Document Comparison
PCI_PTS_POI_VQ_v5_Sept_2016.pdf
→
PCI_PTS_POI_VQ_v5-1.pdf
89% similar
129 → 134
Pages
21052 → 21768
Words
68
Content Changes
Content Changes
68 content changes. 64 administrative changes (dates, page numbers) hidden.
Added
p. 2
March 2018 5.1 Modified B4, B11, B12, K12, K17, and added K24 for new SCRP approval class. Modified A1 and errata.
Publication Title Reference Retail Financial Services
• Requirements for Protection of Sensitive Payment Card Data
• Requirements for Protection of Sensitive Payment Card Data
• Part 1: Using Encryption Methods ANSI X9.119-1 Retail Financial Services
Publication Title Reference Retail Financial Services
• Requirements for Protection of Sensitive Payment Card Data
• Requirements for Protection of Sensitive Payment Card Data
• Part 1: Using Encryption Methods ANSI X9.119-1 Retail Financial Services
Added
p. 9
• Each side of the device
• The back of the device
• The front of the device
• The back of the device
• The front of the device
Added
p. 12
• The different ways in which the element may be programmed or configured
• Any in-circuit testing or debugging features provided by these elements
• The methods implemented to disable the programming/testing features.
• Any in-circuit testing or debugging features provided by these elements
• The methods implemented to disable the programming/testing features.
Added
p. 34
• Data size (key or password/authentication code length)
• How authentication data is distributed to legitimate users
• How authentication data is distributed to legitimate users
Added
p. 40
• Is there a certificate hierarchy. Yes No
• Whether there is mutual device authentication. Yes No
If the device supports remote key loading using asymmetric techniques, the method it implements to protect against man-in-the-middle attacks and the hijacking of PIN-acceptance devices.
If the device supports remote key loading using asymmetric techniques using a “binding” technique, the method it uses for unbinding in the event of decommissioning.
• Whether there is mutual device authentication. Yes No
If the device supports remote key loading using asymmetric techniques, the method it implements to protect against man-in-the-middle attacks and the hijacking of PIN-acceptance devices.
If the device supports remote key loading using asymmetric techniques using a “binding” technique, the method it uses for unbinding in the event of decommissioning.
Added
p. 52
• The device provides for a single master key for all hierarchies into which a PIN key may be loaded,
• This master key is the only key which can be loaded into the POI in plain text, and
• This master key is the only key which can be loaded into the POI in plain text, and
Added
p. 104
• Whether there is mutual device authentication. Yes No
• Whether there is a certificate hierarchy. Yes No
If the device supports remote key loading using asymmetric techniques, the method it implements to protect against man-in-the-middle attacks and the hijacking of PIN-acceptance devices.
If the device supports remote key loading using asymmetric techniques using a “binding” technique, the method it uses for unbinding in the event of decommissioning.
• Whether there is a certificate hierarchy. Yes No
If the device supports remote key loading using asymmetric techniques, the method it implements to protect against man-in-the-middle attacks and the hijacking of PIN-acceptance devices.
If the device supports remote key loading using asymmetric techniques using a “binding” technique, the method it uses for unbinding in the event of decommissioning.
Added
p. 113
Section K24 # If the answer to K24 in the PCI PTS POI Modular Security Requirements was “YES,” describe:
Added
p. 121
• Data on production and personalization
• Physical/chronological whereabouts
• Repair and maintenance
• Removal from operation
• Physical/chronological whereabouts
• Repair and maintenance
• Removal from operation
Modified
p. 1
Payment Card Industry (PCI) PIN Transaction Security (PTS) Point of Interaction (POI) Modular Evaluation Vendor Questionnaire Version 5.0
Payment Card Industry (PCI) PIN Transaction Security (PTS) Point of Interaction (POI) Modular Evaluation Vendor Questionnaire Version 5.1
Modified
p. 2
Note to Assessors When protecting this document for use as a form, leave Sections 5 and 7 (Annex B and “Optional Diagrams or Illustrations”) unprotected to allow for insertion of appropriate diagrams and reports. Under “Tools / Protect Document,” select “Forms” then “Sections,” and un-check Sections 5 and 7 as illustrated below.
