Document Comparison
PTS_PIN_Technical_FAQs_v2_July_2019.pdf
→
PTS_PIN_Technical_FAQs_v2_August_2019.pdf
97% similar
24 → 24
Pages
9992 → 10189
Words
39
Content Changes
Content Changes
39 content changes. 9 administrative changes (dates, page numbers) hidden.
Added
p. 10
Q 19 August 2019: New deployments of FIPS 140-2 HSMs that have migrated to the NIST Cryptographic Module Validation Program Historical List are not allowed for new deployments (i.e., additional HSMs and not replacements of existing HSMs with like for like) after December 2019. Does this apply to other Secure Cryptographic Devices (SCDs) such as Key Loading Devices (KLDs) that are dependent upon FIPS certification to qualify as an SCD. A Yes it does apply to other SCDs used to meet PIN Security Requirements.
Added
p. 24
Q 55 August 2019: Requirement 32-9 only prohibits cleartext key injection for POI v3 and higher devices. Is that meant to continue to permit cleartext key injection for POI v2 and earlier devices, even after the stated effective dates? A Yes, the injection of cleartext keys into POI v2 and earlier devices will continue to be acceptable past the January 2021 date for entities engaged in key injection on behalf of others and the January 2023 date for entities engaged in key injection of devices for which they are the processor until such time that any such device has been mandated by a payment brand to be removed from service.
Modified
p. 10
Q 19 December 2017: Asymmetric key pairs or symmetric keys are commonly used for authentication of applications and for display prompts or to facilitate management (e.g., enable functionality) of HSMs. The private or secret keys associated with these activities frequently reside on smartcards, USB sticks, or other devices which do not qualify as SCDs, but are termed Hardware Management Devices (HMDs). How must these HMDs be managed to compensate for their inherent limitations? A These limitations have associated security risks …
Q 20 December 2017: Asymmetric key pairs or symmetric keys are commonly used for authentication of applications and for display prompts or to facilitate management (e.g., enable functionality) of HSMs. The private or secret keys associated with these activities frequently reside on smartcards, USB sticks, or other devices which do not qualify as SCDs, but are termed Hardware Management Devices (HMDs). How must these HMDs be managed to compensate for their inherent limitations? A These limitations have associated security risks …
Modified
p. 11
PIN Security Requirement 18
Modified
p. 11
Q 20 December (update) 2016: When encrypted symmetric keys are managed in structures called key blocks, does this apply to both when the keys are transported and when stored? A Yes, it applies to the secure exchange of keys between two devices that share a symmetric key exchange key and for the storage of keys under a symmetric key. It is applicable to anytime an encrypted key exists outside of a SCD. This applies for both fixed and master/session key …
Q 21 December (update) 2016: When encrypted symmetric keys are managed in structures called key blocks, does this apply to both when the keys are transported and when stored? A Yes, it applies to the secure exchange of keys between two devices that share a symmetric key exchange key and for the storage of keys under a symmetric key. It is applicable to anytime an encrypted key exists outside of a SCD. This applies for both fixed and master/session key …
Modified
p. 11
Q 21 November 2015: Is the implementation of TR-31 the only method for meeting the requirement that encrypted symmetric keys must be managed in structures called key blocks? A No. TR-31 or any equivalent method can be used. Any equivalent method must include the cryptographic binding of the key-usage information to the key value using accepted methods. Any binding or unbinding of key-usage information from the key must take place within the secure cryptographic boundary of the device.
Q 22 November 2015: Is the implementation of TR-31 the only method for meeting the requirement that encrypted symmetric keys must be managed in structures called key blocks? A No. TR-31 or any equivalent method can be used. Any equivalent method must include the cryptographic binding of the key-usage information to the key value using accepted methods. Any binding or unbinding of key-usage information from the key must take place within the secure cryptographic boundary of the device.
