Secure storage units - Classification for high security locks according to their resistance to unauthorized opening - Distributed systems

This document is applicable to Distributed Systems (DS), i.e. high security locks with components which have a wired or wireless connection via a transmission system in order to execute fixed operating conditions using different individually fixed access possibilities.
Products which are to be tested on the basis of this document comply with the generally recognized state of the art at the time of testing. Due to the short innovation cycles in the field of electronic and, in particular, information technology applications, the technical possibilities available at the time of product development should also be taken into account during implementation.
Distributed systems can be used, for example, to operate high security locks of secure storage units (safes and strongrooms).
High security locks (HSL) are used in DS as locking unit.
This document does not apply for stand-alone HSL, which are not part of a distributed system. For these stand-alone HSL EN 1300 is applicable only.
The document will be revised with a frequency of 3 years as the research in the area of cryptography and relevant attacks evolve with high speed as well as the referenced standards.

Wertbehältnisse - Klassifizierung von Hochsicherheitsschlössern nach ihrem Widerstandswert gegen unbefugtes Öffnen - Verteilte Systeme

Dieses Dokument gilt für Verteilte Systeme (VS), d.h. für Hochsicherheitsschlösser mit Komponenten, die über ein drahtgebundenes oder drahtloses Übertragungssystem verbunden sind, um festgelegte Bedienvorgänge unter Nutzung unterschiedlicher, individuell festgelegter Zugriffsmöglichkeiten auszuführen.
Produkte, die auf Basis dieses Dokuments geprüft werden, entsprechen dem zum Zeitpunkt der Prüfung allgemein anerkannten Stand der Technik. Aufgrund der kurzen Innovationszyklen im Bereich elektronischer und insbesondere informationstechnischer Anwendungen sollten auch die zum Zeitpunkt der Produktentwicklung aktuellen technischen Möglichkeiten bei der Realisierung berücksichtigt werden.
Verteilte Systeme können u.a. zur Betätigung von Hochsicherheitsschlössern (HSS) von Wertbehältnissen (Wertschutzschränke und Wertschutzräume) eingesetzt werden.
Hochsicherheitsschlösser (HSS) werden in einem VS als Sperreinheit eingesetzt.
Dieses Dokument gilt nicht für autonom betriebene HSS, die nicht Teil eines Verteilten Systems sind. Für diese autonomen HSS ist nur die EN 1300 anwendbar.
Da sich sowohl die Forschung im Bereich der Kryptographie und relevanter Angriffe als auch in Bezug genommene Normen sehr schnell entwickeln, erfolgt eine Überarbeitung dieses Dokuments alle drei Jahre.

Unités de stockage en lieu sûr - Classification des serrures haute sécurité en fonction de leur résistance à l'effraction - Systèmes répartis

Le présent document s'applique aux Systèmes répartis (DS), c'est-à-dire aux serrures haute sécurité dont les composants possèdent une connexion filaire ou non filaire via un système de transmission afin d'exécuter des états exploitables fixes en utilisant différentes possibilités d'accès fixées individuellement.
Les produits qui sont destinés à être soumis à l'essai sur la base du présent document sont conformes à l'état de l'art généralement reconnu au moment de l'essai. En raison de la brièveté des cycles d'innovation dans le domaine des applications électroniques et, plus particulièrement, des technologies de l'information, il convient également de prendre en compte les possibilités techniques disponibles au moment du développement du produit lors de la mise en œuvre.
Les systèmes répartis peuvent être utilisés, par exemple, pour actionner des serrures haute sécurité d'unités de stockage en lieu sûr (coffres-forts et chambres fortes).
Les Serrures haute sécurité (HSL) sont utilisées dans les DS en tant qu'unité de verrouillage.
Le présent document ne s'applique pas aux HSL autonomes, qui ne font pas partie d'un système réparti. Pour ces HSL autonomes, seule l'EN 1300 s'applique.
Le présent document sera révisé tous les 3 ans, car la recherche dans le domaine de la cryptographie et les effractions correspondantes évoluent très rapidement, ainsi que les normes de référence.

Varnostne shranjevalne enote - Klasifikacija visoko varnostnih ključavnic po odpornosti proti nepooblaščenemu odpiranju - Porazdeljeni sistemi

Ta evropski standard določa zahteve in preskusne postopke za visoko varnostne ključavnice v porazdeljenih sistemih, ki se uporabljajo zlasti v varnostnih shranjevalnih enotah. Porazdeljeni sistem je v skladu z opredelitvijo v tem evropskem standardu sistem, katerega elementi so povezani prek žičnega ali brezžičnega prenosnega sistema. Poleg tega žeton predstavlja porazdeljeni sistem s prenosno razdaljo 15 cm ali več.
Pri pripravi tega standarda so se upoštevale najnovejše zahteve za porazdeljene sisteme.
Ta standard, pa tudi standarde, na katere se sklicuje, je treba kljub temu posodabljati razmeroma pogosto oziroma vsaj vsake 3 leta, saj raziskave na področju kriptografije in zadevni napadi napredujejo zelo hitro. Ker splošni predpisi iz standarda EN 1300 ne zahtevajo tako pogostega posodabljanja, naj se standardi ločijo.