Modified
p. 4
• Part 5: Identity Based Ciphers ISO/IEC 18033-5 Guidelines on Triple DES Modes of Operation. ISO TR 19038 Guideline for Implementing Cryptography In the Federal Government NIST SP 800-21 A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications NIST SP 800-22 Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication NIST SP 800-38B Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher NIST SP 800-67 Recommendation for Random Number Generation Using Deterministic …
• Part 5: Identity Based Ciphers ISO/IEC 18033-5 Guidelines on Triple DES Modes of Operation. ISO TR 19038 Guideline for Implementing Cryptography in the Federal Government NIST SP 800-21 A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications NIST SP 800-22
Removed
p. 9
Each side of the device The back of the device The front of the device
Modified
p. 11
• The algorithms and key lengths used for the signatures.
Modified
p. 11
• Any padding schemes used for the signatures, and how this prevents padding oracle attacks.
Modified
p. 11
• How modification of the sensitive information is prevented after signature validation.
Removed
p. 12
The different ways in which the element may be programmed or configured Any in-circuit testing or debugging features provided by these elements The methods implemented to disable the programming/testing features.
Modified
p. 12
• Whether the physical protections cover all memory traces, vias, passive elements, or other areas of access.
Modified
p. 12
• How the memory packages are protected, including access to BGA balls and traces on internal chip carriers of packages.
Modified
p. 12
• The algorithms and key lengths used.
Modified
p. 12
• What modes of operation are used for the encryption.
Modified
p. 12
• How encrypted values copied using physical access from one memory location to another are ensured to decrypt to values that do not reveal information about the original values and cannot be used to modify memory contents in a controlled manner.
Modified
p. 12
• How the method of encryption prevents the exposure of sensitive information through building of a “dictionary” (i.e., look-up table) of possible encrypted values by writing known plaintext values via logical access and reading out ciphertext values via physical access.
Modified
p. 12
• If a key stream mode of encryption is used (e.g., OFB), how the encryption of different data with the same key is prevented.
Modified
p. 18
• The integrated circuit used to provide the encryption and any physical protections provided • The algorithm, mode of operation, and key management used • How the cryptographic keys are loaded and, if keys can be updated, how this occurs • The method used to generate these keys and how this achieves unique key(s) per device 4 Describe any physical protections that are implemented to protect the path from the read head to the security processor, including all intervening elements.
Modified
p. 27 → 28
Section B4.1 # If the answer to B4.1 in the PCI PTS POI Modular Security Requirements was “YES,” describe:
Section B4.1 # If the answer to B4.1 in the PCI PTS POI Modular Securit Requirements was “YES,” describe:
Modified
p. 32 → 34
Examples of authentication data are passwords, cryptographic keys, and hardware tokens.
Examples of authentication data are passwords/authentication codes, cryptographic keys, and hardware tokens.
Modified
p. 32 → 34
• The number of devices that share the same keys or passwords/authentication codes.
Modified
p. 32 → 34
• Cryptographic algorithms used for authentication, if applicable.
Modified
p. 32 → 34
• How authentication data can be updated 10 The device’s response to false authentication data.
Modified
p. 38 → 40
• The technique utilizes a random/pseudo-random key-generation process such that it is not possible to predict any key or determine that certain keys within the key space are significantly more probable than others.
Modified
p. 38 → 40
• Is the random source tested in a suitable manner before key generation.
Modified
p. 38 → 40
• How is the authenticity of public keys ensured.
Modified
p. 38 → 40
• How certificates (signed public keys of the key-exchange partners) are generated; i.e., who signs.
Modified
p. 38 → 40
• If certificates are used, how they are tested and accepted or rejected.
Modified
p. 38 → 40
• Whether there is a secure formatting and padding of the message used containing the symmetric secret key.
Modified
p. 38 → 40
• Whether the correctness of the message structure is tested by the receiver.
Modified
p. 38 → 40
• The reaction of the device if an authenticity test fails.
Modified
p. 38 → 40
• The effective key length(s) that is/are utilized for all the cryptographic algorithm(s) in question.
Modified
p. 38 → 40
• Whether the chosen key length is appropriate for the algorithm and its protection purpose.
Modified
p. 38 → 40
• For the algorithm(s) used, the key size(s) used as denoted in Appendix E of the DTRs.
Modified
p. 47 → 49
• Provide a list of these applications and identify those with security impact.
Modified
p. 47 → 49
• Describe how the separation between applications with security impact from those without security impacts is enforced.
Modified
p. 50 → 52
• The device provides for only one PIN key. Yes No If the answers to each of the above are “YES,” the rest of this section is N/A.
Modified
p. 52 → 54
• The protections used to prevent penetration of the device for the purpose of determining or modifying sensitive data.