Modified
p. 11
Q 22 November 2018: PIN Security Requirement 18 states that encrypted symmetric keys must be managed in structures called key blocks. This applies to both conveyance and storage. Does this only apply to only TDEA keys? A No. As stipulated in ANSI X9.24-1: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques, both AES and TDEA keys are required to be managed in key blocks.
Q 23 November 2018: PIN Security Requirement 18 states that encrypted symmetric keys must be managed in structures called key blocks. This applies to both conveyance and storage. Does this only apply to only TDEA keys? A No. As stipulated in ANSI X9.24-1: Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques, both AES and TDEA keys are required to be managed in key blocks.
Modified
p. 11
Q 23 July 2019: PIN Security Requirement 18-3 requires the implementation of key blocks.
Q 24 July 2019: PIN Security Requirement 18-3 requires the implementation of key blocks.
Modified
p. 11
• The review by the independent expert must include proof that in the equivalent method the encrypted key and its attributes in the Key Block have integrity protection such that it is computationally infeasible for the key to be used if the key or its attributes have been modified. Modification includes, but is not limited to: o Changing or replacing any bit(s) in the attributes or encrypted key o Interchanging any bits of the protected Key Block with bits from …
• The review by the independent expert must include proof that in the equivalent method the encrypted key and its attributes in the Key Block have integrity protection such that it is computationally infeasible for the key to be used if the key or its attributes have been modified. Modification includes, but is not limited to:
Modified
p. 12
Q 24 December 2016: POI devices must implement unique per device secret and private keys for any function directly or indirectly related to PIN protection. This means not only the PIN-encryption key(s), but also keys that are used to protect other keys, firmware- authentication keys, payment-application authentication and display-prompt control keys. Does this apply to initial/start-up keys that are only used to download an initial DUKPT key or a unique terminal master key. A Yes. The intent of the requirement …
Q 25 December 2016: POI devices must implement unique per device secret and private keys for any function directly or indirectly related to PIN protection. This means not only the PIN-encryption key(s), but also keys that are used to protect other keys, firmware- authentication keys, payment-application authentication and display-prompt control keys. Does this apply to initial/start-up keys that are only used to download an initial DUKPT key or a unique terminal master key. A Yes. The intent of the requirement …
Modified
p. 13
Q 25 November 2018: Entities processing or injecting DUKPT or other key-derivation methodologies must incorporate a segmentation strategy in their environments based upon one or more of the following techniques:
• Different BDKs for each financial institution
• Different BDKs for each financial institution
Q 26 November 2018: Entities processing or injecting DUKPT or other key-derivation methodologies must incorporate a segmentation strategy in their environments based upon one or more of the following techniques:
• Different BDKs for each financial institution
• Different BDKs for each financial institution
Modified
p. 13
Q 26 June 2015: Can key components of different keys belonging to the same key custodian be stored in the same sealed opaque, pre-numbered tamper-evident, authenticable packaging or must each component be in its own package? A Each key component must be in its own package. While they may be conveyed in a single TEA package, they must be uniquely identifiable packaging, e.g. individually within PIN Mailers.
Q 27 June 2015: Can key components of different keys belonging to the same key custodian be stored in the same sealed opaque, pre-numbered tamper-evident, authenticable packaging or must each component be in its own package? A Each key component must be in its own package. While they may be conveyed in a single TEA package, they must be uniquely identifiable packaging, e.g. individually within PIN Mailers.
