PCI Watch

Tracking changes across the Payment Card Industry

Document Comparison

PTS_HSM_Technical_FAQs_v2_Feb_2017.pdf PTS_HSM_Technical_FAQs_v2_May_2017.pdf
85% similar
22 → 22 Pages
10549 → 10720 Words
5 Content Changes

Content Changes

5 content changes. 9 administrative changes (dates, page numbers) hidden.

Added p. 13
Q 38 May 2017: Several requirements stipulate that if the device is restricted to deployment in Controlled Environments as defined in ISO 13491, then specific restrictions apply in the attack techniques that can be used. If the restrictions preclude any viable attacks for a specific requirement, how must that be presented in the evaluation report? A The report must present attack scenarios as stipulated in the derived test requirements. These must be presented without the restrictions of the Controlled Environment with notation highlighting the steps that are not allowed per the controlled environment restrictions. The report would indicate the attack is feasible if the device is not deployed in a Controlled Environment or a more robust Secure Environment. The device will be noted under both ‘Additional Information’ and within the vendor security policy posted on the PCI website that the device is restricted to use within a Controlled or a …
Modified p. 13
Q 38 September 2015: In the event of tamper, the device must become immediately inoperable and result in the automatic and immediate erasure of any secret information that may be stored in the device, such that it becomes infeasible to recover the secret information. Guidance notes provide that secret or private keys do not need to be zeroized if either or both of the following conditions exist:  If any of these keys are not zeroized, then other mechanisms must …
Q 39 September 2015: In the event of tamper, the device must become immediately inoperable and result in the automatic and immediate erasure of any secret information that may be stored in the device, such that it becomes infeasible to recover the secret information. Guidance notes provide that secret or private keys do not need to be zeroized if either or both of the following conditions exist:  If any of these keys are not zeroized, then other mechanisms must …
Modified p. 13
Q 39 September 2015: A device uses a key that is randomly generated internally in the secure processor to protect other keys. This key is stored in the clear and protected within a register in the same secure processor. The secure processor resides within a secure area of the device. This key is used to encrypt other keys, which are stored encrypted outside the secure processor•e.g., in flash memory that also resides within the secure area of the device. Upon …
Q 40 September 2015: A device uses a key that is randomly generated internally in the secure processor to protect other keys. This key is stored in the clear and protected within a register in the same secure processor. The secure processor resides within a secure area of the device. This key is used to encrypt other keys, which are stored encrypted outside the secure processor•e.g., in flash memory that also resides within the secure area of the device. Upon …
Modified p. 20
Q 16 September 2015: The PCI PIN Security Requirements stipulate that any cryptographic device used in connection with the acquisition of PIN data that is removed from service must have all keys stored within the device destroyed that have been used (or potentially could be) for any cryptographic purpose. If necessary to comply with the above, the device must be physically destroyed so that it cannot be placed into service again, or allow the disclosure of any secret data or …
Q 16 September 2015: The PCI PIN Security Requirements stipulate that any cryptographic device used in connection with the acquisition of PIN data that is removed from service must have all keys stored within the device destroyed that have been used (or potentially could be) for any cryptographic purpose. If necessary to comply with the above, the device must be physically destroyed so that it cannot be placed into service again, or allow the disclosure of any secret data or …
Modified p. 20
Specific menu commands to zeroize stored keys Inducement of a tamper event to zeroize those keys Encryption by a key of equal or greater strength that is itself zeroized, i.e., only cryptograms of the protected keys are recoverable.
Specific menu commands to zeroize stored keys Inducement of a tamper event to zeroize those keys Encryption by a key of equal or greater strength that is itself zeroized, i.e., only cryptograms of the protected keys are recoverable.