People's Bank of China.
This part is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180).
The responsible drafting unit of this part: China Financial Electronicization Company.
Participating drafting units of this part: Industrial and Commercial Bank of China, Bank of China, Bank of Communications, Xinghua City Branch of the People's Bank of China, China UnionPay Co., Ltd.
Main drafters of this part: Wang Pingwa, Lu Shuchun, Li Shuguang, Jia Shuhui, Zhao Zhilan, Zhong Zhihui, Wang Zhigang, Ran Ping, Zhou Yanmei, Zhang Fan, Jia Jing, Liu Yun, Jing Yun, Zhang Yan.

ICS35.240.40
National Standard of the People's Republic of China
GB/T 21078.3--2011/IS0/TR 9564-4;2004Banking--Personal identification number (PIN) management and security-Part 3: Guidelines for PIN handling in open networks(ISO/TR9564-4:2004,IDT)
Published on December 30, 2011
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Administration of Standardization of the People's Republic of China
Implemented on February 1, 2012
GB/T 21078.3--2011T/ISO/TR 9564-4:2004 GB/T21078 Management and security of personal identification numbers for banking services is divided into the following three parts: Part 1: Basic principles and requirements for online PIN processing in ATM and POS systems; Part 2: Requirements for offline PIN processing in ATM and POS systems; Part 3: Guidelines for PIN processing in open networks. This part is the third part of GB/T21078. This part was drafted in accordance with the rules given in GB/T1.1-2009. This part adopts ISO/TR9564-4:2004 Management and security of personal identification numbers for banking services Part 4: Guidelines for PIN processing in open networks (English version). This part deletes the ISO foreword.
This part was proposed by the People's Bank of China.
This part is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180). The responsible drafting unit of this part is China Financial Electronicization Company. The participating drafting organizations of this part are: Industrial and Commercial Bank of China, Bank of China, Bank of Communications, Xinghua City Branch of the People's Bank of China, China UnionPay Co., Ltd.
The main drafters of this part are: Wang Pingwa, Lu Shuchun, Li Shuguang, Jia Shuhui, Zhao Zhilan, Zhihui, Wang Zhigang, Ran Ping, Zhou Yanmei, Zhang Fan, Jia Jing, Liu Yun, Jing Yun, Zhang Yan.
TTTKANTKACA
GB/T 2107B.3—2011/IS0/TR 9564-4:2004 Introduction
The open network environment is a high-risk environment. This is especially true for PIN-based transactions, because the PIN entry device cannot be controlled by the card issuer or acquirer. In many cases, it is the cardholder who decides what inter-network device to use. This part provides a guide to help participants in payment systems reduce the risk of PIN leakage in open network systems and prevent fraud that may occur with PIV leakage in payment systems covered by GB/T 21078.1 and GB/T 21078.2. Its purpose is to define a minimum P1N security criterion in an open network environment. If the security of the PIN in such an environment is insufficient and the card data is also leaked, there is a high probability that both (card data and PIV) will be used fraudulently in ATM, POS or open network environments. The integrity of the authentication mechanism depends on the confidentiality of the PIN and cardholder data. In an open network environment, the lack of control makes the protection of PIV difficult, so it is necessary to protect the cardholder data, which can minimize the risk of fraud caused by the theft of card data and the leakage of PIN in an open network environment. T
TTKANYKACA
1 Scope
GB/T21078.3—2011/ESO/TR9564-4;2004 Management and security of personal identification numbers for banking services Part 3: Guidelines for PIN processing in open networks This part specifies guidelines for the processing of PIVs in open network systems: best practices for providing financial business security measures for managing PINs and processing transactions initiated by financial cards in environments where the issuer and acquirer do not have direct control over PIN management, or where the PIV input device has no relationship with the acquirer before the transaction occurs. This part applies to transactions initiated by financial cards that require PIN verification, and is applicable to organizations responsible for implementing PIN management technology in terminals and PIN input devices used in open network systems. This standard does not apply to:
PLV management and security in an online PIN environment, which is covered by GB/T 21078.1 and GB/T 21078.2; approved PIV encryption algorithms;
PIN protection against loss or intentional misuse by the user or authorized employees of the issuer and its agents; privacy of non-PIN transaction data;
protection of transaction messages against modification or replacement such as online authorization responses; prevention of PIV or transaction replay:
specific encryption management technologies;
-access and storage of card data by server-based applications (e.g., electronic wallets); secure PIN entry devices deployed by financial institutions and activated by the cardholder. 2 Terms and definitions
The following terms and definitions apply to this document. 2.1
acquirer
an institution or its agent that obtains transaction-related data from the card acceptor and submits the data to the exchange system. 2.2
Conpromise
<Cryptography) The violation of confidentiality and/or security. 2.3
Encipherment
The use of a coding mechanism to translate text into a form that is incomprehensible to unauthorized persons. 2.4
Integrated circuit card (IC card) Integrated circuit card (ICC) ID.--Type 1 card, according to the definitions of GB/T14916, GB/T15120, GB/T15694 and GB/T17552, in which one or more integrated circuits are embedded.
