This part describes the cryptographic procedures available for use and is applicable to password exchanges. GB/T 16790.5-2006 Financial Transaction Cards Security system for financial transaction systems using integrated circuit cards Part 5: Algorithm application GB/T16790.5-2006 Standard download decompression password: www.bzxz.net
This part describes the cryptographic procedures available for use and is applicable to password exchanges.

ICS35.240.15
National Standard of the People's Republic of China
GB/T 16790.5--2006/IS0 10202-5:1998Financial transaction cards-Security architecture of financial transaction systemsusing integrated circuit cards-Part 5 : Use of algorithms(ISO 10202-5:1998,IDT)
Published on September 18, 2006
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of ChinaStandardization Administration of the People's Republic of China
Implemented on March 1, 2007
GB/T 16790.5-2006/ISO 10202-5:1998 Foreword
Normative references
Terms and definitions
4 Symbols
Values ​​and entities
Option list
Digital signature
Secure message format
5 Mapping of security functions to process types
Process specification
Process 1: Key Exchange (KE)
Process 2: Entity Authentication (EA)
Process 3: Message Authentication (MA)
Process 4: Message Encryption (ME)
|Process 5: Transaction Authentication (TC)
Process 6: PIN Verification (PV)
Appendix A (Informative Appendix)
Public Key Authentication
Appendix B (Informative Appendix)
B.1 Key Identifier
B.2 Certificate Identifier
Appendix C (Informative Appendix)
Appendix D (Informative Appendix)
Appendix E (Informative Appendix)
E.1 Principles
E.2 Techniques
Appendix F (Informative Appendix)
Appendix G (Informative Appendix)
Appendix H (Informative Appendix)
Key and certificate identifiers
Threat matrix·
ISO security services and security mechanisms
Timeliness
References
Process options and functions
Mapping of IC card types to process options
GB/T16790.5--2006/IS010202-5:1998GB/T16790 "Financial Transaction Card User Manual" The Security System of Financial Transaction Systems Using Integrated Circuit Cards is divided into the following 8 parts: Part 1: Card Lifecycle Part 2: Transaction Process Part 3: Key Relationship Part 4: Security Application Module Part 5: Algorithm Application Part 6: Cardholder Identity Verification Part 7: Key Management Part 8: General Principles and Overview This part is Part 5 of GB/T 16790. This part is equivalent to ISO 10202-5: 1998 "Financial Transaction Cards Security System of Financial Transaction Systems Using Integrated Circuit Cards Part 5: Algorithm Application" (English version). For ease of use, the ISO foreword has been deleted from this part; Appendix A to Appendix H of this part are all informative appendices. This part was proposed by the People's Bank of China. This part is managed by the National Financial Standardization Technical Committee. The responsible drafting unit of this part: China Financial Electronicization Company. The participating drafting units of this part are: People's Bank of China, Bank of China, China Construction Bank, China Everbright Bank, China UnionPay Co., Ltd., and Beijing Venusstar.
The main drafters of this part are: Tan Guoan, Yang Zi, Lu Shuchun, Li Shuguang, Liu Yun, Du Ning, Liu Zhijun, Zhang Yan, Zhang Dedong, Dai Hong, Zhang Xiaodong, Ma Yun, Li Hongjian, Wang Wei, Wang Qin, Sun Weidong, and Li Chunhuan. This part is formulated for the first time.
GB/T16790.5—2006/ISO10202-5:1998 Introduction
"Financial transaction card Security system for financial transaction systems using integrated circuit cards" is divided into the following 8 parts: - Part 1: Card life cycle
Part 2: Transaction process
Part 3: Key relationship
- Part 4: Security application module
Part 5: Algorithm application
- Part 6: Cardholder identity verification
- Part 7: Key management
- Part 8: General principles and overview
This part describes the cryptographic processes that can be used to implement the security functions that require cryptographic algorithms defined in Parts 24 and 6. GB/T16790 can use symmetric or asymmetric algorithms to perform all security functions. GB/T16790 does not involve zero-point knowledge technology, which may be incorporated in the future.
Each node participating in a given cryptographic process shall be able to perform the required cryptographic functions. The cryptographic processes necessary to perform the security functions are described by options. Within each cryptographic process, a separate option is specified for each algorithm type. A separate option is also specified for each variant of the cryptographic process that requires additional communication steps. Clause 5 maps security functions to cryptographic processes that can be used to implement these security functions. Clause 6 specifies the details of the cryptographic processes. This part is not an implementation specification, but it does indicate those data elements required by both nodes to ensure that the cryptographic process is completed according to the required security procedures. E
1 Scope
GB/T16790.5--2006/IS010202-5:1998 Financial Transaction Cards Security Architecture for Financial Transaction Systems Using Integrated Circuit Cards Part 5: Algorithm Application This part applies to cryptographic exchanges where at least one node is an IC card (Integrated Circuit Card) or SAM. Exchanges between other system nodes are not within the scope of this part.
