Document Comparison
PCI_HSM_Security_Requirements_v1-0.pdf
→
PCI_HSM_Security_Requirements_v2.pdf
60% similar
26 → 37
Pages
7138 → 9824
Words
105
Content Changes
From Revision History
- April 2009 1.0 PCI Initial Release
Content Changes
105 content changes. 48 administrative changes (dates, page numbers) hidden.
Added
p. 3
February 2012 2.x PCI RFC version - Modifications for consistency with PCI POI requirements.
Added
p. 5
This document provides vendors with a list of all the security requirements against which their products will be evaluated in order to obtain Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) device approval.
Scope of the Document This document is part of the evaluation-support set that laboratories require from vendors (details of which can be found in the PCI PTS Device Testing and Approval Guide), and the set may include:
A companion PCI PTS Vendor Questionnaire (where technical details of the device are provided) Product samples Technical support documentation Upon successful compliance testing by the laboratory and approval by the PCI SSC, the PCI PTS HSM device will be listed on the PCI SSC website. Commercial information to be included in the Council s approval must be provided by the vendor to the test laboratory using the forms in the Required Device Information section of this document.
Scope of the Document This document is part of the evaluation-support set that laboratories require from vendors (details of which can be found in the PCI PTS Device Testing and Approval Guide), and the set may include:
A companion PCI PTS Vendor Questionnaire (where technical details of the device are provided) Product samples Technical support documentation Upon successful compliance testing by the laboratory and approval by the PCI SSC, the PCI PTS HSM device will be listed on the PCI SSC website. Commercial information to be included in the Council s approval must be provided by the vendor to the test laboratory using the forms in the Required Device Information section of this document.
Added
p. 6
The updating of attack methodologies that can be considered to reflect a more comprehensive approach; The updating of algorithms and key sizes to be consistent with those stipulated in PTS POI Security Requirements v3; The inclusion of criteria to support remote key-loading techniques using public-key methods to require compliance with PCI-defined criteria for key sizes and mutual authentication between host and device.
Furthermore, this document introduces a two-tier approval structure for HSMs. These tiers differentiate only in the Physical Derived Test Requirements
section as delineated in the PCI PTS HSM Derived Test Requirements. HSMs may be approved as designed for use in controlled environments as defined in ISO 13491-2: Banking Secure cryptographic devices (retail) or approved for use in any operational environment.
Furthermore, this document introduces a two-tier approval structure for HSMs. These tiers differentiate only in the Physical Derived Test Requirements
section as delineated in the PCI PTS HSM Derived Test Requirements. HSMs may be approved as designed for use in controlled environments as defined in ISO 13491-2: Banking Secure cryptographic devices (retail) or approved for use in any operational environment.
Added
p. 7
Evaluation Domains Device characteristics are those attributes of the device that define its physical and its logical (functional) characteristics. The physical security characteristics of the device are those attributes that deter a physical attack on the device, for example, the penetration of the device to determine its key(s) or to plant a sensitive data-disclosing bug within it. Logical security characteristics include those functional capabilities that preclude, for example, allowing the device to output a clear-text PIN- encryption key.
The evaluation of physical security characteristics is very much a value judgment. Virtually any physical barrier can be defeated with sufficient time and effort. Therefore, many of the requirements have minimum attack-calculation values for the identification and initial exploitation of the device based upon factors such as attack time, expertise and equipment required. Given the evolution of attack techniques and technology, the PCI payment brands will periodically review these attack calculations for appropriateness.
Device …
The evaluation of physical security characteristics is very much a value judgment. Virtually any physical barrier can be defeated with sufficient time and effort. Therefore, many of the requirements have minimum attack-calculation values for the identification and initial exploitation of the device based upon factors such as attack time, expertise and equipment required. Given the evolution of attack techniques and technology, the PCI payment brands will periodically review these attack calculations for appropriateness.
Device …
Added
p. 12
A7 Determination of any PCI-related cryptographic key resident in the device or used by the device, by penetration of the device and/or by monitoring emanations from the device (including power fluctuations), requires an attack potential of at least 35 for identification and initial exploitation with a minimum of 15 for exploitationB.
B4 If the HSM implements firmware updates, the device cryptographically authenticates the firmware integrity, and if the authenticity is not confirmed, the firmware update is rejected and deleted.
B6 The HSM must automatically clear or reinitialize its internal buffers that hold sensitive information prior to reuse of the buffer, including when:
B4 If the HSM implements firmware updates, the device cryptographically authenticates the firmware integrity, and if the authenticity is not confirmed, the firmware update is rejected and deleted.
B6 The HSM must automatically clear or reinitialize its internal buffers that hold sensitive information prior to reuse of the buffer, including when:
Added
p. 14
Manual Direct Network Plaintext keys No Yes No Plaintext key components Yes Yes No Enciphered keys Yes Yes Yes If the device generates random numbers in connection with security over sensitive data, the random number generator has been assessed to ensure that it is generating sufficiently unpredictable numbers.