For: See GB/T 16649. 1.
Issuer
The institution that owns the account identified by the primary account number. 1
TTIKANYKACA
GB/T21078.3—2011/IS0/TR9564-420042.6
Network access device (NAD)Hetworkccessdevice(NAD)Personal computer, set-top box, mobile phone, PDA, fixed-line telephone, payment terminal or other device that can access an open network.
Open network operation
Public network where the integrity and confidentiality of transmitted data cannot be guaranteed, examples: Internet, telephone network.
Personal identification number (PIN)personal identifieation number (PIN)A code or password held by a customer for authentication. 2.9
PIN entry device (PED)
PIN entry device (FED)
FIN keyboard PIVpad
PIN entry keypadPIN entry keypadDevice for cardholder to input PIV.
Primary account number (PAN)Primary account number (PAN)A code that identifies the card issuer and cardholder information, consisting of the card issuer ID, cardholder ID and check digit, see the definition in GB/T15694.
3 Parallel network model
3.1 Network model
GB/T21078.1 and GB/T21078.2 describe the security of PIN-based transactions (online or offline) in ATM (automatic teller machine) or POS (point of sale) environments. Technological developments have made it possible to use PIN-based cash transactions in an open network. In an open network environment, a network access device conducts transactions with any merchant in the world that has an open network connection, and the merchant can use any open network device to acquire the card. Therefore, when a PIN is used to verify the cardholder in an open network transaction, the acquirer of the transaction cannot control the PIN input device. This is different from the ATM and POS environment, where the acquirer is solely responsible for the operation and security of the PIN input device.
3.2 Open Network Access Devices
This section details methods to achieve an acceptable minimum level of security when a PIN is used in conjunction with an open network access device for authentication.
Use the following payment process:
a) The cardholder contacts the merchant using a network access device that communicates via an open network; b) The merchant communicates with its acquirer via an open network or conventional "merchant-acquirer communication methods; c) The acquirer communicates with the issuer using conventional authorization and settlement networks. This section summarizes the minimum security recommendations for PIN authentication methods in open network devices. Because all devices involved are considered untrustworthy, this section provides methods to protect card data and control fraud risks in open network devices. Although non-PIN cardholder authentication methods are beyond the scope of this section, it does not mean that other parties have no PIN methods. 2
TTTKAONTKACA
4 Security principles for PIN in open network devices 4.1 Overview
GB/T 21078.3-2011/ISO/TR 9564-4 :2004PIN security principle is based on the confidentiality of PIN, but does not provide protection for the data in the magnetic stripe card. In an open network environment, it is difficult to ensure the confidentiality of PLV. Therefore, in order to minimize the potential risk of PIV leakage, this part focuses on protecting magnetic stripe data by prohibiting the use of magnetic stripe access devices.
Under any circumstances, card data should not be stored on any device other than the systems of acquiring and issuing financial institutions. To ensure the security of the system, the core is to ensure that the information released by the IC card is not enough to create a counterfeit magnetic stripe card, for example, by ensuring that the card data verification value in the magnetic stripe is different from that in the IC card environment. 4.2 Card data source
4.2. 1 IC card
In an offline FIN open network environment where there is no magnetic reading capability, the risk of fraud is greatly reduced because the IC card provides sufficient protection for the card data. Therefore, in line with GB/T 21078.1 and GB/T Compared to the requirements of GB/T 21078.2, the requirements for providing key-based PIN security are reduced.
4.2.2 Magnetic stripe cards
The use of magnetic stripe cards in an open network environment is not supported because the PIN is subject to the security risks described in GB/T 21078.1 and GB/T 21078.2. Environments that support and do not support PINs are shown in Table 1. 4.2.3 Manual PAN entry
When manually entering card data, the network access device (NAD) should not prompt for PIN entry. Table 1 Environments that support and do not support PINs
Network access device (NAD)
Online PIN
Manual PAN Input
5Minimum Acceptable PED
Not Supported
Not Supported
Offline FIN
Not Supported
Not Supported
The support environment in Table 1 was generated based on the principles of Chapter 4. In order to provide the functionality of the support environment, a minimum acceptable PED that meets the requirements of this chapter is required.
