1 Scope
This part defines test requirements on hardware, software and safety of SE application manage terminal. Transaction model and process of SE application manage terminal as well as transaction message test are not specified in this part.
This part is applicable to various relevant organizations engaging in mobile payment terminal test.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB 4943 Safety of Information Technology Equipment Including Electrical Business Equipment
GB 5007.1-2010 Information Technology - Chinese Ideogram Coded Character Set (Basic Set) - 24 Dot Matrix Font
GB 5199 15*16 Dot Matrix Font Set of Chinese Ideograms for Information Interchange
GB 9254 Information Technology Equipment - Radio Disturbance Characteristics - Limits and Methods of Measurement
GB 13000.1-1993 Information Technology - Universal Multiple - Octet Coded Character Set (UCS) - Part 1: Architecture and Basic Multilingual Plane
GB 17625.1 The Limits for the Harmonic Current Emissions Caused by Low-voltage Electrical and Electronic Equipment (Equipment Input Current≤16A per Phase)
GB 18030 Information Technology - Chinese Coded Character Set
GB/T 17618 Information Technology Equipment - Immunity Characteristics - Limits and Methods of Measurement
JR/T 0025.11 China Financial Integrated Circuit Card Specifications - Part 11: Contactless Integrated Circuit Card Communication Specification
GA/T 73 Burglary-resistant Mechanical Locks
GB 228-1987 Metallic Tension Experimental Method
3 Terms and Definitions
For the purposes of this document, the following terms and definitions apply.
3.1
terminal master key (TMK)
key used for encrypting terminal working key
3.2
working key (WK)
generally referring to PIN encryption key and MAC calculation key; working key must be often updated; in online updated message, working key must be encrypted by key encryption key (KEK) and transmitted after ciphertext is formed
3.3
key encryption key (KEK)
key encrypting working key when terminal is in working, which is set and directly stored in system hardware by bank personnel, can only be used and cannot be read, and must be put in the same encryption chip as the encryption algorithm
3.4
authentication
process used for verifying identity or confirming information integrity
3.5
sensitive data (information)
data that must be prevented from being illegally disclosed, modified or damaged, especially plaintext PIN, encryption key as well as data containing design features and status information
3.6
encrypting PIN pad (EPP)
device in automatic PIN acceptance device used for PIN security input and encryption; EPP may be equipped with a built-in display screen or card reader, or external display screen or card reader installed in automatic device; EPP has definite physical and logic boundary as well as an enclosure possessing tamper-proofing function or capable of displaying tampering sign
3.7
physical security
capacity in physical construction of equipment for defending against attack
3.8
dual control
mechanism protecting sensitive function or information through team working of more than two independent entities
3.9
firmware
all program codes relevant to equipment security in PIN input equipment, which must meet the security requirements of this specification
3.10
key management
operation to key and relevant parameters within the whole life cycle of key, including generation, storage, injection, application, deletion, destruction, filing, etc.
3.11
knowledge split
a kind of method separating message into many fragments; after separation, the information represented by each fragment is small enough while the information will reappear after combining these fragments again
Foreword i
Introduction iii
1 Scope
2 Normative References
3 Terms and Definitions
4 Test Conditions
5 Test of Hardware of SE Application Manage Terminal
6 Test of Software of SE Application Manage Terminal
7 Test of Security of SE Application Manage Terminal
8 PIN Input Equipment Security Test
Annex A (Normative) Anti-damage Performance
Annex B (Normative) Baffle Design Standard
Annex C (Normative) Calculation Formula of Attack Score