Added
p. 15
B18 The operating system/firmware of the device must contain only the software (components and services) necessary for the intended operation. The operating system/firmware must be configured securely and run with least privilege.
B20 HSMs that are designed to include both a PCI mode and a non-PCI mode must not share secret or private keys between the two modes, must provide indication as to when the HSM is in PCI mode and not in PCI mode, and must require dual authentication when switching between the two modes.
B20 HSMs that are designed to include both a PCI mode and a non-PCI mode must not share secret or private keys between the two modes, must provide indication as to when the HSM is in PCI mode and not in PCI mode, and must require dual authentication when switching between the two modes.
Added
p. 18
D8 Controls exist over the repair process and the inspection/testing process subsequent to repair to ensure that the device has not been subject to unauthorized modification.
Number Description of Requirement Yes No N/A E1 The HSM should be protected from unauthorized modification with tamper-evident security features, and customers shall be provided with documentation (both shipped with the product and available securely online) that provides instruction on validating the authenticity and integrity of the HSM.
Where multiple parties are involved in organizing the shipping, it is the responsibility of each party to ensure that the shipping and storage that they are managing is compliant with this requirement.
E2 Procedures are in place to transfer accountability for the device from the manufacturer to the facility of initial deployment. Where the device is shipped via intermediaries such as resellers, accountability will be with the intermediary from the time at which they receive the device until the …
Number Description of Requirement Yes No N/A E1 The HSM should be protected from unauthorized modification with tamper-evident security features, and customers shall be provided with documentation (both shipped with the product and available securely online) that provides instruction on validating the authenticity and integrity of the HSM.
Where multiple parties are involved in organizing the shipping, it is the responsibility of each party to ensure that the shipping and storage that they are managing is compliant with this requirement.
E2 Procedures are in place to transfer accountability for the device from the manufacturer to the facility of initial deployment. Where the device is shipped via intermediaries such as resellers, accountability will be with the intermediary from the time at which they receive the device until the …
Added
p. 20
E7 Each device shall have a unique visible identifier affixed to it or should be identifiable using secure, cryptographically-protected methods.
E8 The vendor must maintain a manual that provides instructions for the operational management of the HSM. This includes instructions for recording the entire life cycle of the HSM security-related components and of the manner in which those components are integrated into a single HSM, e.g.:
E8 The vendor must maintain a manual that provides instructions for the operational management of the HSM. This includes instructions for recording the entire life cycle of the HSM security-related components and of the manner in which those components are integrated into a single HSM, e.g.:
Added
p. 22
Printed Name At the end of this form under Device Specification Sheet, attach a sheet highlighting device characteristics, including photos. These photos are to include both external and internal pictures of the device. The internal pictures are to be sufficient to show the various components of the device.
Added
p. 25
A violation of the security of a system such that an unauthorized disclosure of sensitive information may have occurred. This includes the unauthorized disclosure, modification, substitution, or use of sensitive data (including plaintext cryptographic keys and other keying material).
Conditional Test A test performed by a cryptographic module when the conditions specified for the test occur.
Critical Functions Those functions that, upon failure, could lead to the disclosure of CSPs. Examples of critical functions include but are not limited to random number generation, cryptographic algorithm operations, and cryptographic bypass.
Cryptographic Boundary An explicitly defined continuous perimeter that establishes the physical bounds of a cryptographic module and contains all the hardware and software components of a cryptographic module.
Dictionary Attack Attack in which an adversary builds a dictionary of plaintext and corresponding ciphertext. When a match can be made between intercepted ciphertext and dictionary-stored ciphertext, the corresponding plaintext is immediately available from the dictionary.
Differential Power …
Conditional Test A test performed by a cryptographic module when the conditions specified for the test occur.
Critical Functions Those functions that, upon failure, could lead to the disclosure of CSPs. Examples of critical functions include but are not limited to random number generation, cryptographic algorithm operations, and cryptographic bypass.
Cryptographic Boundary An explicitly defined continuous perimeter that establishes the physical bounds of a cryptographic module and contains all the hardware and software components of a cryptographic module.
Dictionary Attack Attack in which an adversary builds a dictionary of plaintext and corresponding ciphertext. When a match can be made between intercepted ciphertext and dictionary-stored ciphertext, the corresponding plaintext is immediately available from the dictionary.
Differential Power …
Added
p. 28
Evaluation Laboratory Independent entity that performs a security evaluation of the HSM against the PCI Security Requirements.
IPsec Internet Protocol security is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
Key-distribution host (KDH) A KDH is a processing platform used in conjunction with HSM(s) that generates keys and securely distributes those keys to the EPP or PED and the financial-processing platform communicating with those EPPs/PEDs. A KDH may be an application that operates on the same platform that is used for PIN translation and financial-transaction processing. The KDH may be used in conjunction with other processing activities. A KDH shall not be used for certificate issuance, and must not be used for the …
IPsec Internet Protocol security is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
Key-distribution host (KDH) A KDH is a processing platform used in conjunction with HSM(s) that generates keys and securely distributes those keys to the EPP or PED and the financial-processing platform communicating with those EPPs/PEDs. A KDH may be an application that operates on the same platform that is used for PIN translation and financial-transaction processing. The KDH may be used in conjunction with other processing activities. A KDH shall not be used for certificate issuance, and must not be used for the …
Added
p. 31
Key-Loading Device A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.