Modified
p. 13
Q 27 March 2015: Requirement 23 stipulates that an MFK used by host processing systems for encipherment of keys for local storage
•and variants of the MFK
•must not be used external to the (logical) configuration that houses the MFK itself. A transaction processing organization uses the same MFK on both their transaction processing system and a stand-alone system used for key generation. The MFK is used as a KEK to transport keys from the key generation system to the transaction processing …
•and variants of the MFK
•must not be used external to the (logical) configuration that houses the MFK itself. A transaction processing organization uses the same MFK on both their transaction processing system and a stand-alone system used for key generation. The MFK is used as a KEK to transport keys from the key generation system to the transaction processing …
Q 28 March 2015: Requirement 23 stipulates that an MFK used by host processing systems for encipherment of keys for local storage
•and variants of the MFK
•must not be used external to the (logical) configuration that houses the MFK itself. A transaction processing organization uses the same MFK on both their transaction processing system and a stand-alone system used for key generation. The MFK is used as a KEK to transport keys from the key generation system to the transaction processing …
•and variants of the MFK
•must not be used external to the (logical) configuration that houses the MFK itself. A transaction processing organization uses the same MFK on both their transaction processing system and a stand-alone system used for key generation. The MFK is used as a KEK to transport keys from the key generation system to the transaction processing …
Modified
p. 14
Q 28 June 2015: An entity is using the same MFK for both issuing and acquiring
• does that violate any of the requirements? A The following scenarios apply:
• does that violate any of the requirements? A The following scenarios apply:
Q 29 June 2015: An entity is using the same MFK for both issuing and acquiring
• does that violate any of the requirements? A The following scenarios apply:
• does that violate any of the requirements? A The following scenarios apply:
Modified
p. 14
Q 29 November 2015: PIN requirement 29 states that HSMs used for acquiring functions shall not be configured to output clear-text PINs. How is this to be achieved? A All commands and configuration options associated with the outputting of clear PINs must be disabled or removed from HSMs used for acquiring. HSMs temporarily used for PIN issuance may be reconfigured but must use a separate key hierarchy e.g., a different master file key.
Q 30 November 2015: PIN requirement 29 states that HSMs used for acquiring functions shall not be configured to output clear-text PINs. How is this to be achieved? A All commands and configuration options associated with the outputting of clear PINs must be disabled or removed from HSMs used for acquiring. HSMs temporarily used for PIN issuance may be reconfigured but must use a separate key hierarchy e.g., a different master file key.
Modified
p. 14
Q 30 November 2015: Requirement 29-2 stipulates the implementation of a documented chain of custody to ensure that all devices are controlled from receipt through to placement into service. It further states that the chain of custody must include records to identify responsible personnel for each interaction with the devices. What would constitute an effective and compliant chain of custody? A An effective and compliant chain of custody includes procedures, as stated in requirement 29-1, that ensures that access to …
Q 31 November 2015: Requirement 29-2 stipulates the implementation of a documented chain of custody to ensure that all devices are controlled from receipt through to placement into service. It further states that the chain of custody must include records to identify responsible personnel for each interaction with the devices. What would constitute an effective and compliant chain of custody? A An effective and compliant chain of custody includes procedures, as stated in requirement 29-1, that ensures that access to …
Modified
p. 14
Q 31 November 2015: When do POI devices require direct oversight to prevent unauthorized access up to the point of deployment? A If a POI device is held in a secure location where access is restricted to individuals authorized for device access, e.g., a secure room or cabinet, it does not require direct oversight. If the POI device is in an unsecure area, without access restricted to individuals authorized for device access, it requires direct oversight, i.e., the devices must …
Q 32 November 2015: When do POI devices require direct oversight to prevent unauthorized access up to the point of deployment? A If a POI device is held in a secure location where access is restricted to individuals authorized for device access, e.g., a secure room or cabinet, it does not require direct oversight. If the POI device is in an unsecure area, without access restricted to individuals authorized for device access, it requires direct oversight, i.e., the devices must …
Modified
p. 15