The specification of any security function is optional and its use depends on the system requirements. The functions that need to be adopted should be implemented in the manner described in this part.
2 Normative references
The clauses in the following documents become clauses of this part through reference in this part of GB/T 16790. For all dated referenced documents, all subsequent amendments (excluding errata) or revisions are not applicable to this part. However, parties to agreements based on this part are encouraged to study whether the latest versions of these documents can be used. For all undated referenced documents, the latest versions are applicable to this part.
GB15851—1995 Information technology security technology Digital signature scheme with message recovery (idtISO/IEC9796:1991)GB/T16790.1-1997 Financial transaction card Security architecture of financial transaction system using integrated circuit card Part 1: Card life cycle (idtISO10202-1:1991)GB/T16790.6 Financial transaction card Security architecture of financial transaction system using integrated circuit card Part 6: Cardholder identity verification (GB/T16790.6-2006, ISO10202-6:1994, IDT)GB/T16790.7 Financial transaction card Security architecture of financial transaction system using integrated circuit card Part 7: Key management (GB/T16790.7—2006, ISO1020 2-7,1998,IDT)ISO4909Bank card track 3 data contentISO9564-1Banking personal identification code management and security Part 1: PIN protection principles and techniquesISO10202-2Financial transaction cardSecurity system of financial transaction system using integrated circuit cardPart 2:Transaction processISO10202-3Financial transaction cardSecurity system of financial transaction system using integrated circuit cardPart 3:Key relationshipISO10202-4Financial transaction cardSecurity system of financial transaction system using integrated circuit cardPart 4:Security application module
ISO10202-8Financial transaction cardSecurity system of financial transaction system using integrated circuit cardPart 8:General principles and overview
3Terms and definitions
The following terms and definitions apply to this part. 3.1
Asymmetrical algorithm
asymmetricalgorithm
An algorithm in which the encryption key and decryption key are different and for which one key cannot be calculated to derive the other key. 3.2
Certificate
See 3.24\Public Key Certificate".
GB/T 16790.5-2006/ISO 10202-5 : 19983.3
Certificate identifiercertificate identifierCertificate information that can correctly verify a key certificate. 3.4
ciphertextciphertext
encrypted plaintext.
collision resistantcollision resistantA function that produces different outputs for any two different input values ​​is called "collision resistant". 3.6
credentials
The set of data items assigned to each
cryptographic chain
used to authenticate an entity. faphic
pre-agreed to exchange data and have
cryptographic node
Sryptograp
cryptographic key
a logical treasure
decryption cQpherment
converts the secret palace
digital signature
color
digital sig!
integrity of the initiator using an asymmetric algorithm.
uniquely identifies
in a one-time
encryption enciph
distin
converts plaintext to ciphertext
performs cryptographic transformation
entity authenticationentity authentication confirms that the identity of an entity (node) is what it claims to be3.14
explicit key identifier
Explicit key identifier
See 3.18\Key identifier".
Hash-function
A function that maps a bit string to a fixed-length bit string with the following two properties: it provides non-repudiation of data origin and integrity of the signed data: - For a given output it is impossible to deduce the corresponding input. - For a given input it is impossible to deduce a second input with the same output. NOTE 1 The literature on this subject includes various terms with the same or similar meanings as hash functions. Compression codes and condensation numbers are some examples. NOTE 2 The computational feasibility depends on the user's specific security requirements and environment. 2
Initiator
The node or entity that starts a process.
Key key
Used in conjunction with a cryptographic algorithm, parameters for performing cryptographic transformations, 3.18
Key identifier key identifier
GB/T16790.5--2006/ISO10202-5:1998Key information that enables a recipient to determine the appropriate key associated with a media transaction 3.19
Message authentication
Provides proof of identity
Message authentication!
lentication
The process of proving that a message has been altered or destroyed in an unauthorized manner. MAC
The content of the message is used by the user to verify the message
Its content is not transparent
non -re
for the relationship created!
verify.
meaningful
one-way
function, which will capture
the converted
public key certificate
keycertificate(certificate, certificate) fields.
security of cryptographic evidence, a set of user's reliable public key) together with the digital name of these credentials by the trusted third party can be readily verified by a third party. 3.25
reflection attack
an attack launched by a fake responder whereby the attacker challenges the initiator in a separate session with the same random value that the initiator has issued to identify the real responder in a concurrent session. 3.26
respondent
a node or entity that responds to the initiator of a process. 3.27
symmetric algorithmsymmetric algorithmA cryptographic method that uses the same secret key for encryption and decryption. 3.28
timeliness
A method of preventing a valid message from being replayed at a later time, such as using an information probe as a challenge request, requiring a correct and timely3
GB/T 16790.5—2006/ISO 10202-5: 1998 response.