Message Authentication Code (MAC) A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of data (example: a Hash-Based Message Authentication Code).
Opaque Impenetrable by light (i.e., light within the visible spectrum of wavelength range of 400nm to 750nm); neither transparent nor translucent within the visible spectrum.
Operator An individual accessing a cryptographic module or a process (subject) operating on behalf of the individual, regardless of the assumed role.
PRNG Pseudo-random number generator.
PROM Programmable read-only memory.
Removable Cover A part of a cryptographic module s enclosure that permits physical access to the contents of the module.
RNG Random number generator.
ROM Read-only memory.
Salt A random string that is concatenated with other data prior to being operated on by a …
Message Authentication Code (MAC) A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of data (example: a Hash-Based Message Authentication Code).
Opaque Impenetrable by light (i.e., light within the visible spectrum of wavelength range of 400nm to 750nm); neither transparent nor translucent within the visible spectrum.
Operator An individual accessing a cryptographic module or a process (subject) operating on behalf of the individual, regardless of the assumed role.
PRNG Pseudo-random number generator.
PROM Programmable read-only memory.
Removable Cover A part of a cryptographic module s enclosure that permits physical access to the contents of the module.
RNG Random number generator.
ROM Read-only memory.
Salt A random string that is concatenated with other data prior to being operated on by a …
Added
p. 34
Secure Cryptoprocessor A secure cryptoprocessor is a dedicated computer on a chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures that give it a degree of tamper resistance.
Secure Key Loader A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.
Security Policy A description of how the specific module meets these security requirements, including the rules derived from this standard and additional rules imposed by the vendor.
SHA-1 Secure Hash Algorithm. SHA-1 produces a 160-bit message digest.
SHA-2 A set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA- 512). SHA-2 consists of a set of four hash functions with digests that are 224, 256, 384 or 512 bits.
SSL Secure Sockets Layer.
Status Information Information that is output from a cryptographic module for the purposes of indicating certain …
Secure Key Loader A self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.
Security Policy A description of how the specific module meets these security requirements, including the rules derived from this standard and additional rules imposed by the vendor.
SHA-1 Secure Hash Algorithm. SHA-1 produces a 160-bit message digest.
SHA-2 A set of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA- 512). SHA-2 consists of a set of four hash functions with digests that are 224, 256, 384 or 512 bits.
SSL Secure Sockets Layer.
Status Information Information that is output from a cryptographic module for the purposes of indicating certain …
Added
p. 35
Tamper Detection The automatic determination by a cryptographic module that an attempt has been made to compromise the physical security of the module.
TLS Transport Layer Security.
TOE Target of evaluation.
TLS Transport Layer Security.
TOE Target of evaluation.
Added
p. 37
1. A description of device characteristics 2. External photos 3. Internal photos, sufficient to show the various components of the device
Removed
p. 1
Payment Card Industry (PCI) Hardware Security Module (HSM) Security Requirements Version 1.0
April 2009 Document Changes Date Version Author Description
September 2003 0.5 InfoGard Initial Draft
October 2004 0.6 InfoGard Modifications from vendor feedback
February 2006 0.7 InfoGard Modifications from benchmark evaluation
February 2006 0.8 InfoGard Modifications from lab meeting
March 2008 0.85 Visa Harmonize with PCI PED
November 2008 0.86 PCI Modifications from lab meeting
April 2009 Document Changes Date Version Author Description
September 2003 0.5 InfoGard Initial Draft
October 2004 0.6 InfoGard Modifications from vendor feedback
February 2006 0.7 InfoGard Modifications from benchmark evaluation
February 2006 0.8 InfoGard Modifications from lab meeting
March 2008 0.85 Visa Harmonize with PCI PED
November 2008 0.86 PCI Modifications from lab meeting
Removed
p. 3
• General Information
Modified
p. 4 → 5
PIN processing 3-D Secure Card verification Card production and personalization ATM interchange Cash-card reloading Data integrity Chip-card transaction processing There are many other applications and processes that may utilize general-purpose HSMs, and which may necessitate the adoption of all or a subset of the requirements listed in this document. However this document does not aim to develop a standard for general-purpose HSMs for use outside of applications such as those listed above that are in support of a variety of …
Modified
p. 4 → 7
These HSM security requirements were derived from existing ISO, ANSI, Federal standards and accepted/known good practice recognized by the financial industry applicable to multi-chip products with robust security and assurance characteristics.
These HSM security requirements were derived from existing ISO, ANSI, and NIST standards; and accepted/known good practice recognized by the financial payments industry.
Modified
p. 4 → 8
The HSM components that were evaluated; The security level of the evaluation; That the existing FIPS certification covers the full HSM functionality for all the related requirements.