The minimum acceptable PED is a network access device (NAD) that includes an IC card reader and a device that allows the cardholder to enter the PIV. The IC card reader slot should:
a) not have space to accommodate a malicious device that leaks the PIN when the card is in the IC card reader1 should not be enlarged to provide space for a malicious device that leaks the PIN: b
) be placed in a way that allows the user to immediately detect that a malicious device is connected to it. 3
TTKANTKACA
GB/T21078.3—2011/IS0/TR9564-4:2004Necessary electronic protection circuits should be provided to prevent the installation of eavesdropping devices in IC card readers. 6 PIN security for offline PIN processing devices connected to a parallel network 6.1 Overview
The environment supported by this standard only includes the use of IC cards through PEDs. This chapter describes offline PIV processing in an IC card environment. 6.2 Offline PIN verification in open network access devices When an IC card performs offline PIN verification, the PIN is usually transmitted from the PED to the IC card in plain text. Some payment applications require that the PIN be encrypted using the IC card's public key before being submitted to the IC card. In this case, the transaction can only be completed if the network access device can perform the encryption.
To assist the IC card in preventing fraudulent access, it is recommended that the cardholder be required to remove the IC card between transactions, or the payment application should require the card to be physically reset between transactions.
6.3 General Recommendations for Open Network Financial Transactions When using IC cards in an open network, it is strongly recommended that cardholders be instructed to control access to their IC cards at all times. For example, when a cardholder's card is in a Network Access Device (NAD), they should not leave their card for longer than is necessary to complete a transaction. It is strongly recommended that the PED used in the NAD be established to prevent the plaintext PIN from leaving the PED (except when the plaintext PIN is sent directly to the IC card).
GB/T 21078.3-2011/IS0/TR 9564-4:2004 Weikao Literature
[1]GB/T11916—2006 Physical characteristics of identification cards (ISO 7810;2003,1DT)[2] GB/T15120—1994 Identification card recording technology (GB/T 15120—1994, ISO 7811:1985,IDT)[31 GB/T 15694.2—2062
Identification cards Issuer identification Part 2: Pinning and registration procedures (ISO7612-2:2000, IDT
[47GB/T16649,12006
Identification cards Integrated circuit cards with melting points Part 1: Physical characteristics (I507816-1:1998, IDT)
[51ISO/IEC 7812-1:2000
Identification cards Issuer identification
Part 1: Numbering system
[6IS0/1EC7813:2001 Identification cards Financial transaction cards [7I5O 13491-1:1998 Cryptographic equipment for banking office security (retail) Part 1 Concepts, requirements and evaluation methods3 Manual PAN Entry
When card data is manually entered, the Network Access Device (NAD) shall not prompt for PIN entry. Table 1 Supported and Unsupported PIN Environments
Network Access Device (NAD)
Online PIN
Manual PAN Entry
5 Minimum Acceptable PED
Not Supported
Not Supported
Offline FIN
Not Supported
Not Supported
The support environments in Table 1 were generated based on the principles of Chapter 4. In order to provide the functionality of the support environment, a minimum acceptable PED that meets the requirements of this chapter is required.
The minimum acceptable PED is a Network Access Device (NAD) that includes an IC card reader and a device that enables the cardholder to enter the PIV. The IC card reader slot shall: a) not have space to accommodate a malicious device that could leak the PIN when the card is in the IC card reader 1 shall not be enlarged to provide space for a malicious device that could leak the PIN b) be placed in a way that allows the user to detect the presence of a malicious device connected to it. 3
TTKANTKACA
GB/T21078.3—2011/IS0/TR9564-4:2004 Necessary electronic protection circuits shall be provided to prevent the installation of eavesdropping devices in the IC card reader. 6 PIN security for offline PIN processing devices connected to a parallel network 6.1 Overview
The environment supported by this standard only includes the use of IC cards through PEDs. This clause describes offline PIV processing in an IC card environment. 6.2 Offline PIN verification in open network access devices When an IC card performs offline PIN verification, the PIN is usually transmitted from the PED to the IC card in clear text. Some payment applications require that the PIN be encrypted using the IC card's public key before being submitted to the IC card. In this case, the transaction can only be completed if the network access device can perform the encryption.
To assist the IC card in preventing fraudulent access, it is recommended that the cardholder be required to remove the IC card between transactions, or that the payment application should require the card to be physically reset between transactions.