General Information

Status
Published
Publication Date
02-Aug-2022
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
03-Aug-2022
Due Date
29-Aug-2022
Completion Date
03-Aug-2022

Buy Standard

Standard
EN 17646:2022
English language
28 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2022
Varnostne shranjevalne enote - Klasifikacija visoko varnostnih ključavnic po
odpornosti proti nepooblaščenemu odpiranju - Porazdeljeni sistemi
Secure storage units - Classification for high security locks according to their resistance
to unauthorized opening - Distributed systems
Wertbehältnisse - Klassifizierung von Hochsicherheitsschlössern nach ihrem
Widerstandswert gegen unbefugtes Öffnen - Verteilte Systeme
Unités de stockage en lieu sûr - Classification des serrures haute sécurité en fonction de
leur résistance à l'effraction - Systèmes répartis
Ta slovenski standard je istoveten z: EN 17646:2022
ICS:
13.310 Varstvo pred kriminalom Protection against crime
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN 17646
EUROPEAN STANDARD
NORME EUROPÉENNE
August 2022
EUROPÄISCHE NORM
ICS 13.310
English Version
Secure storage units - Classification for high security locks
according to their resistance to unauthorized opening -
Distributed systems
Unités de stockage en lieu sûr - Classification des Wertbehältnisse - Klassifizierung von
serrures haute sécurité en fonction de leur résistance à Hochsicherheitsschlössern nach ihrem
l'effraction - Systèmes répartis Widerstandswert gegen unbefugtes Öffnen - Verteilte
Systeme
This European Standard was approved by CEN on 27 June 2022.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2022 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 17646:2022 E
worldwide for CEN national Members.

Contents Page
European foreword . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Symbols and abbreviations . 8
5 Classification. 8
6 Requirements . 8
6.1 General. 8
6.1.1 General. 8
6.1.2 Construction . 9
6.2 System administration . 10
6.2.1 Administrative procedures . 10
6.2.2 Confirmation of remotely initiated security relevant operating procedures . 10
6.2.3 Information processing system as central operation/administration instance . 11
6.2.4 Authentication of components . 11
6.2.5 Software and firmware . 11
6.2.6 Administration interfaces. 13
6.2.7 Authentication of users. 13
6.2.8 Indication of the blocking status . 14
6.2.9 Recording events . 15
6.2.10 Data traffic in the secured state . 17
6.2.11 Detection of manipulations . 17
6.2.12 Indication of blocking times . 17
6.2.13 Resistance to spying . 17
6.3 Information security . 19
6.3.1 General protection aims . 19
6.3.2 Requirements on cryptography . 19
6.3.3 Other information security measures . 22
6.4 Security requirements . 22
6.4.1 Negative impact by power supply . 22
6.4.2 Resistance against electrical and electromagnetic influences . 22
6.4.3 Resistance against physical environmental influences . 23
6.4.4 Temperature resistance . 23
6.4.5 Reliability . 23
6.5 Extraneous components . 23
6.5.1 Use of extraneous components . 23
6.5.2 Additional components . 23
7 Technical documentation . 23
7.1 General. 23
7.2 Required technical documentation . 23
7.3 Operating instruction . 25
8 Test samples . 26
9 Marking . 26
Annex A (normative) Determination of burglary resistance due to design requirements . 27
A.1 General . 27
A.2 Electronic HSL as a part of a distributed system . 27
Bibliography . 28

European foreword
This document (EN 17646:2022) has been prepared by Technical Committee CEN/TC 263 “Secure
storage of cash, valuables and data media”, the secretariat of which is held by BSI.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by February 2023, and conflicting national standards shall
be withdrawn at the latest by February 2023.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland,
Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North
Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United
Kingdom.
1 Scope
This document is applicable to Distributed Systems (DS), i.e. high security locks with components which
have a wired or wireless connection via a transmission system in order to execute fixed operating
conditions using different individually fixed access possibilities.
Products which are to be tested on the basis of this document comply with the generally recognized state
of the art at the time of testing. Due to the short innovation cycles in the field of electronic and, in
particular, information technology applications, the technical possibilities available at the time of product
development should also be taken into account during implementation.
Distributed systems can be used, for example, to operate high security locks of secure storage units (safes
and strongrooms).
High security locks (HSL) are used in DS as locking unit.
This document does not apply for stand-alone HSL, which are not part of a distributed system. For these
stand-alone HSL EN 1300 is applicable only.
The document will be revised with a frequency of 3 years as the research in the area of cryptography and
relevant attacks evolve with high speed as well as the referenced standards.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
EN 1300, Secure storage units - Classification for high security locks according to their resistance to
unauthorized opening
EN 1143-1, Secure storage units - Requirements, classification and methods of test for resistance to
burglary - Part 1: Safes, ATM safes, strongroom doors and strongrooms
EN 1143-2, Secure storage units - Requirements, classification and methods of tests for resistance to
burglary - Part 2: Deposit systems
EN ISO/IEC 27001, Information technology - Security techniques - Information security management
systems - Requirements (ISO/IEC 27001)
3 Terms and definitions
For the purposes of this document, the terms and definitions given in EN 1300 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at https://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1
remote input unit
rIU
additional component which allows information to be entered from a remote location and is intended for
exclusive use in a distributed system
Note 1 to entry: Input units (IU) are defined in EN 1300.
3.2
condition as supplied
status of a DS or a component of a DS before the first customer-specific modification has been carried out
except for software/firmware updates, which can remain in effect
3.3
authenticity
quality that ensures, for example, that a communication partner is who they claim to be; for authentic
information it is ensured that it was created by the specified source
3.4
authentication factor
category of credential (knowledge factors (e.g. a password), possession factors (e.g. a card) or inherence
fac
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.