Removed
p. 5
Data Encryption Algorithm ANXI X3.92 Banking•Retail Financial Services Symmetric Key Management ANSI X9.24 Public Key Cryptography for the Financial Service Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography ANSI X9.42 Triple Data Encryption Algorithm: Modes of Operation ANSI X9.52 Security Requirements for Cryptographic Modules FIPS PUB 140-2 Personal Identification Number (PIN) Management and Security ISO 9564 Information Technology
Removed
p. 5
• Modes of Operation for an n-bit Block Cipher Information Technology
• Hash Functions ISO 10118 Banking•Key Management (Retail) ISO 11568 Information Technology
• Key Management ISO 11770 Banking•Secure Cryptographic Devices (Retail) ISO 13491 Information Technology
• Encryption Algorithms ISO 18033 A Statistical Test Suite for Random and Pseudo-random Number Generators for Cryptographic Applications NIST Special Publication 800-22
PCI Encrypting PIN Pad (EPP) Security Requirements
PCI Encrypting PIN Pad (EPP) Derived Test Requirements
PCI POS PIN Entry Device (PED) Security Requirements
PCI POS PIN Entry Device (PED) Derived Test Requirements
• Hash Functions ISO 10118 Banking•Key Management (Retail) ISO 11568 Information Technology
• Key Management ISO 11770 Banking•Secure Cryptographic Devices (Retail) ISO 13491 Information Technology
• Encryption Algorithms ISO 18033 A Statistical Test Suite for Random and Pseudo-random Number Generators for Cryptographic Applications NIST Special Publication 800-22
PCI Encrypting PIN Pad (EPP) Security Requirements
PCI Encrypting PIN Pad (EPP) Derived Test Requirements
PCI POS PIN Entry Device (PED) Security Requirements
PCI POS PIN Entry Device (PED) Derived Test Requirements
Removed
p. 6
April 2009 HSM Identifier HSM Manufacturer:
Variable “x” Position Description of Variable “x” in the Selected Position
Variable “x” Position Description of Variable “x” in the Selected Position
Modified
p. 6 → 10
Use of “x” represents a request for field to be a Variable 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Firmware Version Number:
Use of x represents a request for field to be a Variable 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Firmware Version Number:
Modified
p. 6 → 10
Application Version Number: (if applicable) Attach to this form a device specification sheet that highlights the device characteristics, including photos of the device. These photos are to include both external and internal pictures of the device. The internal pictures are to be sufficient to show the various components of the device.
Application Version Number: (if applicable) Designed for deployment only in controlled environments as defined in ISO 13491-2? Yes At the end of this form under Device Specification Sheet, attach documentation highlighting device characteristics, including photos. These photos are to include both external and internal pictures of the device. The internal pictures are to be sufficient to show the various components of the device.
Modified
p. 6 → 10
Optional Use of Variables in the HSM Identifier AHardware Version Number • Request for Use of the Variable “x”
Optional Use of Variables in the HSM Identifier AHardware Version Number Request for Use of the Variable x
Modified
p. 6 → 10
Note: The firmware version number may also be subject to the use of variables in a manner consistent with hardware version numbers. See the PCI HSM Testing and Approval Program Guide for more information.
Note: The firmware version number may also be subject to the use of variables in a manner consistent with hardware version numbers. See the PCI PTS Device Testing and Approval Program Guide for more information.
Removed
p. 7
Number Description of Requirement Yes No N/A A1 One of the following A1.x options must be met.
The HSM uses mechanisms that detect tampering attempts and cause the automatic and immediate erasure of all clear-text secret information contained in the HSM, such that it becomes infeasible to recover the secret information.
A2 There is no feasible way to determine any sensitive information by monitoring electro-magnetic emissions, power consumption, or any other internal or external characteristic without an attack potential of at least 25 for identification and initial exploitation as defined in Appendix A of the PCI HSM DTRs.
A3 The HSM design protects against substitution of the HSM such that it is not practical to construct a duplicate from commercially available components. For example, the enclosure is not commonly available.
The HSM uses mechanisms that detect tampering attempts and cause the automatic and immediate erasure of all clear-text secret information contained in the HSM, such that it becomes infeasible to recover the secret information.
A2 There is no feasible way to determine any sensitive information by monitoring electro-magnetic emissions, power consumption, or any other internal or external characteristic without an attack potential of at least 25 for identification and initial exploitation as defined in Appendix A of the PCI HSM DTRs.
A3 The HSM design protects against substitution of the HSM such that it is not practical to construct a duplicate from commercially available components. For example, the enclosure is not commonly available.
Modified
p. 7 → 11
A2 Failure of a single security mechanism does not compromise HSM security. Protection against a threat is based on a combination of at least two independent security mechanisms. If the HSM relies upon visible tamper evidence for protection, the HSM has characteristics such that penetration of the device results in visible tamper evidence that has a high probability of being detected.
Modified
p. 7 → 11
A5 Sensitive functions or information are only used in the protected area(s) of the HSM. Sensitive information and functions dealing with sensitive information are protected from modification or substitution, without requiring an attack potential of at least 26 per HSM for identification and initial exploitation, with a minimum of 13 for initial exploitationA.