6.3 General Recommendations for Open Network Financial Transactions When using IC cards in an open network, it is strongly recommended that cardholders be instructed to control access to their IC cards at all times. For example, when the cardholder's card is in the Network Access Device (NAD), they should not leave the card for longer than is necessary to complete the transaction. It is strongly recommended that the PED used in the Network Access Device (NAD) be established to prevent the plaintext PIN from leaving the PED (except when the plaintext PIN is sent directly to the IC card).
GB/T 21078.3-2011/IS0/TR 9564-4:2004 Weikao Literature
[1]GB/T11916—2006 Physical characteristics of identification cards (ISO 7810;2003,1DT)[2] GB/T15120—1994 Identification card recording technology (GB/T 15120—1994, ISO 7811:1985,IDT)[31 GB/T 15694.2—2062
Identification cards Issuer identification Part 2: Pinning and registration procedures (ISO7612-2:2000, IDT
[47GB/T16649,12006
Identification cards Integrated circuit cards with melting points Part 1: Physical characteristics (I507816-1:1998, IDT)
[51ISO/IEC 7812-1:2000
Identification cards Issuer identification
Part 1: Numbering system
[6IS0/1EC7813:2001 Identification cards Financial transaction cards [7I5O 13491-1:1998 Cryptographic equipment for banking office security (retail) Part 1 Concepts, requirements and evaluation methods3 Manual PAN Entry
When card data is manually entered, the Network Access Device (NAD) shall not prompt for PIN entry. Table 1 Supported and Unsupported PIN Environments
Network Access Device (NAD)
Online PIN
Manual PAN Entry
5 Minimum Acceptable PED
Not Supported
Not Supported
Offline FIN
Not Supported
Not Supported
The support environments in Table 1 were generated based on the principles of Chapter 4. In order to provide the functionality of the support environment, a minimum acceptable PED that meets the requirements of this chapter is required. bzxz.net
The minimum acceptable PED is a Network Access Device (NAD) that includes an IC card reader and a device that enables the cardholder to enter the PIV. The IC card reader slot shall: a) not have space to accommodate a malicious device that could leak the PIN when the card is in the IC card reader 1 shall not be enlarged to provide space for a malicious device that could leak the PIN b) be placed in a way that allows the user to detect the presence of a malicious device connected to it. 3
TTKANTKACA
GB/T21078.3—2011/IS0/TR9564-4:2004 Necessary electronic protection circuits shall be provided to prevent the installation of eavesdropping devices in the IC card reader. 6 PIN security for offline PIN processing devices connected to a parallel network 6.1 Overview
The environment supported by this standard only includes the use of IC cards through PEDs. This clause describes offline PIV processing in an IC card environment. 6.2 Offline PIN verification in open network access devices When an IC card performs offline PIN verification, the PIN is usually transmitted from the PED to the IC card in clear text. Some payment applications require that the PIN be encrypted using the IC card's public key before being submitted to the IC card. In this case, the transaction can only be completed if the network access device can perform the encryption.
To assist the IC card in preventing fraudulent access, it is recommended that the cardholder be required to remove the IC card between transactions, or that the payment application should require the card to be physically reset between transactions.
6.3 General Recommendations for Open Network Financial Transactions When using IC cards in an open network, it is strongly recommended that cardholders be instructed to control access to their IC cards at all times. For example, when the cardholder's card is in the Network Access Device (NAD), they should not leave the card for longer than is necessary to complete the transaction. It is strongly recommended that the PED used in the Network Access Device (NAD) be established to prevent the plaintext PIN from leaving the PED (except when the plaintext PIN is sent directly to the IC card).
GB/T 21078.3-2011/IS0/TR 9564-4:2004 Weikao Literature
[1]GB/T11916—2006 Physical characteristics of identification cards (ISO 7810;2003,1DT)[2] GB/T15120—1994 Identification card recording technology (GB/T 15120—1994, ISO 7811:1985,IDT)[31 GB/T 15694.2—2062
Identification cards Issuer identification Part 2: Pinning and registration procedures (ISO7612-2:2000, IDT
[47GB/T16649,12006
Identification cards Integrated circuit cards with melting points Part 1: Physical characteristics (I507816-1:1998, IDT)
[51ISO/IEC 7812-1:2000
Identification cards Issuer identification
Part 1: Numbering system
[6IS0/1EC7813:2001 Identification cards Financial transaction cards [7I5O 13491-1:1998 Cryptographic equipment for banking office security (retail) Part 1 Concepts, requirements and evaluation methods
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.