Financial services — Personal Identification Number (PIN) management and security — Part 1: Basic principles and requirements for PINs in card-based systems — Amendment 1

Services financiers — Gestion et sécurité du numéro personnel d'identification (PIN) — Partie 1: Principes de base et exigences relatifs aux PINs dans les systèmes à carte — Amendement 1

General Information

Status
Withdrawn
Publication Date
04-Mar-2015
Withdrawal Date
04-Mar-2015
Current Stage
9599 - Withdrawal of International Standard
Completion Date
02-Nov-2017
Ref Project

Relations

Buy Standard

Standard
ISO 9564-1:2011/Amd 1:2015
English language
6 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO
STANDARD 9564-1
Third edition
2011-02-15
AMENDMENT 1
2015-03-01
Financial services — Personal
Identification Number (PIN)
management and security —
Part 1:
Basic principles and requirements for
PINs in card-based systems
AMENDMENT 1
Services financiers — Gestion et sécurité du numéro personnel
d’identification (PIN) —
Partie 1: Principes de base et exigences relatifs aux PINs dans les
systèmes à carte
AMENDEMENT 1
Reference number
ISO 9564-1:2011/Amd.1:2015(E)
©
ISO 2015

---------------------- Page: 1 ----------------------
ISO 9564-1:2011/Amd.1:2015(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2015 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 9564-1:2011/Amd.1:2015(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT) see the following URL: Foreword - Supplementary information
The committee responsible for this document is ISO/TC 68, Financial Services, Subcommittee SC 2, Security.
© ISO 2015 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 9564-1:2011/Amd.1:2015(E)

Introduction
Although TDEA is still considered secure for PIN encryption and there are no current plans to migrate
away from TDEA, experience shows that migration to a new PIN encipherment algorithm for the financial
industry can require a very long time. At the same time, there are regional regulatory efforts underway
to introduce AES as an eventual replacement for TDEA. In order to facilitate early adopters and vendors,
it is desirable to establish early on a PIN block format that will ensure long-term interoperability when
using block ciphers with a larger block size than TDEA.
It must be emphasized that no short or medium term move away from TDEA as an approved algorithm
for PIN encipherment is anticipated. It is expected that early adoptions of AES will co-exist with TDEA
implementations for a considerable time, and that TDEA will continue to be widely used in the industry,
and approved as an algorithm for PIN encipherment. See ISO/TR 14742 for guidance on timelines for
TDEA and migration to AES.
This amendment of ISO 9564-1 defines a format for extended PIN blocks together with PIN block security
properties, encipherment and decipherment method, PIN block usage restrictions and translation
restrictions.
iv © ISO 2015 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 9564-1:2011/Amd.1:2015(E)
Financial services — Personal Identification Number (PIN)
management and security —
Part 1:
Basic principles and requirements for PINs in card-
based systems
AMENDMENT 1
1 Scope
This amendment provides the following:
— revisions:
— Introduction;
— 4.2;
— 9.3.6;
— replacements:
— 9.4;
— insertions:
— 9.5. The existing 9.5 shall be renumbered 9.6.
Introduction
Delete the paragraph “Additionally, it is intended to develop an extended PIN block in order to support
the use of block ciphers with longer block lengths and key sizes (e.g. AES).”
4.2 Principles
Insert a new list:
— Any part of a PIN (e.g. individual digit or representations thereof) shall be subject to the same
security requirements as the entire PIN as defined in this part of ISO 9564.
9.3.6 Compact PIN block usage restrictions
Replace the last part of 9.3.6 starting with the text “Table 3 illustrates…”, including Table 3, with “Table 3
in 9.5 illustrates requirements c), d), and f) for PIN block translation restrictions”.
9.4 Extended PIN blocks
9.4.1 General
9.4.2 specifies an extended PIN block format: format 4. Format 4 is constructed using two 128-bit fields
of PIN and PAN data respectively.
When the PIN is to be enciphered using a 128-bit block cipher (e.g. AES), it shall be formatted using the
PIN block format defined in this sub-clause. PIN blocks as defined in this clause shall only be enciphered
© ISO 2015 – All rights reserved 1

---------------------- Page: 5 ----------------------
ISO 9564-1:2011/Amd.1:2015(E)

using 128-bit block ciphers. Keys used for enciphering and deciphering extended PIN blocks shall be
used for no other purpose.
NOTE 1 Support for 128-bit block ciphers does not imply phasing out of block ciphers currently in use, such as
TDEA.
NOTE 2 The longer key length typical of 128-bit block ciphers will require additional adjustments in key
distribution.
NOTE 3 As with PIN block formats 0 and 3, the plain text PAN is required in the encipherment of the PIN data
as well as in the decipherment of the enciphered PIN block. In cases where the PAN is transmitted or stored in
enciphered form, the plain text PAN needs to be recovered prior to usage in the processing of the format 4 PIN block.
9.4.2 Format 4 PIN block
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.