Document Comparison
POI_Security_Requirements_v6_Summary_of_Changes_5-1_to_6-0.pdf
→
POI_Security_Requirements_v6_Summary_of_Changes_6-0_to_6-1.pdf
32% similar
5 → 4
Pages
827 → 604
Words
6
Content Changes
Content Changes
6 content changes. 4 administrative changes (dates, page numbers) hidden.
Added
p. 3
Table 2: Summary of Changes Document and Requirements Change Type SR General Updated Related Publications. Additional SR B16.2 Added that security guidance for application developers must specify that SRED functions, where provided, are correctly implemented.
Requirement SR 12 Reference to D14 as alternate. Additional SR D13 Reference to D14 as alternate. Additional SR D14 Added requirement for unauthenticated wireless communications.
Requirement DTR A8 Added additional test steps for protection of display signals. Requirement DTR A10 Added additional test step for contactless readers. Requirement DTR A11 Updated criteria on PAN truncation/encryption.
Specified in guidance and test step that manual PAN entry functions implemented by the POI firmware never display more than one clear-text PAN digit at a time.
Requirement DTR B2 Clarified that the displayed firmware version number(s) reflects all firmware the device is currently able to execute.
Additional DTR B5 Specified that the loading of all private or secret keys can be performed without using …
Requirement SR 12 Reference to D14 as alternate. Additional SR D13 Reference to D14 as alternate. Additional SR D14 Added requirement for unauthenticated wireless communications.
Requirement DTR A8 Added additional test steps for protection of display signals. Requirement DTR A10 Added additional test step for contactless readers. Requirement DTR A11 Updated criteria on PAN truncation/encryption.
Specified in guidance and test step that manual PAN entry functions implemented by the POI firmware never display more than one clear-text PAN digit at a time.
Requirement DTR B2 Clarified that the displayed firmware version number(s) reflects all firmware the device is currently able to execute.
Additional DTR B5 Specified that the loading of all private or secret keys can be performed without using …
Modified
p. 1
Payment Card Industry (PCI) PIN Transaction Security (PTS) Point-of-Interaction (POI) Summary of Requirements Changes from Version 5.1 to 6.0
Payment Card Industry (PCI) PIN Transaction Security (PTS) Point-of-Interaction (POI) Summary of Requirements Changes from Version 6.0 to 6.1
Modified
p. 2
Table 1: Change Types Change Type Definition Additional Guidance Explanation, definition, and/or instruction to increase understanding or provide further information or guidance on a particular topic.
Table 1: Change Types Change Type Definition Additional Explanation, definition, and/or instruction to increase understanding or provide further information or guidance on a particular topic.
Removed
p. 3
Table 2: Summary of Changes Document and Requirements Change Type General Eliminated PCI Vendor Questionnaire. PCI laboratories will solicit information using proprietary methods that provide more efficient support for the gathering of that information.
Additional Guidance General Migrated as applicable many technical FAQs into the Derived Test Requirements or the Device Testing and Approval Program Guide.
Additional Guidance SR General Reorganized requirements into four Evaluation Modules:
• Evaluation Module 1: Physical and Logical
• Evaluation Module 2: POS Terminal Integration
• Evaluation Module 3: Communications and Interfaces
• Evaluation Module 4: Life Cycle Security Requirement SR General Firmware expires three years from date of approval, but shall not expire past the overall approval expiration of the device. Every third year the firmware must be laboratory validated against specified DTRs.
Requirement SR General POI v6 chipsets must provide support for ECC. Requirement SR General Migrated SRED and Open Protocols requirements into new evaluation modules and eliminated separate Open …
Additional Guidance General Migrated as applicable many technical FAQs into the Derived Test Requirements or the Device Testing and Approval Program Guide.
Additional Guidance SR General Reorganized requirements into four Evaluation Modules:
• Evaluation Module 1: Physical and Logical
• Evaluation Module 2: POS Terminal Integration
• Evaluation Module 3: Communications and Interfaces
• Evaluation Module 4: Life Cycle Security Requirement SR General Firmware expires three years from date of approval, but shall not expire past the overall approval expiration of the device. Every third year the firmware must be laboratory validated against specified DTRs.
Requirement SR General POI v6 chipsets must provide support for ECC. Requirement SR General Migrated SRED and Open Protocols requirements into new evaluation modules and eliminated separate Open …
Removed
p. 4
Requirement SR Appendix B Modified Applicability of Requirements to reflect restructure, including for Open Protocols and SRED.
Additional Guidance DTRs Introduction Provided additional guidance for lab reporting criteria, including minimal contents of reports and minimal test activities.
Additional Guidance DTRs
• All Sections Enhanced robustness of test scripts throughout. Requirement DTR B9 AES check values can only be calculated by MACing an all- zero block using the CMAC algorithm as specified in ISO 9797-1. TDES must support the same method and may support the deprecated legacy method.
Requirement DTR B9 Devices must support key blocks as specified by ISO 20038 and/or the ANSI TR-31 key-derivation method. Other methods can only exist as specified in the guidance.
Requirement DTR B9 The TR-31 key-calculation (variant) method for key blocks is deprecated and no longer allowed.
Requirement DTRs B9
• B11 Fixed-key support has been eliminated as an acceptable key-management technique for both PIN and account data encryption. This applies …
Additional Guidance DTRs Introduction Provided additional guidance for lab reporting criteria, including minimal contents of reports and minimal test activities.
Additional Guidance DTRs
• All Sections Enhanced robustness of test scripts throughout. Requirement DTR B9 AES check values can only be calculated by MACing an all- zero block using the CMAC algorithm as specified in ISO 9797-1. TDES must support the same method and may support the deprecated legacy method.
Requirement DTR B9 Devices must support key blocks as specified by ISO 20038 and/or the ANSI TR-31 key-derivation method. Other methods can only exist as specified in the guidance.
Requirement DTR B9 The TR-31 key-calculation (variant) method for key blocks is deprecated and no longer allowed.
Requirement DTRs B9
• B11 Fixed-key support has been eliminated as an acceptable key-management technique for both PIN and account data encryption. This applies …
Removed
p. 5
Additional Guidance DTR Appendix H New Appendix: “Evaluation Guidance for CPUs.” Additional Guidance DTR Appendix I Modified Security Policy Layout Example for changes in DTR B20.