Q 32 September 2016: Requirement 31 states that SCDs removed from service, even if only temporarily for repair, must render all keying material irrecoverable. Are there any exceptions to this? A Yes, PIN pads and integrated circuit card readers used in unattended devices that have anti- removal mechanisms to protect against unauthorized removal and/or unauthorized re-installation may not require zeroization of keys if the nature of the repair is such that it can be performed while all tamper response mechanisms …
Q 33 September 2016: Requirement 31 states that SCDs removed from service, even if only temporarily for repair, must render all keying material irrecoverable. Are there any exceptions to this? A Yes, PIN pads and integrated circuit card readers used in unattended devices that have anti- removal mechanisms to protect against unauthorized removal and/or unauthorized re-installation may not require zeroization of keys if the nature of the repair is such that it can be performed while all tamper response mechanisms …
Modified
p. 15
Q 33 November 2015: Does the loading of secret or private keys to POI devices encrypted using asymmetric keys require compliance with Annex A? A Whenever the key loading is not performed remotely, and authentication is provided by another method
•such as properly implemented dual control and key-loading device(s)
•even if these systems involve the use of certificates, then Annex A does not apply. Remotely means whenever the key loading device and the POI device are not co-located and connected via a …
•such as properly implemented dual control and key-loading device(s)
•even if these systems involve the use of certificates, then Annex A does not apply. Remotely means whenever the key loading device and the POI device are not co-located and connected via a …
Q 34 November 2015: Does the loading of secret or private keys to POI devices encrypted using asymmetric keys require compliance with Annex A? A Whenever the key loading is not performed remotely, and authentication is provided by another method
•such as properly implemented dual control and key-loading device(s)
•even if these systems involve the use of certificates, then Annex A does not apply. Remotely means whenever the key loading device and the POI device are not co-located and connected via a …
•such as properly implemented dual control and key-loading device(s)
•even if these systems involve the use of certificates, then Annex A does not apply. Remotely means whenever the key loading device and the POI device are not co-located and connected via a …
Modified
p. 16
Q 34 November 2018: Two sets of RSA keys pairs, generated respectively by the POI device and the Key Distribution Host (KDH), are used for transport of an initial key to the POI device. Hashes of each public key are sent by a separate channel for loading to the other device (POI hash to KDH and vice versa) such that self-signed certificates are not used as the sole method of authentication. A certification authority is not used. Does this require …
Q 35 November 2018: Two sets of RSA keys pairs, generated respectively by the POI device and the Key Distribution Host (KDH), are used for transport of an initial key to the POI device. Hashes of each public key are sent by a separate channel for loading to the other device (POI hash to KDH and vice versa) such that self-signed certificates are not used as the sole method of authentication. A certification authority is not used. Does this require …
Modified
p. 16
Q 35 November 2018: Key-establishment and distribution procedures must be designed such that within an implementation design, there shall be no means available for “man-in-the- middle” attacks. What are acceptable methods for remote key distribution using asymmetric techniques methodologies to protect against man-in-the-middle attacks and the hijacking of PIN-acceptance devices? A There are several techniques available, four of which are:
Q 36 November 2018: Key-establishment and distribution procedures must be designed such that within an implementation design, there shall be no means available for “man-in-the- middle” attacks. What are acceptable methods for remote key distribution using asymmetric techniques methodologies to protect against man-in-the-middle attacks and the hijacking of PIN-acceptance devices? A There are several techniques available, four of which are:
Modified
p. 17
Q 36 November 2018: ANSI TR-34 describes two protocols for implementing the distribution of symmetric keys using asymmetric techniques. The two techniques are described as the Two Pass method and the One Pass method and should be used as follows:
• The Two Pass method is appropriate for where the POI and KDH can communicate in real time. It uses random nonces for the prevention of replay attacks.
• The Two Pass method is appropriate for where the POI and KDH can communicate in real time. It uses random nonces for the prevention of replay attacks.
Q 37 November 2018: ANSI TR-34 describes two protocols for implementing the distribution of symmetric keys using asymmetric techniques. The two techniques are described as the Two Pass method and the One Pass method and should be used as follows:
• The Two Pass method is appropriate for where the POI and KDH can communicate in real time. It uses random nonces for the prevention of replay attacks.