Modified
p. 7 → 11
A3 If the device permits access to internal areas (e.g., for service or maintenance), it is not possible using this area to access sensitive data. Immediate access to sensitive data, such as PIN or cryptographic data, is either prevented by the design of the internal areas (e.g., by enclosing components with sensitive data into tamper- resistant/responsive enclosures), and/or it has a mechanism so that accessing internal areas causes the immediate erasure of sensitive data.
Removed
p. 8
The HSM is capable of performing only its designed functions, i.e. there is no hidden functionality. The only approved functions performed by the HSM are those allowed by the policy.
Modified
p. 8 → 11
A4 The security of the HSM is not compromised by altering environmental conditions or operational conditions (for example, subjecting the HSM to temperatures or operating voltages outside the stated operating ranges).
Removed
p. 9
B4À Private and secret key entry is performed using accepted techniques according to the table below:
Key Form Manual Direct Network Plain-text Keys No Yes No Plain-text Key Components Yes Yes No Enciphered Keys Yes Yes Yes ¿ Derived from Federal Information Processing Standard 140-2 (FIPS 140-2)
Key Form Manual Direct Network Plain-text Keys No Yes No Plain-text Key Components Yes Yes No Enciphered Keys Yes Yes Yes ¿ Derived from Federal Information Processing Standard 140-2 (FIPS 140-2)
Modified
p. 9 → 13
The HSM provides secure interfaces that are kept logically separate by distinguishing between data and control for inputs and also between data and status for outputs.
Modified
p. 9 → 14
B14 There is no mechanism in the HSM that would allow the outputting of private or secret clear-text keys, the encryption of a key or PIN under a key that might itself be disclosed, or the transfer of a clear-text key from a component of high security into a component of lesser security. All cryptographic functions implemented shall not output clear-text CSPs to components that could negatively impact security.
Modified
p. 9 → 14
B11 The key-management techniques implemented in the HSM conform to ISO 11568 and/or ANSI X9.24. Key-management techniques must support ANSI TR-31 key-derivation methodology or an equivalent methodology for maintaining the TDEA key bundle.
Removed
p. 10
B8À The random number generator has been assessed to ensure it is generating numbers sufficiently unpredictable.
¿ Derived from Federal Information Processing Standard 140-2 (FIPS 140-2)
¿ Derived from Federal Information Processing Standard 140-2 (FIPS 140-2)
Modified
p. 10 → 13
B2 The HSM s functionality shall not be influenced by logical anomalies such as (but not limited to) unexpected command sequences, unknown commands, commands in a wrong device mode and supplying wrong parameters or data which could result in the HSM outputting clear-text PINs or other sensitive information.
Modified
p. 10 → 13
B3 The firmware, and any changes thereafter, has been inspected and reviewed using a documented process that can be audited and is certified as being free from hidden and unauthorized or undocumented functions.
Modified
p. 10 → 13
The transaction is completed, The HSM has timed out, or The HSM recovers from an error state.
Modified
p. 10 → 14
The HSM ensures that each cryptographic key is only used for a single cryptographic function. It is not possible to encrypt or decrypt any arbitrary data using any PIN-encrypting key or key-encrypting key contained in or protected by the HSM. The HSM does not permit any of the key-usage information to be changed in any way that allows the key to be used in ways that were not possible before the change.
Modified
p. 10 → 14
B12 The HSM ensures that if cryptographic keys within the secure HSM boundary are rendered invalid for any reason (e.g., tamper or long- term absence of applied power), the HSM will fail in a secure manner.
Modified
p. 10 → 14
The HSM uses accepted cryptographic algorithms, modes, and key sizes.
Modified
p. 11 → 13
To ensure that the HSM is operating as designed, the device runs self-tests when powered up and at least once per day to check firmware, security mechanisms for signs of tampering, and whether the HSM is in a compromised state. When specific critical operations are performed, the HSM performs conditional tests. The techniques and actions of the HSM upon failure of a self-test are consistent with those defined in FIPS PUB 140-2.
Number Description of Requirement Yes No N/A To ensure that the HSM is operating as designed, the device runs self-tests when powered up and at least once per day to check firmware (authenticity check), security mechanisms for signs of tampering, and whether the HSM is in a compromised state. When specific critical operations are performed, the HSM performs conditional tests. The techniques and actions of the HSM upon failure of a self-test are consistent with those defined in FIPS PUB …
Modified
p. 11 → 13
Access to sensitive services requires authentication. Sensitive services provide access to the underlying sensitive functions. Sensitive functions are those functions that process sensitive data such as cryptographic keys, PINs, and passwords. Entering or exiting sensitive services shall not reveal or otherwise affect sensitive data.
Modified
p. 11 → 14
B16 The HSM includes cryptographic mechanisms to support secure logging of transactions, data, and events to enable auditing.
Modified
p. 11 → 15
B19 The HSM has the ability to return its unique device ID.