Modified
p. 52 → 54
• For each PCB that carries the customer ICC I/O signal, the tamper-detection mechanisms to protect these signals from being accessed (such as tamper grids).
Modified
p. 52 → 54
• The specialized skills and equipment that would be necessary to penetrate the device in order to determine or modify sensitive data.
Modified
p. 62 → 64
• Open Protocols Platform Description # Desription 1 Describe, or refer to a description of, the different models that currently use the platform. Provide information about the differences between the different models. Indicate for each model all the communication channels, possible peripherals, intended use.
• Open Protocols Platform Description # Description 1 Describe, or refer to a description of, the different models that currently use the platform. Provide information about the differences between the different models. Indicate for each model all the communication channels, possible peripherals, intended use.
Modified
p. 78 → 80
• The integrated circuit used to provide the encryption and any physical protections provided • The algorithm, mode of operation, and key management used • How the cryptographic keys are loaded and, if keys can be updated, how this occurs • The method used to generate these keys and how this achieves a unique key(s) per device Describe any physical protections that are implemented to protect the path from the read head to the security processor, including all intervening elements.
Modified
p. 101 → 104
• If certificates are used, how they are tested and accepted or rejected.
Modified
p. 101 → 104
• Whether there is a secure formatting and padding of the message used containing the symmetric secret key.
Modified
p. 101 → 104
• Whether the correctness of the message structure is tested by the receiver.
Modified
p. 101 → 104
• Whether the chosen key length is appropriate for the algorithm and its protection purpose.
Modified
p. 101 → 104
• Utilizes a random/pseudo-random key-generation process such that it is not possible to predict any key or determine that certain keys within the key space are significantly more probable than others.
Modified
p. 101 → 104
• Whether the random source is tested in a suitable manner before key generation.
Modified
p. 101 → 104
• How the authenticity of public keys is ensured.
Modified
p. 101 → 104
• How certificates (signed public keys of the key-exchange partners) are generated, i.e., who signs.
Modified
p. 101 → 104
• The reaction of the device if an authenticity test fails.
Modified
p. 101 → 104
• The effective key length(s) utilized for all the cryptographic algorithm(s) in question.
Modified
p. 101 → 104
• For the algorithm(s) used, the key size(s) used as denoted in Appendix E of the DTRs.
Modified
p. 104 → 107
• Provide a list of these applications and identify those with security impact.
Modified
p. 104 → 107
• Describe how the separation between applications with security impact from those without security impact is enforced.
Modified
p. 107 → 110
Examples of authentication data are passwords, cryptographic keys, and hardware tokens.
Examples of authentication data are passwords/authentication codes, cryptographic keys, and hardware tokens.
Modified
p. 107 → 110
• The number of devices that share the same keys or passwords/authentication codes
• Cryptographic algorithms used for authentication, if applicable • Data size (key or password/authentication code length) • How authentication data is distributed to legitimate • How authentication data can be updated 10 The device’s response to false authentication data.
• Cryptographic algorithms used for authentication, if applicable • Data size (key or password/authentication code length) • How authentication data is distributed to legitimate • How authentication data can be updated 10 The device’s response to false authentication data.
Removed
p. 116
Data on production and personalization Physical/chronological whereabouts Repair and maintenance Removal from operation Loss or theft
Modified
p. 117 → 122
PCB Designator PCB Version PCB purpose Picture reference Tamper- Detection Mechanisms DTR TA1.10 Using vendor documentation for each tamper grid that is implemented, complete the details indicated in the table below, describing, at a minimum:
PCB Designator PCB Version PCB purpose Picture reference Tamper- Detection Mechanisms DTR TA1.11 Using vendor documentation for each tamper grid that is implemented, complete the details indicated in the table below, describing, at a minimum:
Modified
p. 118 → 124
Sensitive Information Storage area Method of protection Plaintext PINs POI Firmware Public keys Enter details of the POI into the table below.
Sensitive Information Storage area Method of protection Plaintext PINs Passwords/authentication codes POI Firmware Public keys Enter details of the POI into the table below.
Modified
p. 121 → 127
Key Name Purpose/ Size (Bits) Form Factor Available Key Slots (Registers) Unique per device/ acquirer/ vendor- specific/ other (describe) How the key is identified by the device so that it is used only as
Key Name Purpose/ Size (Bits) Form Factor Available Key Slots (Registers) Unique per device/ acquirer/ vendor- specific/ other (describe) How the key is identified by the device so that it is used only as intended