• The Two Pass method is appropriate for where the POI and KDH can communicate in real time. It uses random nonces for the prevention of replay attacks.
Modified
p. 17
Q 37 May 2019: Requirement 18-5 in Annex A states: Key Distribution Hosts (KDHs) shall only communicate with POIs for the purpose of key management and normal transaction processing, and with CAs for the purpose of certificate signing and certificate (entity) status checking. Does this requirement preclude a terminal management system (TMS) from existing on the same platform as a KDH? A KDH is a functionality and it is not intended to infer a dedicated physical platform. A TMS functionality …
Q 38 May 2019: Requirement 18-5 in Annex A states: Key Distribution Hosts (KDHs) shall only communicate with POIs for the purpose of key management and normal transaction processing, and with CAs for the purpose of certificate signing and certificate (entity) status checking. Does this requirement preclude a terminal management system (TMS) from existing on the same platform as a KDH? A KDH is a functionality and it is not intended to infer a dedicated physical platform. A TMS functionality …
Modified
p. 17
Q 38 June 2015: CAs may use several methods to validate the identity of certificate requestors and recipients before issuance of digital certificates. One of those methods is to use confirmation by telephone, confirmatory postal mail, and/or a comparable procedure. Does email constitute a comparable procedure? A Yes, email may be used in lieu of confirmation by telephone or confirmatory postal mail wherever those are specified as options.
Q 39 June 2015: CAs may use several methods to validate the identity of certificate requestors and recipients before issuance of digital certificates. One of those methods is to use confirmation by telephone, confirmatory postal mail, and/or a comparable procedure. Does email constitute a comparable procedure? A Yes, email may be used in lieu of confirmation by telephone or confirmatory postal mail wherever those are specified as options.
Modified
p. 18
Q 39 November 2015: Requirement 32 of Annex A states that a physically secure, dedicated room must be used to house the CA and RA database and application servers and cryptographic devices and that this room not be used for any other business activities but certificate operations. This applies whenever a Public Key Infrastructure (PKI) is implemented to support remote key distribution using asymmetric techniques for use in connection with PIN encryption to transaction originating devices (POIs). Can this room …
Q 40 November 2015: Requirement 32 of Annex A states that a physically secure, dedicated room must be used to house the CA and RA database and application servers and cryptographic devices and that this room not be used for any other business activities but certificate operations. This applies whenever a Public Key Infrastructure (PKI) is implemented to support remote key distribution using asymmetric techniques for use in connection with PIN encryption to transaction originating devices (POIs). Can this room …
Modified
p. 18
Q 40 July (update) 2017: What is the minimum criteria for construct of Certification Authority room walls for offline CAs? A Offline CAs (those used to issue certificates to other CAs and/or KDHs) are typically stored in a large safe when not in use. Thus, construction of CA walls using two layers of 5/8 inch sheet rock attached to metal studs is the minimum requirement for CA room walls. This does not preclude the need for CCTV and alarmed access …
Q 41 July (update) 2017: What is the minimum criteria for construct of Certification Authority room walls for offline CAs? A Offline CAs (those used to issue certificates to other CAs and/or KDHs) are typically stored in a large safe when not in use. Thus, construction of CA walls using two layers of 5/8 inch sheet rock attached to metal studs is the minimum requirement for CA room walls. This does not preclude the need for CCTV and alarmed access …
Modified
p. 19
Q 41 July 2017: If a caged environment is used to meet requirement 32 for a CA room, what is the minimum criteria for the fencing materials used? A The fencing shall consist of the following minimums:
Q 42 July 2017: If a caged environment is used to meet requirement 32 for a CA room, what is the minimum criteria for the fencing materials used? A The fencing shall consist of the following minimums:
Modified
p. 19
Q 42 June 2015: Does Annex B - Key Injection Facilities apply to both acquirer and manufacturer keys? A The intent of Annex B is to apply to acquirer keys e.g., PIN keys, TMKs, etc. Manufacturer keys are separately addressed as part of the PTS POI Security Requirements and the PTS HSM Security Requirements.