Modified
p. 12 → 17
Number Description of Requirement Yes No N/A C1 Change-control procedures are in place so that any intended change to the physical or functional capabilities of the HSM causes a re- certification of the device under the Physical Security Requirements or the Logical Security Requirements of this document.
Number Description of Requirement Yes No N/A D1 Change-control procedures are in place so that any intended change to the physical or functional capabilities of the HSM causes a re- certification of the device under the Physical Security Requirements or the Logical Security Requirements of this document. Immediate re- certification is not required for changes which purely rectify errors and faults in software in order to make it function as intended and do not otherwise remove, modify, or add functionality.
Modified
p. 12 → 17
D2 The certified firmware is protected and stored in such a manner as to preclude unauthorized modification during its entire manufacturing lifecycle, e.g., using dual control or standardized cryptographic authentication procedures.
Modified
p. 12 → 17
D3 The HSM is assembled in a manner that the components used in the manufacturing process are those components that were certified by the Physical Security Requirements evaluation, and that unauthorized substitutions have not been made.
Modified
p. 12 → 17
D4 Production software (e.g., firmware) that is loaded to devices at the time of manufacture is transported, stored, and used under the principle of dual control, preventing unauthorized modifications and/or substitutions.
Modified
p. 12 → 17
D5 Subsequent to production but prior to shipment from the manufacturer s or reseller s facility, the HSM and any of its components are stored in a protected, access-controlled area or sealed within tamper-evident packaging to prevent undetected unauthorized access to the device or its components.
Modified
p. 12 → 17
D6 If the HSM will be authenticated at the facility of initial deployment by means of secret information placed in the device during manufacturing, this secret information is unique to each HSM, unknown and unpredictable to any person, and installed in the HSM. Secret information is installed under dual control to ensure that it is not disclosed during installation, or the device may use an authenticated public-key method.
Removed
p. 13
D2 Procedures are in place to transfer accountability for the device from the manufacturer to the initial-key-loading facility.
Shipped and stored in tamper-evident packaging; and/or Shipped and stored containing a secret that is immediately and automatically erased if any physical or functional alteration to the device is attempted, that can be verified by the initial-key-loading facility, but that cannot feasibly be determined by unauthorized personnel.
Shipped and stored in tamper-evident packaging; and/or Shipped and stored containing a secret that is immediately and automatically erased if any physical or functional alteration to the device is attempted, that can be verified by the initial-key-loading facility, but that cannot feasibly be determined by unauthorized personnel.
Modified
p. 13 → 19
Where this is not possible, the HSM is shipped from the manufacturer s facility to the facility of initial deployment and stored en route under auditable controls that can account for the location of every HSM at every point in time.
Modified
p. 13 → 19
E3 While in transit from the manufacturer s facility to the facility of initial deployment, the device is:
Removed
p. 14
• General Information This form and the requested information are to be completed and returned along with the completed information in the Manufacturer Self-Assessment Form.
Removed
p. 15
Signature Ç Date Ç Printed Name Ç Title Ç Attach to this form a device-specification sheet that highlights the device characteristics including photos of the device. These photos are to include both external and internal pictures of the device. The internal pictures are to be sufficient to show the various components of the device.
Compliance Declaration Exception
• Form C HSM Manufacturer:
Compliance Declaration Exception
• Form C HSM Manufacturer:
Modified
p. 16 → 23
For any statement, A1-A8, B1-B18, C1-6, or D1-3, for which the answer was a “NO” or an “N/A,” explain why the answer was not “YES.” Explanation
Instructions For any statement, A1-A7, B1-B20, C1, D1-8 or E1-E8, for which the answer was a NO or an N/A, explain why the answer was not YES.
Modified
p. 17 → 24
Asymmetric Key Pair A public key and related private key created by and used with a public key cryptosystem.
Asymmetric Key Pair A public key and related private key created by and used with a public-key cryptosystem.
Modified
p. 17 → 24
Authentication The verification of the identity of a person or process.
Authentication The process for establishing unambiguously the identity of an entity, process, organization, or person.
Removed
p. 18
A violation of the security of a system such that an unauthorized disclosure of sensitive information may have occurred. This includes the unauthorized disclosure, modification, substitution, or use of sensitive data (including plain- text cryptographic keys and other keying material).
Modified
p. 18 → 25
Clear-text See Plain-Text.
Clear-text See Plaintext.
Modified
p. 18 → 25
The transformation of plaintext data into ciphertext data, The transformation of ciphertext data into plaintext data, A digital signature computed from data, The verification of a digital signature computed from data, An authentication code computed from data, or An exchange agreement of a shared secret.
Modified
p. 18 → 26
Data Encryption Algorithm (DEA) A published encryption algorithm used to protect critical information by enciphering data based upon a variable secret key. The Data Encryption Algorithm is defined in ANSI X3.92: “Data Encryption Algorithm” for encryption and decrypting data.