tokentoken
A set of data items formed for each data exchange sent by one entity to another entity. 3.30
transaction certification codetransaction authentication process produces an electronic signature result, which can be a MAC (based on a symmetric algorithm) or a digital signature (based on an asymmetric algorithm).
transaction certificationtransaction certificationThe process of providing cryptographic evidence of the origin and integrity of transaction data, which can be verified by a third party. 3.32
Trusted third party trusted third party An entity that is generally accessible and known to and trusted by the communicating entities. 4 Notation
The following notation is used throughout this standard: 4.1 Values ​​and entities
Values ​​and entities are in italics:
Cert r
4.2 Procedures
Unique name of entity A.
Certificate of entity X.
Certificate identifier of entity X (see Annex B). Credential of entity X (see Annex A).
Keys (K, S, P.) associated with entity X. Keys associated with entity X for use with a symmetric algorithm. Explicit key identifier of the key pair of entity X (see Annex B). Explicit key identifier of the key pair S./P of entity X (see Annex B). PIN group format 0 as specified in ISO 9564-1. PIN group format 1 as specified in ISO 9564-1. Random value issued by entity X.
The public-private key pair associated with entity x, used for the asymmetric algorithm. The unique name of the trusted third party.
The validity period of the credential.
The timestamp issued by entity X.
The concatenation of the bit strings Z and Z.
Domain separation.
Process identifiers are in uppercase letters:
Entity authentication
Key exchange
Message authentication
Message encryption/decryption
PIN verification
4.3 Option list
Transaction authentication
Option identifiers are in lowercase letters:
4.4 Functions
Asymmetric
Function identifiers are in lowercase italics: c
Generate random value
Authentication message
Apply one-way function
The function symbol is used in conjunction with the key value and entity tag. c(Yz)
eP,(Z)
UK(MAC)
sSt(z)
uP(Sig)
4.5 Digital Signature
Comparison of two bit strings Y and Z, resulting in a status code. Decryption of data Z by a symmetric algorithm using key K. GB/T16790.5-2006/IS010202-5:1998 Decryption of data Z by an asymmetric algorithm using secret key St. Encryption of data Z by a symmetric algorithm using key K. Encryption of data Z by an asymmetric algorithm using public key P. Generation of random value R.
Application of a collision-resistant one-way function to map data item B to an output value of fixed length using a public parameter (hash), the hash result is (Z).
Use a symmetric algorithm as a one-way function to generate a message authentication code (MAC-ing) with a key K: the result is a message authentication code MAC.
Use a symmetric algorithm as a one-way function to verify the MAC with a key K, the result is a state code. Application of a one-way function, using an algorithm to map data B to an output value of fixed length with a secret key K. Use the secret key S. Apply a digital signature to data Z (signature), the result is a signature Sig. Use the public key P.The verification process of Sig results in a status code. Transmission of unsigned data (data to be transmitted) is mandatory, except when a digital signature scheme that helps with message recovery is used (see GB15851-1995). In this case, the signed data must be in a form whose structural parameters can be verified and from which Z can be recovered. This requires that Z is short enough and the asymmetric algorithm is reversible. Throughout this section, the symbol sSA(Z) is used for both signatures with data recovery or signatures using hash functions, which means that sS(Z) can represent both sSA(Z) and sS4(h(Z))//Z, where h(Z) can refer to Z. 4.6 Security message format
Security messages are logical commands for standardized security functions. The information of these security messages can be transmitted in the field related to the IC card (integrated circuit card) in the 8583 message, or interpreted by the SAM or application to generate commands suitable for the IC card. The security message identifier is as follows:
GB/T16790.5-—2006/IS010202-5:1998Message indicator:
Logical message identifier; connection of the following elements:Process: process identifier (see 4.2)
Option list: option identifier list (see 4.3)Number: message sequence number
Example: KEss1
The security message includes one or more security message subfields. Mandatory subfields are in bold. An operation> subfield appears at least once in each message.