Q 43 June 2015: Does Annex B - Key Injection Facilities apply to both acquirer and manufacturer keys? A The intent of Annex B is to apply to acquirer keys e.g., PIN keys, TMKs, etc. Manufacturer keys are separately addressed as part of the PTS POI Security Requirements and the PTS HSM Security Requirements.
Modified
p. 19
Q 43 December 2015: If a KIF uses a Base Derivation Key to derive initial DUKPT keys used for DUKPT in POI devices, is that considered key generation? A Yes. As defined in ISO 11568, symmetric keys and their components are generated by one of the following:
Q 44 December 2015: If a KIF uses a Base Derivation Key to derive initial DUKPT keys used for DUKPT in POI devices, is that considered key generation? A Yes. As defined in ISO 11568, symmetric keys and their components are generated by one of the following:
Modified
p. 20
Q 44 July (update) 2017: Are there scenarios where a single key injection operator can perform key loading? A For injection in a secure KIF room, a single key injection operator may perform key injections under the following circumstances:
Q 45 July (update) 2017: Are there scenarios where a single key injection operator can perform key loading? A For injection in a secure KIF room, a single key injection operator may perform key injections under the following circumstances:
Modified
p. 20
Q 45 December 2015: Can an ESO perform key injections using either non-compliant keys and/or non-complaint SCDs and still be considered compliant? A ESOs that inject non-compliant keys into SCDs, or inject keys into non-compliant SCDs can still be considered compliant if the devices in this instance are not intended to acquire transactions of PCI payment brands or affiliates who require compliance to the PCI PIN Security Requirements. Such operations should be considered out of scope of the PCI PIN …
Q 46 December 2015: Can an ESO perform key injections using either non-compliant keys and/or non-complaint SCDs and still be considered compliant? A ESOs that inject non-compliant keys into SCDs, or inject keys into non-compliant SCDs can still be considered compliant if the devices in this instance are not intended to acquire transactions of PCI payment brands or affiliates who require compliance to the PCI PIN Security Requirements. Such operations should be considered out of scope of the PCI PIN …
Modified
p. 21
Q 46 November 2015: Requirement 1-5 details the need for documentation detailing the distributed KIF architecture and key-management flows. Does this only apply to KIF platforms that have a distributed KIF architecture or does it apply to all KIF platforms regardless of architecture. A All KIF platforms are required to meet the requirements detailed in 1-5. Specifically, the KIF Platform provider must:
Q 47 November 2015: Requirement 1-5 details the need for documentation detailing the distributed KIF architecture and key-management flows. Does this only apply to KIF platforms that have a distributed KIF architecture or does it apply to all KIF platforms regardless of architecture. A All KIF platforms are required to meet the requirements detailed in 1-5. Specifically, the KIF Platform provider must:
Modified
p. 21
Q 47 July (update) 2017: PIN Entry Devices (PEDs), PCI approved or otherwise, may have their firmware modified to support usage for key injection. Are these devices considered Secure Cryptographic Devices (SCDs) for PCI purposes? A Modified PEDs, even if previously PCI approved, are not considered SCDs unless validated and approved to the KLD approval class. As such, they are only approved for key injection when performed in conformance with requirement 13 of Annex B. In addition, they are not …
Q 48 July (update) 2017: PIN Entry Devices (PEDs), PCI approved or otherwise, may have their firmware modified to support usage for key injection. Are these devices considered Secure Cryptographic Devices (SCDs) for PCI purposes? A Modified PEDs, even if previously PCI approved, are not considered SCDs unless validated and approved to the KLD approval class. As such, they are only approved for key injection when performed in conformance with requirement 13 of Annex B. In addition, they are not …
Modified
p. 21
Q 48 December 2016: Symmetric keys must be managed in structures called key blocks when stored or transported. Does this apply to symmetric keys that are injected directly from a key loading device (KLD) to a POI or HSM device? A No, the requirement only applies to encrypted symmetric keys that are stored at a transaction host or in a POI device, or are transported over a network connection. It is not intended to apply to keys, encrypted or cleartext, …