Data Encryption Algorithm (DEA) A published encryption algorithm used to protect critical information by enciphering data based upon a variable secret key. The Data Encryption Algorithm is defined in ANSI X3.92: Data Encryption Algorithm for encryption and decrypting data.
Modified
p. 18 → 26
Decrypt A process of transforming ciphertext (unreadable) into plain-text (readable).
Decrypt A process of transforming ciphertext (unreadable) into plaintext (readable).
Removed
p. 19
Dictionary Attack Attack in which an adversary builds a dictionary of plain-text and corresponding ciphertext. When a match can be made between intercepted ciphertext and dictionary-stored ciphertext, the corresponding plain-text is immediately available from the dictionary.
Modified
p. 19 → 26
Derivation keys are normally used in a transaction-receiving (e.g., acquirer) TRSM in a one-to-many relationship to derive or decrypt the Transaction (the derived keys) Keys used by a large number of originating (e.g., terminals) TRSMs.
Derivation Key A cryptographic key, which is used to cryptographically compute another key. A derivation key is normally associated with the Derived Unique Key Per Transaction key management method. Derivation keys are normally used in a transaction-receiving (e.g., acquirer) TRSM in a one-to-many relationship to derive or decrypt the Transaction (the derived keys) Keys used by a large number of originating (e.g., terminals) TRSMs.
Modified
p. 19 → 26
Device See Secure Cryptographic Device.
Modified
p. 19 → 27
Dual Control A process of using two or more separate entities (usually persons), operating in concert to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. No single person must be able to access or to use the materials (e.g., cryptographic key). For manual key-generation, conveyance, loading, storage, and retrieval, dual control requires split knowledge of the key among the entities. Also see Split Knowledge.
DTP Detailed Test Procedure DTR Derived Test Requirement Dual Control A process of using two or more separate entities (usually persons), operating in concert to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. No single person must be able to access or to use the materials (e.g., cryptographic key). For manual key-generation, conveyance, loading, storage, and retrieval, dual control requires split knowledge of the key among the entities. …
Modified
p. 19 → 27
Electronic Code Book (ECB) Operation A mode of encryption using a symmetric encryption algorithm, such as DEA, in which each block of data is enciphered or deciphered without using an initial chaining vector or previously (encrypted) data blocks.
Removed
p. 20
EEPROM Electronically Erasable Programmable Read-Only Memory.
Modified
p. 20 → 27
Encrypted Key (Ciphertext Key) A cryptographic key that has been encrypted with a key encrypting key, a PIN, or a password in order to disguise the value of the underlying plain-text key.
Encrypted Key (Ciphertext Key) A cryptographic key that has been encrypted with a key-encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key.
Modified
p. 20 → 27
EPROM Erasable Programmable Read-Only Memory.
EPROM Erasable programmable read-only memory.
Modified
p. 20 → 28
Exclusive-OR Binary addition with no carry, also known as modulo 2 addition, symbolized as “XOR” and defined as:
Exclusive-OR Binary addition with no carry, also known as modulo 2 addition, symbolized as XOR and defined as:
Modified
p. 20 → 28
Hardware (Host) Security Module See Secure Cryptographic Device.
Hardware (Host) Security Module (HSM) See Secure Cryptographic Device.
Modified
p. 20 → 28
It may be used to reduce a potentially long message into a “hash value” or “message digest” which is sufficiently compact to be input into a digital signature algorithm. A “good” hash is such that the results of applying the function to a (large) set of values in a given domain will be evenly (and randomly) distributed over a smaller range.
It may be used to reduce a potentially long message into a hash value or message digest which is sufficiently compact to be input into a digital signature algorithm. A good hash is such that the results of applying the function to a (large) set of values in a given domain will be evenly (and randomly) distributed over a smaller range.
Modified
p. 20 → 29
Integrity Ensuring consistency of data; in particular, preventing unauthorized and undetected creation, alteration, or destruction of data.
Modified
p. 20 → 29
Interface A logical section of a cryptographic device that defines a set of entry or exit points that provide access to the device, including information flow or physical access.
Interface A logical entry or exit point of a cryptographic module that provides access to the module for logical information flows representing physical signals.
Removed
p. 21
IPSEC IP Security Protocol Irreversible Transformation A non-secret process that transforms an input value to produce an output value such that knowledge of the process and the output value does not feasibly allow the input value to be determined.
Key-Loading Device A self-contained unit that is capable of storing at least one plain-text or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.
Key-Loading Device A self-contained unit that is capable of storing at least one plain-text or encrypted cryptographic key or key component that can be transferred, upon request, into a cryptographic module.
Modified
p. 21 → 29
ISO International Organization for Standardization. An international standards accreditation organization.
ISO International Organization for Standardization. An international standards setting organization composed of representatives from various national standards.
Modified
p. 21 → 29
KEK See Key Encrypting Key.
KEK See Key-Encrypting Key.
Modified
p. 21 → 30
Key-Encrypting (Encipherment Or Exchange) Key (KEK) A cryptographic key that is used for the encryption or decryption of other keys. Also known as a key-encryption or key-exchange key.
Modified
p. 21 → 30
Key Instance The occurrence of a key in one of its permissible forms, that is, plain-text key, key components and enciphered key.
Key Instance The occurrence of a key in one of its permissible forms, that is, plaintext key, key components and enciphered key.
Modified
p. 22 → 31
Legitimate Use Ensuring that resources are used only by authorized persons in authorized ways.
Modified
p. 22 → 31
Manual Key Distribution The distribution of cryptographic keys, often in a plain-text form requiring physical protection, but using a non-electronic means, such as a bonded courier.
Manual Key Distribution The distribution of cryptographic keys, often in a plaintext form requiring physical protection, but using a non-electronic means, such as a bonded courier.
Modified
p. 22 → 31
Master Key In a hierarchy of key-encrypting keys and transaction keys, the highest level of key-encrypting key is known as a Master Key. May also be known as Master File Key or Local Master Key, depending on the vendor’s nomenclature.
Master Key In a hierarchy of key-encrypting keys and transaction keys, the highest level of key-encrypting key is known as a Master Key. May also be known as Master File Key or Local Master Key, depending on the vendor s nomenclature.
Removed
p. 23
Personal Identification Number A numeric personal identification code that authenticates a cardholder in an authorization request that originates at a terminal with authorization only or data capture only capability. A PIN consists only of decimal digits.
Modified
p. 23 → 32
PIN-Encipherment Key (PEK) A PEK is a cryptographic key that is used for the encryption or decryption of PINs.
Modified
p. 23 → 32
Plaintext The intelligible form of an encrypted text or of its elements.
Modified
p. 23 → 32
Plaintext Key An unencrypted cryptographic key, which is used in its current form.
Modified
p. 23 → 32
Pseudo-Random A process that is statistically random, and essentially unpredictable, although generated by an algorithmic process.
Modified
p. 24 → 33
RSA Public Key Cryptography Public key cryptosystem that can be used for both encryption and authentication.
Modified
p. 24 → 33
Secret Key A cryptographic key, used with a secret key cryptographic algorithm that is uniquely associated with one or more entities and should not be made public. A secret key (symmetrical) cryptographic algorithm uses a single secret key for both encryption and decryption. The use of the term “secret” in this context does not imply a classification level; rather the term implies the need to protect the key from disclosure or substitution.
Secret Key A cryptographic key, used with a secret key cryptographic algorithm that is uniquely associated with one or more entities and should not be made public. A secret key (symmetrical) cryptographic algorithm uses a single secret key for both encryption and decryption. The use of the term secret in this context does not imply a classification level; rather the term implies the need to protect the key from disclosure or substitution.
Modified
p. 24 → 34
Sensitive (Secret) Data (Information) Data that must be protected against unauthorized disclosure, alteration or destruction, especially plain-text PINs, and secret and private cryptographic keys, and includes design characteristics, status information, and so forth.
Sensitive (Secret) Data (Information) Data that must be protected against unauthorized disclosure, alteration or destruction, especially plaintext PINs, and secret and private cryptographic keys, and includes design characteristics, status information, and so forth.
Removed
p. 25
Tamper-Evident A characteristic that provides evidence that an attack has been attempted. Because merchants and cardholders are not trained to identify tamper- evidence, and it is not expected that there will be frequent inspections by a trained inspector, any tamper-evidence must be very strong. The typical uninformed cardholder and merchant must recognize that the device has been tampered with.
TRSM Tamper-Resistant Security Module: the set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary. Also known as a secure cryptographic device.
TRSM Tamper-Resistant Security Module: the set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary. Also known as a secure cryptographic device.
Modified
p. 25 → 34
Shared Secret The secret information shared between parties after protocol execution. This may consist of one or more session key(s), or it may be a single secret that is input to a key-derivation function to derive session keys.
Modified
p. 25 → 34
Split Knowledge A condition under which two or more entities separately have key components that individually convey no knowledge of the resultant cryptographic key.
Modified
p. 25 → 35
Symmetric (Secret) Key A cryptographic key that is used in symmetric cryptographic algorithms. The same symmetric key that is used for encryption is also used for decryption.
Modified
p. 25 → 35
Tamper-Responsive A characteristic that provides an active response to the detection of an attack, thereby preventing a success.
Tamper-Responsive A characteristic that provides an active response to the detection of an attack.
Modified
p. 25 → 35
Triple Data Encryption Algorithm (TDEA) The algorithm specified in ANSI X9.52, Triple Data Encryption Algorithm Modes of Operation.
Modified
p. 26 → 35
UserID A string of characters that uniquely identifies a user to the system.
Modified
p. 26 → 35
Variant of a Key A new key formed by a process (which need not be secret) with the original key, such that one or more of the non-parity bits of the new key differ from the corresponding bits of the original key. For example exclusive-OR’ing a non- secret constant with the original key.
Variant of a Key A new key formed by a process (which need not be secret) with the original key, such that one or more of the non-parity bits of the new key differ from the corresponding bits of the original key. For example exclusive-OR ing a non- secret constant with the original key.