Message subfield: InitiatorResponder"Operation>Operation>Initiator: unique name of the source entity
Responder> unique name of the target entity
<Operation>=Z>f(Z)>
: Optional data field
: Key identifier
f(Z)≥: Result of function f on data Z Example+A|B|KIDk|KIDk*|eK*
5 Mapping of security functions to process types
ISO10202-2, 10202-4 and GB/T1696 defined security functions for legacy
Security functions
Card (integrated circuit
Manufacturing
Embedding and initialization
Personalization
IC compatibility check
CDF (activation/deactivation/reactivation/termination)ADF allocation
Cardholder verification
CDF static identification
CDF dynamic identification
Issuing bank host dynamic Authentication
Transaction Authorization
Data Confidentiality
Transaction Authentication
Key Loading
Key Loading
IC Card Session
Initial Key Loading
Card Session Initialization
CDF Parameter Loading
Key Exchange
Key Exchange
Authentication and Verification
CDF
PIN Verification
Entity Authentication
Entity Authentication
Entity Authentication
CDF Transaction Processing
Message Authentication
Message Encryption
Transaction Authentication
kIctirca
hIaute
kIautc||tt ||kImacrc
klencrc
kIcerrc
ADF selection
Security function
ADFKActAc loading
ADF activation/deactivation/reactivation/termination
Cardholder verification
ADF static authentication
ADF dynamic authentication
SAM authentication
Application vendor authentication
Transaction authorization
Data confidentiality
Transaction authentication
Non-cryptographic process
Table 1 (continued)
GB/T16790.5--2006/ISO10202-5:1998 process type
ADF Selection
ADF Parameter Update
Key Exchange
Key Exchange
ADF Specific Authentication and Verification
PIN (Personal Identification Number) Verification
Entity Authentication
Entity Identification
Entity Authentication
Entity Authentication
Processing
Message Is
Message Encryption
Card Accounting
Card Session Termination
These keys may be derived solely at the discretion of the Issuer
These keys may be derived solely at the discretion of the Provider
This chapter specifies procedures that may be used for different security functions. Each uc
Use.
Each process allows multiple options to protect against different threats.
Use alone or as a root
Choice should be based on an analysis of the threat in the specific environment.
This process requires
When it is required to ensure that the message is unique and/or!
Specific
Time is respected
Different methods to achieve timeliness are shown in Appendix E. Timeliness is inherent in entity authentication, and timeliness is automatically guaranteed when combined with this process.bzxz.net
Ikerra
kActlac
kAencac?
Other processes are combined
Option
or denial.
Provide timeliness compliance.
If the cryptographic process is based on a symmetric algorithm, the secret key required for the read process should be established at both participating nodes. If a secret key is shared between two or more entities belonging to a group, it is not possible to distinguish between these entities using cryptographic methods. If the encryption process is based on an asymmetric algorithm, key information should be generated at each node, the secret key should be stored in a secure manner at the node, and the corresponding public information should be authenticated by a trusted third party providing a certificate (see Annex A). All data elements of the message must be known at the target node in order to be able to perform the next step in the process. During the process, if a data element is dynamically generated, its transmission is mandatory. If the data element is already known to the target node, its transmission can be omitted. Operations and parameters printed in bold are mandatory. All mandatory elements are indicated by arrows in the figure. The optional steps described in the roles do not always correspond directly to the steps described in the figure. 6.1 Process 1: Key Exchange (KE)
The secure electronic transmission of the key K or S to or from the integrated circuit card or SAM shall be performed according to one of the options described in this clause. It is assumed that a cryptographic chain has been established between the initiator and the responder. 7
GB/T 16790.5--2006/ISO 10202-5:1998 The secret key to be exchanged is always sent from A to B, except when the key is generated by both parties. 6.1.1 KE-symmetric--symmetric
Exchange the key K* for the symmetric algorithm using a symmetric algorithm (see Figure 1). B|KID KIDk*|eK*(KIDx\)|eK(K*)KEss1=AL
General secret key.
Secret key to be exchanged.
Key identifier of key K.
Key identifier of key K.
A calculates eK(K\).
eR(K*)
e*(RIDR)
KEssIek(K+)
KIDx-e*(KIDk)
e(KIDg)
Figure 1 Cryptographic exchange - symmetric - symmetric
Option 1: A calculates eK(KIDk).
A sends KEss1 to B.
B calculates dKeK(K\)) to obtain K*.
Option 1: B calculates dK*(eK(KIDk)) to obtain KIDk Option 1: B verifies the correctness of K\ by comparing it with KIDk. Note 1: The decryption in step 5 can be replaced by comparing the encrypted key identifier KIDx. S5 Option 1: B calculate K(KIDk\)
S6 Option 1: B compare eK(KIDk*)
Note 2: Alternatively, a one-way function can be used in Option 1. S2 Option 1: A calculates oK*(KIDs*)
S5 Option 1: B calculates oK\(KIDk+)
S6 Option 1.B compares aK\(KIDk*)
6.1.2KE-symmetric-symmetric-bidirectional-temporal ss
The key K for the symmetric algorithm is generated bidirectionally using a symmetric algorithm" (see Figure 2). The entity authentication of entity A is implicit. KEssmt1 =BIA|KIDk* IRs
KEssmt2=A|B|KIDk|eK*(KIDk*)JeK(R)K
General secret key.
Bidirectionally generated secret key.
Key identifier of key K.
Key identifier of key K.
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.