Q 49 December 2016: Symmetric keys must be managed in structures called key blocks when stored or transported. Does this apply to symmetric keys that are injected directly from a key loading device (KLD) to a POI or HSM device? A No, the requirement only applies to encrypted symmetric keys that are stored at a transaction host or in a POI device, or are transported over a network connection. It is not intended to apply to keys, encrypted or cleartext, …
Modified
p. 22
Q 49 December 2015: The introductory text to Requirement 29 in Annex B states that secure areas must be established for the inventory of PEDs that have not had keys injected. However, these requirements are not detailed in the ‘numbered’ requirements or have associated testing procedures. How should these be assessed during an assessment? A As noted in the text, this area must have extended walls from the real floor to the real ceiling using sheetrock, wire mesh, or equivalent. …
Q 50 December 2015: The introductory text to Requirement 29 in Annex B states that secure areas must be established for the inventory of PEDs that have not had keys injected. However, these requirements are not detailed in the ‘numbered’ requirements or have associated testing procedures. How should these be assessed during an assessment? A As noted in the text, this area must have extended walls from the real floor to the real ceiling using sheetrock, wire mesh, or equivalent. …
Modified
p. 22
Q 50 November 2018: Only encrypted key loading is allowed for POI v3 or higher devices after 2020 for entities engaged in key injection on behalf of others. Does this apply to manufacturer’s keys? A The PIN requirements are applicable to the keys used in the acquisition and protection of PIN data, and the keys associated with protection of those keys. This includes the following:
Q 51 November 2018: Only encrypted key loading is allowed for POI v3 or higher devices after 2020 for entities engaged in key injection on behalf of others. Does this apply to manufacturer’s keys? A The PIN requirements are applicable to the keys used in the acquisition and protection of PIN data, and the keys associated with protection of those keys. This includes the following:
Modified
p. 22
Q 51 July (update) 2017: When does the injection of clear text secret or private keys or their components to POI devices require the use of a secure room in accordance with requirement 32-10 of Annex B? A A secure room must be used any time clear keys/components appear in unprotected memory outside the tamper protected boundary of an SCD during the process of loading/injecting keys into a SCD.
Q 52 July (update) 2017: When does the injection of clear text secret or private keys or their components to POI devices require the use of a secure room in accordance with requirement 32-10 of Annex B? A A secure room must be used any time clear keys/components appear in unprotected memory outside the tamper protected boundary of an SCD during the process of loading/injecting keys into a SCD.
Modified
p. 23
Q 52 July (update) 2016: Requirement 32 stipulates that a secure area (room) is used for key injection where any secret or private keys or their components appear in unprotected memory during the process of loading/injecting keys into an SCD. The secure area must have walls made of solid materials, and additionally if the solid walls do not extend from the real floor to the real ceiling, the secure area must have extended walls from the real floor to the …
Q 53 July (update) 2016: Requirement 32 stipulates that a secure area (room) is used for key injection where any secret or private keys or their components appear in unprotected memory during the process of loading/injecting keys into an SCD. The secure area must have walls made of solid materials, and additionally if the solid walls do not extend from the real floor to the real ceiling, the secure area must have extended walls from the real floor to the …
Modified
p. 24
Q 53 July 2016: If a caged environment is used to meet requirement 32 for a KIF room, what is the minimum criteria for the fencing materials used? A The fencing shall consist of the following minimums:
Q 54 July 2016: If a caged environment is used to meet requirement 32 for a KIF room, what is the minimum criteria for the fencing materials used? A The fencing shall consist of the following minimums: